Rabin Vincent [Sat, 23 Apr 2011 15:22:58 +0000 (20:52 +0530)]
mmc: block: init force_ro sysfs attribute
To avoid lockdep warnings:
BUG: key dc90a520 not in .data!
------------[ cut here ]------------
WARNING: at /home/rabin/kernel/arm/kernel/lockdep.c:2701 sysfs_add_file_mode+0x4c/0xb0()
Modules linked in:
[<c004b5d8>] (unwind_backtrace+0x0/0xe4) from [<c0074f20>] (warn_slowpath_common+0x4c/0x64)
[<c0074f20>] (warn_slowpath_common+0x4c/0x64) from [<c0074f50>] (warn_slowpath_null+0x18/0x1c)
[<c0074f50>] (warn_slowpath_null+0x18/0x1c) from [<c0157fec>] (sysfs_add_file_mode+0x4c/0xb0)
[<c0157fec>] (sysfs_add_file_mode+0x4c/0xb0) from [<c02d61e4>] (mmc_add_disk+0x40/0x64)
[<c02d61e4>] (mmc_add_disk+0x40/0x64) from [<c02d64cc>] (mmc_blk_probe+0x188/0x1fc)
[<c02d64cc>] (mmc_blk_probe+0x188/0x1fc) from [<c02ce820>] (mmc_bus_probe+0x14/0x18)
...
Signed-off-by: Rabin Vincent <rabin@rab.in> Signed-off-by: Chris Ball <cjb@laptop.org>
mmc: sdhci: Fix read-only detection with JMicron 388 chip
On HP laptops with JMicron 388 chip, the write-locked SD card isn't
detected correctly as read-only in many cases. This is because the
PRESENT_STATE register becomes unsable just after plugging, and it
returns the WRITE_PROTECT bit wrongly at the first read.
This patch fixes the read-only detection by adding a new sdhci quirk
indicating to check the register more intensively with a relatively
long delay.
The patch is tested with 2.6.39-rc4 kernel.
Cc: Aries Lee <arieslee@jmicron.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Chris Ball <cjb@laptop.org>
Andrei Warkentin [Fri, 22 Apr 2011 03:46:13 +0000 (22:46 -0500)]
mmc: Ensure hardware partitions don't mess with mmcblk device naming.
With the hardware partitions support (which represent additional logical
devices present on MMC), devidx does not correspond with index used to form
/dev/mmcblkX names. So use an additional allocated index for device names.
Signed-off-by: Andrei Warkentin <andreiw@motorola.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Philip Rakity [Fri, 21 Jan 2011 19:26:40 +0000 (11:26 -0800)]
mmc: sdhci: Add pre and post reset processing for chip specific reset
Marvell pxa controllers have private registers that may need to be
modified before and after a reset is done.
For example, the SD reset operation, RESET_ALL, will reset the private
registers to their default state. This will cause the clock adjustment
registers that may have been programmed to have incorrect values.
RESET_DATA sometimes needs to be delayed before the reset is done
(depending on SoC) to enable any transactions being handled by the
SDIO card to be completed. Needed in pre SD 3.0 silicon to handle
clock gating.
Implement hooks to allow this to happen.
Signed-off-by: Philip Rakity <prakity@marvell.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Mark Brown [Tue, 19 Apr 2011 17:44:17 +0000 (18:44 +0100)]
mmc: sdhci: Fix SDHCI_QUIRK_TIMEOUT_USES_SDCLK
Commit 373e6a (mmc: sdhci: R1B command handling + MMC_CAP_ERASE) moved the
handling of SDHCI_QUIRK_TIMEOUT_USES_SDCLK from sdhci_calc_timeout() to
sdhci_add_host(). This causes division by zero errors on at least the S3C
SDHCI controller as the quirk implementation needs host->clock set to work
but host->clock has not been set when sdhci_add_host() is called.
Fix this by backing out that portion of the change, the clock may vary at
runtime anyway. It does occur to me that we may want to move the quirk to
where we set the clock but this seems more invasive and I'm concerned
about undesirable side effects.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: Andrei Warkentin <andreiw@motorola.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Mikko Vinni [Tue, 12 Apr 2011 13:36:18 +0000 (09:36 -0400)]
mmc: sdhci: work around broken dma boundary behavior
Some SD host controllers (noticed on an integrated JMicron SD reader on an
HP Pavilion dv5-1250eo laptop) don't update the dma address register before
signaling a dma interrupt due to a dma boundary. Update the register
manually to the next boundary (by default 512KiB), at which the transfer
stopped.
As long as each transfer is at most 512KiB in size (guaranteed by a BUG_ON
in sdhci_prepare_data()) and the boundary is kept at the default value,
this fix is needed at most once per transfer. Smaller boundaries are taken
care of by counting the transferred bytes.
Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=28462 Signed-off-by: Mikko Vinni <mmvinni@yahoo.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Andrei Warkentin [Mon, 11 Apr 2011 21:13:42 +0000 (16:13 -0500)]
mmc: sdhci: R1B command handling + MMC_CAP_ERASE.
