]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
14 years agoPCI: fix return value from pcix_get_max_mmrbc()
Dean Nelson [Wed, 10 Mar 2010 03:26:40 +0000 (22:26 -0500)]
PCI: fix return value from pcix_get_max_mmrbc()

commit 25daeb550b69e89aff59bc6a84218a12b5203531 upstream.

For the PCI_X_STATUS register, pcix_get_max_mmrbc() is returning an incorrect
value, which is based on:

(stat & PCI_X_STATUS_MAX_READ) >> 12

Valid return values are 512, 1024, 2048, 4096, which correspond to a 'stat'
(masked and right shifted by 21) of 0, 1, 2, 3, respectively.

A right shift by 11 would generate the correct return value when 'stat' (masked
and right shifted by 21) has a value of 1 or 2. But for a value of 0 or 3 it's
not possible to generate the correct return value by only right shifting.

Fix is based on pcix_get_mmrbc()'s similar dealings with the PCI_X_CMD register.

Signed-off-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofs/partition/msdos: fix unusable extended partition for > 512B sector
OGAWA Hirofumi [Tue, 23 Mar 2010 20:35:50 +0000 (13:35 -0700)]
fs/partition/msdos: fix unusable extended partition for > 512B sector

commit 8e0cc811e0f8029a7225372fb0951fab102c012f upstream.

Smaller size than a minimum blocksize can't be used, after all it's
handled like 0 size.

For extended partition itself, this makes sure to use bigger size than one
logical sector size at least.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Daniel Taylor <Daniel.Taylor@wdc.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofs/partitions/msdos: add support for large disks
Daniel Taylor [Tue, 23 Mar 2010 20:35:50 +0000 (13:35 -0700)]
fs/partitions/msdos: add support for large disks

commit 3fbf586cf7f245392142e5407c2a56f1cff979b6 upstream.

In order to use disks larger than 2TiB on Windows XP, it is necessary to
use 4096-byte logical sectors in an MBR.

Although the kernel storage and functions called from msdos.c used
"sector_t" internally, msdos.c still used u32 variables, which results in
the ability to handle XP-compatible large disks.

This patch changes the internal variables to "sector_t".

Daniel said: "In the near future, WD will be releasing products that need
this patch".

[hirofumi@mail.parknet.co.jp: tweaks and fix]
Signed-off-by: Daniel Taylor <daniel.taylor@wdc.com>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoif_tunnel.h: add missing ams/byteorder.h include
Paulius Zaleckas [Mon, 22 Mar 2010 04:19:02 +0000 (21:19 -0700)]
if_tunnel.h: add missing ams/byteorder.h include

commit 9bf35c8dddd56f7f247a27346f74f5adc18071f4 upstream.

When compiling userspace application which includes
if_tunnel.h and uses GRE_* defines you will get undefined
reference to __cpu_to_be16.

Fix this by adding missing #include <asm/byteorder.h>

Signed-off-by: Paulius Zaleckas <paulius.zaleckas@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agokfifo: fix KFIFO_INIT in include/linux/kfifo.h
David Härdeman [Tue, 23 Mar 2010 20:35:22 +0000 (13:35 -0700)]
kfifo: fix KFIFO_INIT in include/linux/kfifo.h

commit 4c87684d32e8f95715d53039dcd2d998dc63d1eb upstream.

include/linux/kfifo.h first defines and then undefines __kfifo_initializer
which is used by INIT_KFIFO (which is also a macro, so building a module
which uses INIT_KFIFO will fail).

Signed-off-by: David Härdeman <david@hardeman.nu>
Acked-by: Stefani Seibold <stefani@seibold.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosunrpc: handle allocation errors from __rpc_lookup_create()
Dan Carpenter [Sun, 21 Mar 2010 16:10:34 +0000 (12:10 -0400)]
sunrpc: handle allocation errors from __rpc_lookup_create()

commit f1f0abe192a72e75d7c59972e30784d043fd8d73 upstream.

__rpc_lookup_create() can return ERR_PTR(-ENOMEM).

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSUNRPC: Fix a potential memory leak in auth_gss
Trond Myklebust [Fri, 19 Mar 2010 19:36:22 +0000 (15:36 -0400)]
SUNRPC: Fix a potential memory leak in auth_gss

commit cdead7cf12896c0e50a8be2e52de52c364603095 upstream.

The function alloc_enc_pages() currently fails to release the pointer
rqstp->rq_enc_pages in the error path.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: Silence tfds_in_queue message
Adel Gadllah [Sun, 14 Mar 2010 18:16:25 +0000 (19:16 +0100)]
iwlwifi: Silence tfds_in_queue message

commit c8406ea8fa1adde8dc5400127281d497bbcdb84a upstream.

Commit a239a8b47cc0e5e6d7416a89f340beac06d5edaa introduced a
noisy message, that fills up the log very fast.

The error seems not to be fatal (the connection is stable and
performance is ok), so make it IWL_DEBUG_TX rather than IWL_ERR.

Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com>
Acked-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoedac, mce: Filter out invalid values
Borislav Petkov [Tue, 9 Mar 2010 19:38:48 +0000 (20:38 +0100)]
edac, mce: Filter out invalid values

commit 5b89d2f9ace1970324facc68ca9b8fae19ce8096 upstream.

Print the CPU associated with the error only when the field is valid.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agojme: Protect vlgrp structure by pause RX actions.
Guo-Fu Tseng [Wed, 17 Mar 2010 00:09:30 +0000 (00:09 +0000)]
jme: Protect vlgrp structure by pause RX actions.

commit bf5e5360fd1df1ae429ebbd81838d7d0879797d1 upstream.

Temporary stop the RX IRQ, and disable (sync) tasklet or napi.
And restore it after finished the vlgrp pointer assignment.

Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agojme: Fix VLAN memory leak
Guo-Fu Tseng [Wed, 17 Mar 2010 00:09:29 +0000 (00:09 +0000)]
jme: Fix VLAN memory leak

commit 17da69b8bfbe441a33a873ad5dd7d3d85800bf2b upstream.

Fix memory leak while receiving 8021q tagged packet which is not
registered by user.

Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agowl1251: fix potential crash
Grazvydas Ignotas [Thu, 11 Mar 2010 15:45:26 +0000 (17:45 +0200)]
wl1251: fix potential crash

commit 3f60ebc9d6291863652d564bacc430629271e6a9 upstream.

In case debugfs does not init for some reason (or is disabled
on older kernels) driver does not allocate stats.fw_stats
structure, but tries to clear it later and trips on a NULL
pointer:

Unable to handle kernel NULL pointer dereference at virtual address
00000000
PC is at __memzero+0x24/0x80
Backtrace:
[<bf0ddb88>] (wl1251_debugfs_reset+0x0/0x30 [wl1251])
[<bf0d6a2c>] (wl1251_op_stop+0x0/0x12c [wl1251])
[<bf0bc228>] (ieee80211_stop_device+0x0/0x74 [mac80211])
[<bf0b0d10>] (ieee80211_stop+0x0/0x4ac [mac80211])
[<c02deeac>] (dev_close+0x0/0xb4)
[<c02deac0>] (dev_change_flags+0x0/0x184)
[<c031f478>] (devinet_ioctl+0x0/0x704)
[<c0320720>] (inet_ioctl+0x0/0x100)

Add a NULL pointer check to fix this.

Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Acked-by: Kalle Valo <kalle.valo@iki.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agousb: r8a66597-hcd: fix removed from an attached hub
Yoshihiro Shimoda [Tue, 16 Mar 2010 03:29:35 +0000 (12:29 +0900)]
usb: r8a66597-hcd: fix removed from an attached hub

commit d835933436ac0d1e8f5b35fe809fd4e767e55d6e upstream.

fix the problem that when a USB hub is attached to the r8a66597-hcd and
a device is removed from that hub, it's likely that a kernel panic follows.

Reported-by: Markus Pietrek <Markus.Pietrek@emtrion.de>
Signed-off-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: option: add support for a new CMOTECH device to usb/serial/option
Nathaniel McCallum [Thu, 11 Mar 2010 18:09:26 +0000 (13:09 -0500)]
USB: option: add support for a new CMOTECH device to usb/serial/option

commit 3b04872aa75006e2a4adaaec21e9c9ede8b8ad9d upstream.

Signed-off-by: Nathaniel McCallum <nathaniel@natemccallum.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: option: move hardcoded PID to a macro in usb/serial/option
Nathaniel McCallum [Thu, 11 Mar 2010 18:01:17 +0000 (13:01 -0500)]
USB: option: move hardcoded PID to a macro in usb/serial/option

commit bb73ed2a268a29ab1b7d8cc50b5f248578e7e188 upstream.

Signed-off-by: Nathaniel McCallum <nathaniel@natemccallum.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: option: fix incorrect manufacturer name in usb/serial/option: MAXON->CMOTECH
Nathaniel McCallum [Thu, 11 Mar 2010 18:09:24 +0000 (13:09 -0500)]
USB: option: fix incorrect manufacturer name in usb/serial/option: MAXON->CMOTECH

commit eaff4cdc978f414cf7b5441a333de3070d80e9c7 upstream.

Signed-off-by: Nathaniel McCallum <nathaniel@natemccallum.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: serial: ftdi: add CONTEC vendor and product id
Daniel Sangorrin [Thu, 11 Mar 2010 22:10:58 +0000 (14:10 -0800)]
USB: serial: ftdi: add CONTEC vendor and product id

commit dee5658b482e9e2ac7d6205dc876fc11d4008138 upstream.

This is a patch to ftdi_sio_ids.h and ftdi_sio.c that adds identifiers for
CONTEC USB serial converter.  I tested it with the device COM-1(USB)H

[akpm@linux-foundation.org: keep the VIDs sorted a bit]
Signed-off-by: Daniel Sangorrin <daniel.sangorrin@gmail.com>
Cc: Andreas Mohr <andi@lisas.de>
Cc: Radek Liboska <liboska@uochb.cas.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: xHCI: re-initialize cmd_completion
Andiry Xu [Fri, 12 Mar 2010 09:10:04 +0000 (17:10 +0800)]
USB: xHCI: re-initialize cmd_completion

commit 1d68064a7d80da4a7334cab0356162e36229c1a1 upstream.

When a signal interrupts a Configure Endpoint command, the cmd_completion used
in xhci_configure_endpoint() is not re-initialized and the
wait_for_completion_interruptible_timeout() will return failure. Initialize
cmd_completion in xhci_configure_endpoint().

Signed-off-by: Andiry Xu <andiry.xu@amd.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: qcserial: add new device ids
Bernhard Rosenkraenzer [Wed, 10 Mar 2010 11:36:43 +0000 (12:36 +0100)]
USB: qcserial: add new device ids

commit 0725e95ea56698774e893edb7e7276b1d6890954 upstream.

