]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
16 years agoBe more robust about bad arguments in get_user_pages()
Jonathan Corbet [Mon, 11 Feb 2008 23:17:33 +0000 (16:17 -0700)]
Be more robust about bad arguments in get_user_pages()

patch 900cf086fd2fbad07f72f4575449e0d0958f860f in mainline.

So I spent a while pounding my head against my monitor trying to figure
out the vmsplice() vulnerability - how could a failure to check for
*read* access turn into a root exploit? It turns out that it's a buffer
overflow problem which is made easy by the way get_user_pages() is
coded.

In particular, "len" is a signed int, and it is only checked at the
*end* of a do {} while() loop.  So, if it is passed in as zero, the loop
will execute once and decrement len to -1.  At that point, the loop will
proceed until the next invalid address is found; in the process, it will
likely overflow the pages array passed in to get_user_pages().

I think that, if get_user_pages() has been asked to grab zero pages,
that's what it should do.  Thus this patch; it is, among other things,
enough to block the (already fixed) root exploit and any others which
might be lurking in similar code.  I also think that the number of pages
should be unsigned, but changing the prototype of this function probably
requires some more careful review.

Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoAUDIT: Increase skb->truesize in audit_expand
Herbert Xu [Fri, 15 Feb 2008 09:32:40 +0000 (01:32 -0800)]
AUDIT: Increase skb->truesize in audit_expand

Upstream commit: 406a1d868001423c85a3165288e566e65f424fe6

The recent UDP patch exposed this bug in the audit code.  It
was calling pskb_expand_head without increasing skb->truesize.
The caller of pskb_expand_head needs to do so because that function
is designed to be called in places where truesize is already fixed
and therefore it doesn't update its value.

Because the audit system is using it in a place where the truesize
has not yet been fixed, it needs to update its value manually.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoBLUETOOTH: Add conn add/del workqueues to avoid connection fail.
Dave Young [Fri, 15 Feb 2008 09:34:03 +0000 (01:34 -0800)]
BLUETOOTH: Add conn add/del workqueues to avoid connection fail.

Upstream commit: b6c0632105f7d7548f1d642ba830088478d4f2b0

The bluetooth hci_conn sysfs add/del executed in the default
workqueue.  If the del_conn is executed after the new add_conn with
same target, add_conn will failed with warning of "same kobject name".

Here add btaddconn & btdelconn workqueues, flush the btdelconn
workqueue in the add_conn function to avoid the issue.

Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoINET: Prevent out-of-sync truesize on ip_fragment slow path
Herbert Xu [Fri, 15 Feb 2008 09:55:06 +0000 (01:55 -0800)]
INET: Prevent out-of-sync truesize on ip_fragment slow path

Upstream commit: 29ffe1a5c52dae13b6efead97aab9b058f38fce4

When ip_fragment has to hit the slow path the value of skb->truesize
may go out of sync because we would have updated it without changing
the packet length.  This violates the constraints on truesize.

This patch postpones the update of skb->truesize to prevent this.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoINET_DIAG: Fix inet_diag_lock_handler error path.
Arnaldo Carvalho de Melo [Fri, 15 Feb 2008 09:41:34 +0000 (01:41 -0800)]
INET_DIAG: Fix inet_diag_lock_handler error path.

Upstream commit: 8cf8e5a67fb07f583aac94482ba51a7930dab493

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825
The inet_diag_lock_handler function uses ERR_PTR to encode errors but
its callers were testing against NULL.

This only happens when the only inet_diag modular user, DCCP, is not
built into the kernel or available as a module.

Also there was a problem with not dropping the mutex lock when a handler
was not found, also fixed in this patch.

This caused an OOPS and ss would then hang on subsequent calls, as
&inet_diag_table_mutex was being left locked.

Thanks to spike at ml.yaroslavl.ru for report it after trying 'ss -d'
on a kernel that doesn't have DCCP available.

This bug was introduced in cset
d523a328fb0271e1a763e985a21f2488fd816e7e ("Fix inet_diag dead-lock
regression"), after 2.6.24-rc3, so just 2.6.24 seems to be affected.

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoIPCOMP: Fetch nexthdr before ipch is destroyed
Herbert Xu [Fri, 15 Feb 2008 09:44:03 +0000 (01:44 -0800)]
IPCOMP: Fetch nexthdr before ipch is destroyed

Upstream commit: 2614fa59fa805cd488083c5602eb48533cdbc018

When I moved the nexthdr setting out of IPComp I accidently moved
the reading of ipch->nexthdr after the decompression.  Unfortunately
this means that we'd be reading from a stale ipch pointer which
doesn't work very well.

This patch moves the reading up so that we get the correct nexthdr
value.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoIPCOMP: Fix reception of incompressible packets
Herbert Xu [Fri, 15 Feb 2008 09:42:57 +0000 (01:42 -0800)]
IPCOMP: Fix reception of incompressible packets

Upstream commit: b1641064a3f4a58644bc2e8edf40c025c58473b4

I made a silly typo by entering IPPROTO_IP (== 0) instead of
IPPROTO_IPIP (== 4).  This broke the reception of incompressible
packets.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoIPV4: fib: fix route replacement, fib_info is shared
Julian Anastasov [Fri, 15 Feb 2008 09:38:53 +0000 (01:38 -0800)]
IPV4: fib: fix route replacement, fib_info is shared

Upstream commit: c18865f39276435abb9286f9a816cb5b66c99a00

fib_info can be shared by many route prefixes but we don't want
duplicate alternative routes for a prefix+tos+priority. Last change
was not correct to check fib_treeref because it accounts usage from
other prefixes. Additionally, avoid replacement without error if new
route is same, as Joonwoo Park suggests.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoIPV4: fib_trie: apply fixes from fib_hash
Julian Anastasov [Fri, 15 Feb 2008 09:39:42 +0000 (01:39 -0800)]
IPV4: fib_trie: apply fixes from fib_hash

Upstream commit: 936f6f8e1bc46834bbb3e3fa3ac13ab44f1e7ba6

Update fib_trie with some fib_hash fixes:
- check for duplicate alternative routes for prefix+tos+priority when
replacing route
- properly insert by matching tos together with priority
- fix alias walking to use list_for_each_entry_continue for insertion
and deletion when fa_head is not NULL
- copy state from fa to new_fa on replace (not a problem for now)
- additionally, avoid replacement without error if new route is same,
as Joonwoo Park suggests.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoNET: Add if_addrlabel.h to sanitized headers.
Stephen Hemminger [Fri, 15 Feb 2008 09:31:32 +0000 (01:31 -0800)]
NET: Add if_addrlabel.h to sanitized headers.

Upstream commit: dded91611a728d65721cdab3dd41d801a356fa15

if_addrlabel.h is needed for iproute2 usage.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoPKT_SCHED: ematch: oops from uninitialized variable (resend)
Stephen Hemminger [Fri, 15 Feb 2008 09:36:36 +0000 (01:36 -0800)]
PKT_SCHED: ematch: oops from uninitialized variable (resend)

Upstream commit: 268bcca1e7b0d244afd07ea89cda672e61b0fc4a

Setting up a meta match causes a kernel OOPS because of uninitialized
elements in tree.

