]> git.karo-electronics.de Git - mv-sheeva.git/log
mv-sheeva.git
13 years agousb: core: fix information leak to userland
Vasiliy Kulikov [Sat, 6 Nov 2010 14:41:28 +0000 (17:41 +0300)]
usb: core: fix information leak to userland

Structure usbdevfs_connectinfo is copied to userland with padding byted
after "slow" field uninitialized.  It leads to leaking of contents of
kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agousb: misc: iowarrior: fix information leak to userland
Vasiliy Kulikov [Sat, 6 Nov 2010 14:41:31 +0000 (17:41 +0300)]
usb: misc: iowarrior: fix information leak to userland

Structure iowarrior_info is copied to userland with padding byted
between "serial" and "revision" fields uninitialized.  It leads to
leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Cc: stable <stable@kernel.org>
Acked-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agousb: misc: sisusbvga: fix information leak to userland
Vasiliy Kulikov [Sat, 6 Nov 2010 14:41:35 +0000 (17:41 +0300)]
usb: misc: sisusbvga: fix information leak to userland

Structure sisusb_info is copied to userland with "sisusb_reserved" field
uninitialized.  It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agousb: subtle increased memory usage in u_serial
Jim Sung [Fri, 5 Nov 2010 01:47:51 +0000 (18:47 -0700)]
usb: subtle increased memory usage in u_serial

OK, the USB gadget serial driver actually has a couple of problems.  On
gs_open(), it always allocates and queues an additional QUEUE_SIZE (16)
worth of requests, so with a loop like this:

    i=1 ; while echo $i > /dev/ttyGS0 ; do let i++ ; done

eventually we run into OOM (Out of Memory).

Technically, it is not a leak as everything gets freed up when the USB
connection is broken, but not on gs_close().

With a USB device/gadget controller driver that has limited resources
(e.g., Marvell has a this MAX_XDS_FOR_TR_CALLS of 64 for transmit and
receive), so even after 4

    stty -F /dev/ttyGS0

we cannot transmit anymore.  We can still receive (not necessarily
reliably) as now we have 16 * 4 = 64 descriptors/buffers ready, but the
device is otherwise not usable.

Signed-off-by: Jim Sung <jsung@syncadence.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoUSB: option: fix when the driver is loaded incorrectly for some Huawei devices.
ma rui [Mon, 1 Nov 2010 03:32:18 +0000 (11:32 +0800)]
USB: option: fix when the driver is loaded incorrectly for some Huawei devices.

When huawei datacard with PID 0x14AC is insterted into Linux system, the
present kernel will load the "option" driver to all the interfaces. But
actually, some interfaces run as other function and do not need "option"
driver.

In this path, we modify the id_tables, when the PID is 0x14ac ,VID is
0x12d1, Only when the interface's Class is 0xff,Subclass is 0xff, Pro is
0xff, it does need "option" driver.

Signed-off-by: ma rui <m00150988@huawei.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoUSB: xhci: Use GFP_ATOMIC under spin_lock
David Sterba [Tue, 2 Nov 2010 22:47:18 +0000 (23:47 +0100)]
USB: xhci: Use GFP_ATOMIC under spin_lock

coccinelle check scripts/coccinelle/locks/call_kern.cocci found that
in drivers/usb/host/xhci.c an allocation with GFP_KERNEL is done
with locks held:

xhci_resume
  spin_lock_irq(xhci->lock)
    xhci_setup_msix
      kmalloc(GFP_KERNEL)

Change it to GFP_ATOMIC.

Signed-off-by: David Sterba <dsterba@suse.cz>
CC: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agousb: gadget: goku_udc: add registered flag bit, fixing build
Andy Whitcroft [Wed, 3 Nov 2010 18:02:38 +0000 (18:02 +0000)]
usb: gadget: goku_udc: add registered flag bit, fixing build

The commit below cleaned up error handling, in part by introducing a
registered flag bit.  This however was not added to the device
structure leding to build failures:

  commit 319feaabb6c7ccd90da6e3207563c265da7d21ae
  Author: Dan Carpenter <error27@gmail.com>
  Date:   Tue Oct 5 18:55:34 2010 +0200

    usb: gadget: goku_udc: Fix error path

Add the missing registered flag bit.

Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoUSB: ehci/mxc: compile fix
Uwe Kleine-König [Tue, 2 Nov 2010 09:30:57 +0000 (10:30 +0100)]
USB: ehci/mxc: compile fix

Commit
65fd427 (USB: ehci tdi : let's tdi_reset set host mode)

broke the build using ARM's mx51_defconfig:

    CC      drivers/usb/host/ehci-hcd.o
  In file included from drivers/usb/host/ehci-hcd.c:1166:
  drivers/usb/host/ehci-mxc.c: In function 'ehci_mxc_drv_probe':
  drivers/usb/host/ehci-mxc.c:192: error: 'ehci' undeclared (first use in this function)
  drivers/usb/host/ehci-mxc.c:192: error: (Each undeclared identifier is reported only once
  drivers/usb/host/ehci-mxc.c:192: error: for each function it appears in.)
  drivers/usb/host/ehci-mxc.c:117: warning: unused variable 'temp'
  make[3]: *** [drivers/usb/host/ehci-hcd.o] Error 1
  make[2]: *** [drivers/usb/host/ehci-hcd.o] Error 2
  make[1]: *** [sub-make] Error 2
  make: *** [all] Error 2

Fix it together with the warning about the unused variable and use
msleep instead of mdelay as requested by Alan Stern.

Cc: Dinh Nguyen <Dinh.Nguyen@freescale.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Tested-by: Nguyen Dinh-R00091 <R00091@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoUSB: Fix FSL USB driver on non Open Firmware systems
Marc Kleine-Budde [Fri, 29 Oct 2010 09:04:49 +0000 (11:04 +0200)]
USB: Fix FSL USB driver on non Open Firmware systems

Commit 126512e3f274802ca65ebeca8660237f0361ad48 added support for FSL's USB
controller on powerpc. In this commit the Open Firmware code was selected
and compiled unconditionally.

This breaks on ARM systems from FSL which use the same driver (.i.e. the i.MX
series), because ARM don't have OF support (yet). This patch fixes the problem
by only selecting the OF code on systems with Open Firmware support.

Reported-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Compile-Tested-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoStaging: Merge 'tidspbridge-2.6.37-rc1' into staging-linus
Greg Kroah-Hartman [Thu, 11 Nov 2010 13:12:34 +0000 (05:12 -0800)]
Staging: Merge 'tidspbridge-2.6.37-rc1' into staging-linus

This is a big revert of a lot of -rc1 tidspbridge patches in order to
get the driver back into a working state.  It also includes a OMAP patch
that was approved by the OMAP maintainer.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoblock: remove unused copy_io_context()
Jens Axboe [Thu, 11 Nov 2010 12:37:54 +0000 (13:37 +0100)]
block: remove unused copy_io_context()

Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoDocumentation: remove anticipatory scheduler info
Randy Dunlap [Thu, 11 Nov 2010 11:09:59 +0000 (12:09 +0100)]
Documentation: remove anticipatory scheduler info

Remove anticipatory block I/O scheduler info from Documentation/
since the code has been deleted.

