]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
15 years agoACPI : Load device driver according to the status of acpi device
Zhao Yakui [Mon, 11 Aug 2008 05:40:22 +0000 (13:40 +0800)]
ACPI : Load device driver according to the status of acpi device

commit 39a0ad871000d2a016a4fa113a6e53d22aabf25d upstream.

According to ACPI spec when the status of some device is not present
but functional, the device is valid and the children of this device
should be enumerated. It means that the device should be added to
linux acpi device tree. But the device driver for this device should not
be loaded.
    The detailed info can be found in the section 6.3.7 of ACPI 3.0b spec.
    _STA may return bit 0 clear (not present) with bit 3 set (device is
functional). This case is used to indicate a valid device for which no
device driver should be loaded (for example, a bridge device.).
Children of this device may be present and valid. OS should continue
enumeration below a device whose _STA returns this bit combination

http://bugzilla.kernel.org/show_bug.cgi?id=3358

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Li Shaohua <shaohua.li@intel.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Holger Macht <hmacht@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoS390: cpu topology: fix locking
Heiko Carstens [Fri, 14 Nov 2008 17:18:07 +0000 (18:18 +0100)]
S390: cpu topology: fix locking

commit 74af283102b358b0da545460d0d176f473e110f6 upstream.

cpu_coregroup_map used to grab a mutex on s390 since it was only
called from process context.
Since c7c22e4d5c1fdebfac4dba76de7d0338c2b0d832 "block: add support
for IO CPU affinity" this is not true anymore.
It now also gets called from softirq context.

To prevent possible deadlocks change this in architecture code and
use a spinlock instead of a mutex.

Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoV4L/DVB (9624): CVE-2008-5033: fix OOPS on tvaudio when controlling bass/treble
Mauro Carvalho Chehab [Fri, 14 Nov 2008 13:46:59 +0000 (10:46 -0300)]
V4L/DVB (9624): CVE-2008-5033: fix OOPS on tvaudio when controlling bass/treble

commit 01a1a3cc1e3fbe718bd06a2a5d4d1a2d0fb4d7d9 upstream.

This bug were supposed to be fixed by 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1,
where a call to NULL happens.

Not all tvaudio chips allow controlling bass/treble. So, the driver
has a table with a flag to indicate if the chip does support it.

Unfortunately, the handling of this logic were broken for a very long
time (probably since the first module version). Due to that, an OOPS
were generated for devices that don't support bass/treble.

This were the resulting OOPS message before the patch, with debug messages
enabled:

tvaudio' 1-005b: VIDIOC_S_CTRL
BUG: unable to handle kernel NULL pointer dereference at 00000000
IP: [<00000000>]
*pde = 22fda067 *pte = 00000000
Oops: 0000 [#1] SMP
Modules linked in: snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_hwdep snd soundcore tuner_simple tuner_types tea5767 tuner
tvaudio bttv bridgebnep rfcomm l2cap bluetooth it87 hwmon_vid hwmon fuse sunrpc ipt_REJECT
nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack
ip6table_filter ip6_tables x_tables ipv6 dm_mirrordm_multipath dm_mod configfs videodev v4l1_compat
ir_common 8139cp compat_ioctl32 v4l2_common 8139too videobuf_dma_sg videobuf_core mii btcx_risc tveeprom
i915 button snd_page_alloc serio_raw drm pcspkr i2c_algo_bit i2c_i801 i2c_core iTCO_wdt
iTCO_vendor_support sr_mod cdrom sg ata_generic pata_acpi ata_piix libata sd_mod scsi_mod ext3 jbdmbcache
uhci_hcd ohci_hcd ehci_hcd [last unloaded: soundcore]

Pid: 15413, comm: qv4l2 Not tainted (2.6.25.14-108.fc9.i686 #1)
EIP: 0060:[<00000000>] EFLAGS: 00210246 CPU: 0
EIP is at 0x0
EAX: 00008000 EBX: ebd21600 ECX: e2fd9ec4 EDX: 00200046
ESI: f8c0f0c4 EDI: f8c0f0c4 EBP: e2fd9d50 ESP: e2fd9d2c
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process qv4l2 (pid: 15413, ti=e2fd9000 task=ebe44000 task.ti=e2fd9000)
Stack: f8c0c6ae e2ff2a00 00000d00 e2fd9ec4 ebc4e000 e2fd9d5c f8c0c448 00000000
       f899c12a e2fd9d5c f899c154 e2fd9d68 e2fd9d80 c0560185 e2fd9d88 f8f3e1d8
       f8f3e1dc ebc4e034 f8f3e18c e2fd9ec4 00000000 e2fd9d90 f899c286 c008561c
Call Trace:
 [<f8c0c6ae>] ? chip_command+0x266/0x4b6 [tvaudio]
 [<f8c0c448>] ? chip_command+0x0/0x4b6 [tvaudio]
 [<f899c12a>] ? i2c_cmd+0x0/0x2f [i2c_core]
 [<f899c154>] ? i2c_cmd+0x2a/0x2f [i2c_core]
 [<c0560185>] ? device_for_each_child+0x21/0x49
 [<f899c286>] ? i2c_clients_command+0x1c/0x1e [i2c_core]
 [<f8f283d8>] ? bttv_call_i2c_clients+0x14/0x16 [bttv]
 [<f8f23601>] ? bttv_s_ctrl+0x1bc/0x313 [bttv]
 [<f8f23445>] ? bttv_s_ctrl+0x0/0x313 [bttv]
 [<f8b6096d>] ? __video_do_ioctl+0x1f84/0x3726 [videodev]
 [<c05abb4e>] ? sock_aio_write+0x100/0x10d
 [<c041b23e>] ? kmap_atomic_prot+0x1dd/0x1df
 [<c043a0c9>] ? enqueue_hrtimer+0xc2/0xcd
 [<c04f4fa4>] ? copy_from_user+0x39/0x121
 [<f8b622b9>] ? __video_ioctl2+0x1aa/0x24a [videodev]
 [<c04054fd>] ? do_notify_resume+0x768/0x795
 [<c043c0f7>] ? getnstimeofday+0x34/0xd1
 [<c0437b77>] ? autoremove_wake_function+0x0/0x33
 [<f8b62368>] ? video_ioctl2+0xf/0x13 [videodev]
 [<c048c6f0>] ? vfs_ioctl+0x50/0x69
 [<c048c942>] ? do_vfs_ioctl+0x239/0x24c
 [<c048c995>] ? sys_ioctl+0x40/0x5b
 [<c0405bf2>] ? syscall_call+0x7/0xb
 [<c0620000>] ? cpuid4_cache_sysfs_exit+0x3d/0x69
 =======================
Code:  Bad EIP value.
EIP: [<00000000>] 0x0 SS:ESP 0068:e2fd9d2c

Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoFix broken ownership of /proc/sys/ files
Al Viro [Sun, 16 Nov 2008 22:19:10 +0000 (22:19 +0000)]
Fix broken ownership of /proc/sys/ files

commit 5c06fe772da43db63b053addcd2c267f76d0be91 upstream.

D'oh...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Reported-and-tested-by: Peter Palfrader <peter@palfrader.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonet: fix /proc/net/snmp as memory corruptor
Eric Dumazet [Tue, 11 Nov 2008 05:43:08 +0000 (21:43 -0800)]
net: fix /proc/net/snmp as memory corruptor

commit b971e7ac834e9f4bda96d5a96ae9abccd01c1dd8 upstream.

icmpmsg_put() can happily corrupt kernel memory, using a static
table and forgetting to reset an array index in a loop.

Remove the static array since its not safe without proper locking.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agosony-laptop: ignore missing _DIS method on pic device
Matthew Garrett [Wed, 29 Oct 2008 21:01:03 +0000 (14:01 -0700)]
sony-laptop: ignore missing _DIS method on pic device

commit 6158d3a2323835546c7cf83a170316fa77b726e0 upstream.

At least the Vaio VGN-Z540N doesn't have this method, so let's not fail
to suspend just because it doesn't exist.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Mattia Dongili <malattia@linux.it>
Cc: Len Brown <lenb@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Steve Conklin <sconklin@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agor8169: select MII in Kconfig
Francois Romieu [Sat, 13 Sep 2008 13:04:38 +0000 (15:04 +0200)]
r8169: select MII in Kconfig

commit b73724921d906d1642f9f6d054079c6b095903fe upstream.

drivers/built-in.o: In function `rtl8169_gset_xmii':
r8169.c:(.text+0x82259): undefined reference to `mii_ethtool_gset'

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Cc: Edward Hsu <edward_hsu@realtek.com.tw>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomemory hotplug: fix page_zone() calculation in test_pages_isolated()
Gerald Schaefer [Thu, 6 Nov 2008 20:53:36 +0000 (12:53 -0800)]
memory hotplug: fix page_zone() calculation in test_pages_isolated()

commit a70dcb969f64e2fa98c24f47854f20bf02ff0092 upstream.

My last bugfix here (adding zone->lock) introduced a new problem: Using
page_zone(pfn_to_page(pfn)) to get the zone after the for() loop is wrong.
 pfn will then be >= end_pfn, which may be in a different zone or not
present at all.  This may lead to an addressing exception in page_zone()
or spin_lock_irqsave().

Now I use __first_valid_page() again after the loop to find a valid page
for page_zone().

Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Acked-by: Nathan Fontenot <nfont@austin.ibm.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoInput: ALPS - add signature for DualPoint found in Dell Latitude E6500
Elvis Pranskevichus [Wed, 10 Sep 2008 14:19:13 +0000 (10:19 -0400)]
Input: ALPS - add signature for DualPoint found in Dell Latitude E6500

commit 0d46ed1c747edfe6476961d4d9f732ceb7a29074 upstream.

Signed-off-by: Elvis Pranskevichus <el@prans.net>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agopowerpc/mpic: Fix regression caused by change of default IRQ affinity
Kumar Gala [Tue, 28 Oct 2008 18:01:39 +0000 (18:01 +0000)]
powerpc/mpic: Fix regression caused by change of default IRQ affinity

commit 3c10c9c45e290022ca7d2aa1ad33a0b6ed767520 upstream.

The Freescale implementation of MPIC only allows a single CPU destination
for non-IPI interrupts.  We add a flag to the mpic_init to distinquish
these variants of MPIC.  We pull in the irq_choose_cpu from sparc64 to
select a single CPU as the destination of the interrupt.

This is to deal with the fact that the default smp affinity was
changed by commit 18404756765c713a0be4eb1082920c04822ce588 ("genirq:
Expose default irq affinity mask (take 3)") to be all CPUs.

Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoblock: fix nr_phys_segments miscalculation bug
FUJITA Tomonori [Wed, 12 Nov 2008 06:03:54 +0000 (11:33 +0530)]
block: fix nr_phys_segments miscalculation bug

commit 8677142710516d986d932d6f1fba7be8382c1fec upstream
backported by Nikanth Karthikesan <knikanth@suse.de> to the 2.6.27.y tree.

block: fix nr_phys_segments miscalculation bug

This fixes the bug reported by Nikanth Karthikesan <knikanth@suse.de>:

http://lkml.org/lkml/2008/10/2/203

The root cause of the bug is that blk_phys_contig_segment
miscalculates q->max_segment_size.

blk_phys_contig_segment checks:

req->biotail->bi_size + next_req->bio->bi_size > q->max_segment_size

But blk_recalc_rq_segments might expect that req->biotail and the
previous bio in the req are supposed be merged into one
segment. blk_recalc_rq_segments might also expect that next_req->bio
and the next bio in the next_req are supposed be merged into one
segment. In such case, we merge two requests that can't be merged
here. Later, blk_rq_map_sg gives more segments than it should.

We need to keep track of segment size in blk_recalc_rq_segments and
use it to see if two requests can be merged. This patch implements it
in the similar way that we used to do for hw merging (virtual
merging).

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Cc: Nikanth Karthikesan <knikanth@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agokbuild: Fixup deb-pkg target to generate separate firmware deb
Jonathan McDowell [Sat, 13 Sep 2008 16:08:31 +0000 (17:08 +0100)]
kbuild: Fixup deb-pkg target to generate separate firmware deb

commit bf1b36445dc868cbbde194aa1dd87e38fe24cf16 upstream.

The below is a simplistic fix for "make deb-pkg"; it splits the
firmware out to a linux-firmware-image package and adds an
(unversioned) Suggests to the linux package for this firmware.

Signed-Off-By: Jonathan McDowell <noodles@earth.li>
Acked-by: Frans Pop <elendil@planet.nl>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agortl8187 : support for Sitecom WL-168 0001 v4
Bob Jolliffe [Wed, 12 Nov 2008 20:16:59 +0000 (20:16 +0000)]
rtl8187 : support for Sitecom WL-168 0001 v4

commit f3c769185a28b7947d97b3552a977102c1fac3f2 upstream.

the Sitecom 0001 v4 with product id 0x0df6:0028, uses Realtek's
RTL8187B and work fine with new 2.6.27 driver.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agortl8187: Add Abocom USB ID
Ivan Kuten [Tue, 11 Nov 2008 01:39:25 +0000 (19:39 -0600)]
rtl8187: Add Abocom USB ID

commit 8f7c41d4cec91cdbfa89b4a77d5a628938875366 upstream.

Signed-off-by: Ivan Kuten <ivan.kuten@promwad.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agohugetlb: make unmap_ref_private multi-size-aware
Adam Litke [Wed, 12 Nov 2008 21:24:56 +0000 (13:24 -0800)]
hugetlb: make unmap_ref_private multi-size-aware

commit 7526674de0c921e7f1e9b6f71a1f9d832557b554 upstream.

Oops.  Part of the hugetlb private reservation code was not fully
converted to use hstates.

When a huge page must be unmapped from VMAs due to a failed COW,
HPAGE_SIZE is used in the call to unmap_hugepage_range() regardless of
the page size being used.  This works if the VMA is using the default
huge page size.  Otherwise we might unmap too much, too little, or
trigger a BUG_ON.  Rare but serious -- fix it.

Signed-off-by: Adam Litke <agl@us.ibm.com>
Cc: Jon Tollefson <kniht@linux.vnet.ibm.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: EC: make kernel messages more useful when GPE storm is detected
Alan Jenkins [Sat, 1 Nov 2008 11:05:26 +0000 (11:05 +0000)]
ACPI: EC: make kernel messages more useful when GPE storm is detected

commit f8248434e6a11d7cd314281be3b39bbcf82fc243 upstream.

Make sure we can tell if the GPE storm workaround gets activated,
and avoid flooding the logs afterwards.

http://bugzilla.kernel.org/show_bug.cgi?id=11841
"plenty of line "ACPI: EC: non-query interrupt received,
 switching to interrupt mode" in dmesg"

Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Acked-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: avoid empty file name in sysfs
Peter Gruber [Tue, 28 Oct 2008 03:59:36 +0000 (23:59 -0400)]
ACPI: avoid empty file name in sysfs

commit 4feba70a2c1a1a0c96909f657f48b2e11e682370 upstream.

Since commit bc45b1d39a925b56796bebf8a397a0491489d85c acpi tables are
allowed to have an empty signature and /sys/firmware/acpi/tables uses the
signature as filename.  Applications using naive recursion through /sys
loop forever.  A possible solution would be: (replacing the zero length
filename with the string "NULL")

http://bugzilla.kernel.org/show_bug.cgi?id=11539

Acked-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agohostap: pad the skb->cb usage in lieu of a proper fix
Johannes Berg [Wed, 12 Nov 2008 21:54:22 +0000 (16:54 -0500)]
hostap: pad the skb->cb usage in lieu of a proper fix

commit f7cd168645dda3e9067f24fabbfa787f9a237488 upstream.

Like mac80211 did, this driver makes 'clever' use of skb->cb to pass
information along with an skb as it is requeued from the virtual device
to the physical wireless device.  Unfortunately, that trick no longer
works...

Unlike mac80211, code complexity and driver apathy makes this hack
the best option we have in the short run.  Hopefully someone will
eventually be motivated to code a proper fix before all the effected
hardware dies.

(Above text by me.  Johannes officially disavows all knowledge of this
hack. -- JWL)

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoFix platform drivers that crash on suspend/resume
Darrick J. Wong [Wed, 12 Nov 2008 21:25:00 +0000 (13:25 -0800)]
Fix platform drivers that crash on suspend/resume

commit fe2d5ffc74a1de6a31e9fd65b65cce72d881edf7 upstream.

It turns out that if one registers a struct platform_device, the
platform device code expects that platform_device.device->driver points
to a struct driver inside a struct platform_driver.

This is not the case with the ipmi-si, ipmi-msghandler and ibmaem
drivers, which causes the suspend/resume hook functions to jump off into
nowhere, causing a crash.  Make this assumption hold true for these
three drivers.

Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Cc: Jean Delvare <khali@linux-fr.org>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoARM: 5329/1: Feroceon: fix feroceon_l2_inv_range
Nicolas Pitre [Sat, 8 Nov 2008 20:15:53 +0000 (21:15 +0100)]
ARM: 5329/1: Feroceon: fix feroceon_l2_inv_range

commit 72bc2b1ad62f4d2f0a51b35829093d41f55accce upstream.

Same fix as commit c7cf72dcadb: when 'start' and 'end' are less than a
cacheline apart and 'start' is unaligned we are done after cleaning and
invalidating the first cacheline.

Signed-off-by: Nicolas Pitre <nico@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agobnx2x: Calling netif_carrier_off at the end of the probe
Eilon Greenstein [Tue, 4 Nov 2008 00:46:40 +0000 (16:46 -0800)]
bnx2x: Calling netif_carrier_off at the end of the probe

commit 12b56ea89e70d4b04f2f5199750310e82894ebbd upstream.

netif_carrier_off was called too early at the probe. In case of failure
or simply bad timing, this can cause a fatal error since linkwatch_event
might run too soon.

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Alex Chiang <achiang@hp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agobnx2x: PCI configuration bug on big-endian
Eilon Greenstein [Tue, 4 Nov 2008 00:46:19 +0000 (16:46 -0800)]
bnx2x: PCI configuration bug on big-endian

commit 7d96567ac0527703cf1b80043fc0ebd7f21a10ad upstream.

The current code read nothing but zeros on big-endian (wrong part of the
32bits). This caused poor performance on big-endian machines. Though this
issue did not cause the system to crash, the performance is significantly
better with the fix so I view it as critical bug fix.

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Alex Chiang <achiang@hp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agobnx2x: Removing the PMF indication when unloading
Eilon Greenstein [Tue, 4 Nov 2008 00:45:55 +0000 (16:45 -0800)]
bnx2x: Removing the PMF indication when unloading

commit 9a0354405feb0f8bd460349a93db05e4cca8d166 upstream.

When the PMF flag is set, the driver can access the HW freely. When the
driver is unloaded, it should not access the HW. The problem caused fatal
errors when "ethtool -i" was called after the calling instance was unloaded
and another instance was already loaded

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Alex Chiang <achiang@hp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoath5k: Fix reset sequence for AR5212 in general and RF5111 in particular
Elias Oltmanns [Wed, 12 Nov 2008 10:30:10 +0000 (11:30 +0100)]
ath5k: Fix reset sequence for AR5212 in general and RF5111 in particular

commit 7d19267b8d1e12c0baebf9be96e04cddffe63f67 upstream

Take care to handle register 0xa228 exactly as in the HAL released by
Atheros. This change is required to make ath5k work again on my system
since commit 2203d6be (ath5k: Misc hw_reset updates), thus fixing a
regression in 2.6.27 and therefore hopefully eligible for inclusion into
a stable release.

v2: Only overwrite initial register values on later revisions of AR5212
    chips.
v3: Use standard macros to manipulate the register.

Signed-off-by: Elias Oltmanns <eo@nebensachen.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoath5k: fix suspend-related oops on rmmod
Elias Oltmanns [Wed, 12 Nov 2008 10:28:39 +0000 (11:28 +0100)]
ath5k: fix suspend-related oops on rmmod

Cumulative patch backporting the following two commits from upstream:

commit 8bdd5b9c6bd53add260756b6673a0545fbdbba21 upstream
Author: Bob Copeland <me@bobcopeland.com>

Based on a patch by Elias Oltmanns, we call ath5k_init in resume even
if we didn't previously open the device.  Besides starting up the
device unnecessarily, this also causes an oops on rmmod because
mac80211 will not invoke ath5k_stop and softirqs are left running after
the module has been unloaded.  Add a new state bit, ATH_STAT_STARTED,
to indicate that we have been started up.

commit bc1b32d6bdd2d6f3fbee9a7c01c9b099f11c579c upstream
Author: Elias Oltmanns <eo@nebensachen.de>

After a s2ram / resume cycle, resetting the key cache does not work
unless it is deferred until after the hardware has been reinitialised by
a call to ath5k_hw_reset(). This fixes a regression introduced by
"ath5k: fix suspend-related oops on rmmod".

Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Elias Oltmanns <eo@nebensachen.de>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlagn: avoid sleep in softirq context
John W. Linville [Thu, 30 Oct 2008 18:12:21 +0000 (14:12 -0400)]
iwlagn: avoid sleep in softirq context

commit 964d2777438bf7687324243d38ade538d9bbfe3c upstream.

__ieee80211_tasklet_handler -> __ieee80211_rx ->
__ieee80211_rx_handle_packet -> ieee80211_invoke_rx_handlers ->
ieee80211_rx_h_decrypt -> ieee80211_crypto_tkip_decrypt ->
ieee80211_tkip_decrypt_data -> iwl4965_mac_update_tkip_key ->
iwl_scan_cancel_timeout -> msleep

Ooops!