ERASE command needs R1B response, so fix R1B-type command
handling for SDHCI controller. For non-DAT commands using a busy
response, the cmd->cmd_timeout_ms (in ms) field is used for timeout
calculations.
Based on patch by Chuanxiao Dong <chuanxiao.dong@intel.com> Signed-off-by: Andrei Warkentin <andreiw@motorola.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Andrei Warkentin [Mon, 11 Apr 2011 21:13:41 +0000 (16:13 -0500)]
mmc: core: Rename erase_timeout to cmd_timeout_ms.
Renames erase_timeout to cmd_timeout_ms inside struct mmc_command.
First step to making host honor timeouts for non-data-transfer
commands. Cleans up erase timeout code.
Signed-off-by: Andrei Warkentin <andreiw@motorola.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Randy Dunlap [Tue, 12 Apr 2011 16:59:09 +0000 (12:59 -0400)]
mmc: quirks: fix truncation warnings
Fix data truncation warnings: .manfid is not unsigned long:
drivers/mmc/core/quirks.c:36: warning: large integer implicitly truncated to unsigned type
drivers/mmc/core/quirks.c:40: warning: large integer implicitly truncated to unsigned type
drivers/mmc/core/quirks.c:43: warning: large integer implicitly truncated to unsigned type
drivers/mmc/core/quirks.c:46: warning: large integer implicitly truncated to unsigned type
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Andrei Warkentin [Mon, 11 Apr 2011 22:02:15 +0000 (17:02 -0500)]
mmc: quirks: Extends card quirks with MMC/SD quirks matching the CID.
The current mechanism is SDIO-only. This allows us to create
function-specific quirks, without creating messy Kconfig dependencies,
or polluting core/ with function-specific code.
Signed-off-by: Andrei Warkentin <andreiw@motorola.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Chris Ball <cjb@laptop.org>
Wolfram Sang [Mon, 11 Apr 2011 04:11:29 +0000 (06:11 +0200)]
mmc: core: fix memory leak in mmc_add_host
led_trigger_register_simple() allocates memory which must not be leaked
in the error-path of mmc_add_host. Move it past the only error-check in
the function.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Signed-off-by: Chris Ball <cjb@laptop.org>
The wl12xx device supports disconnecting the pull-up resistor on
CD/DAT[3] (pin 1) of the card.
Tell SDIO core to disconnect that resistor during card init,
since we don't need it at that point (and anyway all
hosts shall provide pull-up resistors on all data lines DAT[3:0]
as described in section 6 of the SD physical specification).
As a result, this may save some power, but it's also generally healthy
since it prevents both ends from pulling up that pin, which
results in undesirable asymmetric physical bus.
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Tell SDIO core to ignore the standard SDIO function interface
codes indicated by the wl1271. This is required because the
wl1271 erroneously indicates its first function as a standard
Bluetooth SDIO interface, and that drives btsdio mad.
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Introduce MMC_QUIRK_NONSTD_FUNC_IF to ignore the "SDIO Standard Function
interface code" as indicated by the card's FBR, and instead treat all
functions as non-standard interfaces.
This is required to prevent standard drivers from facing
errors when trying to communicate with SDIO cards that erroneously
indicate standard function interface codes.
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com> Signed-off-by: Chris Ball <cjb@laptop.org>
6b5eda36 followed SDIO spec part E1 section 8, which states that
in case SDIO interrupts are being used to wake up a suspended host,
then it is required to switch to 1-bit mode before stopping the clock.
Before switching to 1-bit mode (or back to 4-bit mode on resume),
make sure that SDIO interrupts are really being used to wake the host.
This is helpful for devices which have an external irq line (e.g.
wl1271), and do not use SDIO interrupts to wake up the host.
In this case, switching to 1-bit mode (and back to 4-bit mode on resume)
is not necessary.
Andrei Warkentin [Thu, 31 Mar 2011 23:40:00 +0000 (18:40 -0500)]
mmc: Reliable write support.
Allows reliable writes to be used for MMC writes. Reliable writes are used
to service write REQ_FUA/REQ_META requests. Handles both the legacy and
the enhanced reliable write support in MMC cards.
Signed-off-by: Andrei Warkentin <andreiw@motorola.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Chris Ball <cjb@laptop.org>
Shawn Guo [Thu, 31 Mar 2011 01:31:19 +0000 (09:31 +0800)]
mmc: sdhci: change CONFIG of MMC_SDHCI_TEGRA from 'tristate' to 'bool'
This config option is used to decide whether tegra sdhci support
should be build into the sdhci-platform module. So setting it 'm'
is nonsense, since we can't build part of an module as a module.
The effect for 'm' will probably be the same as for 'n'.
Signed-off-by: Shawn Guo <shawn.guo@linaro.org> Signed-off-by: Chris Ball <cjb@laptop.org>
Venkat Rao [Sat, 26 Mar 2011 00:37:47 +0000 (20:37 -0400)]
mmc: tegra: add pm_flags
Enable fast bcm4329 WIFI suspend/resume on Tegra2 board.