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Reported-by: "Robert P. J. Day" <rpjday@crashcourse.ca>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoInput: do not pass injected events back to the originating handler
Dmitry Torokhov [Tue, 9 Nov 2010 05:51:25 +0000 (21:51 -0800)]
Input: do not pass injected events back to the originating handler

Sometimes input handlers (as opposed to input devices) have a need to
inject (or re-inject) events back into input core. For example sysrq
filter may want to inject previously suppressed Alt-SysRq so that user
can take a screen print. In this case we do not want to pass such events
back to the same same handler that injected them to avoid loops.

Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
13 years agoInput: pcf8574_keypad - fix error handling in pcf8574_kp_probe
Dan Carpenter [Thu, 11 Nov 2010 07:59:20 +0000 (23:59 -0800)]
Input: pcf8574_keypad - fix error handling in pcf8574_kp_probe

It is not allowed to call input_free_device() after calling
input_unregister_device() because input devices are refcounted and
unregister will free the device if we were holding he last referenc.

The preferred style in input/ is to make input_register_device() the
last function in the probe which can fail.  That way we don't need to
call input_unregister_device().

Also do not need to call input_set_drvdata() as nothing in the driver
uses the data.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
13 years agoInput: acecad - fix a memory leak in usb_acecad_probe error path
Axel Lin [Thu, 11 Nov 2010 07:05:07 +0000 (23:05 -0800)]
Input: acecad - fix a memory leak in usb_acecad_probe error path

Add a missing usb_free_urb() in usb_acecad_probe() error path.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Thu, 11 Nov 2010 06:15:31 +0000 (22:15 -0800)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6

13 years agotcp: Increase TCP_MAXSEG socket option minimum.
David S. Miller [Thu, 11 Nov 2010 05:35:37 +0000 (21:35 -0800)]
tcp: Increase TCP_MAXSEG socket option minimum.

As noted by Steve Chen, since commit
f5fff5dc8a7a3f395b0525c02ba92c95d42b7390 ("tcp: advertise MSS
requested by user") we can end up with a situation where
tcp_select_initial_window() does a divide by a zero (or
even negative) mss value.

The problem is that sometimes we effectively subtract
TCPOLEN_TSTAMP_ALIGNED and/or TCPOLEN_MD5SIG_ALIGNED from the mss.

Fix this by increasing the minimum from 8 to 64.

Reported-by: Steve Chen <schen@mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxen: do not release any memory under 1M in domain 0
Ian Campbell [Thu, 28 Oct 2010 18:32:29 +0000 (11:32 -0700)]
xen: do not release any memory under 1M in domain 0

We already deliberately setup a 1-1 P2M for the region up to 1M in
order to allow code which assumes this region is already mapped to
work without having to convert everything to ioremap.

Domain 0 should not return any apparently unused memory regions
(reserved or otherwise) in this region to Xen since the e820 may not
accurately reflect what the BIOS has stashed in this region.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
13 years agoxen: events: do not unmask event channels on resume
Ian Campbell [Mon, 1 Nov 2010 16:30:09 +0000 (16:30 +0000)]
xen: events: do not unmask event channels on resume

The IRQ core code will take care of disabling and reenabling
interrupts over suspend resume automatically, therefore we do not need
to do this in the Xen event channel code.

The only exception is those event channels marked IRQF_NO_SUSPEND
which the IRQ core ignores. We must unmask these ourselves, taking
care to obey the current IRQ_DISABLED status. Failure check for
IRQ_DISABLED leads to enabling polled only event channels, such as
that associated with the pv spinlocks, which must never be enabled:

[   21.970432] ------------[ cut here ]------------
[   21.970432] kernel BUG at arch/x86/xen/spinlock.c:343!
[   21.970432] invalid opcode: 0000 [#1] SMP
[   21.970432] last sysfs file: /sys/devices/virtual/net/lo/operstate
[   21.970432] Modules linked in:
[   21.970432]
[   21.970432] Pid: 0, comm: swapper Not tainted (2.6.32.24-x86_32p-xen-01034-g787c727 #34)
[   21.970432] EIP: 0061:[<c102e209>] EFLAGS: 00010046 CPU: 3
[   21.970432] EIP is at dummy_handler+0x3/0x7
[   21.970432] EAX: 0000021c EBX: dfc16880 ECX: 0000001a EDX: 00000000
[   21.970432] ESI: dfc02c00 EDI: 00000001 EBP: dfc47e10 ESP: dfc47e10
[   21.970432]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0069
[   21.970432] Process swapper (pid: 0, ti=dfc46000 task=dfc39440 task.ti=dfc46000)
[   21.970432] Stack:
[   21.970432]  dfc47e30 c10a39f0 0000021c 00000000 00000000 dfc16880 0000021c 00000001
[   21.970432] <0> dfc47e40 c10a4f08 0000021c 00000000 dfc47e78 c12240a7 c1839284 c1839284
[   21.970432] <0> 00000200 00000000 00000000 f5720000 c1f3d028 c1f3d02c 00000180 dfc47e90
[   21.970432] Call Trace:
[   21.970432]  [<c10a39f0>] ? handle_IRQ_event+0x5f/0x122
[   21.970432]  [<c10a4f08>] ? handle_percpu_irq+0x2f/0x55
[   21.970432]  [<c12240a7>] ? __xen_evtchn_do_upcall+0xdb/0x15f
[   21.970432]  [<c122481e>] ? xen_evtchn_do_upcall+0x20/0x30
[   21.970432]  [<c1030d47>] ? xen_do_upcall+0x7/0xc
[   21.970432]  [<c102007b>] ? apic_reg_read+0xd3/0x22d
[   21.970432]  [<c1002227>] ? hypercall_page+0x227/0x1005
[   21.970432]  [<c102d30b>] ? xen_force_evtchn_callback+0xf/0x14
[   21.970432]  [<c102da7c>] ? check_events+0x8/0xc
[   21.970432]  [<c102da3b>] ? xen_irq_enable_direct_end+0x0/0x1
[   21.970432]  [<c105e485>] ? finish_task_switch+0x62/0xba
[   21.970432]  [<c14e3f84>] ? schedule+0x808/0x89d
[   21.970432]  [<c1084dc5>] ? hrtimer_start_expires+0x1a/0x22
[   21.970432]  [<c1085154>] ? tick_nohz_restart_sched_tick+0x15a/0x162
[   21.970432]  [<c102f43a>] ? cpu_idle+0x6d/0x6f
[   21.970432]  [<c14db29e>] ? cpu_bringup_and_idle+0xd/0xf
[   21.970432] Code: 5d 0f 95 c0 0f b6 c0 c3 55 66 83 78 02 00 89 e5 5d 0f 95 \
c0 0f b6 c0 c3 55 b2 01 86 10 31 c0 84 d2 89 e5 0f 94 c0 5d c3 55 89 e5 <0f> 0b \
eb fe 55 80 3d 4c ce 84 c1 00 89 e5 57 56 89 c6 53 74 15
[   21.970432] EIP: [<c102e209>] dummy_handler+0x3/0x7 SS:ESP 0069:dfc47e10
[   21.970432] ---[ end trace c0b71f7e12cf3011 ]---

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
13 years agoRevert "staging: tidspbridge: replace iommu custom for opensource implementation"
Felipe Contreras [Wed, 10 Nov 2010 18:12:45 +0000 (12:12 -0600)]
Revert "staging: tidspbridge: replace iommu custom for opensource implementation"

This reverts commit d95ec7e2fd5cebf2f1caf3f572fa5e0a820ac5b1.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - move shared memory iommu maps to tiomap3430.c"
Felipe Contreras [Wed, 10 Nov 2010 18:12:19 +0000 (12:12 -0600)]
Revert "staging: tidspbridge - move shared memory iommu maps to tiomap3430.c"