This patch adds various USB device IDs for Gobi 2000 devices, as found in the
drivers available at https://www.codeaurora.org/wiki/GOBI_Releases

Signed-off-by: Bernhard Rosenkraenzer <bero@arklinux.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: EHCI: adjust ehci_iso_stream for changes in ehci_qh
Clemens Ladisch [Mon, 1 Mar 2010 16:18:56 +0000 (17:18 +0100)]
USB: EHCI: adjust ehci_iso_stream for changes in ehci_qh

commit 1082f57abfa26590b60c43f503afb24102a37016 upstream.

The EHCI driver stores in usb_host_endpoint.hcpriv a pointer to either
an ehci_qh or an ehci_iso_stream structure, and uses the contents of the
hw_info1 field to distinguish the two cases.

After ehci_qh was split into hw and sw parts, ehci_iso_stream must also
be adjusted so that it again looks like an ehci_qh structure.

This fixes a NULL pointer access in ehci_endpoint_disable() when it
tries to access qh->hw->hw_info1.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-by: Colin Fletcher <colin.m.fletcher@googlemail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: EHCI: fix ITD list order
Clemens Ladisch [Mon, 1 Mar 2010 08:12:50 +0000 (09:12 +0100)]
USB: EHCI: fix ITD list order

commit 92bc3648e6027384479852b770a542722fadee7c upstream.

When isochronous URBs are shorter than one frame and when more than one
ITD in a frame has been completed before the interrupt can be handled,
scan_periodic() completes the URBs in the order in which they are found
in the descriptor list.  Therefore, the descriptor list must contain the
ITDs in the correct order, i.e., a new ITD must be linked in after any
previous ITDs of the same endpoint.

This should fix garbled capture data in the USB audio drivers.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-by: Colin Fletcher <colin.m.fletcher@googlemail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: fix usbfs regression
Alan Stern [Sat, 6 Mar 2010 20:04:03 +0000 (15:04 -0500)]
USB: fix usbfs regression

commit 7152b592593b9d48b33f8997b1dfd6df9143f7ec upstream.

This patch (as1352) fixes a bug in the way isochronous input data is
returned to userspace for usbfs transfers.  The entire buffer must be
copied, not just the first actual_length bytes, because the individual
packets will be discontiguous if any of them are short.

Reported-by: Markus Rechberger <mrechberger@gmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotty: Take a 256 byte padding into account when buffering below sub-page units
Mel Gorman [Tue, 2 Mar 2010 22:24:19 +0000 (22:24 +0000)]
tty: Take a 256 byte padding into account when buffering below sub-page units

commit 352fa6ad16b89f8ffd1a93b4419b1a8f2259feab upstream.

The TTY layer takes some care to ensure that only sub-page allocations
are made with interrupts disabled. It does this by setting a goal of
"TTY_BUFFER_PAGE" to allocate. Unfortunately, while TTY_BUFFER_PAGE takes the
size of tty_buffer into account, it fails to account that tty_buffer_find()
rounds the buffer size out to the next 256 byte boundary before adding on
the size of the tty_buffer.

This patch adjusts the TTY_BUFFER_PAGE calculation to take into account the
size of the tty_buffer and the padding. Once applied, tty_buffer_alloc()
should not require high-order allocations.

Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotty: Keep the default buffering to sub-page units
Alan Cox [Thu, 18 Feb 2010 16:43:47 +0000 (16:43 +0000)]
tty: Keep the default buffering to sub-page units

commit d9661adfb8e53a7647360140af3b92284cbe52d4 upstream.

We allocate during interrupts so while our buffering is normally diced up
small anyway on some hardware at speed we can pressure the VM excessively
for page pairs. We don't really need big buffers to be linear so don't try
so hard.

In order to make this work well we will tidy up excess callers to request_room,
which cannot itself enforce this break up.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonfsd: ensure sockets are closed on error
Neil Brown [Mon, 1 Mar 2010 03:01:05 +0000 (22:01 -0500)]
nfsd: ensure sockets are closed on error

commit 301e99ce4a2f42a317129230fd42e6cd874c64b0 upstream.

One the changes in commit d7979ae4a "svc: Move close processing to a
single place" is:

  err_delete:
-       svc_delete_socket(svsk);
+       set_bit(SK_CLOSE, &svsk->sk_flags);
        return -EAGAIN;

This is insufficient. The recvfrom methods must always call
svc_xprt_received on completion so that the socket gets re-queued if
there is any more work to do.  This particular path did not make that
call because it actually destroyed the svsk, making requeue pointless.
When the svc_delete_socket was change to just set a bit, we should have
added a call to svc_xprt_received,

This is the problem that b0401d7253 attempted to fix, incorrectly.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoRevert "sunrpc: move the close processing after do recvfrom method"
J. Bruce Fields [Sun, 28 Feb 2010 21:33:31 +0000 (16:33 -0500)]
Revert "sunrpc: move the close processing after do recvfrom method"

commit 1b644b6e6f6160ae35ce4b52c2ca89ed3e356e18 upstream.

This reverts commit b0401d725334a94d57335790b8ac2404144748ee, which
moved svc_delete_xprt() outside of XPT_BUSY, and allowed it to be called
after svc_xpt_recived(), removing its last reference and destroying it
after it had already been queued for future processing.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoRevert "sunrpc: fix peername failed on closed listener"
J. Bruce Fields [Sun, 28 Feb 2010 21:32:51 +0000 (16:32 -0500)]
Revert "sunrpc: fix peername failed on closed listener"

commit f5822754ea006563e1bf0a1f43faaad49c0d8bb2 upstream.

This reverts commit b292cf9ce70d221c3f04ff62db5ab13d9a249ca8.  The
commit that it attempted to patch up,
b0401d725334a94d57335790b8ac2404144748ee, was fundamentally wrong, and
will also be reverted.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoNFS: Prevent another deadlock in nfs_release_page()
Trond Myklebust [Fri, 19 Mar 2010 17:55:17 +0000 (13:55 -0400)]
NFS: Prevent another deadlock in nfs_release_page()

commit d812e575822a2b7ab1a7cadae2571505ec6ec2bd upstream.

We should not attempt to free the page if __GFP_FS is not set. Otherwise we
can deadlock as per

  http://bugzilla.kernel.org/show_bug.cgi?id=15578

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoNFS: Avoid a deadlock in nfs_release_page
Trond Myklebust [Thu, 11 Mar 2010 14:19:35 +0000 (09:19 -0500)]
NFS: Avoid a deadlock in nfs_release_page

commit bb6fbc4548b9ae7ebbd06ef72f00229df259d217 upstream.

J.R. Okajima reports the following deadlock:

INFO: task kswapd0:305 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kswapd0       D 0000000000000001     0   305      2 0x00000000
 ffff88001f21d4f0 0000000000000046 ffff88001fdea680 ffff88001f21c000
 ffff88001f21dfd8 ffff88001f21c000 ffff88001f21dfd8 ffff88001f21dfd8
 ffff88001fdea040 0000000000014c00 0000000000000001 ffff88001fdea040
Call Trace:
 [<ffffffff8146155d>] io_schedule+0x4d/0x70
 [<ffffffff810d2be5>] sync_page+0x65/0xa0
 [<ffffffff81461b12>] __wait_on_bit_lock+0x52/0xb0
 [<ffffffff810d2b80>] ? sync_page+0x0/0xa0
 [<ffffffff810d2b64>] __lock_page+0x64/0x70
 [<ffffffff81070ce0>] ? wake_bit_function+0x0/0x40
 [<ffffffff810df1d4>] truncate_inode_pages_range+0x344/0x4a0
 [<ffffffff810df340>] truncate_inode_pages+0x10/0x20
 [<ffffffff8112cbfe>] generic_delete_inode+0x15e/0x190
 [<ffffffff8112cc8d>] generic_drop_inode+0x5d/0x80
 [<ffffffff8112bb88>] iput+0x78/0x80
 [<ffffffff811bc908>] nfs_dentry_iput+0x38/0x50
 [<ffffffff811285f4>] dentry_iput+0x84/0x110
 [<ffffffff811286ae>] d_kill+0x2e/0x60
 [<ffffffff8112912a>] dput+0x7a/0x170
 [<ffffffff8111e925>] path_put+0x15/0x40
 [<ffffffff811c3a44>] __put_nfs_open_context+0xa4/0xb0
 [<ffffffff811cb5d0>] ? nfs_free_request+0x0/0x50
 [<ffffffff811c3b0b>] put_nfs_open_context+0xb/0x10
 [<ffffffff811cb5f9>] nfs_free_request+0x29/0x50
 [<ffffffff81234b7e>] kref_put+0x8e/0xe0
 [<ffffffff811cb594>] nfs_release_request+0x14/0x20
 [<ffffffff811cf769>] nfs_find_and_lock_request+0x89/0xa0
 [<ffffffff811d1180>] nfs_wb_page+0x80/0x110
 [<ffffffff811c0770>] nfs_release_page+0x70/0x90
 [<ffffffff810d18ee>] try_to_release_page+0x5e/0x80
 [<ffffffff810e1178>] shrink_page_list+0x638/0x860
 [<ffffffff810e19de>] shrink_zone+0x63e/0xc40

We can fix this by making the call to put_nfs_open_context() happen when we
actually remove the write request from the inode (which is done by the
nfsiod thread in this case).

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoNFSv4: Don't ignore the NFS_INO_REVAL_FORCED flag in nfs_revalidate_inode()
Trond Myklebust [Wed, 10 Mar 2010 20:21:44 +0000 (15:21 -0500)]
NFSv4: Don't ignore the NFS_INO_REVAL_FORCED flag in nfs_revalidate_inode()

commit b4d2314bb88b07e5a04e6c75b442a1dfcd60e340 upstream.

If the NFS_INO_REVAL_FORCED flag is set, that means that we don't yet have
an up to date attribute cache. Even if we hold a delegation, we must
put a GETATTR on the wire.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSCSI: scsi_transport_fc: Fix synchronization issue while deleting vport
Gal Rosen [Thu, 21 Jan 2010 08:15:32 +0000 (10:15 +0200)]
SCSI: scsi_transport_fc: Fix synchronization issue while deleting vport

commit 0d9dc7c8b9b7fa0f53647423b41056ee1beed735 upstream.

The issue occur while deleting 60 virtual ports through the sys
interface /sys/class/fc_vports/vport-X/vport_delete. It happen while in
a mistake each request sent twice for the same vport. This interface is
asynchronous, entering the delete request into a work queue, allowing
more than one request to enter to the delete work queue. The result is a
NULL pointer. The first request already delete the vport, while the
second request got a pointer to the vport before the device destroyed.
Re-create vport later cause system freeze.

Solution: Check vport flags before entering the request to the work queue.

