]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
15 years agoALSA: ice1724 - Make call to set hw params succeed on ESI Juli@
David Henningsson [Sun, 11 Oct 2009 09:37:22 +0000 (11:37 +0200)]
ALSA: ice1724 - Make call to set hw params succeed on ESI Juli@

commit bd3c200e6d5495343c91db66d2acf1853b57a141 upstream.

If two streams are started immediately after one another (such as a
playback and a recording stream), the call to set hw params fails with
EBUSY. This patch makes the call succeed, so playback and recording will
work properly.

Signed-off-by: David Henningsson <launchpad.web@epost.diwic.se>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoAF_UNIX: Fix deadlock on connecting to shutdown socket (CVE-2009-3621)
Tomoki Sekiyama [Mon, 19 Oct 2009 06:17:37 +0000 (23:17 -0700)]
AF_UNIX: Fix deadlock on connecting to shutdown socket (CVE-2009-3621)

commit 77238f2b942b38ab4e7f3aced44084493e4a8675 upstream.

I found a deadlock bug in UNIX domain socket, which makes able to DoS
attack against the local machine by non-root users.

How to reproduce:
1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct
    namespace(*), and shutdown(2) it.
 2. Repeat connect(2)ing to the listening socket from the other sockets
    until the connection backlog is full-filled.
 3. connect(2) takes the CPU forever. If every core is taken, the
    system hangs.

PoC code: (Run as many times as cores on SMP machines.)

int main(void)
{
int ret;
int csd;
int lsd;
struct sockaddr_un sun;

/* make an abstruct name address (*) */
memset(&sun, 0, sizeof(sun));
sun.sun_family = PF_UNIX;
sprintf(&sun.sun_path[1], "%d", getpid());

/* create the listening socket and shutdown */
lsd = socket(AF_UNIX, SOCK_STREAM, 0);
bind(lsd, (struct sockaddr *)&sun, sizeof(sun));
listen(lsd, 1);
shutdown(lsd, SHUT_RDWR);

/* connect loop */
alarm(15); /* forcely exit the loop after 15 sec */
for (;;) {
csd = socket(AF_UNIX, SOCK_STREAM, 0);
ret = connect(csd, (struct sockaddr *)&sun, sizeof(sun));
if (-1 == ret) {
perror("connect()");
break;
}
puts("Connection OK");
}
return 0;
}

(*) Make sun_path[0] = 0 to use the abstruct namespace.
    If a file-based socket is used, the system doesn't deadlock because
    of context switches in the file system layer.

Why this happens:
 Error checks between unix_socket_connect() and unix_wait_for_peer() are
 inconsistent. The former calls the latter to wait until the backlog is
 processed. Despite the latter returns without doing anything when the
 socket is shutdown, the former doesn't check the shutdown state and
 just retries calling the latter forever.

Patch:
 The patch below adds shutdown check into unix_socket_connect(), so
 connect(2) to the shutdown socket will return -ECONREFUSED.

Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
Signed-off-by: Masanori Yoshida <masanori.yoshida.tv@hitachi.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agopata_sc1200: Fix crash on boot
Alan Cox [Tue, 6 Oct 2009 15:07:51 +0000 (16:07 +0100)]
pata_sc1200: Fix crash on boot

commit 6d4f950e9ea15816c6a4f266ce6b9e438346771e upstream.

The SC1200 needs a NULL terminator or it may cause a crash on boot.

Bug #14227

Also correct a bogus comment as the driver had serializing added so can run
dual port.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agob43: Fix Bugzilla #14181 and the bug from the previous 'fix'
Larry Finger [Fri, 16 Oct 2009 15:18:09 +0000 (10:18 -0500)]
b43: Fix Bugzilla #14181 and the bug from the previous 'fix'

commit d50bae33d1358b909ade05ae121d83d3a60ab63f upstream.

"b43: Fix PPC crash in rfkill polling on unload" fixed the bug reported
in Bugzilla No. 14181; however, it introduced a new bug. Whenever the
radio switch was turned off, it was necessary to unload and reload
the driver for it to recognize the switch again.

This patch fixes both the original bug in #14181 and the bug introduced by
the previous patch. It must be stated, however, that if there is a BCM4306/3
with an rfkill switch (not yet proven), then the driver will need an
unload/reload cycle to turn the device back on.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoKEYS: get_instantiation_keyring() should inc the keyring refcount in all cases
David Howells [Thu, 15 Oct 2009 09:14:35 +0000 (10:14 +0100)]
KEYS: get_instantiation_keyring() should inc the keyring refcount in all cases

commit 21279cfa107af07ef985539ac0de2152b9cba5f5 upstream.

The destination keyring specified to request_key() and co. is made available to
the process that instantiates the key (the slave process started by
/sbin/request-key typically).  This is passed in the request_key_auth struct as
the dest_keyring member.

keyctl_instantiate_key and keyctl_negate_key() call get_instantiation_keyring()
to get the keyring to attach the newly constructed key to at the end of
instantiation.  This may be given a specific keyring into which a link will be
made later, or it may be asked to find the keyring passed to request_key().  In
the former case, it returns a keyring with the refcount incremented by
lookup_user_key(); in the latter case, it returns the keyring from the
request_key_auth struct - and does _not_ increment the refcount.

The latter case will eventually result in an oops when the keyring prematurely
runs out of references and gets destroyed.  The effect may take some time to
show up as the key is destroyed lazily.

To fix this, the keyring returned by get_instantiation_keyring() must always
have its refcount incremented, no matter where it comes from.

This can be tested by setting /etc/request-key.conf to:

#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...
#====== ======= =============== =============== ===============================
create  * test:* * |/bin/false %u %g %d %{user:_display}
negate * * * /bin/keyctl negate %k 10 @u

and then doing:

keyctl add user _display aaaaaaaa @u
        while keyctl request2 user test:x test:x @u &&
        keyctl list @u;
        do
                keyctl request2 user test:x test:x @u;
                sleep 31;
                keyctl list @u;
        done

which will oops eventually.  Changing the negate line to have @u rather than
%S at the end is important as that forces the latter case by passing a special
keyring ID rather than an actual keyring ID.

Reported-by: Alexander Zangerl <az@bond.edu.au>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Alexander Zangerl <az@bond.edu.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoRevert "ACPI: Attach the ACPI device to the ACPI handle as early as possible"
Len Brown [Sat, 5 Sep 2009 17:33:23 +0000 (13:33 -0400)]
Revert "ACPI: Attach the ACPI device to the ACPI handle as early as possible"

commit f61f925859c57f6175082aeeee17743c68558a6e upstream.

This reverts commit eab4b645769fa2f8703f5a3cb0cc4ac090d347af.

http://bugzilla.kernel.org/show_bug.cgi?id=13002

Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI / PCI: Fix NULL pointer dereference in acpi_get_pci_dev() (rev. 2)
Rafael J. Wysocki [Mon, 12 Oct 2009 23:01:57 +0000 (01:01 +0200)]
ACPI / PCI: Fix NULL pointer dereference in acpi_get_pci_dev() (rev. 2)

commit 497fb54f578efd2b479727bc88d5ef942c0a1e2d upstream.

acpi_get_pci_dev() may be called for a non-PCI device, in which case
it should return NULL.  However, it assumes that every handle it
finds in the ACPI CA name space, between given device handle and the
PCI root bridge handle, corresponds to a PCI-to-PCI bridge with an
existing secondary bus.  For this reason, when it finds a struct
pci_dev object corresponding to one of them, it doesn't check if
its 'subordinate' field is a valid pointer.  This obviously leads to
a NULL pointer dereference if acpi_get_pci_dev() is called for a
non-PCI device with a PCI parent which is not a bridge.

To fix this issue make acpi_get_pci_dev() check if pdev->subordinate
is not NULL for every device it finds on the path between the root
bridge and the device it's supposed to get to and return NULL if the
"target" device cannot be found.

http://bugzilla.kernel.org/show_bug.cgi?id=14129
(worked in 2.6.30, regression in 2.6.31)

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Reported-by: Danny Feng <dfeng@redhat.com>
Reviewed-by: Alex Chiang <achiang@hp.com>
Tested-by: chepioq <chepioq@gmail.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoalpha: fix build after vmlinux.lds.S cleanup
Sam Ravnborg [Fri, 25 Sep 2009 17:53:43 +0000 (19:53 +0200)]
alpha: fix build after vmlinux.lds.S cleanup

commit de078ef55c74d02ee93d44513da5ee88a089d71d upstream.

Add include to get missing THREAD_SIZE definition

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Tim Abbott <tabbott@ksplice.com>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomips: fix build of vmlinux.lds
Manuel Lauss [Thu, 24 Sep 2009 19:44:24 +0000 (21:44 +0200)]
mips: fix build of vmlinux.lds

commit d71789b6fa37c21ce5eb588d279f57904a62e7e2 upstream.

Commit 51b563fc93c8cb5bff1d67a0a71c374e4a4ea049 ("arm, cris, mips,
sparc, powerpc, um, xtensa: fix build with bash 4.0") removed a few
CPPFLAGS with vital include paths necessary to build vmlinux.lds
on MIPS, and moved the calculation of the 'jiffies' symbol
directly to vmlinux.lds.S but forgot to change make ifdef/... to
cpp macros.

Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
[sam: moved assignment of CPPFLAGS arch/mips/kernel/Makefile]
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Acked-by: Dmitri Vorobiev <dmitri.vorobiev@movial.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofsnotify: do not set group for a mark before it is on the i_list
Eric Paris [Fri, 11 Sep 2009 17:03:19 +0000 (13:03 -0400)]
fsnotify: do not set group for a mark before it is on the i_list

commit 9f0d793b52eb2266359661369ef6303838904855 upstream.

fsnotify_add_mark is supposed to add a mark to the g_list and i_list and to
set the group and inode for the mark.  fsnotify_destroy_mark_by_entry uses
the fact that ->group != NULL to know if this group should be destroyed or
if it's already been done.

