i2som-imx-linux

Author	SHA1	Message	Date
Greg Kroah-Hartman	058b017ea9	Linux 3.2.12	2012-03-19 09:03:17 -07:00
Guenter Roeck	2a811f344f	hwmon: (zl6100) Enable interval between chip accesses for all chips commit `fecfb64422` upstream. Intersil reports that all chips supported by the zl6100 driver require an interval between chip accesses, even ZL2004 and ZL6105 which were thought to be safe. Reported-by: Vivek Gani <vgani@intersil.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:36 -07:00
Nicholas Bellinger	b527fd1fe4	target: Fix compatible reservation handling (CRH=1) with legacy RESERVE/RELEASE commit `087a03b3ea` upstream. This patch addresses a bug with target_check_scsi2_reservation_conflict() return checking in target_scsi2_reservation_[reserve,release]() that was preventing CRH=1 operation from silently succeeding in the two special cases defined by SPC-3, and not failing with reservation conflict status when dealing with legacy RESERVE/RELEASE + active SPC-3 PR logic. Also explictly set cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT during the early non reservation holder failure from pr_ops->t10_seq_non_holder() check in transport_generic_cmd_sequencer() for fabrics that already expect it to be set. This bug was originally introduced in mainline commit: commit `eacac00ce5` Author: Christoph Hellwig <hch@infradead.org> Date: Thu Nov 3 17:50:40 2011 -0400 target: split core_scsi2_emulate_crh Reported-by: Martin Svec <martin.svec@zoner.cz> Cc: Martin Svec <martin.svec@zoner.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:36 -07:00
Nicholas Bellinger	980b16ee81	iscsi-target: Fix reservation conflict -EBUSY response handling bug commit `00fdc6bbef` upstream. This patch addresses a iscsi-target specific bug related to reservation conflict handling in iscsit_handle_scsi_cmd() that has been causing reservation conflicts to complete and not fail as expected due to incorrect errno checking. The problem occured with the change to return -EBUSY from transport_generic_cmd_sequencer() -> transport_generic_allocate_tasks() failures, that broke iscsit_handle_scsi_cmd() checking for -EINVAL in order to invoke a non GOOD status response. This was manifesting itself as data corruption with legacy SPC-2 reservations, but also effects iscsi-target LUNs with SPC-3 persistent reservations. This bug was originally introduced in lio-core commit: commit `03e98c9eb9` Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Fri Nov 4 02:36:16 2011 -0700 target: Address legacy PYX_TRANSPORT_* return code breakage Reported-by: Martin Svec <martin.svec@zoner.cz> Cc: Martin Svec <martin.svec@zoner.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:36 -07:00
Ville Syrjala	883eb9633d	i2c-algo-bit: Fix spurious SCL timeouts under heavy load commit `8ee161ce5e` upstream. When the system is under heavy load, there can be a significant delay between the getscl() and time_after() calls inside sclhi(). That delay may cause the time_after() check to trigger after SCL has gone high, causing sclhi() to return -ETIMEDOUT. To fix the problem, double check that SCL is still low after the timeout has been reached, before deciding to return -ETIMEDOUT. Signed-off-by: Ville Syrjala <syrjala@sci.fi> Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:35 -07:00
Alexandre Bounine	aefb9269d5	rapidio/tsi721: fix bug in register offset definitions commit `9bbad7da76` upstream. Fix indexed register offset definitions that use decimal (wrong) instead of hexadecimal (correct) notation for indexing multipliers. Incorrect definitions do not affect Tsi721 driver in its current default configuration because it uses only IDB queue 0. Loss of inbound doorbell functionality should be observed if queue other than 0 is used. Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com> Cc: Matt Porter <mporter@kernel.crashing.org> Cc: Chul Kim <chul.kim@idt.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:35 -07:00
