David S. Miller [Tue, 9 Dec 2008 08:10:11 +0000 (00:10 -0800)]
sungem: Make PCS PHY support partially work again.
As reported by Hermann Lauer, PCS PHY support in the sungem
driver simply doesn't work.
When the chip is reset due to open, or some other similar operation,
the PCS is reset too but we don't program it back into a running
state. The result is no link when the device is brought up.
This partially rectifies the situation for the moment, by kicking
the PCS after a sungem chip reset so that it will renegotiate and
be re-enabled again.
The behavior is still a little bit dodgy as the added renegotiate
make the link take some time after bringing the interface up,
but this is a significant improvement in that things actually work
now :-)
Based almost entirely upon an initial patch by Hermann.
Signed-off-by: David S. Miller <davem@davemloft.net>
Shaddy Baddah [Fri, 28 Nov 2008 06:10:45 +0000 (17:10 +1100)]
zd1211rw: use unaligned safe memcmp() in-place of compare_ether_addr()
Under my 2.6.28-rc6 sparc64, when associating to an AP through my
zd1211rw device, I was seeing kernel log messages like (not exact output):
Kernel unaligned access at TPC[10129b68] zd_mac_rx+0x144/0x32c [zd1211rw]
For the zd1211rw module, on RX, the 80211 packet will be located after
the PLCP header in the skb data buffer. The PLCP header being 5 bytes
long, the 80211 header will start unaligned from an aligned skb
buffer.
As per Documentation/unaligned-memory-access.txt, we must replace the
not unaligned() safe compare_ether_addr() with memcmp() to protect
architectures that require alignment.
Signed-off-by: Shaddy Baddah <shaddy_baddah@hotmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Shaddy Baddah [Fri, 28 Nov 2008 06:08:10 +0000 (17:08 +1100)]
mac80211: use unaligned safe memcmp() in-place of compare_ether_addr()
After fixing zd1211rw: use unaligned safe memcmp() in-place of
compare_ether_addr(), I started to see kernel log messages detailing
unaligned access:
Kernel unaligned access at TPC[100f7f44] sta_info_get+0x24/0x68 [mac80211]
As with the aforementioned patch, the unaligned access was eminating
from a compare_ether_addr() call. Concerned that whilst it was safe to
assume that unalignment was the norm for the zd1211rw, and take
preventative measures, it may not be the case or acceptable to use the
easy fix of changing the call to memcmp().
My research however indicated that it was OK to do this, as there are
a few instances where memcmp() is the preferred mechanism for doing
mac address comparisons throughout the module.
Signed-off-by: Shaddy Baddah <shaddy_baddah@hotmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Zhu Yi [Thu, 27 Nov 2008 05:42:20 +0000 (13:42 +0800)]
ipw2200: fix netif_*_queue() removal regression
In "ipw2200: Call netif_*_queue() interfaces properly", netif_stop_queue()
and netif_wake_queue() were removed with the reason
"netif_carrier_{on,off}() handles starting and stopping packet flow into
the driver". The patch also removes a valid condition check that
ipw_tx_skb() cannot be called if device is not in STATUS_ASSOCIATED state.
But netif_carrier_off() doesn't guarantee netdev->hard_start_xmit won't
be called because linkwatch event is handled in a delayed workqueue. This
caused a kernel oops reported by Frank Seidel:
https://bugzilla.novell.com/show_bug.cgi?id=397390
This patch fixes the problem by moving the STATUS_ASSOCIATED check back
to ipw_tx_skb(). It also adds a missing netif_carrier_off() call to
ipw_disassociate().
Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: Chatre, Reinette <reinette.chatre@intel.com> Tested-by: Frank Seidel <fseidel@suse.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tomas Winkler [Tue, 25 Nov 2008 21:29:03 +0000 (23:29 +0200)]
iwlwifi: clean key table in iwl_clear_stations_table function
This patch cleans uCode key table bit map iwl_clear_stations_table
since all stations are cleared also the key table must be.
Since the keys are not removed properly on suspend by mac80211
this may result in exhausting key table on resume leading
to memory corruption during removal
This patch also fixes a memory corruption problem reported in
http://marc.info/?l=linux-wireless&m=122641417231586&w=2 and tracked in
http://bugzilla.kernel.org/show_bug.cgi?id=12040.
When the key is removed a second time the offset is set to 255 - this
index is not valid for the ucode_key_table and corrupts the eeprom pointer
(which is 255 bits from ucode_key_table).
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Reported-by: Carlos R. Mafra <crmafra2@gmail.com> Reported-by: Lukas Hejtmanek <xhejtman@ics.muni.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Doug Leith [Fri, 5 Dec 2008 01:17:18 +0000 (17:17 -0800)]
tcp: tcp_vegas ssthresh bug fix
This patch fixes a bug in tcp_vegas.c. At the moment this code leaves
ssthresh untouched. However, this means that the vegas congestion
control algorithm is effectively unable to reduce cwnd below the
ssthresh value (if the vegas update lowers the cwnd below ssthresh,
then slow start is activated to raise it back up). One example where
this matters is when during slow start cwnd overshoots the link
capacity and a flow then exits slow start with ssthresh set to a value
above where congestion avoidance would like to adjust it.