Avoid the sleep by changing iwl_scan_cancel_timeout with
iwl_scan_cancel and simply returning on failure if the scan persists.
This will cause hardware decryption to fail and we'll handle a few more
frames with software decryption.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: Holger Macht <hmacht@novell.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agotouch_mnt_namespace when the mount flags change
Dan Williams [Sat, 27 Sep 2008 02:01:20 +0000 (19:01 -0700)]
touch_mnt_namespace when the mount flags change

commit 0e55a7cca4b66f625d67b292f80b6a976e77c51b upstream

Daemons that need to be launched while the rootfs is read-only can now
poll /proc/mounts to be notified when their O_RDWR requests may no
longer end in EROFS.

Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Neil Brown <neilb@suse.de>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoLinux 2.6.27.6 v2.6.27.6
Greg Kroah-Hartman [Thu, 13 Nov 2008 17:56:21 +0000 (09:56 -0800)]
Linux 2.6.27.6

15 years agoHID: fix incorrent length condition in hidraw_write()
Jiri Kosina [Tue, 11 Nov 2008 22:45:38 +0000 (23:45 +0100)]
HID: fix incorrent length condition in hidraw_write()

upstream commit 2b107d629dc0c35de606bb7b010b829cd247a93a

From: Jiri Kosina <jkosina@suse.cz>

The bound check on the buffer length

if (count > HID_MIN_BUFFER_SIZE)

is of course incorrent, the proper check is

if (count > HID_MAX_BUFFER_SIZE)

Fix it.

Reported-by: Jerry Ryle <jerry@mindtribe.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Cc: Paul Stoffregen <paul@pjrc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agohfs: fix namelength memory corruption (CVE-2008-5025)
Eric Sesterhenn [Thu, 16 Oct 2008 05:04:11 +0000 (22:04 -0700)]
hfs: fix namelength memory corruption (CVE-2008-5025)

commit d38b7aa7fc3371b52d036748028db50b585ade2e upstream

Fix a stack corruption caused by a corrupted hfs filesystem.  If the
catalog name length is corrupted the memcpy overwrites the catalog btree
structure.  Since the field is limited to HFS_NAMELEN bytes in the
structure and the file format, we throw an error if it is too long.

Cc: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agommc: increase SD write timeout for crappy cards
Pierre Ossman [Sun, 26 Oct 2008 11:37:25 +0000 (12:37 +0100)]
mmc: increase SD write timeout for crappy cards

commit 493890e75d98810a3470b4aae23be628ee5e9667 upstream.

It seems that some cards are slightly out of spec and occasionally
will not be able to complete a write in the alloted 250 ms [1].
Incease the timeout slightly to allow even these cards to function
properly.

[1] http://lkml.org/lkml/2008/9/23/390

Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoFix __pfn_to_page(pfn) for CONFIG_DISCONTIGMEM=y
Rafael J. Wysocki [Sat, 8 Nov 2008 12:53:33 +0000 (13:53 +0100)]
Fix __pfn_to_page(pfn) for CONFIG_DISCONTIGMEM=y

commit c5d712433ff57a66d8fb79a57a4fc7a7c3467b97 upstream

Fix the __pfn_to_page(pfn) macro so that it doesn't evaluate its
argument twice in the CONFIG_DISCONTIGMEM=y case, because 'pfn' may
be a result of a funtion call having side effects.

For example, the hibernation code applies pfn_to_page(pfn) to the
result of a function returning the pfn corresponding to the next set
bit in a bitmap and the current bit position is modified on each
call.  This leads to "interesting" failures for CONFIG_DISCONTIGMEM=y
due to the current behavior of __pfn_to_page(pfn).

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoALSA: hda: make a STAC_DELL_EQ option
Matthew Ranostay [Wed, 5 Nov 2008 07:40:59 +0000 (08:40 +0100)]
ALSA: hda: make a STAC_DELL_EQ option

commit 6b3ab21ef1ac15db4b053ce0ba8eae0ef9361c8a upstream.

Add support for explicitly enabling the EQ distortion hack for
systems without software biquad support.

Signed-off-by: Matthew Ranostay <mranostay@embeddedalley.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agolibata: fix last_reset timestamp handling
Tejun Heo [Tue, 4 Nov 2008 08:08:40 +0000 (17:08 +0900)]
libata: fix last_reset timestamp handling

commit 19b723218bde79c60a394a3caee9eb156ac2d356 upstream

ehc->last_reset is used to ensure that resets are not issued too
close to each other.  It's initialized to jiffies minus one minute
on EH entry.  However, when new links are initialized after PMP is
probed, new links have zero for this timestamp resulting in long wait
depending on the current jiffies.

This patch makes last_set considered iff ATA_EHI_DID_RESET is set, in
which case last_reset is always initialized.  As an added precaution,
WARN_ON() is added so that warning is printed if last_reset is
in future.

This problem is spotted and debugged by Shane Huang.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Shane Huang <Shane.Huang@amd.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoKEYS: Make request key instantiate the per-user keyrings
David Howells [Mon, 10 Nov 2008 19:00:05 +0000 (19:00 +0000)]
KEYS: Make request key instantiate the per-user keyrings

commit 1f8f5cf6e4f038552a3e47b66085452c08556d71 upstream

Make request_key() instantiate the per-user keyrings so that it doesn't oops
if it needs to get hold of the user session keyring because there isn't a
session keyring in place.

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Steve French <smfrench@gmail.com>
Tested-by: Rutger Nijlunsing <rutger.nijlunsing@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoARM: 5300/1: fixup spitz reset during boot
Dmitry Baryshkov [Thu, 9 Oct 2008 15:58:13 +0000 (16:58 +0100)]
ARM: 5300/1: fixup spitz reset during boot

commit 69fc7eed5f56bce15b239e5110de2575a6970df4 upstream

Some machines don't have the pullup/down on their reset
pin, so configuring the reset generating pin as input makes
them reset immediately. Fix that by making reset pin direction
configurable.

This fixes the boot problem on Sharp Zaurus c3000

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoACPI: dock: avoid check _STA method
Shaohua Li [Thu, 28 Aug 2008 02:02:03 +0000 (10:02 +0800)]
ACPI: dock: avoid check _STA method

commit 8b59560a3baf2e7c24e0fb92ea5d09eca92805db upstream.

In some BIOSes, every _STA method call will send a notification again,
this cause freeze. And in some BIOSes, it appears _STA should be called
after _DCK. This tries to avoid calls _STA, and still keep the device
present check.

http://bugzilla.kernel.org/show_bug.cgi?id=10431

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocpqarry: fix return value of cpqarray_init()
Andrey Borzenkov [Thu, 6 Nov 2008 20:53:15 +0000 (12:53 -0800)]
cpqarry: fix return value of cpqarray_init()

commit 2197d18ded232ef6eef63cce57b6b21eddf1b7b6 upstream.

As reported by Dick Gevers on Compaq ProLiant:

Oct 13 18:06:51 dvgcpl kernel: Compaq SMART2 Driver (v 2.6.0)
Oct 13 18:06:51 dvgcpl kernel: sys_init_module: 'cpqarray'->init
suspiciously returned 1, it should follow 0/-E convention
Oct 13 18:06:51 dvgcpl kernel: sys_init_module: loading module anyway...
Oct 13 18:06:51 dvgcpl kernel: Pid: 315, comm: modprobe Not tainted
2.6.27-desktop-0.rc8.2mnb #1
Oct 13 18:06:51 dvgcpl kernel:  [<c0380612>] ? printk+0x18/0x1e
Oct 13 18:06:51 dvgcpl kernel:  [<c0158f85>] sys_init_module+0x155/0x1c0
Oct 13 18:06:51 dvgcpl kernel:  [<c0103f06>] syscall_call+0x7/0xb
Oct 13 18:06:51 dvgcpl kernel:  =======================

Make it return 0 on success and -ENODEV if no array was found.

Reported-by: Dick Gevers <dvgevers@xs4all.nl>
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwl3945: do not send scan command if channel count zero
Reinette Chatre [Tue, 4 Nov 2008 20:21:35 +0000 (12:21 -0800)]
iwl3945: do not send scan command if channel count zero

commit 14b5433606289dbc5b6fd70ced11462f80e95003 upstream.

Do not send scan command if no channels to scan.

This avoids a Microcode error as reported in:
http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=1650
http://bugzilla.kernel.org/show_bug.cgi?id=11806
http://marc.info/?l=linux-wireless&m=122437145211886&w=2

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwl3945: fix deadlock on suspend
Zhu Yi [Tue, 4 Nov 2008 20:21:36 +0000 (12:21 -0800)]
iwl3945: fix deadlock on suspend

commit d54bc4e3fc5c56600a13c9ebc0a7e1077ac05d59 upstream.

This patch fixes iwl3945 deadlock during suspend by moving notify_mac out
of iwl3945 mutex. This is a portion of the same fix for iwlwifi by Tomas.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agozd1211rw: Add 2 device IDs
Daniel Drake [Sat, 1 Nov 2008 17:03:48 +0000 (17:03 +0000)]
zd1211rw: Add 2 device IDs

commit 0feec9dfe7b8880ab3b4c38d7cc4107dd706ea7f upstream.

07fa/1196
Bewan BWIFI-USB54AR: Tested by night1308, this device is a ZD1211B with
an AL2230S radio.

0ace/b215
HP 802.11abg: Tested by Robert Philippe

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: generic init calibrations framework
Tomas Winkler [Wed, 3 Sep 2008 03:26:37 +0000 (11:26 +0800)]
iwlwifi: generic init calibrations framework

commit 6e21f2c109edd746a10e08186484bae8168cdd0c upstream

This patch allows variable number of init calibrations and allows
addition new HW.

This patch also fixes critical bug. Only last calibration result
was applied. On reception of one calibration result all the calibration
was freed.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: fix suspend to RAM in iwlwifi
Tomas Winkler [Tue, 28 Oct 2008 23:03:01 +0000 (01:03 +0200)]
iwlwifi: fix suspend to RAM in iwlwifi

commit 10d0bd56966571d0324dfd9bbb8aa913a60bef5f upstream

This patch fixes suspend to RAM after by moving
notify_mac out of iwlwifi mutex

http://bugzilla.kernel.org/show_bug.cgi?id=11845

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Tested-by: Carlos R. Mafra <crmafra2@gmail.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: use correct DMA_MASK
Tomas Winkler [Fri, 26 Sep 2008 07:09:34 +0000 (15:09 +0800)]
iwlwifi: use correct DMA_MASK

commit 093d874c02e8d3091aa38596faf0ff2bfd4f0ceb upstream

Use correct DMA_MASK: 4964 and 5000 support 36 bit addresses for
pci express memory access.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwlwifi: don't fail if scan is issued too early
Tomas Winkler [Wed, 24 Sep 2008 05:57:46 +0000 (13:57 +0800)]
iwlwifi: don't fail if scan is issued too early

commit 8d09a5e1c36d0dec5728e6c8b0bb5412de09b27b upstream

This patch returns success and empty scan on scans requests that were
rejected because issued too early. The cached bss list from previous
scanning will be returned by mac80211.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: remove HT flags from RXON when not in HT anymore
Emmanuel Grumbach [Wed, 17 Sep 2008 02:10:05 +0000 (10:10 +0800)]
iwlwifi: remove HT flags from RXON when not in HT anymore

commit 42eb7c644afcdbcd7eac4d862046230856fbf531 upstream.

