]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
15 years agonilfs2: fix oops due to inconsistent state in page with discrete b-tree nodes
Ryusuke Konishi [Tue, 28 Jul 2009 08:55:29 +0000 (17:55 +0900)]
nilfs2: fix oops due to inconsistent state in page with discrete b-tree nodes

commit a97778457f22181e8c38c4cd7d7e528378738a98 upstream.

Andrea Gelmini gave me a report that a kernel oops hit on a nilfs
filesystem with a 1KB block size when doing rsync.

This turned out to be caused by an inconsistency of dirty state
between a page and its buffers storing b-tree node blocks.

If the page had multiple buffers split over multiple logs, and if the
logs were written at a time, a dirty flag remained in the page even
every dirty flag in the buffers was cleared.

This will fix the failure by dropping the dirty flag properly for
pages with the discrete multiple b-tree nodes.

Reported-by: Andrea Gelmini <andrea.gelmini@gmail.com>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Tested-by: Andrea Gelmini <andrea.gelmini@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agothinkpad-acpi: disable broken bay and dock subdrivers
Henrique de Moraes Holschuh [Sat, 1 Aug 2009 15:04:17 +0000 (12:04 -0300)]
thinkpad-acpi: disable broken bay and dock subdrivers

commit 550e7fd8afb7664ae7cedb398c407694e2bf7d3c upstream.

Currently, the ThinkPad-ACPI bay and dock drivers are completely
broken, and cause a NULL pointer derreference in kernel mode (and,
therefore, an OOPS) when they try to issue events (i.e. on dock,
undock, bay ejection, etc).

OTOH, the standard ACPI dock driver can handle the hotplug bays and
docks of the ThinkPads just fine (including batteries) as of 2.6.27.
In fact, it does a much better job of it than thinkpad-acpi ever did.

It is just not worth the hassle to find a way to fix this crap without
breaking the (deprecated) thinkpad-acpi dock/bay ABI.  This is old,
deprecated code that sees little testing or use.

As a quick fix suitable for -stable backports, mark the thinkpad-acpi
bay and dock subdrivers as BROKEN in Kconfig.  The dead code will be
removed by a later patch.

This fixes bugzilla #13669, and should be applied to 2.6.27 and later.

Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Reported-by: Joerg Platte <jplatte@naasa.net>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocifs: fix error handling in mount-time DFS referral chasing code
Jeff Layton [Thu, 23 Jul 2009 19:22:30 +0000 (15:22 -0400)]
cifs: fix error handling in mount-time DFS referral chasing code

commit 7b91e2661addd8e2419cb45f6a322aa5dab9bcee upstream.

If the referral is malformed or the hostname can't be resolved, then
the current code generates an oops. Fix it to handle these errors
gracefully.

Reported-by: Sandro Mathys <sm@sandro-mathys.ch>
Acked-by: Igor Mammedov <niallain@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoSCSI: libsas: reuse the original port when hotplugging phys in wide ports
Tom Peng [Wed, 1 Jul 2009 12:37:26 +0000 (20:37 +0800)]
SCSI: libsas: reuse the original port when hotplugging phys in wide ports

commit 5381837f125cc62ad703fbcdfcd7566fc81fd404 upstream.

There's a hotplug problem in the way libsas allocates ports: it loops over the
available ports first trying to add to an existing for a wide port and
otherwise allocating the next free port.  This scheme only works if the port
array is packed from zero, which fails if a port gets hot unplugged and the
array becomes sparse.  In that case, a new port is formed even if there's a
wide port it should be part of.  Fix this by creating two loops over all the
ports:  the first to see if the phy should be part of a wide port and the
second to form a new port in an empty port slot.

Signed-off-by: Tom Peng <tom_peng@usish.com>
Signed-off-by: Jack Wang <jack_wang@usish.com>
Signed-off-by: Lindar Liu <lindar_liu@usish.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoMake SCSI SG v4 driver enabled by default and remove EXPERIMENTAL dependency, since...
John Stoffel [Tue, 4 Aug 2009 20:10:17 +0000 (22:10 +0200)]
Make SCSI SG v4 driver enabled by default and remove EXPERIMENTAL dependency, since udev depends on BSG

commit 14d9fa352592582e457cf75022202766baac1348 upstream.

Make Block Layer SG support v4 the default, since recent udev versions
depend on this to access serial numbers and other low level info properly.

This should be backported to older kernels as well, since most distros have
enabled this for a long time.

Signed-off-by: John Stoffel <john@stoffel.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoedac: x38 fix mchbar high register addr
Lu Zhihe [Wed, 29 Jul 2009 22:02:09 +0000 (15:02 -0700)]
edac: x38 fix mchbar high register addr

commit 3d768213a6c34a27fac1804143da8cf18b8b175f upstream.

Intel X38 MCHBAR is a 64bits register, base from 0x48, so its higher base
is 0x4C.

Signed-off-by: Lu Zhihe <tombowfly@gmail.com>
Signed-off-by: Doug Thompson <dougthompson@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: storage: raise timeout in usb_stor_Bulk_max_lun
Giacomo Lozito [Mon, 13 Jul 2009 21:23:33 +0000 (23:23 +0200)]
USB: storage: raise timeout in usb_stor_Bulk_max_lun

commit 7a777919bbeec3eac1d7904a728a60e9c2bb9c67 upstream.

Requests to get max LUN, for certain USB storage devices, require a
longer timeout before a correct reply is returned. This happens for a
Realtek USB Card Reader (0bda:0152), which has a max LUN of 3 but is set
to 0, thus losing functionality, because of the timeout occurring too
quickly.

Raising the timeout value fixes the issue and might help other devices
to return a correct max LUN value as well.

Signed-off-by: Giacomo Lozito <james@develia.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosysfs: fix hardlink count on device_move
Peter Oberparleiter [Tue, 14 Jul 2009 15:56:15 +0000 (17:56 +0200)]
sysfs: fix hardlink count on device_move

commit 0f58b44582001c8bcdb75f36cf85ebbe5170e959 upstream.

Update directory hardlink count when moving kobjects to a new parent.
Fixes the following problem which occurs when several devices are
moved to the same parent and then unregistered:

> ls -laF /sys/devices/css0/defunct/
> total 0
> drwxr-xr-x 4294967295 root root    0 2009-07-14 17:02 ./
> drwxr-xr-x        114 root root    0 2009-07-14 17:02 ../
> drwxr-xr-x          2 root root    0 2009-07-14 17:01 power/
> -rw-r--r--          1 root root 4096 2009-07-14 17:01 uevent

Signed-off-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: Set SSC frequency for 8xx chips correctly
Ma Ling [Thu, 25 Jun 2009 02:59:22 +0000 (10:59 +0800)]
drm/i915: Set SSC frequency for 8xx chips correctly

(cherry picked from commit 6ff4fd05676bc5b5c930bef25901e489f7843660)

All 8xx class chips have the 66/48 split, not just 855.

Signed-off-by: Ma Ling <ling.ma@intel.com>
Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: initialize fence registers to zero when loading GEM
Grégoire Henry [Tue, 23 Jun 2009 13:41:02 +0000 (15:41 +0200)]
drm/i915: initialize fence registers to zero when loading GEM

(cherry picked from commit b5aa8a0fc132dd512c33e7c2621d075e3b77a65e)

Unitialized fence register could leads to corrupted display. Problem
encountered on MacBooks (revision 1 and 2), directly booting from EFI
or through BIOS emulation.

(bug #21710 at freedestop.org)

Signed-off-by: Grégoire Henry <henry@pps.jussieu.fr>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: Hook connector to encoder during load detection (fixes tv/vga detect)
Keith Packard [Sat, 6 Jun 2009 01:19:56 +0000 (18:19 -0700)]
drm/i915: Hook connector to encoder during load detection (fixes tv/vga detect)

(cherry picked from commit 03d6069912babc07a3da20e715dd6a5dc8f0f867)

With the DRM-driven DPMS code, encoders are considered idle unless a
connector is hooked to them, so mode setting is skipped. This makes load
detection fail as none of the hardware is enabled.

Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: Skip lvds with Aopen i945GTt-VFA
Michael Cousin [Fri, 5 Jun 2009 19:16:22 +0000 (21:16 +0200)]
drm/i915: Skip lvds with Aopen i945GTt-VFA

(cherry picked from commit fa0864b26b4bfa1dd4bb78eeffbc1f398cb56425)

Signed-off-by: Michael Cousin <mika.cousin@gmail.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: avoid non-atomic sysrq execution
Jesse Barnes [Fri, 15 May 2009 21:11:48 +0000 (14:11 -0700)]
drm/i915: avoid non-atomic sysrq execution

(cherry picked from commit b66d18ddb16603d1e1ec39cb2ff3abf3fd212180)

The sysrq functions are executed in hardirq context, so we shouldn't be
calling sleeping functions from them, like mutex_locks or memory
allocations.

Fix up the i915 sysrq handler to avoid this.