Signed-off-by: Doug Leith <doug.leith@nuim.ie> Signed-off-by: David S. Miller <davem@davemloft.net>
Chas Williams [Thu, 4 Dec 2008 22:58:13 +0000 (14:58 -0800)]
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
As reported by Hugo Dias that it is possible to cause a local denial
of service attack by calling the svc_listen function twice on the same
socket and reading /proc/net/atm/*vc
Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
The spinlock used in the netx-eth driver was never properly initialized.
This was noticed using CONFIG_DEBUG_SPINLOCK=y
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Acked-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Ilpo Järvinen [Thu, 4 Dec 2008 05:24:48 +0000 (21:24 -0800)]
tcp: make urg+gso work for real this time
I should have noticed this earlier... :-) The previous solution
to URG+GSO/TSO will cause SACK block tcp_fragment to do zig-zig
patterns, or even worse, a steep downward slope into packet
counting because each skb pcount would be truncated to pcount
of 2 and then the following fragments of the later portion would
restore the window again.
Basically this reverts "tcp: Do not use TSO/GSO when there is
urgent data" (33cf71cee1). It also removes some unnecessary code
from tcp_current_mss that didn't work as intented either (could
be that something was changed down the road, or it might have
been broken since the dawn of time) because it only works once
urg is already written while this bug shows up starting from
~64k before the urg point.
The retransmissions already are split to mss sized chunks, so
only new data sending paths need splitting in case they have
a segment otherwise suitable for gso/tso. The actually check
can be improved to be more narrow but since this is late -rc
already, I'll postpone thinking the more fine-grained things.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Baruch Siach [Tue, 2 Dec 2008 05:07:01 +0000 (05:07 +0000)]
enc28j60: Fix sporadic packet loss (corrected again)
Packet data read from the RX buffer the when the RSV is at the end of the RX
buffer does not warp around. This causes packet loss, as the actual data is
never read. Fix this by calculating the right packet data location.
Thanks to Shachar Shemesh for suggesting the fix.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Acked-by: Claudio Lanconelli <lanconelli.claudio@eptar.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Pascal Terjan [Mon, 1 Dec 2008 12:24:25 +0000 (12:24 +0000)]
hysdn: fix writing outside the field on 64 bits
ifa_local is assumed to be unsigned long which lead to writing the address
at dev->dev_addr-2 instead of +2
noticed thanks to gcc:
drivers/isdn/hysdn/hysdn_net.c: In function `net_open':
drivers/isdn/hysdn/hysdn_net.c:91: warning: array subscript is below array bounds
Signed-off-by: Pascal Terjan <pterjan@mandriva.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Wilfried Klaebe [Thu, 4 Dec 2008 04:57:19 +0000 (20:57 -0800)]
b1isa: fix b1isa_exit() to really remove registered capi controllers
On "/etc/init.d/capiutils stop", this oops happened.
The oops happens on reading /proc/capi/controllers because
capi_ctrl->procinfo is called for the wrongly not unregistered
controller, which points to b1isa_procinfo(), which was removed on
module unload.
b1isa_exit() did not call b1isa_remove() for its controllers because
io[0] == 0 on module unload despite having been 0x340 on module load.
Besides, just removing the controllers that where added on module
load time and not those that were added later via b1isa_add_card() is
wrong too - the place where all added cards are found is isa_dev[].
relevant dmesg lines:
[ 0.000000] Linux version 2.6.27.4 (w@shubashi) (gcc version 4.3.2 (Debian 4.3.2-1) ) #3 Thu Oct 30 16:49:03 CET 2008
[ 67.403555] CAPI Subsystem Rev 1.1.2.8
[ 68.529154] capifs: Rev 1.1.2.3
[ 68.563292] capi20: Rev 1.1.2.7: started up with major 68 (middleware+capifs)
[ 77.026936] b1: revision 1.1.2.2
[ 77.049992] b1isa: revision 1.1.2.3
[ 77.722655] kcapi: Controller [001]: b1isa-340 attached
[ 77.722671] b1isa: AVM B1 ISA at i/o 0x340, irq 5, revision 255
[ 81.272669] b1isa-340: card 1 "B1" ready.
[ 81.272683] b1isa-340: card 1 Protocol: DSS1
[ 81.272689] b1isa-340: card 1 Linetype: point to multipoint
[ 81.272695] b1isa-340: B1-card (3.11-03) now active
[ 81.272702] kcapi: card [001] "b1isa-340" ready.
Signed-off-by: Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Karsten Keil <kkeil@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Oliver Hartkopp [Wed, 3 Dec 2008 23:52:35 +0000 (15:52 -0800)]
can: Fix CAN_(EFF|RTR)_FLAG handling in can_filter
Due to a wrong safety check in af_can.c it was not possible to filter
for SFF frames with a specific CAN identifier without getting the
same selected CAN identifier from a received EFF frame also.
This fix has a minimum (but user visible) impact on the CAN filter
API and therefore the CAN version is set to a new date.