This reverts commit 0c10e91b6cc9d1c6a23e9eed3e0653f30b6eb3d3.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - rename bridge_brd_mem_map/unmap to a proper name"
Felipe Contreras [Wed, 10 Nov 2010 18:12:11 +0000 (12:12 -0600)]
Revert "staging: tidspbridge - rename bridge_brd_mem_map/unmap to a proper name"

This reverts commit 4dd1944ab7242d76534c97d5fef0ce541a2f1040.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - remove custom mmu code from tiomap3430.c"
Felipe Contreras [Wed, 10 Nov 2010 18:11:59 +0000 (12:11 -0600)]
Revert "staging: tidspbridge - remove custom mmu code from tiomap3430.c"

This reverts commit e7396e77d9e4230bf725b5807732cbca191d111f.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - fix mmufault support"
Felipe Contreras [Wed, 10 Nov 2010 18:11:49 +0000 (12:11 -0600)]
Revert "staging: tidspbridge - fix mmufault support"

This reverts commit f265846db1e755c11498f6f7c011127dfcc5634a.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - remove hw directory"
Felipe Contreras [Wed, 10 Nov 2010 18:11:35 +0000 (12:11 -0600)]
Revert "staging: tidspbridge - remove hw directory"

This reverts commit 053fdb85f56e84bff64a65601be7f72608f016da.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - move all iommu related code to a new file"
Felipe Contreras [Wed, 10 Nov 2010 18:10:20 +0000 (12:10 -0600)]
Revert "staging: tidspbridge - move all iommu related code to a new file"

This reverts commit f94378f9f9a897fc08e9d12733401ae52466e408.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge: remove dw_dmmu_base from cfg_hostres struct"
Felipe Contreras [Wed, 10 Nov 2010 18:09:35 +0000 (12:09 -0600)]
Revert "staging: tidspbridge: remove dw_dmmu_base from cfg_hostres struct"

This reverts commit b5a44939231d6e3b0354624289507bfa1432a7b1.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - remove reserved memory clean up"
Felipe Contreras [Wed, 10 Nov 2010 18:09:22 +0000 (12:09 -0600)]
Revert "staging: tidspbridge - remove reserved memory clean up"

This reverts commit db348ca36e5881cd1d2e5caa6eee7d0237d07a3d.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - deprecate reserve/unreserve_memory funtions"
Felipe Contreras [Wed, 10 Nov 2010 18:09:09 +0000 (12:09 -0600)]
Revert "staging: tidspbridge - deprecate reserve/unreserve_memory funtions"

This reverts commit b1ced160af36043ee80d354318794753b6b7c008.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - remove dmm custom module"
Felipe Contreras [Wed, 10 Nov 2010 18:09:04 +0000 (12:09 -0600)]
Revert "staging: tidspbridge - remove dmm custom module"

This reverts commit 2ab573487a98c06fdfb34308f641f09369d61fa2.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoRevert "staging: tidspbridge - update Kconfig to select IOMMU module"
Felipe Contreras [Wed, 10 Nov 2010 18:08:51 +0000 (12:08 -0600)]
Revert "staging: tidspbridge - update Kconfig to select IOMMU module"

This reverts commit ace5a3ce40bb90f14953c5e3f73e9cf1176b1a28.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agostaging: tidspbridge: hardcode SCM macros while fix is upstreamed
Felipe Contreras [Wed, 10 Nov 2010 17:22:48 +0000 (11:22 -0600)]
staging: tidspbridge: hardcode SCM macros while fix is upstreamed

On 2.6.37-rc1, omap platform internals for SCM have changed,
so the build is broken again.

drivers/staging/tidspbridge/core/tiomap3430.c:26:
    fatal error: plat/control.h: No such file or directory

This is a totally ugly layer violation, but needed until
omap_ctrl_set_dsp_boot*() are provided.

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoStaging: keucr driver: fix uninitialized variable & proper memset length
Konstantin Katuev [Fri, 29 Oct 2010 01:18:18 +0000 (12:18 +1100)]
Staging: keucr driver: fix uninitialized variable & proper memset length

There was commented out transfer_flags initialization.
And i think memset should fill entire structure, not only length of
pointer to it.

This makes the driver work properly now on my hardware.

Signed-off-by: Konstantin Katuev <kkatuev@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoomap: dsp: remove shm from normal memory
Felipe Contreras [Tue, 19 Oct 2010 07:37:24 +0000 (10:37 +0300)]
omap: dsp: remove shm from normal memory

Also, don't be picky about the location, which incidentally fixes the
build since MEMBLOCK_REAL_LIMIT is gone on 2.6.37.

arch/arm/plat-omap/devices.c: In function 'omap_dsp_reserve_sdram_memblock':
arch/arm/plat-omap/devices.c:287: error: 'MEMBLOCK_REAL_LIMIT'
    undeclared (first use in this function)

Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Omar Ramirez Luna <omar.ramirez@ti.com>
13 years agoperf, amd: Use kmalloc_node(,__GFP_ZERO) for northbridge structure allocation
Peter Zijlstra [Mon, 1 Nov 2010 17:52:05 +0000 (18:52 +0100)]
perf, amd: Use kmalloc_node(,__GFP_ZERO) for northbridge structure allocation

Jasper suggested we use the zeroing capability of the allocators
instead of calling memset ourselves. Add node affinity while we're at
it.

Reported-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <new-submission>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agoperf_events: Fix time tracking in samples
Stephane Eranian [Tue, 26 Oct 2010 14:08:01 +0000 (16:08 +0200)]
perf_events: Fix time tracking in samples

This patch corrects time tracking in samples. Without this patch
both time_enabled and time_running are bogus when user asks for
PERF_SAMPLE_READ.

One uses PERF_SAMPLE_READ to sample the values of other counters
in each sample. Because of multiplexing, it is necessary to know
both time_enabled, time_running to be able to scale counts correctly.

In this second version of the patch, we maintain a shadow
copy of ctx->time which allows us to compute ctx->time without
calling update_context_time() from NMI context. We avoid the
issue that update_context_time() must always be called with
ctx->lock held.

We do not keep shadow copies of the other event timings
because if the lead event is overflowing then it is active
and thus it's been scheduled in via event_sched_in() in
which case neither tstamp_stopped, tstamp_running can be modified.

This timing logic only applies to samples when PERF_SAMPLE_READ
is used.

Note that this patch does not address timing issues related
to sampling inheritance between tasks. This will be addressed
in a future patch.

With this patch, the libpfm4 example task_smpl now reports
correct counts (shown on 2.4GHz Core 2):

$ task_smpl -p 2400000000 -e unhalted_core_cycles:u,instructions_retired:u,baclears  noploop 5
noploop for 5 seconds
IIP:0x000000004006d6 PID:5596 TID:5596 TIME:466,210,211,430 STREAM_ID:33 PERIOD:2,400,000,000 ENA=1,010,157,814 RUN=1,010,157,814 NR=3
2,400,000,254 unhalted_core_cycles:u (33)
2,399,273,744 instructions_retired:u (34)
53,340 baclears (35)

Signed-off-by: Stephane Eranian <eranian@google.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <4cc6e14b.1e07e30a.256e.5190@mx.google.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agoxfs: remove incorrect assert in xfs_vm_writepage
Christoph Hellwig [Wed, 10 Nov 2010 21:39:11 +0000 (21:39 +0000)]
xfs: remove incorrect assert in xfs_vm_writepage

In commit 20cb52ebd1b5ca6fa8a5d9b6b1392292f5ca8a45, titled
"xfs: simplify xfs_vm_writepage" I added an assert that any !mapped and
uptodate buffers are not dirty.  That asserts turns out to trigger a lot
when running fsx on filesystems with small block sizes.  The reason for
that is that the assert is simply incorrect.  !mapped and uptodate
just mean this buffer covers a hole, and whenever we do a set_page_dirty
we mark all blocks in the page dirty, no matter if they have data or
not.  So remove the assert, and update the comment above the condition
to match reality.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoAPPARMOR: Fix memory leak of apparmor_init()
wzt.wzt@gmail.com [Wed, 10 Nov 2010 08:05:15 +0000 (16:05 +0800)]
APPARMOR: Fix memory leak of apparmor_init()

set_init_cxt() allocted sizeof(struct aa_task_cxt) bytes for cxt,
if register_security() failed, it will cause memory leak.

Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agoAPPARMOR: Fix memory leak of alloc_namespace()
wzt.wzt@gmail.com [Wed, 10 Nov 2010 03:31:55 +0000 (11:31 +0800)]
APPARMOR: Fix memory leak of alloc_namespace()

policy->name is a substring of policy->hname, if prefix is not NULL, it will
allocted strlen(prefix) + strlen(name) + 3 bytes to policy->hname in policy_init().
use kzfree(ns->base.name) will casue memory leak if alloc_namespace() failed.

Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
13 years agonet: avoid limits overflow
Eric Dumazet [Tue, 9 Nov 2010 23:24:26 +0000 (23:24 +0000)]
net: avoid limits overflow

Robin Holt tried to boot a 16TB machine and found some limits were
reached : sysctl_tcp_mem[2], sysctl_udp_mem[2]

We can switch infrastructure to use long "instead" of "int", now
atomic_long_t primitives are available for free.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Reported-by: Robin Holt <holt@sgi.com>
Reviewed-by: Robin Holt <holt@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: packet: fix information leak to userland
Vasiliy Kulikov [Wed, 10 Nov 2010 20:09:10 +0000 (12:09 -0800)]
net: packet: fix information leak to userland

packet_getname_spkt() doesn't initialize all members of sa_data field of
sockaddr struct if strlen(dev->name) < 13.  This structure is then copied
to userland.  It leads to leaking of contents of kernel stack memory.
We have to fully fill sa_data with strncpy() instead of strlcpy().

The same with packet_getname(): it doesn't initialize sll_pkttype field of
sockaddr_ll.  Set it to zero.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agolocks: remove dead lease error-handling code
J. Bruce Fields [Wed, 3 Nov 2010 22:09:18 +0000 (18:09 -0400)]
locks: remove dead lease error-handling code

A minor oversight from f7347ce4ee7c65415f84be915c018473e7076f31,
"fasync: re-organize fasync entry insertion to allow it under a
spinlock": this cleanup-on-error was only needed to handle -ENOMEM.  Now
that we're preallocating it's unneeded.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
13 years agolocks: fix leak on merging leases
J. Bruce Fields [Wed, 3 Nov 2010 20:49:44 +0000 (16:49 -0400)]
locks: fix leak on merging leases

We must also free the passed-in lease in the case it wasn't used because
an existing lease was upgrade/downgraded or already existed.

Note the nfsd caller doesn't care because it's fl_change callback
returns an error in those cases.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
13 years agofilter: make sure filters dont read uninitialized memory
David S. Miller [Wed, 10 Nov 2010 18:38:24 +0000 (10:38 -0800)]
filter: make sure filters dont read uninitialized memory

There is a possibility malicious users can get limited information about
uninitialized stack mem array. Even if sk_run_filter() result is bound
to packet length (0 .. 65535), we could imagine this can be used by
hostile user.

Initializing mem[] array, like Dan Rosenberg suggested in his patch is
expensive since most filters dont even use this array.

Its hard to make the filter validation in sk_chk_filter(), because of
the jumps. This might be done later.

In this patch, I use a bitmap (a single long var) so that only filters
using mem[] loads/stores pay the price of added security checks.

For other filters, additional cost is a single instruction.

[ Since we access fentry->k a lot now, cache it in a local variable
  and mark filter entry pointer as const. -DaveM ]

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: ax25: fix information leak to userland
Vasiliy Kulikov [Wed, 10 Nov 2010 18:14:33 +0000 (10:14 -0800)]
net: ax25: fix information leak to userland

Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
field of fsa struct, also the struct has padding bytes between
sax25_call and sax25_ndigis fields.  This structure is then copied to
userland.  It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfs: use hlist_add_fake
Christoph Hellwig [Sat, 6 Nov 2010 11:43:08 +0000 (11:43 +0000)]
xfs: use hlist_add_fake

XFS does not need it's inodes to actuall be hashed in the VFS inode
cache, but we require the inode to be marked hashed for the
writeback code to work.

Insted of using insert_inode_hash, which requires a second
inode_lock roundtrip after the partial merge of the inode
scalability patches in 2.6.37-rc simply use the new hlist_add_fake
helper to mark it hashed without requiring a lock or touching a
global cache line.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoxfs: fix a few compiler warnings with CONFIG_XFS_QUOTA=n
Christoph Hellwig [Sat, 6 Nov 2010 11:42:56 +0000 (11:42 +0000)]
xfs: fix a few compiler warnings with CONFIG_XFS_QUOTA=n

Andi Kleen reported that gcc-4.5 gives lots of warnings for him
inside the XFS code.  It turned out most of them are due to the
quota stubs beeing macros, and gcc now complaining about macros
evaluating to 0 that are not assigned to variables.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoxfs: tell lockdep about parent iolock usage in filestreams
Christoph Hellwig [Sat, 6 Nov 2010 11:42:44 +0000 (11:42 +0000)]
xfs: tell lockdep about parent iolock usage in filestreams

The filestreams code may take the iolock on the parent inode while
holding it on a child.  This is the only place in XFS where we take
both the child and parent iolock, so just telling lockdep about it
is enough.  The lock flag required for that was already added as
part of the ilock lockdep annotations and unused so far.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoxfs: move delayed write buffer trace
Dave Chinner [Mon, 8 Nov 2010 08:55:05 +0000 (08:55 +0000)]
xfs: move delayed write buffer trace

The delayed write buffer split trace currently issues a trace for
every buffer it scans. These buffers are not necessarily queued for
delayed write. Indeed, when buffers are pinned, there can be
thousands of traces of buffers that aren't actually queued for
delayed write and the ones that are are lost in the noise. Move the
trace point to record only buffers that are split out for IO to be
issued on.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoxfs: fix per-ag reference counting in inode reclaim tree walking
Dave Chinner [Mon, 8 Nov 2010 08:55:04 +0000 (08:55 +0000)]
xfs: fix per-ag reference counting in inode reclaim tree walking

The walk fails to decrement the per-ag reference count when the
non-blocking walk fails to obtain the per-ag reclaim lock, leading
to an assert failure on debug kernels when unmounting a filesystem.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoxfs: xfs_ioctl: fix information leak to userland
Kulikov Vasiliy [Sat, 30 Oct 2010 14:26:17 +0000 (14:26 +0000)]
xfs: xfs_ioctl: fix information leak to userland

al_hreq is copied from userland.  If al_hreq.buflen is not properly aligned
then xfs_attr_list will ignore the last bytes of kbuf.  These bytes are
unitialized.  It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoxfs: remove experimental tag from the delaylog option
Christoph Hellwig [Thu, 28 Oct 2010 21:37:10 +0000 (21:37 +0000)]
xfs: remove experimental tag from the delaylog option

We promised to do this for 2.6.37, and the code looks stable enough to
keep that promise.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
13 years agoARM: 6472/1: vexpress ct-ca9x4: only set twd_base if local timers are being used
Will Deacon [Wed, 10 Nov 2010 14:59:11 +0000 (15:59 +0100)]
ARM: 6472/1: vexpress ct-ca9x4: only set twd_base if local timers are being used

In commit bde28b84, I made the assumption that CONFIG_SMP is always set
for the quad-core ct-ca9x4 platform. As it turns out, people who aren't
using the SMP goodness are confronted with a build failure.