Jean Delvare	930f256e16	hwmon: (w83627ehf) Fix temp2 source for W83627UHG commit `aacb6b0052` upstream. Properly set the source of temp2 for the W83627UHG. Also fix a comment right before that, and document the W83627UHG as reporting up to 3 temperatures. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:35 -07:00
Guenter Roeck	5e9b5771c5	hwmon: (w83627ehf) Fix memory leak in probe function commit `32260d9440` upstream. The driver probe function leaked memory if creating the cpu0_vid attribute file failed. Fix by converting the driver to use devm_kzalloc. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:35 -07:00
Guenter Roeck	5f418b22ba	hwmon: (w83627ehf) Fix writing into fan_stop_time for NCT6775F/NCT6776F commit `33fa9b6204` upstream. NCT6775F and NCT6776F have their own set of registers for FAN_STOP_TIME. The correct registers were used to read FAN_STOP_TIME, but writes used the wrong registers. Fix it. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:35 -07:00
David S. Miller	60eba3f837	sparc32: Add -Av8 to assembler command line. commit `e0adb9902f` upstream. Newer version of binutils are more strict about specifying the correct options to enable certain classes of instructions. The sparc32 build is done for v7 in order to support sun4c systems which lack hardware integer multiply and divide instructions. So we have to pass -Av8 when building the assembler routines that use these instructions and get patched into the kernel when we find out that we have a v8 capable cpu. Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:34 -07:00
Alan Stern	2053689f68	Block: use a freezable workqueue for disk-event polling commit `62d3c5439c` upstream. This patch (as1519) fixes a bug in the block layer's disk-events polling. The polling is done by a work routine queued on the system_nrt_wq workqueue. Since that workqueue isn't freezable, the polling continues even in the middle of a system sleep transition. Obviously, polling a suspended drive for media changes and such isn't a good thing to do; in the case of USB mass-storage devices it can lead to real problems requiring device resets and even re-enumeration. The patch fixes things by creating a new system-wide, non-reentrant, freezable workqueue and using it for disk-events polling. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:34 -07:00
Stanislaw Gruszka	eee92c3639	block: fix __blkdev_get and add_disk race condition commit `9f53d2fe81` upstream. The following situation might occur: __blkdev_get: add_disk: register_disk() get_gendisk() disk_block_events() disk->ev == NULL disk_add_events() __disk_unblock_events() disk->ev != NULL --ev->block Then we unblock events, when they are suppose to be blocked. This can trigger events related block/genhd.c warnings, but also can crash in sd_check_events() or other places. I'm able to reproduce crashes with the following scripts (with connected usb dongle as sdb disk). <snip> DEV=/dev/sdb ENABLE=/sys/bus/usb/devices/1-2/bConfigurationValue function stop_me() { for i in `jobs -p` ; do kill $i 2> /dev/null ; done exit } trap stop_me SIGHUP SIGINT SIGTERM for ((i = 0; i < 10; i++)) ; do while true; do fdisk -l $DEV 2>&1 > /dev/null ; done & done while true ; do echo 1 > $ENABLE sleep 1 echo 0 > $ENABLE done </snip> I use the script to verify patch fixing oops in sd_revalidate_disk http://marc.info/?l=linux-scsi&m=132935572512352&w=2 Without Jun'ichi Nomura patch titled "Fix NULL pointer dereference in sd_revalidate_disk" or this one, script easily crash kernel within a few seconds. With both patches applied I do not observe crash. Unfortunately after some time (dozen of minutes), script will hung in: [ 1563.906432] [<c08354f5>] schedule_timeout_uninterruptible+0x15/0x20 [ 1563.906437] [<c04532d5>] msleep+0x15/0x20 [ 1563.906443] [<c05d60b2>] blk_drain_queue+0x32/0xd0 [ 1563.906447] [<c05d6e00>] blk_cleanup_queue+0xd0/0x170 [ 1563.906454] [<c06d278f>] scsi_free_queue+0x3f/0x60 [ 1563.906459] [<c06d7e6e>] __scsi_remove_device+0x6e/0xb0 [ 1563.906463] [<c06d4aff>] scsi_forget_host+0x4f/0x60 [ 1563.906468] [<c06cd84a>] scsi_remove_host+0x5a/0xf0 [ 1563.906482] [<f7f030fb>] quiesce_and_remove_host+0x5b/0xa0 [usb_storage] [ 1563.906490] [<f7f03203>] usb_stor_disconnect+0x13/0x20 [usb_storage] Anyway I think this patch is some step forward. As drawback, I do not teardown on sysfs file create error, because I do not know how to nullify disk->ev (since it can be used). However add_disk error handling practically does not exist too, and things will work without this sysfs file, except events will not be exported to user space. Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:34 -07:00