[jejb: fixed int<->long problem on spinlock flags variable]
Signed-off-by: Gal Rosen <galr@storwize.com>
Acked-by: James Smart <james.smart@emulex.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodoc: add the documentation for mpol=local
KOSAKI Motohiro [Tue, 23 Mar 2010 20:35:33 +0000 (13:35 -0700)]
doc: add the documentation for mpol=local

commit 5574169613b40b85d6f4c67208fa4846b897a0a1 upstream.

commit 3f226aa1c (mempolicy: support mpol=local tmpfs mount option) added
new mpol=local mount option.  but it didn't add a documentation.

This patch does it.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Ravikiran Thirumalai <kiran@scalex86.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotmpfs: cleanup mpol_parse_str()
KOSAKI Motohiro [Tue, 23 Mar 2010 20:35:32 +0000 (13:35 -0700)]
tmpfs: cleanup mpol_parse_str()

commit 926f2ae04f183098cf9a30521776fb2759c8afeb upstream.

mpol_parse_str() made lots 'err' variable related bug.  Because it is ugly
and reviewing unfriendly.

This patch simplifies it.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Ravikiran Thirumalai <kiran@scalex86.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotmpfs: handle MPOL_LOCAL mount option properly
KOSAKI Motohiro [Tue, 23 Mar 2010 20:35:31 +0000 (13:35 -0700)]
tmpfs: handle MPOL_LOCAL mount option properly

commit 12821f5fb942e795f8009ece14bde868893bd811 upstream.

commit 71fe804b6d5 (mempolicy: use struct mempolicy pointer in
shmem_sb_info) added mpol=local mount option.  but its feature is broken
since it was born.  because such code always return 1 (i.e.  mount
failure).

This patch fixes it.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Ravikiran Thirumalai <kiran@scalex86.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotmpfs: mpol=bind:0 don't cause mount error.
KOSAKI Motohiro [Tue, 23 Mar 2010 20:35:30 +0000 (13:35 -0700)]
tmpfs: mpol=bind:0 don't cause mount error.

commit d69b2e63e9172afb4d07c305601b79a55509ac4c upstream.

Currently, following mount operation cause mount error.

% mount -t tmpfs -ompol=bind:0 none /tmp

Because commit 71fe804b6d5 (mempolicy: use struct mempolicy pointer in
shmem_sb_info) corrupted MPOL_BIND parse code.

This patch restore the needed one.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Ravikiran Thirumalai <kiran@scalex86.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotmpfs: fix oops on mounts with mpol=default
Ravikiran G Thirumalai [Tue, 23 Mar 2010 20:35:28 +0000 (13:35 -0700)]
tmpfs: fix oops on mounts with mpol=default

commit 413b43deab8377819aba1dbad2abf0c15d59b491 upstream.

Fix an 'oops' when a tmpfs mount point is mounted with the mpol=default
mempolicy.

Upon remounting a tmpfs mount point with 'mpol=default' option, the mount
code crashed with a null pointer dereference.  The initial problem report
was on 2.6.27, but the problem exists in mainline 2.6.34-rc as well.  On
examining the code, we see that mpol_new returns NULL if default mempolicy
was requested.  This 'NULL' mempolicy is accessed to store the node mask
resulting in oops.

The following patch fixes it.

Signed-off-by: Ravikiran Thirumalai <kiran@scalex86.org>
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Acked-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoperf probe: Fix probe_point buffer overrun
Masami Hiramatsu [Fri, 12 Mar 2010 23:22:17 +0000 (18:22 -0500)]
perf probe: Fix probe_point buffer overrun

commit 594087a04eea544356f9c52e83c1a9bc380ce80f upstream.

Fix probe_point array-size overrun problem. In some cases (e.g.
inline function), one user-specified probe-point can be
translated to many probe address, and it overruns pre-defined
array-size. This also removes redundant MAX_PROBES macro
definition.

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Cc: systemtap <systemtap@sources.redhat.com>
Cc: DLE <dle-develop@lists.sourceforge.net>
LKML-Reference: <20100312232217.2017.45017.stgit@localhost6.localdomain6>
[ Note that only root can create new probes. Eventually we should remove
  the MAX_PROBES limit, but that is a larger patch not eligible to
  perf/urgent treatment. ]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoperf_event: Fix oops triggered by cpu offline/online
Paul Mackerras [Wed, 10 Mar 2010 09:45:52 +0000 (20:45 +1100)]
perf_event: Fix oops triggered by cpu offline/online

commit 220b140b52ab6cc133f674a7ffec8fa792054f25 upstream.

Anton Blanchard found that he could reliably make the kernel hit a
BUG_ON in the slab allocator by taking a cpu offline and then online
while a system-wide perf record session was running.

The reason is that when the cpu comes up, we completely reinitialize
the ctx field of the struct perf_cpu_context for the cpu.  If there is
a system-wide perf record session running, then there will be a struct
perf_event that has a reference to the context, so its refcount will
be 2.  (The perf_event has been removed from the context's group_entry
and event_entry lists by perf_event_exit_cpu(), but that doesn't
remove the perf_event's reference to the context and doesn't decrement
the context's refcount.)

When the cpu comes up, perf_event_init_cpu() gets called, and it calls
__perf_event_init_context() on the cpu's context.  That resets the
refcount to 1.  Then when the perf record session finishes and the
perf_event is closed, the refcount gets decremented to 0 and the
context gets kfreed after an RCU grace period.  Since the context
wasn't kmalloced -- it's part of a per-cpu variable -- bad things
happen.

In fact we don't need to completely reinitialize the context when the
cpu comes up.  It's sufficient to initialize the context once at boot,
but we need to do it for all possible cpus.

This moves the context initialization to happen at boot time.  With
this, we don't trash the refcount and the context never gets kfreed,
and we don't hit the BUG_ON.

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Tested-by: Anton Blanchard <anton@samba.org>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoperf: Make the install relative to DESTDIR if specified
John Kacur [Thu, 11 Mar 2010 12:57:00 +0000 (13:57 +0100)]
perf: Make the install relative to DESTDIR if specified

commit 7ae5f21361fea11f58c398701da635f778635d13 upstream.

Without this change, the install path is relative to
prefix/DESTDIR where prefix is automatically set to $HOME.

This can produce unexpected results. For example:

  make -C tools/perf DESTDIR=/home/jkacur/tmp install-man

creates the directory: /home/jkacur/home/jkacur/tmp/share/...
instead of the expected: /home/jkacur/tmp/share/...

Signed-off-by: John Kacur <jkacur@redhat.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Tom Zanussi <tzanussi@gmail.com>
Cc: Kyle McMartin <kyle@redhat.com>
LKML-Reference: <1268312220-12880-1-git-send-email-jkacur@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoperf: Provide generic perf_sample_data initialization
Peter Zijlstra [Fri, 19 Mar 2010 01:00:19 +0000 (02:00 +0100)]
perf: Provide generic perf_sample_data initialization

This makes it easier to extend perf_sample_data and fixes a bug on arm
and sparc, which failed to set ->raw to NULL, which can cause crashes
when combined with PERF_SAMPLE_RAW.

It also optimizes PowerPC and tracepoint, because the struct
initialization is forced to zero out the whole structure.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Jean Pihet <jpihet@mvista.com>
Reviewed-by: Frederic Weisbecker <fweisbec@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Cc: Jamie Iles <jamie.iles@picochip.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Stephane Eranian <eranian@google.com>
LKML-Reference: <20100304140100.315416040@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agogigaset: correct range checking off by one error
Tilman Schmidt [Tue, 16 Mar 2010 07:04:01 +0000 (07:04 +0000)]
gigaset: correct range checking off by one error

commit 6ad34145cf809384359fe513481d6e16638a57a3 upstream.

Correct a potential array overrun due to an off by one error in the
range check on the CAPI CONNECT_REQ CIPValue parameter.
Found and reported by Dan Carpenter using smatch.

Impact: bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agogigaset: fix build failure
Tilman Schmidt [Wed, 17 Mar 2010 21:22:07 +0000 (14:22 -0700)]
gigaset: fix build failure

commit 22001a13d09d82772e831dcdac0553994a4bac5d upstream.

Update the dummy LL interface to the LL interface change
introduced by commit daab433c03c15fd642c71c94eb51bdd3f32602c8.
This fixes the build failure occurring after that commit when
enabling ISDN_DRV_GIGASET but neither ISDN_I4L nor ISDN_CAPI.

Impact: bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agogigaset: avoid registering CAPI driver more than once
Tilman Schmidt [Sun, 14 Mar 2010 12:58:05 +0000 (12:58 +0000)]
gigaset: avoid registering CAPI driver more than once

commit bc35b4e347c047fb1c665bb761ddb22482539f7f upstream.

Registering/unregistering the Gigaset CAPI driver when a device is
connected/disconnected causes an Oops when disconnecting two Gigaset
devices in a row, because the same capi_driver structure gets
unregistered twice. Fix by making driver registration/unregistration
a separate operation (empty in the ISDN4Linux case) called when the
main module is loaded/unloaded.

Impact: bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Acked-by: Karsten Keil <keil@b1-systems.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agogigaset: prune use of tty_buffer_request_room
Tilman Schmidt [Sun, 14 Mar 2010 12:58:05 +0000 (12:58 +0000)]
gigaset: prune use of tty_buffer_request_room

commit 873a69a358a6b393fd8d9d92e193ec8895cac4d7 upstream.

Calling tty_buffer_request_room() before tty_insert_flip_string()
is unnecessary, costs CPU and for big buffers can mess up the
multi-page allocation avoidance.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Acked-by: Karsten Keil <keil@b1-systems.de>
CC: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agogigaset: correct clearing of at_state strings on RING
Tilman Schmidt [Sun, 14 Mar 2010 12:58:05 +0000 (12:58 +0000)]
gigaset: correct clearing of at_state strings on RING

commit 3a0a3a6b92edf181f849ebd8417122392ba73a96 upstream.

In RING handling, clear the table of received parameter strings in
a loop like everywhere else, instead of by enumeration which had
already gotten out of sync.

Impact: minor bugfix
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Acked-by: Karsten Keil <keil@b1-systems.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: cmipci: work around invalid PCM pointer
Clemens Ladisch [Wed, 24 Mar 2010 06:10:54 +0000 (07:10 +0100)]
ALSA: cmipci: work around invalid PCM pointer

commit 1c583063a5c769fe2ec604752e383972c69e6d9b upstream.

When the CMI8738 FRAME2 register is read, the chip sometimes (probably
when wrapping around) returns an invalid value that would be outside the
programmed DMA buffer. This leads to an inconsistent PCM pointer that is
likely to result in an underrun.