This patch allows the mach-tegra support to tell the tegra MMC host
controller to NOT turn off power for the MMC controller the WIFI part
lives behind. Thus bcm4329 firmware doesn't need to be reloaded.
Signed-off-by: Venkat Rao <vrao@broadcom.com> Tested-by: Grant Grundler <grundler@chromium.org> Reviewed-by: Olof Johansson <olof@lixom.net> Acked-by: Olof Johansson <olof@lixom.net> Signed-off-by: Chris Ball <cjb@laptop.org>
John Ogness [Fri, 25 Mar 2011 08:47:37 +0000 (09:47 +0100)]
mmc: remove redundant irq disabling
There is no need to disable irq's when using the sg_copy_*_buffer()
functions because those functions do that already. There are also
no races for the mm_queue struct here that would require the irq's
to be disabled before calling sg_copy_*_buffer().
Signed-off-by: John Ogness <john.ogness@linutronix.de> Signed-off-by: Chris Ball <cjb@laptop.org>
Philip Rakity [Sat, 19 Mar 2011 18:10:33 +0000 (14:10 -0400)]
mmc: Ensure linux starts in eMMC user partition
uBoot sometimes leaves eMMC pointing to the private boot partition.
Ensure we always start looking at the user partition.
Signed-off-by: Philip Rakity <prakity@marvell.com> Signed-off-by: Bruce Clemens <bpclemens@marvell.com> Signed-off-by: Mark F. Brown <markb@marvell.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Linus Torvalds [Mon, 16 May 2011 15:47:31 +0000 (08:47 -0700)]
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: Take lock around probes for drm_fb_helper_hotplug_event
drm/i915: Revert i915.semaphore=1 default from 47ae63e0
vga_switcheroo: don't toggle-switch devices
drm/radeon/kms: add some evergreen/ni safe regs
drm/radeon/kms: fix extended lvds info parsing
drm/radeon/kms: fix tiling reg on fusion
Chris Wilson [Fri, 22 Apr 2011 10:03:57 +0000 (11:03 +0100)]
drm: Take lock around probes for drm_fb_helper_hotplug_event
We need to hold the dev->mode_config.mutex whilst detecting the output
status. But we also need to drop it for the call into
drm_fb_helper_single_fb_probe(), which indirectly acquires the lock when
attaching the fbcon.
Failure to do so exposes a race with normal output probing. Detected by
adding some warnings that the mutex is held to the backend detect routines:
Reported-by: Frederik Himpe <fhimpe@telenet.be>
References: https://bugs.freedesktop.org/show_bug.cgi?id=36394 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by: Dave Airlie <airlied@redhat.com>
Andy Lutomirski [Fri, 13 May 2011 16:14:54 +0000 (12:14 -0400)]
drm/i915: Revert i915.semaphore=1 default from 47ae63e0
My Q67 / i7-2600 box has rev09 Sandy Bridge graphics. It hangs
instantly when GNOME loads and it hangs so hard the reset button
doesn't work. Setting i915.semaphore=0 fixes it.
Li Zefan [Fri, 15 Apr 2011 03:03:17 +0000 (03:03 +0000)]
Btrfs: fix FS_IOC_SETFLAGS ioctl
Steps to reproduce the bug:
- Call FS_IOC_SETLFAGS ioctl with flags=FS_COMPR_FL
- Call FS_IOC_SETFLAGS ioctl with flags=0
- Call FS_IOC_GETFLAGS ioctl, and you'll see FS_COMPR_FL is still set!
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: Chris Mason <chris.mason@oracle.com>
Li Zefan [Fri, 15 Apr 2011 03:02:49 +0000 (03:02 +0000)]
fs: remove FS_COW_FL
FS_COW_FL and FS_NOCOW_FL were newly introduced to control per file
COW in btrfs, but FS_NOCOW_FL is sufficient.
The fact is we don't have corresponding BTRFS_INODE_COW flag.
COW is default, and FS_NOCOW_FL can be used to switch off COW for
a single file.
If we mount btrfs with nodatacow, a newly created file will be set with
the FS_NOCOW_FL flag. So to turn on COW for it, we can just clear the
FS_NOCOW_FL flag.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: Chris Mason <chris.mason@oracle.com>
When a btrfs disk is created by mixed data & metadata option, it will have no
pure data or pure metadata space info.
In btrfs's for-linus branch, commit 78b1ea13838039cd88afdd62519b40b344d6c920
(Btrfs: fix OOPS of empty filesystem after balance) initializes space infos at
the very beginning. The problem is this initialization does not take the mixed
case into account, which will cause btrfs will easily get into ENOSPC in mixed
case.
Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com> Signed-off-by: Chris Mason <chris.mason@oracle.com>
If posix_acl_from_xattr() returns an error code, a negative address is
dereferenced causing an oops; fix by checking for error code first.
