OSDN Git Service
Davide Libenzi [Fri, 25 Feb 2011 22:44:12 +0000 (14:44 -0800)]
epoll: prevent creating circular epoll structures
In several places, an epoll fd can call another file's ->f_op->poll()
method with ep->mtx held. This is in general unsafe, because that other
file could itself be an epoll fd that contains the original epoll fd.
The code defends against this possibility in its own ->poll() method using
ep_call_nested, but there are several other unsafe calls to ->poll
elsewhere that can be made to deadlock. For example, the following simple
program causes the call in ep_insert recursively call the original fd's
->poll, leading to deadlock:
#include <unistd.h>
#include <sys/epoll.h>
int main(void) {
int e1, e2, p[2];
struct epoll_event evt = {
.events = EPOLLIN
};
e1 = epoll_create(1);
e2 = epoll_create(2);
pipe(p);
epoll_ctl(e2, EPOLL_CTL_ADD, e1, &evt);
epoll_ctl(e1, EPOLL_CTL_ADD, p[0], &evt);
write(p[1], p, sizeof p);
epoll_ctl(e1, EPOLL_CTL_ADD, e2, &evt);
return 0;
}
On insertion, check whether the inserted file is itself a struct epoll,
and if so, do a recursive walk to detect whether inserting this file would
create a loop of epoll structures, which could lead to deadlock.
[nelhage@ksplice.com: Use epmutex to serialize concurrent inserts]
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Reported-by: Nelson Elhage <nelhage@ksplice.com>
Tested-by: Nelson Elhage <nelhage@ksplice.com>
Cc: <stable@kernel.org> [2.6.34+, possibly earlier]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jelle Martijn Kok [Fri, 25 Feb 2011 19:13:55 +0000 (11:13 -0800)]
RTC: fix typo in drivers/rtc/rtc-at91sam9.c
The member of the rtc_class_ops struct is called alarm_irq_enable and
not alarm_irq_enabled
CC: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Jelle Martijn Kok <jmkok@youcom.nl>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Anton Blanchard [Fri, 25 Feb 2011 15:33:17 +0000 (15:33 +0000)]
RxRPC: Allocate tokens with kzalloc to avoid oops in rxrpc_destroy
With slab poisoning enabled, I see the following oops:
Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6b6b73
...
NIP [
c0000000006bc61c] .rxrpc_destroy+0x44/0x104
LR [
c0000000006bc618] .rxrpc_destroy+0x40/0x104
Call Trace:
[
c0000000feb2bc00] [
c0000000006bc618] .rxrpc_destroy+0x40/0x104 (unreliable)
[
c0000000feb2bc90] [
c000000000349b2c] .key_cleanup+0x1a8/0x20c
[
c0000000feb2bd40] [
c0000000000a2920] .process_one_work+0x2f4/0x4d0
[
c0000000feb2be00] [
c0000000000a2d50] .worker_thread+0x254/0x468
[
c0000000feb2bec0] [
c0000000000a868c] .kthread+0xbc/0xc8
[
c0000000feb2bf90] [
c000000000020e00] .kernel_thread+0x54/0x70
We aren't initialising token->next, but the code in destroy_context relies
on the list being NULL terminated. Use kzalloc to zero out all the fields.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Anton Blanchard [Fri, 25 Feb 2011 15:33:02 +0000 (15:33 +0000)]
afs: Fix oops in afs_unlink_writeback
I'm seeing the following oops when testing afs:
Unable to handle kernel paging request for data at address 0x00000008
...
NIP [
c0000000003393b0] .afs_unlink_writeback+0x38/0xc0
LR [
c00000000033987c] .afs_put_writeback+0x98/0xec
Call Trace:
[
c00000000345f600] [
c00000000033987c] .afs_put_writeback+0x98/0xec
[
c00000000345f690] [
c00000000033ae80] .afs_write_begin+0x6a4/0x75c
[
c00000000345f790] [
c00000000012b77c] .generic_file_buffered_write+0x148/0x320
[
c00000000345f8d0] [
c00000000012e1b8] .__generic_file_aio_write+0x37c/0x3e4
[
c00000000345f9d0] [
c00000000012e2a8] .generic_file_aio_write+0x88/0xfc
[
c00000000345fa90] [
c0000000003390a8] .afs_file_write+0x10c/0x178
[
c00000000345fb40] [
c000000000188788] .do_sync_write+0xc4/0x128
[
c00000000345fcc0] [
c000000000189658] .vfs_write+0xe8/0x1d8
[
c00000000345fd70] [
c000000000189884] .SyS_write+0x68/0xb0
[
c00000000345fe30] [
c000000000008564] syscall_exit+0x0/0x40
afs_write_begin hits an error and calls afs_unlink_writeback. In there
we do list_del_init on an uninitialised list.
The patch below initialises ->link when creating the afs_writeback struct.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jesper Juhl [Wed, 23 Feb 2011 22:45:55 +0000 (23:45 +0100)]
regulator, mc13xxx: Remove pointless test for unsigned less than zero
The variable 'val' is a 'unsigned int', so it can never be less than zero.
This fact makes the "val < 0" part of the test done in BUG_ON() in
mc13xxx_regulator_get_voltage() rather pointles since it can never have
any effect.
This patch removes the pointless test.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Alberto Panizzo <maramaopercheseimorto@gmail.com>
Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Liam Girdwood <lrg@slimlogic.co.uk>
Mark Brown [Wed, 2 Feb 2011 20:17:22 +0000 (20:17 +0000)]
regulator: Fix warning with CONFIG_BUG disabled
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Liam Girdwood <lrg@slimlogic.co.uk>
Herton Ronaldo Krzesinski [Thu, 24 Feb 2011 18:18:07 +0000 (15:18 -0300)]
MAINTAINERS: Update email address
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andreas Herrmann [Thu, 24 Feb 2011 14:53:46 +0000 (15:53 +0100)]
x86 quirk: Fix polarity for IRQ0 pin2 override on SB800 systems
On some SB800 systems polarity for IOAPIC pin2 is wrongly
specified as low active by BIOS. This caused system hangs after
resume from S3 when HPET was used in one-shot mode on such
systems because a timer interrupt was missed (HPET signal is
high active).
For more details see:
http://marc.info/?l=linux-kernel&m=
129623757413868
Tested-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com>
Cc: Borislav Petkov <borislav.petkov@amd.com>
Cc: stable@kernel.org # 37.x, 32.x
LKML-Reference: <
20110224145346.GD3658@alberich.amd.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Felipe Balbi [Thu, 24 Feb 2011 08:36:53 +0000 (10:36 +0200)]
usb: musb: core: set has_tt flag
MUSB is a non-standard host implementation which
can handle all speeds with the same core. We need
to set has_tt flag after commit
d199c96d41d80a567493e12b8e96ea056a1350c1 (USB: prevent
buggy hubs from crashing the USB stack) in order for
MUSB HCD to continue working.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Cc: stable <stable@kernel.org>
Cc: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Michael Jones <michael.jones@matrix-vision.de>
Tested-by: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Rafael J. Wysocki [Thu, 24 Feb 2011 10:10:01 +0000 (11:10 +0100)]
PM: Make ACPI wakeup from S5 work again when CONFIG_PM_SLEEP is unset
Commit
074037e (PM / Wakeup: Introduce wakeup source objects and
event statistics (v3)) caused ACPI wakeup to only work if
CONFIG_PM_SLEEP is set, but it also worked for CONFIG_PM_SLEEP unset
before. This can be fixed by making device_set_wakeup_enable(),
device_init_wakeup() and device_may_wakeup() work in the same way
as before commit
074037e when CONFIG_PM_SLEEP is unset.
Reported-and-tested-by: Justin Maggard <jmaggard10@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Chris Wilson [Thu, 24 Feb 2011 09:42:52 +0000 (09:42 +0000)]
drm/i915: Fix unintended recursion in ironlake_disable_rc6
After disabling, we're meant to teardown the bo used for the contexts,
not recurse into ourselves again and preventing module unload.
Reported-and-tested-by: Ben Widawsky <bwidawsk@gmail.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Tejun Heo [Thu, 24 Feb 2011 08:56:32 +0000 (09:56 +0100)]
block: bd_link_disk_holder() should hold on to holder_dir
The new implementation of bd_link_disk_holder() added by
49731baa41d
(block: restore multiple bd_link_disk_holder() support) didn't get an
extra reference for the holder_dir kobject of the slave bdev; however,
bdev kills holder_dir on removal, not release, so if the slave bdev is
removed while there are holder links, the holder_dir will be destroyed
while there still are holder links, which leads to oops later when
bd_unlink_disk_order() tries to remove those links.
Make bd_link_disk_holder() grab an extra reference for the slave's
holder_dir and put it in bd_unlink_disk_holder().
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: "Hawrylewicz Czarnowski, Przemyslaw" <przemyslaw.hawrylewicz.czarnowski@intel.com>
Tested-by: "Hawrylewicz Czarnowski, Przemyslaw" <przemyslaw.hawrylewicz.czarnowski@intel.com>
Cc: Neil Brown <neilb@suse.de>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Miklos Szeredi [Thu, 24 Feb 2011 14:49:53 +0000 (15:49 +0100)]
mm: fix refcounting in swapon
Grab a reference to bdev before calling blkdev_get(), which expects
the refcount to be already incremented and either returns success or
decrements the refcount and returns an error.
