]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
15 years agoACPI: video: Fix reversed brightness behavior on ThinkPad SL series
Zhang Rui [Thu, 11 Dec 2008 21:24:52 +0000 (16:24 -0500)]
ACPI: video: Fix reversed brightness behavior on ThinkPad SL series

commit 935e5f290ec1eb0f1c15004421f5fd3154380fd5 upstream.

Section B.6.2 of ACPI 3.0b specification that defines _BCL method
doesn't require the brightness levels returned to be sorted.
At least ThinkPad SL300 (and probably all IdeaPads) returns the
array reversed (i.e. bightest levels have lowest indexes), which
causes the brightness management behave in completely reversed
manner on these machines (brightness increases when the laptop is
idle, while the display dims when used).

Sorting the array by brightness level values after reading the list
fixes the issue.

http://bugzilla.kernel.org/show_bug.cgi?id=12037

Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Thomas Renninger <trenn@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoelf core dump: fix get_user use
Roland McGrath [Sat, 7 Feb 2009 01:34:07 +0000 (17:34 -0800)]
elf core dump: fix get_user use

commit 92dc07b1f988e8c237a38e23be660b9b8533e6fd upstream.

The elf_core_dump() code does its work with set_fs(KERNEL_DS) in force,
so vma_dump_size() needs to switch back with set_fs(USER_DS) to safely
use get_user() for a normal user-space address.

Checking for VM_READ optimizes out the case where get_user() would fail
anyway.  The vm_file check here was already superfluous given the control
flow earlier in the function, so that is a cleanup/optimization unrelated
to other changes but an obvious and trivial one.

Reported-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomm: fix error case in mlock downgrade reversion
Hugh Dickins [Sun, 8 Feb 2009 20:56:58 +0000 (20:56 +0000)]
mm: fix error case in mlock downgrade reversion

commit d5b562330ec766292a3ac54ae5e0673610bd5b3d upstream.

Commit 27421e211a39784694b597dbf35848b88363c248, Manually revert
"mlock: downgrade mmap sem while populating mlocked regions", has
introduced its own regression: __mlock_vma_pages_range() may report
an error (for example, -EFAULT from trying to lock down pages from
beyond EOF), but mlock_vma_pages_range() must hide that from its
callers as before.

Reported-by: Sami Farin <safari-kernel@safari.iki.fi>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoAdd support for '8-port RS-232 MIC-3620 from advantech'
Michael Bramer [Tue, 27 Jan 2009 11:51:16 +0000 (11:51 +0000)]
Add support for '8-port RS-232 MIC-3620 from advantech'

commit 78d70d48132ce4c678a95b771ffa1af4fb5a03ec upstream.

This Patch add the device information for the
MIC-3620 8-port RS-232 cPCI card from Advantech Co. Ltd.

Signed-off-by: Michael Bramer <grisu@deb-support.de>
Signed-off-by: Alan Cox <number6@the-village.bc.nu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoserial: set correct baud_base for Oxford Semiconductor Ltd EXSYS EX-41092 Dual 16950...
Niels de Vos [Fri, 2 Jan 2009 13:46:58 +0000 (13:46 +0000)]
serial: set correct baud_base for Oxford Semiconductor Ltd EXSYS EX-41092 Dual 16950 Serial adapter

commit 39aced68d664291db3324d0fcf0985ab5626aac2 upstream.

The PCI-card identified as "Oxford Semiconductor Ltd EXSYS EX-41092 Dual
16950 Serial adapter" is only usable with other devices (i.e. not the same
card) after doing a "setserial /dev/ttyS<n> baud_base 115200".  This
baud_base should be default for this card.

Signed-off-by: Niels de Vos <niels.devos@wincor-nixdorf.com>
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoseq_file: fix big-enough lseek() + read()
Alexey Dobriyan [Thu, 5 Feb 2009 21:30:05 +0000 (00:30 +0300)]
seq_file: fix big-enough lseek() + read()

commit f01d1d546abb2f4028b5299092f529eefb01253a upstream.

lseek() further than length of the file will leave stale ->index
(second-to-last during iteration). Next seq_read() will not notice
that ->f_pos is big enough to return 0, but will print last item
as if ->f_pos is pointing to it.

Introduced in commit cb510b8172602a66467f3551b4be1911f5a7c8c2
aka "seq_file: more atomicity in traverse()".

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoseq_file: move traverse so it can be used from seq_read
Eric Biederman [Wed, 4 Feb 2009 23:12:25 +0000 (15:12 -0800)]
seq_file: move traverse so it can be used from seq_read

commit 33da8892a2f9e7d4b2d9a35fc80833ba2d2b1aa6 upstream.

In 2.6.25 some /proc files were converted to use the seq_file
infrastructure.  But seq_files do not correctly support pread(), which
broke some usersapce applications.

To handle pread correctly we can't assume that f_pos is where we left it
in seq_read.  So move traverse() so that we can eventually use it in
seq_read and do thus some day support pread().

Signed-off-by: Eric Biederman <ebiederm@xmission.com>
Cc: Paul Turner <pjt@google.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoPCI: return error on failure to read PCI ROMs
Timothy S. Nelson [Thu, 29 Jan 2009 19:12:47 +0000 (06:12 +1100)]
PCI: return error on failure to read PCI ROMs

commit 97c44836cdec1ea713a15d84098a1a908157e68f upstream.

This patch makes the ROM reading code return an error to user space if
the size of the ROM read is equal to 0.

The patch also emits a warnings if the contents of the ROM are invalid,
and documents the effects of the "enable" file on ROM reading.

Signed-off-by: Timothy S. Nelson <wayland@wayland.id.au>
Acked-by: Alex Villacis-Lasso <a_villacis@palosanto.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoPCI: properly clean up ASPM link state on device remove
Alex Chiang [Wed, 28 Jan 2009 21:59:18 +0000 (14:59 -0700)]
PCI: properly clean up ASPM link state on device remove

commit 3419c75e15f82c3ab09bd944fddbde72c9e4b3ea upstream.

We only want to disable ASPM when the last function is removed from
the parent's device list. We determine this by checking to see if
the parent's device list is completely empty.

Unfortunately, we never hit that code because the parent is considered
an upstream port, and never had an ASPM link_state associated with it.

The early check for !link_state causes us to return early, we never
discover that our device list is empty, and thus we never remove the
downstream ports' link_state nodes.

Instead of checking to see if the parent's device list is empty, we can
check to see if we are the last device on the list, and if so, then we
know that we can clean up properly.

Cc: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Alex Chiang <achiang@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPICA: Fix table entry truncation calculation
Myron Stowe [Fri, 30 Jan 2009 22:44:53 +0000 (15:44 -0700)]
ACPICA: Fix table entry truncation calculation

commit 386e4a8358239f90275e1f93d5ad11cdc93c6453 upstream.

During early boot, ACPI RSDT/XSDT table entries are gathered into the
'initial_tables[]' array.  This array is currently statically defined (see
./drivers/acpi/tables.c).  When there are more table entries than can be
held in the 'initial_tables[]' array, the message "Truncating N table
entries!" is output.  As currently implemented, this message will always
erroneously calculate N as 0.

This patch fixes the calculation that determines how many table entries
will be missing (truncated).

This modification may be used under either the GPL or the BSD-style
license used for Intel ACPI CA code.

Signed-off-by: Myron Stowe <myron.stowe@hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: disable ACPI cleanly when bad RSDP found
Len Brown [Fri, 6 Feb 2009 19:00:56 +0000 (14:00 -0500)]
ACPI: disable ACPI cleanly when bad RSDP found

commit 9e3a9d1ed8cc8db93e5c53e9a5b09065bd95de8b upstream.

When ACPI is disabled in the BIOS of this VIA C3 box,
it invalidates the RSDP, which Linux notices:

ACPI Error (tbxfroot-0218): A valid RSDP was not found [20080926]

Bug Linux neglected to disable ACPI at that stage,
and later scribbled on smp_found_config:

ACPI: No APIC-table, disabling MPS

But this box doesn't run well in legacy PIC mode,
it needed IOAPIC mode to perform correctly:

http://lkml.org/lkml/2009/2/5/39

So exit ACPI mode cleanly when we first detect
that it is hopeless.

Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: proc_dir_entry 'video/VGA' already registered
Zhao Yakui [Tue, 3 Feb 2009 03:55:01 +0000 (22:55 -0500)]
ACPI: proc_dir_entry 'video/VGA' already registered

commit f3b39f1393d5cebe56f43a584ef47efbebd2702c upstream.

eliminate the duplicate the name of "VGA"

http://bugzilla.kernel.org/show_bug.cgi?id=12514

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: Skip the first two elements in the _BCL package
Zhao Yakui [Mon, 2 Feb 2009 03:33:41 +0000 (11:33 +0800)]
ACPI: Skip the first two elements in the _BCL package

commit 0a3db1cec5d476804185114ff5d1845aed3936b3 upstream.

According to the Spec the first two elements in the _BCL package won't be

regarded as the available brightness level. The first is the brightness when
full power is connected to the box(It means that the AC adapter is plugged).
The second is the brightness level when the box is on battery.
    If the first two elements are still used while finding the next brightness
level, it will fall back to the lowest level when keeping on pressing
hotkey. (On some boxes the brightness will be changed twice when hotkey is
pressed once. One is in the ACPI video driver. The other is changed by sys I/F.
In the ACPI video driver the first two elements will be used while changing
the brightness. But the first two elements is skipped while using sys I/F.
In such case there exists the inconsistency).
    So he first two elements had better be skipped while showing the available
brightness or finding the next brightness level.

http://bugzilla.kernel.org/show_bug.cgi?id=12450

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agopanasonic-laptop: fix X[ ARRAY_SIZE(X) ]
Roel Kluin [Sat, 17 Jan 2009 14:51:27 +0000 (15:51 +0100)]
panasonic-laptop: fix X[ ARRAY_SIZE(X) ]

commit 2b190e76def5233c542f6025b4a133b1d4bd1a37 upstream.