But fsnotify_add_mark sets the group and inode before it actually adds the
mark to the i_list and g_list.  This can result in a race in inotify, it
requires 3 threads.

sys_inotify_add_watch("file") sys_inotify_add_watch("file") sys_inotify_rm_watch([a])
inotify_update_watch()
inotify_new_watch()
inotify_add_to_idr()
   ^--- returns wd = [a]
inotfiy_update_watch()
inotify_new_watch()
inotify_add_to_idr()
fsnotify_add_mark()
   ^--- returns wd = [b]
returns to userspace;
inotify_idr_find([a])
   ^--- gives us the pointer from task 1
fsnotify_add_mark()
   ^--- this is going to set the mark->group and mark->inode fields, but will
return -EEXIST because of the race with [b].
fsnotify_destroy_mark()
   ^--- since ->group != NULL we call back
into inotify_freeing_mark() which calls
inotify_remove_from_idr([a])

since fsnotify_add_mark() failed we call:
inotify_remove_from_idr([a])     <------WHOOPS it's not in the idr, this could
have been any entry added later!

The fix is to make sure we don't set mark->group until we are sure the mark is
on the inode and fsnotify_add_mark will return success.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86/amd-iommu: Workaround for erratum 63
Joerg Roedel [Fri, 9 Oct 2009 16:31:20 +0000 (18:31 +0200)]
x86/amd-iommu: Workaround for erratum 63

commit c5cca146aa03e1f60fb179df65f0dbaf17bc64ed upstream.

There is an erratum for IOMMU hardware which documents
undefined behavior when forwarding SMI requests from
peripherals and the DTE of that peripheral has a sysmgt
value of 01b. This problem caused weird IO_PAGE_FAULTS in my
case.
This patch implements the suggested workaround for that
erratum into the AMD IOMMU driver.  The erratum is
documented with number 63.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofuse: fix kunmap in fuse_ioctl_copy_user
Jens Axboe [Tue, 3 Nov 2009 10:40:44 +0000 (11:40 +0100)]
fuse: fix kunmap in fuse_ioctl_copy_user

commit 0bd87182d3ab18a32a8e9175d3f68754c58e3432 upstream.

Looks like another victim of the confusing kmap() vs kmap_atomic() API
differences.

Reported-by: Todor Gyumyushev <yodor1@gmail.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofuse: prevent fuse_put_request on invalid pointer
Anand V. Avati [Thu, 22 Oct 2009 13:24:52 +0000 (06:24 -0700)]
fuse: prevent fuse_put_request on invalid pointer

commit f60311d5f7670d9539b424e4ed8b5c0872fc9e83 upstream.

fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.

Signed-off-by: Anand V. Avati <avati@gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoKVM: get_tss_base_addr() should return a gpa_t
Gleb Natapov [Sun, 25 Oct 2009 15:42:02 +0000 (17:42 +0200)]
KVM: get_tss_base_addr() should return a gpa_t

commit abb3911965c1bd8eea305f64d4840a314259d96d upstream.

If TSS we are switching to resides in high memory task switch will fail
since address will be truncated. Windows2k3 does this sometimes when
running with more then 4G

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosgi-gru: decrapfiy options_write() function
Linus Torvalds [Thu, 5 Nov 2009 18:48:30 +0000 (10:48 -0800)]
sgi-gru: decrapfiy options_write() function

commit d39b7dd1dcbf394a1cb897457c862dafe9a20ac5 upstream.

Not a single line of actual code in the function was really
fundamentally correct.

Problems ranged from lack of proper range checking, to removing the last
character written (which admittedly is usually '\n'), to not accepting
hex numbers even though the 'show' routine would show the data in that
format.

This tries to do better.

Acked-by: Michael Buesch <mb@bu3sch.de>
Tested-and-acked-by: Jack Steiner <steiner@sgi.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Michael Gilbert <michael.s.gilbert@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoxen: mask extended topology info in cpuid
Jeremy Fitzhardinge [Thu, 22 Oct 2009 23:41:15 +0000 (16:41 -0700)]
xen: mask extended topology info in cpuid

commit 82d6469916c6fcfa345636a49004c9d1753905d1 upstream.

A Xen guest never needs to know about extended topology, and knowing
would just confuse it.

This patch just zeros ebx in leaf 0xb which indicates no topology info,
preventing a crash under Xen on cpus which support this leaf.

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
15 years agoxen/hvc: make sure console output is always emitted, with explicit polling
Jeremy Fitzhardinge [Tue, 20 Oct 2009 06:28:21 +0000 (15:28 +0900)]
xen/hvc: make sure console output is always emitted, with explicit polling

commit 7825cf10e31c64ece3cac66fb01a742f1094da51 upstream.

We never want to rely on the hvc workqueue to emit output, because the
most interesting output is when the kernel is broken.  This will
improve oops/crash/console message for better debugging.

Instead, we force-poll until all output is emitted.

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: add B43 chipset support
Fabian Henze [Mon, 7 Sep 2009 16:59:59 +0000 (00:59 +0800)]
drm/i915: add B43 chipset support

commit 7839c5d5519b6d9e2ccf3cdbf1c39e3817ad0835 upstream.

Signed-off-by: Fabian Henze <hoacha@quantentunnel.de>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoagp/intel: Add B43 chipset support
Fabian Henze [Mon, 7 Sep 2009 16:59:58 +0000 (00:59 +0800)]
agp/intel: Add B43 chipset support

commit 38d8a95621b20ed7868e232a35a26ee61bdcae6f upstream.

Signed-off-by: Fabian Henze <hoacha@quantentunnel.de>
[Fix reversed HB & IG ids for B43]
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: fix panel fitting filter coefficient select for Ironlake
Zhenyu Wang [Mon, 19 Oct 2009 07:43:49 +0000 (15:43 +0800)]
drm/i915: fix panel fitting filter coefficient select for Ironlake

commit b1f60b7029989da71fd8ea1b1176480fac9e846c upstream.

Must set filter selection as hardcoded coefficients for medium 3x3
filtering, which matches vbios setting for Ironlake.

This fixes display corrupt issue on HP arrandale with new vbios.

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: fix to setup display reference clock control on Ironlake
Zhenyu Wang [Mon, 19 Oct 2009 07:43:48 +0000 (15:43 +0800)]
drm/i915: fix to setup display reference clock control on Ironlake

commit c038e51e841581cc3fb9a76e5e16331331e9c85c upstream.

For new stepping of PCH, the display reference clock
is fully under driver's control. This one trys to setup
all needed reference clock for different outputs. Older
stepping of PCH chipset should be ignoring this.

This fixes output failure issue on newer PCH which requires
driver to take control of reference clock enabling.

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm/i915: Fix FDI M/N setting according with correct color depth
Zhenyu Wang [Fri, 25 Sep 2009 08:01:28 +0000 (08:01 +0000)]
drm/i915: Fix FDI M/N setting according with correct color depth

commit 58a27471d00dc09945cbcfbbc5cbcdcd3c28211d upstream.

FDI M/N calculation hasn't taken the current pipe color depth into account,
but always set as 24bpp. This one checks current pipe color depth setting,
and change FDI M/N calculation a little to use bits_per_pixel first, then
convert to bytes_per_pixel later.

This fixes display corrupt issue on Arrandle LVDS with 1600x900 panel
in 18bpp dual-channel mode.

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonilfs2: fix dirty page accounting leak causing hang at write
Ryusuke Konishi [Mon, 2 Nov 2009 15:25:53 +0000 (00:25 +0900)]
nilfs2: fix dirty page accounting leak causing hang at write

commit b1e19e5601277845b4f17ecd7c9ba04f73ee11aa upstream.

Bruno Prémont and Dunphy, Bill noticed me that NILFS will certainly
hang on ARM-based targets.

I found this was caused by an underflow of dirty pages counter.  A
b-tree cache routine was marking page dirty without adjusting page
account information.

This fixes the dirty page accounting leak and resolves the hang on
arm-based targets.

Reported-by: Bruno Prémont <bonbons@linux-vserver.org>
Reported-by: Dunphy, Bill <WDunphy@tandbergdata.com>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Tested-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86-64: Fix register leak in 32-bit syscall audting
Jan Beulich [Mon, 26 Oct 2009 15:20:29 +0000 (15:20 +0000)]
x86-64: Fix register leak in 32-bit syscall audting

commit 81766741fe1eee3884219e8daaf03f466f2ed52f upstream.

Restoring %ebp after the call to audit_syscall_exit() is not
only unnecessary (because the register didn't get clobbered),
but in the sysenter case wasn't even doing the right thing: It
loaded %ebp from a location below the top of stack (RBP <
ARGOFFSET), i.e. arbitrary kernel data got passed back to user
mode in the register.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Roland McGrath <roland@redhat.com>
LKML-Reference: <4AE5CC4D020000780001BD13@vpn.id2.novell.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomm: remove incorrect swap_count() from try_to_unuse()
Bo Liu [Mon, 2 Nov 2009 16:50:33 +0000 (16:50 +0000)]
mm: remove incorrect swap_count() from try_to_unuse()

commit 32c5fc10e79a7053ac5728b01a0bff55cbcb9d49 upstream.

In try_to_unuse(), swcount is a local copy of *swap_map, including the
SWAP_HAS_CACHE bit; but a wrong comparison against swap_count(*swap_map),
which masks off the SWAP_HAS_CACHE bit, succeeded where it should fail.