This patch removes the HT flags from RXON when moving from HT to legacy.
This avoids keeping those flags set and possibly miss configuring firmware.

If we are configured in HT, fat channel: channel 1 above, and move later
to legacy channel 11, we need to clear the FAT channel control flags in
RXON. If we don't, the firmware will understand this as channel 11 above
which is not possible due to regulatory constraints, leading to firmware
crash.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: allow association on radar channel in power save
Emmanuel Grumbach [Wed, 3 Sep 2008 03:26:50 +0000 (11:26 +0800)]
iwlwifi: allow association on radar channel in power save

commit c90a74bae10dc2a4677d1bd06b6400db229d3e1e upstream

This patch disables power save upon association and enables it back
after association. This allows to associate to AP on a radar channel
if power save is enabled.

Radar and passive channels are not allowed for TX (required for association)
unless RX is received but PS may close the radio and no RX will be received
effectively failing association.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Mohamed Abbas <mohamed.abbas@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoiwlwifi: allow consecutive scans in unassociated state
Ron Rindjunsky [Wed, 3 Sep 2008 03:26:25 +0000 (11:26 +0800)]
iwlwifi: allow consecutive scans in unassociated state

commit 681c0050ea3ac2e90c83d5af397d73eed848a372 upstream

This patch allows consecutive scans requests when driver is in
unassociated state.

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: Esti Kummer <ester.kummer@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agodca: fixup initialization dependency
Dan Williams [Tue, 11 Nov 2008 17:50:03 +0000 (17:50 +0000)]
dca: fixup initialization dependency

commit 1207e795568a368928dfd23d6817e47f2e8097e3 upstream

Mark dca_init as a subsys_initcall since it needs to be ready to go
before dependent drivers start registering themselves.

Reported-and-tested-by: Mark Rustad <mark_rustad@Xiotech.com>
Acked-by: Maciej Sosnowski <maciej.sosnowski@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoI/OAT: fix async_tx.callback checking
Maciej Sosnowski [Tue, 11 Nov 2008 17:50:05 +0000 (17:50 +0000)]
I/OAT: fix async_tx.callback checking

commit 12ccea24e309d815d058cdc6ee8bf2c4b85f0c5f upstream

async_tx.callback should be checked for the first
not the last descriptor in the chain.

Signed-off-by: Maciej Sosnowski <maciej.sosnowski@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoI/OAT: fix dma_pin_iovec_pages() error handling
Maciej Sosnowski [Tue, 11 Nov 2008 17:50:07 +0000 (17:50 +0000)]
I/OAT: fix dma_pin_iovec_pages() error handling

commit c2c0b4c5434c0a25f7f7796b29155d53805909f5 upstream

Error handling needs to be modified in dma_pin_iovec_pages().
It should return NULL instead of ERR_PTR
(pinned_list is checked for NULL in tcp_recvmsg() to determine
if iovec pages have been successfully pinned down).
In case of error for the first iovec,
local_list->nr_iovecs needs to be initialized.

Signed-off-by: Maciej Sosnowski <maciej.sosnowski@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoI/OAT: fix channel resources free for not allocated channels
Maciej Sosnowski [Tue, 11 Nov 2008 17:50:09 +0000 (17:50 +0000)]
I/OAT: fix channel resources free for not allocated channels

commit c3d4f44f50b65b0b0290e357f8739cfb3f4bcaca upstream

If the ioatdma driver is loaded but not used it does not allocate descriptors.
Before it frees channel resources it should first be sure
that they have been previously allocated.

Signed-off-by: Maciej Sosnowski <maciej.sosnowski@intel.com>
Tested-by: Tom Picard <tom.s.picard@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agor8169: wake up the PHY of the 8168
Francois Romieu [Sat, 8 Nov 2008 11:06:09 +0000 (12:06 +0100)]
r8169: wake up the PHY of the 8168

Upstream as a2de6b89b74b28052e293fdb39975a5a03c432e0

This is typically needed when some other OS puts the PHY
to sleep due to the disabling of WOL options in the BIOS
of the system.

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Chiaki Ishikawa <chiaki.ishikawa@ubin.jp>
Cc: Edward Hsu <edward_hsu@realtek.com.tw>
Cc: RyanKao <ryankao@realtek.com.tw>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agor8169: fix RxMissed register access
Francois Romieu [Sat, 8 Nov 2008 11:04:42 +0000 (12:04 +0100)]
r8169: fix RxMissed register access

Upstream as 523a609496dbc3897e530db2a2f27650d125ea00

- the register is defined for the 8169 chipset only and there is
  no 8169 beyond RTL_GIGA_MAC_VER_06.
- only the lower 3 bytes of the register are valid

Fixes:
1. http://bugzilla.kernel.org/show_bug.cgi?id=10180
2. http://bugzilla.kernel.org/show_bug.cgi?id=11062 (bits of)

Tested by Hermann Gausterer and Adam Huffman.

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Cc: Edward Hsu <edward_hsu@realtek.com.tw>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agor8169: get ethtool settings through the generic mii helper
Francois Romieu [Sat, 8 Nov 2008 11:03:09 +0000 (12:03 +0100)]
r8169: get ethtool settings through the generic mii helper

Upstream as ccdffb9a88b2907b159538d7bfd6256621db4f84 (post 2.6.27).

It avoids to report unsupported link capabilities with
the fast-ethernet only 8101/8102.

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Martin Capitanio <martin@capitanio.org>
Fixed-by: Ivan Vecera <ivecera@redhat.com>
Cc: Edward Hsu <edward_hsu@realtek.com.tw>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agonet: unix: fix inflight counting bug in garbage collector
Miklos Szeredi [Sun, 9 Nov 2008 19:50:02 +0000 (19:50 +0000)]
net: unix: fix inflight counting bug in garbage collector

commit 6209344f5a3795d34b7f2c0061f49802283b6bdd upstream

Previously I assumed that the receive queues of candidates don't
change during the GC.  This is only half true, nothing can be received
from the queues (see comment in unix_gc()), but buffers could be added
through the other half of the socket pair, which may still have file
descriptors referring to it.

This can result in inc_inflight_move_tail() erronously increasing the
"inflight" counter for a unix socket for which dec_inflight() wasn't
previously called.  This in turn can trigger the "BUG_ON(total_refs <
inflight_refs)" in a later garbage collection run.

Fix this by only manipulating the "inflight" counter for sockets which
are candidates themselves.  Duplicating the file references in
unix_attach_fds() is also needed to prevent a socket becoming a
candidate for GC while the skb that contains it is not yet queued.

Reported-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: don't use tsc_khz to calculate lpj if notsc is passed
Alok Kataria [Fri, 7 Nov 2008 00:08:46 +0000 (00:08 +0000)]
x86: don't use tsc_khz to calculate lpj if notsc is passed

commit 70de9a97049e0ba79dc040868564408d5ce697f9 upstream

Impact: fix udelay when "notsc" boot parameter is passed

With notsc passed on commandline, tsc may not be used for
udelays, make sure that we do not use tsc_khz to calculate
the lpj value in such cases.

Reported-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Alok N Kataria <akataria@vmware.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoMTD: [NOR] Fix cfi_send_gen_cmd handling of x16 devices in x8 mode (v4)
Eric W. Biederman [Fri, 7 Nov 2008 00:08:33 +0000 (00:08 +0000)]
MTD: [NOR] Fix cfi_send_gen_cmd handling of x16 devices in x8 mode (v4)

commit 467622ef2acb01986eab37ef96c3632b3ea35999 upstream

For "unlock" cycles to 16bit devices in 8bit compatibility mode we need
to use the byte addresses 0xaaa and 0x555. These effectively match
the word address 0x555 and 0x2aa, except the latter has its low bit set.

Most chips don't care about the value of the 'A-1' pin in x8 mode,
but some -- like the ST M29W320D -- do. So we need to be careful to
set it where appropriate.

cfi_send_gen_cmd is only ever passed addresses where the low byte
is 0x00, 0x55 or 0xaa. Of those, only addresses ending 0xaa are
affected by this patch, by masking in the extra low bit when the device
is known to be in compatibility mode.

[dwmw2: Do it only when (cmd_ofs & 0xff) == 0xaa]
v4: Fix  stupid typo in cfi_build_cmd_addr that failed to compile
    I'm writing this patch way to late at night.
v3: Bring all of the work back into cfi_build_cmd_addr
    including calling of map_bankwidth(map) and cfi_interleave(cfi)
    So every caller doesn't need to.
v2: Only modified the address if we our device_type is larger than our
    bus width.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoARM: xsc3: fix xsc3_l2_inv_range
Dan Williams [Fri, 7 Nov 2008 00:07:15 +0000 (00:07 +0000)]
ARM: xsc3: fix xsc3_l2_inv_range

commit c7cf72dcadbe39c2077b32460f86c9f8167be3be upstream

When 'start' and 'end' are less than a cacheline apart and 'start' is
unaligned we are done after cleaning and invalidating the first
cacheline.  So check for (start < end) which will not walk off into
invalid address ranges when (start > end).

This issue was caught by drivers/dma/dmatest.

2.6.27 is susceptible.

Cc: <stable@kernel.org>
Cc: Haavard Skinnemoen <haavard.skinnemoen@atmel.com>
Cc: Lothar Wafmann <LW@KARO-electronics.de>
Cc: Lennert Buytenhek <buytenh@marvell.com>
Cc: Eric Miao <eric.miao@marvell.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoJFFS2: Fix lack of locking in thread_should_wake()
David Woodhouse [Fri, 7 Nov 2008 00:08:59 +0000 (00:08 +0000)]
JFFS2: Fix lack of locking in thread_should_wake()

commit b27cf88e9592953ae292d05324887f2f44979433 upstream

The thread_should_wake() function trawls through the list of 'very
dirty' eraseblocks, determining whether the background GC thread should
wake. Doing this without holding the appropriate locks is a bad idea.