Ensure pcc->keymap[ ARRAY_SIZE(pcc->keymap) ] does not occur.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoasus_acpi: Add R1F support
Corentin Chary [Tue, 20 Jan 2009 15:17:41 +0000 (16:17 +0100)]
asus_acpi: Add R1F support

commit 1021e2119eb33a990a2b9ff1410805dd9bdf7997 upstream.

Add R1F support

Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Add missing initialization for ALC272
Takashi Iwai [Fri, 6 Feb 2009 11:45:52 +0000 (12:45 +0100)]
ALSA: hda - Add missing initialization for ALC272

commit c6e8f2daadc6d61a32b7486a1058c8f1f9baa499 upstream.

ALC272 needs EAPD for speaker outputs as well as other similar ALC
codecs.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Add missing COEF initialization for ALC887
Takashi Iwai [Fri, 6 Feb 2009 11:46:59 +0000 (12:46 +0100)]
ALSA: hda - Add missing COEF initialization for ALC887

commit 4a5a4c56b443a213fa9c2ad27984a8681a3d7087 upstream.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Add quirk for FSC Amilo Xi2550
Takashi Iwai [Wed, 4 Feb 2009 22:30:19 +0000 (23:30 +0100)]
ALSA: hda - Add quirk for FSC Amilo Xi2550

commit f67d8176ba9a3dbc33454cd67057184b2ef5ee31 upstream.

Added model=fujisu-pi2515 for FSC Amilo Xi2550 with ALC883 codec.

Refernece: Novell bnc#450979
https://bugzilla.novell.com/show_bug.cgi?id=450979

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoagp/intel: Fix broken ® symbol in device name.
Eric Anholt [Tue, 23 Dec 2008 02:56:27 +0000 (18:56 -0800)]
agp/intel: Fix broken ® symbol in device name.

commit b854b2ab959e8175d75e01cf8ed452ed2624d0c8 upstream.

Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoagp/intel: add support for G41 chipset
Zhenyu Wang [Mon, 17 Nov 2008 06:39:00 +0000 (14:39 +0800)]
agp/intel: add support for G41 chipset

commit a50ccc6c6623ab0e64f2109881e07c176b2d876f upstream.

Signed-off-by: Zhenyu Wang <zhenyu.z.wang@intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoe1000: Fix PCI enable to honor the need_ioport flag
Karsten Keil [Tue, 3 Feb 2009 23:18:01 +0000 (15:18 -0800)]
e1000: Fix PCI enable to honor the need_ioport flag

commit 4d7155b932b8129c72e2f2714890e20b2a05e0b7 upstream.

On machine were no IO ports are assigned the call
to pci_enable_device() will fail, even if need_ioport
is false, we need to use pci_enable_device_mem() here.

Signed-off-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoe1000: fix bug with shared interrupt during reset
Jesse Brandeburg [Wed, 28 Jan 2009 00:41:58 +0000 (16:41 -0800)]
e1000: fix bug with shared interrupt during reset

commit 15b2bee22a0390d951301b53e83df88d0350c499 upstream.

A nasty bug was found where an MTU change (or anything else that caused a
reset) could race with the interrupt code.  The interrupt code was entered
by a shared interrupt during the MTU change.

This change prevents the interrupt code from running while the driver is in
the middle of its reset path.

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoeeepc-laptop: Add support for extended hotkeys
Matthew Garrett [Tue, 20 Jan 2009 15:17:46 +0000 (16:17 +0100)]
eeepc-laptop: Add support for extended hotkeys

commit b5f6f26550700445dcc125bbf75b9104e779d353 upstream.

Newer Eees have extra hotkeys above the function keys. This patch adds support
for sending them through the input layer.

Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoeeepc-laptop: fix oops when changing backlight brightness during eeepc-laptop init
Darren Salt [Sat, 7 Feb 2009 06:02:07 +0000 (01:02 -0500)]
eeepc-laptop: fix oops when changing backlight brightness during eeepc-laptop init

commit 7695fb04aca62e2d8a7ca6ede50f6211e1d71e53 upstream.

I got the following oops while changing the backlight brightness during
startup.  When it happens, it prevents use of the hotkeys, Fn-Fx, and the
lid button.

It's a clear use-before-init, as I verified by testing with an
appropriately-placed "else printk".

BUG: unable to handle kernel NULL pointer dereference at 00000000
*pde = 00000000
Oops: 0002 [#1] PREEMPT SMP
Pid: 160, comm: kacpi_notify Not tainted (2.6.28.1-eee901 #4) 901
EIP: 0060:[<c0264e68>]  [<c0264e68>] eeepc_hotk_notify+26/da
EFLAGS: 00010246 CPU: 1
Using defaults from ksymoops -t elf32-i386 -a i386
EAX: 00000009 EBX: 00000000 ECX: 00000009 EDX: f70dbf64
ESI: 00000029 EDI: f7335188 EBP: c02112c9 ESP: f70dbf80
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
 f70731e0 f73acd50 c02164ac f7335180 f70aa040 c02112e6 f733518c c012b62f
 f70aa044 f70aa040 c012bdba f70aa04c 00000000 c012be6e 00000000 f70bdf80
 c012e198 f70dbfc4 f70dbfc4 f70aa040 c012bdba 00000000 c012e0c9 c012e091
Call Trace:
 [<c02164ac>] ? acpi_ev_notify_dispatch+4c/55
 [<c02112e6>] ? acpi_os_execute_deferred+1d/25
 [<c012b62f>] ? run_workqueue+71/f1
 [<c012bdba>] ? worker_thread+0/bf
 [<c012be6e>] ? worker_thread+b4/bf
 [<c012e198>] ? autoremove_wake_function+0/2b
 [<c012bdba>] ? worker_thread+0/bf
 [<c012e0c9>] ? kthread+38/5f
 [<c012e091>] ? kthread+0/5f
 [<c0103abf>] ? kernel_thread_helper+7/10
Code: 00 00 00 00 c3 83 3d 60 5c 50 c0 00 56 89 d6 53 0f 84 c4 00 00 00 8d 42
e0 83 f8 0f 77 0f 8b 1d 68 5c 50 c0 89 d8 e8 a9 fa ff ff <89> 03 8b 1d 60 5c
50 c0 89 f2 83 e2 7f 0f b7 4c 53 10 8d 41 01

Signed-off-by: Darren Salt <linux@youmustbejoking.demon.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: APIC: enable workaround on AMD Fam10h CPUs
Borislav Petkov [Tue, 3 Feb 2009 15:24:22 +0000 (16:24 +0100)]
x86: APIC: enable workaround on AMD Fam10h CPUs

commit 858770619debfb9269add63e4ba8b7c6b5538dd1 upstream.

Impact: fix to enable APIC for AMD Fam10h on chipsets with a missing/b0rked
ACPI MP table (MADT)

Booting a 32bit kernel on an AMD Fam10h CPU running on chipsets with
missing/b0rked MP table leads to a hang pretty early in the boot process
due to the APIC not being initialized. Fix that by falling back to the
default APIC base address in 32bit code, as it is done in the 64bit
codepath.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoserial: RS485 ioctl structure uses __u32 include linux/types.h
Andy Whitcroft [Fri, 2 Jan 2009 13:49:04 +0000 (13:49 +0000)]
serial: RS485 ioctl structure uses __u32 include linux/types.h

commit 60c20fb8c00a2b23308ae4517f145383bc66d291 upstream.

In the commit below a new struct serial_rs485 was introduced for a new
ioctl:

    commit c26c56c0f40e200e61d1390629c806f6adaffbcc
    Author: Alan Cox <alan@redhat.com>
    Date:   Mon Oct 13 10:37:48 2008 +0100

tty: Cris has a nice RS485 ioctl so we should steal it

This structure uses the __u32 types for some of its members, which leads
to the following compile error:

    $ cc -I.../include -c X.c
    In file included from X.c:2: .../include/linux/serial.h:185:
error: expected specifier-qualifier-list before ‘__u32’
    $

It seems that these types are appropriate for this structure as it is
to be exposed to userspace.  These types are available via linux/types.h
so move the include of that outside the __KERNEL__ section.

Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthew Burgess <matthew@linuxfromscratch.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomodule: remove over-zealous check in __module_get()
Rusty Russell [Sat, 7 Feb 2009 07:45:56 +0000 (18:15 +1030)]
module: remove over-zealous check in __module_get()

commit 7f9a50a5b89b87f8e754f59ae9968da28be618a5 upstream.

Impact: fix spurious BUG_ON() triggered under load

module_refcount() isn't reliable outside stop_machine(), as demonstrated
by Karsten Keil <kkeil@suse.de>, networking can trigger it under load
(an inc on one cpu and dec on another while module_refcount() is tallying
 can give false results, for example).

Almost noone should be using __module_get, but that's another issue.

Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoieee1394: sbp2: add workarounds for 2nd and 3rd generation iPods
Stefan Richter [Sat, 7 Feb 2009 12:06:06 +0000 (13:06 +0100)]
ieee1394: sbp2: add workarounds for 2nd and 3rd generation iPods

Commit 1448d7c6a2ff96d3b52ecae49e2d0f046a097fe0 upstream.

As per https://bugs.launchpad.net/bugs/294391.  These got one sample of
each iPod generation going.  However there still occurred I/O stalls
with the 3rd generation iPod which remain undiagnosed at the time of
this writing.

Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofirewire: sbp2: add workarounds for 2nd and 3rd generation iPods
Stefan Richter [Sat, 7 Feb 2009 12:05:25 +0000 (13:05 +0100)]
firewire: sbp2: add workarounds for 2nd and 3rd generation iPods

Commit c8c4707cf7ca8ff7dcc1653447e48cb3de0bf114 upstream.

According to https://bugs.launchpad.net/bugs/294391
  - 3rd generation iPods need the "fix capacity" workaround after all
    (apparently they crash after the last sector was accessed),
  - 2nd generation iPods need the "128 kB maximum request size"
    workaround.

Alas both iPod generations feature the same model ID in the config ROM,
hence we can only define a shared quirks list entry for them.  Luckily
the fix capacity workaround did not show a negative effect in Jarod's
tests with 2nd gen. iPod.