To work around this, read the register multiple times until we get a
valid value; the error state seems to be very short-lived.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-and-tested-by: Matija Nalis <mnalis-alsadev@voyager.hr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda: Fix 0 dB offset for HP laptops using CX20551 (Waikiki)
Daniel T Chen [Sun, 21 Mar 2010 22:34:43 +0000 (18:34 -0400)]
ALSA: hda: Fix 0 dB offset for HP laptops using CX20551 (Waikiki)

commit 025f206c9e0f96cc41567b01c07fb852d8900da1 upstream.

BugLink: https://launchpad.net/bugs/420578
The OR has verified that his hardware distorts because of the 0 dB
offset not corresponding to the highest PCM level. Fix this by capping
said PCM level to 0 dB similarly to what we do for CX20549 (Venice).

Reported-by: Mike Pontillo <pontillo@gmail.com>
Tested-by: Mike Pontillo <pontillo@gmail.com>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Fix secondary ADC of ALC260 basic model
Takashi Iwai [Mon, 15 Mar 2010 08:07:52 +0000 (09:07 +0100)]
ALSA: hda - Fix secondary ADC of ALC260 basic model

commit 9c4cc0bdede1c39bde60a0d5d9251aac71fbe719 upstream.

Fix adc_nids[] for ALC260 basic model to match with num_adc_nids.
Otherwise you get an invalid NID in the secondary "Input Source" mixer
element.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Disable MSI for Nvidia controller
Takashi Iwai [Mon, 15 Mar 2010 14:51:53 +0000 (15:51 +0100)]
ALSA: hda - Disable MSI for Nvidia controller

commit 80c43ed724797627d8f86855248c497a6161a214 upstream.

Judging from the member of enable_msi white-list, Nvidia controller
seems to cause troubles with MSI enabled, e.g. boot hang up or other
serious issue may come up.  It's safer to disable MSI as default for
Nvidia controllers again for now.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda: Use LPIB and 6stack-dig for eMachines T5212
Daniel T Chen [Mon, 15 Mar 2010 03:44:03 +0000 (23:44 -0400)]
ALSA: hda: Use LPIB and 6stack-dig for eMachines T5212

commit 572c0e3c73341755f3e7dfaaef6b26df12bd709c upstream.

BugLink: https://bugs.launchpad.net/bugs/538895
The OR has verified that both position_fix=1 and model=6stack-dig are
necessary to have capture function properly. (The existing 3stack-6ch
model quirk seems to be incorrect.)

Reported-by: Reuben Bailey <reuben.e.bailey@gmail.com>
Tested-by: Reuben Bailey <reuben.e.bailey@gmail.com>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosched: Fix SCHED_MC regression caused by change in sched cpu_power
Suresh Siddha [Thu, 11 Mar 2010 08:45:44 +0000 (09:45 +0100)]
sched: Fix SCHED_MC regression caused by change in sched cpu_power

commit dd5feea14a7de4edbd9f36db1a2db785de91b88d upstream

On platforms like dual socket quad-core platform, the scheduler load
balancer is not detecting the load imbalances in certain scenarios. This
is leading to scenarios like where one socket is completely busy (with
all the 4 cores running with 4 tasks) and leaving another socket
completely idle. This causes performance issues as those 4 tasks share
the memory controller, last-level cache bandwidth etc. Also we won't be
taking advantage of turbo-mode as much as we would like, etc.

Some of the comparisons in the scheduler load balancing code are
comparing the "weighted cpu load that is scaled wrt sched_group's
cpu_power" with the "weighted average load per task that is not scaled
wrt sched_group's cpu_power". While this has probably been broken for a
longer time (for multi socket numa nodes etc), the problem got aggrevated
via this recent change:

|
|  commit f93e65c186ab3c05ce2068733ca10e34fd00125e
|  Author: Peter Zijlstra <a.p.zijlstra@chello.nl>
|  Date:   Tue Sep 1 10:34:32 2009 +0200
|
|  sched: Restore __cpu_power to a straight sum of power
|

Also with this change, the sched group cpu power alone no longer reflects
the group capacity that is needed to implement MC, MT performance
(default) and power-savings (user-selectable) policies.

We need to use the computed group capacity (sgs.group_capacity, that is
computed using the SD_PREFER_SIBLING logic in update_sd_lb_stats()) to
find out if the group with the max load is above its capacity and how
much load to move etc.

Reported-by: Ma Ling <ling.ma@intel.com>
Initial-Analysis-by: Zhang, Yanmin <yanmin_zhang@linux.intel.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
[ -v2: build fix ]
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <1266970432.11588.22.camel@sbs-t61.sc.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
14 years agoperf annotate: Defer allocating sym_priv->hist array
Arnaldo Carvalho de Melo [Thu, 25 Feb 2010 15:57:40 +0000 (12:57 -0300)]
perf annotate: Defer allocating sym_priv->hist array

commit 628ada0cb03666dd463f7c25947eaccdf440c309 upstream

Because symbol->end is not fixed up at symbol_filter time, only
after all symbols for a DSO are loaded, and that, for asm
symbols, may be bogus, causing segfaults when hits happen in
these symbols.

Backported-from: 628ada0
Reported-by: David Miller <davem@davemloft.net>
Reported-by: Anton Blanchard <anton@samba.org>
Acked-by: David Miller <davem@davemloft.net>
Cc: Frédéric Weisbecker <fweisbec@gmail.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
LKML-Reference: <20100225155740.GB8553@ghostprotocols.net>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agocan: fix bfin_can build error after alloc_candev() change
Barry Song [Mon, 8 Mar 2010 20:13:57 +0000 (12:13 -0800)]
can: fix bfin_can build error after alloc_candev() change

commit e9dcd1613f0ac0b3573b7d813a2c5672cd8302eb upstream.

Looks like commit a6e4bc530403 didn't include updates to drivers so the
Blackfin CAN driver fails to build now.

Signed-off-by: Barry Song <barry.song@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: use dma_alloc_coherent
Stanislaw Gruszka [Wed, 10 Feb 2010 13:07:45 +0000 (05:07 -0800)]
iwlwifi: use dma_alloc_coherent

commit f36d04abe684f9e2b07c6ebe9f77ae20eb5c1e84 upstream.

Change pci_alloc_consistent() to dma_alloc_coherent() so we can use
GFP_KERNEL flag.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agovirtio: fix out of range array access
Michael S. Tsirkin [Thu, 25 Feb 2010 17:08:55 +0000 (19:08 +0200)]
virtio: fix out of range array access

commit 3119815912a220bdac943dfbdfee640414c0c611 upstream.

I have observed the following error on virtio-net module unload:

------------[ cut here ]------------
WARNING: at kernel/irq/manage.c:858 __free_irq+0xa0/0x14c()
Hardware name: Bochs
Trying to free already-free IRQ 0
Modules linked in: virtio_net(-) virtio_blk virtio_pci virtio_ring
virtio af_packet e1000 shpchp aacraid uhci_hcd ohci_hcd ehci_hcd [last
unloaded: scsi_wait_scan]
Pid: 1957, comm: rmmod Not tainted 2.6.33-rc8-vhost #24
Call Trace:
 [<ffffffff8103e195>] warn_slowpath_common+0x7c/0x94
 [<ffffffff8103e204>] warn_slowpath_fmt+0x41/0x43
 [<ffffffff810a7a36>] ? __free_pages+0x5a/0x70
 [<ffffffff8107cc00>] __free_irq+0xa0/0x14c
 [<ffffffff8107cceb>] free_irq+0x3f/0x65
 [<ffffffffa0081424>] vp_del_vqs+0x81/0xb1 [virtio_pci]
 [<ffffffffa0091d29>] virtnet_remove+0xda/0x10b [virtio_net]
 [<ffffffffa0075200>] virtio_dev_remove+0x22/0x4a [virtio]
 [<ffffffff812709ee>] __device_release_driver+0x66/0xac
 [<ffffffff81270ab7>] driver_detach+0x83/0xa9
 [<ffffffff8126fc66>] bus_remove_driver+0x91/0xb4
 [<ffffffff81270fcf>] driver_unregister+0x6c/0x74
 [<ffffffffa0075418>] unregister_virtio_driver+0xe/0x10 [virtio]
 [<ffffffffa0091c4d>] fini+0x15/0x17 [virtio_net]
 [<ffffffff8106997b>] sys_delete_module+0x1c3/0x230
 [<ffffffff81007465>] ? old_ich_force_enable_hpet+0x117/0x164
 [<ffffffff813bb720>] ? do_page_fault+0x29c/0x2cc
 [<ffffffff81028e58>] sysenter_dispatch+0x7/0x27
---[ end trace 15e88e4c576cc62b ]---

The bug is in virtio-pci: we use msix_vector as array index to get irq
entry, but some vqs do not have a dedicated vector so this causes an out
of bounds access.  By chance, we seem to often get 0 value, which
results in this error.

Fix by verifying that vector is legal before using it as index.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Shirley Ma <xma@us.ibm.com>
Acked-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomqueue: fix mq_open() file descriptor leak on user-space processes
André Goddard Rosa [Tue, 23 Feb 2010 07:04:28 +0000 (04:04 -0300)]
mqueue: fix mq_open() file descriptor leak on user-space processes

commit 4294a8eedb17bbc45e1e7447c2a4d05332943248 upstream.

We leak fd on lookup_one_len() failure

Signed-off-by: André Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath9k: add support for 802.11n bonded out AR2427
Luis R. Rodriguez [Thu, 11 Mar 2010 18:58:35 +0000 (10:58 -0800)]
ath9k: add support for 802.11n bonded out AR2427

This is a backport of of upstream commit:

5ffaf8a361b4c9025963959a744f21d8173c7669

Some single chip family devices are sold in the market with
802.11n bonded out, these have no hardware capability for
02.11n but ath9k can still support them. These are called
AR2427.

Reported-by: Rolf Leggewie <bugzilla.kernel.org@rolf.leggewie.biz>
Tested-by: Bernhard Reiter <ockham@raz.or.at>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath9k: fix lockdep warning when unloading module
Ming Lei [Sat, 27 Feb 2010 16:56:24 +0000 (00:56 +0800)]
ath9k: fix lockdep warning when unloading module

commit a9f042cbe5284f34ccff15f3084477e11b39b17b upstream.

Since txq->axq_lock may be hold in softirq context, it must be
acquired with spin_lock_bh() instead of spin_lock() if softieq is
enabled.

The patch fixes the lockdep warning below when unloading ath9k modules.