That had the effect of resetting the mm from which to start searching
for the next swap page, to an irrelevant mm instead of to an mm in which
this swap page had been found: which may increase search time by ~20%.
But we're used to swapoff being slow, so never noticed the slowdown.

Remove that one spurious use of swap_count(): Bo Liu thought it merely
redundant, Hugh rewrote the description since it was measurably wrong.

Signed-off-by: Bo Liu <bo-liu@hotmail.com>
Signed-off-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoNOMMU: Don't pass NULL pointers to fput() in do_mmap_pgoff()
David Howells [Fri, 30 Oct 2009 13:13:26 +0000 (13:13 +0000)]
NOMMU: Don't pass NULL pointers to fput() in do_mmap_pgoff()

commit 89a8640279f8bb78aaf778d1fc5c4a6778f18064 upstream.

Don't pass NULL pointers to fput() in the error handling paths of the NOMMU
do_mmap_pgoff() as it can't handle it.

The following can be used as a test program:

int main() { static long long a[1024 * 1024 * 20] = { 0 }; return a;}

Without the patch, the code oopses in atomic_long_dec_and_test() as called by
fput() after the kernel complains that it can't allocate that big a chunk of
memory.  With the patch, the kernel just complains about the allocation size
and then the program segfaults during execve() as execve() can't complete the
allocation of all the new ELF program segments.

Reported-by: Robin Getz <rgetz@blackfin.uclinux.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Robin Getz <rgetz@blackfin.uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86, UV: Set DELIVERY_MODE=4 for vector=NMI_VECTOR in uv_hub_send_ipi()
Robin Holt [Tue, 20 Oct 2009 19:36:15 +0000 (14:36 -0500)]
x86, UV: Set DELIVERY_MODE=4 for vector=NMI_VECTOR in uv_hub_send_ipi()

commit 02dd0a0613e0d84c7dd8315e3fe6204d005b7c79 upstream.

When sending a NMI_VECTOR IPI using the UV_HUB_IPI_INT register,
we need to ensure the delivery mode field of that register has
NMI delivery selected.

This makes those IPIs true NMIs, instead of flat IPIs. It
matters to reboot sequences and KGDB, both of which use NMI
IPIs.

Signed-off-by: Robin Holt <holt@sgi.com>
Acked-by: Jack Steiner <steiner@sgi.com>
Cc: Martin Hicks <mort@sgi.com>
LKML-Reference: <20091020193620.877322000@alcatraz.americas.sgi.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86, UV: Fix information in __uv_hub_info structure
Robin Holt [Thu, 15 Oct 2009 22:40:00 +0000 (17:40 -0500)]
x86, UV: Fix information in __uv_hub_info structure

commit 036ed8ba61b72c19dc5759446d4fe0844aa88255 upstream.

A few parts of the uv_hub_info structure are initialized
incorrectly.

 - n_val is being loaded with m_val.
 - gpa_mask is initialized with a bytes instead of an unsigned long.
 - Handle the case where none of the alias registers are used.

Lastly I converted the bau over to using the uv_hub_info->m_val
which is the correct value.

Without this patch, booting a large configuration hits a
problem where the upper bits of the gnode affect the pnode
and the bau will not operate.

Signed-off-by: Robin Holt <holt@sgi.com>
Acked-by: Jack Steiner <steiner@sgi.com>
Cc: Cliff Whickman <cpw@sgi.com>
LKML-Reference: <20091015224946.396355000@alcatraz.americas.sgi.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomac80211: check interface is down before type change
Johannes Berg [Sun, 1 Nov 2009 18:25:40 +0000 (19:25 +0100)]
mac80211: check interface is down before type change

commit c1f9a764cf47686b1f5a0cf87ada68d90056136a upstream.

For some strange reason the netif_running() check
ended up after the actual type change instead of
before, potentially causing all kinds of problems
if the interface is up while changing the type;
one of the problems manifests itself as a warning:

WARNING: at net/mac80211/iface.c:651 ieee80211_teardown_sdata+0xda/0x1a0 [mac80211]()
Hardware name: Aspire one
Pid: 2596, comm: wpa_supplicant Tainted: G        W  2.6.31-10-generic #32-Ubuntu
Call Trace:
 [] warn_slowpath_common+0x6d/0xa0
 [] warn_slowpath_null+0x15/0x20
 [] ieee80211_teardown_sdata+0xda/0x1a0 [mac80211]
 [] ieee80211_if_change_type+0x4a/0xc0 [mac80211]
 [] ieee80211_change_iface+0x61/0xa0 [mac80211]
 [] cfg80211_wext_siwmode+0xc7/0x120 [cfg80211]
 [] ioctl_standard_call+0x58/0xf0

(http://www.kerneloops.org/searchweek.php?search=ieee80211_teardown_sdata)

Cc: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomac80211: fix for incorrect sequence number on hostapd injected frames
Björn Smedman [Sat, 24 Oct 2009 18:55:09 +0000 (20:55 +0200)]
mac80211: fix for incorrect sequence number on hostapd injected frames

commit 9b1ce526eb917c8b5c8497c327768130ee683392 upstream.

When hostapd injects a frame, e.g. an authentication or association
response, mac80211 looks for a suitable access point virtual interface
to associate the frame with based on its source address. This makes it
possible e.g. to correctly assign sequence numbers to the frames.

A small typo in the ethernet address comparison statement caused a
failure to find a suitable ap interface. Sequence numbers on such
frames where therefore left unassigned causing some clients
(especially windows-based 11b/g clients) to reject them and fail to
authenticate or associate with the access point. This patch fixes the
typo in the address comparison statement.

Signed-off-by: Björn Smedman <bjorn.smedman@venatech.se>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoCIFS: Fixing to avoid invalid kfree() in cifs_get_tcp_session()
Steve French [Tue, 6 Oct 2009 18:31:29 +0000 (18:31 +0000)]
CIFS: Fixing to avoid invalid kfree() in cifs_get_tcp_session()

commit 8347a5cdd1422eea0470ed586274c7f29e274b47 upstream.

trivial bug in fs/cifs/connect.c .
The bug is caused by fail of extract_hostname()
when mounting cifs file system.

This is the situation when I noticed this bug.

% sudo mount -t cifs //192.168.10.208 mountpoint -o options...

Then my kernel says,

[ 1461.807776] ------------[ cut here ]------------
[ 1461.807781] kernel BUG at mm/slab.c:521!
[ 1461.807784] invalid opcode: 0000 [#2] PREEMPT SMP
[ 1461.807790] last sysfs file:
/sys/devices/pci0000:00/0000:00:1e.0/0000:09:02.0/resource
[ 1461.807793] CPU 0
[ 1461.807796] Modules linked in: nls_iso8859_1 usbhid sbp2 uhci_hcd
ehci_hcd i2c_i801 ohci1394 ieee1394 psmouse serio_raw pcspkr sky2 usbcore
evdev
[ 1461.807816] Pid: 3446, comm: mount Tainted: G      D 2.6.32-rc2-vanilla
[ 1461.807820] RIP: 0010:[<ffffffff810b888e>]  [<ffffffff810b888e>]
kfree+0x63/0x156
[ 1461.807829] RSP: 0018:ffff8800b4f7fbb8  EFLAGS: 00010046
[ 1461.807832] RAX: ffffea00033fff98 RBX: ffff8800afbae7e2 RCX:
0000000000000000
[ 1461.807836] RDX: ffffea0000000000 RSI: 000000000000005c RDI:
ffffffffffffffea
[ 1461.807839] RBP: ffff8800b4f7fbf8 R08: 0000000000000001 R09:
0000000000000000
[ 1461.807842] R10: 0000000000000000 R11: ffff8800b4f7fbf8 R12:
00000000ffffffea
[ 1461.807845] R13: ffff8800afb23000 R14: ffff8800b4f87bc0 R15:
ffffffffffffffea
[ 1461.807849] FS:  00007f52b6f187c0(0000) GS:ffff880007600000(0000)
knlGS:0000000000000000
[ 1461.807852] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1461.807855] CR2: 0000000000613000 CR3: 00000000af8f9000 CR4:
00000000000006f0
[ 1461.807858] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 1461.807861] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[ 1461.807865] Process mount (pid: 3446, threadinfo ffff8800b4f7e000, task
ffff8800950e4380)
[ 1461.807867] Stack:
[ 1461.807869]  0000000000000202 0000000000000282 ffff8800b4f7fbf8
ffff8800afbae7e2
[ 1461.807876] <0> 00000000ffffffea ffff8800afb23000 ffff8800b4f87bc0
ffff8800b4f7fc28
[ 1461.807884] <0> ffff8800b4f7fcd8 ffffffff81159f6d ffffffff81147bc2
ffffffff816bfb48
[ 1461.807892] Call Trace:
[ 1461.807899]  [<ffffffff81159f6d>] cifs_get_tcp_session+0x440/0x44b
[ 1461.807904]  [<ffffffff81147bc2>] ? find_nls+0x1c/0xe9
[ 1461.807909]  [<ffffffff8115b889>] cifs_mount+0x16bc/0x2167
[ 1461.807917]  [<ffffffff814455bd>] ? _spin_unlock+0x30/0x4b
[ 1461.807923]  [<ffffffff81150da9>] cifs_get_sb+0xa5/0x1a8
[ 1461.807928]  [<ffffffff810c1b94>] vfs_kern_mount+0x56/0xc9
[ 1461.807933]  [<ffffffff810c1c64>] do_kern_mount+0x47/0xe7
[ 1461.807938]  [<ffffffff810d8632>] do_mount+0x712/0x775
[ 1461.807943]  [<ffffffff810d671f>] ? copy_mount_options+0xcf/0x132
[ 1461.807948]  [<ffffffff810d8714>] sys_mount+0x7f/0xbf
[ 1461.807953]  [<ffffffff8144509a>] ? lockdep_sys_exit_thunk+0x35/0x67
[ 1461.807960]  [<ffffffff81011cc2>] system_call_fastpath+0x16/0x1b
[ 1461.807963] Code: 00 00 00 00 ea ff ff 48 c1 e8 0c 48 6b c0 68 48 01 d0
66 83 38 00 79 04 48 8b 40 10 66 83 38 00 79 04 48 8b 40 10 80 38 00 78 04
<0f> 0b eb fe 4c 8b 70 58 4c 89 ff 41 8b 76 4c e8 b8 49 fb ff e8
[ 1461.808022] RIP  [<ffffffff810b888e>] kfree+0x63/0x156
[ 1461.808027]  RSP <ffff8800b4f7fbb8>
[ 1461.808031] ---[ end trace ffe26fcdc72c0ce4 ]---

The reason of this bug is that the error handling code of
cifs_get_tcp_session()
calls kfree() when corresponding kmalloc() failed.
(The kmalloc() is called by extract_hostname().)