The bug was introduced by
e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Miklos Szeredi [Thu, 24 Feb 2011 14:45:41 +0000 (15:45 +0100)]
block: fix refcounting in BLKBSZSET
Adam Kovari and others reported that disconnecting an USB drive with
an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
be triggered.
The BUG could be traced back to ioctl(BLKBSZSET), which would
erroneously decrement the refcount on the bdev. This is because
blkdev_get() expects the refcount to be already incremented and either
returns success or decrements the refcount and returns an error.
The bug was introduced by
e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().
This fixes
https://bugzilla.kernel.org/show_bug.cgi?id=29202
(and likely 29792 too)
Reported-by: Adam Kovari <kovariadam@gmail.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jacob Pan [Thu, 24 Feb 2011 00:07:26 +0000 (16:07 -0800)]
x86/mrst: Fix apb timer rating when lapic timer is used
Need to adjust the clockevent device rating for the structure
that will be registered with clockevent system instead of the
temporary structure.
Without this fix, APB timer rating will be higher than LAPIC
timer such that it can not be released later to be used as the
broadcast timer.
Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Alan Cox <alan@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
LKML-Reference: <
1298506046-439-1-git-send-email-jacob.jun.pan@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
J. R. Okajima [Wed, 23 Feb 2011 07:59:49 +0000 (16:59 +0900)]
Unlock vfsmount_lock in do_umount
By the commit
b3e19d9 2011-01-07 fs: scale mntget/mntput
vfsmount_lock was introduced around testing mnt_count.
Fix the mis-typed 'unlock'
Signed-off-by: J. R. Okajima <hooanon05@yahoo.co.jp>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
NeilBrown [Thu, 24 Feb 2011 06:26:41 +0000 (17:26 +1100)]
md: Fix - again - partition detection when array becomes active
Revert
b821eaa572fd737faaf6928ba046e571526c36c6
and
f3b99be19ded511a1bf05a148276239d9f13eefa
When I wrote the first of these I had a wrong idea about the
lifetime of 'struct block_device'. It can disappear at any time that
the block device is not open if it falls out of the inode cache.
So relying on the 'size' recorded with it to detect when the
device size has changed and so we need to revalidate, is wrong.
Rather, we really do need the 'changed' attribute stored directly in
the mddev and set/tested as appropriate.
Without this patch, a sequence of:
mknod / open / close / unlink
(which can cause a block_device to be created and then destroyed)
will result in a rescan of the partition table and consequence removal
and addition of partitions.
Several of these in a row can get udev racing to create and unlink and
other code can get confused.
With the patch, the rescan is only performed when needed and so there
are no races.
This is suitable for any stable kernel from 2.6.35.
Reported-by: "Wojcik, Krzysztof" <krzysztof.wojcik@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Cc: stable@kernel.org
NeilBrown [Thu, 24 Feb 2011 06:25:47 +0000 (17:25 +1100)]
Fix over-zealous flush_disk when changing device size.
There are two cases when we call flush_disk.
In one, the device has disappeared (check_disk_change) so any
data will hold becomes irrelevant.
In the oter, the device has changed size (check_disk_size_change)
so data we hold may be irrelevant.
In both cases it makes sense to discard any 'clean' buffers,
so they will be read back from the device if needed.
In the former case it makes sense to discard 'dirty' buffers
as there will never be anywhere safe to write the data. In the
second case it *does*not* make sense to discard dirty buffers
as that will lead to file system corruption when you simply enlarge
the containing devices.
flush_disk calls __invalidate_devices.
__invalidate_device calls both invalidate_inodes and invalidate_bdev.
invalidate_inodes *does* discard I_DIRTY inodes and this does lead
to fs corruption.
invalidate_bev *does*not* discard dirty pages, but I don't really care
about that at present.
So this patch adds a flag to __invalidate_device (calling it
__invalidate_device2) to indicate whether dirty buffers should be
killed, and this is passed to invalidate_inodes which can choose to
skip dirty inodes.
flusk_disk then passes true from check_disk_change and false from
check_disk_size_change.
dm avoids tripping over this problem by calling i_size_write directly
rathher than using check_disk_size_change.
md does use check_disk_size_change and so is affected.
This regression was introduced by commit
608aeef17a which causes
check_disk_size_change to call flush_disk, so it is suitable for any
kernel since 2.6.27.
Cc: stable@kernel.org
Acked-by: Jeff Moyer <jmoyer@redhat.com>
Cc: Andrew Patterson <andrew.patterson@hp.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: NeilBrown <neilb@suse.de>
Hugh Dickins [Thu, 24 Feb 2011 05:39:49 +0000 (21:39 -0800)]
mm: fix possible cause of a page_mapped BUG
Robert Swiecki reported a BUG_ON(page_mapped) from a fuzzer, punching
a hole with madvise(,, MADV_REMOVE). That path is under mutex, and
cannot be explained by lack of serialization in unmap_mapping_range().
Reviewing the code, I found one place where vm_truncate_count handling
should have been updated, when I switched at the last minute from one
way of managing the restart_addr to another: mremap move changes the
virtual addresses, so it ought to adjust the restart_addr.
But rather than exporting the notion of restart_addr from memory.c, or
converting to restart_pgoff throughout, simply reset vm_truncate_count
to 0 to force a rescan if mremap move races with preempted truncation.
We have no confirmation that this fixes Robert's BUG,
but it is a fix that's worth making anyway.
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Miklos Szeredi [Wed, 23 Feb 2011 12:49:47 +0000 (13:49 +0100)]
mm: prevent concurrent unmap_mapping_range() on the same inode
Michael Leun reported that running parallel opens on a fuse filesystem
can trigger a "kernel BUG at mm/truncate.c:475"
Gurudas Pai reported the same bug on NFS.
The reason is, unmap_mapping_range() is not prepared for more than
one concurrent invocation per inode. For example:
thread1: going through a big range, stops in the middle of a vma and
stores the restart address in vm_truncate_count.
thread2: comes in with a small (e.g. single page) unmap request on
the same vma, somewhere before restart_address, finds that the
vma was already unmapped up to the restart address and happily
returns without doing anything.
Another scenario would be two big unmap requests, both having to
restart the unmapping and each one setting vm_truncate_count to its
own value. This could go on forever without any of them being able to
finish.
Truncate and hole punching already serialize with i_mutex. Other
callers of unmap_mapping_range() do not, and it's difficult to get
i_mutex protection for all callers. In particular ->d_revalidate(),
which calls invalidate_inode_pages2_range() in fuse, may be called
with or without i_mutex.
This patch adds a new mutex to 'struct address_space' to prevent
running multiple concurrent unmap_mapping_range() on the same mapping.
[ We'll hopefully get rid of all this with the upcoming mm
preemptibility series by Peter Zijlstra, the "mm: Remove i_mmap_mutex
lockbreak" patch in particular. But that is for 2.6.39 ]
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Reported-by: Michael Leun <lkml20101129@newton.leun.net>
Reported-by: Gurudas Pai <gurudas.pai@oracle.com>
Tested-by: Gurudas Pai <gurudas.pai@oracle.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 24 Feb 2011 03:42:03 +0000 (19:42 -0800)]
Revert "Bluetooth: Enable USB autosuspend by default on btusb"
This reverts commit
556ea928f78a390fe16ae584e6433dff304d3014.
Jeff Chua reports that it can cause some bluetooth devices (he mentions
an Bluetooth Intermec scanner) to just stop responding after a while
with messages like
[ 4533.361959] btusb 8-1:1.0: no reset_resume for driver btusb?
[ 4533.361964] btusb 8-1:1.1: no reset_resume for driver btusb?
from the kernel. See also
https://bugzilla.kernel.org/show_bug.cgi?id=26182
for other reports.
Reported-by: Jeff Chua <jeff.chua.linux@gmail.com>
Reported-by: Andrew Meakovski <meako@bigmir.net>
Reported-by: Jim Faulkner <jfaulkne@ccs.neu.edu>
Acked-by: Greg KH <gregkh@suse.de>
Acked-by: Matthew Garrett <mjg@redhat.com>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Cc: stable@kernel.org (for 2.6.37)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Daniel Vetter [Tue, 22 Feb 2011 17:25:49 +0000 (18:25 +0100)]
drm/i915: fix corruptions on i8xx due to relaxed fencing
It looks like gen2 has a peculiar interleaved 2-row inter-tile
layout. Probably inherited from i81x which had 2kb tiles (which
naturally fit an even-number-of-tile-rows scheme to fit onto 4kb
pages). There is no other mention of this in any docs (also not
in the Intel internal documention according to Chris Wilson).
Problem manifests itself in corruptions in the second half of the
last tile row (if the bo has an odd number of tiles). Which can
only happen with relaxed tiling (introduced in
a00b10c360b35d6431a9).
So reject set_tiling calls that don't satisfy this constrain to
prevent broken userspace from causing havoc. While at it, also
check the size for newer chipsets.
LKML: https://lkml.org/lkml/2011/2/19/5
Reported-by: Indan Zupancic <indan@nul.nu>
Tested-by: Indan Zupancic <indan@nul.nu>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Shahar Havivi [Tue, 22 Feb 2011 04:41:11 +0000 (04:41 +0000)]
Added support for usb ethernet (0x0fe6, 0x9700)
The device is very similar to (0x0fe6, 0x8101),
And works well with dm9601 driver.