Dan Carpenter	565cd53937	block, sx8: fix pointer math issue getting fw version commit `ea5f4db8ec` upstream. "mem" is type u8. We need parenthesis here or it screws up the pointer math probably leading to an oops. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:34 -07:00
Jun'ichi Nomura	195b1c3447	block: Fix NULL pointer dereference in sd_revalidate_disk commit `fe316bf2d5` upstream. Since 2.6.39 (`1196f8b`), when a driver returns -ENOMEDIUM for open(), __blkdev_get() calls rescan_partitions() to remove in-kernel partition structures and raise KOBJ_CHANGE uevent. However it ends up calling driver's revalidate_disk without open and could cause oops. In the case of SCSI: process A process B ---------------------------------------------- sys_open __blkdev_get sd_open returns -ENOMEDIUM scsi_remove_device <scsi_device torn down> rescan_partitions sd_revalidate_disk <oops> Oopses are reported here: http://marc.info/?l=linux-scsi&m=132388619710052 This patch separates the partition invalidation from rescan_partitions() and use it for -ENOMEDIUM case. Reported-by: Huajun Li <huajun.li.lee@gmail.com> Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:34 -07:00
Axel Lin	f05bd11d18	regulator: Fix setting selector in tps6524x set_voltage function commit `f03570cf17` upstream. Don't assign the voltage to selector. Signed-off-by: Axel Lin <axel.lin@gmail.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:34 -07:00
Joerg Neikes	7b6d02d935	usb: asix: Patch for Sitecom LN-031 commit `4e50391968` upstream. This patch adds support for the Sitecom LN-031 USB adapter with a AX88178 chip. Added USB id to find correct driver for AX88178 1000 Ethernet adapter. Signed-off-by: Joerg Neikes <j.neikes@midlandgate.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:33 -07:00
Li Wei	5a5598f6ac	IPv6: Fix not join all-router mcast group when forwarding set. [ Upstream commit `d6ddef9e64` ] When forwarding was set and a new net device is register, we need add this device to the all-router mcast group. Signed-off-by: Li Wei <lw@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:33 -07:00
Neal Cardwell	8d360a280a	tcp: fix tcp_shift_skb_data() to not shift SACKed data below snd_una [ Upstream commit `4648dc97af` ] This commit fixes tcp_shift_skb_data() so that it does not shift SACKed data below snd_una. This fixes an issue whose symptoms exactly match reports showing tp->sacked_out going negative since 3.3.0-rc4 (see "WARNING: at net/ipv4/tcp_input.c:3418" thread on netdev). Since 2008 (`832d11c5cd`) tcp_shift_skb_data() had been shifting SACKed ranges that were below snd_una. It checked that the end of the skb it was about to shift from was above snd_una, but did not check that the end of the actual shifted range was above snd_una; this commit adds that check. Shifting SACKed ranges below snd_una is problematic because for such ranges tcp_sacktag_one() short-circuits: it does not declare anything as SACKed and does not increase sacked_out. Before the fixes in commits `cc9a672ee5` and `daef52bab1`, shifting SACKed ranges below snd_una happened to work because tcp_shifted_skb() was always (incorrectly) passing in to tcp_sacktag_one() an skb whose end_seq tcp_shift_skb_data() had already guaranteed was beyond snd_una. Hence tcp_sacktag_one() never short-circuited and always increased tp->sacked_out in this case. After those two fixes, my testing has verified that shifting SACKed ranges below snd_una could cause tp->sacked_out to go negative with the following sequence of events: (1) tcp_shift_skb_data() sees