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: apply G45 vblank count code to all G4x chips and fix max_frame_count
Jesse Barnes [Tue, 5 May 2009 20:13:16 +0000 (13:13 -0700)]
drm/i915: apply G45 vblank count code to all G4x chips and fix max_frame_count

(cherry picked from commit 42c2798b35b95c471877133e19ccc3cab00e9b65)

All G4x and newer chips use the new style frame count register, with a
full 32 bit frame count.  Update the code to reflect this.

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: add ignore lvds quirk info for AOpen Mini PC
Jarod Wilson [Wed, 27 May 2009 21:20:39 +0000 (17:20 -0400)]
drm/i915: add ignore lvds quirk info for AOpen Mini PC

(cherry picked from commit 70aa96ca2d8d938fc036ef8fd189b0151f4fc3ba)

Fix a FIXME in the intel LVDS bring-up code, adding the appropriate
blacklist entry for the AOpen Mini PC, courtesy of a dmidecode
dump from Florian Demmer.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
CC: Florian Demmer <florian@demmer.org>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: Save/restore cursor state on suspend/resume.
Eric Anholt [Wed, 3 Jun 2009 07:26:58 +0000 (07:26 +0000)]
drm/i915: Save/restore cursor state on suspend/resume.

(cherry picked from commit 1fd1c624362819ecc36db2458c6a972c48ae92d6)

This may fix cursor corruption in X on resume, which would persist until
the cursor was hidden and then shown again.

V2: Also include the cursor control regs.

Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoinet: Call skb_orphan before tproxy activates
Herbert Xu [Sat, 27 Jun 2009 02:22:37 +0000 (19:22 -0700)]
inet: Call skb_orphan before tproxy activates

[ Upstream commit 71f9dacd2e4d233029e9e956ca3f79531f411827 ]

As transparent proxying looks up the socket early and assigns
it to the skb for later processing, we must drop any existing
socket ownership prior to that in order to distinguish between
the case where tproxy is active and where it is not.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonet: Move rx skb_orphan call to where needed
Herbert Xu [Fri, 26 Jun 2009 18:31:57 +0000 (11:31 -0700)]
net: Move rx skb_orphan call to where needed

[ Upstream commit 329c44e3948473916bccd253a37ac2a66dad9862 ]

In order to get the tun driver to account packets, we need to be
able to receive packets with destructors set.  To be on the safe
side, I added an skb_orphan call for all protocols by default since
some of them (IP in particular) cannot handle receiving packets
destructors properly.

Now it seems that at least one protocol (CAN) expects to be able
to pass skb->sk through the rx path without getting clobbered.

So this patch attempts to fix this properly by moving the skb_orphan
call to where it's actually needed.  In particular, I've added it
to skb_set_owner_[rw] which is what most users of skb->destructor
call.

This is actually an improvement for tun too since it means that
we only give back the amount charged to the socket when the skb
is passed to another socket that will also be charged accordingly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Oliver Hartkopp <olver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agogso: Stop fraglists from escaping
Herbert Xu [Thu, 4 Jun 2009 04:20:51 +0000 (21:20 -0700)]
gso: Stop fraglists from escaping

[ Upstream commit 278b2513f76161a9cf1ebddd620dc9d1714fe573 ]

As it stands skb fraglists can get past the check in dev_queue_xmit
if the skb is marked as GSO.  In particular, if the packet doesn't
have the proper checksums for GSO, but can otherwise be handled by
the underlying device, we will not perform the fraglist check on it
at all.

If the underlying device cannot handle fraglists, then this will
break.

The fix is as simple as moving the fraglist check from the device
check into skb_gso_ok.

This has caused crashes with Xen when used together with GRO which
can generate GSO packets with fraglists.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agogro: Flush GRO packets in napi_disable_pending path
Herbert Xu [Sat, 27 Jun 2009 02:27:04 +0000 (19:27 -0700)]
gro: Flush GRO packets in napi_disable_pending path

[ Upstream commit ff780cd8f2fa928b193554f593b36d1243554212 ]

When NAPI is disabled while we're in net_rx_action, we end up
calling __napi_complete without flushing GRO packets.  This is
a bug as it would cause the GRO packets to linger, of course it
also literally BUGs to catch error like this :)

This patch changes it to napi_complete, with the obligatory IRQ
reenabling.  This should be safe because we've only just disabled
IRQs and it does not materially affect the test conditions in
between.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonet: sock_copy() fixes
Eric Dumazet [Wed, 29 Jul 2009 01:59:07 +0000 (18:59 -0700)]
net: sock_copy() fixes

[ Upstream commit 4dc6dc7162c08b9965163c9ab3f9375d4adff2c7 ]

Commit e912b1142be8f1e2c71c71001dc992c6e5eb2ec1
(net: sk_prot_alloc() should not blindly overwrite memory)
took care of not zeroing whole new socket at allocation time.

sock_copy() is another spot where we should be very careful.
We should not set refcnt to a non null value, until
we are sure other fields are correctly setup, or
a lockless reader could catch this socket by mistake,
while not fully (re)initialized.

This patch puts sk_node & sk_refcnt to the very beginning
of struct sock to ease sock_copy() & sk_prot_alloc() job.

We add appropriate smp_wmb() before sk_refcnt initializations
to match our RCU requirements (changes to sock keys should
be committed to memory before sk_refcnt setting)

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonet: sk_prot_alloc() should not blindly overwrite memory
Eric Dumazet [Wed, 8 Jul 2009 19:36:05 +0000 (19:36 +0000)]
net: sk_prot_alloc() should not blindly overwrite memory

[ Upstream commit e912b1142be8f1e2c71c71001dc992c6e5eb2ec1 ]

Some sockets use SLAB_DESTROY_BY_RCU, and our RCU code correctness
depends on sk->sk_nulls_node.next being always valid. A NULL
value is not allowed as it might fault a lockless reader.

Current sk_prot_alloc() implementation doesnt respect this hypothesis,
calling kmem_cache_alloc() with __GFP_ZERO. Just call memset() around
the forbidden field.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agousbnet cdc_subset: fix issues talking to PXA gadgets
David Brownell [Sat, 20 Jun 2009 08:21:53 +0000 (01:21 -0700)]
usbnet cdc_subset: fix issues talking to PXA gadgets

[ Upstream commit 6be832529a8129c9d90a1d3a78c5d503a710b6fc ]

The host-side CDC subset driver is binding more specifically
than it should ... only to PXA 210/25x/26x Linux-USB gadgets.

Loosen that restriction to match the gadget driver driver.
This will various PXA 27x and PXA 3xx devices happier when
talking to Linux hosts, potentially others.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Tested-by: Aric D. Blumer <aric@sdgsystems.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosky2: Fix checksum endianness
Anton Vorontsov [Fri, 26 Jun 2009 16:28:42 +0000 (09:28 -0700)]
sky2: Fix checksum endianness

[ Upstream commit b9389796fa4c87fbdff33816e317cdae5f36dd0b ]

sky2 driver on PowerPC targets floods kernel log with following errors:

  eth1: hw csum failure.
  Call Trace:
  [ef84b8a0] [c00075e4] show_stack+0x50/0x160 (unreliable)
  [ef84b8d0] [c02fa178] netdev_rx_csum_fault+0x3c/0x5c
  [ef84b8f0] [c02f6920] __skb_checksum_complete_head+0x7c/0x84
  [ef84b900] [c02f693c] __skb_checksum_complete+0x14/0x24
  [ef84b910] [c0337e08] tcp_v4_rcv+0x4c8/0x6f8
  [ef84b940] [c031a9c8] ip_local_deliver+0x98/0x210
  [ef84b960] [c031a788] ip_rcv+0x38c/0x534
  [ef84b990] [c0300338] netif_receive_skb+0x260/0x36c
  [ef84b9c0] [c025de00] sky2_poll+0x5dc/0xcf8
  [ef84ba20] [c02fb7fc] net_rx_action+0xc0/0x144

The NIC is Yukon-2 EC chip revision 1.

Converting checksum field from le16 to CPU byte order fixes the issue.

Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoipsec: Fix name of CAST algorithm
Herbert Xu [Wed, 24 Jun 2009 10:55:41 +0000 (03:55 -0700)]
ipsec: Fix name of CAST algorithm

[ Upstream commit 245acb87729bc76ba65c7476665c01837e0cdccb ]

Our CAST algorithm is called cast5, not cast128.  Clearly nobody
has ever used it :)

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoE100: work around the driver using streaming DMA mapping for RX descriptors.
Krzysztof Halasa [Tue, 14 Jul 2009 11:01:54 +0000 (11:01 +0000)]
E100: work around the driver using streaming DMA mapping for RX descriptors.

[ Upstream commit 303d67c288319768b19ed8dbed429fef7eb7c275 ]

E100 places it's RX packet descriptors inside skb->data and uses them
with bidirectional streaming DMA mapping. Unfortunately it fails to
transfer skb->data ownership to the device after it reads the
descriptor's status, breaking on non-coherent (e.g., ARM) platforms.

This have to be converted to use coherent memory for the descriptors.