Signed-off-by: Shahar Havivi <shaharh@redhat.com>
Acked-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hayes Wang [Tue, 22 Feb 2011 09:26:22 +0000 (17:26 +0800)]
r8169: fix RTL8168DP power off issue.
- fix the RTL8111DP turn off the power when DASH is enabled.
- RTL_GIGA_MAC_VER_27 must wait for tx finish before reset.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Hayes Wang [Tue, 22 Feb 2011 09:26:19 +0000 (17:26 +0800)]
r8169: correct settings of rtl8102e.
Adjust and remove certain settings of RTL8102E which are for previous chips.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Acked-off-by: Francois Romieu <romieu@fr.zoreil.com>
Hayes Wang [Tue, 22 Feb 2011 09:26:20 +0000 (17:26 +0800)]
r8169: fix incorrect args to oob notify.
It results in the wrong point address and influences RTL8168DP.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Henry Nestler [Tue, 22 Feb 2011 11:29:42 +0000 (11:29 +0000)]
DM9000B: Fix PHY power for network down/up
DM9000 revision B needs 1 ms delay after PHY power-on.
PHY must be powered on by writing 0 into register DM9000_GPR before
all other settings will change (see Davicom spec and example code).
Remember, that register DM9000_GPR was not changed by reset sequence.
Without this fix the FIFO is out of sync and sends wrong data after
sequence of "ifconfig ethX down ; ifconfig ethX up".
Signed-off-by: David S. Miller <davem@davemloft.net>
Henry Nestler [Sun, 20 Feb 2011 11:44:58 +0000 (11:44 +0000)]
DM9000B: Fix reg_save after spin_lock in dm9000_timeout
The spin_lock should hold before reading register.
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 23 Feb 2011 07:05:07 +0000 (07:05 +0000)]
net_sched: long word align struct qdisc_skb_cb data
netem_skb_cb() does :
return (struct netem_skb_cb *)qdisc_skb_cb(skb)->data;
Unfortunatly struct qdisc_skb_cb data is not long word aligned, so
access to psched_time_t time_to_send uses a non aligned access.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Chris Mason [Wed, 23 Feb 2011 21:23:20 +0000 (16:23 -0500)]
Btrfs: fix fiemap bugs with delalloc
The Btrfs fiemap code wasn't properly returning delalloc extents,
so applications that trust fiemap to decide if there are holes in the
file see holes instead of delalloc.
This reworks the btrfs fiemap code, adding a get_extent helper that
searches for delalloc ranges and also adding a helper for extent_fiemap
that skips past holes in the file.
Signed-off-by: Chris Mason <chris.mason@oracle.com>
Dmitry Torokhov [Wed, 23 Feb 2011 16:51:28 +0000 (08:51 -0800)]
Input: serio/gameport - use 'long' system workqueue
Commit
8ee294cd9def0004887da7f44b80563493b0a097 converted serio
subsystem event handling from using a dedicated thread to using
common workqueue. Unfortunately, this regressed our boot times,
due to the fact that serio jobs take long time to execute. While
the new concurrency managed workqueue code manages long-playing
works just fine and schedules additional workers as needed, such
works wreck havoc among remaining users of flush_scheduled_work().
To solve this problem let's move serio/gameport works from system_wq
to system_long_wq which nobody tries to flush.
Reported-and-tested-by: Hernando Torque <pantherchen@versanet.de>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Dmitry Torokhov [Wed, 23 Feb 2011 04:15:07 +0000 (20:15 -0800)]
Input: synaptics - document 0x0c query
Since Synaptics technical writers department is a bit slow releasing updated
Synaptics interface guide, let's add some new bits (with their blessing)
to the code so that they don't get lost.
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Jesper Nilsson [Wed, 23 Feb 2011 12:04:25 +0000 (13:04 +0100)]
Drop redundant __param section for CRISv32.
The __param section is already brought in by RODATA above.
Signed-off-by: Jesper Nilsson <jesper.nilsson@axis.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Florian Mickler [Mon, 7 Feb 2011 22:29:31 +0000 (23:29 +0100)]
amd64-agp: fix crash at second module load
The module forgot to sometimes unregister some resources.
This fixes Bug #22882.
[Patch updated to 2.6.38-rc3 by Randy Dunlap.]
Tested-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Florian Mickler <florian@mickler.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Dmitry Torokhov [Tue, 8 Feb 2011 21:55:59 +0000 (13:55 -0800)]
USB: xhci: mark local functions as static
Functions that are not used outsde of the module they are defined
should be marked as static.
Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Ben Dooks [Wed, 23 Feb 2011 00:43:55 +0000 (00:43 +0000)]
i2c-omap: fixup commit
cb527ede1bf6ff2008a025606f25344b8ed7b4ac whitespace
Fixup the whitespace error noticed in
cb527ede1bf6ff2008a025606f25344b8ed7b4ac
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Richard woodruff [Wed, 16 Feb 2011 04:54:16 +0000 (10:24 +0530)]
i2c-omap: Double clear of ARDY status in IRQ handler
This errata occurs when the ARDY interrupt generation is enabled.
At the begining of every new transaction the ARDY interrupt is cleared.
On continuous i2c transactions where after clearing the ARDY bit from
I2C_STAT register (clearing the interrupt), the IRQ line is reasserted and the
I2C_STAT[ARDY] bit set again on 1. In fact, the ARDY status bit is not cleared
at the write access to I2C_STAT[ARDY] and only the IRQ line is deasserted and
then reasserted. This is not captured in the usual errata documents.
The workaround is to have a double clear of ARDY status in irq handler.
Signed-off-by: Richard woodruff <r-woodruff2@ti.com>
Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Balaji T K [Tue, 22 Feb 2011 06:55:39 +0000 (12:25 +0530)]
i2c-omap: fix build for !CONFIG_SUSPEND
fix the build break when !CONFIG_SUSPEND
drivers/i2c/busses/i2c-omap.c:1173: error: lvalue required as unary '&' operand
make[3]: *** [drivers/i2c/busses/i2c-omap.o] Error 1
make[2]: *** [drivers/i2c/busses] Error 2
make[1]: *** [drivers/i2c] Error 2
make: *** [drivers] Error 2
Signed-off-by: Balaji T K <balajitk@ti.com>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Dave Airlie [Sun, 20 Feb 2011 21:57:32 +0000 (21:57 +0000)]
drm/radeon: fix regression with AA resolve checking
Some userspaces can emit a whole packet without disabling AA resolve
by the looks of it, so we have to deal with them.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Tested-by: Jorg Otte <jrg.otte@googlemail.com>
Paul Bolle [Sat, 19 Feb 2011 21:35:55 +0000 (22:35 +0100)]
drm: drop commented out code and preceding comment
r100_gpu_init() was dropped in
90aca4d ("drm/radeon/kms: simplify &
improve GPU reset V2") but here it was only commented out.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Mario Kleiner [Mon, 21 Feb 2011 04:42:02 +0000 (05:42 +0100)]
drm/vblank: Enable precise vblank timestamps for interlaced and doublescan modes.
Testing showed the current code can already handle doublescan
video modes just fine. A trivial tweak makes it work for interlaced
scanout as well.
Tested and shown to be precise on Radeon rv530, r600 and
Intel 945-GME.
Signed-off-by: Mario Kleiner <mario.kleiner@tuebingen.mpg.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Mario Kleiner [Mon, 21 Feb 2011 04:42:01 +0000 (05:42 +0100)]
drm/vblank: Use memory barriers optimized for atomic_t instead of generics.
Documentation/atomic_ops.txt tells us that there are memory
barriers optimized for atomic_inc and other atomic_t ops.
Use these instead of smp_wmb(), and also to make the required
memory barriers around vblank counter increments more explicit.
Signed-off-by: Mario Kleiner <mario.kleiner@tuebingen.mpg.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Mario Kleiner [Mon, 21 Feb 2011 04:42:00 +0000 (05:42 +0100)]
drm/vblank: Use abs64(diff_ns) for s64 diff_ns instead of abs(diff_ns)
Use of abs() wrongly wrapped diff_ns to 32 bit, which gives a 1/4000
probability of a missed vblank increment at each vblank irq reenable
if the kms driver doesn't support high precision vblank timestamping.
Not a big deal in practice, but let's make it nice.
Signed-off-by: Mario Kleiner <mario.kleiner@tuebingen.mpg.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave Airlie [Fri, 18 Feb 2011 05:51:57 +0000 (15:51 +1000)]
drm/radeon/kms: align height of fb allocation.
this aligns the height of the fb allocation so it doesn't trip
over the size checks later when we use this from userspace to
copy the buffer at X start.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Alex Deucher [Mon, 21 Feb 2011 06:11:59 +0000 (01:11 -0500)]
Revert "drm/radeon/kms: switch back to min->max pll post divider iteration"
This reverts commit
a6f9761743bf35b052180f4a8bdae4d2cc0465f6.