A side note:  Apple computers in target mode (or at least an x86 Mac
mini) don't have firmware_version and model_id, hence none of the iPod
quirks list entries is active for them.

Tested-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofirewire: sbp2: fix DMA mapping leak on the failure path
Stefan Richter [Sat, 7 Feb 2009 12:04:45 +0000 (13:04 +0100)]
firewire: sbp2: fix DMA mapping leak on the failure path

Commit 5e2125677fd72d36396cc537466e07ffcbbd4b2b upstream.

Reported-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
who also provided a first version of the fix.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofirewire: ohci: increase AT req. retries, fix ack_busy_X from Panasonic camcorders...
Stefan Richter [Sat, 7 Feb 2009 12:04:09 +0000 (13:04 +0100)]
firewire: ohci: increase AT req. retries, fix ack_busy_X from Panasonic camcorders and others

Commit 8b7b6afaa84708d08139daa08538ca3e56c351f1 upstream.

Camcorders have a tendency to fail read requests to their config ROM and
write request to their FCP command register with ack_busy_X.  This has
become a problem with newer kernels and especially Panasonic camcorders,
causing AV/C in dvgrab and kino to fail.  Dvgrab for example frequently
logs "send oops"; kino reports loss of AV/C control.  I suspect that
lower CPU scheduling latencies in newer kernels made this issue more
prominent now.

According to
https://sourceforge.net/tracker/?func=detail&atid=114103&aid=2492640&group_id=14103
this can be fixed by configuring the FireWire controller for more
hardware retries for request transmission; these retries are evidently
more successful than libavc1394's own retry loop (typically 3 tries on
top of hardware retries).

Presumably the same issue has been reported at
https://bugzilla.redhat.com/show_bug.cgi?id=449252 and
https://bugzilla.redhat.com/show_bug.cgi?id=477279 .

In a quick test with a JVC camcorder (which didn't malfunction like the
reported camcorders), this change decreased the number of ack_busy_X
from 16 in three runs of dvgrab to 4 in three runs of the same capture
duration.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoieee1394: ohci1394: increase AT req. retries, fix ack_busy_X from Panasonic camcorder...
Stefan Richter [Sat, 7 Feb 2009 12:03:22 +0000 (13:03 +0100)]
ieee1394: ohci1394: increase AT req. retries, fix ack_busy_X from Panasonic camcorders and others

Commit 64c634ef83991b390ec0503e61f16efb0ba3c60b upstream.

Camcorders have a tendency to fail read requests to their config ROM and
write request to their FCP command register with ack_busy_X.  This has
become a problem with newer kernels and especially Panasonic camcorders,
causing AV/C in dvgrab and kino to fail.  Dvgrab for example frequently
logs "send oops"; kino reports loss of AV/C control.  I suspect that
lower CPU scheduling latencies in newer kernels made this issue more
prominent now.

According to
https://sourceforge.net/tracker/?func=detail&atid=114103&aid=2492640&group_id=14103
this can be fixed by configuring the FireWire controller for more
hardware retries for request transmission; these retries are evidently
more successful than libavc1394's own retry loop (typically 3 tries on
top of hardware retries).

Presumably the same issue has been reported at
https://bugzilla.redhat.com/show_bug.cgi?id=449252 and
https://bugzilla.redhat.com/show_bug.cgi?id=477279 .

Tested-by: Mathias Beilstein
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: dock: Don't eval _STA on every show_docked sysfs read
Holger Macht [Tue, 20 Jan 2009 11:18:24 +0000 (12:18 +0100)]
ACPI: dock: Don't eval _STA on every show_docked sysfs read

commit fc5a9f8841ee87d93376ada5d73117d4d6a373ea upstream.

Some devices trigger a DEVICE_CHECK on every evalutation of _STA. This
can also be seen in commit 8b59560a3baf2e7c24e0fb92ea5d09eca92805db
(ACPI: dock: avoid check _STA method).  If an undock is processed, the
dock driver sends a uevent and userspace might read the show_docked
property in sysfs. This causes an evaluation of _STA of the particular
device which causes the dock driver to immediately dock again.

In any case, evaluation of _STA (show_docked) does not necessarily mean
that we are docked, so check with the internal device structure.

http://bugzilla.kernel.org/show_bug.cgi?id=12360

Signed-off-by: Holger Macht <hmacht@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: Enable bit 11 in _PDC to advertise hw coord
Pallipadi, Venkatesh [Mon, 2 Feb 2009 19:57:18 +0000 (11:57 -0800)]
ACPI: Enable bit 11 in _PDC to advertise hw coord

commit d96f94c604453f87fe24154b87e1e9a3a72511f8 upstream.

Bit 11 in intel PDC definitions is meant for OS capability to handle
hardware coordination of P-states. In Linux we have always supported
hwardware coordination of P-states. Just let the BIOSes know that we
support it, by setting this bit.

Some BIOSes use this bit to choose between hardware or software coordination
and without this change below, BIOSes switch to software coordination, which
is not very optimal in terms of power consumption and extra wakeups from idle.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomd: Fix a bug in linear.c causing which_dev() to return the wrong device.
Andre Noll [Fri, 6 Feb 2009 04:10:52 +0000 (15:10 +1100)]
md: Fix a bug in linear.c causing which_dev() to return the wrong device.

commit 852c8bf484a0e17ee27f413ef26e87f522af5607 upstream.

ab5bd5cbc8d4b868378d062eed3d4240930fbb86 introduced the following
bug in linear software raid for large arrays on 32 bit machines:

which_dev() computes the device holding a given sector by shifting
down the sector number to a 32 bit range, dividing by the array
spacing and looking up the resulting index in the hash table of
the array.

Because the computed index might be slightly too small, a loop at
the end of which_dev() increases the index until the given sector
actually falls into the range of the device associated with that index.

The changes of the above mentioned commit caused this loop to check
whether the _index_ rather than the sector number is small enough,
effectively bypassing the loop and thus possibly returning the wrong
device.

As reported by Simon Kirby, this leads to errors such as

linear_make_request: Sector 2340486136 out of bounds on dev sdi: 156301312 sectors, offset 2109870464

Fix this bug by introducing a local variable for the index so that
the variable containing the passed sector is left unchanged.

Signed-off-by: Andre Noll <maan@systemlinux.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomd: Ensure an md array never has too many devices.
NeilBrown [Fri, 6 Feb 2009 07:02:46 +0000 (18:02 +1100)]
md: Ensure an md array never has too many devices.

commit de01dfadf25bf83cfe3d85c163005c4320532658 upstream.

Each different metadata format supported by md supports a
different maximum number of devices.
We really should be enforcing this maximum in the kernel, but
we aren't quite doing that properly.

We currently only enforce it at the 'hot_add' point, which is an
older interface which is not used by current userspace.

We need to also enforce it at 'add_new_disk' time for active arrays
and at 'do_md_run' time when starting a new array.

So move the test from 'hot_add' into 'bind_rdev_to_array' which is
called from both 'hot_add' and 'add_new_disk, and add a new
test in 'analyse_sbs' which is called from 'do_md_run'.

This bug (or missing feature) has been around "forever" and so
the patch is suitable for any -stable that is currently maintained.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosound: usb-audio: handle wMaxPacketSize for FIXED_ENDPOINT devices
Clemens Ladisch [Fri, 6 Feb 2009 07:13:07 +0000 (08:13 +0100)]
sound: usb-audio: handle wMaxPacketSize for FIXED_ENDPOINT devices

commit 894dcd78782842924527598b0b764c9b4e679e21 upstream.

For audio devices that do not have proper audio descriptors (e.g.,
Edirol UA-20), we use hardcoded parameters from our quirks list.
However, we must still read the maximum packet size from the standard
endpoint descriptor; otherwise, we might use packets that are too big
and therefore rejected by the USB core.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoprevent kprobes from catching spurious page faults
Masami Hiramatsu [Thu, 5 Feb 2009 22:12:39 +0000 (17:12 -0500)]
prevent kprobes from catching spurious page faults

commit 9be260a646bf76fa418ee519afa10196b3164681 upstream.

Prevent kprobes from catching spurious faults which will cause infinite
recursive page-fault and memory corruption by stack overflow.

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agorevert "rlimit: permit setting RLIMIT_NOFILE to RLIM_INFINITY"
Andrew Morton [Wed, 4 Feb 2009 23:12:06 +0000 (15:12 -0800)]
revert "rlimit: permit setting RLIMIT_NOFILE to RLIM_INFINITY"

commit 60fd760fb9ff7034360bab7137c917c0330628c2 upstream.

Revert commit 0c2d64fb6cae9aae480f6a46cfe79f8d7d48b59f because it causes
(arguably poorly designed) existing userspace to spend interminable
periods closing billions of not-open file descriptors.

We could bring this back, with some sort of opt-in tunable in /proc, which
defaults to "off".

Peter's alanysis follows:

: I spent several hours trying to get to the bottom of a serious
: performance issue that appeared on one of our servers after upgrading to
: 2.6.28.  In the end it's what could be considered a userspace bug that
: was triggered by a change in 2.6.28.  Since this might also affect other
: people I figured I'd at least document what I found here, and maybe we
: can even do something about it:
:
:
: So, I upgraded some of debian.org's machines to 2.6.28.1 and immediately
: the team maintaining our ftp archive complained that one of their
: scripts that previously ran in a few minutes still hadn't even come
: close to being done after an hour or so.  Downgrading to 2.6.27 fixed
: that.
:
: Turns out that script is forking a lot and something in it or python or
: whereever closes all the file descriptors it doesn't want to pass on.
: That is, it starts at zero and goes up to ulimit -n/RLIMIT_NOFILE and
: closes them all with a few exceptions.
:
: Turns out that takes a long time when your limit -n is now 2^20 (1048576).
:
: With 2.6.27.* the ulimit -n was the standard 1024, but with 2.6.28 it is
: now a thousand times that.
:
: 2.6.28 included a patch titled "rlimit: permit setting RLIMIT_NOFILE to
: RLIM_INFINITY" (0c2d64fb6cae9aae480f6a46cfe79f8d7d48b59f)[1] that
: allows, as the title implies, to set the limit for number of files to
: infinity.
:
: Closer investigation showed that the broken default ulimit did not apply
: to "system" processes (like stuff started from init).  In the end I
: could establish that all processes that passed through pam_limit at one
: point had the bad resource limit.
:
: Apparently the pam library in Debian etch (4.0) initializes the limits
: to some default values when it doesn't have any settings in limit.conf
: to override them.  Turns out that for nofiles this is RLIM_INFINITY.
: Commenting out "case RLIMIT_NOFILE" in pam_limit.c:267 of our pam
: package version 0.79-5 fixes that - tho I'm not sure what side effects
: that has.
:
: Debian lenny (the upcoming 5.0 version) doesn't have this issue as it
: uses a different pam (version).