an skb whose end_seq is beyond snd_una, then shifts a prefix of that skb that is below snd_una (2) tcp_shifted_skb() increments the packet count of the already-SACKed prev sk_buff (3) tcp_sacktag_one() sees the end of the new SACKed range is below snd_una, so it short-circuits and doesn't increase tp->sacked_out (5) tcp_clean_rtx_queue() sees the SACKed skb has been ACKed, decrements tp->sacked_out by this "inflated" pcount that was missing a matching increase in tp->sacked_out, and hence tp->sacked_out underflows to a u32 like 0xFFFFFFFF, which casted to s32 is negative. (6) this leads to the warnings seen in the recent "WARNING: at net/ipv4/tcp_input.c:3418" thread on the netdev list; e.g.: tcp_input.c:3418 WARN_ON((int)tp->sacked_out < 0); More generally, I think this bug can be tickled in some cases where two or more ACKs from the receiver are lost and then a DSACK arrives that is immediately above an existing SACKed skb in the write queue. This fix changes tcp_shift_skb_data() to abort this sequence at step (1) in the scenario above by noticing that the bytes are below snd_una and not shifting them. Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:33 -07:00
Ulrich Weber	6f867117cf	bridge: check return value of ipv6_dev_get_saddr() [ Upstream commit `d1d81d4c3d` ] otherwise source IPv6 address of ICMPV6_MGM_QUERY packet might be random junk if IPv6 is disabled on interface or link-local address is not yet ready (DAD). Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:33 -07:00
Neal Cardwell	c3bb0ce8a9	tcp: don't fragment SACKed skbs in tcp_mark_head_lost() [ Upstream commit `c0638c247f` ] In tcp_mark_head_lost() we should not attempt to fragment a SACKed skb to mark the first portion as lost. This is for two primary reasons: (1) tcp_shifted_skb() coalesces adjacent regions of SACKed skbs. When doing this, it preserves the sum of their packet counts in order to reflect the real-world dynamics on the wire. But given that skbs can have remainders that do not align to MSS boundaries, this packet count preservation means that for SACKed skbs there is not necessarily a direct linear relationship between tcp_skb_pcount(skb) and skb->len. Thus tcp_mark_head_lost()'s previous attempts to fragment off and mark as lost a prefix of length (packets - oldcnt)*mss from SACKed skbs were leading to occasional failures of the WARN_ON(len > skb->len) in tcp_fragment() (which used to be a BUG_ON(); see the recent "crash in tcp_fragment" thread on netdev). (2) there is no real point in fragmenting off part of a SACKed skb and calling tcp_skb_mark_lost() on it, since tcp_skb_mark_lost() is a NOP for SACKed skbs. Signed-off-by: Neal Cardwell <ncardwell@google.com> Acked-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Acked-by: Yuchung Cheng <ycheng@google.com> Acked-by: Nandita Dukkipati <nanditad@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:33 -07:00
françois romieu	f33486042a	r8169: corrupted IP fragments fix for large mtu. [ Upstream commit `9c5028e9da` ] Noticed with the 8168d (-vb-gr, aka RTL_GIGA_MAC_VER_26). ConfigX registers should only be written while the Config9346 lock is held. Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Reported-by: Nick Bowler <nbowler@elliptictech.com> Cc: Hayes Wang <hayeswang@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:32 -07:00
stephen hemminger	cd3d5286e4	packetengines: fix config default [ Upstream commit `3f2010b2ad` ] As part of the big network driver reorg, each vendor directory defaults to yes, so that older config's can migrate correctly. Looks like this one got missed. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:23 -07:00
Shreyas Bhatewara	9550048cc7	vmxnet3: Fix transport header size [ Upstream commit `efead8710a` ] Fix transport header size Fix the transpoert header size for UDP packets. Signed-off-by: Shreyas N Bhatewara <sbhatewara@vmware.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:22 -07:00