Remove this commit as it is no longer necessary. The relevant bugs
were fixed properly in:
drm/radeon/kms: hopefully fix pll issues for real (v3)
5b40ddf888398ce4cccbf3b9d0a18d90149ed7ff
drm/radeon/kms: add missing frac fb div flag for dce4+
9f4283f49f0a96a64c5a45fe56f0f8c942885eef
This commit also broke certain ~5 Mhz modes on old arcade monitors,
so reverting this commit fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=29502
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Kevin Hilman [Fri, 28 Jan 2011 00:18:41 +0000 (16:18 -0800)]
i2c-omap: fix static suspend vs. runtime suspend
When runtime PM is enabled, each OMAP i2c device is suspended after
each i2c xfer. However, there are two cases when the static suspend
methods must be used to ensure the devices are suspended:
1) runtime PM is disabled, either at compile time or dynamically
via /sys/devices/.../power/control.
2) an i2c client driver uses i2c during it's suspend callback, thus
leaving the i2c driver active (NOTE: runtime suspend transitions are
disabled during system suspend, so i2c activity during system
suspend will runtime resume the device, but not runtime (re)suspend it.)
Since the actual work to suspend the device is handled by the
subsytem, call the bus methods to take care of it.
NOTE: This takes care of a known suspend problem on OMAP3 where the
TWL RTC driver does i2c xfers during its suspend path leaving the i2c
driver in an active state (since runtime suspend transistions are
disabled.)
Signed-off-by: Kevin Hilman <khilman@ti.com>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Wolfram Sang [Mon, 31 Jan 2011 14:09:23 +0000 (15:09 +0100)]
i2c-stu300: make sure adapter-name is terminated
Use strlcpy instead of strncpy.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Cc: Linus Walleij <linus.walleij@stericsson.com>
Cc: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Lukas Czerner [Tue, 15 Feb 2011 17:07:36 +0000 (17:07 +0000)]
xfs: check if device support discard in xfs_ioc_trim()
Right now we, are relying on the fact that when we attempt to
actually do the discard, blkdev_issue_discar() returns -EOPNOTSUPP
and the user is informed that the device does not support discard.
However, in the case where the we do not hit any suitable free
extent to trim in FITRIM code, it will finish without any error.
This is very confusing, because it seems that FITRIM was successful
even though the device does not actually supports discard.
Solution: Check for the discard support before attempt to search for
free extents.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Dan Rosenberg [Mon, 14 Feb 2011 13:45:28 +0000 (13:45 +0000)]
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
xfs_fs_geometry() with a version number of 3. This code path does not
fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
the leaking of four bytes of uninitialized stack data to potentially
unprivileged callers.
v2 switches to memset() to avoid future issues if structure members
change, on suggestion of Dave Chinner.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.org>
Signed-off-by: Alex Elder <aelder@sgi.com>
Eric Dumazet [Wed, 16 Feb 2011 03:48:38 +0000 (03:48 +0000)]
sfc: lower stack usage in efx_ethtool_self_test
drivers/net/sfc/ethtool.c: In function ‘efx_ethtool_self_test’:
drivers/net/sfc/ethtool.c:613: warning: the frame size of 1200 bytes
is larger than 1024 bytes
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Thu, 17 Feb 2011 08:17:52 +0000 (08:17 +0000)]
bridge: Use IPv6 link-local address for multicast listener queries
Currently the bridge multicast snooping feature periodically issues
IPv6 general multicast listener queries to sense the absence of a
listener.
For this, it uses :: as its source address - however RFC 2710 requires:
"To be valid, the Query message MUST come from a link-local IPv6 Source
Address". Current Linux kernel versions seem to follow this requirement
and ignore our bogus MLD queries.
With this commit a link local address from the bridge interface is being
used to issue the MLD query, resulting in other Linux devices which are
multicast listeners in the network to respond with a MLD response (which
was not the case before).
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Thu, 17 Feb 2011 08:17:51 +0000 (08:17 +0000)]
bridge: Fix MLD queries' ethernet source address
Map the IPv6 header's destination multicast address to an ethernet
source address instead of the MLD queries multicast address.
For instance for a general MLD query (multicast address in the MLD query
set to ::), this would wrongly be mapped to 33:33:00:00:00:00, although
an MLD queries destination MAC should always be 33:33:00:00:00:01 which
matches the IPv6 header's multicast destination ff02::1.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Tue, 15 Feb 2011 13:19:21 +0000 (13:19 +0000)]
bridge: Allow mcast snooping for transient link local addresses too
Currently the multicast bridge snooping support is not active for
link local multicast. I assume this has been done to leave
important multicast data untouched, like IPv6 Neighborhood Discovery.
In larger, bridged, local networks it could however be desirable to
optimize for instance local multicast audio/video streaming too.
With the transient flag in IPv6 multicast addresses we have an easy
way to optimize such multimedia traffic without tempering with the
high priority multicast data from well-known addresses.
This patch alters the multicast bridge snooping for IPv6, to take
effect for transient multicast addresses instead of non-link-local
addresses.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Tue, 15 Feb 2011 13:19:20 +0000 (13:19 +0000)]
ipv6: Add IPv6 multicast address flag defines
This commit adds the missing IPv6 multicast address flag defines to
complement the already existing multicast address scope defines and to
be able to check these flags nicely in the future.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Tue, 15 Feb 2011 13:19:19 +0000 (13:19 +0000)]
bridge: Add missing ntohs()s for MLDv2 report parsing
The nsrcs number is 2 Byte wide, therefore we need to call ntohs()
before using it.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Tue, 15 Feb 2011 13:19:18 +0000 (13:19 +0000)]
bridge: Fix IPv6 multicast snooping by correcting offset in MLDv2 report
We actually want a pointer to the grec_nsrcr and not the following
field. Otherwise we can get very high values for *nsrcs as the first two
bytes of the IPv6 multicast address are being used instead, leading to
a failing pskb_may_pull() which results in MLDv2 reports not being
parsed.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Tue, 15 Feb 2011 13:19:17 +0000 (13:19 +0000)]
bridge: Fix IPv6 multicast snooping by storing correct protocol type
The protocol type for IPv6 entries in the hash table for multicast
bridge snooping is falsely set to ETH_P_IP, marking it as an IPv4
address, instead of setting it to ETH_P_IPV6, which results in negative
look-ups in the hash table later.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Romain Francoise [Tue, 22 Feb 2011 09:48:06 +0000 (10:48 +0100)]
.gitignore: ignore *.xz files
Building with CONFIG_KERNEL_XZ results in the following:
# Untracked files:
# (use "git add <file>..." to include in what will be committed)
#
# arch/x86/boot/compressed/vmlinux.bin.xz
So ignore xz-compressed files at the top level like we already do for
other compression types.
Signed-off-by: Romain Francoise <romain@orebokech.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jesse Barnes [Tue, 15 Feb 2011 23:08:02 +0000 (15:08 -0800)]
drm/i915: skip FDI & PCH enabling for DP_A
eDP on the CPU doesn't need the PCH set up at all, it can in fact cause
problems. So avoid FDI training and PCH PLL enabling in that case.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Tested-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Chris Wilson [Wed, 22 Dec 2010 11:37:09 +0000 (11:37 +0000)]
agp/intel: Experiment with a 855GM GWB bit
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=27187
Tested-by: Thorsten Vollmer <thorsten@thvo.de> (DFI-ACP G5M150-N w/852GME)
Tested-by: Moritz Brunner <2points@gmx.org> (Asus M2400N/i855GM)
Tested-by: Indan Zupancic <indan@nul.nu> (Thinkpad X40/855GM rev 02)
Tested-by: Eric Anholt <eric@anholt.net> (865G)
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Jesse Barnes [Fri, 11 Feb 2011 22:44:51 +0000 (14:44 -0800)]
drm/i915: don't enable FDI & transcoder interrupts after all
We can enable some safely, but FDI and transcoder interrupts can occur
and block other interrupts from being detected (like port hotplug
events). So keep them disabled by default (they can be re-enabled for
debugging display bringup, but should generally be off).
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Chris Wilson [Fri, 11 Feb 2011 20:47:45 +0000 (20:47 +0000)]
drm/i915: Ignore a hung GPU when flushing the framebuffer prior to a switch
If the gpu is hung, then whatever was inside the render cache is lost
and there is little point waiting for it. Or complaining if we see an
EIO or EAGAIN instead. So, if the GPU is indeed in its death throes when
we need to rewrite the registers for a new framebuffer, just ignore the
error and proceed with the update.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Joerg Roedel [Wed, 9 Feb 2011 17:29:39 +0000 (18:29 +0100)]
KVM: SVM: Advance instruction pointer in dr_intercept
In the dr_intercept function a new cpu-feature called
decode-assists is implemented and used when available. This
code-path does not advance the guest-rip causing the guest
to dead-loop over mov-dr instructions. This is fixed by this
patch.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Christian Lamparter [Fri, 11 Feb 2011 00:48:42 +0000 (01:48 +0100)]
p54pci: update receive dma buffers before and after processing
Documentation/DMA-API-HOWTO.txt states:
"DMA transfers need to be synced properly in order for
the cpu and device to see the most uptodate and correct
copy of the DMA buffer."
Cc: <stable@kernel.org>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel J Blueman [Mon, 21 Feb 2011 16:11:06 +0000 (00:11 +0800)]
fix cfg80211_wext_siwfreq lock ordering...