Signed-off-by: Hitoshi Mitake <mitake@dcl.info.waseda.ac.jp>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agovirtio: order used ring after used index read
Michael S. Tsirkin [Sun, 25 Oct 2009 13:28:53 +0000 (15:28 +0200)]
virtio: order used ring after used index read

commit 2d61ba95034f1abbdec7729d52c740870a5eddb6 upstream.

On SMP guests, reads from the ring might bypass used index reads. This
causes guest crashes because host writes to used index to signal ring
data readiness.  Fix this by inserting rmb before used ring reads.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocpuidle: always return with interrupts enabled
Kevin Hilman [Mon, 26 Oct 2009 23:50:18 +0000 (16:50 -0700)]
cpuidle: always return with interrupts enabled

commit 246eb7f0ed1a8aeddec5313137767658f378949b upstream.

In the case where cpuidle_idle_call() returns before changing state due to
a need_resched(), it was returning with IRQs disabled.

The idle path assumes that the platform specific idle code returns with
interrupts enabled (although this too is undocumented AFAICT) and on ARM
we have a WARN_ON(!(irqs_disabled()) when returning from the idle loop, so
the user-visible effects were only a warning since interrupts were
eventually re-enabled later.

On x86, this same problem exists, but there is no WARN_ON() to detect it.
As on ARM, the interrupts are eventually re-enabled, so I'm not sure of
any actual bugs triggered by this.  It's primarily a
correctness/consistency fix.

This patch ensures IRQs are (re)enabled before returning.

Reported-by: Hemanth V <hemanthv@ti.com>
Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Len Brown <len.brown@intel.com>
Cc: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Tested-by: Martin Michlmayr <tbm@cyrius.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agolibertas if_usb: Fix crash on 64-bit machines
David Woodhouse [Fri, 30 Oct 2009 17:45:14 +0000 (17:45 +0000)]
libertas if_usb: Fix crash on 64-bit machines

commit e9024a059f2c17fb2bfab212ee9d31511d7b8e57 upstream.

On a 64-bit kernel, skb->tail is an offset, not a pointer. The libertas
usb driver passes it to usb_fill_bulk_urb() anyway, causing interesting
crashes. Fix that by using skb->data instead.

This highlights a problem with usb_fill_bulk_urb(). It doesn't notice
when dma_map_single() fails and return the error to its caller as it
should. In fact it _can't_ currently return the error, since it returns
void.

So this problem was showing up only at unmap time, after we'd already
suffered memory corruption by doing DMA to a bogus address.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: option: TLAYTECH TUE800 support
Bryan Wu [Thu, 22 Oct 2009 07:00:36 +0000 (15:00 +0800)]
USB: option: TLAYTECH TUE800 support

commit fead2ab6cf9ad3a84a06e68ccc20d1e460fad13e upstream.

Add ID for Tlaytech TUE800 CDMA modem to the option driver.

Signed-off-by: Bryan Wu <bryan.wu@canonical.com>
Acked-By: Matthias Urlichs <matthias@urlichs.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: option: Support for AIRPLUS MCD650 Datacard
Huzaifa Sidhpurwala [Mon, 12 Oct 2009 09:04:45 +0000 (14:34 +0530)]
USB: option: Support for AIRPLUS MCD650 Datacard

commit 12148da6722be3b44c2220206b6ccb80d2d9d8f8 upstream.

Here is a patch for Airplus MCD 650 card

Note: This device is with Victor V Kudlak, and he confirmed that this
device works with the patch.

Signed-off-by: Huzaifa Sidhpurwala <sidhpurwala.huzaifa@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: option: Patch for Huawei Mobile Broadband E270+ Modem
Ronnie Furuskog [Mon, 21 Sep 2009 19:20:55 +0000 (21:20 +0200)]
USB: option: Patch for Huawei Mobile Broadband E270+ Modem

commit 0ee3a33a0481c8f5c9edb7a5a02f3c76496d9551 upstream.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoUSB: serial: sierra driver send_setup() autopm fix
Elina Pasheva [Fri, 16 Oct 2009 19:04:54 +0000 (12:04 -0700)]
USB: serial: sierra driver send_setup() autopm fix

commit 3c77d5137d3f4ff41721e9b4f4812db56a6065c0 upstream.

This patch presents a fix for the autosuspend feature implementation in
sierra usb serial driver for function sierra_send_setup().  Because it
is possible to call sierra_send_setup() before sierra_open() or after
sierra_close() we added a get/put interface activity to assure that the
usb control can happen even when the device is autosuspended.

Signed-off-by: Elina Pasheva <epasheva@sierrawireless.com>
Tested-by: Matthew Safar <msafar@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoparam: fix setting arrays of bool
Rusty Russell [Thu, 29 Oct 2009 14:56:19 +0000 (08:56 -0600)]
param: fix setting arrays of bool

commit 3c7d76e371ac1a3802ae1673f5c63554af59325c upstream.

We create a dummy struct kernel_param on the stack for parsing each
array element, but we didn't initialize the flags word.  This matters
for arrays of type "bool", where the flag indicates if it really is
an array of bools or unsigned int (old-style).

Reported-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoparam: fix NULL comparison on oom
Rusty Russell [Thu, 29 Oct 2009 14:56:17 +0000 (08:56 -0600)]
param: fix NULL comparison on oom

commit d553ad864e3b3dde3f1038d491e207021b2d6293 upstream.

kp->arg is always true: it's the contents of that pointer we care about.

Reported-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoparam: fix lots of bugs with writing charp params from sysfs, by leaking mem.
Rusty Russell [Thu, 29 Oct 2009 14:56:16 +0000 (08:56 -0600)]
param: fix lots of bugs with writing charp params from sysfs, by leaking mem.

commit 65afac7d80ab3bc9f81e75eafb71eeb92a3ebdef upstream.

e180a6b7759a "param: fix charp parameters set via sysfs" fixed the case
where charp parameters written via sysfs were freed, leaving drivers
accessing random memory.

Unfortunately, storing a flag in the kparam struct was a bad idea: it's
rodata so setting it causes an oops on some archs.  But that's not all:

1) module_param_array() on charp doesn't work reliably, since we use an
   uninitialized temporary struct kernel_param.
2) there's a fundamental race if a module uses this parameter and then
   it's changed: they will still access the old, freed, memory.

The simplest fix (ie. for 2.6.32) is to never free the memory.  This
prevents all these problems, at cost of a memory leak.  In practice, there
are only 18 places where a charp is writable via sysfs, and all are
root-only writable.

Reported-by: Takashi Iwai <tiwai@suse.de>
Cc: Sitsofe Wheeler <sitsofe@yahoo.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agotty: Mark generic_serial users as BROKEN
Alan Cox [Thu, 29 Oct 2009 12:16:22 +0000 (12:16 +0000)]
tty: Mark generic_serial users as BROKEN

commit 412145947adfca60a4b5b4893fbae82dffa25edd upstream.

There isn't much else I can do with these. I can find no hardware for any
of them and no users. The code is broken.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoDriver core: fix driver_register() return value
Stas Sergeev [Sat, 17 Oct 2009 20:31:38 +0000 (00:31 +0400)]
Driver core: fix driver_register() return value

commit 39acbc12affcaa23ef1d887ba3d197baca8e6e47 upstream.

In this patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16dc42e018c2868211b4928f20a957c0c216126c
the check was added for another driver to already claim the same device
on the same bus. But the returned error code was wrong: to modprobe, the
-EEXIST means that _this_ driver is already installed. It therefore
doesn't produce the needed error message when _another_ driver is trying
to register for the same device.  Returning -EBUSY fixes the problem.

Signed-off-by: Stas Sergeev <stsp@aknet.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agohfsplus: refuse to mount volumes larger than 2TB
Ben Hutchings [Mon, 26 Oct 2009 23:49:51 +0000 (16:49 -0700)]
hfsplus: refuse to mount volumes larger than 2TB

commit 5c36fe3d87b3f0c85894a49193c66096a3d6b26f upstream.

As found in <http://bugs.debian.org/550010>, hfsplus is using type u32
rather than sector_t for some sector number calculations.

In particular, hfsplus_get_block() does:

        u32 ablock, dblock, mask;
...
        map_bh(bh_result, sb, (dblock << HFSPLUS_SB(sb).fs_shift) + HFSPLUS_SB(sb).blockoffset + (iblock & mask));

I am not confident that I can find and fix all cases where a sector number
may be truncated.  For now, avoid data loss by refusing to mount HFS+
volumes with more than 2^32 sectors (2TB).