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com> Reviewed-by: Josef Bacik <josef@redhat.com> Signed-off-by: Chris Mason <chris.mason@oracle.com>
Hugh Dickins [Sat, 14 May 2011 19:06:42 +0000 (12:06 -0700)]
tmpfs: fix race between swapoff and writepage
Shame on me! Commit b1dea800ac39 "tmpfs: fix race between umount and
writepage" fixed the advertized race, but introduced another: as even
its comment makes clear, we cannot safely rely on a peek at list_empty()
while holding no lock - until info->swapped is set, shmem_unuse_inode()
may delete any formerly-swapped inode from the shmem_swaplist, which
in this case would leave a swap area impossible to swapoff.
Although I don't relish taking the mutex every time, I don't care much
for the alternatives either; and at least the peek at list_empty() in
shmem_evict_inode() (a hotter path since most inodes would never have
been swapped) remains safe, because we already truncated the whole file.
Tejun Heo [Mon, 9 May 2011 14:04:11 +0000 (16:04 +0200)]
libata: fix oops when LPM is used with PMP
ae01b2493c (libata: Implement ATA_FLAG_NO_DIPM and apply it to mcp65)
added ATA_FLAG_NO_DIPM and made ata_eh_set_lpm() check the flag.
However, @ap is NULL if @link points to a PMP link and thus the
unconditional @ap->flags dereference leads to the following oops.
stable: ATA_FLAG_NO_DIPM was added during 2.6.39 cycle but was
backported to 2.6.37 and 38. This is a fix for that and thus
also applicable to 2.6.37 and 38.
Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: "Nathan A. Mourey II" <nmoureyii@ne.rr.com>
LKML-Reference: <1304555277.2059.2.camel@localhost.localdomain> Cc: Connor H <cmdkhh@gmail.com> Cc: stable@kernel.org Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
The commits causes command timeouts on AC plug/unplug. It isn't yet
clear why. As the commit was for a single rather obscure controller,
revert the change for now.
The problem was reported and bisected by Gu Rui in bug#34692.
https://bugzilla.kernel.org/show_bug.cgi?id=34692
Also, reported by Rafael and Michael in the following thread.
check _AFTER_ the call to do_remove_conflicting_framebuffers() as this
would (now in a safe way) allow a native driver to replace the
conflicting one even if all slots in registered_fb[] are taken.
This also prevents unregistering a framebuffer that is no longer
registered (vga16f will unregister at module unload time even if the
frame buffer had been unregistered earlier due to being found
conflicting).
Linus Torvalds [Fri, 13 May 2011 23:16:41 +0000 (16:16 -0700)]
fbmem: fix remove_conflicting_framebuffers races
When a register_framebuffer() call results in us removing old
conflicting framebuffers, the new registration_lock doesn't protect that
situation. And we can't just add the same locking to the function,
because these functions call each other: register_framebuffer() calls
remove_conflicting_framebuffers, which in turn calls
unregister_framebuffer for any conflicting entry.
In order to fix it, this just creates wrapper functions around all three
functions and makes the versions that actually do the work be called
"do_xxx()", leaving just the wrapper that gets the lock and calls the
worker function.
So the rule becomes simply that "do_xxxx()" has to be called with the
lock held, and now do_register_framebuffer() can just call
do_remove_conflicting_framebuffers(), and that in turn can call
_do_unregister_framebuffer(), and there is no deadlock, and we can hold
the registration lock over the whole sequence, fixing the races.
Linus Torvalds [Sat, 14 May 2011 00:29:03 +0000 (17:29 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha-2.6:
alpha: Wire up syscalls new to 2.6.39
alpha: convert to clocksource_register_hz
John Stultz [Wed, 16 Feb 2011 06:34:49 +0000 (22:34 -0800)]
alpha: convert to clocksource_register_hz
Converts alpha to use clocksource_register_hz.
Signed-off-by: John Stultz <johnstul@us.ibm.com> CC: Richard Henderson <rth@twiddle.net> CC: Ivan Kokshaysky <ink@jurassic.park.msu.ru> CC: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Matt Turner <mattst88@gmail.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
bridge: fix forwarding of IPv6
bonding,llc: Fix structure sizeof incompatibility for some PDUs
ipv6: restore correct ECN handling on TCP xmit
ne-h8300: Fix regression caused during net_device_ops conversion
hydra: Fix regression caused during net_device_ops conversion
zorro8390: Fix regression caused during net_device_ops conversion
sfc: Always map MCDI shared memory as uncacheable
ehea: Fix memory hotplug oops
libertas: fix cmdpendingq locking
iwlegacy: fix IBSS mode crashes
ath9k: Fix a warning due to a queued work during S3 state
mac80211: don't start the dynamic ps timer if not associated
Linus Torvalds [Fri, 13 May 2011 22:19:39 +0000 (15:19 -0700)]
Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
NFSv4.1: Ensure that layoutget uses the correct gfp modes
NFSv4.1: remove pnfs_layout_hdr from pnfs_destroy_all_layouts tmp_list
NFSv41: Resend on NFS4ERR_RETRY_UNCACHED_REP
Yehuda Sadeh [Fri, 13 May 2011 20:52:56 +0000 (13:52 -0700)]
rbd: fix split bio handling
The rbd driver currently splits bios when they span an object boundary.