Indeed the 'old' API is still working as-is. But when now setting
CAN_(EFF|RTR)_FLAG in can_filter.can_mask you might get less traffic
than before - but still the stuff that you expected to get for your
defined filter ...
Thanks to Kurt Van Dijck for pointing at this issue and for the review.
Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Acked-by: Kurt Van Dijck <kurt.van.dijck@eia.be> Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Wed, 3 Dec 2008 08:36:15 +0000 (00:36 -0800)]
bnx2: Add workaround to handle missed MSI.
The bnx2 chips do not support per MSI vector masking. On 5706/5708, new MSI
address/data are stored only when the MSI enable bit is toggled. As a result,
SMP affinity no longer works in the latest kernel. A more serious problem is
that the driver will no longer receive interrupts when the MSI receiving CPU
goes offline.
The workaround in this patch only addresses the problem of CPU going offline.
When that happens, the driver's timer function will detect that it is making
no forward progress on pending interrupt events and will recover from it.
Eric Dumazet reported the problem.
We also found that if an interrupt is internally asserted while MSI and INTA
are disabled, the chip will end up in the same state after MSI is re-enabled.
The same workaround is needed for this problem.
Signed-off-by: Michael Chan <mchan@broadcom.com> Tested-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
[WATCHDOG] hpwdt: Fix kdump when using hpwdt
[WATCHDOG] hpwdt: set the mapped BIOS address space as executable
[WATCHDOG] iTCO_wdt: add PCI ID's for ICH9 & ICH10 chipsets
[WATCHDOG] iTCO_wdt : correct status clearing
[WATCHDOG] iTCO_wdt : problem with rebooting on new ICH9 based motherboards
[WATCHDOG] fix mtx1_wdt compilation failure
Linus Torvalds [Tue, 2 Dec 2008 23:56:55 +0000 (15:56 -0800)]
Merge branch 'linux-next' of git://git.infradead.org/ubifs-2.6
* 'linux-next' of git://git.infradead.org/ubifs-2.6:
UBIFS: pre-allocate bulk-read buffer
UBIFS: do not allocate too much
UBIFS: do not print scary memory allocation warnings
UBIFS: allow for gaps when dirtying the LPT
UBIFS: fix compilation warnings
MAINTAINERS: change UBI/UBIFS git tree URLs
UBIFS: endian handling fixes and annotations
UBIFS: remove printk
Linus Torvalds [Tue, 2 Dec 2008 23:56:17 +0000 (15:56 -0800)]
Merge branch 'kvm-updates/2.6.28' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm
* 'kvm-updates/2.6.28' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm:
KVM: MMU: avoid creation of unreachable pages in the shadow
KVM: ppc: stop leaking host memory on VM exit
KVM: MMU: fix sync of ptes addressed at owner pagetable
KVM: ia64: Fix: Use correct calling convention for PAL_VPS_RESUME_HANDLER
KVM: ia64: Fix incorrect kbuild CFLAGS override
KVM: VMX: Fix interrupt loss during race with NMI
KVM: s390: Fix problem state handling in guest sigp handler
Linus Torvalds [Tue, 2 Dec 2008 23:53:41 +0000 (15:53 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k: Update defconfigs for 2.6.28-rc7
macfb: Do not overflow fb_fix_screeninfo.id
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] stex: switch to block timeout
[SCSI] make scsi_eh_try_stu use block timeout
[SCSI] megaraid_sas: switch to block timeout
[SCSI] ibmvscsi: switch to block timeout
[SCSI] aacraid: switch to block timeout
[SCSI] zfcp: prevent double decrement on host_busy while being busy
[SCSI] zfcp: fix deadlock between wq triggered port scan and ERP
[SCSI] zfcp: eliminate race between validation and locking
[SCSI] zfcp: verify for correct rport state before scanning for SCSI devs
[SCSI] zfcp: returning an ERR_PTR where a NULL value is expected
[SCSI] zfcp: Fix opening of wka ports
[SCSI] zfcp: fix remote port status check
[SCSI] fc_transport: fix old bug on bitflag definitions
[SCSI] Fix hang in starved list processing
Mark Salter [Tue, 2 Dec 2008 14:38:09 +0000 (14:38 +0000)]
MN10300: Fix application of kernel module relocations
This fixes the MN10300 kernel module linking to match the toolchain. RELA
relocs don't use the value at the location being relocated. This has been
working because the tools always leave the value at the target location
cleared.
Signed-off-by: Mark Salter <msalter@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dean Nelson [Tue, 2 Dec 2008 14:06:01 +0000 (08:06 -0600)]
sgi-gru: call fs_initcall() if statically linked
If xpc.ko and gru.ko are both statically linked into the kernel, then
xpc_init() can get called before gru_init() and make a call to one of the
gru's exported functions before the gru has initialized itself. The end
result is a NULL dereference.
Signed-off-by: Dean Nelson <dcn@sgi.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kumar Gala [Tue, 2 Dec 2008 19:37:01 +0000 (13:37 -0600)]
powerpc: Use physical cpu id when setting the processor affinity
In the CONFIG_SMP case the irq_choose_cpu() code was returning back
a logical cpu id not the physical id. We were writing that directly
into the HW register.