Signed-off-by: Krzysztof Halasa <khc@pm.waw.pl>
Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agobe2net: Fix to avoid a crash seen on PPC with LRO and Jumbo frames.
Ajit Khaparde [Wed, 29 Jul 2009 01:48:50 +0000 (18:48 -0700)]
be2net: Fix to avoid a crash seen on PPC with LRO and Jumbo frames.

[ Upstream commit bd46cb6cf11867130a41ea9546dd65688b71f3c2 ]

While testing the driver on PPC, we ran into a crash with LRO, Jumbo frames.
With CONFIG_PPC_64K_PAGES configured (a default in PPC), MAX_SKB_FRAGS drops to 3 and we were crossing the array limits on skb_shinfo(skb)->frags[].
Now we coalesce the frags from the same physical page into one slot in
skb_shinfo(skb)->frags[] and go to the next index when the frag is from

different physical page.

This patch is against the net-2.6 tree.

Signed-off-by: Ajit Khaparde <ajitk@serverengines.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: only show active power level via sysfs
Reinette Chatre [Wed, 29 Jul 2009 03:35:50 +0000 (20:35 -0700)]
iwlwifi: only show active power level via sysfs

commit 872ed1902f511a8947021c562f5728a5bf0640b5 upstream.

This changes the power_level file to adhere to the "one value
per file" sysfs rule. The user will know which power level was
requested as it will be the number just written to this file. It
is thus not necessary to create a new sysfs file for this value.

In addition it fixes a problem where powertop's parsing expects
this value to be the first value in this file without any descriptions.

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoLinux 2.6.30.4 v2.6.30.4
Greg Kroah-Hartman [Thu, 30 Jul 2009 22:34:47 +0000 (15:34 -0700)]
Linux 2.6.30.4

15 years agoeCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size (CVE-2009-2407)
Ramon de Carvalho Valle [Tue, 28 Jul 2009 18:58:22 +0000 (13:58 -0500)]
eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size (CVE-2009-2407)

commit f151cd2c54ddc7714e2f740681350476cda03a28 upstream.

The parse_tag_3_packet function does not check if the tag 3 packet contains a
encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.

Signed-off-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
[tyhicks@linux.vnet.ibm.com: Added printk newline and changed goto to out_free]
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoeCryptfs: Check Tag 11 literal data buffer size (CVE-2009-2406)
Tyler Hicks [Tue, 28 Jul 2009 18:57:01 +0000 (13:57 -0500)]
eCryptfs: Check Tag 11 literal data buffer size (CVE-2009-2406)

commit 6352a29305373ae6196491e6d4669f301e26492e upstream.

Tag 11 packets are stored in the metadata section of an eCryptfs file to
store the key signature(s) used to encrypt the file encryption key.
After extracting the packet length field to determine the key signature
length, a check is not performed to see if the length would exceed the
key signature buffer size that was passed into parse_tag_11_packet().

Thanks to Ramon de Carvalho Valle for finding this bug using fsfuzzer.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonommu: Provide mmap_min_addr definition.
Paul Mundt [Tue, 9 Jun 2009 08:48:56 +0000 (17:48 +0900)]
nommu: Provide mmap_min_addr definition.

commit 35f2c2f6f6ae13ef23c4f68e6d3073753077ca43 upstream.

With the "security: use mmap_min_addr indepedently of security models"
change, mmap_min_addr is used in common areas, which susbsequently blows
up the nommu build. This stubs in the definition in the nommu case as
well.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Cc: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: James Morris <jmorris@namei.org>
15 years agolibata: fix follow-up SRST failure path
Tejun Heo [Wed, 8 Jul 2009 03:16:37 +0000 (12:16 +0900)]
libata: fix follow-up SRST failure path

commit fe2c4d018fc6127610fef677e020b3bb41cfaaaf upstream.

ata_eh_reset() was missing error return handling after follow-up SRST
allowing EH to continue the normal probing path after reset failure.
This was discovered while testing new WD 2TB drives which take longer
than 10 secs to spin up and cause the first follow-up SRST to time
out.

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoInput: wistron_btns - recognize Maxdata Pro 7000 notebooks
Giuseppe Mazzotta [Mon, 13 Jul 2009 04:02:27 +0000 (21:02 -0700)]
Input: wistron_btns - recognize Maxdata Pro 7000 notebooks

commit e705cee427e319665969ef7ac664f3612dec8899 upstream.

This patch adds DMI information to automatically load the correct
layout for the Maxdata Pro 7000X/DX notebook models. Such notebooks
are clones of Fujitsu Amilo V2000, the hook for the v2000 is being
used and I have tested that perfectly works.

The immediate result of integrating this patch is that the five
special buttons will work on these specific notebook models and that
the RF killswitch will not be activated after suspend. This patch
definitively obsoletes the fsam7400 module which I was still needing
to enable wifi and to fix the RF killswitch suspend problem; in the
current 2.6.30 kernel it is necessary to load the wistron_btns module
with options 'force=1 keymap=1557/MS2141', which was not anyway a
complete workaround.

Signed-off-by: Giuseppe Mazzotta <g.mazzotta@iragan.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetdev: restore MTU change operation
Ben Hutchings [Sun, 12 Jul 2009 22:56:27 +0000 (23:56 +0100)]
netdev: restore MTU change operation

commit 635ecaa70e862f85f652581305fe0074810893be upstream

netdev: restore MTU change operation

alloc_etherdev() used to install a default implementation of this
operation, but it must now be explicitly installed in struct
net_device_ops.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetdev: restore MAC address set and validate operations
Ben Hutchings [Thu, 9 Jul 2009 17:54:35 +0000 (17:54 +0000)]
netdev: restore MAC address set and validate operations

commit 240c102d9c54fee7fdc87a4ef2fabc7eb539e00a upstream.

alloc_etherdev() used to install default implementations of these
operations, but they must now be explicitly installed in struct
net_device_ops.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonf_conntrack: nf_conntrack_alloc() fixes
Eric Dumazet [Thu, 23 Jul 2009 14:15:34 +0000 (16:15 +0200)]
nf_conntrack: nf_conntrack_alloc() fixes

commit 941297f443f871b8c3372feccf27a8733f6ce9e9 upstream.

When a slab cache uses SLAB_DESTROY_BY_RCU, we must be careful when allocating
objects, since slab allocator could give a freed object still used by lockless
readers.

In particular, nf_conntrack RCU lookups rely on ct->tuplehash[xxx].hnnode.next
being always valid (ie containing a valid 'nulls' value, or a valid pointer to next
object in hash chain.)

kmem_cache_zalloc() setups object with NULL values, but a NULL value is not valid
for ct->tuplehash[xxx].hnnode.next.

Fix is to call kmem_cache_alloc() and do the zeroing ourself.

As spotted by Patrick, we also need to make sure lookup keys are committed to
memory before setting refcount to 1, or a lockless reader could get a reference
on the old version of the object. Its key re-check could then pass the barrier.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: tcp conntrack: fix unacknowledged data detection with NAT
Patrick McHardy [Mon, 29 Jun 2009 12:07:56 +0000 (14:07 +0200)]
netfilter: tcp conntrack: fix unacknowledged data detection with NAT

commit a3a9f79e361e864f0e9d75ebe2a0cb43d17c4272 upstream.

When NAT helpers change the TCP packet size, the highest seen sequence
number needs to be corrected. This is currently only done upwards, when
the packet size is reduced the sequence number is unchanged. This causes
TCP conntrack to falsely detect unacknowledged data and decrease the
timeout.

Fix by updating the highest seen sequence number in both directions after
packet mangling.

Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: xt_rateest: fix comparison with self
Patrick McHardy [Mon, 22 Jun 2009 12:17:12 +0000 (14:17 +0200)]
netfilter: xt_rateest: fix comparison with self

commit 4d900f9df5f0569c2dc536701e2c11b6d50ebebf upstream.

As noticed by Török Edwin <edwintorok@gmail.com>:

Compiling the kernel with clang has shown this warning:

net/netfilter/xt_rateest.c:69:16: warning: self-comparison always results in a
constant value
                        ret &= pps2 == pps2;
                                    ^
Looking at the code:
if (info->flags & XT_RATEEST_MATCH_BPS)
            ret &= bps1 == bps2;
        if (info->flags & XT_RATEEST_MATCH_PPS)
            ret &= pps2 == pps2;

Judging from the MATCH_BPS case it seems to be a typo, with the intention of
comparing pps1 with pps2.

http://bugzilla.kernel.org/show_bug.cgi?id=13535

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: xt_quota: fix incomplete initialization
Jan Engelhardt [Mon, 22 Jun 2009 12:16:45 +0000 (14:16 +0200)]
netfilter: xt_quota: fix incomplete initialization

commit 6d62182fea6cc6bbc8d82a691ad0608d68a54aeb upstream.