[   37.322381] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[   37.322381] IP: [<ffffffff883fc717>] :em_meta:em_meta_destroy+0x17/0x80

[   37.322381] Call Trace:
[   37.322381]  [<ffffffff803ec83d>] tcf_em_tree_destroy+0x2d/0xa0
[   37.322381]  [<ffffffff803ecc8c>] tcf_em_tree_validate+0x2dc/0x4a0
[   37.322381]  [<ffffffff803f06d2>] nla_parse+0x92/0xe0
[   37.322381]  [<ffffffff883f9672>] :cls_basic:basic_change+0x202/0x3c0
[   37.322381]  [<ffffffff802a3917>] kmem_cache_alloc+0x67/0xa0
[   37.322381]  [<ffffffff803ea221>] tc_ctl_tfilter+0x3b1/0x580
[   37.322381]  [<ffffffff803dffd0>] rtnetlink_rcv_msg+0x0/0x260
[   37.322381]  [<ffffffff803ee944>] netlink_rcv_skb+0x74/0xa0
[   37.322381]  [<ffffffff803dffc8>] rtnetlink_rcv+0x18/0x20
[   37.322381]  [<ffffffff803ee6c3>] netlink_unicast+0x263/0x290
[   37.322381]  [<ffffffff803cf276>] __alloc_skb+0x96/0x160
[   37.322381]  [<ffffffff803ef014>] netlink_sendmsg+0x274/0x340
[   37.322381]  [<ffffffff803c7c3b>] sock_sendmsg+0x12b/0x140
[   37.322381]  [<ffffffff8024de90>] autoremove_wake_function+0x0/0x30
[   37.322381]  [<ffffffff8024de90>] autoremove_wake_function+0x0/0x30
[   37.322381]  [<ffffffff803c7c3b>] sock_sendmsg+0x12b/0x140
[   37.322381]  [<ffffffff80288611>] zone_statistics+0xb1/0xc0
[   37.322381]  [<ffffffff803c7e5e>] sys_sendmsg+0x20e/0x360
[   37.322381]  [<ffffffff803c7411>] sockfd_lookup_light+0x41/0x80
[   37.322381]  [<ffffffff8028d04b>] handle_mm_fault+0x3eb/0x7f0
[   37.322381]  [<ffffffff8020c2fb>] system_call_after_swapgs+0x7b/0x80

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoSELinux: Fix double free in selinux_netlbl_sock_setsid()
Paul Moore [Fri, 15 Feb 2008 09:46:10 +0000 (01:46 -0800)]
SELinux: Fix double free in selinux_netlbl_sock_setsid()

Upstream commit: e1770d97a730ff4c3aa1775d98f4d0558390607f

As pointed out by Adrian Bunk, commit
45c950e0f839fded922ebc0bfd59b1081cc71b70 ("fix memory leak in netlabel
code") caused a double-free when security_netlbl_sid_to_secattr()
fails.  This patch fixes this by removing the netlbl_secattr_destroy()
call from that function since we are already releasing the secattr
memory in selinux_netlbl_sock_setsid().

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoTC: oops in em_meta
Stephen Hemminger [Fri, 15 Feb 2008 09:37:49 +0000 (01:37 -0800)]
TC: oops in em_meta

Upstream commit: 04f217aca4d803fe72c2c54fe460d68f5233ce52

If userspace passes a unknown match index into em_meta, then
em_meta_change will return an error and the data for the match will
not be set. This then causes an null pointer dereference when the
cleanup is done in the error path via tcf_em_tree_destroy. Since the
tree structure comes kzalloc, it is initialized to NULL.

Discovered when testing a new version of tc command against an
accidental older kernel.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoTCP: Fix a bug in strategy_allowed_congestion_control
Shan Wei [Fri, 15 Feb 2008 09:48:20 +0000 (01:48 -0800)]
TCP: Fix a bug in strategy_allowed_congestion_control

Upstream commit: 16ca3f913001efdb6171a2781ef41c77474e3895

In strategy_allowed_congestion_control of the 2.6.24 kernel, when
sysctl_string return 1 on success,it should call
tcp_set_allowed_congestion_control to set the allowed congestion
control.But, it don't.  the sysctl_string return 1 on success,
otherwise return negative, never return 0.The patch fix the problem.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoSCSI: sd: handle bad lba in sense information
James Bottomley [Sat, 2 Feb 2008 22:06:23 +0000 (16:06 -0600)]
SCSI: sd: handle bad lba in sense information

patch 366c246de9cec909c5eba4f784c92d1e75b4dc38 in mainline.

Some devices report medium error locations incorrectly.  Add guards to
make sure the reported bad lba is actually in the request that caused
it.  Additionally remove the large case statment for sector sizes and
replace it with the proper u64 divisions.

Tested-by: Mike Snitzer <snitzer@gmail.com>
Cc: Stable Tree <stable@kernel.org>
Cc: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoFix dl2k constants
Al Viro [Fri, 1 Feb 2008 07:05:44 +0000 (07:05 +0000)]
Fix dl2k constants

patch 9c52fab2f187636b39afb0dcf562872ed42ab608 in mainline.

The MSSR constants didn't match the reality - bitfield declarations
used to be correct (1000BT_FD - bit 11, 1000BT_HD - bit 10), but enum
had them the other way round.  Went unnoticed until the switch from
the bitfields use to the explicit arithmetics and I hadn't caught that one
when verifying correctness of change...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoXFS: Fix oops in xfs_file_readdir()
David Chinner [Tue, 5 Feb 2008 23:52:15 +0000 (10:52 +1100)]
XFS: Fix oops in xfs_file_readdir()

patch 450790a2c51e6d9d47ed30dbdcf486656b8e186f in mainline.

Several occurrences of oops in xfs_file_readdir() on ia32 have been
reported since 2.6.24 was released. This is a regression introduced
in 2.6.24 and is relatively easy to hit. The patch below fixes the
problem.

Signed-off-by: Dave Chinner <dgc@sgi.com>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agohugetlb: add locking for overcommit sysctl
Nishanth Aravamudan [Fri, 8 Feb 2008 12:18:18 +0000 (04:18 -0800)]
hugetlb: add locking for overcommit sysctl

patch a3d0c6aa1bb342b9b2c7b123b52ac2f48a4d4d0a in mainline.

When I replaced hugetlb_dynamic_pool with nr_overcommit_hugepages I used
proc_doulongvec_minmax() directly.  However, hugetlb.c's locking rules
require that all counter modifications occur under the hugetlb_lock.  Add a
callback into the hugetlb code similar to the one for nr_hugepages.  Grab
the lock around the manipulation of nr_overcommit_hugepages in
proc_doulongvec_minmax().

Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
Acked-by: Adam Litke <agl@us.ibm.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: William Lee Irwin III <wli@holomorphy.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoinotify: fix check for one-shot watches before destroying them
Ulisses Furquim [Fri, 8 Feb 2008 12:18:16 +0000 (04:18 -0800)]
inotify: fix check for one-shot watches before destroying them

patch ac74c00e499ed276a965e5b5600667d5dc04a84a in mainline.

As the IN_ONESHOT bit is never set when an event is sent we must check it
in the watch's mask and not in the event's mask.

Signed-off-by: Ulisses Furquim <ulissesf@gmail.com>
Reported-by: "Clem Taylor" <clem.taylor@gmail.com>
Tested-by: "Clem Taylor" <clem.taylor@gmail.com>
Cc: Amy Griffis <amy.griffis@hp.com>
Cc: Robert Love <rlove@google.com>
Cc: John McCutchan <ttb@tentacle.dhs.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoNFS: Fix a potential file corruption issue when writing
Trond Myklebust [Fri, 8 Feb 2008 19:01:02 +0000 (14:01 -0500)]
NFS: Fix a potential file corruption issue when writing

patch 5d47a35600270e7115061cb1320ee60ae9bcb6b8 in mainline.

If the inode is flagged as having an invalid mapping, then we can't rely on
the PageUptodate() flag. Ensure that we don't use the "anti-fragmentation"
write optimisation in nfs_updatepage(), since that will cause NFS to write
out areas of the page that are no longer guaranteed to be up to date.

A potential corruption could occur in the following scenario:

client 1 client 2
=============== ===============
fd=open("f",O_CREAT|O_WRONLY,0644);
write(fd,"fubar\n",6); // cache last page
close(fd);
fd=open("f",O_WRONLY|O_APPEND);
write(fd,"foo\n",4);
close(fd);

fd=open("f",O_WRONLY|O_APPEND);
write(fd,"bar\n",4);
close(fd);
-----
The bug may lead to the file "f" reading 'fubar\n\0\0\0\nbar\n' because
client 2 does not update the cached page after re-opening the file for
write. Instead it keeps it marked as PageUptodate() until someone calls
invalidate_inode_pages2() (typically by calling read()).