This patch fixes this issue by ensure that twd_base is only set if
local timers are being used (and therefore SMP support is configured).

Reported-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
13 years agoperf trace: update usage
Tom Zanussi [Wed, 10 Nov 2010 14:20:45 +0000 (08:20 -0600)]
perf trace: update usage

Update usage to reflect the different perf trace variants.

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
13 years agoperf trace: update Documentation with new perf trace variants
Tom Zanussi [Wed, 10 Nov 2010 14:19:35 +0000 (08:19 -0600)]
perf trace: update Documentation with new perf trace variants

Add documentation describing new 'perf trace' command changes
e.g. <command> handling and live-mode/top variants.

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
13 years agoperf trace: live-mode command-line cleanup
Tom Zanussi [Wed, 10 Nov 2010 14:16:51 +0000 (08:16 -0600)]
perf trace: live-mode command-line cleanup

This patch attempts to make the perf trace command-line for live-mode
commands more user-friendly and consistent with other perf commands.

The main change it makes is to allow <commands> to be run as part of
perf trace live-mode commands, as other perf commands do, instead of
the system-wide traces they're currently hard-coded to by the shell
scripts.

With this patch, the following live-mode trace now works as expected:

 $ perf trace rw-by-pid ls -al

The previous system-wide behavior for this command would still be
available by explicitly specifying -a:

 $ perf trace rw-by-pid -a ls -al

and if no <command> is specified, the output is also system-wide:

 $ perf trace rw-by-pid

Because live-mode requires both record and report steps to be invoked,
it isn't always possible to know which args to send to the report and
which to send to the record steps - mainly this is the case for report
scripts with optional args - in those cases it would be necessary to
use separate 'perf trace record' and 'perf trace report' steps.

For example:

 $ perf trace syscall-counts ls

Here we can't decide whether ls should be passed as a param to the
syscall-counts script or whether we should invoke ls as a <command>.
In these cases, we just say that we'll ignore optional script params
and always interpret the extra arguments as a <command>.

If the user instead wants the other interpretation, that can be
accomplished by using separate record and report commands explicitly:

 $ perf trace record syscall-counts
 $ perf trace report syscall-counts ls

So the rules that this patch implements, which seem to make the most
intuitive sense for live-mode commands:

- for commands with optional args and commands with no args, no args
  are sent to the report script, all are sent to the record step

- for 'top' commands i.e. that end with 'top', <commands> can't be
  used - all extra args are send to the report script as params

- for commands with required args, the n required args are taken to be
  the first n args after the script name and sent to the report
  script, and the rest are sent to the record step

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
13 years agoperf trace record: handle commands correctly
Tom Zanussi [Wed, 10 Nov 2010 14:15:43 +0000 (08:15 -0600)]
perf trace record: handle commands correctly

Because the perf-trace shell scripts hard-coded the use of the
perf-record system-wide param, a perf trace record session was always
system wide, even if it was given a command.

If given a command, perf trace record now only records the events for
the command, as users expect.

If no command is given, or if the '-a' option is used, the recorded
events are system-wide, as before.

root@tropicana:~# perf trace record syscall-counts ls -al
root@tropicana:~# perf trace
              ls-23152 [000] 39984.890387: sys_enter: NR 12 (0, 0, 0, 0, 0, 0)
              ls-23152 [000] 39984.890404: sys_enter: NR 9 (0, 0, 0, 0, 0, 0)

root@tropicana:~# perf trace record syscall-counts -a ls -al
root@tropicana:~# perf trace
    npviewer.bin-22297 [000] 39831.102709: sys_enter: NR 168 (0, 0, 0, 0, 0, 0)
              ls-23111 [000] 39831.107679: sys_enter: NR 59 (0, 0, 0, 0, 0, 0)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
13 years agoperf record: make the record options available outside perf record
Tom Zanussi [Wed, 10 Nov 2010 14:11:30 +0000 (08:11 -0600)]
perf record: make the record options available outside perf record

Other perf commands that invoke perf record, such as perf trace, may
want to reuse the options used by perf record.

This makes them non-static and renames them to avoid clashes with
other 'options' variables.

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
13 years agoperf trace scripting: remove system-wide param from shell scripts
Tom Zanussi [Wed, 10 Nov 2010 14:08:20 +0000 (08:08 -0600)]
perf trace scripting: remove system-wide param from shell scripts

Including -a unconditionally when recording doesn't allow for the
option of running scripts without it.  Future patches will add add it
back if needed at run-time.

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
13 years agoblock: remove REQ_HARDBARRIER
Christoph Hellwig [Wed, 10 Nov 2010 13:54:09 +0000 (14:54 +0100)]
block: remove REQ_HARDBARRIER

REQ_HARDBARRIER is dead now, so remove the leftovers.  What's left
at this point is:

 - various checks inside the block layer.
 - sanity checks in bio based drivers.
 - now unused bio_empty_barrier helper.
 - Xen blockfront use of BLKIF_OP_WRITE_BARRIER - it's dead for a while,
   but Xen really needs to sort out it's barrier situaton.
 - setting of ordered tags in uas - dead code copied from old scsi
   drivers.
 - scsi different retry for barriers - it's dead and should have been
   removed when flushes were converted to FS requests.
 - blktrace handling of barriers - removed.  Someone who knows blktrace
   better should add support for REQ_FLUSH and REQ_FUA, though.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoperf trace scripting: fix some small memory leaks and missing error checks
Tom Zanussi [Wed, 10 Nov 2010 13:52:32 +0000 (07:52 -0600)]
perf trace scripting: fix some small memory leaks and missing error checks

Free the other two fields of script_desc which somehow got overlooked,
free malloc'ed args in case exec fails, and add missing checks for
failed mallocs.

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
13 years agoMerge branch 'for-2.6.37/drivers' into for-linus
Jens Axboe [Wed, 10 Nov 2010 13:51:27 +0000 (14:51 +0100)]
Merge branch 'for-2.6.37/drivers' into for-linus

Conflicts:
drivers/block/cciss.c

Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoioprio: rcu_read_lock/unlock protect find_task_by_vpid call (V2)
Sergey Senozhatsky [Tue, 9 Nov 2010 20:26:56 +0000 (21:26 +0100)]
ioprio: rcu_read_lock/unlock protect find_task_by_vpid call (V2)

Commit 4221a9918e38b7494cee341dda7b7b4bb8c04bde "Add RCU check for
find_task_by_vpid()" introduced rcu_lockdep_assert to find_task_by_pid_ns=

Assertion failed in sys_ioprio_get. The patch is fixing assertion
failure in ioprio_set as well.

 kernel/pid.c:419 invoked rcu_dereference_check() without protection!

 stack backtrace:
 Pid: 4254, comm: iotop Not tainted
 Call Trace:
 [<ffffffff810656f2>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff81053c67>] find_task_by_pid_ns+0x4f/0x68
 [<ffffffff81053c9d>] find_task_by_vpid+0x1d/0x1f
 [<ffffffff811104e2>] sys_ioprio_get+0x50/0x2da
 [<ffffffff81002182>] system_call_fastpath+0x16/0x1b

V2: rcu critical section expanded according to comment by Paul E. McKenney

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoioprio: fix RCU locking around task dereference
Daniel J Blueman [Tue, 9 Nov 2010 20:33:02 +0000 (21:33 +0100)]
ioprio: fix RCU locking around task dereference

With 2.6.37-rc1, I observe sys_ioprio_set not taking the RCU lock [1]
across access to the task credentials.