[akpm@linux-foundation.org: fix 32 and 64-bit issues]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Eric Sesterhenn <snakebyte@gmx.de>
Cc: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodpt_i2o: Fix typo of EINVAL
OGAWA Hirofumi [Fri, 30 Oct 2009 08:02:31 +0000 (17:02 +0900)]
dpt_i2o: Fix typo of EINVAL

commit aefba418bfecd1985a08f50a95bd854a119f0153 upstream.

Commit ef7562b7f28319e6dd1f85dc1af87df2a7a84832 ("dpt_i2o: Fix up
copy*user") had a silly typo: EINVAL should be -EINVAL.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodpt_i2o: Fix up copy*user
Alan Cox [Tue, 27 Oct 2009 15:35:35 +0000 (15:35 +0000)]
dpt_i2o: Fix up copy*user

commit ef7562b7f28319e6dd1f85dc1af87df2a7a84832 upstream.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years ago8250_pci: add IBM Saturn serial card
Benjamin Herrenschmidt [Mon, 26 Oct 2009 23:50:05 +0000 (16:50 -0700)]
8250_pci: add IBM Saturn serial card

commit c68d2b1594548cda7f6dbac6a4d9d30a9b01558c upstream.

The IBM Saturn serial card has only one port. Without that fixup,
the kernel thinks it has two, which confuses userland setup and
admin tools as well.

[akpm@linux-foundation.org: fix pci-ids.h layout]
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Alan Cox <alan@linux.intel.com>
Cc: Michael Reed <mreed10@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodo_mbind(): fix memory leak
KOSAKI Motohiro [Mon, 26 Oct 2009 23:49:59 +0000 (16:49 -0700)]
do_mbind(): fix memory leak

commit b05ca7385a2848abdc72051f832722641daed8b0 upstream.

If migrate_prep is failed, new variable is leaked.  This patch fixes it.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agombind(): fix leak of never putback pages
KOSAKI Motohiro [Mon, 26 Oct 2009 23:49:58 +0000 (16:49 -0700)]
mbind(): fix leak of never putback pages

commit ab8a3e14e6f8e567560f664bbd29aefb306a274e upstream.

If mbind() receives an invalid address, do_mbind leaks a page.  The
following test program detects this leak.

This patch fixes it.

migrate_efault.c
=======================================
 #include <numaif.h>
 #include <numa.h>
 #include <sys/mman.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>

static unsigned long pagesize;

static void* make_hole_mapping(void)
{

void* addr;

addr = mmap(NULL, pagesize*3, PROT_READ|PROT_WRITE,
    MAP_ANON|MAP_PRIVATE, 0, 0);
if (addr == MAP_FAILED)
return NULL;

/* make page populate */
memset(addr, 0, pagesize*3);

/* make memory hole */
munmap(addr+pagesize, pagesize);

return addr;
}

int main(int argc, char** argv)
{
void* addr;
int ch;
int node;
struct bitmask *nmask = numa_allocate_nodemask();
int err;
int node_set = 0;

while ((ch = getopt(argc, argv, "n:")) != -1){
switch (ch){
case 'n':
node = strtol(optarg, NULL, 0);
numa_bitmask_setbit(nmask, node);
node_set = 1;
break;
default:
;
}
}
argc -= optind;
argv += optind;

if (!node_set)
numa_bitmask_setbit(nmask, 0);

pagesize = getpagesize();

addr = make_hole_mapping();

err = mbind(addr, pagesize*3, MPOL_BIND, nmask->maskp, nmask->size, MPOL_MF_MOVE_ALL);
if (err)
perror("mbind ");

return 0;
}
=======================================

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoray_cs: Fix copy_from_user handling
Alan Cox [Tue, 27 Oct 2009 15:35:55 +0000 (15:35 +0000)]
ray_cs: Fix copy_from_user handling

commit 575c9ed7798218dc923f319c0d78f0c25ca506b9 upstream.

I've not touched the other stuff here but the word "locking" comes to mind.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm snapshot: use unsigned integer chunk size
Mikulas Patocka [Fri, 16 Oct 2009 22:18:17 +0000 (23:18 +0100)]
dm snapshot: use unsigned integer chunk size

commit df96eee679ba28c98cf722fa7c9f4286ee1ed0bd upstream.

Use unsigned integer chunk size.

Maximum chunk size is 512kB, there won't ever be need to use 4GB chunk size,
so the number can be 32-bit. This fixes compiler failure on 32-bit systems
with large block devices.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Reviewed-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm snapshot: require non zero chunk size by end of ctr
Mikulas Patocka [Fri, 16 Oct 2009 22:18:16 +0000 (23:18 +0100)]
dm snapshot: require non zero chunk size by end of ctr

commit 3f2412dc85260e5aae7ebb03bf50d5b1407e3083 upstream.

If we are creating snapshot with memory-stored exception store, fail if
the user didn't specify chunk size. Zero chunk size would probably crash
a lot of places in the rest of snapshot code.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Jonathan Brassow <jbrassow@redhat.com>
Reviewed-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm snapshot: lock snapshot while supplying status
Mikulas Patocka [Fri, 16 Oct 2009 22:18:16 +0000 (23:18 +0100)]
dm snapshot: lock snapshot while supplying status

commit 4c6fff445d7aa753957856278d4d93bcad6e2c14 upstream.

This patch locks the snapshot when returning status.  It fixes a race
when it could return an invalid number of free chunks if someone
was simultaneously modifying it.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm exception store: fix failed set_chunk_size error path
Mikulas Patocka [Fri, 16 Oct 2009 22:18:16 +0000 (23:18 +0100)]
dm exception store: fix failed set_chunk_size error path

commit 0e8c4e4e3ebb15756ddc4170a88149a2cd323cfe upstream.

Properly close the device if failing because of an invalid chunk size.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm: dec_pending needs locking to save error value
Kiyoshi Ueda [Fri, 16 Oct 2009 22:18:15 +0000 (23:18 +0100)]
dm: dec_pending needs locking to save error value

commit f88fb981183e71daf40bbd84bc8251bbf7b59e19 upstream.

Multiple instances of dec_pending() can run concurrently so a lock is
needed when it saves the first error code.

I have never experienced actual problem without locking and just found
this during code inspection while implementing the barrier support
patch for request-based dm.

This patch adds the locking.
I've done compile, boot and basic I/O testings.

Signed-off-by: Kiyoshi Ueda <k-ueda@ct.jp.nec.com>
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm: add missing del_gendisk to alloc_dev error path
Zdenek Kabelac [Fri, 16 Oct 2009 22:18:15 +0000 (23:18 +0100)]
dm: add missing del_gendisk to alloc_dev error path

commit 03022c54b9725026c0370a810168975c387ad04c upstream.

Add missing del_gendisk() to error path when creation of workqueue fails.
Otherwice there is a resource leak and following warning is shown:

WARNING: at fs/sysfs/dir.c:487 sysfs_add_one+0xc5/0x160()
sysfs: cannot create duplicate filename '/devices/virtual/block/dm-0'

Signed-off-by: Zdenek Kabelac <zkabelac@redhat.com>
Reviewed-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm log: userspace fix incorrect luid cast in userspace_ctr
Andrew Morton [Fri, 16 Oct 2009 22:18:15 +0000 (23:18 +0100)]
dm log: userspace fix incorrect luid cast in userspace_ctr

commit bca915aae803cf01fde4461fc9c093cf5a86d7fc upstream.

mips:

drivers/md/dm-log-userspace-base.c: In function `userspace_ctr':
drivers/md/dm-log-userspace-base.c:159: warning: cast from pointer to integer of different size

Cc: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm snapshot: sort by chunk size to fix race
Mikulas Patocka [Fri, 16 Oct 2009 22:18:14 +0000 (23:18 +0100)]
dm snapshot: sort by chunk size to fix race

commit 6d45d93ead319423099b82a4efd775bc0f159121 upstream.

Avoid a race causing corruption when snapshots of the same origin have
different chunk sizes by sorting the internal list of snapshots by chunk
size, largest first.
  https://bugzilla.redhat.com/show_bug.cgi?id=182659

For example, let's have two snapshots with different chunk sizes. The
first snapshot (1) has small chunk size and the second snapshot (2) has
large chunk size.  Let's have chunks A, B, C in these snapshots:
snapshot1: ====A====   ====B====
snapshot2: ==========C==========

(Chunk size is a power of 2. Chunks are aligned.)

A write to the origin at a position within A and C comes along. It
triggers reallocation of A, then reallocation of C and links them
together using A as the 'primary' exception.

Then another write to the origin comes along at a position within B and
C.  It creates pending exception for B.  C already has a reallocation in
progress and it already has a primary exception (A), so nothing is done
to it: B and C are not linked.

If the reallocation of B finishes before the reallocation of C, because
there is no link with the pending exception for C it does not know to
wait for it and, the second write is dispatched to the origin and causes
data corruption in the chunk C in snapshot2.

To avoid this situation, we maintain snapshots sorted in descending
order of chunk size.  This leads to a guaranteed ordering on the links
between the pending exceptions and avoids the problem explained above -
both A and B now get linked to C.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm snapshot: free exception store on init failure
Jonathan Brassow [Fri, 16 Oct 2009 22:18:14 +0000 (23:18 +0100)]
dm snapshot: free exception store on init failure

commit 034a186d29dbcef099e57ab23ec39440596be911 upstream.

While initializing the snapshot module, if we fail to register
the snapshot target then we must back-out the exception store
module initialization.

Signed-off-by: Jonathan Brassow <jbrassow@redhat.com>
Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoInput: synaptics - add another Protege M300 to rate blacklist
Dmitry Torokhov [Tue, 13 Oct 2009 04:35:00 +0000 (21:35 -0700)]
Input: synaptics - add another Protege M300 to rate blacklist

commit 5f5eeff4c93256ee93435a3bf08cf18c45e9a994 upstream.