Commit v2.6.29-rc5-872-gacc738f ("xtables: avoid pointer to self")
forgot to copy the initial quota value supplied by iptables into the
private structure, thus counting from whatever was in the memory
kmalloc returned.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: nf_log: fix direct userspace memory access in proc handler
Patrick McHardy [Mon, 22 Jun 2009 12:15:30 +0000 (14:15 +0200)]
netfilter: nf_log: fix direct userspace memory access in proc handler

commit 249556192859490b6280552d4b877064f9f5ee48 upstream.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: nf_conntrack: fix conntrack lookup race
Patrick McHardy [Mon, 22 Jun 2009 12:14:41 +0000 (14:14 +0200)]
netfilter: nf_conntrack: fix conntrack lookup race

commit 8d8890b7751387f58ce0a6428773de2fbc0fd596 upstream.

The RCU protected conntrack hash lookup only checks whether the entry
has a refcount of zero to decide whether it is stale. This is not
sufficient, entries are explicitly removed while there is at least
one reference left, possibly more. Explicitly check whether the entry
has been marked as dying to fix this.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: nf_conntrack: fix confirmation race condition
Patrick McHardy [Mon, 22 Jun 2009 12:14:16 +0000 (14:14 +0200)]
netfilter: nf_conntrack: fix confirmation race condition

commit 5c8ec910e789a92229978d8fd1fce7b62e8ac711 upstream.

New connection tracking entries are inserted into the hash before they
are fully set up, namely the CONFIRMED bit is not set and the timer not
started yet. This can theoretically lead to a race with timer, which
would set the timeout value to a relative value, most likely already in
the past.

Perform hash insertion as the final step to fix this.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: nf_log: fix sleeping function called from invalid context
Patrick McHardy [Sat, 13 Jun 2009 10:21:10 +0000 (12:21 +0200)]
netfilter: nf_log: fix sleeping function called from invalid context

commit 266d07cb1c9a0c345d7d3aea889f92062894059e upstream.

Fix regression introduced by 17625274 "netfilter: sysctl support of
logger choice":

BUG: sleeping function called from invalid context at /mnt/s390test/linux-2.6-tip/arch/s390/include/asm/uaccess.h:234
in_atomic(): 1, irqs_disabled(): 0, pid: 3245, name: sysctl
CPU: 1 Not tainted 2.6.30-rc8-tipjun10-02053-g39ae214 #1
Process sysctl (pid: 3245, task: 000000007f675da0, ksp: 000000007eb17cf0)
0000000000000000 000000007eb17be8 0000000000000002 0000000000000000
       000000007eb17c88 000000007eb17c00 000000007eb17c00 0000000000048156
       00000000003e2de8 000000007f676118 000000007eb17f10 0000000000000000
       0000000000000000 000000007eb17be8 000000000000000d 000000007eb17c58
       00000000003e2050 000000000001635c 000000007eb17be8 000000007eb17c30
Call Trace:
(Ý<00000000000162e6>¨ show_trace+0x13a/0x148)
 Ý<00000000000349ea>¨ __might_sleep+0x13a/0x164
 Ý<0000000000050300>¨ proc_dostring+0x134/0x22c
 Ý<0000000000312b70>¨ nf_log_proc_dostring+0xfc/0x188
 Ý<0000000000136f5e>¨ proc_sys_call_handler+0xf6/0x118
 Ý<0000000000136fda>¨ proc_sys_read+0x26/0x34
 Ý<00000000000d6e9c>¨ vfs_read+0xac/0x158
 Ý<00000000000d703e>¨ SyS_read+0x56/0x88
 Ý<0000000000027f42>¨ sysc_noemu+0x10/0x16

Use the nf_log_mutex instead of RCU to fix this.

Reported-and-tested-by: Maran Pakkirisamy <maranpsamy@in.ibm.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agopowerpc/mpic: Fix mapping of "DCR" based MPIC variants
Benjamin Herrenschmidt [Mon, 22 Jun 2009 16:47:59 +0000 (16:47 +0000)]
powerpc/mpic: Fix mapping of "DCR" based MPIC variants

commit 5a2642f620eb6e40792822fa0eafe23046fbb55e upstream.

Commit 31207dab7d2e63795eb15823947bd2f7025b08e2
"Fix incorrect allocation of interrupt rev-map"
introduced a regression crashing on boot on machines using
a "DCR" based MPIC, such as the Cell blades.

The reason is that the irq host data structure is initialized
much later as a result of that patch, causing our calls to
mpic_map() do be done before we have a host setup.

Unfortunately, this breaks _mpic_map_dcr() which uses the
mpic->irqhost to get to the device node.

This fixes it by, instead, passing the device node explicitely
to mpic_map().

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Akira Tsukamoto <akirat@rd.scei.sony.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agohwmon: (max6650) Fix lock imbalance
Jiri Slaby [Sat, 11 Jul 2009 11:42:37 +0000 (13:42 +0200)]
hwmon: (max6650) Fix lock imbalance

commit 025dc740d01f99ccba945df1f9ef9e06b1c15d96 upstream.

Add omitted update_lock to one switch/case in set_div.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Hans J. Koch <hjk@linutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoelf: fix one check-after-use
Amerigo Wang [Wed, 1 Jul 2009 05:06:26 +0000 (01:06 -0400)]
elf: fix one check-after-use

commit e2dbe12557d85d81f4527879499f55681c3cca4f upstream.

Check before use it.

Signed-off-by: WANG Cong <amwang@redhat.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: David Howells <dhowells@redhat.com>
Acked-by: Roland McGrath <roland@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomm: mark page accessed before we write_end()
Josef Bacik [Sun, 5 Jul 2009 19:08:18 +0000 (12:08 -0700)]
mm: mark page accessed before we write_end()

commit c8236db9cd7aa492dcfcdcca702638e704abed49 upstream.

In testing a backport of the write_begin/write_end AOPs, a 10% re-read
regression was noticed when running iozone.  This regression was
introduced because the old AOPs would always do a mark_page_accessed(page)
after the commit_write, but when the new AOPs where introduced, the only
place this was kept was in pagecache_write_end().

This patch does the same thing in the generic case as what is done in
pagecache_write_end(), which is just to mark the page accessed before we
do write_end().

Signed-off-by: Josef Bacik <jbacik@redhat.com>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: don't use 'access_ok()' as a range check in get_user_pages_fast()
Linus Torvalds [Mon, 22 Jun 2009 17:25:25 +0000 (10:25 -0700)]
x86: don't use 'access_ok()' as a range check in get_user_pages_fast()

[ Upstream commit 7f8189068726492950bf1a2dcfd9b51314560abf - modified
  for stable to not use the sloppy __VIRTUAL_MASK_SHIFT ]

It's really not right to use 'access_ok()', since that is meant for the
normal "get_user()" and "copy_from/to_user()" accesses, which are done
through the TLB, rather than through the page tables.

Why? access_ok() does both too few, and too many checks.  Too many,
because it is meant for regular kernel accesses that will not honor the
'user' bit in the page tables, and because it honors the USER_DS vs
KERNEL_DS distinction that we shouldn't care about in GUP.  And too few,
because it doesn't do the 'canonical' check on the address on x86-64,
since the TLB will do that for us.

So instead of using a function that isn't meant for this, and does
something else and much more complicated, just do the real rules: we
don't want the range to overflow, and on x86-64, we want it to be a
canonical low address (on 32-bit, all addresses are canonical).

Acked-by: Ingo Molnar <mingo@elte.hu>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agovmscan: do not unconditionally treat zones that fail zone_reclaim() as full
Mel Gorman [Wed, 1 Jul 2009 08:26:25 +0000 (09:26 +0100)]
vmscan: do not unconditionally treat zones that fail zone_reclaim() as full

commit fa5e084e43eb14c14942027e1e2e894aeed96097 upstream.

vmscan: do not unconditionally treat zones that fail zone_reclaim() as full

On NUMA machines, the administrator can configure zone_reclaim_mode that
is a more targetted form of direct reclaim.  On machines with large NUMA
distances for example, a zone_reclaim_mode defaults to 1 meaning that
clean unmapped pages will be reclaimed if the zone watermarks are not
being met.  The problem is that zone_reclaim() failing at all means the
zone gets marked full.

This can cause situations where a zone is usable, but is being skipped
because it has been considered full.  Take a situation where a large tmpfs
mount is occuping a large percentage of memory overall.  The pages do not
get cleaned or reclaimed by zone_reclaim(), but the zone gets marked full
and the zonelist cache considers them not worth trying in the future.

This patch makes zone_reclaim() return more fine-grained information about
what occured when zone_reclaim() failued.  The zone only gets marked full
if it really is unreclaimable.  If it's a case that the scan did not occur
or if enough pages were not reclaimed with the limited reclaim_mode, then
the zone is simply skipped.

There is a side-effect to this patch.  Currently, if zone_reclaim()
successfully reclaimed SWAP_CLUSTER_MAX, an allocation attempt would go
ahead.  With this patch applied, zone watermarks are rechecked after
zone_reclaim() does some work.