However, the blk_end_request expects the completions to roll up the results
in block device order, and the split rbd/ceph ops can complete in any
order. This patch adds a struct rbd_req_coll to track completion of split
requests and ensures that the results are passed back up to the block layer
in order.
This fixes errors where the file system gets completion of a read operation
that spans an object boundary before the data has actually arrived. The
bug is easily reproduced with iozone with a working set larger than
available RAM.
The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e
bridge: Reset IPCB when entering IP stack on NF_FORWARD
broke forwarding of IPV6 packets in bridge because it would
call bp_parse_ip_options with an IPV6 packet.
Reported-by: Noah Meyerhans <noahm@debian.org> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Andy Lutomirski [Fri, 13 May 2011 16:14:54 +0000 (12:14 -0400)]
drm/i915: Revert i915.semaphore=1 default from i915 merge
My Q67 / i7-2600 box has rev09 Sandy Bridge graphics. It hangs
instantly when GNOME loads and it hangs so hard the reset button
doesn't work. Setting i915.semaphore=0 fixes it.
Semaphores were disabled in a1656b9090f7 ("drm/i915: Disable GPU
semaphores by default") in 2.6.38 but were then re-enabled (by mistake?)
by the merge 47ae63e0c2e5 ("Merge branch 'drm-intel-fixes' into
drm-intel-next").
(It's worth noting that the offending change is i915_drv.c, which was
not marked as a conflict - although a 'git show --cc' on the merge does
show that neither parent had it set to 1)
Signed-off-by: Andy Lutomirski <luto@mit.edu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
bonding,llc: Fix structure sizeof incompatibility for some PDUs
With some combinations of arch/compiler (e.g. arm-linux-gcc) the sizeof
operator on structure returns value greater than expected. In cases when the
structure is used for mapping PDU fields it may lead to unexpected results
(such as holes and alignment problems in skb data). __packed prevents this
undesired behavior.
Signed-off-by: Vitalii Demianets <vitas@nppfactor.kiev.ua> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 13 May 2011 18:51:01 +0000 (11:51 -0700)]
vfs: micro-optimize acl_permission_check()
It's a hot function, and we're better off not mixing types in the mask
calculations. The compiler just ends up mixing 16-bit and 32-bit
operations, for no good reason.
So do everything in 'unsigned int' rather than mixing 'unsigned int'
masking with a 'umode_t' (16-bit) mode variable.
This, together with the parent commit (47a150edc2ae: "Cache user_ns in
struct cred") makes acl_permission_check() much nicer.
Serge E. Hallyn [Fri, 13 May 2011 03:27:54 +0000 (04:27 +0100)]
Cache user_ns in struct cred
If !CONFIG_USERNS, have current_user_ns() defined to (&init_user_ns).
Get rid of _current_user_ns. This requires nsown_capable() to be
defined in capability.c rather than as static inline in capability.h,
so do that.
Request_key needs init_user_ns defined at current_user_ns if
!CONFIG_USERNS, so forward-declare that in cred.h if !CONFIG_USERNS
at current_user_ns() define.
Compile-tested with and without CONFIG_USERNS.
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
[ This makes a huge performance difference for acl_permission_check(),
up to 30%. And that is one of the hottest kernel functions for loads
that are pathname-lookup heavy. ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Wolfram Sang [Fri, 29 Apr 2011 13:30:02 +0000 (15:30 +0200)]
i2c: pnx: Fix crash due to wrong init of timer->data
alg_data is already a pointer which must be passed directly.
Reported-by: Dieter Ripp <ripp@systecnet.com> Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ben Dooks <ben-i2c@fluff.org> Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Since commit e9df2e8fd8fbc9 (Use appropriate sock tclass setting for
routing lookup) we lost ability to properly add ECN codemarks to ipv6
TCP frames.
It seems like TCP_ECN_send() calls INET_ECN_xmit(), which only sets the
ECN bit in the IPv4 ToS field (inet_sk(sk)->tos), but after the patch,
what's checked is inet6_sk(sk)->tclass, which is a completely different
field.
Close bug https://bugzilla.kernel.org/show_bug.cgi?id=34322
[Eric Dumazet] : added the INET_ECN_dontxmit() fix and replace macros
by inline functions for clarity.
Signed-off-by: Steinar H. Gunderson <sgunderson@bigfoot.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Ingo Molnar [Thu, 12 May 2011 21:00:28 +0000 (23:00 +0200)]
vsprintf: Turn kptr_restrict off by default
kptr_restrict has been triggering bugs in apps such as perf, and it also makes
the system less useful by default, so turn it off by default.