Apparently some of Toshiba Protege M300 identify themselves as
"Portable PC" in DMI so we need to add that to the DMI table as
well. We need DMI data so we can automatically lower Synaptics
reporting rate from 80 to 40 pps to avoid over-taxing their
keyboard controllers.

Tested-by: Rod Davison <roddavison@gmail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agowatchdog: Fix rio watchdog probe function
Thomas Gleixner [Wed, 14 Oct 2009 08:18:26 +0000 (01:18 -0700)]
watchdog: Fix rio watchdog probe function

[ Upstream commit 03717e3d12b625268848414e39beda25e4515692 ]

After sucessfully registering the misc device the driver iounmaps the
hardware registers and kfree's the device data structure. Ouch !

This was introduced with commit e42311d75 (riowatchdog: Convert to
pure OF driver) and went unnoticed for more than a year :)

Return success instead of dropping into the error cleanup code path.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosparc: Kill PROM console driver.
David S. Miller [Wed, 16 Sep 2009 00:04:38 +0000 (17:04 -0700)]
sparc: Kill PROM console driver.

[ Upstream commit 09d3f3f0e02c8a900d076c302c5c02227f33572d ]

Many years ago when this driver was written, it had a use, but these
days it's nothing but trouble and distributions should not enable it
in any situation.

Pretty much every console device a sparc machine could see has a
bonafide real driver, making the PROM console hack unnecessary.

If any new device shows up, we should write a driver instead of
depending upon this crutch to save us.  We've been able to take care
of this even when no chip documentation exists (sunxvr500, sunxvr2500)
so there are no excuses.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosparc64: Set IRQF_DISABLED on LDC channel IRQs.
David S. Miller [Tue, 13 Oct 2009 07:49:09 +0000 (00:49 -0700)]
sparc64: Set IRQF_DISABLED on LDC channel IRQs.

[ Upstream commit c58543c869606532c2382f027d6466f4672ea756 ]

With lots of virtual devices it's easy to generate a lot of
events and chew up the kernel IRQ stack.

Reported-by: hyl <heyongli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoahci: revert "Restore SB600 sata controller 64 bit DMA"
Chuck Ebbert [Mon, 26 Oct 2009 19:27:53 +0000 (15:27 -0400)]
ahci: revert "Restore SB600 sata controller 64 bit DMA"

revert commit 58a09b38cfcd700b796ea07ae3d2e0efbb28b561
("[libata] ahci: Restore SB600 SATA controller 64 bit DMA")

Upstream commit 58a09b38cfcd700b796ea07ae3d2e0efbb28b561 does
nearly the same thing but this patch is simplified for 2.6.31

Disables 64-bit DMA for _all_ boards, unlike 2.6.32 which adds a
whitelist. (The whitelist function requires a fairly large patch
that touches unrelated code.)

Doesn't revert the DMI part as other backported patches might need
the exported symbol.

Applies to 2.6.31.4

Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofutex: Fix spurious wakeup for requeue_pi really
Thomas Gleixner [Wed, 28 Oct 2009 19:26:48 +0000 (20:26 +0100)]
futex: Fix spurious wakeup for requeue_pi really

commit 11df6dddcbc38affb7473aad3d962baf8414a947 upstream.

The requeue_pi path doesn't use unqueue_me() (and the racy lock_ptr ==
NULL test) nor does it use the wake_list of futex_wake() which where
the reason for commit 41890f2 (futex: Handle spurious wake up)

See debugging discussing on LKML Message-ID: <4AD4080C.20703@us.ibm.com>

The changes in this fix to the wait_requeue_pi path were considered to
be a likely unecessary, but harmless safety net. But it turns out that
due to the fact that for unknown $@#!*( reasons EWOULDBLOCK is defined
as EAGAIN we built an endless loop in the code path which returns
correctly EWOULDBLOCK.

Spurious wakeups in wait_requeue_pi code path are unlikely so we do
the easy solution and return EWOULDBLOCK^WEAGAIN to user space and let
it deal with the spurious wakeup.

Cc: Darren Hart <dvhltc@us.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: John Stultz <johnstul@linux.vnet.ibm.com>
Cc: Dinakar Guniguntala <dino@in.ibm.com>
LKML-Reference: <4AE23C74.1090502@us.ibm.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofutex: Move drop_futex_key_refs out of spinlock'ed region
Darren Hart [Thu, 15 Oct 2009 22:30:48 +0000 (15:30 -0700)]
futex: Move drop_futex_key_refs out of spinlock'ed region

commit 89061d3d58e1f0742139605dc6a7950aa1ecc019 upstream.

When requeuing tasks from one futex to another, the reference held
by the requeued task to the original futex location needs to be
dropped eventually.

Dropping the reference may ultimately lead to a call to
"iput_final" and subsequently call into filesystem- specific code -
which may be non-atomic.

It is therefore safer to defer this drop operation until after the
futex_hash_bucket spinlock has been dropped.

Originally-From: Helge Bahmann <hcb@chaoticmind.net>
Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Dinakar Guniguntala <dino@in.ibm.com>
Cc: John Stultz <johnstul@linux.vnet.ibm.com>
Cc: Sven-Thorsten Dietrich <sdietrich@novell.com>
Cc: John Kacur <jkacur@redhat.com>
LKML-Reference: <4AD7A298.5040802@us.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofutex: Check for NULL keys in match_futex
Darren Hart [Wed, 14 Oct 2009 17:12:39 +0000 (10:12 -0700)]
futex: Check for NULL keys in match_futex

commit 2bc872036e1c5948b5b02942810bbdd8dbdb9812 upstream.

If userspace tries to perform a requeue_pi on a non-requeue_pi waiter,
it will find the futex_q->requeue_pi_key to be NULL and OOPS.

Check for NULL in match_futex() instead of doing explicit NULL pointer
checks on all call sites.  While match_futex(NULL, NULL) returning
false is a little odd, it's still correct as we expect valid key
references.

Signed-off-by: Darren Hart <dvhltc@us.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@elte.hu>
CC: Eric Dumazet <eric.dumazet@gmail.com>
CC: Dinakar Guniguntala <dino@in.ibm.com>
CC: John Stultz <johnstul@us.ibm.com>
LKML-Reference: <4AD60687.10306@us.ibm.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofutex: Handle spurious wake up
Thomas Gleixner [Tue, 13 Oct 2009 18:40:43 +0000 (20:40 +0200)]
futex: Handle spurious wake up

commit d58e6576b0deec6f0b9ff8450fe282da18c50883 upstream.

The futex code does not handle spurious wake up in futex_wait and
futex_wait_requeue_pi.

The code assumes that any wake up which was not caused by futex_wake /
requeue or by a timeout was caused by a signal wake up and returns one
of the syscall restart error codes.

In case of a spurious wake up the signal delivery code which deals
with the restart error codes is not invoked and we return that error
code to user space. That causes applications which actually check the
return codes to fail. Blaise reported that on preempt-rt a python test
program run into a exception trap. -rt exposed that due to a built in
spurious wake up accelerator :)

Solve this by checking signal_pending(current) in the wake up path and
handle the spurious wake up case w/o returning to user space.

Reported-by: Blaise Gassend <blaise@willowgarage.com>
Debugged-by: Darren Hart <dvhltc@us.ibm.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoKVM: ignore reads from AMDs C1E enabled MSR
Andre Przywara [Wed, 24 Jun 2009 10:44:34 +0000 (12:44 +0200)]
KVM: ignore reads from AMDs C1E enabled MSR

commit 1fdbd48c242db996107f72ae4140ffe8163e26a8 upstream.

If the Linux kernel detects an C1E capable AMD processor (K8 RevF and
higher), it will access a certain MSR on every attempt to go to halt.
Explicitly handle this read and return 0 to let KVM run a Linux guest
with the native AMD host CPU propagated to the guest.

Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoKVM: use proper hrtimer function to retrieve expiration time
Marcelo Tosatti [Thu, 8 Oct 2009 13:55:03 +0000 (10:55 -0300)]
KVM: use proper hrtimer function to retrieve expiration time

commit ace1546487a0fe4634e3251067f8a32cb2cdc099 upstream.

hrtimer->base can be temporarily NULL due to racing hrtimer_start.
See switch_hrtimer_base/lock_hrtimer_base.

Use hrtimer_get_remaining which is robust against it.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonfs: Fix nfs_parse_mount_options() kfree() leak
Yinghai Lu [Tue, 20 Oct 2009 05:13:46 +0000 (14:13 +0900)]
nfs: Fix nfs_parse_mount_options() kfree() leak

commit 4223a4a155f245d41c350ed9eba4fc32e965c4da upstream.

Fix a (small) memory leak in one of the error paths of the NFS mount
options parsing code.

Regression introduced in 2.6.30 by commit a67d18f (NFS: load the
rpc/rdma transport module automatically).

Reported-by: Yinghai Lu <yinghai@kernel.org>
Reported-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosata_nv: make sure link is brough up online when skipping hardreset
Tejun Heo [Wed, 14 Oct 2009 02:18:28 +0000 (11:18 +0900)]
sata_nv: make sure link is brough up online when skipping hardreset

commit 6489e3262e6b188a1a009b65e8a94b7aa17645b7 upstream.

prereset doesn't bring link online if hardreset is about to happen and
nv_hardreset() may skip if conditions are not right so softreset may
be entered with non-working link status if the system firmware didn't
bring it up before entering OS code which can happen during resume.
This patch makes nv_hardreset() to bring up the link if it's skipping
reset.

This bug was reported by frodone@gmail.com in the following bug entry.

  http://bugzilla.kernel.org/show_bug.cgi?id=14329

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: frodone@gmail.com
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agolibata: fix PMP initialization
Tejun Heo [Thu, 15 Oct 2009 14:37:32 +0000 (23:37 +0900)]
libata: fix PMP initialization

commit 4f7c2874995ac48a4622755b8bd159eb2fb6d8f4 upstream.