Reported-by: Peter Palfrader <weasel@debian.org>
Cc: Adam Tkac <vonsch@gmail.com>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoshm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
Tony Battersby [Wed, 4 Feb 2009 23:12:04 +0000 (15:12 -0800)]
shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM

commit a68e61e8ff2d46327a37b69056998b47745db6fa upstream.

shm_get_stat() assumes that the inode is a "struct shmem_inode_info",
which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c:
ramfs_get_inode() vs.  mm/shmem.c: shmem_get_inode()).

This bad assumption can cause shmctl(SHM_INFO) to lockup when
shm_get_stat() tries to spin_lock(&info->lock).  Users of !CONFIG_SHMEM
may encounter this lockup simply by invoking the 'ipcs' command.

Reported by Jiri Olsa back in February 2008:
http://lkml.org/lkml/2008/2/29/74

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Reported-by: Jiri Olsa <olsajiri@gmail.com>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agowait: prevent exclusive waiter starvation
Johannes Weiner [Wed, 4 Feb 2009 23:12:14 +0000 (15:12 -0800)]
wait: prevent exclusive waiter starvation

commit 777c6c5f1f6e757ae49ecca2ed72d6b1f523c007 upstream.

With exclusive waiters, every process woken up through the wait queue must
ensure that the next waiter down the line is woken when it has finished.

Interruptible waiters don't do that when aborting due to a signal.  And if
an aborting waiter is concurrently woken up through the waitqueue, noone
will ever wake up the next waiter.

This has been observed with __wait_on_bit_lock() used by
lock_page_killable(): the first contender on the queue was aborting when
the actual lock holder woke it up concurrently.  The aborted contender
didn't acquire the lock and therefor never did an unlock followed by
waking up the next waiter.

Add abort_exclusive_wait() which removes the process' wait descriptor from
the waitqueue, iff still queued, or wakes up the next waiter otherwise.
It does so under the waitqueue lock.  Racing with a wake up means the
aborting process is either already woken (removed from the queue) and will
wake up the next waiter, or it will remove itself from the queue and the
concurrent wake up will apply to the next waiter after it.

Use abort_exclusive_wait() in __wait_event_interruptible_exclusive() and
__wait_on_bit_lock() when they were interrupted by other means than a wake
up through the queue.

[akpm@linux-foundation.org: coding-style fixes]
Reported-by: Chris Mason <chris.mason@oracle.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Mentored-by: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Matthew Wilcox <matthew@wil.cx>
Cc: Chuck Lever <cel@citi.umich.edu>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodo_wp_page: fix regression with execute in place
Carsten Otte [Wed, 4 Feb 2009 23:12:16 +0000 (15:12 -0800)]
do_wp_page: fix regression with execute in place

commit ab92661d5d9514647346047f30f67a7f35ffea67 upstream.

Fix do_wp_page for VM_MIXEDMAP mappings.

In the case where pfn_valid returns 0 for a pfn at the beginning of
do_wp_page and the mapping is not shared writable, the code branches to
label `gotten:' with old_page == NULL.

In case the vma is locked (vma->vm_flags & VM_LOCKED), lock_page,
clear_page_mlock, and unlock_page try to access the old_page.

This patch checks whether old_page is valid before it is dereferenced.

The regression was introduced by "mlock: mlocked pages are unevictable"
(commit b291f000393f5a0b679012b39d79fbc85c018233).

Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosgi-xp: fix writing past the end of kzalloc()'d space
Dean Nelson [Wed, 4 Feb 2009 23:12:24 +0000 (15:12 -0800)]
sgi-xp: fix writing past the end of kzalloc()'d space

commit 361916a943cd9dbda1c0b00879d0225cc919d868 upstream.

A missing type cast results in writing way beyond the end of a kzalloc()'d
memory segment resulting in slab corruption. But it seems like the better
solution is to define ->recv_msg_slots as a 'void *' rather than a
'struct xpc_notify_mq_msg_uv *' and add the type cast.

Signed-off-by: Dean Nelson <dcn@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoLinux 2.6.28.4 v2.6.28.4
Greg Kroah-Hartman [Fri, 6 Feb 2009 21:47:45 +0000 (13:47 -0800)]
Linux 2.6.28.4

15 years agoACPICA: Allow multiple backslash prefix in namepaths
Lin Ming [Thu, 13 Nov 2008 02:54:39 +0000 (10:54 +0800)]
ACPICA: Allow multiple backslash prefix in namepaths

commit d037c5fd7367548191eab2b376a1d08c4ffaf7ff upstream.

In a fully qualified namepath, allow multiple backslash prefixes.
This can happen because of the use of a double-backslash in strings
(since backslash is the escape character) causing confusion.
ACPICA BZ 739 Lin Ming.

http://www.acpica.org/bugzilla/show_bug.cgi?id=739

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Thomas Renninger <trenn@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosata_mv: Fix chip type for Hightpoint RocketRaid 1740/1742
Mark Lord [Tue, 27 Jan 2009 21:33:13 +0000 (16:33 -0500)]
sata_mv: Fix chip type for Hightpoint RocketRaid 1740/1742

commit 4462254ac6be9150aae87d54d388fc348d6fcead upstream.

Fix chip type for the Highpoint RocketRAID 1740 and 1742 PCI cards.
These really do have Marvell 6042 chips on them, rather than the 5081 chip.

Confirmed by multiple (two) users (for the 1740), and by examining
the product photographs from Highpoint's web site.

Signed-off-by: Mark Lord <mlord@pobox.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodlm: initialize file_lock struct in GETLK before copying conflicting lock
Jeff Layton [Wed, 21 Jan 2009 16:34:50 +0000 (11:34 -0500)]
dlm: initialize file_lock struct in GETLK before copying conflicting lock

commit 20d5a39929232a715f29e6cb7e3f0d0c790f41eb upstream.

dlm_posix_get fills out the relevant fields in the file_lock before
returning when there is a lock conflict, but doesn't clean out any of
the other fields in the file_lock.

When nfsd does a NFSv4 lockt call, it sets the fl_lmops to
nfsd_posix_mng_ops before calling the lower fs. When the lock comes back
after testing a lock on GFS2, it still has that field set. This confuses
nfsd into thinking that the file_lock is a nfsd4 lock.

Fix this by making DLM reinitialize the file_lock before copying the
fields from the conflicting lock.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: Do not modify SCI_EN directly
Rafael J. Wysocki [Mon, 29 Dec 2008 18:19:07 +0000 (19:19 +0100)]
ACPI: Do not modify SCI_EN directly

commit 11e93130c7ce5228d484fd5e86f3984835d4256b upstream.

According to the ACPI specification the SCI_EN flag is controlled by
the hardware, which sets this flag to inform the kernel that ACPI is
enabled.  For this reason, we shouldn't try to modify SCI_EN
directly.  Also, we don't need to do it in irqrouter_resume(), since
lower-level resume code takes care of enabling ACPI in case it hasn't
been enabled by the BIOS before passing control to the kernel (which
by the way is against the ACPI specification).

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Thomas Renninger <trenn@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoNewly inserted battery might differ from one just removed, so update of battery info...
Alexey Starikovskiy [Mon, 22 Dec 2008 23:44:54 +0000 (02:44 +0300)]
Newly inserted battery might differ from one just removed, so update of battery info fields is required.

commit 50b178512b7d6e7724f87459f6bd06504c9c2da1 upstream.

Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Acked-by: Andy Neitzke <neitzke@ias.edu>
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Thomas Renninger <trenn@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agovideo: always update the brightness when poking "brightness"
Zhang Rui [Wed, 31 Dec 2008 02:58:48 +0000 (10:58 +0800)]
video: always update the brightness when poking "brightness"

commit 9e6dada9d255497127251c03aaa59296d186f959 upstream.

always update props.brightness no matter the backlight is changed
via procfs, hotkeys or sysfs.

Sighed-off-by: Zhang Rui <rui.zhang@intel.com>
Acked-by: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Thomas Renninger <trenn@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: Avoid array address overflow when _CST MWAIT hint bits are set
Zhao Yakui [Sun, 4 Jan 2009 04:04:21 +0000 (12:04 +0800)]
ACPI: Avoid array address overflow when _CST MWAIT hint bits are set

commit 13b40a1a065824d2d4e55c8b48ea9f3f9d162929 upstream.

The Cx Register address obtained from the _CST object is used as the MWAIT
hints if the register type is FFixedHW. And it is used to check whether
the Cx type is supported or not.

On some boxes the following Cx state package is obtained from _CST object:
    >{
                ResourceTemplate ()
                {
                    Register (FFixedHW,
                        0x01,               // Bit Width
                        0x02,               // Bit Offset
                        0x0000000000889759, // Address
                        0x03,               // Access Size
                        )
                },

                0x03,
                0xF5,
                0x015E }

   In such case we should use the bit[7:4] of Cx address to check whether
the Cx type is supported or not.

mask the MWAIT hint to avoid array address overflow

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by:Venki Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Thomas Renninger <trenn@suse.de>
15 years agocpuidle: Add decaying history logic to menu idle predictor
Venkatesh Pallipadi [Tue, 27 Jan 2009 16:38:46 +0000 (17:38 +0100)]
cpuidle: Add decaying history logic to menu idle predictor

commit 816bb611e41be29b476dc16f6297eb551bf4d747 upstream

Add decaying history of predicted idle time, instead of using the last early
wakeup. This logic helps menu governor do better job of predicting idle time.