The bug was introduced by commit 44b11874ff583b6e766a05856b04f3c492c32b84
"NFS: Separate metadata and page cache revalidation mechanisms"

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoNETFILTER: nf_conntrack_tcp: conntrack reopening fix
Jozsef Kadlecsik [Tue, 19 Feb 2008 15:24:01 +0000 (16:24 +0100)]
NETFILTER: nf_conntrack_tcp: conntrack reopening fix

[NETFILTER]: nf_conntrack_tcp: conntrack reopening fix

[Upstream commits b2155e7f + d0c1fd7a]

TCP connection tracking in netfilter did not handle TCP reopening
properly: active close was taken into account for one side only and
not for any side, which is fixed now. The patch includes more comments
to explain the logic how the different cases are handled.
The bug was discovered by Jeff Chua.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoSPARC/SPARC64: Fix usage of .section .sched.text in assembler code.
David Miller [Fri, 15 Feb 2008 10:05:53 +0000 (02:05 -0800)]
SPARC/SPARC64: Fix usage of .section .sched.text in assembler code.

[SPARC/SPARC64]: Fix usage of .section .sched.text in assembler code.

Upstream commit: c6d64c16bb193c8ca2ccc0b3c556a4574a02408b

ld will generate an unique named section when assembler do not use
"ax" but gcc does. Add the missing annotation.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoLinux 2.6.24.2 v2.6.24.2
Greg Kroah-Hartman [Mon, 11 Feb 2008 05:51:11 +0000 (21:51 -0800)]
Linux 2.6.24.2

16 years agosplice: fix user pointer access in get_iovec_page_array()
Bastian Blank [Sun, 10 Feb 2008 14:47:57 +0000 (16:47 +0200)]
splice: fix user pointer access in get_iovec_page_array()

patch 712a30e63c8066ed84385b12edbfb804f49cbc44 in mainline.

Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.

But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.

Signed-off-by: Bastian Blank <waldi@debian.org>
Acked-by: Oliver Pinter <oliver.pntr@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoLinux 2.6.24.1 v2.6.24.1
Greg Kroah-Hartman [Fri, 8 Feb 2008 19:55:30 +0000 (11:55 -0800)]
Linux 2.6.24.1

16 years agosplice: missing user pointer access verification (CVE-2008-0009/10)
Jens Axboe [Fri, 8 Feb 2008 16:49:14 +0000 (08:49 -0800)]
splice: missing user pointer access verification (CVE-2008-0009/10)

patch 8811930dc74a503415b35c4a79d14fb0b408a361 in mainline.

vmsplice_to_user() must always check the user pointer and length
with access_ok() before copying. Likewise, for the slow path of
copy_from_user_mmap_sem() we need to check that we may read from
the user region.

Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Cc: Wojciech Purczynski <cliph@research.coseinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agodrm: the drm really should call pci_set_master..
Dave Airlie [Thu, 7 Feb 2008 05:43:11 +0000 (05:43 +0000)]
drm: the drm really should call pci_set_master..

(submitted upstream as 19a8f59ab8ceee751ea720085098355d53f727d6)

perhaps bonghits could turn on my bus-mastering because the drm
certainly never bothered doing it before.

Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoDriver core: Revert "Fix Firmware class name collision"
Michael E Brown [Tue, 29 Jan 2008 21:35:01 +0000 (15:35 -0600)]
Driver core: Revert "Fix Firmware class name collision"

patch 7d640c4a5b36c4733460065db1554da924044511 in mainline.

This reverts commit 109f0e93b6b728f03c1eb4af02bc25d71b646c59.

The original patch breaks BIOS updates on all Dell machines. The path to
the firmware file for the dell_rbu driver changes, which breaks all of
the userspace tools which rely on it.

Note that this patch re-introduces a problem with i2c name collision
that was previously fixed by this patch.

Signed-off-by: Michael E Brown <michael_e_brown@dell.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agofix writev regression: pan hanging unkillable and un-straceable
Nick Piggin [Sat, 2 Feb 2008 14:01:17 +0000 (15:01 +0100)]
fix writev regression: pan hanging unkillable and un-straceable

patch 124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 in mainline.

Frederik Himpe reported an unkillable and un-straceable pan process.

Zero length iovecs can go into an infinite loop in writev, because the
iovec iterator does not always advance over them.

The sequence required to trigger this is not trivial. I think it
requires that a zero-length iovec be followed by a non-zero-length iovec
which causes a pagefault in the atomic usercopy. This causes the writev
code to drop back into single-segment copy mode, which then tries to
copy the 0 bytes of the zero-length iovec; a zero length copy looks like
a failure though, so it loops.

Put a test into iov_iter_advance to catch zero-length iovecs. We could
just put the test in the fallback path, but I feel it is more robust to
skip over zero-length iovecs throughout the code (iovec iterator may be
used in filesystems too, so it should be robust).

Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosched: fix high wake up latencies with FAIR_USER_SCHED
Srivatsa Vaddagiri [Thu, 31 Jan 2008 21:45:22 +0000 (22:45 +0100)]
sched: fix high wake up latencies with FAIR_USER_SCHED

patch 296825cbe14d4c95ee9c41ca5824f7487bfb4d9d in mainline.

The reason why we are getting better wakeup latencies for
!FAIR_USER_SCHED is because of this snippet of code in place_entity():

if (!initial) {
/* sleeps upto a single latency don't count. */
if (sched_feat(NEW_FAIR_SLEEPERS) && entity_is_task(se))
     ^^^^^^^^^^^^^^^^^^
vruntime -= sysctl_sched_latency;

/* ensure we never gain time by being placed backwards. */
vruntime = max_vruntime(se->vruntime, vruntime);
}

NEW_FAIR_SLEEPERS feature gives credit for sleeping only to tasks and
not group-level entities. With the patch attached, I could see that
wakeup latencies with FAIR_USER_SCHED are restored to the same level as
!FAIR_USER_SCHED.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosched: let +nice tasks have smaller impact
Peter Zijlstra [Thu, 31 Jan 2008 21:45:22 +0000 (22:45 +0100)]
sched: let +nice tasks have smaller impact

patch ef9884e6f29bbe1075204f962a00f7533bf7e8f3 in mainline.

Michel Dänzr has bisected an interactivity problem with
plus-reniced tasks back to this commit:

 810e95ccd58d91369191aa4ecc9e6d4a10d8d0c8 is first bad commit
 commit 810e95ccd58d91369191aa4ecc9e6d4a10d8d0c8
 Author: Peter Zijlstra <a.p.zijlstra@chello.nl>
 Date:   Mon Oct 15 17:00:14 2007 +0200

 sched: another wakeup_granularity fix

      unit mis-match: wakeup_gran was used against a vruntime

fix this by assymetrically scaling the vtime of positive reniced
tasks.

Bisected-by: Michel Dänzer <michel@tungstengraphics.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43: Reject new firmware early
Michael Buesch [Sat, 26 Jan 2008 12:54:52 +0000 (13:54 +0100)]
b43: Reject new firmware early

(not in mainline, as it is not applicable.)

We must reject new incompatible firmware early to avoid
running into strange transmission failures.

The current development tree supports newer firmware revisions.
These revisions cause strange failures on the stable 2.6.24 kernel.
Add a check to avoid confusing users a lot.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoselinux: fix labeling of /proc/net inodes
Stephen Smalley [Fri, 25 Jan 2008 18:03:42 +0000 (13:03 -0500)]
selinux: fix labeling of /proc/net inodes

patch b1aa5301b9f88a4891061650c591fb8fe1c1d1da in mainline.