=================================
[ INFO: inconsistent lock state ]
2.6.33-wl #12
---------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
rmmod/3642 [HC0[0]:SC0[0]:HE1:SE1] takes:
 (&(&txq->axq_lock)->rlock){+.?...}, at: [<ffffffffa03568c3>] ath_tx_node_cleanup+0x62/0x180 [ath9k]
{IN-SOFTIRQ-W} state was registered at:
  [<ffffffff8107577d>] __lock_acquire+0x2f6/0xd35
  [<ffffffff81076289>] lock_acquire+0xcd/0xf1
  [<ffffffff813a7486>] _raw_spin_lock_bh+0x3b/0x6e
  [<ffffffffa0356b49>] spin_lock_bh+0xe/0x10 [ath9k]
  [<ffffffffa0358ec7>] ath_tx_tasklet+0xcd/0x391 [ath9k]
  [<ffffffffa0354f5f>] ath9k_tasklet+0x70/0xc8 [ath9k]
  [<ffffffff8104e601>] tasklet_action+0x8c/0xf4
  [<ffffffff8104f459>] __do_softirq+0xf8/0x1cd
  [<ffffffff8100ab1c>] call_softirq+0x1c/0x30
  [<ffffffff8100c2cf>] do_softirq+0x4b/0xa3
  [<ffffffff8104f045>] irq_exit+0x4a/0x8c
  [<ffffffff813acccc>] do_IRQ+0xac/0xc3
  [<ffffffff813a7d53>] ret_from_intr+0x0/0x16
  [<ffffffff81302d52>] cpuidle_idle_call+0x9e/0xf8
  [<ffffffff81008be7>] cpu_idle+0x62/0x9d
  [<ffffffff81391c1a>] rest_init+0x7e/0x80
  [<ffffffff818bbd38>] start_kernel+0x3e8/0x3f3
  [<ffffffff818bb2bc>] x86_64_start_reservations+0xa7/0xab
  [<ffffffff818bb3b8>] x86_64_start_kernel+0xf8/0x107
irq event stamp: 42037
hardirqs last  enabled at (42037): [<ffffffff813a7b21>] _raw_spin_unlock_irqrestore+0x47/0x56
hardirqs last disabled at (42036): [<ffffffff813a72f4>] _raw_spin_lock_irqsave+0x2b/0x88
softirqs last  enabled at (42000): [<ffffffffa0353ea6>] spin_unlock_bh+0xe/0x10 [ath9k]
softirqs last disabled at (41998): [<ffffffff813a7463>] _raw_spin_lock_bh+0x18/0x6e

other info that might help us debug this:
4 locks held by rmmod/3642:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff8132c10d>] rtnl_lock+0x17/0x19
 #1:  (&wdev->mtx){+.+.+.}, at: [<ffffffffa01e53f2>] cfg80211_netdev_notifier_call+0x28d/0x46d [cfg80211]
 #2:  (&ifmgd->mtx){+.+.+.}, at: [<ffffffffa0260834>] ieee80211_mgd_deauth+0x3f/0x17e [mac80211]
 #3:  (&local->sta_mtx){+.+.+.}, at: [<ffffffffa025a381>] sta_info_destroy_addr+0x2b/0x5e [mac80211]

stack backtrace:
Pid: 3642, comm: rmmod Not tainted 2.6.33-wl #12
Call Trace:
 [<ffffffff81074469>] valid_state+0x178/0x18b
 [<ffffffff81014f94>] ? save_stack_trace+0x2f/0x4c
 [<ffffffff81074e08>] ? check_usage_backwards+0x0/0x88
 [<ffffffff8107458f>] mark_lock+0x113/0x230
 [<ffffffff810757f1>] __lock_acquire+0x36a/0xd35
 [<ffffffff8101018d>] ? native_sched_clock+0x2d/0x5f
 [<ffffffffa03568c3>] ? ath_tx_node_cleanup+0x62/0x180 [ath9k]
 [<ffffffff81076289>] lock_acquire+0xcd/0xf1
 [<ffffffffa03568c3>] ? ath_tx_node_cleanup+0x62/0x180 [ath9k]
 [<ffffffff810732eb>] ? trace_hardirqs_off+0xd/0xf
 [<ffffffff813a7193>] _raw_spin_lock+0x36/0x69
 [<ffffffffa03568c3>] ? ath_tx_node_cleanup+0x62/0x180 [ath9k]
 [<ffffffffa03568c3>] ath_tx_node_cleanup+0x62/0x180 [ath9k]
 [<ffffffff810749ed>] ? trace_hardirqs_on+0xd/0xf
 [<ffffffffa0353950>] ath9k_sta_remove+0x22/0x26 [ath9k]
 [<ffffffffa025a08f>] __sta_info_destroy+0x1ad/0x38c [mac80211]
 [<ffffffffa025a394>] sta_info_destroy_addr+0x3e/0x5e [mac80211]
 [<ffffffffa02605d6>] ieee80211_set_disassoc+0x175/0x180 [mac80211]
 [<ffffffffa026084d>] ieee80211_mgd_deauth+0x58/0x17e [mac80211]
 [<ffffffff813a60c1>] ? __mutex_lock_common+0x37f/0x3a4
 [<ffffffffa01e53f2>] ? cfg80211_netdev_notifier_call+0x28d/0x46d [cfg80211]
 [<ffffffffa026786e>] ieee80211_deauth+0x1e/0x20 [mac80211]
 [<ffffffffa01f47f9>] __cfg80211_mlme_deauth+0x130/0x13f [cfg80211]
 [<ffffffffa01e53f2>] ? cfg80211_netdev_notifier_call+0x28d/0x46d [cfg80211]
 [<ffffffff810732eb>] ? trace_hardirqs_off+0xd/0xf
 [<ffffffffa01f7eee>] __cfg80211_disconnect+0x111/0x189 [cfg80211]
 [<ffffffffa01e5433>] cfg80211_netdev_notifier_call+0x2ce/0x46d [cfg80211]
 [<ffffffff813aa9ea>] notifier_call_chain+0x37/0x63
 [<ffffffff81068c98>] raw_notifier_call_chain+0x14/0x16
 [<ffffffff81322e97>] call_netdevice_notifiers+0x1b/0x1d
 [<ffffffff8132386d>] dev_close+0x6a/0xa6
 [<ffffffff8132395f>] rollback_registered_many+0xb6/0x2f4
 [<ffffffff81323bb8>] unregister_netdevice_many+0x1b/0x66
 [<ffffffffa026494f>] ieee80211_remove_interfaces+0xc5/0xd0 [mac80211]
 [<ffffffffa02580a2>] ieee80211_unregister_hw+0x47/0xe8 [mac80211]
 [<ffffffffa035290e>] ath9k_deinit_device+0x7a/0x9b [ath9k]
 [<ffffffffa035bc26>] ath_pci_remove+0x38/0x76 [ath9k]
 [<ffffffff8120940a>] pci_device_remove+0x2d/0x51
 [<ffffffff8129d797>] __device_release_driver+0x7b/0xd1
 [<ffffffff8129d885>] driver_detach+0x98/0xbe
 [<ffffffff8129ca7a>] bus_remove_driver+0x94/0xb7
 [<ffffffff8129ddd6>] driver_unregister+0x6c/0x74
 [<ffffffff812096d2>] pci_unregister_driver+0x46/0xad
 [<ffffffffa035bae1>] ath_pci_exit+0x15/0x17 [ath9k]
 [<ffffffffa035e1a2>] ath9k_exit+0xe/0x2f [ath9k]
 [<ffffffff8108050a>] sys_delete_module+0x1c7/0x236
 [<ffffffff813a7df5>] ? retint_swapgs+0x13/0x1b
 [<ffffffff810749b5>] ? trace_hardirqs_on_caller+0x119/0x144
 [<ffffffff8109b9f6>] ? audit_syscall_entry+0x11e/0x14a
 [<ffffffff81009bb2>] system_call_fastpath+0x16/0x1b
wlan1: deauthenticating from 00:23:cd:e1:f9:b2 by local choice (reason=3)
PM: Removing info for No Bus:wlan1
cfg80211: Calling CRDA to update world regulatory domain
PM: Removing info for No Bus:rfkill2
PM: Removing info for No Bus:phy1
ath9k 0000:16:00.0: PCI INT A disabled

Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosh: Fix zImage boot using fixed PMB.
Nobuhiro Iwamatsu [Mon, 15 Feb 2010 08:37:50 +0000 (08:37 +0000)]
sh: Fix zImage boot using fixed PMB.

commit 319c2cc761505ee54a9536c5d0b9c2ee3fb33866 upstream.

Signed-off-by: Nobuhiro Iwamatsu <iwamatsu.nobuhiro@renesas.com>
Signed-off-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosparc64: Make prom entry spinlock NMI safe.
David S. Miller [Wed, 3 Mar 2010 17:06:03 +0000 (09:06 -0800)]
sparc64: Make prom entry spinlock NMI safe.

[ Upstream commit 8a4fd1e4922413cfdfa6c51a59efb720d904a5eb ]

If we do something like try to print to the OF console from an NMI
while we're already in OpenFirmware, we'll deadlock on the spinlock.

Use a raw spinlock and disable NMIs when we take it.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agopci: add support for 82576NS serdes to existing SR-IOV quirk
Alexander Duyck [Fri, 19 Feb 2010 17:57:46 +0000 (17:57 +0000)]
pci: add support for 82576NS serdes to existing SR-IOV quirk

commit 7a0deb6bcda98c2a764cb87f1441eef920fd3663 upstream.

This patch adds support for the 82576NS Serdes adapter to the existing pci
quirk for 82576 parts.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86: Add KVM_CAP_X86_ROBUST_SINGLESTEP
Jan Kiszka [Sat, 13 Mar 2010 10:33:47 +0000 (11:33 +0100)]
KVM: x86: Add KVM_CAP_X86_ROBUST_SINGLESTEP

Commit d2be1651b736002e0c76d7095d6c0ba77b4a897c upstream.

This marks the guest single-step API improvement of 94fe45da and
91586a3b with a capability flag to allow reliable detection by user
space.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoV4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()
Francesco Lavra [Thu, 31 Dec 2009 11:47:11 +0000 (08:47 -0300)]
V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()

commit 19f48cb105b7fa18d0dcab435919a3a29b7a7c4c upstream.

this patch fixes a memory leak which occurs when an em28xx card with DVB
extension is unplugged or its DVB extension driver is unloaded. In
dvb_fini(), dev->dvb must be freed before being set to NULL, as is done
in dvb_init() in case of error.
Note that this bug is also present in the latest stable kernel release.

Signed-off-by: Francesco Lavra <francescolavra@interfree.it>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agocoredump: suppress uid comparison test if core output files are pipes
Neil Horman [Fri, 5 Mar 2010 21:44:16 +0000 (13:44 -0800)]
coredump: suppress uid comparison test if core output files are pipes

commit 76595f79d76fbe6267a51b3a866a028d150f06d4 upstream.

Modify uid check in do_coredump so as to not apply it in the case of
pipes.

This just got noticed in testing.  The end of do_coredump validates the
uid of the inode for the created file against the uid of the crashing
process to ensure that no one can pre-create a core file with different
ownership and grab the information contained in the core when they
shouldn' tbe able to.  This causes failures when using pipes for a core
dumps if the crashing process is not root, which is the uid of the pipe
when it is created.