We need to be calling get_hard_smp_processor_id() so irq_choose_cpu()
always returns a physical cpu id.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rik van Riel [Tue, 2 Dec 2008 18:31:52 +0000 (10:31 -0800)]
vmscan: evict streaming IO first
Count the insertion of new pages in the statistics used to drive the
pageout scanning code. This should help the kernel quickly evict
streaming file IO.
We count on the fact that new file pages start on the inactive file LRU
and new anonymous pages start on the active anon list. This means
streaming file IO will increment the recent scanned file statistic, while
leaving the recent rotated file statistic alone, driving pageout scanning
to the file LRUs.
Kay Sievers [Tue, 2 Dec 2008 18:31:50 +0000 (10:31 -0800)]
bdi: register sysfs bdi device only once per queue
Devices which share the same queue, like floppies and mtd devices, get
registered multiple times in the bdi interface, but bdi accounts only the
last registered device of the devices sharing one queue.
On remove, all earlier registered devices leak, stay around in sysfs, and
cause "duplicate filename" errors if the devices are re-created.
This prevents the creation of multiple bdi interfaces per queue, and the
bdi device will carry the dev_t name of the block device which is the
first one registered, of the pool of devices using the same queue.
[akpm@linux-foundation.org: add a WARN_ON so we know which drivers are misbehaving] Tested-by: Peter Korsgaard <jacmet@sunsite.dk> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Kay Sievers <kay.sievers@vrfy.org> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The previous patch from Alan Cox ("nfsd: fix vm overcommit crash",
commit 731572d39fcd3498702eda4600db4c43d51e0b26) fixed the problem where
knfsd crashes on exported shmemfs objects and strict overcommit is set.
But the patch forgot supporting the case when CONFIG_SECURITY is
disabled.
This patch copies a part of his fix which is mainly for detecting a bug
earlier.
Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Junjiro R. Okajima <hooanon05@yahoo.co.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
amd74xx: workaround unreliable AltStatus register for nVidia controllers
It seems that on some nVidia controllers using AltStatus register
can be unreliable so default to Status register if the PCI device
is in Compatibility Mode. In order to achieve this:
* Add ide_pci_is_in_compatibility_mode() inline helper to <linux/ide.h>.
* Add IDE_HFLAG_BROKEN_ALTSTATUS host flag and set it in amd74xx host
driver for nVidia controllers in Compatibility Mode.
* Teach actual_try_to_identify() and drive_is_ready() about the new flag.
This fixes the regression caused by removal of CONFIG_IDEPCI_SHARE_IRQ
config option in 2.6.25 and using AltStatus register unconditionally when
available (kernel.org bugs #11659 and #10216).
[ Moreover for CONFIG_IDEPCI_SHARE_IRQ=y (which is what most people
and distributions use) it never worked correctly. ]
Thanks to Remy LABENE and Lars Winterfeld for help with debugging the problem.
More info at:
http://bugzilla.kernel.org/show_bug.cgi?id=11659
http://bugzilla.kernel.org/show_bug.cgi?id=10216
Finn Thain [Tue, 18 Nov 2008 19:40:40 +0000 (20:40 +0100)]
macfb: Do not overflow fb_fix_screeninfo.id
Don't overflow the 16-character fb_fix_screeninfo id string (fixes some
console erasing and blanking artifacts). Have the ID default to "Unknown"
on machines with no built-in video and no nubus devices. Check for
fb_alloc_cmap failure.
Signed-off-by: Finn Thain <fthain@telegraphics.com.au> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Linus Torvalds [Tue, 2 Dec 2008 03:56:34 +0000 (19:56 -0800)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6: (25 commits)
em28xx: remove backward compat macro added on a previous fix
V4L/DVB (9748): em28xx: fix compile warning
V4L/DVB (9743): em28xx: fix oops audio
V4L/DVB (9742): em28xx-alsa: implement another locking schema
V4L/DVB (9732): sms1xxx: use new firmware for Hauppauge WinTV MiniStick
V4L/DVB (9691): gspca: Move the video device to a separate area.
V4L/DVB (9690): gspca: Lock the subdrivers via module_get/put.
V4L/DVB (9689): gspca: Memory leak when disconnect while streaming.
V4L/DVB (9668): em28xx: fix a race condition with hald
V4L/DVB (9664): af9015: don't reconnect device in USB-bus
V4L/DVB (9647): em28xx: void having two concurrent control URB's
V4L/DVB (9646): em28xx: avoid allocating/dealocating memory on every control urb
V4L/DVB (9645): em28xx: Avoid memory leaks if registration fails
V4L/DVB (9639): Make dib0700 remote control support work with firmware v1.20
V4L/DVB (9635): v4l: s2255drv fix firmware test on big-endian
V4L/DVB (9634): Make sure the i2c gate is open before powering down tuner
V4L/DVB (9632): make em28xx aux audio input work
V4L/DVB (9631): Make s2api work for ATSC support
V4L/DVB (9627): em28xx: Avoid i2c register error for boards without eeprom
V4L/DVB (9608): Fix section mismatch warning for dm1105 during make
...