With this change, we also measured noticable (~8%) power savings on
a DP server system with CPUs supporting deep C states, when system
was lightly loaded. There was no change to power or perf on other load
conditions.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Thomas Renninger <trenn@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoPCI: irq and pci_ids patch for Intel Tigerpoint DeviceIDs
Seth Heasley [Fri, 23 Jan 2009 20:43:38 +0000 (12:43 -0800)]
PCI: irq and pci_ids patch for Intel Tigerpoint DeviceIDs

commit 57064d213d2e44654d4f13c66df135b5e7389a26 upstream.

This patch adds the Intel Tigerpoint LPC Controller DeviceIDs.

Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agominstrel: fix warning if lowest supported rate index is not 0
Christian Lamparter [Sat, 24 Jan 2009 09:45:10 +0000 (10:45 +0100)]
minstrel: fix warning if lowest supported rate index is not 0

commit d57854bb1d78ba89ffbfdfd1c3e95b52ed7478ff upstream

This patch fixes the following WARNING (caused by rix_to_ndx): "
>WARNING: at net/mac80211/rc80211_minstrel.c:69 minstrel_rate_init+0xd2/0x33a [mac80211]()
>[...]
>Call Trace:
> warn_on_slowpath+0x51/0x75
> _format_mac_addr+0x4c/0x88
> minstrel_rate_init+0xd2/0x33a [mac80211]
> print_mac+0x16/0x1b
> schedule_hrtimeout_range+0xdc/0x107
> ieee80211_add_station+0x158/0x1bd [mac80211]
> nl80211_new_station+0x1b3/0x20b [cfg80211]

The reason is that I'm experimenting with "g" only mode on a 802.11 b/g card.

Therefore rate_lowest_index returns 4 (= 6Mbit, instead of usual 0 = 1Mbit).
Since mi->r array is initialized with zeros in minstrel_alloc_sta,
rix_to_ndx has a hard time to find the 6Mbit entry and will trigged the WARNING.

Signed-off-by: Christian Lamparter <chunkeey@web.de>
Acked-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agop54usb: rewriting rx/tx routines to make use of usb_anchor's facilities
Christian Lamparter [Sat, 24 Jan 2009 09:44:53 +0000 (10:44 +0100)]
p54usb: rewriting rx/tx routines to make use of usb_anchor's facilities

commit dd397dc9dddfa2149a1bbc9e52ac7d5630737cec upstream

Alan Stern found several flaws in p54usb's implementation and annotated:
"usb_kill_urb() and similar routines do not expect an URB's completion
routine to deallocate it.  This is almost obvious -- if the URB is deallocated
before the completion routine returns then there's no way for usb_kill_urb
to detect when the URB actually is complete."

This patch addresses all known limitations in the old implementation and fixes
khub's "use-after-freed" hang, when SLUB debug's poisoning option is enabled.

Signed-off-by: Christian Lamparter <chunkeey@web.de>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agop54: fix p54_read_eeprom to cope with tx_hdr_len
Christian Lamparter [Sat, 24 Jan 2009 09:44:40 +0000 (10:44 +0100)]
p54: fix p54_read_eeprom to cope with tx_hdr_len

commit b92f30d65aeb0502e2ed8beb80c8465578b40002 upstream

This patch fixes a regression in "p54: move eeprom code into common library"
7cb770729ba895f73253dfcd46c3fcba45d896f9

Some of p54usb's devices need a little headroom for the transportation and
this was forgotten in the eeprom change.

Signed-off-by: Christian Lamparter <chunkeey@web.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agop54: fix lm87 checksum endianness
Johannes Berg [Sat, 24 Jan 2009 09:44:26 +0000 (10:44 +0100)]
p54: fix lm87 checksum endianness

commit c91276592695e13d1b52eab572551017cbf96ee7 upstream

This fixes the checksum calculation for lm87 firmwares
on big endian platforms, the device treats the data as
an array of 32-bit little endian values so the driver
needs to do that as well.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Christian Lamparter <chunkeey@web.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwlwifi: fix rs_get_rate WARN_ON()
Abbas, Mohamed [Wed, 21 Jan 2009 18:58:02 +0000 (10:58 -0800)]
iwlwifi: fix rs_get_rate WARN_ON()

commit c338ba3ca5bef2df2082d9e8d336ff7b2880c326 upstream.

In ieee80211_sta structure there is u64 supp_rates[IEEE80211_NUM_BANDS]
this is filled with all support rate from assoc_resp.  If we associate
with G-band AP only supp_rates of G-band will be set the other band
supp_rates will be set to 0. If the user type this command
this will cause mac80211 to set to new channel, mac80211
does not disassociate in setting new channel, so the active
band is now A-band. then in handling the new essid mac80211 will
kick in the assoc steps which involve sending disassociation frame.
in this mac80211 will WARN_ON sta->supp_rates[A_BAND] == 0.

This fixes:
http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=1822
http://www.kerneloops.org/searchweek.php?search=rs_get_rate

Signed-off-by: mohamed abbas <mohamed.abbas@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonfsd: Ensure nfsv4 calls the underlying filesystem on LOCKT
J. Bruce Fields [Sat, 20 Dec 2008 19:58:38 +0000 (11:58 -0800)]
nfsd: Ensure nfsv4 calls the underlying filesystem on LOCKT

commit 55ef1274dddd4de387c54d110e354ffbb6cdc706 upstream.

Since nfsv4 allows LOCKT without an open, but the ->lock() method is a
file method, we fake up a struct file in the nfsv4 code with just the
fields we need initialized.  But we forgot to initialize the file
operations, with the result that LOCKT never results in a call to the
filesystem's ->lock() method (if it exists).

We could just add that one more initialization.  But this hack of faking
up a struct file with only some fields initialized seems the kind of
thing that might cause more problems in the future.  We should either do
an open and get a real struct file, or make lock-testing an inode (not a
file) method.

This patch does the former.

Reported-by: Marc Eshel <eshel@almaden.ibm.com>
Tested-by: Marc Eshel <eshel@almaden.ibm.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonfsd: only set file_lock.fl_lmops in nfsd4_lockt if a stateowner is found
Jeff Layton [Thu, 22 Jan 2009 19:16:04 +0000 (14:16 -0500)]
nfsd: only set file_lock.fl_lmops in nfsd4_lockt if a stateowner is found

commit fa82a491275a613b15489aab4b99acecb00958d3 upstream.

nfsd4_lockt does a search for a lockstateowner when building the lock
struct to test. If one is found, it'll set fl_owner to it. Regardless of
whether that happens, it'll also set fl_lmops. Given that this lock is
basically a "lightweight" lock that's just used for checking conflicts,
setting fl_lmops is probably not appropriate for it.

This behavior exposed a bug in DLM's GETLK implementation where it
wasn't clearing out the fields in the file_lock before filling in
conflicting lock info. While we were able to fix this in DLM, it
still seems pointless and dangerous to set the fl_lmops this way
when we may have a NULL lockstateowner.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@pig.fieldses.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoInput: atkbd - Samsung NC10 key repeat fix
Stuart Hopkins [Sat, 20 Dec 2008 09:12:33 +0000 (04:12 -0500)]
Input: atkbd - Samsung NC10 key repeat fix

commit 4200844bd9dc511088258437d564a187f0ffc94e upstream.

This patch fixes the key repeat issue with the Fn+F? keys on the new
Samsung NC10 Netbook, so that the keys can be defined and used within
ACPID correctly, otherwise the keys repeat indefinately.

This solves part of http://bugzilla.kernel.org/show_bug.cgi?id=12021

Signed-off-by: Stuart Hopkins <stuart@dodgy-geeza.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoAdd enable_ms to jsm driver
Paul Larson [Fri, 30 Jan 2009 16:21:49 +0000 (10:21 -0600)]
Add enable_ms to jsm driver

commit 0461ec5bc7745b89a8ab67ba0ea497abd58a6301 upstream.

This fixes a crash observed when non-existant enable_ms function is
called for jsm driver.

Signed-off-by: Scott Kilau <Scott.Kilau@digi.com>
Signed-off-by: Paul Larson <pl@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoFix memory corruption in console selection
Mikulas Patocka [Fri, 30 Jan 2009 20:27:14 +0000 (15:27 -0500)]
Fix memory corruption in console selection

commit 878b8619f711280fd05845e21956434b5e588cc4 upstream.

Fix an off-by-two memory error in console selection.

The loop below goes from sel_start to sel_end (inclusive), so it writes
one more character.  This one more character was added to the allocated
size (+1), but it was not multiplied by an UTF-8 multiplier.

This patch fixes a memory corruption when UTF-8 console is used and the
user selects a few characters, all of them 3-byte in UTF-8 (for example
a frame line).

When memory redzones are enabled, a redzone corruption is reported.
When they are not enabled, trashing of random memory occurs.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosata_nv: ck804 has borked hardreset too
Tejun Heo [Sun, 1 Feb 2009 01:56:31 +0000 (10:56 +0900)]
sata_nv: ck804 has borked hardreset too

commit 8d993eaa9c3c61b8a5929a7f695078a1fcfb4869 upstream.

While playing with nvraid, I found out that rmmoding and insmoding
often trigger hardreset failure on the first port (the second one was
always okay).  Seriously, how diverse can you get with hardreset
behaviors?  Anyways, make ck804 use noclassify variant too.

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosata_nv: fix MCP5x reset
Tejun Heo [Sun, 25 Jan 2009 02:29:38 +0000 (11:29 +0900)]
sata_nv: fix MCP5x reset

commit 2d775708bc6613f1be47f1e720781343341ecc94 upstream.

MCP5x family of controllers seem to share much more with nf2's as far
as reset protocol is concerned.  It requires heardreset to get the PHY
going and classfication code report after hardreset is unreliable.
Create a new board type MCP5x and use noclassify hardreset.  SWNCQ is
modified to inherit from this new type.

This fixes hotplug regression reported in kernel bz#12351.