I previously managed to reproduce a hang while scanning wireless
channels (reproducible with airodump-ng hopping channels); subsequent
lockdep instrumentation revealed a lock ordering issue.
Without knowing the design intent, it looks like the locks should be
taken in reverse order; please comment.
=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.38-rc5-341cd #4
-------------------------------------------------------
airodump-ng/15445 is trying to acquire lock:
(&rdev->devlist_mtx){+.+.+.}, at: [<
ffffffff816b1266>]
cfg80211_wext_siwfreq+0xc6/0x100
but task is already holding lock:
(&wdev->mtx){+.+.+.}, at: [<
ffffffff816b125c>] cfg80211_wext_siwfreq+0xbc/0x100
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&wdev->mtx){+.+.+.}:
[<
ffffffff810a79d6>] lock_acquire+0xc6/0x280
[<
ffffffff816d6bce>] mutex_lock_nested+0x6e/0x4b0
[<
ffffffff81696080>] cfg80211_netdev_notifier_call+0x430/0x5f0
[<
ffffffff8109351b>] notifier_call_chain+0x8b/0x100
[<
ffffffff810935b1>] raw_notifier_call_chain+0x11/0x20
[<
ffffffff81576d92>] call_netdevice_notifiers+0x32/0x60
[<
ffffffff815771a4>] __dev_notify_flags+0x34/0x80
[<
ffffffff81577230>] dev_change_flags+0x40/0x70
[<
ffffffff8158587c>] do_setlink+0x1fc/0x8d0
[<
ffffffff81586042>] rtnl_setlink+0xf2/0x140
[<
ffffffff81586923>] rtnetlink_rcv_msg+0x163/0x270
[<
ffffffff8159d741>] netlink_rcv_skb+0xa1/0xd0
[<
ffffffff815867b0>] rtnetlink_rcv+0x20/0x30
[<
ffffffff8159d39a>] netlink_unicast+0x2ba/0x300
[<
ffffffff8159dd57>] netlink_sendmsg+0x267/0x3e0
[<
ffffffff8155e364>] sock_sendmsg+0xe4/0x110
[<
ffffffff8155f3a3>] sys_sendmsg+0x253/0x3b0
[<
ffffffff81003192>] system_call_fastpath+0x16/0x1b
-> #0 (&rdev->devlist_mtx){+.+.+.}:
[<
ffffffff810a7222>] __lock_acquire+0x1622/0x1d10
[<
ffffffff810a79d6>] lock_acquire+0xc6/0x280
[<
ffffffff816d6bce>] mutex_lock_nested+0x6e/0x4b0
[<
ffffffff816b1266>] cfg80211_wext_siwfreq+0xc6/0x100
[<
ffffffff816b2fad>] ioctl_standard_call+0x5d/0xd0
[<
ffffffff816b3223>] T.808+0x163/0x170
[<
ffffffff816b326a>] wext_handle_ioctl+0x3a/0x90
[<
ffffffff815798d2>] dev_ioctl+0x6f2/0x830
[<
ffffffff8155cf3d>] sock_ioctl+0xfd/0x290
[<
ffffffff8117dffd>] do_vfs_ioctl+0x9d/0x590
[<
ffffffff8117e53a>] sys_ioctl+0x4a/0x80
[<
ffffffff81003192>] system_call_fastpath+0x16/0x1b
other info that might help us debug this:
2 locks held by airodump-ng/15445:
#0: (rtnl_mutex){+.+.+.}, at: [<
ffffffff81586782>] rtnl_lock+0x12/0x20
#1: (&wdev->mtx){+.+.+.}, at: [<
ffffffff816b125c>]
cfg80211_wext_siwfreq+0xbc/0x100
stack backtrace:
Pid: 15445, comm: airodump-ng Not tainted 2.6.38-rc5-341cd #4
Call Trace:
[<
ffffffff810a3f0a>] ? print_circular_bug+0xfa/0x100
[<
ffffffff810a7222>] ? __lock_acquire+0x1622/0x1d10
[<
ffffffff810a1f99>] ? trace_hardirqs_off_caller+0x29/0xc0
[<
ffffffff810a79d6>] ? lock_acquire+0xc6/0x280
[<
ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<
ffffffff810a31d7>] ? mark_held_locks+0x67/0x90
[<
ffffffff816d6bce>] ? mutex_lock_nested+0x6e/0x4b0
[<
ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<
ffffffff810a31d7>] ? mark_held_locks+0x67/0x90
[<
ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<
ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<
ffffffff816b2fad>] ? ioctl_standard_call+0x5d/0xd0
[<
ffffffff8157818b>] ? __dev_get_by_name+0x9b/0xc0
[<
ffffffff816b2f50>] ? ioctl_standard_call+0x0/0xd0
[<
ffffffff816b3223>] ? T.808+0x163/0x170
[<
ffffffff8112ddf2>] ? might_fault+0x72/0xd0
[<
ffffffff816b326a>] ? wext_handle_ioctl+0x3a/0x90
[<
ffffffff8112de3b>] ? might_fault+0xbb/0xd0
[<
ffffffff815798d2>] ? dev_ioctl+0x6f2/0x830
[<
ffffffff810a1bae>] ? put_lock_stats+0xe/0x40
[<
ffffffff810a1c8c>] ? lock_release_holdtime+0xac/0x150
[<
ffffffff8155cf3d>] ? sock_ioctl+0xfd/0x290
[<
ffffffff8117dffd>] ? do_vfs_ioctl+0x9d/0x590
[<
ffffffff8116c8ff>] ? fget_light+0x1df/0x3c0
[<
ffffffff8117e53a>] ? sys_ioctl+0x4a/0x80
[<
ffffffff81003192>] ? system_call_fastpath+0x16/0x1b
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Gertjan van Wingerde [Sun, 30 Jan 2011 12:22:41 +0000 (13:22 +0100)]
rt2x00: Fix WPA TKIP Michael MIC failures.
As reported and found by Johannes Stezenbach:
rt2800{pci,usb} do not report the Michael MIC in RXed frames, but do check
the Michael MIC in hardware. Therefore we have to report to mac80211 that the
received frame does not include the Michael MIC.
https://bugzilla.kernel.org/show_bug.cgi?id=16608
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Nick Kossifidis [Thu, 3 Feb 2011 23:41:02 +0000 (01:41 +0200)]
ath5k: Fix fast channel switching
Fast channel change fixes:
a) Always set OFDM timings
b) Don't re-activate PHY
c) Enable only NF calibration, not AGC
https://bugzilla.kernel.org/show_bug.cgi?id=27382
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Yuchung Cheng [Mon, 7 Feb 2011 12:57:04 +0000 (12:57 +0000)]
tcp: undo_retrans counter fixes
Fix a bug that undo_retrans is incorrectly decremented when undo_marker is
not set or undo_retrans is already 0. This happens when sender receives
more DSACK ACKs than packets retransmitted during the current
undo phase. This may also happen when sender receives DSACK after
the undo operation is completed or cancelled.
Fix another bug that undo_retrans is incorrectly incremented when
sender retransmits an skb and tcp_skb_pcount(skb) > 1 (TSO). This case
is rare but not impossible.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kushal Koolwal [Sat, 19 Feb 2011 21:56:03 +0000 (13:56 -0800)]
x86: Fix reboot problem on VersaLogic Menlow boards
VersaLogic Menlow based boards hang on reboot unless reboot=bios
is used. Add quirk to reboot through the BIOS.
Tested on at least four boards.
Signed-off-by: Kushal Koolwal <kushalkoolwal@gmail.com>
LKML-Reference: <
1298152563-21594-1-git-send-email-kushalkoolwal@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
NeilBrown [Mon, 21 Feb 2011 07:25:57 +0000 (18:25 +1100)]
md: avoid spinlock problem in blk_throtl_exit
blk_throtl_exit assumes that ->queue_lock still exists,
so make sure that it does.
To do this, we stop redirecting ->queue_lock to conf->device_lock
and leave it pointing where it is initialised - __queue_lock.
As the blk_plug functions check the ->queue_lock is held, we now
take that spin_lock explicitly around the plug functions. We don't
need the locking, just the warning removal.
This is needed for any kernel with the blk_throtl code, which is
which is 2.6.37 and later.
Cc: stable@kernel.org
Signed-off-by: NeilBrown <neilb@suse.de>
Eric W. Biederman [Sun, 20 Feb 2011 19:49:45 +0000 (11:49 -0800)]
net: Fix more stale on-stack list_head objects.
From: Eric W. Biederman <ebiederm@xmission.com>
In the beginning with batching unreg_list was a list that was used only
once in the lifetime of a network device (I think). Now we have calls
using the unreg_list that can happen multiple times in the life of a
network device like dev_deactivate and dev_close that are also using the
unreg_list. In addition in unregister_netdevice_queue we also do a
list_move because for devices like veth pairs it is possible that
unregister_netdevice_queue will be called multiple times.
So I think the change below to fix dev_deactivate which Eric D. missed
will fix this problem. Now to go test that.
Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Torokhov [Wed, 9 Feb 2011 00:29:34 +0000 (16:29 -0800)]
USB: xhci: fix couple sparse annotations
There is no point in casting to (void *) when setting up xhci->ir_set
as it only makes us lose __iomem annotation and makes sparse unhappy.