Andrew Morton [Mon, 1 Dec 2008 21:14:08 +0000 (13:14 -0800)]
drivers/gpu/drm/i915/i915_irq.c: fix warning
drivers/gpu/drm/i915/i915_irq.c: In function 'i915_disable_pipestat':
drivers/gpu/drm/i915/i915_irq.c:101: warning: control may reach end of non-void function 'i915_pipestat' being inlined
Cc: Dave Airlie <airlied@linux.ie> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jarkko Lavinen [Mon, 1 Dec 2008 21:14:08 +0000 (13:14 -0800)]
i82875p_edac: fix module remove
Fix module removal bugs of i82875p_edac. Also i82975x_edac code seems to
have the same module removal bugs as in i82875p_edac.
The problems were:
1. In module removal i82875p_remove_one() is never called.
Variable i82875p_registered is newer changed from 1, which
guarantees i82875p_remove_one() is not called (and even if it were
called, it would be called in wrong order).
As a result, the edac_mc workque is not stopped and keeps probing.
If kernel debugging options are not enabled, user may not notice
anything going wrong.
if debugging options are enabled and I do "rmmod i82875p_edac", I
get:
Fix for this is to get rid of needles variable i82875p_registered
altogether and run i82875p_remove_one() *before*
pci_unregister_driver().
2. edac_mc_del_mc() uses mci after freeing mci
edac_mc_del_mc() calls calls edac_remove_sysfs_mci_device(). The
kobject refcount of mci drops to 0 and mci is freed. After this
mci is accessed via debug print and i82875p_remove_one() still
uses mci->pvt and tries to free mci again with edac_mc_free().
The fix for this is add kobject_get(&mci->edac_mci_kobj) after
edac_mc_alloc(). Then the mci is still available after returning
from edac_mc_del_mc() with refcount 1, and mci->pvt is still
available. When i82875p_remove_one() finally calls edac_mc_free(),
this will cause kobject_put() and mci is released properly.
Signed-off-by: Jarkko Lavinen <jlavi@iki.fi> Cc: Doug Thompson <norsk5@yahoo.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jarkko Lavinen [Mon, 1 Dec 2008 21:14:06 +0000 (13:14 -0800)]
i82875p_edac: fix overflow device resource setup
When I do "modprobe i82875p_edac" on my Asus P4C800 MB on kernels 2.6.26
or later, the module load fails due to BAR 0 collision. On 2.6.25 the
module loads just fine.
The overflow device on the MB seems to be hidden and its resources are not
allocated at normal PCI bus init. Log shows the missing resource problem:
EDAC DEBUG: i82875p_probe1()
PCI: 0000:00:06.0 reg 10 32bit mmio: [fecf0000, fecf0fff]
pci 0000:00:06.0: device not available because of BAR 0
[0xfecf0000-0xfecf0fff] collisions
EDAC i82875p: i82875p_setup_overfl_dev(): Failed to enable overflow
device
The patch below fixes this by calling pci_bus_assign_resources() after
the overflow device is revealed and added to the bus. With this patch
I am again able to load and use the module.
Signed-off-by: Jarkko Lavinen <jlavi@iki.fi> Cc: Doug Thompson <norsk5@yahoo.com> Cc: Jesse Barnes <jbarnes@virtuousgeek.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The commit aef7db4bd5a3b6068dfa05919a3d685199eed116 fixed the problem with
recursive locking in fb blanking code if blank is caused by user setting
the /sys/class/graphics/fb*/blank. However this broke the fbcon timeout
blanking.
If you use a driver that defines ->fb_blank operation and at the same time
that driver relies on other driver (e.g. backlight or lcd class) to blank
the screen, when the fbcon times out and tries to blank the fb, it will
call only fb driver blanker and won't notify the other driver. Thus FB
output is disabled, but the screen isn't blanked.
Restore fbcon blanking and at the same time apply the proper fix for the
above problem: if fbcon_blank is called with FBINFO_FLAG_USEREVENT, we are
already called through notification from fb_blank, thus we don't have to
blank the fb again.
Randy Dunlap [Mon, 1 Dec 2008 21:14:04 +0000 (13:14 -0800)]
ntfs: don't fool kernel-doc
kernel-doc handles macros now (it has for quite some time), so change the
ntfs_debug() macro's kernel-doc to be just before the macro instead of
before a phony function prototype.
[akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Anton Altaparmakov <aia21@cantab.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Randy Dunlap [Mon, 1 Dec 2008 21:14:03 +0000 (13:14 -0800)]
kernel-doc: handle varargs cleanly
The method for listing varargs in kernel-doc notation is:
* @...: these arguments are printed by the @fmt argument
but scripts/kernel-doc is confused: it always lists varargs as:
... variable arguments
and ignores the @...: line's description, but then prints that
line after the list of function parameters as though it's
not part of the function parameters.
This patch makes kernel-doc print the supplied @... description if it is
present; otherwise a boilerplate "variable arguments" is printed.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Mon, 1 Dec 2008 21:14:00 +0000 (13:14 -0800)]
frv: fix mmap2 error handling
Fix the error handling in sys_mmap2(). Currently, if the pgoff check
fails, fput() might have to be called (which it isn't), so do the pgoff
check first, before fget() is called.