OLPC Trac #8615

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoJFFS2: fix race condition in jffs2_lzo_compress()
Geert Uytterhoeven [Fri, 7 Nov 2008 00:08:19 +0000 (00:08 +0000)]
JFFS2: fix race condition in jffs2_lzo_compress()

commit dc8a0843a435b2c0891e7eaea64faaf1ebec9b11 upstream

deflate_mutex protects the globals lzo_mem and lzo_compress_buf.  However,
jffs2_lzo_compress() unlocks deflate_mutex _before_ it has copied out the
compressed data from lzo_compress_buf.  Correct this by moving the mutex
unlock after the copy.

In addition, document what deflate_mutex actually protects.

Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Acked-by: Richard Purdie <rpurdie@openedhand.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomd: fix bug in raid10 recovery.
Neil Brown [Fri, 7 Nov 2008 00:08:12 +0000 (00:08 +0000)]
md: fix bug in raid10 recovery.

commit a53a6c85756339f82ff19e001e90cfba2d6299a8 upstream

Adding a spare to a raid10 doesn't cause recovery to start.
This is due to an silly type in
  commit 6c2fce2ef6b4821c21b5c42c7207cb9cf8c87eda
and so is a bug in 2.6.27 and .28-rc.

Thanks to Thomas Backlund for bisecting to find this.

Cc: Thomas Backlund <tmb@mandriva.org>
Cc: George Spelvin <linux@horizon.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agomd: linear: Fix a division by zero bug for very small arrays.
Andre Noll [Fri, 7 Nov 2008 00:07:46 +0000 (00:07 +0000)]
md: linear: Fix a division by zero bug for very small arrays.

commit f1cd14ae52985634d0389e934eba25b5ecf24565 upstream

Date: Thu, 6 Nov 2008 19:41:24 +1100
Subject: md: linear: Fix a division by zero bug for very small arrays.

We currently oops with a divide error on starting a linear software
raid array consisting of at least two very small (< 500K) devices.

The bug is caused by the calculation of the hash table size which
tries to compute sector_div(sz, base) with "base" being zero due to
the small size of the component devices of the array.

Fix this by requiring the hash spacing to be at least one which
implies that also "base" is non-zero.

This bug has existed since about 2.6.14.

Signed-off-by: Andre Noll <maan@systemlinux.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocciss: new hardware support
Mike Miller [Thu, 6 Nov 2008 23:59:04 +0000 (23:59 +0000)]
cciss: new hardware support

commit 77ca7286d10b798e4907af941f29672bf484db77 upstream

cciss: new hardware support

Add support for 2 new SAS/SATA controllers.

Signed-off-by: Mike Miller <mike.miller@hp.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocciss: fix sysfs broken symlink regression
Mike Miller [Fri, 7 Nov 2008 00:06:50 +0000 (00:06 +0000)]
cciss: fix sysfs broken symlink regression

commit 404443081ce5e6f68b5f7eda16c959835ff200c0 upstream

Regression introduced by commit 6ae5ce8e8d4de666f31286808d2285aa6a50fa40
("cciss: remove redundant code").

This patch fixes a broken symlink in sysfs that was introduced by the
above commit.  We broke it in 2.6.27-rc on or about 20080804.  Some
installers are broken if this symlink does not exist and they may not
detect the logical drives configured on the controller.  It does not
require being backported into 2.6.26.x or earlier kernels.

Signed-off-by: Mike Miller <mike.miller@hp.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocciss: fix regression firmware not displayed in procfs
Mike Miller [Fri, 7 Nov 2008 00:06:36 +0000 (00:06 +0000)]
cciss: fix regression firmware not displayed in procfs

commit 22bece00dc1f28dd3374c55e464c9f02eb642876 upstream

This regression was introduced by commit
6ae5ce8e8d4de666f31286808d2285aa6a50fa40 ("cciss: remove redundant code").

This patch fixes a regression where the controller firmware version is not
displayed in procfs.  The previous patch would be called anytime something
changed.  This will get called only once for each controller.

Signed-off-by: Mike Miller <mike.miller@hp.com>
Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agohugetlbfs: handle pages higher order than MAX_ORDER
Andy Whitcroft [Fri, 7 Nov 2008 00:06:24 +0000 (00:06 +0000)]
hugetlbfs: handle pages higher order than MAX_ORDER

commit 69d177c2fc702d402b17fdca2190d5a7e3ca55c5 upstream

When working with hugepages, hugetlbfs assumes that those hugepages are
smaller than MAX_ORDER.  Specifically it assumes that the mem_map is
contigious and uses that to optimise access to the elements of the mem_map
that represent the hugepage.  Gigantic pages (such as 16GB pages on
powerpc) by definition are of greater order than MAX_ORDER (larger than
MAX_ORDER_NR_PAGES in size).  This means that we can no longer make use of
the buddy alloctor guarentees for the contiguity of the mem_map, which
ensures that the mem_map is at least contigious for maximmally aligned
areas of MAX_ORDER_NR_PAGES pages.

This patch adds new mem_map accessors and iterator helpers which handle
any discontiguity at MAX_ORDER_NR_PAGES boundaries.  It then uses these to
implement gigantic page versions of copy_huge_page and clear_huge_page,
and to allow follow_hugetlb_page handle gigantic pages.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Cc: Jon Tollefson <kniht@linux.vnet.ibm.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agohugetlb: pull gigantic page initialisation out of the default path
Andy Whitcroft [Fri, 7 Nov 2008 00:06:05 +0000 (00:06 +0000)]
hugetlb: pull gigantic page initialisation out of the default path

commit 18229df5b613ed0732a766fc37850de2e7988e43 upstream

As we can determine exactly when a gigantic page is in use we can optimise
the common regular page cases by pulling out gigantic page initialisation
into its own function.  As gigantic pages are never released to buddy we
do not need a destructor.  This effectivly reverts the previous change to
the main buddy allocator.  It also adds a paranoid check to ensure we
never release gigantic pages from hugetlbfs to the main buddy.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Cc: Jon Tollefson <kniht@linux.vnet.ibm.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agocgroups: fix invalid cgrp->dentry before cgroup has been completely removed
Li Zefan [Fri, 7 Nov 2008 00:05:48 +0000 (00:05 +0000)]
cgroups: fix invalid cgrp->dentry before cgroup has been completely removed

commit 24eb089950ce44603b30a3145a2c8520e2b55bb1 upstream

This fixes an oops when reading /proc/sched_debug.

A cgroup won't be removed completely until finishing cgroup_diput(), so we
shouldn't invalidate cgrp->dentry in cgroup_rmdir().  Otherwise, when a
group is being removed while cgroup_path() gets called, we may trigger
NULL dereference BUG.

The bug can be reproduced:

 # cat test.sh
 #!/bin/sh
 mount -t cgroup -o cpu xxx /mnt
 for (( ; ; ))
 {
mkdir /mnt/sub
rmdir /mnt/sub
 }
 # ./test.sh &
 # cat /proc/sched_debug

BUG: unable to handle kernel NULL pointer dereference at 00000038
IP: [<c045a47f>] cgroup_path+0x39/0x90
..
Call Trace:
 [<c0420344>] ? print_cfs_rq+0x6e/0x75d
 [<c0421160>] ? sched_debug_show+0x72d/0xc1e
..

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Paul Menage <menage@google.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: fix macro with bad_bios_dmi_table
Yinghai Lu [Tue, 23 Sep 2008 07:35:33 +0000 (00:35 -0700)]
x86: fix macro with bad_bios_dmi_table

commit a8b71a2810386a5ac8f43d2095fe3355f0d8db37 upstream.

DMI tables need a blank NULL tail.

fixes the crash on Ingo's test box.

Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: fix CONFIG_X86_RESERVE_LOW_64K=y
Yinghai Lu [Mon, 22 Sep 2008 09:52:26 +0000 (02:52 -0700)]
x86: fix CONFIG_X86_RESERVE_LOW_64K=y

commit 2216d199b1430d1c0affb1498a9ebdbd9c0de439 upstream

The bad_bios_dmi_table() quirk never triggered because we do DMI setup
too late. Move it a bit earlier.

Also change the CONFIG_X86_RESERVE_LOW_64K quirk to operate on the e820
table directly instead of messing with early reservations - this handles
overlaps (which do occur in this low range of RAM) more gracefully.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: add X86_RESERVE_LOW_64K
Ingo Molnar [Tue, 16 Sep 2008 08:07:34 +0000 (10:07 +0200)]
x86: add X86_RESERVE_LOW_64K

commit fc38151947477596aa27df6c4306ad6008dc6711 upstream.

This bugzilla:

  http://bugzilla.kernel.org/show_bug.cgi?id=11237

Documents a wide range of systems where the BIOS utilizes the first
64K of physical memory during suspend/resume and other hardware events.

Currently we reserve this memory on all AMI and Phoenix BIOS systems.
Life is too short to hunt subtle memory corruption problems like this,
so we try to be robust by default.

Still, allow this to be overriden: allow users who want that first 64K
of memory to be available to the kernel disable the quirk, via
CONFIG_X86_RESERVE_LOW_64K=n.

Also, allow the early reservation to overlap with other
early reservations.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: reserve low 64K on AMI and Phoenix BIOS boxen
Ingo Molnar [Tue, 16 Sep 2008 07:58:02 +0000 (09:58 +0200)]
x86: reserve low 64K on AMI and Phoenix BIOS boxen

commit 1e22436eba84edfec9c25e5a25d09062c4f91ca9 upstream

there's multiple reports about suspend/resume related low memory
corruption in this bugzilla:

  http://bugzilla.kernel.org/show_bug.cgi?id=11237

the common pattern is that the corruption is caused by the BIOS,
and that it affects some portion of the first 64K of physical RAM.

So add a DMI quirk

This will waste 64K RAM on 'good' systems too, but without knowing
the exact nature of this BIOS memory corruption this is the safest
approach.

This might as well solve a wide range of suspend/resume breakages
under Linux.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agox86: add DMI quirk for AMI BIOS which corrupts address 0xc000 during resume
Ingo Molnar [Tue, 16 Sep 2008 07:29:09 +0000 (09:29 +0200)]
x86: add DMI quirk for AMI BIOS which corrupts address 0xc000 during resume

commit 5649b7c30316a51792808422ac03ee825d26aa5e upstream

Alan Jenkins and Andy Wettstein reported a suspend/resume memory
corruption bug and extensively documented it here:

   http://bugzilla.kernel.org/show_bug.cgi?id=11237

The bug is that the BIOS overwrites 1K of memory at 0xc000 physical,
without registering it in e820 as reserved or giving the kernel any
idea about this.

Detect AMI BIOSen and reserve that 1K.

We paint this bug around with a very broad brush (reserving that 1K on all
AMI BIOS systems), as the bug was extremely hard to find and needed several
weeks and lots of debugging and patching.

The bug was found via the CONFIG_X86_CHECK_BIOS_CORRUPTION=y debug feature,
if similar bugs are suspected then this feature can be enabled on other
systems as well to scan low memory for corrupted memory.