Commit 842faa6c1a1d6faddf3377948e5cf214812c6c90 fixed error handling
during attach by not committing detected device class to dev->class
while attaching a new device.  However, this change missed the PMP
class check in the configuration loop causing a new PMP device to go
through ata_dev_configure() as if it were an ATA or ATAPI device.

As PMP device doesn't have a regular IDENTIFY data, this makes
ata_dev_configure() tries to configure a PMP device using an invalid
data.  For the most part, it wasn't too harmful and went unnoticed but
this ends up clearing dev->flags which may have ATA_DFLAG_AN set by
sata_pmp_attach().  This means that SATA_PMP_FEAT_NOTIFY ends up being
disabled on PMPs and on PMPs which honor the flag breaks hotplug
support.

This problem was discovered and reported by Ethan Hsiao.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Ethan Hsiao <ethanhsiao@jmicron.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agolibata: fix internal command failure handling
Tejun Heo [Fri, 16 Oct 2009 04:00:51 +0000 (13:00 +0900)]
libata: fix internal command failure handling

commit f4b31db92d163df8a639f5a8c8633bdeb6e8432d upstream.

When an internal command fails, it should be failed directly without
invoking EH.  In the original implemetation, this was accomplished by
letting internal command bypass failure handling in ata_qc_complete().
However, later changes added post-successful-completion handling to
that code path and the success path is no longer adequate as internal
command failure path.  One of the visible problems is that internal
command failure due to timeout or other freeze conditions would
spuriously trigger WARN_ON_ONCE() in the success path.

This patch updates failure path such that internal command failure
handling is contained there.

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agopci: increase alignment to make more space for hidden code
Yinghai Lu [Sun, 11 Oct 2009 21:17:16 +0000 (14:17 -0700)]
pci: increase alignment to make more space for hidden code

commit 15b812f1d0a5ca8f5efe7f5882f468af10682ca8 upstream.

As reported in

http://bugzilla.kernel.org/show_bug.cgi?id=13940

on some system when acpi are enabled, acpi clears some BAR for some
devices without reason, and kernel will need to allocate devices for
them.  It then apparently hits some undocumented resource conflict,
resulting in non-working devices.

Try to increase alignment to get more safe range for unassigned devices.

Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agofs: pipe.c null pointer dereference
Earl Chew [Mon, 19 Oct 2009 22:55:41 +0000 (15:55 -0700)]
fs: pipe.c null pointer dereference

commit ad3960243e55320d74195fb85c975e0a8cc4466c upstream.

This patch fixes a null pointer exception in pipe_rdwr_open() which
generates the stack trace:

> Unable to handle kernel NULL pointer dereference at 0000000000000028 RIP:
>  [<ffffffff802899a5>] pipe_rdwr_open+0x35/0x70
>  [<ffffffff8028125c>] __dentry_open+0x13c/0x230
>  [<ffffffff8028143d>] do_filp_open+0x2d/0x40
>  [<ffffffff802814aa>] do_sys_open+0x5a/0x100
>  [<ffffffff8021faf3>] sysenter_do_call+0x1b/0x67

The failure mode is triggered by an attempt to open an anonymous
pipe via /proc/pid/fd/* as exemplified by this script:

=============================================================
while : ; do
   { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &
   PID=$!
   OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |
        { read PID REST ; echo $PID; } )
   OUT="${OUT%% *}"
   DELAY=$((RANDOM * 1000 / 32768))
   usleep $((DELAY * 1000 + RANDOM % 1000 ))
   echo n > /proc/$OUT/fd/1                 # Trigger defect
done
=============================================================

Note that the failure window is quite small and I could only
reliably reproduce the defect by inserting a small delay
in pipe_rdwr_open(). For example:

 static int
 pipe_rdwr_open(struct inode *inode, struct file *filp)
 {
       msleep(100);
       mutex_lock(&inode->i_mutex);

Although the defect was observed in pipe_rdwr_open(), I think it
makes sense to replicate the change through all the pipe_*_open()
functions.

The core of the change is to verify that inode->i_pipe has not
been released before attempting to manipulate it. If inode->i_pipe
is no longer present, return ENOENT to indicate so.

The comment about potentially using atomic_t for i_pipe->readers
and i_pipe->writers has also been removed because it is no longer
relevant in this context. The inode->i_mutex lock must be used so
that inode->i_pipe can be dealt with correctly.

Signed-off-by: Earl Chew <earl_chew@agilent.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoLinux 2.6.31.5 v2.6.31.5
Greg Kroah-Hartman [Thu, 22 Oct 2009 22:57:56 +0000 (15:57 -0700)]
Linux 2.6.31.5

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agotty: Make flush_to_ldisc() locking more robust
Linus Torvalds [Wed, 14 Oct 2009 15:59:49 +0000 (08:59 -0700)]
tty: Make flush_to_ldisc() locking more robust

commit c8e33141911bf8fe87dc6c92793b9a59b2be0130 upstream.

The locking logic in this function is extremely subtle, and it broke
when we started doing potentially concurrent 'flush_to_ldisc()' calls in
commit e043e42bdb66885b3ac10d27a01ccb9972e2b0a3 ("pty: avoid forcing
'low_latency' tty flag").

The code in flush_to_ldisc() used to set 'tty->buf.head' to NULL, with
the intention that this would then cause any other concurrent calls to
not do anything (locking note: we have to drop the buf.lock over the
call to ->receive_buf that can block, which is why we can have
concurrency here at all in the first place).

It also used to set the TTY_FLUSHING bit, which would then cause any
concurrent 'tty_buffer_flush()' to not free all the tty buffers and
clear 'tty->buf.tail'.  And with 'buf.head' being NULL, and 'buf.tail'
being non-NULL, new data would never touch 'buf.head'.

Does that sound a bit too subtle? It was.  If another concurrent call to
'flush_to_ldisc()' were to come in, the NULL buf.head would indeed cause
it to not process the buffer list, but it would still clear TTY_FLUSHING
afterwards, making the buffer protection against 'tty_buffer_flush()' no
longer work.

So this clears it all up.  We depend purely on TTY_FLUSHING for handling
re-entrancy, and stop playing games with the buffer list entirely.  In
fact, the buffer list handling is now robust enough that we could
probably stop doing the whole "protect against 'tty_buffer_flush()'"
thing entirely.

However, Alan also points out that we would probably be better off
simplifying the locking even further, and just take the tty ldisc_mutex
around all the buffer flushing calls.  That seems like a good idea, but
in the meantime this is a conceptually minimal fix (with the patch
itself being bigger than required just to clean the code up and make it
readable).

This fixes keyboard trouble under X:

http://bugzilla.kernel.org/show_bug.cgi?id=14388

Reported-and-tested-by: Frédéric Meunier <fredlwm@gmail.com>
Reported-and-tested-by: Boyan <btanastasov@yahoo.co.uk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Paul Fulghum <paulkf@microgate.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomac80211: fix vlan and optimise RX
Johannes Berg [Thu, 1 Oct 2009 20:06:29 +0000 (22:06 +0200)]
mac80211: fix vlan and optimise RX

commit fbc44bf7177dfd61381da55405550b693943a432 upstream.

When receiving data frames, we can send them only to
the interface they belong to based on transmitting
station (this doesn't work for probe requests). Also,
don't try to handle other frames for AP_VLAN at all
since those interface should only receive data.

Additionally, the transmit side must check that the
station we're sending a frame to is actually on the
interface we're transmitting on, and not transmit
packets to functions that live on other interfaces,
so validate that as well.

Another bug fix is needed in sta_info.c where in the
VLAN case when adding/removing stations we overwrite
the sdata variable we still need.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: incorrect method used for finding valid OTP blocks
Jay Sternberg [Fri, 2 Oct 2009 20:43:55 +0000 (13:43 -0700)]
iwlwifi: incorrect method used for finding valid OTP blocks

commit 2facba769d7f9e563cf706de709074a2d20f1bba upstream.

The address stored in the next link address is a word address but when
reading the OTP blocks, a byte address is used. Also if the blocks are
full and the last link pointer is not zero, then none of the blocks are
valid so return an error.

The algorithm is simply valid blocks have a next address and that
address's contents is zero.

Using the wrong address for the next link address gets arbitrary data,
obviously. In cases seen, the first block is considered valid when it is not.

If the block has in fact been invalidated there may be old data or
there may be no data, bad data, or partial data, there is no way of
telling. Without this patch it is possible that a device with valid OTP data
is unable to work.

Signed-off-by: Jay Sternberg <jay.e.sternberg@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agousb-storage: Workaround devices with bogus sense size
Benjamin Herrenschmidt [Tue, 13 Oct 2009 04:53:47 +0000 (15:53 +1100)]
usb-storage: Workaround devices with bogus sense size

commit b8430e1b82b7e514d76a88eb70a7d8831d50df1e upstream.

usb-storage: Workaround devices with bogus sense size

Some devices, such as Huawei E169, advertise more than the standard
amount of sense data, causing us to set US_FL_SANE_SENSE, assuming
they support it. However, they subsequently fail the request sense
with that size.

This works around it generically. When a sense request fails due to
a device returning an error, US_FL_SANE_SENSE was set, and that sense
request used a larger sense size, we retry with a smaller size before
giving up.

Based on an original patch by Ben Efros <ben@pc-doctor.com>

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoStaging: rt2860sta: prevent a panic when disabling when associated
Darren Salt [Wed, 14 Oct 2009 01:19:22 +0000 (02:19 +0100)]
Staging: rt2860sta: prevent a panic when disabling when associated

commit 0af49167b1e5ba154e90d2c454bf4624ee47df80 upstream.