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosata_nv: rename nv_nf2_hardreset()
Tejun Heo [Sun, 25 Jan 2009 02:25:22 +0000 (11:25 +0900)]
sata_nv: rename nv_nf2_hardreset()

commit e8caa3c70e94d867ca2efe9e53fd388b52d6d0c8 upstream.

nv_nf2_hardreset() will be used by other flavors too.  Rename it to
nv_noclassify_hardreset().

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agokmalloc: return NULL instead of link failure
Jeff Mahoney [Tue, 27 Jan 2009 21:48:59 +0000 (23:48 +0200)]
kmalloc: return NULL instead of link failure

commit 1cf3eb2ff6b0844c678f2f48d0053b9d12b7da67 upstream.

The SLAB kmalloc with a constant value isn't consistent with the other
implementations because it bails out with __you_cannot_kmalloc_that_much
rather than returning NULL and properly allowing the caller to fall back
to vmalloc or take other action.  This doesn't happen with a non-constant
value or with SLOB or SLUB.

Starting with 2.6.28, I've been seeing build failures on s390x.  This is
due to init_section_page_cgroup trying to allocate 2.5MB when the max size
for a kmalloc on s390x is 2MB.

It's failing because the value is constant.  The workarounds at the call
size are ugly and the caller shouldn't have to change behavior depending
on what the backend of the API is.

So, this patch eliminates the link failure and returns NULL like the other
implementations.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agofbdev/atyfb: Fix DSP config on some PowerMacs & PowerBooks
Risto Suominen [Tue, 13 Jan 2009 20:09:30 +0000 (20:09 +0000)]
fbdev/atyfb: Fix DSP config on some PowerMacs & PowerBooks

commit 7fbb7cadd062baf299fd8b26a80ea99da0c3fe01 upstream.

Since the complete re-write in 2.6.10, some PowerMacs (At least PowerMac 5500
and PowerMac G3 Beige rev A) with ATI Mach64 chip have suffered from unstable
columns in their framebuffer image. This seems to depend on a value (4) read
from PLL_EXT_CNTL register, which leads to incorrect DSP config parameters to
be written to the chip. This patch uses a value calculated by aty_init_pll_ct
instead, as a starting point.

There are questions as to whether this should be extended to other platforms
or maybe made dependent on specific chip types, but in the meantime, this has
been tested on various powermacs and works for them so let's commit it.

Signed-off-by: Risto Suominen <Risto.Suominen@gmail.com>
Tested-by: Michael Pettersson <mike@it.uu.se>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoorinoco: move kmalloc(..., GFP_KERNEL) outside spinlock in orinoco_ioctl_set_genie
Andrey Borzenkov [Thu, 29 Jan 2009 17:39:32 +0000 (20:39 +0300)]
orinoco: move kmalloc(..., GFP_KERNEL) outside spinlock in orinoco_ioctl_set_genie

commit 7fe99c4e28ab54eada8aa456b417114e6ef21587 upstream

orinoco: move kmalloc(..., GFP_KERNEL) outside spinlock in orinoco_ioctl_set_genie

[   56.923623] BUG: sleeping function called from invalid context at /home/bor/src/linux-git/mm/slub.c:1599
[   56.923644] in_atomic(): 0, irqs_disabled(): 1, pid: 3031, name: wpa_supplicant
[   56.923656] 2 locks held by wpa_supplicant/3031:
[   56.923662]  #0:  (rtnl_mutex){--..}, at: [<c02abd1f>] rtnl_lock+0xf/0x20
[   56.923703]  #1:  (&priv->lock){++..}, at: [<dfc840c2>] orinoco_ioctl_set_genie+0x52/0x130 [orinoco]
[   56.923782] irq event stamp: 910
[   56.923788] hardirqs last  enabled at (909): [<c01957db>] __kmalloc+0x7b/0x140
[   56.923820] hardirqs last disabled at (910): [<c0309419>] _spin_lock_irqsave+0x19/0x80
[   56.923847] softirqs last  enabled at (880): [<c0124f54>] __do_softirq+0xc4/0x110
[   56.923865] softirqs last disabled at (871): [<c01049ae>] do_softirq+0x8e/0xe0
[   56.923895] Pid: 3031, comm: wpa_supplicant Not tainted 2.6.29-rc2-1avb #1
[   56.923905] Call Trace:
[   56.923919]  [<c01049ae>] ? do_softirq+0x8e/0xe0
[   56.923941]  [<c011ad12>] __might_sleep+0xd2/0x100
[   56.923952]  [<c0195837>] __kmalloc+0xd7/0x140
[   56.923963]  [<c030946a>] ? _spin_lock_irqsave+0x6a/0x80
[   56.923981]  [<dfc840e9>] ? orinoco_ioctl_set_genie+0x79/0x130 [orinoco]
[   56.923999]  [<dfc840c2>] ? orinoco_ioctl_set_genie+0x52/0x130 [orinoco]
[   56.924017]  [<dfc840e9>] orinoco_ioctl_set_genie+0x79/0x130 [orinoco]
[   56.924036]  [<c0209325>] ? copy_from_user+0x35/0x130
[   56.924061]  [<c02ffd96>] ioctl_standard_call+0x196/0x380
[   56.924085]  [<c029f945>] ? __dev_get_by_name+0x85/0xb0
[   56.924096]  [<c02ff88f>] wext_handle_ioctl+0x14f/0x230
[   56.924113]  [<dfc84070>] ? orinoco_ioctl_set_genie+0x0/0x130 [orinoco]
[   56.924132]  [<c02a3da5>] dev_ioctl+0x495/0x570
[   56.924155]  [<c0293e05>] ? sys_sendto+0xa5/0xd0
[   56.924171]  [<c0142fe8>] ? mark_held_locks+0x48/0x90
[   56.924183]  [<c0292880>] ? sock_ioctl+0x0/0x280
[   56.924193]  [<c029297d>] sock_ioctl+0xfd/0x280
[   56.924203]  [<c0292880>] ? sock_ioctl+0x0/0x280
[   56.924235]  [<c01a51d0>] vfs_ioctl+0x20/0x80
[   56.924246]  [<c01a53e2>] do_vfs_ioctl+0x72/0x570
[   56.924257]  [<c0293e62>] ? sys_send+0x32/0x40
[   56.924268]  [<c02947c0>] ? sys_socketcall+0x1d0/0x2a0
[   56.924280]  [<c010339f>] ? sysenter_exit+0xf/0x16
[   56.924292]  [<c01a5919>] sys_ioctl+0x39/0x70
[   56.924302]  [<c0103371>] sysenter_do_call+0x12/0x31

Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonetfilter: ctnetlink: fix scheduling while atomic
Patrick McHardy [Wed, 21 Jan 2009 20:19:49 +0000 (12:19 -0800)]
netfilter: ctnetlink: fix scheduling while atomic

commit 748085fcbedbf7b0f38d95e178265d7b13360b44 upstream.

Caused by call to request_module() while holding nf_conntrack_lock.

Reported-and-tested-by: Kövesdi György <kgy@teledigit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocifs: make sure we allocate enough storage for socket address
Jeff Layton [Thu, 22 Jan 2009 15:35:13 +0000 (10:35 -0500)]
cifs: make sure we allocate enough storage for socket address

commit a9ac49d303f967be0dabd97cb722c4a13109c6c2 upstream.

cifs_mount declares a struct sockaddr on the stack and then casts it
to the proper address type. The storage allocated is fine for ipv4,
but is too small for ipv6 addresses. Declare it as
"struct sockaddr_storage" instead of struct sockaddr".

This bug was manifesting itself as oopses and address corruption when
mounting IPv6 addresses.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: use early clobbers in usercopy*.c
Andi Kleen [Fri, 16 Jan 2009 14:22:11 +0000 (15:22 +0100)]
x86: use early clobbers in usercopy*.c

commit e0a96129db574d6365e3439d16d88517c437ab33 upstream.

Impact: fix rare (but currently harmless) miscompile with certain configs and gcc versions

Hugh Dickins noticed that strncpy_from_user() was miscompiled
in some circumstances with gcc 4.3.

Thanks to Hugh's excellent analysis it was easy to track down.

Hugh writes:

> Try building an x86_64 defconfig 2.6.29-rc1 kernel tree,
> except not quite defconfig, switch CONFIG_PREEMPT_NONE=y
> and CONFIG_PREEMPT_VOLUNTARY off (because it expands a
> might_fault() there, which hides the issue): using a
> gcc 4.3.2 (I've checked both openSUSE 11.1 and Fedora 10).
>
> It generates the following:
>
0000000000000000 <__strncpy_from_user>:
>    0:   48 89 d1                mov    %rdx,%rcx
>    3:   48 85 c9                test   %rcx,%rcx
>    6:   74 0e                   je     16 <__strncpy_from_user+0x16>
>    8:   ac                      lods   %ds:(%rsi),%al
>    9:   aa                      stos   %al,%es:(%rdi)
>    a:   84 c0                   test   %al,%al
>    c:   74 05                   je     13 <__strncpy_from_user+0x13>
>    e:   48 ff c9                dec    %rcx
>   11:   75 f5                   jne    8 <__strncpy_from_user+0x8>
>   13:   48 29 c9                sub    %rcx,%rcx
>   16:   48 89 c8                mov    %rcx,%rax
>   19:   c3                      retq
>
> Observe that "sub %rcx,%rcx; mov %rcx,%rax", whereas gcc 4.2.1
> (and many other configs) say "sub %rcx,%rdx; mov %rdx,%rax".
> Isn't it returning 0 when it ought to be returning strlen?

The asm constraints for the strncpy_from_user() result were missing an
early clobber, which tells gcc that the last output arguments
are written before all input arguments are read.

Also add more early clobbers in the rest of the file and fix 32-bit
usercopy.c in the same way.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
[ since this API is rarely used and no in-kernel user relies on a 'len'
  return value (they only rely on negative return values) this miscompile
  was never noticed in the field. But it's worth fixing it nevertheless. ]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoPCI/MSI: bugfix/utilize for msi_capability_init()
Hidetoshi Seto [Wed, 24 Dec 2008 08:27:04 +0000 (17:27 +0900)]
PCI/MSI: bugfix/utilize for msi_capability_init()

commit 0db29af1e767464d71b89410d61a1e5b668d0370 upstream.