OTOH we do need to cast to (void *) when calculating xhci->dba from
offset, but since it is IO memory we need to annotate it as such.
Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Dmitry Torokhov [Wed, 9 Feb 2011 00:29:33 +0000 (16:29 -0800)]
USB: xhci: rework xhci_print_ir_set() to get ir set from xhci itself
xhci->ir_set points to __iomem region, but xhci_print_ir_set accepts
plain struct xhci_intr_reg * causing multiple sparse warning at call
sites and inside the fucntion when we try to read that memory.
Instead of adding __iomem qualifier to the argument let's rework the
function so it itself gets needed register set from xhci and prints
it.
Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Luben Tuikov [Fri, 11 Feb 2011 19:33:10 +0000 (11:33 -0800)]
USB: Reset USB 3.0 devices on (re)discovery
If the device isn't reset, the XHCI HCD sends
SET ADDRESS to address 0 while the device is
already in Addressed state, and the request is
dropped on the floor as it is addressed to the
default address. This sequence of events, which this
patch fixes looks like this:
usb_reset_and_verify_device()
hub_port_init()
hub_set_address()
SET_ADDRESS to 0 with 1
usb_get_device_descriptor(udev, 8)
usb_get_device_descriptor(udev, 18)
descriptors_changed() --> goto re_enumerate:
hub_port_logical_disconnect()
kick_khubd()
And then:
hub_events()
hub_port_connect_change()
usb_disconnect()
usb_disable_device()
new device struct
sets device state to Powered
choose_address()
hub_port_init() <-- no reset, but SET ADDRESS to 0 with 1, timeout!
The solution is to always reset the device in
hub_port_init() to put it in a known state.
Note from Sarah Sharp:
This patch should be queued for stable trees all the way back to 2.6.34,
since that was the first kernel that supported configured device reset.
The code this patch touches has been there since 2.6.32, but the bug
would never be hit before 2.6.34 because the xHCI driver would
completely reject an attempt to reset a configured device under xHCI.
Signed-off-by: Luben Tuikov <ltuikov@yahoo.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: stable@kernel.org
Paul Zimmerman [Sat, 12 Feb 2011 22:07:57 +0000 (14:07 -0800)]
xhci: Fix an error in count_sg_trbs_needed()
The expression
while (running_total < sg_dma_len(sg))
does not take into account that the remaining data length can be less
than sg_dma_len(sg). In that case, running_total can end up being
greater than the total data length, so an extra TRB is counted.
Changing the expression to
while (running_total < sg_dma_len(sg) && running_total < temp)
fixes that.
This patch should be queued for stable kernels back to 2.6.31.
Signed-off-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: stable@kernel.org
Paul Zimmerman [Sat, 12 Feb 2011 22:07:20 +0000 (14:07 -0800)]
xhci: Fix errors in the running total calculations in the TRB math
Calculations like
running_total = TRB_MAX_BUFF_SIZE -
(sg_dma_address(sg) & (TRB_MAX_BUFF_SIZE - 1));
if (running_total != 0)
num_trbs++;
are incorrect, because running_total can never be zero, so the if()
expression will never be true. I think the intention was that
running_total be in the range of 0 to TRB_MAX_BUFF_SIZE-1, not 1
to TRB_MAX_BUFF_SIZE. So adding a
running_total &= TRB_MAX_BUFF_SIZE - 1;
fixes the problem.
This patch should be queued for stable kernels back to 2.6.31.
Signed-off-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: stable@kernel.org
Paul Zimmerman [Sat, 12 Feb 2011 22:06:44 +0000 (14:06 -0800)]
xhci: Clarify some expressions in the TRB math
This makes it easier to spot some problems, which will be fixed by the
next patch in the series. Also change dev_dbg to dev_err in
check_trb_math(), so any math errors will be visible even when running
with debug disabled.
Note: This patch changes the expressions containing
"((1 << TRB_MAX_BUFF_SHIFT) - 1)" to use the equivalent
"(TRB_MAX_BUFF_SIZE - 1)". No change in behavior is intended for
those expressions.
This patch should be queued for stable kernels back to 2.6.31.
Signed-off-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: stable@kernel.org
Paul Zimmerman [Sat, 12 Feb 2011 22:06:06 +0000 (14:06 -0800)]
xhci: Avoid BUG() in interrupt context
Change the BUGs in xhci_find_new_dequeue_state() to WARN_ONs, to avoid
bringing down the box if one of them is hit
This patch should be queued for stable kernels back to 2.6.31.
Signed-off-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: stable@kernel.org
Dominik Brodowski [Sat, 19 Feb 2011 11:35:15 +0000 (12:35 +0100)]
pcmcia: re-enable Zoomed Video support
Allow drivers to enable Zoomed Video support. Currently, this is only
used by out-of-tree drivers (L64020 DVB driver in particular).
CC: <stable@kernel.org> [for 2.6.37]
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Jiri Bohac [Thu, 17 Feb 2011 13:12:08 +0000 (13:12 +0000)]
sctp: fix reporting of unknown parameters
commit
5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809 re-worked the
handling of unknown parameters. sctp_init_cause_fixed() can now
return -ENOSPC if there is not enough tailroom in the error
chunk skb. When this happens, the error header is not appended to
the error chunk. In that case, the payload of the unknown parameter
should not be appended either.
Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John Fastabend [Fri, 18 Feb 2011 13:30:17 +0000 (13:30 +0000)]
net: dcb: match dcb_app protocol field with 802.1Qaz spec
The dcb_app protocol field is a __u32 however the 802.1Qaz
specification defines it as a 16 bit field. This patch brings
the structure inline with the spec making it a __u16.
CC: Shmulik Ravid <shmulikr@broadcom.com>
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Fri, 18 Feb 2011 22:35:56 +0000 (22:35 +0000)]
tcp: fix inet_twsk_deschedule()
Eric W. Biederman reported a lockdep splat in inet_twsk_deschedule()
This is caused by inet_twsk_purge(), run from process context,
and commit
575f4cd5a5b6394577 (net: Use rcu lookups in inet_twsk_purge.)
removed the BH disabling that was necessary.
Add the BH disabling but fine grained, right before calling
inet_twsk_deschedule(), instead of whole function.
With help from Linus Torvalds and Eric W. Biederman
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Daniel Lezcano <daniel.lezcano@free.fr>
CC: Pavel Emelyanov <xemul@openvz.org>
CC: Arnaldo Carvalho de Melo <acme@redhat.com>
CC: stable <stable@kernel.org> (# 2.6.33+)
Signed-off-by: David S. Miller <davem@davemloft.net>
Alan Cox [Tue, 1 Feb 2011 15:46:05 +0000 (15:46 +0000)]
cm4000_cs: Fix undefined ops warning
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Pavel Machek [Fri, 4 Feb 2011 08:03:43 +0000 (09:03 +0100)]
pcmcia vs. MECR on pxa25x/sa1111
After 2.6.34 changes, __pxa2xx_drv_pcmcia_probe() was replaced by
sa1111_pcmcia_add(). That unfortunately means that configure_sockets()
is not called, leading to MECR not being set properly, leading to
strange crashes.
Tested on pxa255+sa1111, I do not have lubbock board nearby. Perhaps
cleaner solution exists?
Signed-off-by: Pavel Machek <pma@sysgo.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Julia Lawall [Sun, 13 Feb 2011 12:12:10 +0000 (13:12 +0100)]
drivers/char/pcmcia/ipwireless/main.c: Convert release_resource to release_region/release_mem_region
Request_region should be used with release_region, not release_resource.
This patch contains a number of changes, related to calls to request_region,
request_mem_region, and the associated error handling code.
1. For the call to request_region, the variable io_resource storing the
result is dropped. The call to release_resource at the end of the function
is changed to a call to release_region with the first two arguments of
request_region as its arguments. The same call to release_region is also
added to release_ipwireless.
2. The first call to request_mem_region is now tested and ret is set to
-EBUSY if the the call has failed. This call was associated with the
initialization of ipw->attr_memory. But the error handling code was
testing ipw->common_memory. The definition of release_ipwireless also
suggests that this call should be associated with ipw->common_memory, not
ipw->attr_memory.
3. The second call to request_mem_region is now tested and ret is
set to -EBUSY if the the call has failed.
4. The various gotos to the error handling code is adjusted so that there
is no need for ifs.
5. Return the value stored in the ret variable rather than -1.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression x,E;
@@
(
*x = request_region(...)
|
*x = request_mem_region(...)
)
... when != release_region(x)
when != x = E
* release_resource(x);
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Thomas Gleixner [Fri, 18 Feb 2011 22:27:23 +0000 (23:27 +0100)]
genirq: Disable the SHIRQ_DEBUG call in request_threaded_irq for now
With CONFIG_SHIRQ_DEBUG=y we call a newly installed interrupt handler
in request_threaded_irq().
The original implementation (commit
a304e1b8) called the handler
_BEFORE_ it was installed, but that caused problems with handlers
calling disable_irq_nosync(). See commit
377bf1e4.
It's braindead in the first place to call disable_irq_nosync in shared
handlers, but ....
Moving this call after we installed the handler looks innocent, but it
is very subtle broken on SMP.
Interrupt handlers rely on the fact, that the irq core prevents
reentrancy.