This bug was introduced by commit 9276b1bc96a132f4068fdee00983c532f43d3a26
("memory page_alloc zonelist caching speedup") way back in 2.6.19 when the
zonelist_cache was introduced.  It was not intended that zone_reclaim()
aggressively consider the zone to be full when it failed as full direct
reclaim can still be an option.  Due to the age of the bug, it should be
considered a -stable candidate.

Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Reviewed-by: Wu Fengguang <fengguang.wu@intel.com>
Reviewed-by: Rik van Riel <riel@redhat.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoStaging: rt2870: Add USB ID for Sitecom WL-608
Jorrit Schippers [Wed, 10 Jun 2009 13:34:26 +0000 (15:34 +0200)]
Staging: rt2870: Add USB ID for Sitecom WL-608

commit 8dfb00571819ce491ce1760523d50e85bcd2185f upstream.

Add the USB id 0x0DF6,0x003F to the rt2870.h file such that the
Sitecom WL-608 device will be recognized by this driver.

Signed-off-by: Jorrit Schippers <jorrit@ncode.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86, setup (2.6.30-stable) fix 80x34 and 80x60 console modes
Marc Aurele La France [Tue, 30 Jun 2009 00:07:02 +0000 (18:07 -0600)]
x86, setup (2.6.30-stable) fix 80x34 and 80x60 console modes

Note: this is not in upstream since upstream is not affected due to the
      new "BIOS glovebox" subsystem.

As coded, most INT10 calls in video-vga.c allow the compiler to assume
EAX remains unchanged across them, which is not always the case.  This
triggers an optimisation issue that causes vga_set_vertical_end() to be
called with an incorrect number of scanlines.  Fix this by beefing up
the asm constraints on these calls.

Reported-by: Marc Aurele La France <tsi@xfree86.org>
Signed-off-by: Marc Aurele La France <tsi@xfree86.org>
Acked-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoparisc: fix ldcw inline assembler
Helge Deller [Thu, 30 Apr 2009 21:39:45 +0000 (21:39 +0000)]
parisc: fix ldcw inline assembler

commit 7d17e2763129ea307702fcdc91f6e9d114b65c2d upstream.

There are two reasons to expose the memory *a in the asm:

1) To prevent the compiler from discarding a preceeding write to *a, and
2) to prevent it from caching *a in a register over the asm.

The change has had a few days testing with a SMP build of 2.6.22.19
running on a rp3440.

This patch is about the correctness of the __ldcw() macro itself.
The use of the macro should be confined to small inline functions
to try to limit the effect of clobbering memory on GCC's optimization
of loads and stores.

Signed-off-by: Dave Anglin <dave.anglin@nrc-cnrc.gc.ca>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoparisc: ensure broadcast tlb purge runs single threaded
Helge Deller [Tue, 16 Jun 2009 20:51:48 +0000 (20:51 +0000)]
parisc: ensure broadcast tlb purge runs single threaded

commit e82a3b75127188f20c7780bec580e148beb29da7 upstream.

The TLB flushing functions on hppa, which causes PxTLB broadcasts on the system
bus, needs to be protected by irq-safe spinlocks to avoid irq handlers to deadlock
the kernel. The deadlocks only happened during I/O intensive loads and triggered
pretty seldom, which is why this bug went so long unnoticed.

Signed-off-by: Helge Deller <deller@gmx.de>
[edited to use spin_lock_irqsave on UP as well since we'd been locking there
 all this time anyway, --kyle]
Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86-64: Fix bad_srat() to clear all state
Andi Kleen [Sat, 18 Jul 2009 06:56:57 +0000 (08:56 +0200)]
x86-64: Fix bad_srat() to clear all state

commit 429b2b319af3987e808c18f6b81313104caf782c upstream.

Need to clear both nodes and nodes_add state for start/end.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
LKML-Reference: <20090718065657.GA2898@basil.fritz.box>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: Add quirk for Intel DG45ID board to avoid low memory corruption
Alexey Fisher [Wed, 15 Jul 2009 12:16:09 +0000 (14:16 +0200)]
x86: Add quirk for Intel DG45ID board to avoid low memory corruption

commit 6aa542a694dc9ea4344a8a590d2628c33d1b9431 upstream.

AMI BIOS with low memory corruption was found on Intel DG45ID
board (Bug 13710). Add this board to the blacklist - in the
(somewhat optimistic) hope of future boards/BIOSes from Intel
not having this bug.

Also see:

  http://bugzilla.kernel.org/show_bug.cgi?id=13736

Signed-off-by: Alexey Fisher <bug-track@fisher-privat.net>
Cc: ykzhao <yakui.zhao@intel.com>
Cc: alan@lxorguk.ukuu.org.uk
Cc: <stable@kernel.org>
LKML-Reference: <1247660169-4503-1-git-send-email-bug-track@fisher-privat.net>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: Fix movq immediate operand constraints in uaccess.h
H. Peter Anvin [Tue, 21 Jul 2009 06:27:39 +0000 (23:27 -0700)]
x86: Fix movq immediate operand constraints in uaccess.h

commit ebe119cd0929df4878f758ebf880cb435e4dcaaf upstream.

The movq instruction, generated by __put_user_asm() when used for
64-bit data, takes a sign-extended immediate ("e") not a zero-extended
immediate ("Z").

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: Fix movq immediate operand constraints in uaccess_64.h
Uros Bizjak [Sun, 19 Jul 2009 16:06:35 +0000 (18:06 +0200)]
x86: Fix movq immediate operand constraints in uaccess_64.h

commit 155b73529583c38f30fd394d692b15a893960782 upstream.

arch/x86/include/asm/uaccess_64.h uses wrong asm operand constraint
("ir") for movq insn. Since movq sign-extends its immediate operand,
"er" constraint should be used instead.

Attached patch changes all uses of __put_user_asm in uaccess_64.h to use
"er" when "q" insn suffix is involved.

Patch was compile tested on x86_64 with defconfig.

Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: geode: Mark mfgpt irq IRQF_TIMER to prevent resume failure
Thomas Gleixner [Fri, 24 Jul 2009 06:34:59 +0000 (08:34 +0200)]
x86: geode: Mark mfgpt irq IRQF_TIMER to prevent resume failure

commit d6c585a4342a2ff627a29f9aea77c5ed4cd76023 upstream.

Timer interrupts are excluded from being disabled during suspend. The
clock events code manages the disabling of clock events on its own
because the timer interrupt needs to be functional before the resume
code reenables the device interrupts.

The mfgpt timer request its interrupt without setting the IRQF_TIMER
flag so suspend_device_irqs() disables it as well which results in a
fatal resume failure.

Adding IRQF_TIMER to the interupt flags when requesting the mrgpt
timer interrupt solves the problem.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
LKML-Reference: <new-submission>
Cc: Andres Salomon <dilinger@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm raid1: wake kmirrord when requeueing delayed bios after remote recovery
Mikulas Patocka [Thu, 23 Jul 2009 19:30:37 +0000 (20:30 +0100)]
dm raid1: wake kmirrord when requeueing delayed bios after remote recovery

commit 69885683d22d8c05910fd808c01fdce1322739b4 upstream.

The recent commit 7513c2a761d69d2a93f17146b3563527d3618ba0 (dm raid1:
add is_remote_recovering hook for clusters) changed do_writes() to
update the ms->writes list but forgot to wake up kmirrord to process it.

The rule is that when anything is being added on ms->reads, ms->writes
or ms->failures and the list was empty before we must call
wakeup_mirrord (for immediate processing) or delayed_wake (for delayed
processing).  Otherwise the bios could sit on the list indefinitely.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosched: fix nr_uninterruptible accounting of frozen tasks really
Thomas Gleixner [Fri, 17 Jul 2009 12:15:47 +0000 (14:15 +0200)]
sched: fix nr_uninterruptible accounting of frozen tasks really

commit 6301cb95c119ebf324bb96ee226fa9ddffad80a7 upstream.

commit e3c8ca8336 (sched: do not count frozen tasks toward load) broke
the nr_uninterruptible accounting on freeze/thaw. On freeze the task
is excluded from accounting with a check for (task->flags &
PF_FROZEN), but that flag is cleared before the task is thawed. So
while we prevent that the task with state TASK_UNINTERRUPTIBLE
is accounted to nr_uninterruptible on freeze we decrement
nr_uninterruptible on thaw.

Use a separate flag which is handled by the freezing task itself. Set
it before calling the scheduler with TASK_UNINTERRUPTIBLE state and
clear it after we return from frozen state.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86/pci: insert ioapic resource before assigning unassigned resources
Yinghai Lu [Fri, 10 Jul 2009 16:36:20 +0000 (09:36 -0700)]
x86/pci: insert ioapic resource before assigning unassigned resources

commit 857fdc53a0a90c3ba7fcf5b1fb4c7a62ae03cf82 upstream.

Stephen reported that his DL585 G2 needed noapic after 2.6.22 (?)