Signed-off-by: David Howells <dhowells@redhat.com> Reported-by: Julia Lawall <julia@diku.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The description for 'D' was missing in the comment... (causing me a
minute of WTF followed by looking at more of the code)
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
radeonfb: fix problem with color expansion & alignment
The engine on some radeon variants locks up if color expansion is called
for non aligned source data. This patch enables a feature of the core
fbdev to request aligned input pixmaps and uses the HW clipping engine to
clip the output to the requested size
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Tested-by: James Cloos <cloos@jhcloos.com> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Cc: "David S. Miller" <davem@davemloft.net> Cc: Krzysztof Helt <krzysztof.h1@poczta.fm> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ben Dooks [Mon, 1 Dec 2008 21:13:56 +0000 (13:13 -0800)]
spi: fix spi_s3c24xx_gpio device handle lookup
The spidev_to_sg() call in spi_s3c24xx_gpio.c was using the wrong method
to convert the spi device into the private data for the driver. Fix this
by using spi_master_get_devdata.
Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jan Nikitenko [Mon, 1 Dec 2008 21:13:56 +0000 (13:13 -0800)]
spi: au1550_spi full duplex dma fix
Fix unsafe order in dma mapping operation: always flush data from the
cache *BEFORE* invalidating it, to allow full duplex transfers where the
same buffer may be used for both writes and reads. Tested with mmc-spi.
Signed-off-by: Jan Nikitenko <jan.nikitenko@gmail.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Davide Libenzi [Mon, 1 Dec 2008 21:13:55 +0000 (13:13 -0800)]
epoll: introduce resource usage limits
It has been thought that the per-user file descriptors limit would also
limit the resources that a normal user can request via the epoll
interface. Vegard Nossum reported a very simple program (a modified
version attached) that can make a normal user to request a pretty large
amount of kernel memory, well within the its maximum number of fds. To
solve such problem, default limits are now imposed, and /proc based
configuration has been introduced. A new directory has been created,
named /proc/sys/fs/epoll/ and inside there, there are two configuration
points:
max_user_instances = Maximum number of devices - per user
max_user_watches = Maximum number of "watched" fds - per user
The current default for "max_user_watches" limits the memory used by epoll
to store "watches", to 1/32 of the amount of the low RAM. As example, a
256MB 32bit machine, will have "max_user_watches" set to roughly 90000.
That should be enough to not break existing heavy epoll users. The
default value for "max_user_instances" is set to 128, that should be
enough too.
This also changes the userspace, because a new error code can now come out
from EPOLL_CTL_ADD (-ENOSPC). The EMFILE from epoll_create() was already
listed, so that should be ok.
[akpm@linux-foundation.org: use get_current_user()] Signed-off-by: Davide Libenzi <davidel@xmailserver.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: <stable@kernel.org> Cc: Cyrill Gorcunov <gorcunov@gmail.com> Reported-by: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Stefano Babic [Mon, 1 Dec 2008 21:13:53 +0000 (13:13 -0800)]
spi: mpc52xx_psc_spi chipselect bugfix
According to the manual the "tdfOnExit" flag must be set on the last byte
we want to send. The PSC controller holds SS low until the flag is set.
However, the flag was set always on the last byte of the FIFO,
independently if it is the last byte of the transfer. This generates
spurious toggling of the SS signals that breaks the protocol of some
peripherals. Fix.
Signed-off-by: Stefano Babic <sbabic@denx.de> Acked-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Takashi Iwai [Mon, 1 Dec 2008 21:13:49 +0000 (13:13 -0800)]
parport_serial: fix array overflow
The netmos_9xx5_combo type assumes that PCI SSID provides always the
correct value for the number of parallel and serial ports, but there are
indeed broken devices with wrong numbers, which may result in Oops.
This patch simply adds the check of the array range.
While memory hotplug allocate/free memmap, page_cgroup doesn't free
page_cgroup at OFFLINE when page_cgroup is allocated via bootomem.
(Because freeing bootmem requires special care.)
Then, if page_cgroup is allocated by bootmem and memmap is freed/allocated
by memory hotplug, page_cgroup->page == page is no longer true.
But current MEM_ONLINE handler doesn't check it and update
page_cgroup->page if it's not necessary to allocate page_cgroup. (This
was not found because memmap is not freed if SPARSEMEM_VMEMMAP is y.)
And I noticed that MEM_ONLINE can be called against "part of section".
So, freeing page_cgroup at CANCEL_ONLINE will cause trouble. (freeing
used page_cgroup) Don't rollback at CANCEL.
One more, current memory hotplug notifier is stopped by slub because it
sets NOTIFY_STOP_MASK to return vaule. So, page_cgroup's callback never
be called. (low priority than slub now.)
I think this slub's behavior is not intentional(BUG). and fixes it.
Another way to be considered about page_cgroup allocation:
- free page_cgroup at OFFLINE even if it's from bootmem
and remove specieal handler. But it requires more changes.
Nick Piggin [Mon, 1 Dec 2008 21:13:47 +0000 (13:13 -0800)]
mm: vmalloc fix lazy unmapping cache aliasing
Jim Radford has reported that the vmap subsystem rewrite was sometimes
causing his VIVT ARM system to behave strangely (seemed like going into
infinite loops trying to fault in pages to userspace).