Now this debug call violates that promise because we run the handler
w/o the IRQ_INPROGRESS protection - which we cannot apply here because
that would result in a possibly forever masked interrupt line.
A concurrent real hardware interrupt on a different CPU results in
handler reentrancy and can lead to complete wreckage, which was
unfortunately observed in reality and took a fricking long time to
debug.
Leave the code here for now. We want this debug feature, but that's
not easy to fix. We really should get rid of those
disable_irq_nosync() abusers and remove that function completely.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Anton Vorontsov <avorontsov@ru.mvista.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: stable@kernel.org # .28 -> .37
Thomas Gleixner [Thu, 17 Feb 2011 16:45:15 +0000 (17:45 +0100)]
genirq: Prevent access beyond allocated_irqs bitmap
Lars-Peter Clausen pointed out:
I stumbled upon this while looking through the existing archs using
SPARSE_IRQ. Even with SPARSE_IRQ the NR_IRQS is still the upper
limit for the number of IRQs.
Both PXA and MMP set NR_IRQS to IRQ_BOARD_START, with
IRQ_BOARD_START being the number of IRQs used by the core.
In various machine files the nr_irqs field of the ARM machine
defintion struct is then set to "IRQ_BOARD_START + NR_BOARD_IRQS".
As a result "nr_irqs" will greater then NR_IRQS which then again
causes the "allocated_irqs" bitmap in the core irq code to be
accessed beyond its size overwriting unrelated data.
The core code really misses a sanity check there.
This went unnoticed so far as by chance the compiler/linker places
data behind that bitmap which gets initialized later on those affected
platforms.
So the obvious fix would be to add a sanity check in early_irq_init()
and break all affected platforms. Though that check wants to be
backported to stable as well, which will require to fix all known
problematic platforms and probably some more yet not known ones as
well. Lots of churn.
A way simpler solution is to allocate a slightly larger bitmap and
avoid the whole churn w/o breaking anything. Add a few warnings when
an arch returns utter crap.
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@kernel.org # .37
Cc: Haojian Zhuang <haojian.zhuang@marvell.com>
Cc: Eric Miao <eric.y.miao@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Nikolay Ledovskikh [Fri, 18 Feb 2011 16:59:53 +0000 (19:59 +0300)]
ath5k: Correct channel setting for AR2317 chip
Correct channel setting function must be used for AR2317.
When I tested ahb patch on bullet2 all seemed to work fine,
but it couldn't connect another host (using ibss for example).
During an analysis I observed that it's transmitting on another
channel. I looked into madwifi code and understood that
the problem is in channel setting function. So atheros RF2317 not
fully handled in the current ath5k version and must be patched.
Signed-off-by: Nikolay Ledovskikh <nledovskikh@gmail.com>
Acked-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Xose Vazquez Perez [Fri, 18 Feb 2011 13:27:09 +0000 (14:27 +0100)]
wireless: rt2x00: rt2800pci.c: add two ids
taken two RT35XX EDIMAX from DPO_RT3562_3592_3062_LinuxSTA_V2.4.1.1_20101217
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Fri, 18 Feb 2011 08:05:08 +0000 (09:05 +0100)]
mac80211: fix conn_mon_timer running after disassociate
Low level driver could pass rx frames to us after disassociate, what
can lead to run conn_mon_timer by ieee80211_sta_rx_notify(). That
is obviously wrong, but nothing happens until we unload modules and
resources are used after free. If kernel debugging is enabled following
warning could be observed:
WARNING: at lib/debugobjects.c:259 debug_print_object+0x65/0x70()
Hardware name: HP xw8600 Workstation
ODEBUG: free active (active state 0) object type: timer_list
Modules linked in: iwlagn(-) iwlcore mac80211 cfg80211 aes_x86_64 aes_generic fuse cpufreq_ondemand acpi_cpufreq freq_table mperf xt_physdev ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 ext3 jbd dm_mirror dm_region_hash dm_log dm_mod uinput hp_wmi sparse_keymap sg wmi arc4 microcode serio_raw ecb tg3 shpchp rfkill ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif firewire_ohci firewire_core crc_itu_t mptsas mptscsih mptbase scsi_transport_sas ahci libahci pata_acpi ata_generic ata_piix floppy nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: cfg80211]
Pid: 13827, comm: rmmod Tainted: G W 2.6.38-rc4-wl+ #22
Call Trace:
[<
ffffffff810649cf>] ? warn_slowpath_common+0x7f/0xc0
[<
ffffffff81064ac6>] ? warn_slowpath_fmt+0x46/0x50
[<
ffffffff81226fc5>] ? debug_print_object+0x65/0x70
[<
ffffffff81227625>] ? debug_check_no_obj_freed+0x125/0x210
[<
ffffffff8109ebd7>] ? debug_check_no_locks_freed+0xf7/0x170
[<
ffffffff81156092>] ? kfree+0xc2/0x2f0
[<
ffffffff813ec5c5>] ? netdev_release+0x45/0x60
[<
ffffffff812f1067>] ? device_release+0x27/0xa0
[<
ffffffff81216ddd>] ? kobject_release+0x8d/0x1a0
[<
ffffffff81216d50>] ? kobject_release+0x0/0x1a0
[<
ffffffff812183b7>] ? kref_put+0x37/0x70
[<
ffffffff81216c57>] ? kobject_put+0x27/0x60
[<
ffffffff813d5d1b>] ? netdev_run_todo+0x1ab/0x270
[<
ffffffff813e771e>] ? rtnl_unlock+0xe/0x10
[<
ffffffffa0581188>] ? ieee80211_unregister_hw+0x58/0x120 [mac80211]
[<
ffffffffa0377ed7>] ? iwl_pci_remove+0xdb/0x22a [iwlagn]
[<
ffffffff8123cde2>] ? pci_device_remove+0x52/0x120
[<
ffffffff812f5205>] ? __device_release_driver+0x75/0xe0
[<
ffffffff812f5348>] ? driver_detach+0xd8/0xe0
[<
ffffffff812f4111>] ? bus_remove_driver+0x91/0x100
[<
ffffffff812f5b62>] ? driver_unregister+0x62/0xa0
[<
ffffffff8123d194>] ? pci_unregister_driver+0x44/0xa0
[<
ffffffffa0377df5>] ? iwl_exit+0x15/0x1c [iwlagn]
[<
ffffffff810ab492>] ? sys_delete_module+0x1a2/0x270
[<
ffffffff81498889>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<
ffffffff8100bf42>] ? system_call_fastpath+0x16/0x1b
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rakesh Iyer [Fri, 18 Feb 2011 16:38:02 +0000 (08:38 -0800)]
Input: tegra-kbc - add function keymap
Add Fn keymap support to allow for internal processing of Fn keys.
Signed-off-by: Rakesh Iyer <riyer@nvidia.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Greg Kroah-Hartman [Thu, 17 Feb 2011 22:39:36 +0000 (14:39 -0800)]
Revert "USB: Reset USB 3.0 devices on (re)discovery"
This reverts commit
637d11bfb814637ec7b81e878db3ffea6408a89a. Sarah
wants to tweak it some more before it's applied to the tree.
Cc: Luben Tuikov <ltuikov@yahoo.com>
Cc: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jon Thomas [Wed, 16 Feb 2011 16:02:34 +0000 (11:02 -0500)]
sierra: add new ID for Airprime/Sierra USB IP modem
I picked up a new Sierra usb 308 (At&t Shockwave) on 2/2011 and the vendor code
is 0x0f3d
Looking up vendor and product id's I see:
0f3d Airprime, Incorporated
0112 CDMA 1xEVDO PC Card, PC 5220
Sierra and Airprime are somehow related and I'm guessing the At&t usb 308 might
be have some common hardware with the AirPrime SL809x.
Signed-off-by: Jon Thomas <jthomas@redhat.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Tue, 15 Feb 2011 14:55:07 +0000 (15:55 +0100)]
USB: serial/usb_wwan, fix tty NULL dereference
tty_port_tty_get may return without any problems NULL. Handle this
case and do not oops in usb_wwan_indat_callback by dereferencing it.
The oops:
Unable to handle kernel paging request for data at address 0x000000d8
Faulting instruction address: 0xc0175b3c
Oops: Kernel access of bad area, sig: 11 [#1]
PowerPC 40x Platform
last sysfs file:
/sys/devices/pci0000:00/0000:00:00.0/0000:01:00.0/0000:02:09.2/usb1/idVendor
Modules linked in:
NIP:
c0175b3c LR:
c0175e7c CTR:
c0215c90
REGS:
c77f7d50 TRAP: 0300 Not tainted (2.6.37-rc5)
MSR:
00021030 <ME,CE,IR,DR> CR:
88482028 XER:
2000005f
DEAR:
000000d8, ESR:
00000000
TASK =
c7141b90[1149] 'wvdial' THREAD:
c2750000
GPR00:
00021030 c77f7e00 c7141b90 00000000 0000000e 00000000 0000000e c0410680
GPR08:
c683db00 00000000 00000001 c03c81f8 88482028 10073ef4 ffffffb9 ffffff94
GPR16:
00000000 fde036c0 00200200 00100100 00000001 ffffff8d c34fabcc 00000000
GPR24:
c71120d4 00000000 00000000 0000000e 00021030 00000000 00000000 0000000e
NIP [
c0175b3c] tty_buffer_request_room+0x2c/0x194
LR [
c0175e7c] tty_insert_flip_string_fixed_flag+0x3c/0xb0
Call Trace:
[
c77f7e00] [
00000003] 0x3 (unreliable)
[
c77f7e30] [
c0175e7c] tty_insert_flip_string_fixed_flag+0x3c/0xb0
[
c77f7e60] [
c0215df4] usb_wwan_indat_callback+0x164/0x170
...