Dann bisected it down to:
  commit 30a18d6c3f1e774de656ebd8ff219d53e2ba4029
  Date:   Tue Feb 19 03:21:20 2008 -0800

      x86: multi pci root bus with different io resource range, on
      64-bit

It turns out that:
  1. that AMD-based systems have two HT chains.
  2. BIOS doesn't allocate resources for BAR 6 of devices under 8132 etc
  3. that multi-peer-root patch will try to split root resources to peer
     root resources according to PCI conf of NB
  4. PCI core assigns unassigned resources, but they overlap with BARs
     that are used by ioapic addr of io4 and 8132.

The reason: at that point ioapic address are not inserted yet.  Solution
is to insert ioapic resources into the tree a bit earlier.

Reported-by: Stephen Frost <sfrost@snowman.net>
Reported-and-Tested-by: dann frazier <dannf@hp.com>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agotracing/function: Fix the return value of ftrace_trace_onoff_callback()
Xiao Guangrong [Wed, 15 Jul 2009 04:29:06 +0000 (12:29 +0800)]
tracing/function: Fix the return value of ftrace_trace_onoff_callback()

commit 04aef32d39cc4ef80087c0ce8ed113c6d64f1a6b upstream.

ftrace_trace_onoff_callback() will return an error even if we do the
right operation, for example:

 # echo _spin_*:traceon:10 > set_ftrace_filter
 -bash: echo: write error: Invalid argument
 # cat set_ftrace_filter
 #### all functions enabled ####
 _spin_trylock_bh:traceon:count=10
 _spin_unlock_irq:traceon:count=10
 _spin_unlock_bh:traceon:count=10
 _spin_lock_irq:traceon:count=10
 _spin_unlock:traceon:count=10
 _spin_trylock:traceon:count=10
 _spin_unlock_irqrestore:traceon:count=10
 _spin_lock_irqsave:traceon:count=10
 _spin_lock_bh:traceon:count=10
 _spin_lock:traceon:count=10

We want to set _spin_*:traceon:10 to set_ftrace_filter, it complains
with "Invalid argument", but the operation is successful.

This is because ftrace_process_regex() returns the number of functions that
matched the pattern. If the number is not 0, this value is returned
by ftrace_regex_write() whereas we want to return the number of bytes
virtually written.
Also the file offset pointer is not updated in this case.

If the number of matched functions is lower than the number of bytes written
by the user, this results to a reprocessing of the string given by the user with
a lower size, leading to a malformed ftrace regex and then a -EINVAL returned.

So, this patch fixes it by returning 0 if no error occured.
The fix also applies on 2.6.30

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Reviewed-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosched_rt: Fix overload bug on rt group scheduling
Peter Zijlstra [Wed, 1 Apr 2009 16:40:15 +0000 (18:40 +0200)]
sched_rt: Fix overload bug on rt group scheduling

commit a1ba4d8ba9f06a397e97cbd67a93ee306860b40a upstream.

Fixes an easily triggerable BUG() when setting process affinities.

Make sure to count the number of migratable tasks in the same place:
the root rt_rq. Otherwise the number doesn't make sense and we'll hit
the BUG in set_cpus_allowed_rt().

Also, make sure we only count tasks, not groups (this is probably
already taken care of by the fact that rt_se->nr_cpus_allowed will be 0
for groups, but be more explicit)

Tested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Gregory Haskins <ghaskins@novell.com>
LKML-Reference: <1247067476.9777.57.camel@twins>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonilfs2: fix disorder in cp count on error during deleting checkpoints
Jiro SEKIBA [Sat, 4 Jul 2009 14:00:53 +0000 (23:00 +0900)]
nilfs2: fix disorder in cp count on error during deleting checkpoints

commit d9a0a345ab7a58a30ec38e5bb7401a28714914d2 upstream.

This fixes a bug that checkpoint count gets wrong on errors when
deleting a series of checkpoints.

The count error is persistent since the checkpoint count is stored on
disk.  Some userland programs refer to the count via ioctl, and this
bugfix is needed to prevent malfunction of such programs.

Signed-off-by: Jiro SEKIBA <jir@unicus.jp>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonilfs2: fix incorrect KERN_CRIT messages in case of write failures
Ryusuke Konishi [Thu, 18 Jun 2009 14:53:25 +0000 (23:53 +0900)]
nilfs2: fix incorrect KERN_CRIT messages in case of write failures

commit 4a52df779700080de4afb0436d9dd9188514a69b upstream.

In case of write-failure retries, the following KERN_CRIT level
messages are mistakenly output by nilfs_dat_commit_start() function:

nilfs_dat_commit_start: vbn = 408463, start = 12506, end = 18446744073709551615, pbn = 530210
nilfs_dat_commit_start: vbn = 408515, start = 12506, end = 18446744073709551615, pbn = 530211
nilfs_dat_commit_start: vbn = 408464, start = 12506, end = 18446744073709551615, pbn = 530212
...

This suppresses these messages.

Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonilfs2: fix hang problem of log writer which occurs after write failures
Ryusuke Konishi [Thu, 18 Jun 2009 14:52:23 +0000 (23:52 +0900)]
nilfs2: fix hang problem of log writer which occurs after write failures

commit 8227b29722fdbac72357aae155d171a5c777670c upstream.

Leandro Lucarella gave me a report that nilfs gets stuck after its
write function fails.

The problem turned out to be caused by bugs which leave writeback flag
on pages.  This fixes the problem by ensuring to clear the writeback
flag in error path.

Reported-by: Leandro Lucarella <llucax@gmail.com>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonilfs2: remove unlikely directive causing mis-conversion of error code
Ryusuke Konishi [Thu, 18 Jun 2009 02:42:53 +0000 (11:42 +0900)]
nilfs2: remove unlikely directive causing mis-conversion of error code

commit 0cfae3d8795f388f9de78adb0171520d19da77e9 upstream.

The following error code handling in nilfs_segctor_write() function
wrongly converted negative error codes to a truth value (i.e. 1):

   err = unlikely(err) ? : res;

which originaly meant to be

   err = err ? : res;

This mis-conversion caused that write or sync functions receive the
unexpected error code.  This fixes the bug by removing the unlikely
directive.

Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoblock: fix sg SG_DXFER_TO_FROM_DEV regression
FUJITA Tomonori [Thu, 9 Jul 2009 12:46:53 +0000 (14:46 +0200)]
block: fix sg SG_DXFER_TO_FROM_DEV regression

commit ecb554a846f8e9d2a58f6d6c118168a63ac065aa upstream.

I overlooked SG_DXFER_TO_FROM_DEV support when I converted sg to use
the block layer mapping API (2.6.28).

Douglas Gilbert explained SG_DXFER_TO_FROM_DEV:

http://www.spinics.net/lists/linux-scsi/msg37135.html

=
The semantics of SG_DXFER_TO_FROM_DEV were:
   - copy user space buffer to kernel (LLD) buffer
   - do SCSI command which is assumed to be of the DATA_IN
     (data from device) variety. This would overwrite
     some or all of the kernel buffer
   - copy kernel (LLD) buffer back to the user space.

The idea was to detect short reads by filling the original
user space buffer with some marker bytes ("0xec" it would
seem in this report). The "resid" value is a better way
of detecting short reads but that was only added this century
and requires co-operation from the LLD.
=

This patch changes the block layer mapping API to support this
semantics. This simply adds another field to struct rq_map_data and
enables __bio_copy_iov() to copy data from user space even with READ
requests.

It's better to add the flags field and kills null_mapped and the new
from_user fields in struct rq_map_data but that approach makes it
difficult to send this patch to stable trees because st and osst
drivers use struct rq_map_data (they were converted to use the block
layer in 2.6.29 and 2.6.30). Well, I should clean up the block layer
mapping API.

zhou sf reported this regiression and tested this patch:

http://www.spinics.net/lists/linux-scsi/msg37128.html
http://www.spinics.net/lists/linux-scsi/msg37168.html

Reported-by: zhou sf <sxzzsf@gmail.com>
Tested-by: zhou sf <sxzzsf@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: Fix fixmap page order for FIX_TEXT_POKE0,1
Mathieu Desnoyers [Wed, 1 Jul 2009 21:37:22 +0000 (17:37 -0400)]
x86: Fix fixmap page order for FIX_TEXT_POKE0,1

commit 12b9d7ccb841805e347fec8f733f368f43ddba40 upstream.

Masami reported:

> Since the fixmap pages are assigned higher address to lower,
> text_poke() has to use it with inverted order (FIX_TEXT_POKE1
> to FIX_TEXT_POKE0).

I prefer to just invert the order of the fixmap declaration.
It's simpler and more straightforward.

Backward fixmaps seems to be used by both x86 32 and 64.

It's really rare but a nasty bug, because it only hurts when
instructions to patch are crossing a page boundary. If this
happens, the fixmap write accesses will spill on the following
fixmap, which may very well crash the system. And this does not
crash the system, it could leave illegal instructions in place.
Thanks Masami for finding this.