Inspecting the code in fs/ioprio.c, the tasklist_lock is held for read
across the __task_cred call, which is presumably sufficient to prevent
the task credentials becoming stale.

===================================================

[ INFO: suspicious rcu_dereference_check() usage. ]

---------------------------------------------------

kernel/pid.c:419 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 1

1 lock held by start-stop-daem/2246:

 #0:  (tasklist_lock){.?.?..}, at: [<ffffffff811a2dfa>]
sys_ioprio_set+0x8a/0x400

stack backtrace:

Pid: 2246, comm: start-stop-daem Not tainted 2.6.37-rc1-330cd+ #2

Call Trace:

 [<ffffffff8109f5f4>] lockdep_rcu_dereference+0xa4/0xc0

 [<ffffffff81085651>] find_task_by_pid_ns+0x81/0x90

 [<ffffffff8108567d>] find_task_by_vpid+0x1d/0x20

 [<ffffffff811a3160>] sys_ioprio_set+0x3f0/0x400

 [<ffffffff816efa79>] ? trace_hardirqs_on_thunk+0x3a/0x3f

 [<ffffffff81003482>] system_call_fastpath+0x16/0x1b

Take the RCU lock for read across acquiring the pointer to the task
credentials and dereferencing it.

Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Fixed up by Jens to fix missing rcu_read_unlock() on mismatches.

Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoblock: ioctl: fix information leak to userland
Vasiliy Kulikov [Mon, 8 Nov 2010 13:42:40 +0000 (14:42 +0100)]
block: ioctl: fix information leak to userland

Structure hd_geometry is copied to userland with 4 padding bytes
between cylinders and start fields uninitialized on 64-bit platforms.
It leads to leaking of contents of kernel stack memory.

Currently there is no memset() in real implementations of getgeo()
in drivers/block/, so it makes sense to have memset() in blkdev_ioctl().

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoblock: read i_size with i_size_read()
Mike Snitzer [Mon, 8 Nov 2010 13:39:12 +0000 (14:39 +0100)]
block: read i_size with i_size_read()

Convert direct reads of an inode's i_size to using i_size_read().

i_size_{read,write} use a seqcount to protect reads from accessing
incomple writes.  Concurrent i_size_write()s require mutual exclussion
to protect the seqcount that is used by i_size_{read,write}.  But
i_size_read() callers do not need to use additional locking.

Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Acked-by: NeilBrown <neilb@suse.de>
Acked-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agocciss: fix proc warning on attempt to remove non-existant directory
Jens Axboe [Mon, 8 Nov 2010 13:29:13 +0000 (14:29 +0100)]
cciss: fix proc warning on attempt to remove non-existant directory

Randy reports that he gets the following stack trace when
removing the cciss module:

[  109.164277] Pid: 3463, comm: rmmod Not tainted 2.6.37-rc1 #7
[  109.164280] Call Trace:
[  109.164292]  [<ffffffff8107eb8d>] warn_slowpath_common+0xc6/0xf3
[  109.164299]  [<ffffffff8107ecaa>] warn_slowpath_fmt+0x5b/0x6b
[  109.164307]  [<ffffffff8155175b>] ? _raw_spin_unlock+0x40/0x4b
[  109.164313]  [<ffffffff8123dd1e>] remove_proc_entry+0x156/0x35e
[  109.164320]  [<ffffffff812cd91b>] ? do_raw_spin_unlock+0xff/0x10f
[  109.164327]  [<ffffffff8113823d>] ? trace_hardirqs_on+0x10/0x4a
[  109.164333]  [<ffffffff8155162d>] ? _raw_spin_unlock_irq+0x4c/0x7b
[  109.164339]  [<ffffffff8154d4d1>] ? wait_for_common+0x145/0x15e
[  109.164345]  [<ffffffff81075337>] ? default_wake_function+0x0/0x22
[  109.164357]  [<ffffffffa0615a8f>] cciss_cleanup+0xa9/0xc7 [cciss]
[  109.164365]  [<ffffffff810d3cb0>] sys_delete_module+0x2d6/0x368
[  109.164371]  [<ffffffff8155036b>] ? lockdep_sys_exit_thunk+0x35/0x67
[  109.164377]  [<ffffffff810fdfaf>] ? audit_syscall_entry+0x172/0x1a5
[  109.164383]  [<ffffffff815502f5>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[  109.164389]  [<ffffffff8100ea72>] system_call_fastpath+0x16/0x1b
[  109.164394] ---[ end trace 88e8568246ed0b1d ]---

which will happen if you don't actually have an HP CISS adapter,
since it'll do an uncondional removal of a proc directory it
never attempted to create in that case.

Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Tested-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agobio: take care not overflow page count when mapping/copying user data
Jens Axboe [Wed, 10 Nov 2010 13:36:25 +0000 (14:36 +0100)]
bio: take care not overflow page count when mapping/copying user data

If the iovec is being set up in a way that causes uaddr + PAGE_SIZE
to overflow, we could end up attempting to map a huge number of
pages. Check for this invalid input type.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoblock: limit vec count in bio_kmalloc() and bio_alloc_map_data()
Jens Axboe [Fri, 29 Oct 2010 17:46:56 +0000 (11:46 -0600)]
block: limit vec count in bio_kmalloc() and bio_alloc_map_data()

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoblock: take care not to overflow when calculating total iov length
Jens Axboe [Fri, 29 Oct 2010 17:31:42 +0000 (11:31 -0600)]
block: take care not to overflow when calculating total iov length

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agoblock: check for proper length of iov entries in blk_rq_map_user_iov()
Jens Axboe [Fri, 29 Oct 2010 14:10:18 +0000 (08:10 -0600)]
block: check for proper length of iov entries in blk_rq_map_user_iov()

Ensure that we pass down properly validated iov segments before
calling into the mapping or copy functions.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
13 years agox86, pvclock: Remove leftover scale_delta() function
Kusanagi Kouichi [Fri, 5 Nov 2010 11:04:42 +0000 (20:04 +0900)]
x86, pvclock: Remove leftover scale_delta() function

Commit 92580d64e16402762e2acc3022f065397c780425
("x86: pvclock: Move scale_delta into common header")
forgot to remove scale_delta.

Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
Cc: Zachary Amsden <zamsden@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Glauber Costa <glommer@redhat.com>
LKML-Reference: <20101105110444.BAF6D6FC03B@msa105.auone-net.jp>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agox86, apic: Remove double #include
Jesper Juhl [Sun, 7 Nov 2010 21:57:18 +0000 (22:57 +0100)]
x86, apic: Remove double #include

Remove the second <asm/atomic.h> inclusion.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
LKML-Reference: <alpine.LNX.2.00.1011072253360.26247@swampdragon.chaosbits.net>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agox86: Adjust section annotations in AMD Fam10 MMCONF enabling code
Jan Beulich [Thu, 4 Nov 2010 15:23:58 +0000 (15:23 +0000)]
x86: Adjust section annotations in AMD Fam10 MMCONF enabling code

check_enable_amd_mmconf_dmi() gets called only for the BSP,
hence everything hanging off of it can be __init*.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Yinghai Lu <yinghai@kernel.org>
LKML-Reference: <4CD2DE1E0200007800020990@vpn.id2.novell.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agox86, UV: Update node controller MMRs
Jack Steiner [Sat, 6 Nov 2010 20:41:04 +0000 (15:41 -0500)]
x86, UV: Update node controller MMRs

A new version of the SGI UV hub node controller is being
developed. A few of the MMRs (control registers) that exist on
the current hub no longer exist on the new hub. Fortunately,
there are alternate MMRs that are are functionally equivalent
and that exist on both hubs.

This patch changes the UV code to use MMRs that exist in BOTH
versions of the hub node controller.

Signed-off-by: Jack Steiner <steiner@sgi.com>
LKML-Reference: <20101106204056.GA27584@sgi.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agoperf: Fix usages of profile_cpu in builtin-top.c to use cpu_list
Corey Ashford [Tue, 9 Nov 2010 02:20:45 +0000 (18:20 -0800)]
perf: Fix usages of profile_cpu in builtin-top.c to use cpu_list

profile_cpu was left over from an earlier implementation that
supported running perf top on a single CPU.  profile_cpu was no
longer set by any switch and usages of it resulted in dead code.

Instead, convert the code to use cpu_list, which is set by the
-C <cpu_list> option.

Also improved the printing of nr_cpus and cpu_list by correcting
the plurals.

Signed-off-by: Corey Ashford <cjashfor@linux.vnet.ibm.com>
Cc: a.p.zijlstra@chello.nl
Cc: acme@redhat.com
LKML-Reference: <1289269245-9388-1-git-send-email-cjashfor@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agox86: Remove unnecessary casts of void ptr returning alloc function return values
Jesper Juhl [Mon, 8 Nov 2010 23:08:11 +0000 (00:08 +0100)]
x86: Remove unnecessary casts of void ptr returning alloc function return values

The [vk][cmz]alloc(_node) family of functions return void
pointers which it's completely unnecessary/pointless to cast to
other pointer types since that happens implicitly.

This patch removes such casts from arch/x86.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Cc: trivial@kernel.org
Cc: amd64-microcode@amd64.org
Cc: Andreas Herrmann <andreas.herrmann3@amd.com>
LKML-Reference: <alpine.LNX.2.00.1011082310220.23697@swampdragon.chaosbits.net>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agoperf, ui: Eliminate stack-smashing protection compiler complaint
Cyrill Gorcunov [Sat, 6 Nov 2010 08:47:24 +0000 (11:47 +0300)]
perf, ui: Eliminate stack-smashing protection compiler complaint

The gcc complains about small auto-var strings being allocated from stack space.
Make them const to avoid this:

 | CC util/ui/util.o
 | cc1: warnings being treated as errors
 | util/ui/util.c: In function ‘ui__dialog_yesno’:
 | util/ui/util.c:108: error: not protecting function: no buffer at least 8 bytes long
 | make: *** [util/ui/util.o] Error 1

The real bug is in the newtWinChoice() ABI - but that's an
externality we cannot fix here, so we use this workaround.

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Frédéric Weisbecker <fweisbec@gmail.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
LKML-Reference: <20101106084724.GA5956@lenovo>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agodrm/ttm: Be consistent on ttm_bo_init() failures
Thomas Hellstrom [Tue, 9 Nov 2010 20:31:44 +0000 (21:31 +0100)]
drm/ttm: Be consistent on ttm_bo_init() failures

Call destroy() on _all_ ttm_bo_init() failures, and make sure that
behavior is documented in the function description.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
13 years agodrm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
Michel Dänzer [Tue, 9 Nov 2010 10:50:05 +0000 (11:50 +0100)]
drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.

If ttm_bo_init() returns failure, it already destroyed the BO, so we need to
retry from scratch.

Signed-off-by: Michel Dänzer <daenzer@vmware.com>
Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
13 years agoStaging: wlan-ng: Fix wrong #ifdef #endif sequence
Maximiliano David Bustos [Mon, 8 Nov 2010 20:34:57 +0000 (17:34 -0300)]
Staging: wlan-ng: Fix wrong #ifdef #endif sequence

This patch fixes bug #13820 from bugzilla.kernel.org.

Quote: "If ETHTOOL_GLINK is not defined, the end for switch case is not
to be found."

Signed-off-by: Maximiliano David Bustos <md.bustos90@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoStaging: Update parameters for cfg80211 key management operation
Ben Hutchings [Sun, 7 Nov 2010 17:22:41 +0000 (17:22 +0000)]
Staging: Update parameters for cfg80211 key management operation

Commit e31b82136d1adc7a599b6e99d3321e5831841f5a ("cfg80211/mac80211:
allow per-station GTKs") changed the signatures of these operations
but did not update the staging drivers.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoStaging: ath6kl: Fix pointer casts on 64-bit architectures
Ben Hutchings [Sun, 7 Nov 2010 17:19:39 +0000 (17:19 +0000)]
Staging: ath6kl: Fix pointer casts on 64-bit architectures

Remove unnecessary cast of firmware base address to integer before
adding an offset.

Fix direct use of sk_buff::network_header which is an offset rather
than a pointer on 64-bit architectures.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoStaging: batman-adv: suppress false warning when changing the mac address
Marek Lindner [Thu, 4 Nov 2010 22:02:30 +0000 (23:02 +0100)]
Staging: batman-adv: suppress false warning when changing the mac address

Whenever the mac address of an batman interface is changed
check_known_mac_addr() is called to print a warning if the newly added
mac address exists an another batman interface. While looping through
the batman interface list check_known_mac_addr() only compares mac
addresses and does not make sure they belong to different interfaces,
thus always printing a warning.

Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoStaging: batman-adv: fix interface alternating and bonding reggression
Chris Lang [Thu, 4 Nov 2010 22:02:29 +0000 (23:02 +0100)]
Staging: batman-adv: fix interface alternating and bonding reggression

55d1666b521cbed95924c8d4775fe272c103f08c incidentally disabled bonding
of packets first entering the mesh along with also disabling interface
alternating regardless of where the packet came from. This re-enables
these options.

Signed-off-by: Chris Lang <clang@gateworks.com>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agotty_ldisc: Fix BUG() on hangup
Philippe Rétornaz [Wed, 27 Oct 2010 15:13:21 +0000 (17:13 +0200)]
tty_ldisc: Fix BUG() on hangup

A kernel BUG when bluetooth rfcomm connection drop while the associated
serial port is open is sometime triggered.

It seems that the line discipline can disappear between the
tty_ldisc_put and tty_ldisc_get. This patch fall back to the N_TTY line
discipline if the previous discipline is not available anymore.

Signed-off-by: Philippe Retornaz <philippe.retornaz@epfl.ch>
Acked-by: Alan Cox <alan@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoTTY: restore tty_ldisc_wait_idle
Jiri Slaby [Sun, 31 Oct 2010 22:17:51 +0000 (23:17 +0100)]
TTY: restore tty_ldisc_wait_idle

It was removed in 65b770468e98 (tty-ldisc: turn ldisc user count into
a proper refcount), but we need to wait for last user to quit the
ldisc before we close it in tty_set_ldisc.