The proc net rewrite had a side effect on selinux, leading it to mislabel
the /proc/net inodes, thereby leading to incorrect denials.  Fix
security_genfs_sid to ignore extra leading / characters in the path supplied
by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43legacy: fix DMA slot resource leakage
Stefano Brivio [Fri, 25 Jan 2008 13:32:00 +0000 (14:32 +0100)]
b43legacy: fix DMA slot resource leakage

patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline.

This fixes four resource leakages.
In any error path we must deallocate the DMA frame slots we
previously allocated by request_slot().
This is done by storing the ring pointers before doing any ring
allocation and restoring the old pointers in case of an error.

This patch by Michael Buesch has been ported to b43legacy.

Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43legacy: drop packets we are not able to encrypt
Stefano Brivio [Fri, 25 Jan 2008 13:29:50 +0000 (14:29 +0100)]
b43legacy: drop packets we are not able to encrypt

patch 9eca9a8e81928685b4de00ecef83a7c13c340fc9 in mainline.

We must drop any packets we are not able to encrypt.
We must not send them unencrypted or with an all-zero-key (which
basically is the same as unencrypted, from a security point of view).

This might only trigger shortly after resume before mac80211 reassociated
and reconfigured the keys.

It is safe to drop these packets, as the association they belong to
is not guaranteed anymore anyway.
This is a security fix in the sense that it prevents information leakage.

This patch by Michael Buesch has been ported to b43legacy.

Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43legacy: fix suspend/resume
Stefano Brivio [Fri, 25 Jan 2008 13:26:21 +0000 (14:26 +0100)]
b43legacy: fix suspend/resume

patch ada50731c0346bf900dc387edd3a6961297bf2d3 in mainline.

This patch makes suspend/resume work with the b43legacy driver.
We must not overwrite the MAC addresses in the init function, as this
would also overwrite the MAC on resume. With an all-zero MAC the device
firmware is not able to ACK any received packets anymore.
Fix this by moving the initializion stuff that must be done on init but
not on resume to the start function.
Also zero out filter_flags to make sure we don't have some flags
from a previous instance for a tiny timeframe until mac80211 reconfigures
them.

This patch by Michael Buesch has been ported to b43legacy.

Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43legacy: fix PIO crash
Stefano Brivio [Fri, 25 Jan 2008 13:24:05 +0000 (14:24 +0100)]
b43legacy: fix PIO crash

patch 0cd67d48b519c3d8d89d238fab1cf68a5289638a in mainline.

Fix the crash reported below, which seems to happen on bcm4306 rev. 2 devices
only while using PIO:

Oops: 0000 [#1] PREEMPT
Modules linked in: b43(F) rfkill(F) led_class(F) input_polldev(F) arc4 b43legacy mac80211 cfg80211 i915 drm snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device ohci1394 ieee1394 ssb pcmcia snd_intel8x0m ehci_hcd uhci_hcd evdev

Pid: 0, comm: swapper Tainted: GF (2.6.24st3 #2)
EIP: 0060:[<f90f667b>] EFLAGS: 00010002 CPU: 0
EIP is at b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy]
EAX: 0000049b EBX: f11f8044 ECX: 00000001 EDX: 00000000
ESI: f1ff8000 EDI: 00000000 EBP: f11f8040 ESP: c04f4ef4
 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=c04f4000 task=c0488300 task.ti=c04b8000)
Stack: f90f2788 c05009f0 c0500900 000010f7 f1053823 c04f4f24 dfb8e800 00000003
       f1368000 00000007 00000296 f90f1975 00001000 010c0800 01000000 00000007
       f90f6391 f11f8000 00000082 c04f4f4a 00000000 00004fd0 10f70000 8c061000
Call Trace:
 [<f90f2788>] b43legacy_debugfs_log_txstat+0x48/0xb0 [b43legacy]
 [<f90f1975>] b43legacy_handle_hwtxstatus+0x75/0x80 [b43legacy]
 [<f90f6391>] b43legacy_pio_rx+0x201/0x280 [b43legacy]
 [<f90e4fa3>] b43legacy_interrupt_tasklet+0x2e3/0x870 [b43legacy]
 [<c0123567>] tasklet_action+0x27/0x60
 [<c01237b4>] __do_softirq+0x54/0xb0
 [<c010686b>] do_softirq+0x7b/0xe0
 [<c01457c0>] handle_level_irq+0x0/0x110
 [<c01457c0>] handle_level_irq+0x0/0x110
 [<c0123758>] irq_exit+0x38/0x40
 [<c0106953>] do_IRQ+0x83/0xd0
 [<c011812f>] __update_rq_clock+0x4f/0x180
 [<c0104b4f>] common_interrupt+0x23/0x28
 [<c011007b>] wakeup_code+0x7b/0xde
 [<c02b1039>] acpi_processor_idle+0x24a/0x3c9
 [<c01025c7>] cpu_idle+0x47/0x80
 [<c04b9ad5>] start_kernel+0x205/0x290
 [<c04b9360>] unknown_bootoption+0x0/0x1f0
 =======================
Code: 0f 00 00 81 fb ff 00 00 00 0f 87 36 01 00 00 8d 04 db 85 ff 8d 6c c6 40 8d 5d 04 0f 85 ef 00 00 00 fe 4e 0e 0f b7 46 0c 8b 53 04 <8b> 4a 50 29 c8 83 e8 52 66 89 46 0c 8b 54 24 14 80 7a 0b 00 74
EIP: [<f90f667b>] b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy] SS:ESP 0068:c04f4ef4
Kernel panic - not syncing: Fatal exception in interrupt

Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43: Fix dma-slot resource leakage
Michael Buesch [Fri, 25 Jan 2008 11:20:20 +0000 (12:20 +0100)]
b43: Fix dma-slot resource leakage

patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline.

This fixes four resource leakages.
In any error path we must deallocate the DMA frame slots we
previously allocated by request_slot().
This is done by storing the ring pointers before doing any ring
allocation and restoring the old pointers in case of an error.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43: Drop packets we are not able to encrypt
Michael Buesch [Fri, 25 Jan 2008 11:15:07 +0000 (12:15 +0100)]
b43: Drop packets we are not able to encrypt

patch 09552ccd8277e6382097e93a40f7311a09449367 in mainline

We must drop any packets we are not able to encrypt.
We must not send them unencrypted or with an all-zero-key (which
basically is the same as unencrypted, from a security point of view).

This might only trigger shortly after resume before mac80211 reassociated
and reconfigured the keys.

It is safe to drop these packets, as the association they belong to
is not guaranteed anymore anyway.
This is a security fix in the sense that it prevents information leakage.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agob43: Fix suspend/resume
Michael Buesch [Fri, 25 Jan 2008 11:11:45 +0000 (12:11 +0100)]
b43: Fix suspend/resume

patch 7be1bb6b798d506693d2d8668e801951996b5a4a in mainline.

This patch makes suspend/resume work with the b43 driver.
We must not overwrite the MAC addresses in the init function, as this
would also overwrite the MAC on resume. With an all-zero MAC the device
firmware is not able to ACK any received packets anymore.
Fix this by moving the initializion stuff that must be done on init but
not on resume to the start function.
Also zero out filter_flags to make sure we don't have some flags
from a previous instance for a tiny timeframe until mac80211 reconfigures
them.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosky2: fix for WOL on some devices
Stephen Hemminger [Fri, 25 Jan 2008 03:46:10 +0000 (19:46 -0800)]
sky2: fix for WOL on some devices

patch 82637e808478087ce861129745fa60cc37e7929d in mainline

This patch disables config mode access after clearing PCI settings.
Without this change WOL won't work on some BIOS's

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosky2: restore multicast addresses after recovery
Stephen Hemminger [Fri, 25 Jan 2008 03:44:50 +0000 (19:44 -0800)]
sky2: restore multicast addresses after recovery

patch a7bffe722c996679b4fb2103ecaf673ec2b9b4a7 in mainline.