We determined that the problem was most likely due to a cache aliasing
issue. flush_cache_vunmap was only being called at the moment the page
tables were to be taken down, however with lazy unmapping, this can happen
after the page has subsequently been freed and allocated for something
else. The dangling alias may still have dirty data attached to it.
The fix for this problem is to do the cache flushing when the caller has
called vunmap -- it would be a bug for them to write anything else to the
mapping at that point.
That appeared to solve Jim's problems.
Reported-by: Jim Radford <radford@blackbean.org> Signed-off-by: Nick Piggin <npiggin@suse.de> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 2 Dec 2008 02:56:55 +0000 (18:56 -0800)]
Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
ocfs2: fix regression in ocfs2_read_blocks_sync()
ocfs2: fix return value set in init_dlmfs_fs()
ocfs2: Small documentation update
ocfs2: fix wake_up in unlock_ast
ocfs2: initialize stack_user lvbptr
ocfs2: comments typo fix
Mark Fasheh [Fri, 21 Nov 2008 22:06:55 +0000 (14:06 -0800)]
ocfs2: fix regression in ocfs2_read_blocks_sync()
We're panicing in ocfs2_read_blocks_sync() if a jbd-managed buffer is seen.
At first glance, this seems ok but in reality it can happen. My test case
was to just run 'exorcist'. A struct inode is being pushed out of memory but
is then re-read at a later time, before the buffer has been checkpointed by
jbd. This causes a BUG to be hit in ocfs2_read_blocks_sync().
Reviewed-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mfasheh@suse.com>
Coly Li [Mon, 17 Nov 2008 04:38:22 +0000 (12:38 +0800)]
ocfs2: fix return value set in init_dlmfs_fs()
In init_dlmfs_fs(), if calling kmem_cache_create() failed, the code will use return value from
calling bdi_init(). The correct behavior should be set status as -ENOMEM before going to "bail:".
Signed-off-by: Coly Li <coyli@suse.de> Acked-by: Sunil Mushran <sunil.mushran@oracle.com> Signed-off-by: Mark Fasheh <mfasheh@suse.com>
Linus Torvalds [Mon, 1 Dec 2008 19:23:33 +0000 (11:23 -0800)]
Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata: blacklist Seagate drives which time out FLUSH_CACHE when used with NCQ
[libata] pata_rb532_cf: fix signature of the xfer function
[libata] pata_rb532_cf: fix and rename register definitions
ata_piix: add borked Tecra M4 to broken suspend list
Linus Torvalds [Mon, 1 Dec 2008 19:01:54 +0000 (11:01 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/mlx4: Fix MTT leakage in resize CQ
IB/ehca: Fix problem with generated flush work completions
IB/ehca: Change misleading error message on memory hotplug
mlx4_core: Save/restore default port IB capability mask
Tejun Heo [Thu, 27 Nov 2008 04:36:48 +0000 (13:36 +0900)]
libata: blacklist Seagate drives which time out FLUSH_CACHE when used with NCQ
Some recent Seagate harddrives have firmware bug which causes FLUSH
CACHE to timeout under certain circumstances if NCQ is being used.
This can be worked around by disabling NCQ and fixed by updating the
firmware. Implement ATA_HORKAGE_FIRMWARE_UPDATE and blacklist these
devices.
The wiki page has been updated to contain information on this issue.
http://ata.wiki.kernel.org/index.php/Known_issues
Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Phil Sutter [Fri, 28 Nov 2008 19:48:35 +0000 (20:48 +0100)]
[libata] pata_rb532_cf: fix signature of the xfer function
Per definition, this function should return the number of bytes
consumed. As the original parameter "buflen" is being decremented inside
the read/write loop, save it in "retlen" at the beginning.
Signed-off-by: Phil Sutter <n0-1@freewrt.org> Acked-by: Sergei Shtyltov <sshtylyov@ru.mvista.com> Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Acked-by: Florian Fainelli <florian@openwrt.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Phil Sutter [Fri, 28 Nov 2008 19:48:26 +0000 (20:48 +0100)]
[libata] pata_rb532_cf: fix and rename register definitions
The original standalone driver uses a custom address for the error
register. Use it in pata_rb532_cf, too.
Rename two register definitions:
- The address offset 0x0800 in fact is the ATA base, not ATA command
address.
- The offset 0x0C00 is not a regular ATA data address, but a buffered one
allowing 4-byte IO.
Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Tejun Heo [Sat, 29 Nov 2008 13:37:21 +0000 (22:37 +0900)]
ata_piix: add borked Tecra M4 to broken suspend list
Tecra M4 sometimes forget what it is and reports bogus data via DMI
which makes the machine evade broken suspend matching and thus fail
suspend/resume. This patch updates piix_broken_suspend() such that it
can match such case. As the borked DMI data is a bit generic,
matching many entries to make the match more specific is necessary.
As the usual DMI matching is limited to four entries, this patch uses
hard coded manual matching.
This is reported by Alexandru Romanescu.
Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Alexandru Romanescu <a_romanescu@yahoo.co.uk> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
When resizing a CQ, MTTs associated with the old CQE buffer were not
freed. As a result, if any app used resize CQ repeatedly, all MTTs
were eventually exhausted, which led to all memory registration
operations failing until the driver is reloaded.
Once the RESIZE_CQ command returns successfully from FW, FW no longer
accesses the old CQ buffer, so it is safe to deallocate the MTT
entries used by the old CQ buffer.
Finally, if the RESIZE_CQ command fails, the MTTs allocated for the
new CQEs buffer also need to be de-allocated.
This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=1416>.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Stefan Roscher [Mon, 1 Dec 2008 18:05:50 +0000 (10:05 -0800)]
IB/ehca: Fix problem with generated flush work completions
This fix enables ehca device driver to generate flush work completions
even if the application doesn't request completions for all work
requests. The current implementation of ehca will generate flush work
completions for the wrong work requests if an application uses non
signaled work completions.
Signed-off-by: Stefan Roscher <stefan.roscher@de.ibm.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Joachim Fenkes [Mon, 1 Dec 2008 18:05:44 +0000 (10:05 -0800)]
IB/ehca: Change misleading error message on memory hotplug
The error message printed when the eHCA driver prevents memory hotplug
is misleading -- the user might think that hot-removing the lhca,
hotplugging memory, then hot-adding the lhca again will work, but it
actually doesn't.
Signed-off-by: Joachim Fenkes <fenkes@de.ibm.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Linus Torvalds [Mon, 1 Dec 2008 17:34:23 +0000 (09:34 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
ieee1394: sbp2: fix race condition in state change
ieee1394: fix list corruption (reported at module removal)
firewire: fw-sbp2: another iPod mini quirk entry
ieee1394: sbp2: another iPod mini quirk entry
James Bottomley [Sun, 30 Nov 2008 16:32:26 +0000 (10:32 -0600)]
[SCSI] make scsi_eh_try_stu use block timeout
scsi_eh_try_stu() was still using the timeout parameter in the device
which is now not set (i.e. zero filled) meaning that it waited no time
at all for the start unit command to complete (leading the routine to
conclude failure every time). This lead to a 2.6.27 regression:
http://bugzilla.kernel.org/show_bug.cgi?id=12120
Where firewire devices that were non spec compliant wouldn't spin up.
Fix this by using the block queue timeout value instead.
Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
James Bottomley [Sun, 30 Nov 2008 16:27:51 +0000 (10:27 -0600)]
[SCSI] megaraid_sas: switch to block timeout
megaraid_sas sets the timeout in its slave configure routine for devices
on special channels. This now needs to update the request queue timeout
in block.
Cc: "Yang, Bo" <Bo.Yang@lsi.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Linus Torvalds [Mon, 1 Dec 2008 16:33:59 +0000 (08:33 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: Apple ALU wireless keyboards are bluetooth devices
HID: remove setup mutex, fix possible deadlock
HID: add USB ID for another dual gameron adapter
HID: unignore mouse on unibody macbooks
HID: fix blacklist entries for greenasia/pantherlord
Kevin Hao [Mon, 1 Dec 2008 11:36:16 +0000 (11:36 +0000)]
Add kref to fake tty used by USB console
We alloc a fake tty in usb serial console setup function. we should
init the tty's kref otherwise we will face WARN_ON after following
invoke of tty_port_tty_set --> tty_kref_get.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Will Newton [Mon, 1 Dec 2008 11:36:06 +0000 (11:36 +0000)]
drivers/char/tty_io.c: Avoid panic when no console is configured.
When no console is configured tty_open tries to call kref_get on a NULL
pointer, return ENODEV instead.
Signed-off-by: Will Newton <will.newton@gmail.com> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Swen Schillig [Thu, 27 Nov 2008 10:44:07 +0000 (11:44 +0100)]
[SCSI] zfcp: prevent double decrement on host_busy while being busy
The zfcp_scsi_queuecommand was not acting according to the standard
when the respective unit was not available. In this case an -EBUSY was
returned, which is not valid in itself, and in addition scsi_done
was called. This combination is not allowed and was leading to a
double finish of the request and therefor double decrement of the
host_busy counter.
Swen Schillig [Wed, 26 Nov 2008 17:07:40 +0000 (18:07 +0100)]
[SCSI] zfcp: fix deadlock between wq triggered port scan and ERP
Waiting for the ERP to be finished in a task running in the global
kernel work-queue is a bad idea, especially if the ERP needs to run
another job in this work-queue before it can finish. -> deadlock.
This patch removes the necessity to wait for a finished ERP from the
scan task and moves the job scheduling to the end of the ERP.
Swen Schillig [Wed, 26 Nov 2008 17:07:39 +0000 (18:07 +0100)]
[SCSI] zfcp: eliminate race between validation and locking
The check of having a valid pointer was performed before the
processing was secured by the lock. Between those two steps the
pointer can turn invalid. During further processing another value is
used (referenced by the pointer described above) as a function pointer
which is never verified to be valid either, resulting under some
circumstances in an invalid function call. This patch is fixing both
issues.