This is how we generally handle security features that remove functionality,
such as firewall code or SELinux - they have to be configured and activated
from user-space.
Distributions can turn kptr_restrict on again via this line in
/etc/sysctrl.conf:
kernel.kptr_restrict = 1
( Also mark the variable __read_mostly while at it, as it's typically modified
only once per bootup, or not at all. )
Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When p9pdu_readf() is called with "s" attribute, it allocates a pointer that
will store a string. In p9dirent_read(), this pointer is not being released,
leading to out of memory errors.
This patch releases this pointer after string is copyed to dirent->d_name.
Signed-off-by: Pedro Scarapicchia Junior <pedro.scarapiccha@br.flextronics.com> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
ne-h8300: Fix regression caused during net_device_ops conversion
Changeset dcd39c90290297f6e6ed8a04bb20da7ac2b043c5 ("ne-h8300: convert to
net_device_ops") broke ne-h8300 by adding 8390.o to the link. That
meant that lib8390.c was included twice, once in ne-h8300.c and once in
8390.c, subject to different macros. This patch reverts that by
avoiding the wrappers in 8390.c.
hydra: Fix regression caused during net_device_ops conversion
Changeset 5618f0d1193d6b051da9b59b0e32ad24397f06a4 ("hydra: convert to
net_device_ops") broke hydra by adding 8390.o to the link. That
meant that lib8390.c was included twice, once in hydra.c and once in
8390.c, subject to different macros. This patch reverts that by
avoiding the wrappers in 8390.c.
zorro8390: Fix regression caused during net_device_ops conversion
Changeset b6114794a1c394534659f4a17420e48cf23aa922 ("zorro8390: convert to
net_device_ops") broke zorro8390 by adding 8390.o to the link. That
meant that lib8390.c was included twice, once in zorro8390.c and once in
8390.c, subject to different macros. This patch reverts that by
avoiding the wrappers in 8390.c.
Reported-by: Christian T. Steigies <cts@debian.org> Suggested-by: Finn Thain <fthain@telegraphics.com.au> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Tested-by: Christian T. Steigies <cts@debian.org> Cc: stable@kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Paris [Thu, 7 Apr 2011 18:46:59 +0000 (14:46 -0400)]
SELinux: delete debugging printks from filename_trans rule processing
The filename_trans rule processing has some printk(KERN_ERR ) messages
which were intended as debug aids in creating the code but weren't removed
before it was submitted. Remove them.
Reported-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: Eric Paris <eparis@redhat.com>
"This patch introduces a bug on my infamous "Acer Travelmate
5735Z-452G32Mnss": when KMS takes over, the frame buffer contents get
completely garbled up on screen, with colored stripes and unreadable
text (photo on request). Only when X11 is started, the screen gets
restored again. Closing and re-opening the lid partly cures the
mess, too: it makes the font readable, though horizontally stretched."
Acked-by: Keith Packard <keithp@keithp.com> Cc: Chris Wilson <chris@chris-wilson.co.uk> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
x86/mm: Fix section mismatch derived from native_pagetable_reserve()
With CONFIG_DEBUG_SECTION_MISMATCH=y I see these warnings in next-20110415:
LD vmlinux.o
MODPOST vmlinux.o
WARNING: vmlinux.o(.text+0x1ba48): Section mismatch in reference from the function native_pagetable_reserve() to the function .init.text:memblock_x86_reserve_range()
The function native_pagetable_reserve() references
the function __init memblock_x86_reserve_range().
This is often because native_pagetable_reserve lacks a __init
annotation or the annotation of memblock_x86_reserve_range is wrong.
This patch fixes the issue.
Thanks to pipacs from PaX project for help on IRC.
Acked-by: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Introduce a new x86_init hook called pagetable_reserve that at the end
of init_memory_mapping is used to reserve a range of memory addresses for
the kernel pagetable pages we used and free the other ones.
On native it just calls memblock_x86_reserve_range while on xen it also
takes care of setting the spare memory previously allocated
for kernel pagetable pages from RO to RW, so that it can be used for
other purposes.
A detailed explanation of the reason why this hook is needed follows.
at some point init_memory_mapping is going to reach the pagetable pages
area and map those pages too (mapping them as normal memory that falls
in the range of addresses passed to init_memory_mapping as argument).
Some of those pages are already pagetable pages (they are in the range
pgt_buf_start-pgt_buf_end) therefore they are going to be mapped RO and
everything is fine.
Some of these pages are not pagetable pages yet (they fall in the range
pgt_buf_end-pgt_buf_top; for example the page at pgt_buf_end) so they
are going to be mapped RW. When these pages become pagetable pages and
are hooked into the pagetable, xen will find that the guest has already
a RW mapping of them somewhere and fail the operation.
The reason Xen requires pagetables to be RO is that the hypervisor needs
to verify that the pagetables are valid before using them. The validation
operations are called "pinning" (more details in arch/x86/xen/mmu.c).