If the sky2 deadman timer forces a recovery, the multicast hash
list is lost. Move the call to sky2_set_multicast to the end
of sky2_up() so all paths that bring device up will restore multicast.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agox86: restore correct module name for apm
Sam Ravnborg [Sun, 3 Feb 2008 12:19:38 +0000 (13:19 +0100)]
x86: restore correct module name for apm

patch 3a900d89db35c133bc0874e71d9156b22db362b4 in mainline

The apm module were renamed to apm_32 during the merge of 32 and 64 bit
x86 which is unfortunate. As apm is 32 bit specific we like to keep the
_32 in the filename but the module should be named apm.

Fix this in the Makefile.

Reported-by: "A.E.Lawrence" <lawrence_a_e@ntlworld.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Cc: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: "A.E.Lawrence" <lawrence_a_e@ntlworld.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoACPI: update ACPI blacklist
Len Brown [Sun, 3 Feb 2008 22:43:57 +0000 (17:43 -0500)]
ACPI: update ACPI blacklist

These minor changes sync the latest ACPI blacklist into 2.6.24.
The main benefit of this patch is to make any future
changes easier to apply.  The immediate benefit is one less
dmesg line on Acer systems.

Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoPCI: Fix fakephp deadlock
Ian Abbott [Mon, 4 Feb 2008 13:43:13 +0000 (13:43 +0000)]
PCI: Fix fakephp deadlock

This patch works around a problem in the fakephp driver when a process
writing "0" to a "power" sysfs file to fake removal of a PCI device ends
up deadlocking itself in the sysfs code.

The patch was recently accepted into Linus' tree after the 2.6.24 release:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5c796ae7a7ebe56967ed9b9963d7c16d733635ff

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosys_remap_file_pages: fix ->vm_file accounting
Oleg Nesterov [Tue, 5 Feb 2008 06:27:18 +0000 (22:27 -0800)]
sys_remap_file_pages: fix ->vm_file accounting

patch 8a459e44ad837018ea5c34a9efe8eb4ad27ded26 in mainline.

Fix ->vm_file accounting, mmap_region() may do do_munmap().

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agolockdep: annotate epoll
Peter Zijlstra [Tue, 5 Feb 2008 06:27:20 +0000 (22:27 -0800)]
lockdep: annotate epoll

patch 0ccf831cbee94df9c5006dd46248c0f07847dd7c in mainline.

On Sat, 2008-01-05 at 13:35 -0800, Davide Libenzi wrote:

> I remember I talked with Arjan about this time ago. Basically, since 1)
> you can drop an epoll fd inside another epoll fd 2) callback-based wakeups
> are used, you can see a wake_up() from inside another wake_up(), but they
> will never refer to the same lock instance.
> Think about:
>
>  dfd = socket(...);
>  efd1 = epoll_create();
>  efd2 = epoll_create();
>  epoll_ctl(efd1, EPOLL_CTL_ADD, dfd, ...);
>  epoll_ctl(efd2, EPOLL_CTL_ADD, efd1, ...);
>
> When a packet arrives to the device underneath "dfd", the net code will
> issue a wake_up() on its poll wake list. Epoll (efd1) has installed a
> callback wakeup entry on that queue, and the wake_up() performed by the
> "dfd" net code will end up in ep_poll_callback(). At this point epoll
> (efd1) notices that it may have some event ready, so it needs to wake up
> the waiters on its poll wait list (efd2). So it calls ep_poll_safewake()
> that ends up in another wake_up(), after having checked about the
> recursion constraints. That are, no more than EP_MAX_POLLWAKE_NESTS, to
> avoid stack blasting. Never hit the same queue, to avoid loops like:
>
>  epoll_ctl(efd2, EPOLL_CTL_ADD, efd1, ...);
>  epoll_ctl(efd3, EPOLL_CTL_ADD, efd2, ...);
>  epoll_ctl(efd4, EPOLL_CTL_ADD, efd3, ...);
>  epoll_ctl(efd1, EPOLL_CTL_ADD, efd4, ...);
>
> The code "if (tncur->wq == wq || ..." prevents re-entering the same
> queue/lock.

Since the epoll code is very careful to not nest same instance locks
allow the recursion.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Tested-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoforcedeth: mac address mcp77/79
Ayaz Abdulla [Mon, 28 Jan 2008 15:24:40 +0000 (10:24 -0500)]
forcedeth: mac address mcp77/79

patch 2b91213064bd882c3adf35f028c6d12fab3269ec in mainline.

This patch is a critical fix for MCP77 and MCP79 devices. The feature
flags were missing the define for correct mac address
(DEV_HAS_CORRECT_MACADDR).

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: Fix usb_serial_driver structure for Kobil cardreader driver.
Stefan Bader [Fri, 1 Feb 2008 23:18:38 +0000 (15:18 -0800)]
USB: Fix usb_serial_driver structure for Kobil cardreader driver.

The device setup did miss to initialize the num_interrupt_out field, thus
failing to successfully complete the probe function.

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Cc: Alan Cox <alan@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: handle idVendor of 0x0000
Greg Kroah-Hartman [Fri, 1 Feb 2008 23:17:00 +0000 (15:17 -0800)]
USB: handle idVendor of 0x0000

Some crazy devices in the wild have a vendor id of 0x0000.  If we try to
add a module alias with this id, we just can't do it due to a check in
the file2alias.c file.  Change the test to verify that both the vendor
and product ids are 0x0000 to show a real "blank" module alias.

Note, the module-init-tools package also needs to be changed to properly
generate the depmod tables.

Cc: Janusz <janumix@poczta.fm>
Cc: Jon Masters <jcm@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: fix usbtest halt check on big endian systems
Jan Andersson [Fri, 1 Feb 2008 23:16:59 +0000 (15:16 -0800)]
USB: fix usbtest halt check on big endian systems

usbtest did not swap the received status information when checking for
a non-zero value and failed to discover halted endpoints on big endian
systems.

Signed-off-by: Jan Andersson <jan@gaisler.com>
Acked-by: David Brownell <david-b@pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: storage: Add unusual_dev for HP r707
Grant Grundler [Fri, 1 Feb 2008 23:16:58 +0000 (15:16 -0800)]
USB: storage: Add unusual_dev for HP r707

Add "FIX_CAPACITY" entry for HP Photosmart r707 Camera in "Disk" mode.
Camera will wedge when /lib/udev/vol_id attempts to access the last sector,
EIO gets reported to dmesg, and block device is marked "offline" (it is).
Reproduced vol_id behavior with:
"dd if=/dev/sda of=/dev/null skip=60800 count=1"

Signed-off-by: Grant Grundler <grundler@parisc-linux.org>
Signed-off-by: Phil Dibowitz <phil@ipom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: Variant of the Dell Wireless 5520 driver
Nate Carlson [Fri, 1 Feb 2008 23:16:57 +0000 (15:16 -0800)]
USB: Variant of the Dell Wireless 5520 driver

I've got a Dell wireless 5520 card with a different USB ID - specifically, 8136
instead of 8137. Attached a small patch to add support, and the output of an
'ati3'.