The fix is simple.  Since the check for matching uid's isn't relevant for
pipes (a process can't create a pipe that the uermodehelper code will open
anyway), we can just just skip it in the event ispipe is non-zero

Reverts a pipe-affecting change which was accidentally made in

: commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
: Author:     Ingo Molnar <mingo@elte.hu>
: AuthorDate: Wed Nov 28 13:59:18 2007 +0100
: Commit:     Linus Torvalds <torvalds@woody.linux-foundation.org>
: CommitDate: Wed Nov 28 10:58:01 2007 -0800
:
:     vfs: coredumping fix

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: maximilian attems <max@stro.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotracing: Do not record user stack trace from NMI context
Steven Rostedt [Sat, 13 Mar 2010 01:03:30 +0000 (20:03 -0500)]
tracing: Do not record user stack trace from NMI context

commit b6345879ccbd9b92864fbd7eb8ac48acdb4d6b15 upstream.

A bug was found with Li Zefan's ftrace_stress_test that caused applications
to segfault during the test.

Placing a tracing_off() in the segfault code, and examining several
traces, I found that the following was always the case. The lock tracer
was enabled (lockdep being required) and userstack was enabled. Testing
this out, I just enabled the two, but that was not good enough. I needed
to run something else that could trigger it. Running a load like hackbench
did not work, but executing a new program would. The following would
trigger the segfault within seconds:

  # echo 1 > /debug/tracing/options/userstacktrace
  # echo 1 > /debug/tracing/events/lock/enable
  # while :; do ls > /dev/null ; done

Enabling the function graph tracer and looking at what was happening
I finally noticed that all cashes happened just after an NMI.

 1)               |    copy_user_handle_tail() {
 1)               |      bad_area_nosemaphore() {
 1)               |        __bad_area_nosemaphore() {
 1)               |          no_context() {
 1)               |            fixup_exception() {
 1)   0.319 us    |              search_exception_tables();
 1)   0.873 us    |            }
[...]
 1)   0.314 us    |  __rcu_read_unlock();
 1)   0.325 us    |    native_apic_mem_write();
 1)   0.943 us    |  }
 1)   0.304 us    |  rcu_nmi_exit();
[...]
 1)   0.479 us    |  find_vma();
 1)               |  bad_area() {
 1)               |    __bad_area() {

After capturing several traces of failures, all of them happened
after an NMI. Curious about this, I added a trace_printk() to the NMI
handler to read the regs->ip to see where the NMI happened. In which I
found out it was here:

ffffffff8135b660 <page_fault>:
ffffffff8135b660:       48 83 ec 78             sub    $0x78,%rsp
ffffffff8135b664:       e8 97 01 00 00          callq  ffffffff8135b800 <error_entry>

What was happening is that the NMI would happen at the place that a page
fault occurred. It would call rcu_read_lock() which was traced by
the lock events, and the user_stack_trace would run. This would trigger
a page fault inside the NMI. I do not see where the CR2 register is
saved or restored in NMI handling. This means that it would corrupt
the page fault handling that the NMI interrupted.

The reason the while loop of ls helped trigger the bug, was that
each execution of ls would cause lots of pages to be faulted in, and
increase the chances of the race happening.

The simple solution is to not allow user stack traces in NMI context.
After this patch, I ran the above "ls" test for a couple of hours
without any issues. Without this patch, the bug would trigger in less
than a minute.

Reported-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotracing: Disable buffer switching when starting or stopping trace
Steven Rostedt [Sat, 13 Mar 2010 00:56:00 +0000 (19:56 -0500)]
tracing: Disable buffer switching when starting or stopping trace

commit a2f8071428ed9a0f06865f417c962421c9a6b488 upstream.

When the trace iterator is read, tracing_start() and tracing_stop()
is called to stop tracing while the iterator is processing the trace
output.

These functions disable both the standard buffer and the max latency
buffer. But if the wakeup tracer is running, it can switch these
buffers between the two disables:

  buffer = global_trace.buffer;
  if (buffer)
      ring_buffer_record_disable(buffer);

      <<<--------- swap happens here

  buffer = max_tr.buffer;
  if (buffer)
      ring_buffer_record_disable(buffer);

What happens is that we disabled the same buffer twice. On tracing_start()
we can enable the same buffer twice. All ring_buffer_record_disable()
must be matched with a ring_buffer_record_enable() or the buffer
can be disable permanently, or enable prematurely, and cause a bug
where a reset happens while a trace is commiting.

This patch protects these two by taking the ftrace_max_lock to prevent
a switch from occurring.

Found with Li Zefan's ftrace_stress_test.

Reported-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotracing: Use same local variable when resetting the ring buffer
Steven Rostedt [Sat, 13 Mar 2010 00:48:41 +0000 (19:48 -0500)]
tracing: Use same local variable when resetting the ring buffer

commit 283740c619d211e34572cc93c8cdba92ccbdb9cc upstream.

In the ftrace code that resets the ring buffer it references the
buffer with a local variable, but then uses the tr->buffer as the
parameter to reset. If the wakeup tracer is running, which can
switch the tr->buffer with the max saved buffer, this can break
the requirement of disabling the buffer before the reset.

   buffer = tr->buffer;
   ring_buffer_record_disable(buffer);
   synchronize_sched();
   __tracing_reset(tr->buffer, cpu);

If the tr->buffer is swapped, then the reset is not happening to the
buffer that was disabled. This will cause the ring buffer to fail.

Found with Li Zefan's ftrace_stress_test.

Reported-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotracing: Fix warning in s_next of trace file ops
Lai Jiangshan [Tue, 2 Mar 2010 09:54:50 +0000 (17:54 +0800)]
tracing: Fix warning in s_next of trace file ops

commit ac91d85456372a90af5b85eb6620fd2efb1e431b upstream.

This warning in s_next() can be triggered by lseek():
 [<c018b3f7>] ? s_next+0x77/0x80
 [<c013e3c1>] warn_slowpath_common+0x81/0xa0
 [<c018b3f7>] ? s_next+0x77/0x80
 [<c013e3fa>] warn_slowpath_null+0x1a/0x20
 [<c018b3f7>] s_next+0x77/0x80
 [<c01efa77>] traverse+0x117/0x200
 [<c01eff13>] seq_lseek+0xa3/0x120
 [<c01efe70>] ? seq_lseek+0x0/0x120
 [<c01d7081>] vfs_llseek+0x41/0x50
 [<c01d8116>] sys_llseek+0x66/0xa0
 [<c0102bd0>] sysenter_do_call+0x12/0x26

The iterator "leftover" variable is zeroed in the opening of the trace
file. But lseek can call s_start() which will call s_next() without
reseting the "leftover" variable back to zero, which might trigger
the WARN_ON_ONCE(iter->leftover) that is in s_next().

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
LKML-Reference: <4B8CE06A.9090207@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofunction-graph: Init curr_ret_stack with ret_stack
Steven Rostedt [Sat, 13 Mar 2010 00:41:23 +0000 (19:41 -0500)]
function-graph: Init curr_ret_stack with ret_stack

commit ea14eb714041d40fcc5180b5a586034503650149 upstream.

If the graph tracer is active, and a task is forked but the allocating of
the processes graph stack fails, it can cause crash later on.

This is due to the temporary stack being NULL, but the curr_ret_stack
variable is copied from the parent. If it is not -1, then in
ftrace_graph_probe_sched_switch() the following:

for (index = next->curr_ret_stack; index >= 0; index--)
next->ret_stack[index].calltime += timestamp;

Will cause a kernel OOPS.

Found with Li Zefan's ftrace_stress_test.

Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agohw-breakpoints: Remove stub unthrottle callback
Frederic Weisbecker [Sun, 28 Feb 2010 19:51:15 +0000 (20:51 +0100)]
hw-breakpoints: Remove stub unthrottle callback

commit 1e259e0a9982078896f3404240096cbea01daca4 upstream.

We support event unthrottling in breakpoint events. It means
that if we have more than sysctl_perf_event_sample_rate/HZ,
perf will throttle, ignoring subsequent events until the next
tick.

So if ptrace exceeds this max rate, it will omit events, which
breaks the ptrace determinism that is supposed to report every
triggered breakpoints. This is likely to happen if we set
sysctl_perf_event_sample_rate to 1.

This patch removes support for unthrottling in breakpoint
events to break throttling and restore ptrace determinism.

Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: K.Prasad <prasad@linux.vnet.ibm.com>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86/stacktrace: Don't dereference bad frame pointers
Frederic Weisbecker [Wed, 3 Mar 2010 01:25:22 +0000 (02:25 +0100)]
x86/stacktrace: Don't dereference bad frame pointers

commit 29044ad1509ecc229f1d5a31aeed7a8dc61a71c4 upstream.

Callers of a stacktrace might pass bad frame pointers. Those
are usually checked for safety in stack walking helpers before
any dereferencing, but this is not the case when we need to go
through one more frame pointer that backlinks the irq stack to
the previous one, as we don't have any reliable address boudaries
to compare this frame pointer against.

This raises crashes when we record callchains for ftrace events
with perf because we don't use the right helpers to capture
registers there. We get wrong frame pointers as we call
task_pt_regs() even on kernel threads, which is a wrong thing
as it gives us the initial state of any kernel threads freshly
created. This is even not what we want for user tasks. What we want
is a hot snapshot of registers when the ftrace event triggers, not
the state before a task entered the kernel.

This requires more thoughts to do it correctly though.
So first put a guardian to ensure the given frame pointer
can be dereferenced to avoid crashes. We'll think about how to fix
the callers in a subsequent patch.

Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86_64, cpa: Don't work hard in preserving kernel 2M mappings when using 4K already
Suresh Siddha [Thu, 18 Feb 2010 19:51:40 +0000 (11:51 -0800)]
x86_64, cpa: Don't work hard in preserving kernel 2M mappings when using 4K already

commit 281ff33b7c1b1ba2a5f9b03425e5f692a94913fa upstream.

We currently enforce the !RW mapping for the kernel mapping that maps
holes between different text, rodata and data sections. However, kernel
identity mappings will have different RWX permissions to the pages mapping to
text and to the pages padding (which are freed) the text, rodata sections.
Hence kernel identity mappings will be broken to smaller pages. For 64-bit,
kernel text and kernel identity mappings are different, so we can enable
protection checks that come with CONFIG_DEBUG_RODATA, as well as retain 2MB
large page mappings for kernel text.

Konrad reported a boot failure with the Linux Xen paravirt guest because of
this. In this paravirt guest case, the kernel text mapping and the kernel
identity mapping share the same page-table pages. Thus forcing the !RW mapping
for some of the kernel mappings also cause the kernel identity mappings to be
read-only resulting in the boot failure. Linux Xen paravirt guest also
uses 4k mappings and don't use 2M mapping.