References: https://bugzilla.kernel.org/show_bug.cgi?id=24582
Cc: Amit Shah <amitshah@gmx.net>
Cc: baoyb <baoyb@avit.org.cn>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Luben Tuikov [Fri, 11 Feb 2011 19:33:10 +0000 (11:33 -0800)]
USB: Reset USB 3.0 devices on (re)discovery
If the device isn't reset, the XHCI HCD sends
SET ADDRESS to address 0 while the device is
already in Addressed state, and the request is
dropped on the floor as it is addressed to the
default address. This sequence of events, which this
patch fixes looks like this:
usb_reset_and_verify_device()
hub_port_init()
hub_set_address()
SET_ADDRESS to 0 with 1
usb_get_device_descriptor(udev, 8)
usb_get_device_descriptor(udev, 18)
descriptors_changed() --> goto re_enumerate:
hub_port_logical_disconnect()
kick_khubd()
And then:
hub_events()
hub_port_connect_change()
usb_disconnect()
usb_disable_device()
new device struct
sets device state to Powered
choose_address()
hub_port_init() <-- no reset, but SET ADDRESS to 0 with 1, timeout!
The solution is to always reset the device in
hub_port_init() to put it in a known state.
Signed-off-by: Luben Tuikov <ltuikov@yahoo.com>
Cc: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Maciej Szmigiero [Sat, 5 Feb 2011 20:52:00 +0000 (21:52 +0100)]
USB: Add quirk for Samsung Android phone modem
My Galaxy Spica needs this quirk when in modem mode, otherwise
it causes endless USB bus resets and is unusable in this mode.
Unfortunately Samsung decided to reuse ID of its old CDMA phone SGH-I500
for the modem part.
That's why in addition to this patch the visor driver must be prevented
from binding to SPH-I500 ID, so ACM driver can do that.
Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Maciej Szmigiero [Mon, 7 Feb 2011 11:42:36 +0000 (12:42 +0100)]
USB: Add Samsung SGH-I500/Android modem ID switch to visor driver
[USB]Add Samsung SGH-I500/Android modem ID switch to visor driver
Samsung decided to reuse USB ID of its old CDMA phone SGH-I500 for the
modem part of some of their Android phones. At least Galaxy Spica
is affected.
This modem needs ACM driver and does not work with visor driver which
binds the conflicting ID for SGH-I500.
Because SGH-I500 is pretty an old hardware its best to add switch to
visor
driver in cause somebody still wants to use that phone with Linux.
Note that this is needed only when using the Android phone as modem,
not in USB storage or ADB mode.
Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Thu, 17 Feb 2011 15:26:38 +0000 (10:26 -0500)]
USB: add quirks entry for Keytouch QWERTY Panel
This patch (as1448) adds a quirks entry for the Keytouch QWERTY Panel
firmware, used in the IEC 60945 keyboard. This device crashes during
enumeration when the computer asks for its configuration string
descriptor.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: kholis <nur.kholis.majid@gmail.com>
CC: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Joerg Marx [Thu, 17 Feb 2011 15:23:40 +0000 (16:23 +0100)]
netfilter: ip6t_LOG: fix a flaw in printing the MAC
The flaw was in skipping the second byte in MAC header due to increasing
the pointer AND indexed access starting at '1'.
Signed-off-by: Joerg Marx <joerg.marx@secunet.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Johan Hovold [Fri, 11 Feb 2011 15:57:08 +0000 (16:57 +0100)]
usb: musb: omap2430: fix kernel panic on reboot
Cancel idle timer in musb_platform_exit.
The idle timer could trigger after clock had been disabled leading to
kernel panic when MUSB_DEVCTL is accessed in musb_do_idle on 2.6.37.
The fault below is no longer triggered on 2.6.38-rc4 (clock is disabled
later, and only if compiled as a module, and the offending memory access
has moved) but the timer should be cancelled nonetheless.
Rebooting... musb_hdrc musb_hdrc: remove, state 4
usb usb1: USB disconnect, address 1
musb_hdrc musb_hdrc: USB bus 1 deregistered
Unhandled fault: external abort on non-linefetch (0x1028) at 0xfa0ab060
Internal error: : 1028 [#1] PREEMPT
last sysfs file: /sys/kernel/uevent_seqnum
Modules linked in:
CPU: 0 Not tainted (2.6.37+ #6)
PC is at musb_do_idle+0x24/0x138
LR is at musb_do_idle+0x18/0x138
pc : [<
c02377d8>] lr : [<
c02377cc>] psr:
80000193
sp :
cf2bdd80 ip :
cf2bdd80 fp :
c048a20c
r10:
c048a60c r9 :
c048a40c r8 :
cf85e110
r7 :
cf2bc000 r6 :
40000113 r5 :
c0489800 r4 :
cf85e110
r3 :
00000004 r2 :
00000006 r1 :
fa0ab000 r0 :
cf8a7000
Flags: Nzcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
Control:
10c5387d Table:
8faac019 DAC:
00000015
Process reboot (pid: 769, stack limit = 0xcf2bc2f0)
Stack: (0xcf2bdd80 to 0xcf2be000)
dd80:
00000103 c0489800 c02377b4 c005fa34 00000555 c0071a8c c04a3858 cf2bdda8
dda0:
00000555 c048a00c cf2bdda8 cf2bdda8 1838beb0 00000103 00000004 cf2bc000
ddc0:
00000001 00000001 c04896c8 0000000a 00000000 c005ac14 00000001 c003f32c
dde0:
00000000 00000025 00000000 cf2bc000 00000002 00000001 cf2bc000 00000000
de00:
00000001 c005ad08 cf2bc000 c002e07c c03ec039 ffffffff fa200000 c0033608
de20:
00000001 00000000 cf852c14 cf81f200 c045b714 c045b708 cf2bc000 c04a37e8
de40:
c0033c04 cf2bc000 00000000 00000001 cf2bde68 cf2bde68 c01c3abc c004f7d8
de60:
60000013 ffffffff c0033c04 00000000 01234567 fee1dead 00000000 c006627c
de80:
00000001 c00662c8 28121969 c00663ec cfa38c40 cf9f6a00 cf2bded0 cf9f6a0c
dea0:
00000000 cf92f000 00008914 c02cd284 c04a55c8 c028b398 c00715c0 becf24a8
dec0:
30687465 00000000 00000000 00000000 00000002 1301a8c0 00000000 00000000
dee0:
00000002 1301a8c0 00000000 00000000 c0450494 cf527920 00011f10 cf2bdf08
df00:
00011f10 cf2bdf10 00011f10 cf2bdf18 c00f0b44 c004f7e8 cf2bdf18 cf2bdf18
df20:
00011f10 cf2bdf30 00011f10 cf2bdf38 cf401300 cf486100 00000008 c00d2b28
df40:
00011f10 cf401300 00200200 c00d3388 00011f10 cfb63a88 cfb63a80 c00c2f08
df60:
00000000 00000000 cfb63a80 00000000 cf0a3480 00000006 c0033c04 cfb63a80
df80:
00000000 c00c0104 00000003 cf0a3480 cfb63a80 00000000 00000001 00000004
dfa0:
00000058 c0033a80 00000000 00000001 fee1dead 28121969 01234567 00000000
dfc0:
00000000 00000001 00000004 00000058 00000001 00000001 00000000 00000001
dfe0:
4024d200 becf2cb0 00009210 4024d218 60000010 fee1dead 00000000 00000000
[<
c02377d8>] (musb_do_idle+0x24/0x138) from [<
c005fa34>] (run_timer_softirq+0x1a8/0x26)
[<
c005fa34>] (run_timer_softirq+0x1a8/0x26c) from [<
c005ac14>] (__do_softirq+0x88/0x13)
[<
c005ac14>] (__do_softirq+0x88/0x138) from [<
c005ad08>] (irq_exit+0x44/0x98)
[<
c005ad08>] (irq_exit+0x44/0x98) from [<
c002e07c>] (asm_do_IRQ+0x7c/0xa0)
[<
c002e07c>] (asm_do_IRQ+0x7c/0xa0) from [<
c0033608>] (__irq_svc+0x48/0xa8)
Exception stack(0xcf2bde20 to 0xcf2bde68)
de20:
00000001 00000000 cf852c14 cf81f200 c045b714 c045b708 cf2bc000 c04a37e8
de40:
c0033c04 cf2bc000 00000000 00000001 cf2bde68 cf2bde68 c01c3abc c004f7d8
de60:
60000013 ffffffff
[<
c0033608>] (__irq_svc+0x48/0xa8) from [<
c004f7d8>] (sub_preempt_count+0x0/0xb8)
Code:
ebf86030 e5940098 e594108c e5902010 (
e5d13060)
---[ end trace
3689c0d808f9bf7c ]---
Kernel panic - not syncing: Fatal exception in interrupt
Cc: stable@kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
OSDN Git Service