Otherwise weird things start to happen. There might be processes
waiting in tty_read->n_tty_read on tty->read_wait for input to appear
and at that moment, a change of ldisc is fatal. n_tty_close is called,
it frees read_buf and the waiting process is still in the middle of
reading and goes nuts after it is woken.

Previously we prevented close to happen when others are in ldisc ops
by tty_ldisc_wait_idle in tty_set_ldisc. But the commit above removed
that. So revoke the change and test whether there is 1 user (=we), and
allow the close then.

We can do that without ldisc/tty locks, because nobody else can open
the device due to TTY_LDISC_CHANGING bit set, so we in fact wait for
everybody to leave.

I don't understand why tty_ldisc_lock would be needed either when the
counter is an atomic variable, so this is a lockless
tty_ldisc_wait_idle.

On the other hand, if we fail to wait (timeout or signal), we have to
reenable the halted ldiscs, so we take ldisc lock and reuse the setup
path at the end of tty_set_ldisc.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Sebastian Andrzej Siewior <bigeasy@breakpoint.cc>
LKML-Reference: <20101031104136.GA511@Chamillionaire.breakpoint.cc>
LKML-Reference: <1287669539-22644-1-git-send-email-jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Cc: stable@kernel.org [32, 33, 36]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoSERIAL: blacklist si3052 chip
Maciej Szmigiero [Tue, 26 Oct 2010 19:48:21 +0000 (21:48 +0200)]
SERIAL: blacklist si3052 chip

[SERIAL]blacklist si3052 chip

Si3052-based softmodems aren't serial ports so don't bind serial driver to them.
Allows proper driver to bind to them.

Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agodrivers/serial/bfin_5xx.c: Fix line continuation defects
Joe Perches [Sun, 7 Nov 2010 21:10:23 +0000 (13:10 -0800)]
drivers/serial/bfin_5xx.c: Fix line continuation defects

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agotty: prevent DOS in the flush_to_ldisc
Jiri Olsa [Mon, 8 Nov 2010 18:01:47 +0000 (19:01 +0100)]
tty: prevent DOS in the flush_to_ldisc

There's a small window inside the flush_to_ldisc function,
where the tty is unlocked and calling ldisc's receive_buf
function. If in this window new buffer is added to the tty,
the processing might never leave the flush_to_ldisc function.

This scenario will hog the cpu, causing other tty processing
starving, and making it impossible to interface the computer
via tty.

I was able to exploit this via pty interface by sending only
control characters to the master input, causing the flush_to_ldisc
to be scheduled, but never actually generate any output.

To reproduce, please run multiple instances of following code.

- SNIP
#define _XOPEN_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

int main(int argc, char **argv)
{
        int i, slave, master = getpt();
        char buf[8192];

        sprintf(buf, "%s", ptsname(master));
        grantpt(master);
        unlockpt(master);

        slave = open(buf, O_RDWR);
        if (slave < 0) {
                perror("open slave failed");
                return 1;
        }

        for(i = 0; i < sizeof(buf); i++)
                buf[i] = rand() % 32;

        while(1) {
                write(master, buf, sizeof(buf));
        }

        return 0;
}
- SNIP

The attached patch (based on -next tree) fixes this by checking on the
tty buffer tail. Once it's reached, the current work is rescheduled
and another could run.

Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Cc: stable <stable@kernel.org>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years ago8250: add support for Kouwell KW-L221N-2
Mikulas Patocka [Tue, 26 Oct 2010 18:20:48 +0000 (14:20 -0400)]
8250: add support for Kouwell KW-L221N-2

Add support for Kouwell KW-L221N-2 card.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agonozomi: Fix warning from the previous TIOCGCOUNT changes
Alan Cox [Tue, 26 Oct 2010 14:56:34 +0000 (15:56 +0100)]
nozomi: Fix warning from the previous TIOCGCOUNT changes

Just remove a now unused variable

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agotty: fix warning in synclink driver
Andres Salomon [Tue, 9 Nov 2010 22:10:38 +0000 (14:10 -0800)]
tty: fix warning in synclink driver

During builds I see the following warning -

  CC [M]  drivers/char/pcmcia/synclink_cs.o
drivers/char/pcmcia/synclink_cs.c:2194: warning: ‘mgslpc_get_icount’ defined but not used

The function is a callback meant to be assigned to get_icount (added during 0587102cf).
Fix accordingly.

Signed-off-by: Andres Salomon <dilinger@queued.net>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agotty: Fix formatting in tty.h
Alan Cox [Tue, 9 Nov 2010 10:48:25 +0000 (10:48 +0000)]
tty: Fix formatting in tty.h

Someone added a new ldisc number and messed up the tabbing. Fix it before
anyone else copies it.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoStaging: udlfb.c: Fix k.alloc switched arguments
Joe Perches [Sun, 31 Oct 2010 22:33:55 +0000 (15:33 -0700)]
Staging: udlfb.c: Fix k.alloc switched arguments

Signed-off-by: Joe Perches <joe@perches.com>
Cc: Bernie Thompson <bernie@plugable.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agoStaging: rtl8192e: fix IOMMU memory leak
Daniel Lichtenberger [Thu, 28 Oct 2010 21:20:12 +0000 (23:20 +0200)]
Staging: rtl8192e: fix IOMMU memory leak

Unmap the rx buffer before mapping the new one in rtl8192_rx.

Failing to do so quickly exhausts the IOMMU memory during downloads:

[...] DMA: Out of SW-IOMMU space for 9100 bytes at device ...

Using "iommu=off mem=4g" also fixes the problem because
then pci_map_single does not allocate memory.

Tested on my personal laptop with a RTL8192E device. Without this
patch the kernel quickly runs out of IOMMU memory (downloading 5 MB
of data is sufficient to trigger it), with this patch applied
I haven't experienced any issues so far.

Signed-off-by: Daniel Lichtenberger <daniel.lichtenberger@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agostaging: vt6656: implement missing brackets
Vasiliy Kulikov [Thu, 28 Oct 2010 20:02:11 +0000 (00:02 +0400)]
staging: vt6656: implement missing brackets

Identation says that copy_to_user() should be called only iff
wrq->u.essid.pointer is not zero.  Also it is useless to call copy_to_user(0, ...).

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agostaging: rt2870: Add new USB ID for Belkin F6D4050 v1
Larry Finger [Thu, 28 Oct 2010 13:47:13 +0000 (08:47 -0500)]
staging: rt2870: Add new USB ID for Belkin F6D4050 v1

Add new USB ID for FT2870 for Belkin F6D4050 v1

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported- and Tested-by: James Long <crogonint@yahoo.com>
Cc: Stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agostaging: brcm80211: Maintainer change
Brett Rudley [Tue, 26 Oct 2010 17:05:14 +0000 (10:05 -0700)]
staging: brcm80211: Maintainer change

Nohee => Dowan

Signed-off-by: Brett Rudley <brudley@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
13 years agodrivers/staging/brcm80211/brcmfmac/dhd_linux.c: delete double assignment
Julia Lawall [Tue, 26 Oct 2010 10:25:33 +0000 (12:25 +0200)]
drivers/staging/brcm80211/brcmfmac/dhd_linux.c: delete double assignment

Delete successive assignments to the same location.  dhd_ops_virt contains
a subset of the definitions of dhd_ops_pri.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression i;
@@

*i = ...;
 i = ...;
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>