Fix this issue and retain large page performance advantage for native kernels
by not working hard and not enforcing !RW for the kernel text mapping,
if the current mapping is already using small page mapping.

Reported-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <1266522700.2909.34.camel@sbs-t61.sc.intel.com>
Tested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoring-buffer: Move disabled check into preempt disable section
Lai Jiangshan [Mon, 8 Mar 2010 06:50:43 +0000 (14:50 +0800)]
ring-buffer: Move disabled check into preempt disable section

commit 52fbe9cde7fdb5c6fac196d7ebd2d92d05ef3cd4 upstream.

The ring buffer resizing and resetting relies on a schedule RCU
action. The buffers are disabled, a synchronize_sched() is called
and then the resize or reset takes place.

But this only works if the disabling of the buffers are within the
preempt disabled section, otherwise a window exists that the buffers
can be written to while a reset or resize takes place.

Reported-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
LKML-Reference: <4B949E43.2010906@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath5k: fix setup for CAB queue
Bob Copeland [Thu, 21 Jan 2010 04:51:04 +0000 (23:51 -0500)]
ath5k: fix setup for CAB queue

commit a951ae2176b982574ffa197455db6c89359fd5eb upstream.

The beacon sent gating doesn't seem to work with any combination
of flags.  Thus, buffered frames tend to stay buffered forever,
using up tx descriptors.

Instead, use the DBA gating and hold transmission of the buffered
frames until 80% of the beacon interval has elapsed using the ready
time.  This fixes the following error in AP mode:

   ath5k phy0: no further txbuf available, dropping packet

Add a comment to acknowledge that this isn't the best solution.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath5k: dont use external sleep clock in AP mode
Bob Copeland [Thu, 21 Jan 2010 04:51:03 +0000 (23:51 -0500)]
ath5k: dont use external sleep clock in AP mode

commit 5d6ce628f986d1a3c523cbb0a5a52095c48cc332 upstream.

When using the external sleep clock in AP mode, the
TSF increments too quickly, causing beacon interval
to be much lower than it is supposed to be, resulting
in lots of beacon-not-ready interrupts.

This fixes http://bugzilla.kernel.org/show_bug.cgi?id=14802.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath5k: fix I/Q calibration (for real)
Bruno Randolf [Tue, 9 Mar 2010 07:56:05 +0000 (16:56 +0900)]
ath5k: fix I/Q calibration (for real)

commit 86415d43efd4f7093979cfa8a80232114266f1a4 upstream.

I/Q calibration was completely broken, resulting in a high number of CRC errors
on received packets. before i could see around 10% to 20% CRC errors, with this
patch they are between 0% and 3%.

1.) the removal of the mask in commit "ath5k: Fix I/Q calibration
(f1cf2dbd0f798b71b1590e7aca6647f2caef1649)" resulted in no mask beeing used
when writing the I/Q values into the register. additional errors in the
calculation of the values (see 2.) resulted too high numbers, exceeding the
masks, so wrong values like 0xfffffffe were written. to be safe we should
always use the bitmask when writing parts of a register.

2.) using a (s32) cast for q_coff is a wrong conversion to signed, since we
convert to a signed value later by substracting 128. this resulted in too low
numbers for Q many times, which were limited to -16 by the boundary check later
on.

3.) checked everything against the HAL sources and took over comments and minor
optimizations from there.

4.) we can't use ENABLE_BITS when we want to write a number (the number can
contain zeros). also always write the correction values first and set ENABLE
bit last, like the HAL does.

Signed-off-by: Bruno Randolf <br1@einfach.org>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoi2c-i801: Don't use the block buffer for I2C block writes
Jean Delvare [Sat, 13 Mar 2010 19:56:53 +0000 (20:56 +0100)]
i2c-i801: Don't use the block buffer for I2C block writes

commit c074c39d62306efa5ba7c69c1a1531bc7333d252 upstream.

Experience has shown that the block buffer can only be used for SMBus
(not I2C) block transactions, even though the datasheet doesn't
mention this limitation.

Reported-by: Felix Rubinstein <felixru@gmail.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Oleg Ryjkov <oryjkov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoi2c-powermac: Be less verbose in the absence of real errors.
Jean Delvare [Sat, 13 Mar 2010 19:56:52 +0000 (20:56 +0100)]
i2c-powermac: Be less verbose in the absence of real errors.

commit 8e4b980c28c91cfe9d0ce0431bc0af56e146b49e upstream.

Be less verbose in the absence of real errors. We don't have to report
failed probes to the users, it's only confusing them.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Tested-by: Andrey Gusev <ronne@list.ru>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoInput: i8042 - add ALDI/MEDION netbook E1222 to qurik reset table
Christoph Fritz [Sun, 14 Mar 2010 06:26:23 +0000 (22:26 -0800)]
Input: i8042 - add ALDI/MEDION netbook E1222 to qurik reset table

commit 31968ecf584330b51a25b7bf881c2b632a02a3fb upstream.

ALDI/MEDION netbook E1222 needs to be in the reset quirk list for
its touchpad's proper function.

Reported-by: Michael Fischer <mifi@gmx.de>
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoInput: alps - add support for the touchpad on Toshiba Tecra A11-11L
Thomas Bächler [Wed, 10 Mar 2010 04:38:48 +0000 (20:38 -0800)]
Input: alps - add support for the touchpad on Toshiba Tecra A11-11L

commit eb8bff85c5bd5caef7c374ff32b86545029efb56 upstream.

Signed-off-by: Thomas Bächler <thomas@archlinux.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotimekeeping: Prevent oops when GENERIC_TIME=n
john stultz [Mon, 1 Mar 2010 20:34:43 +0000 (12:34 -0800)]
timekeeping: Prevent oops when GENERIC_TIME=n

commit ad6759fbf35d104dbf573cd6f4c6784ad6823f7e upstream.

Aaro Koskinen reported an issue in kernel.org bugzilla #15366, where
on non-GENERIC_TIME systems, accessing
/sys/devices/system/clocksource/clocksource0/current_clocksource
results in an oops.

It seems the timekeeper/clocksource rework missed initializing the
curr_clocksource value in the !GENERIC_TIME case.

Thanks to Aaro for reporting and diagnosing the issue as well as
testing the fix!

Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: John Stultz <johnstul@us.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
LKML-Reference: <1267475683.4216.61.camel@localhost.localdomain>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Fix input source elements of secondary ADCs on Realtek
Takashi Iwai [Mon, 8 Mar 2010 11:13:07 +0000 (12:13 +0100)]
ALSA: hda - Fix input source elements of secondary ADCs on Realtek

commit 5311114d4867113c00f78829d4ce14be458ec925 upstream.

Since alc_auto_create_input_ctls() doesn't set the elements for the
secondary ADCs, "Input Source" elemtns for these also get empty, resulting
in buggy outputs of alsactl like:
control.14 {
comment.access 'read write'
comment.type ENUMERATED
comment.count 1
iface MIXER
name 'Input Source'
index 1
value 0
}

This patch fixes alc_mux_enum_*() (and others) to fall back to the
first entry if the secondary input mux is empty.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Sound MSI fallout on a Asus mobo NVIDIA MCP55
Ralf Gerbig [Tue, 9 Mar 2010 17:25:47 +0000 (18:25 +0100)]
ALSA: hda - Sound MSI fallout on a Asus mobo NVIDIA MCP55

commit ecd216260f87dd8c14b2580a16f055554644bbea upstream.

without the following patch audio ssttuutteerrs on
ASUS M2N32-SLI PREMIUM ACPI BIOS Revision 1304
the sound device is:
00:0e.1 Audio device: nVidia Corporation MCP55 High Definition Audio (rev a2)
worked with 2.6.32

Signed-off-by: Ralf Gerbig <rge@quengel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotg3: Fix tg3_poll_controller() passing wrong pointer to tg3_interrupt()
Louis Rilling [Tue, 9 Mar 2010 06:14:41 +0000 (06:14 +0000)]
tg3: Fix tg3_poll_controller() passing wrong pointer to tg3_interrupt()

commit fe234f0e5cbb880792d2d1ac0743cf8c07e9dde3 upstream.

Commit 09943a1819a240ff4a72f924d0038818fcdd0a90
Author: Matt Carlson <mcarlson@broadcom.com>
Date:   Fri Aug 28 14:01:57 2009 +0000

tg3: Convert ISR parameter to tnapi

forgot to update tg3_poll_controller(), leading to intermittent crashes with
netpoll.

Fix this.

Signed-off-by: Louis Rilling <louis.rilling@kerlabs.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: Fix HT rate control configuration
Sujith [Mon, 1 Mar 2010 09:12:57 +0000 (14:42 +0530)]
mac80211: Fix HT rate control configuration

commit 4fa004373133ece3d9b1c0a7e243b0e53760b165 upstream.

Handling HT configuration changes involved setting the channel
with the new HT parameters and then issuing a rate_update()
notification to the driver.

This behavior changed after the off-channel changes. Now, the channel
is not updated with the new HT params in enable_ht() - instead, it
is now done when the scan work terminates. This results in the driver
depending on stale information, defaulting to non-HT mode always.

Fix this by passing the new channel type to the driver.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoARM: Fix decompressor's kernel size estimation for ROM=y
Russell King [Thu, 25 Feb 2010 23:56:38 +0000 (23:56 +0000)]
ARM: Fix decompressor's kernel size estimation for ROM=y

commit 98e12b5a6e05413420a7e3b3eca7fbfc2ff41b6d upstream.

Commit 2552fc2 changed the way the decompressor decides if it is safe
to decompress the kernel directly to its final location.  Unfortunately,
it took the top of the compressed data as being the stack pointer,
which it is for ROM=n cases.  However, for ROM=y, the stack pointer
is not relevant, and results in the wrong answer.

Fix this by explicitly storing the end of the biggybacked data in the
decompressor, and use that to calculate the compressed image size.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodecompress: fix new decompressor for PIC
Russell King [Wed, 10 Mar 2010 23:23:53 +0000 (15:23 -0800)]
decompress: fix new decompressor for PIC

commit 5ceaa2f39bfa73c4398cd01e78f1c3ebde3d3383 upstream.

The ARM kernel decompressor wants to be able to relocate r/w data
independently from the rest of the image, and we do this by ensuring that
r/w data has global visibility.  Define STATIC_RW_DATA to be empty to
achieve this.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: Alain Knaff <alain@knaff.lu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrivers/scsi/ses.c: eliminate double free
Julia Lawall [Wed, 10 Mar 2010 23:20:42 +0000 (15:20 -0800)]
drivers/scsi/ses.c: eliminate double free

commit 9b3a6549b2602ca30f58715a0071e29f9898cae9 upstream.