If we could get this in, that'd be sweet.  ;)  Thanks!

nc@knight:~/tmp/linux-2.6.24-rc8/drivers/usb/serial$ lsusb | grep 8136
Bus 001 Device 005: ID 413c:8136 Dell Computer Corp.
nc@knight:~/tmp/linux-source-2.6.23/drivers/usb/serial$ cu -l ttyUSB0 -s 115200
Connected.
ati3
Manufacturer: Novatel Wireless Incorporated
Model: Expedite EU860D MiniCard
Revision: 10.10.04.01-01  [2007-04-11 14:07:19]
IMEI: 011186000228043
+GCAP: +CGSM,+DS,+ES

From: Nate Carlson <natecars@natecarlson.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: use GFP_NOIO in reset path
Oliver Neukum [Fri, 1 Feb 2008 23:16:56 +0000 (15:16 -0800)]
USB: use GFP_NOIO in reset path

this function will run in the context of the scsi error handler thread.
It must use GFP_NOIO instead of GFP_KERNEL to avoid a possible
deadlock.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: ftdi driver - add support for optical probe device
Ed Beroset [Fri, 1 Feb 2008 23:16:55 +0000 (15:16 -0800)]
USB: ftdi driver - add support for optical probe device

Added support for the Elster Unicom III Optical Probe.
The device ID has already been added to the usb.ids file.

Signed-off-by: Ed Beroset <beroset@mindspring.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: pl2303: add support for RATOC REX-USB60F
Akira Tsukamoto [Fri, 1 Feb 2008 23:16:54 +0000 (15:16 -0800)]
USB: pl2303: add support for RATOC REX-USB60F

pl2303: add support for RATOC REX-USB60F

This patch adds support for RATOC REX-USB60F Serial Adapters,
which is widely used in Japan recently.

Signed-off-by: Akira Tsukamoto <akirat@rd.scei.sony.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem
Daniel Kozák [Fri, 1 Feb 2008 23:16:53 +0000 (15:16 -0800)]
USB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem

Remove entry for Huawei E620 UMTS/HSDPA card (ID: 12d1:1001) in pl2303 driver
Option driver is use instead

Signed-off-by: Daniel Kozák <kozzi11@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: sierra: add support for Onda H600/Zte MF330 datacard to USB Driver for Sierra...
Bruno Redondi [Fri, 1 Feb 2008 23:16:52 +0000 (15:16 -0800)]
USB: sierra: add support for Onda H600/Zte MF330 datacard to USB Driver for Sierra Wireless

Added support for Onda H600/Zte MF330 GPRS/UMTS/HSDPA datacard

Signed-off-by: Bruno Redondi <bruno.redondi@altarisoluzione.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD
Franco Lanza [Fri, 1 Feb 2008 23:16:51 +0000 (15:16 -0800)]
USB: ftdi-sio: Patch to add vendor/device id for ATK_16IC CCD

little patches only to add vendor/device id of ATK_16IC CCD cam for
astronomy.

From: Franco Lanza <nextime@nexlab.it>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC
Peter Stark [Fri, 1 Feb 2008 23:16:50 +0000 (15:16 -0800)]
USB: ftdi_sio - enabling multiple ELV devices, adding EM1010PC

I work with a group of people on a free home automation tool called
FHEM.  Some of the users own more than one USB-serial device by ELV. The
ftdi_sio driver has most of the ELV devices disabled by default and
needs to be re-enabled every time you get a new kernel. Additionally a
new device (EM 1010 PC - enegry monitor) is missing in the list.
Currently our users have to follow the instructions we provide at
http://www.koeniglich.de/fhem/linux.html ... However, to some users it
is too complicated to compile their own kernel module.

We are aware that you can specify one additional device using the
vendor/product option of the module. But lot's of users own more than
one device.

Signed-off-by: Peter Stark <peter.stark@t-online.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: sierra driver - add devices
Kevin Lloyd [Fri, 1 Feb 2008 23:16:48 +0000 (15:16 -0800)]
USB: sierra driver - add devices

The following improvements were made:
 - Added new product support: MC5725, AC 880 U, MP 3G (UMTS & CDMA)

Signed-off-by: Kevin Lloyd <linux@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: Adding YC Cable USB Serial device to pl2303
Damien Stuart [Fri, 1 Feb 2008 23:16:47 +0000 (15:16 -0800)]
USB: Adding YC Cable USB Serial device to pl2303

This simply adds the "YC Cable" as a vendor and its pl2303-based
USB<->Serial adapter as a product.  This particular adapter is sold by
Radio Shack.  I've done limited testing on a few different systems with
no issues.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: Sierra - Add support for Aircard 881U
Jessica L. Blank [Fri, 1 Feb 2008 23:16:46 +0000 (15:16 -0800)]
USB: Sierra - Add support for Aircard 881U

Adds the appropriate vendor and device IDs for the AirCard 881U to
sierra.c. (This device is often rebadged by AT&T as the USBConnect 881).

Signed-off-by: Jessica L Blank <j@twu.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: add support for 4348:5523 WinChipHead USB->RS 232 adapter
Piotr Roszatycki [Fri, 1 Feb 2008 23:16:45 +0000 (15:16 -0800)]
USB: add support for 4348:5523 WinChipHead USB->RS 232 adapter

add support for:

  4348:5523 WinChipHead USB->RS 232 adapter with Prolifec PL 2303 chipset

[ mingo@elte.hu: merged it and nursed it upstream ]

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: CP2101 New Device IDs
Craig Shelley [Fri, 1 Feb 2008 23:16:44 +0000 (15:16 -0800)]
USB: CP2101 New Device IDs

Six new device IDs for CP2101 driver.

Signed-off-by: Craig Shelley <craig@microtron.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agousb gadget: fix fsl_usb2_udc potential OOPS
Li Yang [Fri, 1 Feb 2008 23:16:43 +0000 (15:16 -0800)]
usb gadget: fix fsl_usb2_udc potential OOPS

For fsl_usb2_udc driver, ep0 also has a descriptor.  Current code is
misleading and contains a logical mistake.  Here is the patch to fix it.

 http://bugzilla.kernel.org/show_bug.cgi?id=9595

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: keyspan: Fix oops
Alan Cox [Fri, 1 Feb 2008 23:16:42 +0000 (15:16 -0800)]
USB: keyspan: Fix oops

If we get a data URB back from the hardware after we have put the tty to
bed we go kaboom. Fortunately all we need to do is process the URB
without trying to ram its contents down the throat of an ex-tty.

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agovm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
Nick Piggin [Sat, 2 Feb 2008 02:08:53 +0000 (03:08 +0100)]
vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)

Drivers that register a ->fault handler, but do not range-check the
offset argument, must set VM_DONTEXPAND in the vm_flags in order to
prevent an expanding mremap from overflowing the resource.

I've audited the tree and attempted to fix these problems (usually by
adding VM_DONTEXPAND where it is not obvious).

Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoslab: fix bootstrap on memoryless node
Pekka J Enberg [Sat, 26 Jan 2008 12:15:54 +0000 (14:15 +0200)]
slab: fix bootstrap on memoryless node

[ Upstream commit: 556a169dab38b5100df6f4a45b655dddd3db94c1 ]

If the node we're booting on doesn't have memory, bootstrapping kmalloc()
caches resorts to fallback_alloc() which requires ->nodelists set for all
nodes.  Fix that by calling set_up_list3s() for CACHE_CACHE in
kmem_cache_init().

As kmem_getpages() is called with GFP_THISNODE set, this used to work before
because of breakage in 2.6.22 and before with GFP_THISNODE returning pages from
the wrong node if a node had no memory. So it may have worked accidentally and
in an unsafe manner because the pages would have been associated with the wrong
node which could trigger bug ons and locking troubles.

Tested-by: Mel Gorman <mel@csn.ul.ie>
Tested-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Christoph Lameter <clameter@sgi.com>
[ With additional one-liner by Olaf Hering  - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
16 years agoDVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail
Michael Krufky [Thu, 24 Jan 2008 23:26:19 +0000 (18:26 -0500)]
DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail

[PATCH] DVB: cx23885: add missing subsystem ID for Hauppauge HVR1800 Retail

Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
16 years agoLinux 2.6.24 v2.6.24
Linus Torvalds [Thu, 24 Jan 2008 22:58:37 +0000 (14:58 -0800)]
Linux 2.6.24

16 years agospi: omap2_mcspi PIO RX fix
Kalle Valo [Thu, 24 Jan 2008 22:00:40 +0000 (14:00 -0800)]
spi: omap2_mcspi PIO RX fix

Before transmission of the last word in PIO RX_ONLY mode rx+tx mode
is enabled:

/* prevent last RX_ONLY read from triggering
 * more word i/o: switch to rx+tx
 */
if (c == 0 && tx == NULL)
mcspi_write_cs_reg(spi,
OMAP2_MCSPI_CHCONF0, l);

But because c is decremented after the test, c will never be zero and
rx+tx will not be enabled. This breaks RX_ONLY mode PIO transfers.