Reported-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Reported-by: Andy Wettstein <ajw1980@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 years agoext3: wait on all pending commits in ext3_sync_fs
Arthur Jones [Fri, 7 Nov 2008 00:05:17 +0000 (00:05 +0000)]
ext3: wait on all pending commits in ext3_sync_fs

commit c87591b719737b4e91eb1a9fa8fd55a4ff1886d6 upstream

In ext3_sync_fs, we only wait for a commit to finish if we started it, but
there may be one already in progress which will not be synced.

In the case of a data=ordered umount with pending long symlinks which are
delayed due to a long list of other I/O on the backing block device, this
causes the buffer associated with the long symlinks to not be moved to the
inode dirty list in the second phase of fsync_super.  Then, before they
can be dirtied again, kjournald exits, seeing the UMOUNT flag and the
dirty pages are never written to the backing block device, causing long
symlink corruption and exposing new or previously freed block data to
userspace.

This can be reproduced with a script created
by Eric Sandeen <sandeen@redhat.com>:

#!/bin/bash

umount /mnt/test2
mount /dev/sdb4 /mnt/test2
rm -f /mnt/test2/*
dd if=/dev/zero of=/mnt/test2/bigfile bs=1M count=512
touch
/mnt/test2/thisisveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryverylongfilename
ln -s
/mnt/test2/thisisveryveryveryveryveryveryveryveryveryveryveryveryveryveryveryverylongfilename
/mnt/test2/link
umount /mnt/test2
mount /dev/sdb4 /mnt/test2
ls /mnt/test2/
umount /mnt/test2

To ensure all commits are synced, we flush all journal commits now when
sync_fs'ing ext3.

Signed-off-by: Arthur Jones <ajones@riverbed.com>
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoLinux 2.6.27.5 v2.6.27.5
Greg Kroah-Hartman [Fri, 7 Nov 2008 17:55:34 +0000 (09:55 -0800)]
Linux 2.6.27.5

16 years agonet: Fix recursive descent in __scm_destroy().
David Miller [Thu, 6 Nov 2008 08:37:40 +0000 (00:37 -0800)]
net: Fix recursive descent in __scm_destroy().

commit f8d570a4745835f2238a33b537218a1bb03fc671 and
3b53fbf4314594fa04544b02b2fc6e607912da18 upstream (because once wasn't
good enough...)

__scm_destroy() walks the list of file descriptors in the scm_fp_list
pointed to by the scm_cookie argument.

Those, in turn, can close sockets and invoke __scm_destroy() again.

There is nothing which limits how deeply this can occur.

The idea for how to fix this is from Linus.  Basically, we do all of
the fput()s at the top level by collecting all of the scm_fp_list
objects hit by an fput().  Inside of the initial __scm_destroy() we
keep running the list until it is empty.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agofile caps: always start with clear bprm->caps_*
Serge Hallyn [Thu, 30 Oct 2008 16:52:23 +0000 (11:52 -0500)]
file caps: always start with clear bprm->caps_*

commit 3318a386e4ca68c76e0294363d29bdc46fcad670 upstream

While Linux doesn't honor setuid on scripts.  However, it mistakenly
behaves differently for file capabilities.

This patch fixes that behavior by making sure that get_file_caps()
begins with empty bprm->caps_*.  That way when a script is loaded,
its bprm->caps_* may be filled when binfmt_misc calls prepare_binprm(),
but they will be cleared again when binfmt_elf calls prepare_binprm()
next to read the interpreter's file capabilities.

Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agobonding: fix panic when taking bond interface down before removing module
Andy Gospodarek [Fri, 31 Oct 2008 00:41:16 +0000 (17:41 -0700)]
bonding: fix panic when taking bond interface down before removing module

commit ce39a800ea87c655de49af021c8b20ee323cb40d upstream.

A panic was discovered with bonding when using mode 5 or 6 and trying to
remove the slaves from the bond after the interface was taken down.
When calling 'ifconfig bond0 down' the following happens:

    bond_close()
        bond_alb_deinitialize()
            tlb_deinitialize()
kfree(bond_info->tx_hashtbl)
                bond_info->tx_hashtbl = NULL

Unfortunately if there are still slaves in the bond, when removing the
module the following happens:

    bonding_exit()
        bond_free_all()
            bond_release_all()
                bond_alb_deinit_slave()
                    tlb_clear_slave()
                        tx_hash_table = BOND_ALB_INFO(bond).tx_hashtbl
u32 next_index = tx_hash_table[index].next

As you might guess we panic when trying to access a few entries into the
table that no longer exists.

I experimented with several options (like moving the calls to
tlb_deinitialize somewhere else), but it really makes the most sense to
be part of the bond_close routine.  It also didn't seem logical move
tlb_clear_slave around too much, so the simplest option seems to add a
check in tlb_clear_slave to make sure we haven't already wiped the
tx_hashtbl away before searching for all the non-existent hash-table
entries that used to point to the slave as the output interface.

Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agohfsplus: check read_mapping_page() return value
Eric Sesterhenn [Thu, 16 Oct 2008 05:04:10 +0000 (22:04 -0700)]
hfsplus: check read_mapping_page() return value

While testing more corrupted images with hfsplus, i came across
one which triggered the following bug:

[15840.675016] BUG: unable to handle kernel paging request at fffffffb
[15840.675016] IP: [<c0116a4f>] kmap+0x15/0x56
[15840.675016] *pde = 00008067 *pte = 00000000
[15840.675016] Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC
[15840.675016] Modules linked in:
[15840.675016]
[15840.675016] Pid: 11575, comm: ln Not tainted (2.6.27-rc4-00123-gd3ee1b4-dirty #29)
[15840.675016] EIP: 0060:[<c0116a4f>] EFLAGS: 00010202 CPU: 0
[15840.675016] EIP is at kmap+0x15/0x56
[15840.675016] EAX: 00000246 EBX: fffffffb ECX: 00000000 EDX: cab919c0
[15840.675016] ESI: 000007dd EDI: cab0bcf4 EBP: cab0bc98 ESP: cab0bc94
[15840.675016]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[15840.675016] Process ln (pid: 11575, ti=cab0b000 task=cab919c0 task.ti=cab0b000)
[15840.675016] Stack: 00000000 cab0bcdc c0231cfb 00000000 cab0bce0 00000800 ca9290c0 fffffffb
[15840.675016]        cab145d0 cab919c0 cab15998 22222222 22222222 22222222 00000001 cab15960
[15840.675016]        000007dd cab0bcf4 cab0bd04 c022cb3a cab0bcf4 cab15a6c ca9290c0 00000000
[15840.675016] Call Trace:
[15840.675016]  [<c0231cfb>] ? hfsplus_block_allocate+0x6f/0x2d3
[15840.675016]  [<c022cb3a>] ? hfsplus_file_extend+0xc4/0x1db
[15840.675016]  [<c022ce41>] ? hfsplus_get_block+0x8c/0x19d
[15840.675016]  [<c06adde4>] ? sub_preempt_count+0x9d/0xab
[15840.675016]  [<c019ece6>] ? __block_prepare_write+0x147/0x311
[15840.675016]  [<c0161934>] ? __grab_cache_page+0x52/0x73
[15840.675016]  [<c019ef4f>] ? block_write_begin+0x79/0xd5
[15840.675016]  [<c022cdb5>] ? hfsplus_get_block+0x0/0x19d
[15840.675016]  [<c019f22a>] ? cont_write_begin+0x27f/0x2af
[15840.675016]  [<c022cdb5>] ? hfsplus_get_block+0x0/0x19d
[15840.675016]  [<c0139ebe>] ? tick_program_event+0x28/0x4c
[15840.675016]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[15840.675016]  [<c022b723>] ? hfsplus_write_begin+0x2d/0x32
[15840.675016]  [<c022cdb5>] ? hfsplus_get_block+0x0/0x19d
[15840.675016]  [<c0161988>] ? pagecache_write_begin+0x33/0x107
[15840.675016]  [<c01879e5>] ? __page_symlink+0x3c/0xae
[15840.675016]  [<c019ad34>] ? __mark_inode_dirty+0x12f/0x137
[15840.675016]  [<c0187a70>] ? page_symlink+0x19/0x1e
[15840.675016]  [<c022e6eb>] ? hfsplus_symlink+0x41/0xa6
[15840.675016]  [<c01886a9>] ? vfs_symlink+0x99/0x101
[15840.675016]  [<c018a2f6>] ? sys_symlinkat+0x6b/0xad
[15840.675016]  [<c018a348>] ? sys_symlink+0x10/0x12
[15840.675016]  [<c01038bd>] ? sysenter_do_call+0x12/0x31
[15840.675016]  =======================
[15840.675016] Code: 00 00 75 10 83 3d 88 2f ec c0 02 75 07 89 d0 e8 12 56 05 00 5d c3 55 ba 06 00 00 00 89 e5 53 89 c3 b8 3d eb 7e c0 e8 16 74 00 00 <8b> 03 c1 e8 1e 69 c0 d8 02 00 00 05 b8 69 8e c0 2b 80 c4 02 00
[15840.675016] EIP: [<c0116a4f>] kmap+0x15/0x56 SS:ESP 0068:cab0bc94
[15840.675016] ---[ end trace 4fea40dad6b70e5f ]---

This happens because the return value of read_mapping_page() is passed on
to kmap unchecked.  The bug is triggered after the first
read_mapping_page() in hfsplus_block_allocate(), this patch fixes all
three usages in this functions but leaves the ones further down in the
file unchanged.

Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Cc: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agohfsplus: fix Buffer overflow with a corrupted image
Eric Sesterhenn [Thu, 16 Oct 2008 05:04:08 +0000 (22:04 -0700)]
hfsplus: fix Buffer overflow with a corrupted image

commit efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 upstream

When an hfsplus image gets corrupted it might happen that the catalog
namelength field gets b0rked.  If we mount such an image the memcpy() in
hfsplus_cat_build_key_uni() writes more than the 255 that fit in the name
field.  Depending on the size of the overwritten data, we either only get
memory corruption or also trigger an oops like this:

[  221.628020] BUG: unable to handle kernel paging request at c82b0000
[  221.629066] IP: [<c022d4b1>] hfsplus_find_cat+0x10d/0x151
[  221.629066] *pde = 0ea29163 *pte = 082b0160
[  221.629066] Oops: 0002 [#1] PREEMPT DEBUG_PAGEALLOC
[  221.629066] Modules linked in:
[  221.629066]
[  221.629066] Pid: 4845, comm: mount Not tainted (2.6.27-rc4-00123-gd3ee1b4-dirty #28)
[  221.629066] EIP: 0060:[<c022d4b1>] EFLAGS: 00010206 CPU: 0
[  221.629066] EIP is at hfsplus_find_cat+0x10d/0x151
[  221.629066] EAX: 00000029 EBX: 00016210 ECX: 000042c2 EDX: 00000002
[  221.629066] ESI: c82d70ca EDI: c82b0000 EBP: c82d1bcc ESP: c82d199c
[  221.629066]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[  221.629066] Process mount (pid: 4845, ti=c82d1000 task=c8224060 task.ti=c82d1000)
[  221.629066] Stack: c080b3c4 c82aa8f8 c82d19c2 00016210 c080b3be c82d1bd4 c82aa8f0 00000300
[  221.629066]        01000000 750008b1 74006e00 74006900 65006c00 c82d6400 c013bd35 c8224060
[  221.629066]        00000036 00000046 c82d19f0 00000082 c8224548 c8224060 00000036 c0d653cc
[  221.629066] Call Trace:
[  221.629066]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[  221.629066]  [<c013bca3>] ? trace_hardirqs_off_caller+0x14/0x9b
[  221.629066]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[  221.629066]  [<c013bca3>] ? trace_hardirqs_off_caller+0x14/0x9b
[  221.629066]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[  221.629066]  [<c0107aa3>] ? native_sched_clock+0x82/0x96
[  221.629066]  [<c01302d2>] ? __kernel_text_address+0x1b/0x27
[  221.629066]  [<c010487a>] ? dump_trace+0xca/0xd6
[  221.629066]  [<c0109e32>] ? save_stack_address+0x0/0x2c
[  221.629066]  [<c0109eaf>] ? save_stack_trace+0x1c/0x3a
[  221.629066]  [<c013b571>] ? save_trace+0x37/0x8d
[  221.629066]  [<c013b62e>] ? add_lock_to_list+0x67/0x8d
[  221.629066]  [<c013ea1c>] ? validate_chain+0x8a4/0x9f4
[  221.629066]  [<c013553d>] ? down+0xc/0x2f
[  221.629066]  [<c013f1f6>] ? __lock_acquire+0x68a/0x6e0
[  221.629066]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[  221.629066]  [<c013bca3>] ? trace_hardirqs_off_caller+0x14/0x9b
[  221.629066]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[  221.629066]  [<c0107aa3>] ? native_sched_clock+0x82/0x96
[  221.629066]  [<c013da5d>] ? mark_held_locks+0x43/0x5a
[  221.629066]  [<c013dc3a>] ? trace_hardirqs_on+0xb/0xd
[  221.629066]  [<c013dbf4>] ? trace_hardirqs_on_caller+0xf4/0x12f
[  221.629066]  [<c06abec8>] ? _spin_unlock_irqrestore+0x42/0x58
[  221.629066]  [<c013555c>] ? down+0x2b/0x2f
[  221.629066]  [<c022aa68>] ? hfsplus_iget+0xa0/0x154
[  221.629066]  [<c022b0b9>] ? hfsplus_fill_super+0x280/0x447
[  221.629066]  [<c0107aa3>] ? native_sched_clock+0x82/0x96
[  221.629066]  [<c013bca3>] ? trace_hardirqs_off_caller+0x14/0x9b
[  221.629066]  [<c013bca3>] ? trace_hardirqs_off_caller+0x14/0x9b
[  221.629066]  [<c013f1f6>] ? __lock_acquire+0x68a/0x6e0
[  221.629066]  [<c041c9e4>] ? string+0x2b/0x74
[  221.629066]  [<c041cd16>] ? vsnprintf+0x2e9/0x512
[  221.629066]  [<c010487a>] ? dump_trace+0xca/0xd6
[  221.629066]  [<c0109eaf>] ? save_stack_trace+0x1c/0x3a
[  221.629066]  [<c0109eaf>] ? save_stack_trace+0x1c/0x3a
[  221.629066]  [<c013b571>] ? save_trace+0x37/0x8d
[  221.629066]  [<c013b62e>] ? add_lock_to_list+0x67/0x8d
[  221.629066]  [<c013ea1c>] ? validate_chain+0x8a4/0x9f4
[  221.629066]  [<c01354d3>] ? up+0xc/0x2f
[  221.629066]  [<c013f1f6>] ? __lock_acquire+0x68a/0x6e0
[  221.629066]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[  221.629066]  [<c013bca3>] ? trace_hardirqs_off_caller+0x14/0x9b
[  221.629066]  [<c013bd35>] ? trace_hardirqs_off+0xb/0xd
[  221.629066]  [<c0107aa3>] ? native_sched_clock+0x82/0x96
[  221.629066]  [<c041cfb7>] ? snprintf+0x1b/0x1d
[  221.629066]  [<c01ba466>] ? disk_name+0x25/0x67
[  221.629066]  [<c0183960>] ? get_sb_bdev+0xcd/0x10b
[  221.629066]  [<c016ad92>] ? kstrdup+0x2a/0x4c
[  221.629066]  [<c022a7b3>] ? hfsplus_get_sb+0x13/0x15
[  221.629066]  [<c022ae39>] ? hfsplus_fill_super+0x0/0x447
[  221.629066]  [<c0183583>] ? vfs_kern_mount+0x3b/0x76
[  221.629066]  [<c0183602>] ? do_kern_mount+0x32/0xba
[  221.629066]  [<c01960d4>] ? do_new_mount+0x46/0x74
[  221.629066]  [<c0196277>] ? do_mount+0x175/0x193
[  221.629066]  [<c013dbf4>] ? trace_hardirqs_on_caller+0xf4/0x12f
[  221.629066]  [<c01663b2>] ? __get_free_pages+0x1e/0x24
[  221.629066]  [<c06ac07b>] ? lock_kernel+0x19/0x8c
[  221.629066]  [<c01962e6>] ? sys_mount+0x51/0x9b
[  221.629066]  [<c01962f9>] ? sys_mount+0x64/0x9b
[  221.629066]  [<c01038bd>] ? sysenter_do_call+0x12/0x31
[  221.629066]  =======================
[  221.629066] Code: 89 c2 c1 e2 08 c1 e8 08 09 c2 8b 85 e8 fd ff ff 66 89 50 06 89 c7 53 83 c7 08 56 57 68 c4 b3 80 c0 e8 8c 5c ef ff 89 d9 c1 e9 02 <f3> a5 89 d9 83 e1 03 74 02 f3 a4 83 c3 06 8b 95 e8 fd ff ff 0f
[  221.629066] EIP: [<c022d4b1>] hfsplus_find_cat+0x10d/0x151 SS:ESP 0068:c82d199c
[  221.629066] ---[ end trace e417a1d67f0d0066 ]---

Since hfsplus_cat_build_key_uni() returns void and only has one callsite,
the check is performed at the callsite.

Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoInput: atkbd - expand Latitude's force release quirk to other Dells
Matthew Garrett [Fri, 31 Oct 2008 21:29:07 +0000 (17:29 -0400)]
Input: atkbd - expand Latitude's force release quirk to other Dells

commit 61579ba83934d397a4fa2bb7372de9ae112587d5 upstream.

Input: atkbd - expand Latitude's force release quirk to other Dells

Dell laptops fail to send key up events for several of their special
keys. There's an existing quirk in the kernel to handle this, but it's
limited to the Latitude range. This patch extends it to cover all
portable Dells.

Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoACPI: Clear WAK_STS on resume
Matthew Garrett [Fri, 31 Oct 2008 21:27:16 +0000 (17:27 -0400)]
ACPI: Clear WAK_STS on resume

commit a68823ee5285e65b51ceb96f8b13a5b4f99a6888 upstream.

ACPI: Clear WAK_STS on resume

The leading other brand OS appears to clear the WAK_STS flag on resume.
When rebooted, certain BIOSes assume that the system is actually
resuming if it's still set and so fail to reboot correctly. Make sure
that it's cleared at resume time.

Comment clarified as suggested by Bob Moore

http://bugzilla.kernel.org/show_bug.cgi?id=11634

Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Romano Giannetti <romano.giannetti@gmail.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoACPI: Ingore the RESET_REG_SUP bit when using ACPI reset mechanism
Zhao Yakui [Fri, 31 Oct 2008 21:25:45 +0000 (17:25 -0400)]
ACPI: Ingore the RESET_REG_SUP bit when using ACPI reset mechanism

commit 8fd145917fb62368a9b80db59562c20576238f5a upstream

ACPI: Ingore the RESET_REG_SUP bit when using ACPI reset mechanism

According to ACPI 3.0, FADT.flags.RESET_REG_SUP indicates
whether the ACPI reboot mechanism is supported.

However, some boxes have this bit clear, have a valid
ACPI_RESET_REG & RESET_VALUE, and ACPI reboot is the only
mechanism that works for them after S3.

This suggests that other operating systems may not be checking
the RESET_REG_SUP bit, and are using other means to decide
whether to use the ACPI reboot mechanism or not.

Here we stop checking RESET_REG_SUP.
Instead, When acpi reboot is requested,
only the reset_register is checked. If the following
conditions are met, it indicates that the reset register is supported.
a. reset_register is not zero
b. the access width is eight
c. the bit_offset is zero

http://bugzilla.kernel.org/show_bug.cgi?id=7299
http://bugzilla.kernel.org/show_bug.cgi?id=1148

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agolibata: Fix LBA48 on pata_it821x RAID volumes.
Ondrej Zary [Fri, 31 Oct 2008 21:16:43 +0000 (17:16 -0400)]
libata: Fix LBA48 on pata_it821x RAID volumes.

commit 054e5f616b5becdc096b793407dc33fe379749ac upstream

libata: Fix LBA48 on pata_it821x RAID volumes.

[http://lkml.org/lkml/2008/10/18/82]

Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoACPI: EC: Check for IBF=0 periodically if not in GPE mode
Alexey Starikovskiy [Wed, 15 Oct 2008 22:02:33 +0000 (02:02 +0400)]
ACPI: EC: Check for IBF=0 periodically if not in GPE mode

commit c0ff17720ec5f42205b3d2ca03a18da0a8272976 upstream.

Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Tested-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoACPI: EC: Rename some variables
Alexey Starikovskiy [Thu, 25 Sep 2008 20:54:28 +0000 (00:54 +0400)]
ACPI: EC: Rename some variables

commit 8463200a00fe2aea938b40173198a0983f2929ef upstream
(needed by the next patch)

No functional changes.

Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Acked-by: Rafael J. Wysocki <rjw@suse.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoACPI: EC: do transaction from interrupt context
Alexey Starikovskiy [Thu, 25 Sep 2008 17:00:31 +0000 (21:00 +0400)]
ACPI: EC: do transaction from interrupt context

commit 7c6db4e050601f359081fde418ca6dc4fc2d0011 upstream.