This patch fix a following bug and does a cleanup.

bug:
commit 5993760f7fc75b77e4701f1e56dc84c0d6cf18d5
had a wrong change (since is_64 is boolean[0|1]):

-               pci_write_config_dword(dev,
-                       msi_mask_bits_reg(pos, is_64bit_address(control)),
-                       maskbits);
+               pci_write_config_dword(dev, entry->msi_attrib.is_64, maskbits);

utilize:
Unify separated if (entry->msi_attrib.maskbit) statements.

Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Acked-by: "Jike Song" <albcamus@gmail.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agom68knommu: set NO_DMA
Adrian Bunk [Wed, 29 Oct 2008 10:15:47 +0000 (12:15 +0200)]
m68knommu: set NO_DMA

commit e0212e72186e855027dd35b37e9d7a99a078448c upstream.

m68knommu does not set the Kconfig NO_DMA variable, but also does
not provide the required functions, resulting in the following
build error triggered by commit a40c24a13366e324bc0ff8c3bb107db89312c984
(net: Add SKB DMA mapping helper functions.):

<--  snip  -->

..
  LD      vmlinux
net/built-in.o: In function `skb_dma_unmap':
(.text+0xac5e): undefined reference to `dma_unmap_single'
net/built-in.o: In function `skb_dma_unmap':
(.text+0xac7a): undefined reference to `dma_unmap_page'
net/built-in.o: In function `skb_dma_map':
(.text+0xacdc): undefined reference to `dma_map_single'
net/built-in.o: In function `skb_dma_map':
(.text+0xace8): undefined reference to `dma_mapping_error'
net/built-in.o: In function `skb_dma_map':
(.text+0xad10): undefined reference to `dma_map_page'
net/built-in.o: In function `skb_dma_map':
(.text+0xad82): undefined reference to `dma_unmap_page'
net/built-in.o: In function `skb_dma_map':
(.text+0xadc6): undefined reference to `dma_unmap_single'
make[1]: *** [vmlinux] Error 1

<--  snip  -->

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosata_mv: fix 8-port timeouts on 508x/6081 chips
Mark Lord [Mon, 19 Jan 2009 23:04:37 +0000 (18:04 -0500)]
sata_mv: fix 8-port timeouts on 508x/6081 chips

commit b0bccb18bc523d1d5060d25958f12438062829a9 upstream.

Fix a longstanding bug for the 8-port Marvell Sata controllers (508x/6081),
where accesses to the upper 4 ports would cause lost-interrupts / timeouts
for the lower 4-ports.  With this patch, the 6081 boards should finally be
reliable enough for mainstream use with Linux.

Signed-off-by: Mark Lord <mlord@pobox.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoxen: make sysfs files behave as their names suggest
Jeremy Fitzhardinge [Thu, 29 Jan 2009 00:50:20 +0000 (16:50 -0800)]
xen: make sysfs files behave as their names suggest

commit 618b2c8db24522ae273d8299c6a936ea13793c4d upstream.

1: make "target_kb" only accept and produce a memory size in kilobytes.
2: add a second "target" file which produces output in bytes, and will accept
   memparse input (scaled bytes)

This fixes the rather irritating problem that writing the same value
read back into target_kb would end up shrinking the domain by a factor
of 1024, with generally bad results.

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Cc: "dan.magenheimer@oracle.com" <dan.magenheimer@oracle.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoManually revert "mlock: downgrade mmap sem while populating mlocked regions"
Linus Torvalds [Sun, 1 Feb 2009 19:00:16 +0000 (11:00 -0800)]
Manually revert "mlock: downgrade mmap sem while populating mlocked regions"

commit 27421e211a39784694b597dbf35848b88363c248 upstream.

This essentially reverts commit 8edb08caf68184fb170f4f69c7445929e199eaea.

It downgraded our mmap semaphore to a read-lock while mlocking pages, in
order to allow other threads (and external accesses like "ps" et al) to
walk the vma lists and take page faults etc.  Which is a nice idea, but
the implementation does not work.

Because we cannot upgrade the lock back to a write lock without
releasing the mmap semaphore, the code had to release the lock entirely
and then re-take it as a writelock.  However, that meant that the caller
possibly lost the vma chain that it was following, since now another
thread could come in and mmap/munmap the range.

The code tried to work around that by just looking up the vma again and
erroring out if that happened, but quite frankly, that was just a buggy
hack that doesn't actually protect against anything (the other thread
could just have replaced the vma with another one instead of totally
unmapping it).

The only way to downgrade to a read map _reliably_ is to do it at the
end, which is likely the right thing to do: do all the 'vma' operations
with the write-lock held, then downgrade to a read after completing them
all, and then do the "populate the newly mlocked regions" while holding
just the read lock.  And then just drop the read-lock and return to user
space.

The (perhaps somewhat simpler) alternative is to just make all the
callers of mlock_vma_pages_range() know that the mmap lock got dropped,
and just re-grab the mmap semaphore if it needs to mlock more than one
vma region.

So we can do this "downgrade mmap sem while populating mlocked regions"
thing right, but the way it was done here was absolutely not correct.
Thus the revert, in the expectation that we will do it all correctly
some day.

Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoLinux 2.6.28.3 v2.6.28.3
Greg Kroah-Hartman [Mon, 2 Feb 2009 18:12:10 +0000 (10:12 -0800)]
Linux 2.6.28.3

15 years agorelay: fix lock imbalance in relay_late_setup_files
Jiri Slaby [Sat, 17 Jan 2009 11:04:36 +0000 (12:04 +0100)]
relay: fix lock imbalance in relay_late_setup_files

commit b786c6a98ef6fa81114ba7b9fbfc0d67060775e3 upstream.

One fail path in relay_late_setup_files() omits
mutex_unlock(&relay_channels_mutex);
Add it.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoNET: net_namespace, fix lock imbalance
Jiri Slaby [Sat, 17 Jan 2009 06:47:12 +0000 (06:47 +0000)]
NET: net_namespace, fix lock imbalance

commit 357f5b0b91054ae23385ea4b0634bb8b43736e83 upstream.

register_pernet_gen_subsys omits mutex_unlock in one fail path.
Fix it.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodmaengine: fix dependency chaining
Yuri Tikhonov [Thu, 29 Jan 2009 12:37:13 +0000 (15:37 +0300)]
dmaengine: fix dependency chaining

commit dd59b8537f6cb53ab863fafad86a5828f1e889a2 upstream

 ASYNC_TX: fix dependency chaining

 In ASYNC_TX we track the dependencies between the descriptors
using the 'next' pointers of the structures. These pointers are
set to NULL as soon as the corresponding descriptor has been
submitted to the channel (in async_tx_run_dependencies()).
 But, the first 'next' in chain still remains set, regardless
the fact, that tx->next is already submitted. This may lead to
multiple submisions of the same descriptor. This patch fixes this.

Signed-off-by: Yuri Tikhonov <yur@emcraft.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoPCI hotplug: fix lock imbalance in pciehp
Jiri Slaby [Sat, 17 Jan 2009 15:23:55 +0000 (16:23 +0100)]
PCI hotplug: fix lock imbalance in pciehp

commit c2fdd36b550659f5ac2240d1f5a83ffa1a092289 upstream.

set_lock_status omits mutex_unlock in fail path. Add the omitted
unlock.

As a result a lockup caused by this can be triggered from userspace
by writing 1 to /sys/bus/pci/slots/.../lock often enough.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86, pat: fix PTE corruption issue while mapping RAM using /dev/mem
Suresh Siddha [Thu, 29 Jan 2009 00:51:53 +0000 (16:51 -0800)]
x86, pat: fix PTE corruption issue while mapping RAM using /dev/mem

commit 9597134218300c045cf219be3664615e97cb239c upstream.

Beschorner Daniel reported:
> hwinfo problem since 2.6.28, showing this in the oops:
>   Corrupted page table at address 7fd04de3ec00

Also, PaX Team reported a regression with this commit:

>   commit 9542ada803198e6eba29d3289abb39ea82047b92
>   Author: Suresh Siddha <suresh.b.siddha@intel.com>
>   Date:   Wed Sep 24 08:53:33 2008 -0700
>
>       x86: track memtype for RAM in page struct

This commit breaks mapping any RAM page through /dev/mem, as the
reserve_memtype() was not initializing the return attribute type and as such
corrupting the PTE entry that was setup with the return attribute type.

Because of this bug, application mapping this RAM page through /dev/mem
will die with "Corrupted page table at address xxxx" message in the kernel
log and also the kernel identity mapping which maps the underlying RAM
page gets converted to UC.

Fix this by initializing the return attribute type before calling
reserve_ram_pages_type()

Reported-by: PaX Team <pageexec@freemail.hu>
Reported-and-tested-by: Beschorner Daniel <Daniel.Beschorner@facton.com>
Tested-and-Acked-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86, pat: fix reserve_memtype() for legacy 1MB range
Suresh Siddha [Thu, 29 Jan 2009 00:51:52 +0000 (16:51 -0800)]
x86, pat: fix reserve_memtype() for legacy 1MB range

commit 5cca0cf15a94417f49625ce52e23589eed0a1675 upstream

Thierry Vignaud reported:
> http://bugzilla.kernel.org/show_bug.cgi?id=12372
>
> On P4 with an SiS motherboard (video card is a SiS 651)
> X server fails to start with error:
> xf86MapVidMem: Could not mmap framebuffer (0x00000000,0x2000) (Invalid
> argument)

Here X is trying to map first 8KB of memory using /dev/mem. Existing
code treats first 0-4KB of memory as non-RAM and 4KB-8KB as RAM. Recent
code changes don't allow to map memory with different attributes
at the same time.

Fix this by treating the first 1MB legacy region as special and always
track the attribute requests with in this region using linear linked
list (and don't bother if the range is RAM or non-RAM or mixed)

Reported-and-tested-by: Thierry Vignaud <tvignaud@mandriva.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocrypto: ccm - Fix handling of null assoc data
Jarod Wilson [Thu, 22 Jan 2009 08:58:15 +0000 (19:58 +1100)]
crypto: ccm - Fix handling of null assoc data

commit 516280e735b034216de97eb7ba080ec6acbfc58f upstream.