Neal Cardwell	83833f94ab	tcp: fix false reordering signal in tcp_shifted_skb [ Upstream commit `4c90d3b303` ] When tcp_shifted_skb() shifts bytes from the skb that is currently pointed to by 'highest_sack' then the increment of TCP_SKB_CB(skb)->seq implicitly advances tcp_highest_sack_seq(). This implicit advancement, combined with the recent fix to pass the correct SACKed range into tcp_sacktag_one(), caused tcp_sacktag_one() to think that the newly SACKed range was before the tcp_highest_sack_seq(), leading to a call to tcp_update_reordering() with a degree of reordering matching the size of the newly SACKed range (typically just 1 packet, which is a NOP, but potentially larger). This commit fixes this by simply calling tcp_sacktag_one() before the TCP_SKB_CB(skb)->seq advancement that can advance our notion of the highest SACKed sequence. Correspondingly, we can simplify the code a little now that tcp_shifted_skb() should update the lost_cnt_hint in all cases where skb == tp->lost_skb_hint. Signed-off-by: Neal Cardwell <ncardwell@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:22 -07:00
Ben Hutchings	20331103f2	sfc: Fix assignment of ip_summed for pre-allocated skbs [ Upstream commit `ff3bc1e752` ] When pre-allocating skbs for received packets, we set ip_summed = CHECKSUM_UNNCESSARY. We used to change it back to CHECKSUM_NONE when the received packet had an incorrect checksum or unhandled protocol. Commit `bc8acf2c8c` ('drivers/net: avoid some skb->ip_summed initializations') mistakenly replaced the latter assignment with a DEBUG-only assertion that ip_summed == CHECKSUM_NONE. This assertion is always false, but it seems no-one has exercised this code path in a DEBUG build. Fix this by moving our assignment of CHECKSUM_UNNECESSARY into efx_rx_packet_gro(). Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:21 -07:00
Ben McKeegan	a15a4c79ee	ppp: fix 'ppp_mp_reconstruct bad seq' errors [ Upstream commit `8a49ad6e89` ] This patch fixes a (mostly cosmetic) bug introduced by the patch 'ppp: Use SKB queue abstraction interfaces in fragment processing' found here: http://www.spinics.net/lists/netdev/msg153312.html The above patch rewrote and moved the code responsible for cleaning up discarded fragments but the new code does not catch every case where this is necessary. This results in some discarded fragments remaining in the queue, and triggering a 'bad seq' error on the subsequent call to ppp_mp_reconstruct. Fragments are discarded whenever other fragments of the same frame have been lost. This can generate a lot of unwanted and misleading log messages. This patch also adds additional detail to the debug logging to make it clearer which fragments were lost and which other fragments were discarded as a result of losses. (Run pppd with 'kdebug 1' option to enable debug logging.) Signed-off-by: Ben McKeegan <ben@netservers.co.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:21 -07:00
Eric Dumazet	b86e173ed3	ipsec: be careful of non existing mac headers [ Upstream commit `03606895cd` ] Niccolo Belli reported ipsec crashes in case we handle a frame without mac header (atm in his case) Before copying mac header, better make sure it is present. Bugzilla reference: https://bugzilla.kernel.org/show_bug.cgi?id=42809 Reported-by: Niccolò Belli <darkbasic@linuxsystems.it> Tested-by: Niccolò Belli <darkbasic@linuxsystems.it> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:21 -07:00
Michel Machado	983af6e109	neighbour: Fixed race condition at tbl->nht [ Upstream commit `84338a6c9d` ] When the fixed race condition happens: 1. While function neigh_periodic_work scans the neighbor hash table pointed by field tbl->nht, it unlocks and locks tbl->lock between buckets in order to call cond_resched. 2. Assume that function neigh_periodic_work calls cond_resched, that is, the lock tbl->lock is available, and function neigh_hash_grow runs. 3. Once function neigh_hash_grow finishes, and RCU calls neigh_hash_free_rcu, the original struct neigh_hash_table that function neigh_periodic_work was using doesn't exist anymore. 4. Once back at neigh_periodic_work, whenever the old struct neigh_hash_table is accessed, things can go badly. Signed-off-by: Michel Machado <michel@digirati.com.br> CC: "David S. Miller" <davem@davemloft.net> CC: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:21 -07:00