It seems to have crept into the 2.6.30-rc series, so this calls
for a -stable inclusion.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Acked-by: Masami Hiramatsu <mhiramat@redhat.com>
LKML-Reference: <20090701213722.GH19926@Krystal>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: Fix fixmap ordering
Jan Beulich [Tue, 30 Jun 2009 10:52:23 +0000 (11:52 +0100)]
x86: Fix fixmap ordering

commit 789d03f584484af85dbdc64935270c8e45f36ef7 upstream.

The merge of the 32- and 64-bit fixmap headers made a latent
bug on x86-64 a real one: with the right config settings
it is possible for FIX_OHCI1394_BASE to overlap the FIX_BTMAP_*
range.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
LKML-Reference: <4A4A0A8702000078000082E8@vpn.id2.novell.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agovc: create vcs(a) devices for consoles
Kay Sievers [Mon, 20 Jul 2009 15:04:55 +0000 (16:04 +0100)]
vc: create vcs(a) devices for consoles

commit c46a7aec556ffdbdb7357db0b05904b176cb3375 upstream.

The buffer for the consoles are unconditionally allocated at con_init()
time, which miss the creation of the vcs(a) devices.

Since 2.6.30 (commit 4995f8ef9d3aac72745e12419d7fbaa8d01b1d81, 'vcs:
hook sysfs devices into object lifetime instead of "binding"' to be
exact) these devices are no longer created at open() and removed on
close(), but controlled by the lifetime of the buffers.

Reported-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Tested-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agopartitions: fix broken uevent_suppress conversion
Heiko Carstens [Thu, 11 Jun 2009 13:14:40 +0000 (15:14 +0200)]
partitions: fix broken uevent_suppress conversion

commit f8c73c790c588fd70fda1632c8927a87b3d31dcd upstream.

git commit f67f129e "Driver core: implement uevent suppress in kobject"
contains this chunk for fs/partitions/check.c:

  /* suppress uevent if the disk supresses it */
- if (!ddev->uevent_suppress)
+ if (!dev_get_uevent_suppress(pdev))
  kobject_uevent(&pdev->kobj, KOBJ_ADD);

However that should have been

- if (!ddev->uevent_suppress)
+ if (!dev_get_uevent_suppress(ddev))

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoASoC: Fix register cache initialisation for WM8753
Mark Brown [Fri, 3 Jul 2009 09:33:39 +0000 (10:33 +0100)]
ASoC: Fix register cache initialisation for WM8753

commit 1df892cba45f9856d369a6a317ad2d1e44bca423 upstream.

The wrong register cache variable was being used to provide the size for
the memcpy(), resulting in a copy of only a void * of data.

Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomvsdio: fix handling of partial word at the end of PIO transfer
Nicolas Pitre [Sun, 19 Jul 2009 00:34:37 +0000 (20:34 -0400)]
mvsdio: fix handling of partial word at the end of PIO transfer

commit 6cdbf734493d6e8f5afc6f539b82897772809d43 upstream.

Standard data flow for MMC/SD/SDIO cards requires that the mvsdio
controller be set for big endian operation.  This is causing problems
with buffers which length is not a multiple of 4 bytes as the last
partial word doesn't get shifted all the way and stored properly in
memory.  Let's compensate for this.

Signed-off-by: Nicolas Pitre <nico@marvell.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoHID: hiddev, fix lock imbalance
Jiri Slaby [Fri, 19 Jun 2009 21:24:11 +0000 (23:24 +0200)]
HID: hiddev, fix lock imbalance

commit 4859484b0957ddc7fe3e0fa349d98b0f1c7876bd upstream.

Add omitted BKL to one switch/case.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Fix mute control with some ALC262 models
Takashi Iwai [Fri, 24 Jul 2009 14:51:47 +0000 (16:51 +0200)]
ALSA: hda - Fix mute control with some ALC262 models

commit 8de56b7deb2534a586839eda52843c1dae680dc5 upstream.

The master mute switch is wrongly implemented as checking the pointer
instead of its value, thus it can be never muted.  This patch fixes
the issue.

Reference: Novell bnc#404873
https://bugzilla.novell.com/show_bug.cgi?id=404873

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Add quirk for Gateway T6834c laptop
Hao Song [Mon, 20 Jul 2009 07:01:16 +0000 (15:01 +0800)]
ALSA: hda - Add quirk for Gateway T6834c laptop

commit 42b95f0c6b524b5a670dd17533a3522db368f600 upstream.

Gateway T6834c laptops need EAPD always on while the default behavior
for the STAC9205 reference board is to turn it off upon every HP plug.
By using the special "eapd" model, which is first introduced for Gateway
T1616 laptops for this same reason, this peculiarity can be properly
handled.

Signed-off-by: Hao Song <baritono.tux@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Fix pin-setup for Sony VAIO with STAC9872 codecs
Takashi Iwai [Mon, 20 Jul 2009 06:01:36 +0000 (08:01 +0200)]
ALSA: hda - Fix pin-setup for Sony VAIO with STAC9872 codecs

commit b04add956616b6d89ff21da749b46ad2bd58ef32 upstream.

The recent rewrite of the codec parser for STAC9872 caused a regression
for some Sony VAIO models that don't give proper pin default configs
by BIOS.  Even using model=vaio doesn't work because the pin definitions
are set after the pin overrides.

This patch fixes the pin definitions in patch_stac9872() to be put
in the right place before the pin overrides.  Also the patch adds the
new quirk entry for VAIO F/S to have the correct pin default configs.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: ca0106 - Fix the max capture buffer size
Takashi Iwai [Mon, 20 Jul 2009 13:42:51 +0000 (15:42 +0200)]
ALSA: ca0106 - Fix the max capture buffer size

commit 34fdeb2d07102e07ecafe79dec170bd6733f2e56 upstream.

The capture buffer size with 64kB seems broken with CA0106.
At least, either the update timing or the DMA position is wrong,
and this screws up pulseaudio badly.

This patch restricts the max buffer size less than that to make life
a bit easier.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocifs: free nativeFileSystem field before allocating a new one
Jeff Layton [Mon, 20 Jul 2009 17:40:52 +0000 (13:40 -0400)]
cifs: free nativeFileSystem field before allocating a new one

commit 90a98b2f3f3647fb17667768a348b2b219f2a9f7 upstream.

...otherwise, we'll leak this memory if we have to reconnect (e.g. after
network failure).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocifs: fix regression with O_EXCL creates and optimize away lookup
Jeff Layton [Sun, 5 Jul 2009 15:01:02 +0000 (11:01 -0400)]
cifs: fix regression with O_EXCL creates and optimize away lookup

commit 5ddf1e0ff00fd808c048d0b920784828276cc516 upstream.

cifs: fix regression with O_EXCL creates and optimize away lookup

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Shirish Pargaonkar <shirishp@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: EHCI: report actual_length for iso transfers
Alan Stern [Mon, 29 Jun 2009 18:34:59 +0000 (14:34 -0400)]
USB: EHCI: report actual_length for iso transfers

commit ec6d67e39f5638c792eb7490bf32586ccb9d8005 upstream.

This patch (as1259b) makes ehci-hcd return the total number of bytes
transferred in urb->actual_length for Isochronous transfers.
Until now, the actual_length value was unaccountably left at 0.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: fix LANGID=0 regression
Daniel Mack [Fri, 10 Jul 2009 09:04:58 +0000 (11:04 +0200)]
USB: fix LANGID=0 regression

commit 0cce2eda19923e5e5ccc8b042dec5af87b3ffad0 upstream.

commit b7af0bb ("USB: allow malformed LANGID descriptors") broke support
for devices without string descriptor support.

Reporting string descriptors is optional to USB devices, and a device
lets us know it can't deal with strings by responding to the LANGID
request with a STALL token.

The kernel handled that correctly before b7af0bb came in, but failed
hard if the LANGID was reported but broken. More than that, if a device
was not able to provide string descriptors, the LANGID was retrieved
over and over again at each string read request.

This patch changes the behaviour so that

 a) the LANGID is only queried once
 b) devices which can't handle string requests are not asked again
 c) devices with malformed LANGID values have a sane fallback to 0x0409

Signed-off-by: Daniel Mack <daniel@caiaq.de>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: RNDIS gadget, fix issues talking from PXA
David Brownell [Fri, 19 Jun 2009 10:09:04 +0000 (03:09 -0700)]
USB: RNDIS gadget, fix issues talking from PXA

commit 4e19f220d4e84f5728cb7edde36352ab425cfba4 upstream.

The reworked Ethernet gadget has an RNDIS interop problem when used
with the CDC subset driver ... e.g. on PXA 2xx and 3xx hardware,
which currently has a hard time talking to MS-Windows hosts.

The issue is that Microsoft requires USB_CLASS_COMM.  Fix by tweaking
the CDC subset driver to not switch to USB_CLASS_VENDOR_SPEC if RNDIS
is used in some other device configuration.

[ UPDATED:  some "statements" were comma-terminated; fix that. ]

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Aric Blumer <aric@sdgsystems.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: fix memleak in usbfs
Oliver Neukum [Sun, 28 Jun 2009 21:34:14 +0000 (23:34 +0200)]
USB: fix memleak in usbfs

commit d794a02111cd3393da69bc7d6dd2b6074bd037cc upstream.