In order to fix the issue we mark all the pages in the entire range
pgt_buf_start-pgt_buf_top as RO, however when the pagetable allocation
is completed only the range pgt_buf_start-pgt_buf_end is reserved by
init_memory_mapping. Hence the kernel is going to crash as soon as one
of the pages in the range pgt_buf_end-pgt_buf_top is reused (b/c those
ranges are RO).
For this reason we need a hook to reserve the kernel pagetable pages we
used and free the other ones so that they can be reused for other
purposes.
On native it just means calling memblock_x86_reserve_range, on Xen it
also means marking RW the pagetable pages that we allocated before but
that haven't been used before.
Another way to fix this is without using the hook is by adding a 'if
(xen_pv_domain)' in the 'init_memory_mapping' code and calling the Xen
counterpart, but that is just nasty.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Yinghai Lu <yinghai@kernel.org> Acked-by: H. Peter Anvin <hpa@zytor.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Linus Torvalds [Thu, 12 May 2011 14:53:06 +0000 (07:53 -0700)]
Merge branch 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm
* 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm:
ARM: 6870/1: The mandatory barrier rmb() must be a dsb() in for device accesses
ARM: 6892/1: handle ptrace requests to change PC during interrupted system calls
ARM: 6890/1: memmap: only free allocated memmap entries when using SPARSEMEM
ARM: zImage: the page table memory must be considered before relocation
ARM: zImage: make sure not to relocate on top of the relocation code
ARM: zImage: Fix bad SP address after relocating kernel
ARM: zImage: make sure the stack is 64-bit aligned
ARM: RiscPC: acornfb: fix section mismatches
ARM: RiscPC: etherh: fix section mismatches
Linus Torvalds [Wed, 11 May 2011 21:58:34 +0000 (14:58 -0700)]
fbmem: make read/write/ioctl use the frame buffer at open time
read/write/ioctl on a fbcon file descriptor has traditionally used the
fbcon not when it was opened, but as it was at the time of the call.
That makes no sense, but the lack of sense is much more obvious now that
we properly ref-count the usage - it means that the ref-counting doesn't
actually protect operations we do on the frame buffer.
This changes it to look at the fb_info that we got at open time, but in
order to avoid using a frame buffer long after it has been unregistered,
we do verify that it is still current, and return -ENODEV if not.
Linus Torvalds [Wed, 11 May 2011 21:49:36 +0000 (14:49 -0700)]
fbcon: add lifetime refcount to opened frame buffers
This just adds the refcount and the new registration lock logic. It
does not (for example) actually change the read/write/ioctl routines to
actually use the frame buffer that was opened: those function still end
up alway susing whatever the current frame buffer is at the time of the
call.
Without this, if something holds the frame buffer open over a
framebuffer switch, the close() operation after the switch will access a
fb_info that has been free'd by the unregistering of the old frame
buffer.
(The read/write/ioctl operations will normally not cause problems,
because they will - illogically - pick up the new fbcon instead. But a
switch that happens just as one of those is going on might see problems
too, the window is just much smaller: one individual op rather than the
whole open-close sequence.)
This use-after-free is apparently fairly easily triggered by the Ubuntu
11.04 boot sequence.
Ben Hutchings [Wed, 11 May 2011 16:41:18 +0000 (17:41 +0100)]
sfc: Always map MCDI shared memory as uncacheable
We enabled write-combining for memory-mapped registers in commit 65f0b417dee94f779ce9b77102b7d73c93723b39, but inhibited it for the
MCDI shared memory where this is not supported. However,
write-combining mappings also allow read-reordering, which may also
be a problem.
I found that when an SFC9000-family controller is connected to an
Intel 3000 chipset, and write-combining is enabled, the controller
stops responding to PCIe read requests during driver initialisation
while the driver is polling for completion of an MCDI command. This
results in an NMI and system hang. Adding read memory barriers
between all reads to the shared memory area appears to reduce but not
eliminate the probability of this.
We have not yet established whether this is a bug in our BIU or in the
PCIe bridge. For now, work around by mapping the shared memory area
separately.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
ARM: 6870/1: The mandatory barrier rmb() must be a dsb() in for device accesses
Since mandatory barriers may be used (explicitly or implicitly via readl
etc.) to ensure the ordering between Device and Normal memory accesses,
a DMB is not enough. This patch converts it to a DSB.
Cc: Colin Cross <ccross@android.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Arnd Bergmann [Tue, 3 May 2011 17:32:55 +0000 (18:32 +0100)]
ARM: 6892/1: handle ptrace requests to change PC during interrupted system calls
GDB's interrupt.exp test cases currenly fail on ARM. The problem is how do_signal
handled restarting interrupted system calls:
The entry.S assembler code determines that we come from a system call; and that
information is passed as "syscall" parameter to do_signal. That routine then
calls get_signal_to_deliver [*] and if a signal is to be delivered, calls into
handle_signal. If a system call is to be restarted either after the signal
handler returns, or if no handler is to be called in the first place, the PC
is updated after the get_signal_to_deliver call, either in handle_signal (if
we have a handler) or at the end of do_signal (otherwise).