Eric Dumazet	d94202bc7e	atl1c: dont use highprio tx queue [ Upstream commit `11aad99af6` ] This driver attempts to use two TX rings but lacks proper support : 1) IRQ handler only takes care of TX completion on first TX ring 2) the stop/start logic uses the legacy functions (for non multiqueue drivers) This means all packets witk skb mark set to 1 are sent through high queue but are never cleaned and queue eventualy fills and block the device, triggering the infamous "NETDEV WATCHDOG" message. Lets use a single TX ring to fix the problem, this driver is not a real multiqueue one yet. Minimal fix for stable kernels. Reported-by: Thomas Meyer <thomas@m3y3r.de> Tested-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Jay Cliburn <jcliburn@gmail.com> Cc: Chris Snook <chris.snook@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:21 -07:00
Ike Panhc	13faef3e67	acer-wmi: No wifi rfkill on Lenovo machines commit `461e74377c` upstream. We have several reports which says acer-wmi is loaded on ideapads and register rfkill for wifi which can not be unblocked. Since ideapad-laptop also register rfkill for wifi and it works reliably, it will be fine acer-wmi is not going to register rfkill for wifi once VPC2004 is found. Also put IBM0068/LEN0068 in the list. Though thinkpad_acpi has no wifi rfkill capability, there are reports which says acer-wmi also block wireless on Thinkpad E520/E420. Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Matthew Garrett <mjg@redhat.com> Cc: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:21 -07:00
Miklos Szeredi	9ab2a6cf17	vfs: fix double put after complete_walk() commit `097b180ca0` upstream. complete_walk() already puts nd->path, no need to do it again at cleanup time. This would result in Oopses if triggered, apparently the codepath is not too well exercised. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:20 -07:00
Miklos Szeredi	ebccbea390	vfs: fix return value from do_last() commit `7f6c7e62fc` upstream. complete_walk() returns either ECHILD or ESTALE. do_last() turns this into ECHILD unconditionally. If not in RCU mode, this error will reach userspace which is complete nonsense. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:20 -07:00
Pavel Shilovsky	989961646e	CIFS: Do not kmalloc under the flocks spinlock commit `d5751469f2` upstream. Reorganize the code to make the memory already allocated before spinlock'ed loop. Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <sfrench@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:20 -07:00
Peter Zijlstra	7dfe63e95b	perf/x86: Fix local vs remote memory events for NHM/WSM commit `87e24f4b67` upstream. Verified using the below proglet.. before: [root@westmere ~]# perf stat -e node-stores -e node-store-misses ./numa 0 remote write Performance counter stats for './numa 0': 2,101,554 node-stores 2,096,931 node-store-misses 5.021546079 seconds time elapsed [root@westmere ~]# perf stat -e node-stores -e node-store-misses ./numa 1 local write Performance counter stats for './numa 1': 501,137 node-stores 199 node-store-misses 5.124451068 seconds time elapsed After: [root@westmere ~]# perf stat -e node-stores -e node-store-misses ./numa 0 remote write Performance counter stats for './numa 0': 2,107,516 node-stores 2,097,187 node-store-misses 5.012755149 seconds time elapsed [root@westmere ~]# perf stat -e node-stores -e node-store-misses ./numa 1 local write Performance counter stats for './numa 1': 2,063,355 node-stores 165 node-store-misses 5.082091494 seconds time elapsed #define _GNU_SOURCE #include <sched.h> #include <stdio.h> #include <errno.h> #include <sys/mman.h> #include <sys/types.h> #include <dirent.h> #include <signal.h> #include <unistd.h> #include <numaif.h> #include <stdlib.h> #define SIZE (3210241024) volatile int done; void sig_done(int sig) { done = 1; } int main(int argc, char *argv) { cpu_set_t mask, mask2; size_t size; int i, err, t; int nrcpus = 1024; char mem; unsigned long nodemask = 0x01; /* node 0 / DIR node; struct dirent de; int read = 0; int local = 0; if (argc < 2) { printf("usage: %s [0-3]\n", argv[0]); printf(" bit0 - local/remote\n"); printf(" bit1 - read/write\n"); exit(0); } switch (atoi(argv[1])) { case 0: printf("remote write\n"); break; case 1: printf("local write\n"); local = 1; break; case 2: printf("remote read\n"); read = 1; break; case 3: printf("local read\n"); local = 1; read = 1; break; } mask = CPU_ALLOC(nrcpus); size = CPU_ALLOC_SIZE(nrcpus); CPU_ZERO_S(size, mask); node = opendir("/sys/devices/system/node/node0/"); if (!node) perror("opendir"); while ((de = readdir(node))) { int cpu; if (sscanf(de->d_name, "cpu%d", &cpu) == 1) CPU_SET_S(cpu, size, mask); } closedir(node); mask2 = CPU_ALLOC(nrcpus); CPU_ZERO_S(size, mask2); for (i = 0; i < size; i++) CPU_SET_S(i, size, mask2); CPU_XOR_S(size, mask2, mask2, mask); // invert if (!local) mask = mask2; err = sched_setaffinity(0, size, mask); if (err) perror("sched_setaffinity"); mem = mmap(0, SIZE, PROT_READ\|PROT_WRITE, MAP_PRIVATE\|MAP_ANONYMOUS, -1, 0); err = mbind(mem, SIZE, MPOL_BIND, &nodemask, 8sizeof(nodemask), MPOL_MF_MOVE); if (err) perror("mbind"); signal(SIGALRM, sig_done); alarm(5); if (!read) { while (!done) { for (i = 0; i < SIZE; i++) mem[i] = 0x01; } } else { while (!done) { for (i = 0; i < SIZE; i++) t += (volatile char )(mem + i); } } return 0; } Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Stephane Eranian <eranian@google.com> Link: http://lkml.kernel.org/n/tip-tq73sxus35xmqpojf7ootxgs@git.kernel.org Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:20 -07:00
Stanislaw Gruszka	7d616fc050	rt2x00: fix random stalls commit `3780d038fd` upstream. Is possible that we stop queue and then do not wake up it again, especially when packets are transmitted fast. That can be easily reproduced with modified tx queue entry_num to some small value e.g. 16. If mac80211 already hold local->queue_stop_reason_lock, then we can wait on that lock in both rt2x00queue_pause_queue() and rt2x00queue_unpause_queue(). After drooping ->queue_stop_reason_lock is possible that __ieee80211_wake_queue() will be performed before __ieee80211_stop_queue(), hence we stop queue and newer wake up it again. Another race condition is possible when between rt2x00queue_threshold() check and rt2x00queue_pause_queue() we will process all pending tx buffers on different cpu. This might happen if for example interrupt will be triggered on cpu performing rt2x00mac_tx(). To prevent race conditions serialize pause/unpause by queue->tx_lock. Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:19 -07:00
Laurent Pinchart	dc64836942	omap3isp: ccdc: Fix crash in HS/VS interrupt handler commit `bd0f2e6da7` upstream. The HS/VS interrupt handler needs to access the pipeline object. It erronously tries to get it from the CCDC output video node, which isn't necessarily included in the pipeline. This leads to a NULL pointer dereference. Fix the bug by getting the pipeline object from the CCDC subdev entity. Reported-by: Gary Thomas <gary@mlbassoc.com> Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Acked-by: Sakari Ailus <sakari.ailus@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:19 -07:00
Matthew Garrett	f043ddb60c	PCI: ignore pre-1.1 ASPM quirking when ASPM is disabled commit `4949be1682` upstream. Right now we won't touch ASPM state if ASPM is disabled, except in the case where we find a device that appears to be too old to reliably support ASPM. Right now we'll clear it in that case, which is almost certainly the wrong thing to do. The easiest way around this is just to disable the blacklisting when ASPM is disabled. Signed-off-by: Matthew Garrett <mjg@redhat.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:19 -07:00