Fix it by decrementing c in the beginning of the various I/O loops.

Signed-off-by: Kalle Valo <kalle.valo@nokia.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agoRevert "mac80211: warn when receiving frames with unaligned data"
Linus Torvalds [Thu, 24 Jan 2008 21:35:10 +0000 (13:35 -0800)]
Revert "mac80211: warn when receiving frames with unaligned data"

This reverts commit 81100eb80add328c4d2a377326f15aa0e7236398 for the
release, to avoid the unnecessary warning noise that is only really
relevant to wireless driver developers.

The warning will probably go right back in after I cut the release, but
at least we won't unnecessarily worry users.

Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
Linus Torvalds [Thu, 24 Jan 2008 16:12:38 +0000 (08:12 -0800)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC64]: Partially revert "Constify function pointer tables."

16 years agoMerge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux...
Linus Torvalds [Thu, 24 Jan 2008 16:09:50 +0000 (08:09 -0800)]
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
  Revert "ACPI: Fan: Drop force_power_state acpi_device option"
  ACPI: EC: "DEBUG" needs to be defined earlier
  ACPI: EC: add leading zeros to debug messages
  ACPI: EC: fix dmesg spam regression
  ACPI: DMI blacklist to reduce console warnings on OSI(Linux) systems.
  ACPI: Add ThinkPad R61, ThinkPad T61 to OSI(Linux) white-list
  ACPI: make _OSI(Linux) console messages smarter
  ACPI: Delete Intel Customer Reference Board (CRB) from OSI(Linux) DMI list
  ACPI: on OSI(Linux), print needed DMI rather than requesting dmidecode output
  ACPI: create acpi_dmi_dump()
  DMI: create dmi_get_slot()
  DMI: move dmi_available declaration to linux/dmi.h
  ACPI: processor: Fix null pointer dereference in throttling

16 years agoslab: partially revert list3 changes
Mel Gorman [Thu, 24 Jan 2008 13:49:54 +0000 (05:49 -0800)]
slab: partially revert list3 changes

Partial revert the changes made by 04231b3002ac53f8a64a7bd142fde3fa4b6808c6
to the kmem_list3 management. On a machine with a memoryless node, this
BUG_ON was triggering

static void *____cache_alloc_node(struct kmem_cache *cachep, gfp_t flags, int nodeid)
{
struct list_head *entry;
struct slab *slabp;
struct kmem_list3 *l3;
void *obj;
int x;

l3 = cachep->nodelists[nodeid];
BUG_ON(!l3);

Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Acked-by: Christoph Lameter <clameter@sgi.com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Cc: Nishanth Aravamudan <nacc@us.ibm.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agofix hugepages leak due to pagetable page sharing
Larry Woodman [Thu, 24 Jan 2008 13:49:25 +0000 (05:49 -0800)]
fix hugepages leak due to pagetable page sharing

The shared page table code for hugetlb memory on x86 and x86_64
is causing a leak.  When a user of hugepages exits using this code
the system leaks some of the hugepages.

-------------------------------------------------------
Part of /proc/meminfo just before database startup:
HugePages_Total:  5500
HugePages_Free:   5500
HugePages_Rsvd:      0
Hugepagesize:     2048 kB

Just before shutdown:
HugePages_Total:  5500
HugePages_Free:   4475
HugePages_Rsvd:      0
Hugepagesize:     2048 kB

After shutdown:
HugePages_Total:  5500
HugePages_Free:   4988
HugePages_Rsvd:
0 Hugepagesize:     2048 kB
----------------------------------------------------------

The problem occurs durring a fork, in copy_hugetlb_page_range().  It
locates the dst_pte using huge_pte_alloc().  Since huge_pte_alloc() calls
huge_pmd_share() it will share the pmd page if can, yet the main loop in
copy_hugetlb_page_range() does a get_page() on every hugepage.  This is a
violation of the shared hugepmd pagetable protocol and creates additional
referenced to the hugepages causing a leak when the unmap of the VMA
occurs.  We can skip the entire replication of the ptes when the hugepage
pagetables are shared.  The attached patch skips copying the ptes and the
get_page() calls if the hugetlbpage pagetable is shared.

[akpm@linux-foundation.org: coding-style cleanups]
Signed-off-by: Larry Woodman <lwoodman@redhat.com>
Signed-off-by: Adam Litke <agl@us.ibm.com>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Ken Chen <kenchen@google.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: William Lee Irwin III <wli@holomorphy.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agosysctl: kill binary sysctl KERN_PPC_L2CR
Eric W. Biederman [Thu, 24 Jan 2008 13:52:13 +0000 (05:52 -0800)]
sysctl: kill binary sysctl KERN_PPC_L2CR

: Stefan Roese <sr@denx.de> said:
> ppc: 4xx: sysctl table check failed: /kernel/l2cr .1.31 Missing strategy
>
> I'm seeing this error message when booting an recent arch/ppc kernel on
> 4xx platforms (tested on Ocotea and other 4xx platforms). Booting NFS
> rootfs still works fine, but this message kind of makes me "nervous".
> This is not seen on 4xx arch/powerpc platforms. Here the bootlog:

Because the data field was never filled and a binary sysctl handler was
never written this sysctl has never been usable through the sys_sysctl
interface.  So just remove the binary sysctl number.  Making the kernel
sanity checks happy.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Reported-by: Stefan Roese <sr@denx.de>
Cc: Josh Boyer <jwboyer@gmail.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agolockdep: fix kernel crash on module unload
Arjan van de Ven [Thu, 24 Jan 2008 06:00:45 +0000 (07:00 +0100)]
lockdep: fix kernel crash on module unload

Michael Wu noticed in his lkml post at

    http://marc.info/?l=linux-kernel&m=119396182726091&w=2

that certain wireless drivers ended up having their name in module
memory, which would then crash the kernel on module unload.

The patch he proposed was a bit clumsy in that it increased the size of
a lockdep entry significantly; the patch below tries another approach,
it checks, on module teardown, if the name of a class is in module space
and then zaps the class.  This is very similar to what we already do
with keys that are in module space.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years ago[SPARC64]: Partially revert "Constify function pointer tables."
David S. Miller [Thu, 24 Jan 2008 05:32:04 +0000 (21:32 -0800)]
[SPARC64]: Partially revert "Constify function pointer tables."

This partially reverts 872e2be7c4056496c2871bd9b0f2fae6c374fe47
(Constify function pointer tables.)