Its a valid use case to have null associated data in a ccm vector, but
this case isn't being handled properly right now.

The following ccm decryption/verification test vector, using the
rfc4309 implementation regularly triggers a panic, as will any
other vector with null assoc data:

* key: ab2f8a74b71cd2b1ff802e487d82f8b9
* iv: c6fb7d800d13abd8a6b2d8
* Associated Data: [NULL]
* Tag Length: 8
* input: d5e8939fc7892e2b

The resulting panic looks like so:

Unable to handle kernel paging request at ffff810064ddaec0 RIP:
 [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
PGD 8063 PUD 0
Oops: 0002 [1] SMP
last sysfs file: /module/libata/version
CPU 0
Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg
snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
cd ohci_hcd ehci_hcd
Pid: 12844, comm: crypto-tester Tainted: G      2.6.18-128.el5.fips1 #1
RIP: 0010:[<ffffffff8864c4d7>]  [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
RSP: 0018:ffff8100134434e8  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
FS:  00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
Stack:  ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
Call Trace:
 [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
 [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
 [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
[...]

The above is from a RHEL5-based kernel, but upstream is susceptible too.

The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
whatever was in memory when pctx was allocated if assoclen is 0. The tested
fix is to simply add an else clause setting pctx->ilen to 0 for the
assoclen == 0 case, so that get_data_to_compute() doesn't try doing
things its not supposed to.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocrypto: authenc - Fix zero-length IV crash
Herbert Xu [Tue, 13 Jan 2009 00:26:18 +0000 (11:26 +1100)]
crypto: authenc - Fix zero-length IV crash

commit 29b37f42127f7da511560a40ea74f5047da40c13 upstream.

As it is if an algorithm with a zero-length IV is used (e.g.,
NULL encryption) with authenc, authenc may generate an SG entry
of length zero, which will trigger a BUG check in the hash layer.

This patch fixes it by skipping the IV SG generation if the IV
size is zero.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Add quirk for HP DV6700 laptop
Joerg Schirottke [Tue, 27 Jan 2009 10:01:34 +0000 (11:01 +0100)]
ALSA: hda - Add quirk for HP DV6700 laptop

commit aa9d823bb347fb66cb07f98c686be8bb85cb6a74 upstream.

Added the matching model=laptop for HP DV6700 laptop.

Signed-off-by: Joerg Schirottke <master@kanotix.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - add another MacBook Pro 4, 1 subsystem ID
Luke Yelavich [Wed, 28 Jan 2009 04:58:38 +0000 (15:58 +1100)]
ALSA: hda - add another MacBook Pro 4, 1 subsystem ID

commit 2a88464ceb1bda2571f88902fd8068a6168e3f7b upstream.

Add another MacBook Pro 4,1 SSID (106b:3800). It seems that latter revisions,
(at least mine), have different IDs to earlier revisions.

Signed-off-by: Luke Yelavich <themuso@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs
Takashi Iwai [Fri, 23 Jan 2009 10:55:42 +0000 (11:55 +0100)]
ALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs

commit 00a602db1ce9d61319d6f769dee206ec85f19bda upstream.

The reference NID for the analog outputs of STAC/IDT codecs is set
to a fixed number 0x02.  But this isn't always correct and in many
codecs it points to a non-existing NID.

This patch fixes the initialization of the PCM reference NID taken
from the actually probed DAC list.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoinclude/linux: Add bsg.h to the Kernel exported headers
Boaz Harrosh [Mon, 19 Jan 2009 09:37:38 +0000 (10:37 +0100)]
include/linux: Add bsg.h to the Kernel exported headers

commit a229fc61ef0ee3c30fd193beee0eeb87410227f1 upstream.

bsg.h in current form is perfectly suitable for user-mode
consumption. It is needed together with scsi/sg.h for applications
that want to interface with the bsg driver.

Currently the few projects that use it would copy it over into
the projects. But that is not acceptable for projects that need
to provide source and devel packages for distros.

This should also be submitted to stable 2.6.28 and 2.6.27 since bsg had
a stable API since these Kernels and distro users will need the header
for these kernels a swell

Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosgi-xpc: ensure flags are updated before bte_copy
Robin Holt [Thu, 29 Jan 2009 22:25:06 +0000 (14:25 -0800)]
sgi-xpc: ensure flags are updated before bte_copy

commit 69b3bb65fa97a1e8563518dbbc35cd57beefb2d4 upstream.

The clearing of the msg->flags needs a barrier between it and the notify
of the channel threads that the messages are cleaned and ready for use.

Signed-off-by: Robin Holt <holt@sgi.com>
Signed-off-by: Dean Nelson <dcn@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosgi-xpc: Remove NULL pointer dereference.
Robin Holt [Thu, 29 Jan 2009 22:25:07 +0000 (14:25 -0800)]
sgi-xpc: Remove NULL pointer dereference.

commit 17e2161654da4e6bdfd8d53d4f52e820ee93f423 upstream.

If the bte copy fails, the attempt to retrieve payloads merely returns a
null pointer deref and not NULL as was expected.

Signed-off-by: Robin Holt <holt@sgi.com>
Signed-off-by: Dean Nelson <dcn@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agogpiolib: fix request related issue
Magnus Damm [Thu, 29 Jan 2009 22:25:12 +0000 (14:25 -0800)]
gpiolib: fix request related issue

commit 7460db567bbca76bf087d1694d792a1a96bdaa26 upstream.

Fix request-already-requested handling in gpio_request().

Signed-off-by: Magnus Damm <damm@igel.co.jp>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoepoll: drop max_user_instances and rely only on max_user_watches
Davide Libenzi [Thu, 29 Jan 2009 22:25:26 +0000 (14:25 -0800)]
epoll: drop max_user_instances and rely only on max_user_watches

commit 9df04e1f25effde823a600e755b51475d438f56b upstream.

Linus suggested to put limits where the money is, and max_user_watches
already does that w/out the need of max_user_instances.  That has the
advantage to mitigate the potential DoS while allowing pretty generous
default behavior.

Allowing top 4% of low memory (per user) to be allocated in epoll watches,
we have:

LOMEM    MAX_WATCHES (per user)
512MB    ~178000
1GB      ~356000
2GB      ~712000

A box with 512MB of lomem, will meet some challenge in hitting 180K
watches, socket buffers math teaches us.  No more max_user_instances
limits then.

Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Bron Gondwana <brong@fastmail.fm>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agortl8187: Fix error in setting OFDM power settings for RTL8187L
Larry Finger [Tue, 27 Jan 2009 18:31:23 +0000 (12:31 -0600)]
rtl8187: Fix error in setting OFDM power settings for RTL8187L

commit eb83bbf57429ab80f49b413e3e44d3b19c3fdc5a upstream.

After reports of poor performance, a review of the latest vendor driver
(rtl8187_linux_26.1025.0328.2007) for RTL8187L devices was undertaken.

A difference was found in the code used to index the OFDM power tables. When
the Linux driver was changed, my unit works at a much greater range than
before. I think this fixes Bugzilla #12380 and has been tested by at least
two other users.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Tested-by: Martín Ernesto Barreyro <barreyromartin@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoext3: Add sanity check to make_indexed_dir
Theodore Ts'o [Fri, 16 Jan 2009 16:13:47 +0000 (11:13 -0500)]
ext3: Add sanity check to make_indexed_dir

commit a21102b55c4f8dfd3adb4a15a34cd62237b46039 upstream.

Make sure the rec_len field in the '..' entry is sane, lest we overrun
the directory block and cause a kernel oops on a purposefully
corrupted filesystem.

This fixes a bug related to a bug originally reported by Sami Liedes
for ext4 at:

http://bugzilla.kernel.org/show_bug.cgi?id=12430

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agobnx2x: Block nvram access when the device is inactive
Eilon Greenstein [Wed, 14 Jan 2009 06:44:07 +0000 (06:44 +0000)]
bnx2x: Block nvram access when the device is inactive

commit 2add3acb11a26cc14b54669433ae6ace6406cbf2 upstream.

Don't dump eeprom when bnx2x adapter is down.  Running ethtool -e causes an eeh
without it when the device is down

Signed-off-by: Paul Larson <pl@linux.vnet.ibm.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoFix OOPS in mmap_region() when merging adjacent VM_LOCKED file segments
Andrew Morton [Wed, 28 Jan 2009 21:43:50 +0000 (13:43 -0800)]
Fix OOPS in mmap_region() when merging adjacent VM_LOCKED file segments

This patch differs from the upstream commit
de33c8db5910cda599899dd431cc30d7c1018cbf written by Linus, as it aims to
only prevent the oops from happening, not attempt to change anything
else.

The problem was introduced by commit
ba470de43188cdbff795b5da43a1474523c6c2fb

which added new references to *vma after we've potentially freed it.

From: Andrew Morton <akpm@linux-foundation.org>
Reported-by: Maksim Yevmenkin <maksim.yevmenkin@gmail.com>
Tested-by: Maksim Yevmenkin <maksim.yevmenkin@gmail.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodrm: stash AGP include under the do-we-have-AGP ifdef
Eric Anholt [Thu, 15 Jan 2009 09:16:25 +0000 (01:16 -0800)]
drm: stash AGP include under the do-we-have-AGP ifdef

commit 1bb88edb7a3769992026f34fd648bb459b0469aa upstream.

This fixes the MIPS with DRM build.

Signed-off-by: Eric Anholt <eric@anholt.net>
Tested-by: Martin Michlmayr <tbm@cyrius.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoserial_8250: support for Sealevel Systems Model 7803 COMM+8
Flavio Leitner [Fri, 2 Jan 2009 13:50:43 +0000 (13:50 +0000)]
serial_8250: support for Sealevel Systems Model 7803 COMM+8

commit e65f0f8271b1b0452334e5da37fd35413a000de4 upstream.

Add support for Sealevel Systems Model 7803 COMM+8

Signed-off-by: Flavio Leitner <fleitner@redhat.com>
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>