The few lines below the kfree of hdr_buf may go to the label err_free
which will also free hdr_buf.  The most straightforward solution seems to
be to just move the kfree of hdr_buf after these gotos.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@r@
identifier E;
expression E1;
iterator I;
statement S;
@@

*kfree(E);
... when != E = E1
    when != I(E,...) S
    when != &E
*kfree(E);
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoLinux 2.6.33.1 v2.6.33.1
Greg Kroah-Hartman [Mon, 15 Mar 2010 16:09:39 +0000 (09:09 -0700)]
Linux 2.6.33.1

14 years agox86, mm: Allow highmem user page tables to be disabled at boot time
Ian Campbell [Wed, 17 Feb 2010 10:38:10 +0000 (10:38 +0000)]
x86, mm: Allow highmem user page tables to be disabled at boot time

commit 14315592009c17035cac81f4954d5a1f4d71e489 upstream.

Distros generally (I looked at Debian, RHEL5 and SLES11) seem to
enable CONFIG_HIGHPTE for any x86 configuration which has highmem
enabled. This means that the overhead applies even to machines which
have a fairly modest amount of high memory and which therefore do not
really benefit from allocating PTEs in high memory but still pay the
price of the additional mapping operations.

Running kernbench on a 4G box I found that with CONFIG_HIGHPTE=y but
no actual highptes being allocated there was a reduction in system
time used from 59.737s to 55.9s.

With CONFIG_HIGHPTE=y and highmem PTEs being allocated:
  Average Optimal load -j 4 Run (std deviation):
  Elapsed Time 175.396 (0.238914)
  User Time 515.983 (5.85019)
  System Time 59.737 (1.26727)
  Percent CPU 263.8 (71.6796)
  Context Switches 39989.7 (4672.64)
  Sleeps 42617.7 (246.307)

With CONFIG_HIGHPTE=y but with no highmem PTEs being allocated:
  Average Optimal load -j 4 Run (std deviation):
  Elapsed Time 174.278 (0.831968)
  User Time 515.659 (6.07012)
  System Time 55.9 (1.07799)
  Percent CPU 263.8 (71.266)
  Context Switches 39929.6 (4485.13)
  Sleeps 42583.7 (373.039)

This patch allows the user to control the allocation of PTEs in
highmem from the command line ("userpte=nohigh") but retains the
status-quo as the default.

It is possible that some simple heuristic could be developed which
allows auto-tuning of this option however I don't have a sufficiently
large machine available to me to perform any particularly meaningful
experiments. We could probably handwave up an argument for a threshold
at 16G of total RAM.

Assuming 768M of lowmem we have 196608 potential lowmem PTE
pages. Each page can map 2M of RAM in a PAE-enabled configuration,
meaning a maximum of 384G of RAM could potentially be mapped using
lowmem PTEs.

Even allowing generous factor of 10 to account for other required
lowmem allocations, generous slop to account for page sharing (which
reduces the total amount of RAM mappable by a given number of PT
pages) and other innacuracies in the estimations it would seem that
even a 32G machine would not have a particularly pressing need for
highmem PTEs. I think 32G could be considered to be at the upper bound
of what might be sensible on a 32 bit machine (although I think in
practice 64G is still supported).

It's seems questionable if HIGHPTE is even a win for any amount of RAM
you would sensibly run a 32 bit kernel on rather than going 64 bit.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
LKML-Reference: <1266403090-20162-1-git-send-email-ian.campbell@citrix.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosched: Don't use possibly stale sched_class
Thomas Gleixner [Wed, 17 Feb 2010 08:05:48 +0000 (09:05 +0100)]
sched: Don't use possibly stale sched_class

commit 83ab0aa0d5623d823444db82c3b3c34d7ec364ae upstream.

setscheduler() saves task->sched_class outside of the rq->lock held
region for a check after the setscheduler changes have become
effective. That might result in checking a stale value.

rtmutex_setprio() has the same problem, though it is protected by
p->pi_lock against setscheduler(), but for correctness sake (and to
avoid bad examples) it needs to be fixed as well.

Retrieve task->sched_class inside of the rq->lock held region.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosched: Fix SMT scheduler regression in find_busiest_queue()
Suresh Siddha [Sat, 13 Feb 2010 01:14:22 +0000 (17:14 -0800)]
sched: Fix SMT scheduler regression in find_busiest_queue()

commit 9000f05c6d1607f79c0deacf42b09693be673f4c upstream.

Fix a SMT scheduler performance regression that is leading to a scenario
where SMT threads in one core are completely idle while both the SMT threads
in another core (on the same socket) are busy.

This is caused by this commit (with the problematic code highlighted)

   commit bdb94aa5dbd8b55e75f5a50b61312fe589e2c2d1
   Author: Peter Zijlstra <a.p.zijlstra@chello.nl>
   Date:   Tue Sep 1 10:34:38 2009 +0200

   sched: Try to deal with low capacity

   @@ -4203,15 +4223,18 @@ find_busiest_queue()
   ...
for_each_cpu(i, sched_group_cpus(group)) {
   + unsigned long power = power_of(i);

   ...

   - wl = weighted_cpuload(i);
   + wl = weighted_cpuload(i) * SCHED_LOAD_SCALE;
   + wl /= power;

   - if (rq->nr_running == 1 && wl > imbalance)
   + if (capacity && rq->nr_running == 1 && wl > imbalance)
continue;

On a SMT system, power of the HT logical cpu will be 589 and
the scheduler load imbalance (for scenarios like the one mentioned above)
can be approximately 1024 (SCHED_LOAD_SCALE). The above change of scaling
the weighted load with the power will result in "wl > imbalance" and
ultimately resulting in find_busiest_queue() return NULL, causing
load_balance() to think that the load is well balanced. But infact
one of the tasks can be moved to the idle core for optimal performance.

We don't need to use the weighted load (wl) scaled by the cpu power to
compare with  imabalance. In that condition, we already know there is only a
single task "rq->nr_running == 1" and the comparison between imbalance,
wl is to make sure that we select the correct priority thread which matches
imbalance. So we really need to compare the imabalnce with the original
weighted load of the cpu and not the scaled load.

But in other conditions where we want the most hammered(busiest) cpu, we can
use scaled load to ensure that we consider the cpu power in addition to the
actual load on that cpu, so that we can move the load away from the
guy that is getting most hammered with respect to the actual capacity,
as compared with the rest of the cpu's in that busiest group.

Fix it.

Reported-by: Ma Ling <ling.ma@intel.com>
Initial-Analysis-by: Zhang, Yanmin <yanmin_zhang@linux.intel.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <1266023662.2808.118.camel@sbs-t61.sc.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosched: Fix sched_mv_power_savings for !SMT
Vaidyanathan Srinivasan [Mon, 8 Feb 2010 10:05:55 +0000 (15:35 +0530)]
sched: Fix sched_mv_power_savings for !SMT

commit 28f5318167adf23b16c844b9c2253f355cb21796 upstream.

Fix for sched_mc_powersavigs for pre-Nehalem platforms.
Child sched domain should clear SD_PREFER_SIBLING if parent will have
SD_POWERSAVINGS_BALANCE because they are contradicting.

Sets the flags correctly based on sched_mc_power_savings.

Signed-off-by: Vaidyanathan Srinivasan <svaidy@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <20100208100555.GD2931@dirshya.in.ibm.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: Check CPL level during privilege instruction emulation
Gleb Natapov [Wed, 10 Feb 2010 12:21:35 +0000 (14:21 +0200)]
KVM: x86 emulator: Check CPL level during privilege instruction emulation

commit e92805ac1228626c59c865f2f4e9059b9fb8c97b upstream.

Add CPL checking in case emulator is tricked into emulating
privilege instruction from userspace.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: Add group9 instruction decoding
Gleb Natapov [Wed, 10 Feb 2010 12:21:30 +0000 (14:21 +0200)]
KVM: x86 emulator: Add group9 instruction decoding

commit 60a29d4ea4e7b6b95d9391ebc8625b0426f3a363 upstream.

Use groups mechanism to decode 0F C7 instructions.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: Forbid modifying CS segment register by mov instruction
Gleb Natapov [Thu, 18 Feb 2010 10:14:59 +0000 (12:14 +0200)]
KVM: x86 emulator: Forbid modifying CS segment register by mov instruction

commit 8b9f44140bc4afd2698413cd9960c3912168ee91 upstream.

Inject #UD if guest attempts to do so. This is in accordance to Intel
SDM.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: Add group8 instruction decoding
Gleb Natapov [Wed, 10 Feb 2010 12:21:29 +0000 (14:21 +0200)]
KVM: x86 emulator: Add group8 instruction decoding

commit 2db2c2eb6226e30f8059b82512a1364db98da8e3 upstream.

Use groups mechanism to decode 0F BA instructions.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: VMX: Trap and invalid MWAIT/MONITOR instruction
Sheng Yang [Tue, 15 Dec 2009 05:29:54 +0000 (13:29 +0800)]
KVM: VMX: Trap and invalid MWAIT/MONITOR instruction

commit 59708670b639bff00f92e519df1ae14da240e919 upstream.

We don't support these instructions, but guest can execute them even if the
feature('monitor') haven't been exposed in CPUID. So we would trap and inject
a #UD if guest try this way.

Signed-off-by: Sheng Yang <sheng@linux.intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodm ioctl: only issue uevent on resume if state changed
Mike Snitzer [Sat, 6 Mar 2010 02:32:24 +0000 (02:32 +0000)]
dm ioctl: only issue uevent on resume if state changed

commit 0f3649a9e305ea22eb196a84a2d7520afcaa6060 upstream.

Only issue a uevent on a resume if the state of the device changed,
i.e. if it was suspended and/or its table was replaced.

Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodm: free dm_io before bio_endio not after
Mikulas Patocka [Sat, 6 Mar 2010 02:32:29 +0000 (02:32 +0000)]
dm: free dm_io before bio_endio not after

commit a97f925a32aad2a37971d7bfb657006acf04e42d upstream.

Free the dm_io structure before calling bio_endio() instead of after it,
to ensure that the io_pool containing it is not referenced after it is
freed.

This partially fixes a problem described here
  https://www.redhat.com/archives/dm-devel/2010-February/msg00109.html

thread 1:
bio_endio(bio, io_error);
/* scheduling happens */
thread 2:
close the device
remove the device
thread 1:
free_io(md, io);

Thread 2, when removing the device, sees non-empty md->io_pool (because the
io hasn't been freed by thread 1 yet) and may crash with BUG in mempool_free.
Thread 1 may also crash, when freeing into a nonexisting mempool.

To fix this we must make sure that bio_endio() is the last call and
the md structure is not accessed afterwards.

There is another bio_endio in process_barrier, but it is called from the thread
and the thread is destroyed prior to freeing the mempools, so this call is
not affected by the bug.

A similar bug exists with module unloads - the module may be unloaded
immediately after bio_endio - but that is more difficult to fix.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>