The solaris/socksys.c transformation wasn't valid:

arch/sparc64/solaris/socksys.c:192: error: assignment of read-only variable ‘socksys_file_ops’
arch/sparc64/solaris/socksys.c:195: error: assignment of read-only variable ‘socksys_file_ops’
arch/sparc64/solaris/socksys.c:196: error: assignment of read-only variable ‘socksys_file_ops’

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoPull dmi-2.6.24 into release branch
Len Brown [Thu, 24 Jan 2008 04:50:01 +0000 (23:50 -0500)]
Pull dmi-2.6.24 into release branch

16 years agoPull bugzilla-9798 into release branch
Len Brown [Thu, 24 Jan 2008 04:48:46 +0000 (23:48 -0500)]
Pull bugzilla-9798 into release branch

16 years agoPull bugzilla-8459 into release branch
Len Brown [Thu, 24 Jan 2008 04:48:33 +0000 (23:48 -0500)]
Pull bugzilla-8459 into release branch

16 years agoPull bugzilla-9747 into release branch
Len Brown [Thu, 24 Jan 2008 04:48:19 +0000 (23:48 -0500)]
Pull bugzilla-9747 into release branch

16 years agoRevert "ACPI: Fan: Drop force_power_state acpi_device option"
Len Brown [Thu, 24 Jan 2008 03:41:20 +0000 (22:41 -0500)]
Revert "ACPI: Fan: Drop force_power_state acpi_device option"

This reverts commit 93ad7c07ad487b036add8760dabcc35666a550ef.

http://bugzilla.kernel.org/show_bug.cgi?id=9798

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: EC: "DEBUG" needs to be defined earlier
Márton Németh [Thu, 24 Jan 2008 03:34:09 +0000 (22:34 -0500)]
ACPI: EC: "DEBUG" needs to be defined earlier

The "DEBUG" symbol needs to be defined before #including <linux/kernel.h> to
get the pr_debug() working.

Signed-off-by: Márton Németh <nm127@freemail.hu>
Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: EC: add leading zeros to debug messages
Márton Németh [Thu, 24 Jan 2008 03:33:06 +0000 (22:33 -0500)]
ACPI: EC: add leading zeros to debug messages

Add leading zeros to pr_debug() calls. For example if x=0x0a, the format
"0x%2x" will result the string "0x a", the format "0x%2.2x" will result "0x0a".

Signed-off-by: Márton Németh <nm127@freemail.hu>
Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: EC: fix dmesg spam regression
Alexey Starikovskiy [Thu, 24 Jan 2008 03:28:34 +0000 (22:28 -0500)]
ACPI: EC: fix dmesg spam regression

Return OBF_1 optimization workaround

http://bugzilla.kernel.org/show_bug.cgi?id=8459

Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
Linus Torvalds [Thu, 24 Jan 2008 02:46:25 +0000 (18:46 -0800)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC]: Constify function pointer tables.
  [SPARC64]: Fix section error in sparcspkr
  [SPARC64]: Fix of section mismatch warnings.

16 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Thu, 24 Jan 2008 02:41:51 +0000 (18:41 -0800)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  sis190: scheduling while atomic error
  sis190: mdio operation failure is not correctly detected
  sis190: remove duplicate INIT_WORK
  sis190: add cmos ram access code for the SiS19x/968 chipset pair
  [INET]: Fix truesize setting in ip_append_data
  [NETNS]: Re-export init_net via EXPORT_SYMBOL.
  iwlwifi: fix possible read attempt on ucode that is not available
  [IPV4]: Add missing skb->truesize increment in ip_append_page().
  [TULIP] DMFE: Fix SROM parsing regression.
  [BLUETOOTH]: Move children of connection device to NULL before connection down.

16 years agoACPI: DMI blacklist to reduce console warnings on OSI(Linux) systems.
Len Brown [Thu, 24 Jan 2008 02:19:27 +0000 (21:19 -0500)]
ACPI: DMI blacklist to reduce console warnings on OSI(Linux) systems.

This DMI blacklist reduces the console messages
on systems which have a BIOS that invokes OSI(Linux).

As the DMI blacklist already knows about these systems,
the request for DMI info itself is disabled.

Further, if OSI(Linux) has already been determined
to have no beneift, we disable the console message
requesting acpi_osi=Linux test results.

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: Add ThinkPad R61, ThinkPad T61 to OSI(Linux) white-list
Len Brown [Thu, 24 Jan 2008 01:56:18 +0000 (20:56 -0500)]
ACPI: Add ThinkPad R61, ThinkPad T61 to OSI(Linux) white-list

acpi_osi=Linux helps sound on these systems.

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: make _OSI(Linux) console messages smarter
Len Brown [Thu, 24 Jan 2008 01:50:56 +0000 (20:50 -0500)]
ACPI: make _OSI(Linux) console messages smarter

If BIOS invokes _OSI(Linux), the kernel response
depends on what the ACPI DMI list knows about the system,
and that is reflectd in dmesg:

1) System unknown to DMI:

ACPI: BIOS _OSI(Linux) query ignored
ACPI: DMI System Vendor: LENOVO
ACPI: DMI Product Name: 7661W1P
ACPI: DMI Product Version: ThinkPad T61
ACPI: DMI Board Name: 7661W1P
ACPI: DMI BIOS Vendor: LENOVO
ACPI: DMI BIOS Date: 10/18/2007
ACPI: Please send DMI info above to linux-acpi@vger.kernel.org
ACPI: If "acpi_osi=Linux" works better, please notify linux-acpi@vger.kernel.org

2) System known to DMI, but effect of OSI(Linux) unknown:

ACPI: DMI detected: Lenovo ThinkPad T61
...
ACPI: BIOS _OSI(Linux) query ignored via DMI
ACPI: If "acpi_osi=Linux" works better, please notify linux-acpi@vger.kernel.org

3) System known to DMI, which disables _OSI(Linux):

ACPI: DMI detected: Lenovo ThinkPad T61
...
ACPI: BIOS _OSI(Linux) query ignored via DMI

4) System known to DMI, which enable _OSI(Linux):

ACPI: DMI detected: Lenovo ThinkPad T61
ACPI: Added _OSI(Linux)
...
ACPI: BIOS _OSI(Linux) query honored via DMI

cmdline overrides take precidence over the built-in
default and the DMI prescribed default.
cmdline "acpi_osi=Linux" results in:

ACPI: BIOS _OSI(Linux) query honored via cmdline

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: Delete Intel Customer Reference Board (CRB) from OSI(Linux) DMI list
Len Brown [Thu, 24 Jan 2008 01:06:41 +0000 (20:06 -0500)]
ACPI: Delete Intel Customer Reference Board (CRB) from OSI(Linux) DMI list

Linux does not want BIOS writers to invoke _OSI(Linux) -
for in the field it causes more Windows incompatibility problems
than it solves.

So when it is seen in the BIOS for an Intel Customer Reference Board,
Linux should ignore its effect by default, and should complain loudly.
Otherwise, the reference BIOS will go unfixed, and the bad BIOS
will spread to the field.

Users of this board can get the old behavior with "acpi_osi=Linux"

As this was the only entry, delete acpi_osl_dmi_table[].

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: on OSI(Linux), print needed DMI rather than requesting dmidecode output
Len Brown [Thu, 24 Jan 2008 01:04:28 +0000 (20:04 -0500)]
ACPI: on OSI(Linux), print needed DMI rather than requesting dmidecode output

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoACPI: create acpi_dmi_dump()
Len Brown [Thu, 24 Jan 2008 01:01:22 +0000 (20:01 -0500)]
ACPI: create acpi_dmi_dump()

A utility routine to print common entries used
for ACPI-related DMI blacklist entries.

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoDMI: create dmi_get_slot()
Len Brown [Wed, 23 Jan 2008 21:36:45 +0000 (16:36 -0500)]
DMI: create dmi_get_slot()

This simply allows other sub-systems (such as ACPI)
to access and print out slots in static dmi_ident[].

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoDMI: move dmi_available declaration to linux/dmi.h
Len Brown [Wed, 16 Jan 2008 22:20:37 +0000 (17:20 -0500)]
DMI: move dmi_available declaration to linux/dmi.h

Signed-off-by: Len Brown <len.brown@intel.com>
16 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
Linus Torvalds [Thu, 24 Jan 2008 02:05:28 +0000 (18:05 -0800)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] initio: fix module hangs on loading

16 years agodrm/i915: add support for E7221 chipset
Carlos Martín [Thu, 24 Jan 2008 00:34:10 +0000 (10:34 +1000)]
drm/i915: add support for E7221 chipset

E7221 chipset is a server version of the i915.

Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>