This patch fixes a memory leak in devio.c::processcompl

If writing to user space fails the packet must be discarded, as it
already has been removed from the queue of completed packets.

Signed-off-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: fix uninitialised variable in ti_do_download
Oliver Neukum [Tue, 30 Jun 2009 07:44:24 +0000 (09:44 +0200)]
USB: fix uninitialised variable in ti_do_download

commit 87ea8c887905d8b13ae90b537117592ed027632a upstream.

Signed-off-by: Oliver Neukum <oliver@neukum.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: ti_usb_3410_5052: fix duplicate device ids.
Greg Kroah-Hartman [Fri, 26 Jun 2009 15:05:20 +0000 (08:05 -0700)]
USB: ti_usb_3410_5052: fix duplicate device ids.

commit 3c43f27bf57b0502df2478253699559ee1d43f6d upstream.

commit 1a1fab513734b3a4fca1bee8229e5ff7e1cb873c accidentally added the
device id to both tables in the driver, which causes problems as this is
only a single port device, not a multiple port device.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: handle zero-length usbfs submissions correctly
Alan Stern [Mon, 29 Jun 2009 15:04:54 +0000 (11:04 -0400)]
USB: handle zero-length usbfs submissions correctly

commit 9180135bc80ab11199d482b6111e23f74d65af4a upstream.

This patch (as1262) fixes a bug in usbfs: It refuses to accept
zero-length transfers, and it insists that the buffer pointer be valid
even if there is no data being transferred.

The patch also consolidates a bunch of repetitive access_ok() checks
into a single check, which incidentally fixes the lack of such a check
for Isochronous URBs.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoStaging: prevent rtl8187se from crashing dev_ioctl() in SIOCGIWNAME
Dan Aloni [Sat, 20 Jun 2009 13:32:22 +0000 (16:32 +0300)]
Staging: prevent rtl8187se from crashing dev_ioctl() in SIOCGIWNAME

commit 02c8baecf5d8850dba40b47cdf003ed2e04e66dd upstream.

I repeatedly get __stack_chk_fail panic()s with this driver before
applying the attached fix.

ieee80211_wx_get_name() ignores sizeof(wrqu->name) which is IFNAMSIZ (16), and
on certain conditions, the concatenated string will be larger than IFNAMSIZ
including the terminating zero.

    length ("802.11" ++ "b" ++ "/g" ++ " linked" ++ "\x00") == 17

This fix uses strl{cpy,cat} in addition to the reduction of the total
possible length of the output string by a char.

It can be applied to 2.6.30-stable as well.

Signed-off-by: Dan Aloni <dan@aloni.org>
Cc: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocfg80211: fix refcount leak
Johannes Berg [Thu, 2 Jul 2009 13:46:41 +0000 (15:46 +0200)]
cfg80211: fix refcount leak

commit 2dce4c2b5f0b43bd25bf9ea6ded06b7f8a54c91f upstream.

The code in cfg80211's cfg80211_bss_update erroneously
grabs a reference to the BSS, which means that it will
never be freed.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agogigaset: accept connection establishment messages in any order
Tilman Schmidt [Wed, 1 Jul 2009 11:20:57 +0000 (11:20 +0000)]
gigaset: accept connection establishment messages in any order

commit bceb0f126f25184eaec3f3c8f00c92b0d899e5de upstream.

ISDN connection setup failed if the "connection active" and
"B channel up" messages from the device arrived in a different
order than expected. Modify the state machine to accept them in
any order.

Impact: bugfix

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodsa: fix 88e6xxx statistics counter snapshotting
Stephane Contri [Thu, 2 Jul 2009 23:26:48 +0000 (23:26 +0000)]
dsa: fix 88e6xxx statistics counter snapshotting

commit 1ded3f59f35a2642852b3e2a1c0fa8a97777e9af upstream.

The bit that tells us whether a statistics counter snapshot operation
has completed is located in the GLOBAL register block, not in the
GLOBAL2 register block, so fix up mv88e6xxx_stats_wait() to poll the
right register address.

Signed-off-by: Stephane Contri <Stephane.Contri@grassvalley.com>
Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofix RCU-callback-after-kmem_cache_destroy problem in sl[aou]b
Paul E. McKenney [Thu, 25 Jun 2009 19:31:37 +0000 (12:31 -0700)]
fix RCU-callback-after-kmem_cache_destroy problem in sl[aou]b

commit 7ed9f7e5db58c6e8c2b4b738a75d5dcd8e17aad5 upstream.

Jesper noted that kmem_cache_destroy() invokes synchronize_rcu() rather than
rcu_barrier() in the SLAB_DESTROY_BY_RCU case, which could result in RCU
callbacks accessing a kmem_cache after it had been destroyed.

Acked-by: Matt Mackall <mpm@selenic.com>
Reported-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosound: usb-audio: add workaround for Blue Microphones devices
Clemens Ladisch [Mon, 13 Jul 2009 11:21:58 +0000 (13:21 +0200)]
sound: usb-audio: add workaround for Blue Microphones devices

commit 8886f33f25083a47d5fa24ad7b57bb708c5c5403 upstream.

Blue Microphones USB devices have an alternate setting that sends two
channels of data to the computer.  Unfortunately, the descriptors of
that altsetting have a wrong channel setting, which means that any
recorded data from such a device has twice the sample rate from what
would be expected.

This patch adds a workaround to ignore that altsetting.  Since these
devices have only one actual channel, no data is lost.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosound: virtuoso: fix Xonar D1/DX silence after resume
Clemens Ladisch [Thu, 2 Jul 2009 06:31:30 +0000 (08:31 +0200)]
sound: virtuoso: fix Xonar D1/DX silence after resume

commit 826390796d09444b93e1f957582f8970ddfd9b3d upstream.

When resuming, we better take the DACs out of the reset state before
trying to use them.

Reference: kernel bug #13599
http://bugzilla.kernel.org/show_bug.cgi?id=13599

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoNFSD: Don't hold unrefcounted creds over call to nfsd_setuser()
David Howells [Thu, 2 Jul 2009 13:35:32 +0000 (14:35 +0100)]
NFSD: Don't hold unrefcounted creds over call to nfsd_setuser()

commit 033a666ccb842ab4134fcd0c861d5ba9f5d6bf3a upstream.

nfsd_open() gets an unrefcounted pointer to the current process's effective
credentials at the top of the function, then calls nfsd_setuser() via
fh_verify() - which may replace and destroy the current process's effective
credentials - and then passes the unrefcounted pointer to dentry_open() - but
the credentials may have been destroyed by this point.

Instead, the value from current_cred() should be passed directly to
dentry_open() as one of its arguments, rather than being cached in a variable.

Possibly fh_verify() should return the creds to use.

This is a regression introduced by
745ca2475a6ac596e3d8d37c2759c0fbe2586227 "CRED: Pass credentials through
dentry_open()".

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-and-Verified-By: Steve Dickson <steved@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoSCSI: zalon: fix oops on attach failure
James Bottomley [Wed, 24 Jun 2009 19:55:22 +0000 (19:55 +0000)]
SCSI: zalon: fix oops on attach failure

commit d3a263a8168f78874254ea9da9595cfb0f3e96d7 upstream.

I recently discovered on my zalon that if the attachment fails because
of a bus misconfiguration (I scrapped my HVD array, so the card is now
unterminated) then the system oopses.  The reason is that if
ncr_attach() returns NULL (signalling failure) that NULL is passed by
the goto failed straight into ncr_detach() which oopses.

The fix is just to return -ENODEV in this case.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoLinux 2.6.30.3 v2.6.30.3
Greg Kroah-Hartman [Fri, 24 Jul 2009 21:47:51 +0000 (14:47 -0700)]
Linux 2.6.30.3

15 years agofbmon: work around compiler bug in gcc-4.2.4
Linus Torvalds [Wed, 22 Jul 2009 15:49:22 +0000 (08:49 -0700)]
fbmon: work around compiler bug in gcc-4.2.4

commit 3730793d457fed79a6d49bae72996d458c8e4f2d upstream.

There's some odd bug in gcc-4.2 where it miscompiles a simple loop whent
he loop counter is of type 'unsigned char' and it should count to 128.

The compiler will incorrectly decide that a trivial loop like this:

unsigned char i, ...

for (i = 0; i < 128; i++) {
..

is endless, and will compile it to a single instruction that just
branches to itself.

This was triggered by the addition of '-fno-strict-overflow', and we
could play games with compiler versions and go back to '-fwrapv'
instead, but the trivial way to avoid it is to just make the loop
induction variable be an 'int' instead.

Thanks to Krzysztof Oledzki for reporting and testing and to Troy Moure
for digging through assembler differences and finding it.

Reported-and-tested-by: Krzysztof Oledzki <olel@ans.pl>
Found-by: Troy Moure <twmoure@szypr.net>
Gcc-bug-acked-by: Ian Lance Taylor <iant@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>