This fixes a panic which is triggered when the hardware "disappears" from
beneath the driver, i.e. when wireless is toggled off via Fn-F2 on various
EeePC models.

Ref. bug report http://bugzilla.kernel.org/show_bug.cgi?id=13390
          panic http://bugzilla.kernel.org/attachment.cgi?id=21928

Signed-off-by: Darren Salt <linux@youmustbejoking.demon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosysfs: Allow sysfs_notify_dirent to be called from interrupt context.
Neil Brown [Tue, 15 Sep 2009 23:05:51 +0000 (16:05 -0700)]
sysfs: Allow sysfs_notify_dirent to be called from interrupt context.

commit 83db93f4de2d9ae441a491d1dc61c2204f0195de upstream.

sysfs_notify_dirent is a simple atomic operation that can be used to
alert user-space that new data can be read from a sysfs attribute.

Unfortunately it cannot currently be called from non-process context
because of its use of spin_lock which is sometimes taken with
interrupts enabled.

So change all lockers of sysfs_open_dirent_lock to disable interrupts,
thus making sysfs_notify_dirent safe to be called from non-process
context (as drivers/md does in md_safemode_timeout).

sysfs_get_open_dirent is (documented as being) only called from
process context, so it uses spin_lock_irq.  Other places
use spin_lock_irqsave.

The usage for sysfs_notify_dirent in md_safemode_timeout was
introduced in 2.6.28, so this patch is suitable for that and more
recent kernels.

Reported-by: Joel Andres Granados <jgranado@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agobsdacct: switch credentials for writing to the accounting file
Michal Schmidt [Thu, 20 Aug 2009 21:39:52 +0000 (14:39 -0700)]
bsdacct: switch credentials for writing to the accounting file

commit d8e180dcd5bbbab9cd3ff2e779efcf70692ef541 upstream.

When process accounting is enabled, every exiting process writes a log to
the account file.  In addition, every once in a while one of the exiting
processes checks whether there's enough free space for the log.

SELinux policy may or may not allow the exiting process to stat the fs.
So unsuspecting processes start generating AVC denials just because
someone enabled process accounting.

For these filesystem operations, the exiting process's credentials should
be temporarily switched to that of the process which enabled accounting,
because it's really that process which wanted to have the accounting
information logged.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: Don't assume i2c device probing always succeeds
Takashi Iwai [Thu, 1 Oct 2009 05:46:33 +0000 (07:46 +0200)]
ALSA: Don't assume i2c device probing always succeeds

commit 18c4078489fe064cc0ed08be3381cf2f26657f5f upstream.

The client->driver pointer can be NULL when i2c-device probing fails
in i2c_new_device().  This patch adds the NULL checks for client->driver
and return the error instead of blind assumption of driver availability.

Reported-by: Tim Shepard <shep@alum.mit.edu>
Cc: Jean Delvare <khali@linux-fr.org>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoi2c: Hide probe errors caused by ACPI resource conflicts
Jean Delvare [Sun, 4 Oct 2009 20:53:45 +0000 (22:53 +0200)]
i2c: Hide probe errors caused by ACPI resource conflicts

commit 18669eabde2ff5fc446e72e043f0539059763438 upstream.

When an ACPI resource conflict is detected, error messages are already
printed by ACPI. There's no point in causing the driver core to print
more error messages, so return one of the error codes for which no
message is printed.

This fixes bug #14293:
http://bugzilla.kernel.org/show_bug.cgi?id=14293

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomacintosh: Don't assume i2c device probing always succeeds
Jean Delvare [Sun, 4 Oct 2009 20:53:46 +0000 (22:53 +0200)]
macintosh: Don't assume i2c device probing always succeeds

commit 6f6b35e133fe4313277b30fc1a7ea313875ea6c9 upstream.

If i2c device probing fails, then there is no driver to dereference
after calling i2c_new_device(). Stop assuming that probing will always
succeed, to avoid NULL pointer dereferences. We have an easier access
to the driver anyway.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Tested-by: Tim Shepard <shep@alum.mit.edu>
Cc: Colin Leroy <colin@colino.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoMAINTAINERS: Fix Riku Voipio's address
Jean Delvare [Fri, 9 Oct 2009 18:35:19 +0000 (20:35 +0200)]
MAINTAINERS: Fix Riku Voipio's address

commit 05576a1e38e2d06dece32974c5218528d3fbc6e2 upstream.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoe1000e: swap max hw supported frame size between 82574 and 82583
Alexander Duyck [Fri, 2 Oct 2009 12:30:42 +0000 (12:30 +0000)]
e1000e: swap max hw supported frame size between 82574 and 82583

commit a825e00c98a2ee37eb2a0ad93b352e79d2bc1593 upstream.

There appears to have been a mixup in the max supported jumbo frame size
between 82574 and 82583 which ended up disabling jumbo frames on the 82574
as a result.  This patch swaps the two so that this issue is resolved.

This patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=14261

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agouvesafb/connector: Disallow unpliviged users to send netlink packets
Philipp Reisner [Tue, 13 Oct 2009 09:28:18 +0000 (11:28 +0200)]
uvesafb/connector: Disallow unpliviged users to send netlink packets

(cherry picked from commit 30efa3f76813b17445bc5a2e443ae9731518566b)

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agopohmelfs/connector: Disallow unpliviged users to configure pohmelfs
Philipp Reisner [Tue, 13 Oct 2009 09:28:17 +0000 (11:28 +0200)]
pohmelfs/connector: Disallow unpliviged users to configure pohmelfs

(cherry picked from commit 0179065b13b354cc0b940e7a632a65ec0448beff)

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodst/connector: Disallow unpliviged users to configure dst
Philipp Reisner [Tue, 13 Oct 2009 09:28:16 +0000 (11:28 +0200)]
dst/connector: Disallow unpliviged users to configure dst

(cherry picked from commit dbbb3431228784612848a1ec6061c78b4b708b5c)

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodm/connector: Only process connector packages from privileged processes
Philipp Reisner [Tue, 13 Oct 2009 09:28:15 +0000 (11:28 +0200)]
dm/connector: Only process connector packages from privileged processes

(cherry picked from commit 93136335f9ad7a98b92eacda1b43dccbf063cd07)

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoconnector: Removed the destruct_data callback since it is always kfree_skb()
Philipp Reisner [Tue, 13 Oct 2009 09:28:14 +0000 (11:28 +0200)]
connector: Removed the destruct_data callback since it is always kfree_skb()

(cherry picked from commit f4b5129f5e838942f759c2637967441cf4a98c20)

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Acked-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoconnector: Provide the sender's credentials to the callback
Philipp Reisner [Tue, 13 Oct 2009 09:28:13 +0000 (11:28 +0200)]
connector: Provide the sender's credentials to the callback

commit 7069331dbe7155f23966f5944109f909fea0c7e4 upstream

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoconnector: Keep the skb in cn_callback_data
Philipp Reisner [Tue, 13 Oct 2009 09:28:12 +0000 (11:28 +0200)]
connector: Keep the skb in cn_callback_data

(cherry picked from commit 5491c43845dae6c68cb4edbcf2e2dde9a32a863d)

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoBluetooth: Let HIDP grab the device reference for connections
Marcel Holtmann [Sat, 22 Aug 2009 21:22:15 +0000 (14:22 -0700)]
Bluetooth: Let HIDP grab the device reference for connections

commit edad63886993d18ab800c49f6587a93432ef8b35 upstream.

The core exports the hci_conn_hold_device() and hci_conn_put_device()
functions for device reference of connections. Use this to ensure that
the uevents from the parent are send after the child ones.

Based on a report by Brian Rogers <brian@xyzw.org>

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoBluetooth: Add extra device reference counting for connections
Marcel Holtmann [Sat, 22 Aug 2009 21:19:26 +0000 (14:19 -0700)]
Bluetooth: Add extra device reference counting for connections

commit 9eba32b86d17ef87131fa0bce43c614904ab5781 upstream.

The device model itself has no real usable reference counting at the
moment and this causes problems if parents are deleted before their
children. The device model itself handles the memory details of this
correctly, but the uevent order is not consistent. This causes various
problems for systems like HAL or even X.

So until device_put() does a proper cleanup, the device for Bluetooth
connection will be protected with an extra reference counting to ensure
the correct order of uevents when connections are terminated.

This is not an automatic feature. Higher Bluetooth layers like HIDP or
BNEP should grab this new reference to ensure that their uevents are
send before the ones from the parent device.

Based on a report by Brian Rogers <brian@xyzw.org>

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoBluetooth: Disconnect HIDRAW devices on disconnect
Marcel Holtmann [Sat, 22 Aug 2009 21:15:53 +0000 (14:15 -0700)]
Bluetooth: Disconnect HIDRAW devices on disconnect

commit 364f63519d94442ed373ac7da79033c8282df46a upstream.

Currently the HID subsystem will create HIDRAW devices for the transport
driver, but it will not disconnect them. Until the HID subsytem gets
fixed, ensure that HIDRAW and HIDDEV devices are disconnected when the
Bluetooth HID device gets removed.

Based on a patch from Brian Rogers <brian@xyzw.org>

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoTPM: fix pcrread
Rajiv Andrade [Wed, 30 Sep 2009 15:26:55 +0000 (12:26 -0300)]
TPM: fix pcrread

commit 15d031c394e7bef9da4ec764e6b0330d701a0126 upstream.

The previously sent patch:

http://marc.info/?l=tpmdd-devel&m=125208945007834&w=2

Had its first hunk cropped when merged, submitting only this first hunk
again.

Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: Debora Velarde <debora@linux.vnet.ibm.com>
Cc: Marcel Selhorst <m.selhorst@sirrix.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Tested-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>