It is easier and faster to do transaction directly from interrupt context
rather than waking control thread.
Also, cleaner GPE storm avoidance is implemented.
References:  http://bugzilla.kernel.org/show_bug.cgi?id=9998
http://bugzilla.kernel.org/show_bug.cgi?id=10724
http://bugzilla.kernel.org/show_bug.cgi?id=10919
http://bugzilla.kernel.org/show_bug.cgi?id=11309
http://bugzilla.kernel.org/show_bug.cgi?id=11549

Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Tested-by: Sitsofe Wheeler <sitsofe@yahoo.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosata_nv: fix generic, nf2/3 detection regression
Tejun Heo [Mon, 3 Nov 2008 03:37:49 +0000 (12:37 +0900)]
sata_nv: fix generic, nf2/3 detection regression

commit 3c324283e6cdb79210cf7975c3e40d3ba3e672b2 upstream

All three flavors of sata_nv's are different in how their hardreset
behaves.

* generic: Hardreset is not reliable.  Link often doesn't come online
  after hardreset.

* nf2/3: A little bit better - link comes online with longer debounce
  timing.  However, nf2/3 can't reliable wait for the first D2H
  Register FIS, so it can't wait for device readiness or classify the
  device after hardreset.  Follow-up SRST required.

* ck804: Hardreset finally works.

The core layer change to prefer hardreset and follow up changes
exposed the above issues and caused various detection regressions for
all three flavors.  This patch, hopefully, fixes all the known issues
and should make sata_nv error handling more reliable.

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosata_promise: add ATA engine reset to reset ops
Mikael Pettersson [Fri, 31 Oct 2008 07:03:55 +0000 (08:03 +0100)]
sata_promise: add ATA engine reset to reset ops

commit cadef677e4a9b9c1d069675043767df486782986 upstream

Promise ATA engines need to be reset when errors occur.
That's currently done for errors detected by sata_promise itself,
but it's not done for errors like timeouts detected outside of
the low-level driver.

The effect of this omission is that a timeout tends to result
in a sequence of failed COMRESETs after which libata EH gives
up and disables the port. At that point the port's ATA engine
hangs and even reloading the driver will not resume it.

To fix this, make sata_promise override ->hardreset on SATA
ports with code which calls pdc_reset_port() on the port in
question before calling libata's hardreset. PATA ports don't
use ->hardreset, so for those we override ->softreset instead.

Signed-off-by: Mikael Pettersson <mikpe@it.uu.se>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agox86: register a platform RTC device if PNP doesn't describe it
Bjorn Helgaas [Sun, 26 Oct 2008 22:57:33 +0000 (18:57 -0400)]
x86: register a platform RTC device if PNP doesn't describe it

commit 758a7f7bb86b520aadc484f23da85e547b3bf3d8 upstream

x86: register a platform RTC device if PNP doesn't describe it

Most if not all x86 platforms have an RTC device, but sometimes the RTC
is not exposed as a PNP0b00/PNP0b01/PNP0b02 device in PNPBIOS or ACPI:

    http://bugzilla.kernel.org/show_bug.cgi?id=11580
    https://bugzilla.redhat.com/show_bug.cgi?id=451188

It's best if we can discover the RTC via PNP because then we know
which flavor of device it is, where it lives, and which IRQ it uses.

But if we can't, we should register a platform device using the
compiled-in RTC_PORT/RTC_IRQ resource assumptions.

Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Reported-by: Rik Theys <rik.theys@esat.kuleuven.be>
Reported-by: shr_msn@yahoo.com.tw
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoUSB: storage: Avoid I/O errors when issuing SCSI ioctls to JMicron USB/ATA bridge
Phil Dibowitz [Sun, 26 Oct 2008 22:25:10 +0000 (18:25 -0400)]
USB: storage: Avoid I/O errors when issuing SCSI ioctls to JMicron USB/ATA bridge

commit 3030ca4cf4abbdd2dd850a14d20e9fca5937ffb5 upstream

USB: storage: Avoid I/O errors when issuing SCSI ioctls to JMicron USB/ATA bridge

Here's the patch that implements the fix you suggested to avoid the
I/O errors that I was running into with my new USB enclosure with a
JMicron USB/ATA bridge, while issuing scsi-io USN or other such
queries used by Fedora's mkinitrd.
http://bugzilla.kernel.org/show_bug.cgi?id=9638#c85

/proc/bus/usb/devices:
T:  Bus=01 Lev=01 Prnt=01 Port=07 Cnt=04 Dev#=  5 Spd=480 MxCh= 0
D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=152d ProdID=2329 Rev= 1.00
S:  Manufacturer=JMicron
S:  Product=USB to ATA/ATAPI Bridge
S:  SerialNumber=DE5088854FFF
C:* #Ifs= 1 Cfg#= 1 Atr=c0 MxPwr=  2mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms

(patch applied and retested on a modified 2.6.27.2-libre.24.rc1.fc10)

Signed-off-by: Phil Dibowitz <phil@ipom.com>
Cc: Alexandre Oliva <oliva@lsd.ic.unicamp.br>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agortc-cmos: look for PNP RTC first, then for platform RTC
Bjorn Helgaas [Sun, 26 Oct 2008 22:56:04 +0000 (18:56 -0400)]
rtc-cmos: look for PNP RTC first, then for platform RTC

commit 72f22b1eb6ca5e4676a632a04d40d46cb61d4562 upstream

rtc-cmos: look for PNP RTC first, then for platform RTC

We shouldn't rely on "pnp_platform_devices" to tell us whether there
is a PNP RTC device.

I introduced "pnp_platform_devices", but I think it was a mistake.
All it tells us is whether we found any PNPBIOS or PNPACPI devices.
Many machines have some PNP devices, but do not describe the RTC
via PNP.  On those machines, we need to do the platform driver probe
to find the RTC.

We should just register the PNP driver and see whether it claims anything.
If we don't find a PNP RTC, fall back to the platform driver probe.

This (in conjunction with the arch/x86/kernel/rtc.c patch to add
a platform RTC device when PNP doesn't have one) should resolve
these issues:

    http://bugzilla.kernel.org/show_bug.cgi?id=11580
    https://bugzilla.redhat.com/show_bug.cgi?id=451188

Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Reported-by: Rik Theys <rik.theys@esat.kuleuven.be>
Reported-by: shr_msn@yahoo.com.tw
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agox86: avoid dereferencing beyond stack + THREAD_SIZE
David Rientjes [Sun, 26 Oct 2008 22:13:59 +0000 (18:13 -0400)]
x86: avoid dereferencing beyond stack + THREAD_SIZE

commit e1e23bb0513520035ec934fa3483507cb6648b7c upstream

x86: avoid dereferencing beyond stack + THREAD_SIZE

It's possible for get_wchan() to dereference past task->stack + THREAD_SIZE
while iterating through instruction pointers if fp equals the upper boundary,
causing a kernel panic.

Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosched_clock: prevent scd->clock from moving backwards
Dave Kleikamp [Sun, 26 Oct 2008 22:20:14 +0000 (18:20 -0400)]
sched_clock: prevent scd->clock from moving backwards

commit 5b7dba4ff834259a5623e03a565748704a8fe449 upstream

sched_clock: prevent scd->clock from moving backwards

When sched_clock_cpu() couples the clocks between two cpus, it may
increment scd->clock beyond the GTOD tick window that __update_sched_clock()
uses to clamp the clock.  A later call to __update_sched_clock() may move
the clock back to scd->tick_gtod + TICK_NSEC, violating the clock's
monotonic property.

This patch ensures that scd->clock will not be set backward.

Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agosched: disable the hrtick for now
Ingo Molnar [Sun, 26 Oct 2008 22:21:40 +0000 (18:21 -0400)]
sched: disable the hrtick for now

commit 0c4b83da58ec2e96ce9c44c211d6eac5f9dae478 upstream

sched: disable the hrtick for now

David Miller reported that hrtick update overhead has tripled the
wakeup overhead on Sparc64.

That is too much - disable the HRTICK feature for now by default,
until a faster implementation is found.

Reported-by: David Miller <davem@davemloft.net>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoPCI: fix 64-vbit prefetchable memory resource BARs
Peter Chubb [Mon, 13 Oct 2008 00:49:04 +0000 (11:49 +1100)]
PCI: fix 64-vbit prefetchable memory resource BARs

commit e354597cce8d219d135d65e585dc4f30323486b9 upstream.

Since patch 6ac665c63dcac8fcec534a1d224ecbb8b867ad59 my infiniband
controller hasn't worked.  This is because it has 64-bit prefetchable
memory, which was mistakenly being  taken to be 32-bit memory.  The
resource flags in this case are PCI_BASE_ADDRESS_MEM_TYPE_64 |
PCI_BASE_ADDRESS_MEM_PREFETCH.

This patch checks only for the PCI_BASE_ADDRESS_MEM_TYPE_64 bit; thus
whether the region is prefetchable or not is ignored.  This fixes my
Infiniband.

Reviewed-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: Peter Chubb <peterc@gelato.unsw.edu.au>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoDVB: s5h1411: Power down s5h1411 when not in use
Devin Heitmueller [Mon, 3 Nov 2008 04:04:50 +0000 (23:04 -0500)]
DVB: s5h1411: Power down s5h1411 when not in use

cherry picked from commit 11fc9a4a440112b5afc1a99d86ba92d70205a688

DVB: s5h1411: Power down s5h1411 when not in use

Power down the s5h1411 demodulator when not in use
(on the Pinnacle 801e, this brings idle power from
123ma down to 84ma).

Signed-off-by: Devin Heitmueller <devin.heitmueller@gmail.com>
Acked-by: Steven Toth <stoth@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoDVB: s5h1411: Perform s5h1411 soft reset after tuning
Devin Heitmueller [Mon, 3 Nov 2008 04:04:47 +0000 (23:04 -0500)]
DVB: s5h1411: Perform s5h1411 soft reset after tuning

cherry picked from commit f0d041e50bc6c8a677922d72b010f80af9b23b18

DVB: s5h1411: Perform s5h1411 soft reset after tuning

If you instruct the tuner to change frequencies, it can take up to 2500ms to
get a demod lock.  By performing a soft reset after the tuning call (which
is consistent with how the Pinnacle 801e Windows driver behaves), you get
a demod lock inside of 300ms

Signed-off-by: Devin Heitmueller <devin.heitmueller@gmail.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Acked-by: Steven Toth <stoth@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 years agoDVB: s5h1411: bugfix: Setting serial or parallel mode could destroy bits
Steven Toth [Mon, 3 Nov 2008 04:04:44 +0000 (23:04 -0500)]
DVB: s5h1411: bugfix: Setting serial or parallel mode could destroy bits

cherry picked from commit 1af46b450fa49c57d73764d66f267335ccd807e2

DVB: s5h1411: bugfix: Setting serial or parallel mode could destroy bits

Adding a serialmode function to read/and/or/write the register for safety.

Signed-off-by: Steven Toth <stoth@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>