Now the problem is that during [*], the call to get_signal_to_deliver, a ptrace
intercept may happen. During this intercept, the debugger may change registers,
including the PC. This is done by GDB if it wants to execute an "inferior call",
i.e. the execution of some code in the debugged program triggered by GDB.
To this purpose, GDB will save all registers, allocate a stack frame, set up
PC and arguments as appropriate for the call, and point the link register to
a dummy breakpoint instruction. Once the process is restarted, it will execute
the call and then trap back to the debugger, at which point GDB will restore
all registers and continue original execution.
This generally works fine. However, now consider what happens when GDB attempts
to do exactly that while the process was interrupted during execution of a to-be-
restarted system call: do_signal is called with the syscall flag set; it calls
get_signal_to_deliver, at which point the debugger takes over and changes the PC
to point to a completely different place. Now get_signal_to_deliver returns
without a signal to deliver; but now do_signal decides it should be restarting
a system call, and decrements the PC by 2 or 4 -- so it now points to 2 or 4
bytes before the function GDB wants to call -- which leads to a subsequent crash.
To fix this problem, two things need to be supported:
- do_signal must be able to recognize that get_signal_to_deliver changed the PC
to a different location, and skip the restart-syscall sequence
- once the debugger has restored all registers at the end of the inferior call
sequence, do_signal must recognize that *now* it needs to restart the pending
system call, even though it was now entered from a breakpoint instead of an
actual svc instruction
This set of issues is solved on other platforms, usually by one of two
mechanisms:
- The status information "do_signal is handling a system call that may need
restarting" is itself carried in some register that can be accessed via
ptrace. This is e.g. on Intel the "orig_eax" register; on Sparc the kernel
defines a magic extra bit in the flags register for this purpose.
This allows GDB to manage that state: reset it when doing an inferior call,
and restore it after the call is finished.
- On s390, do_signal transparently handles this problem without requiring
GDB interaction, by performing system call restarting in the following
way: first, adjust the PC as necessary for restarting the call. Then,
call get_signal_to_deliver; and finally just continue execution at the
PC. This way, if GDB does not change the PC, everything is as before.
If GDB *does* change the PC, execution will simply continue there --
and once GDB restores the PC it saved at that point, it will automatically
point to the *restarted* system call. (There is the minor twist how to
handle system calls that do *not* need restarting -- do_signal will undo
the PC change in this case, after get_signal_to_deliver has returned, and
only if ptrace did not change the PC during that call.)
Because there does not appear to be any obvious register to carry the
syscall-restart information on ARM, we'd either have to introduce a new
artificial ptrace register just for that purpose, or else handle the issue
transparently like on s390. The patch below implements the second option;
using this patch makes the interrupt.exp test cases pass on ARM, with no
regression in the GDB test suite otherwise.
Cc: patches@linaro.org Signed-off-by: Ulrich Weigand <ulrich.weigand@linaro.org> Signed-off-by: Arnd Bergmann <arnd.bergmann@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Will Deacon [Thu, 28 Apr 2011 17:44:31 +0000 (18:44 +0100)]
ARM: 6890/1: memmap: only free allocated memmap entries when using SPARSEMEM
The SPARSEMEM code allocates memmap entries only for sections which are
present (i.e. those which contain some valid memory). The membank checks
in free_unused_memmap do not take this into account and can incorrectly
attempt to free memory which is not allocated, resulting in a BUG() in
the bootmem code.
However, if memory is configured as follows:
|<----section---->|<----hole---->|<----section---->|
+--------+--------+--------------+--------+--------+
| bank 0 | unused | | bank 1 | unused |
+--------+--------+--------------+--------+--------+
where a bank only occupies part of a section, the memmap allocated for
the remainder of the section *can* be freed.
This patch modifies the checks in free_unused_memmap so that only valid
memmap entries are considered for removal.
Acked-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Tkhai Kirill [Tue, 10 May 2011 02:31:41 +0000 (02:31 +0000)]
sparc32: Fixed unaligned memory copying in function __csum_partial_copy_sparc_generic
When we are in the label cc_dword_align, registers %o0 and %o1 have the same last 2 bits,
but it's not guaranteed one of them is zero. So we can get unaligned memory access
in label ccte. Example of parameters which lead to this:
%o0=0x7ff183e9, %o1=0x8e709e7d, %g1=3
With the parameters I had a memory corruption, when the additional 5 bytes were rewritten.
This patch corrects the error.
One comment to the patch. We don't care about the third bit in %o1, because cc_end_cruft
stores word or less.
Signed-off-by: Tkhai Kirill <tkhai@yandex.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
To fix this, initialise the waitqueues during port probe instead
of port open.
Signed-off-by: Anton Blanchard <anton@samba.org> Cc: stable@kernel.org Acked-by: Breno Leitao <leitao@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
projects / linux-beck.git / log