Thomas Gleixner	c042d55ecd	x86: Derandom delay_tsc for 64 bit commit `a7f4255f90` upstream. Commit `f0fbf0abc0` ("x86: integrate delay functions") converted delay_tsc() into a random delay generator for 64 bit. The reason is that it merged the mostly identical versions of delay_32.c and delay_64.c. Though the subtle difference of the result was: static void delay_tsc(unsigned long loops) { - unsigned bclock, now; + unsigned long bclock, now; Now the function uses rdtscl() which returns the lower 32bit of the TSC. On 32bit that's not problematic as unsigned long is 32bit. On 64 bit this fails when the lower 32bit are close to wrap around when bclock is read, because the following check if ((now - bclock) >= loops) break; evaluated to true on 64bit for e.g. bclock = 0xffffffff and now = 0 because the unsigned long (now - bclock) of these values results in 0xffffffff00000001 which is definitely larger than the loops value. That explains Tvortkos observation: "Because I am seeing udelay(500) (_occasionally_) being short, and that by delaying for some duration between 0us (yep) and 491us." Make those variables explicitely u32 again, so this works for both 32 and 64 bit. Reported-by: Tvrtko Ursulin <tvrtko.ursulin@onelan.co.uk> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:19 -07:00
Al Viro	80d8e50baa	aio: fix the "too late munmap()" race commit `c7b2855505` upstream. Current code has put_ioctx() called asynchronously from aio_fput_routine(); that's done after we have killed the request that used to pin ioctx, so there's nothing to stop io_destroy() waiting in wait_for_all_aios() from progressing. As the result, we can end up with async call of put_ioctx() being the last one and possibly happening during exit_mmap() or elf_core_dump(), neither of which expects stray munmap() being done to them... We do need to prevent _freeing_ ioctx until aio_fput_routine() is done with that, but that's all we care about - neither io_destroy() nor exit_aio() will progress past wait_for_all_aios() until aio_fput_routine() does really_put_req(), so the ioctx teardown won't be done until then and we don't care about the contents of ioctx past that point. Since actual freeing of these suckers is RCU-delayed, we don't need to bump ioctx refcount when request goes into list for async removal. All we need is rcu_read_lock held just over the ->ctx_lock-protected area in aio_fput_routine(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Reviewed-by: Jeff Moyer <jmoyer@redhat.com> Acked-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:19 -07:00
Al Viro	00a1b4bfde	aio: fix io_setup/io_destroy race commit `86b62a2cb4` upstream. Have ioctx_alloc() return an extra reference, so that caller would drop it on success and not bother with re-grabbing it on failure exit. The current code is obviously broken - io_destroy() from another thread that managed to guess the address io_setup() would've returned would free ioctx right under us; gets especially interesting if aio_context_t * we pass to io_setup() points to PROT_READ mapping, so put_user() fails and we end up doing io_destroy() on kioctx another thread has just got freed... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Benjamin LaHaise <bcrl@kvack.org> Reviewed-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:18 -07:00
Kailang Yang	46bf2e14af	ALSA: hda/realtek - Apply the coef-setup only to ALC269VB commit `526af6eb4d` upstream. The coef setup in alc269_fill_coef() was designed only for ALC269VB model, and this has some bad effects for other ALC269 variants, such as turning off the external mic input. Apply it only to ALC269VB. Signed-off-by: Kailang Yang <kailang@realtek.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:18 -07:00
Denis 'GNUtoo' Carikli	4bfcbebdbe	ASoC: neo1973: fix neo1973 wm8753 initialization commit `b2ccf065f7` upstream. The neo1973 driver had wrong codec name which prevented the "sound card" from appearing. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-19 09:02:18 -07:00
Greg Kroah-Hartman	3f4b3b20f4	Linux 3.2.11	2012-03-13 10:05:09 -07:00
Greg Kroah-Hartman	f26a76724b	Revert "mfd: Test for jack detection when deciding if wm8994 should suspend" This reverts commit `315e73b400` as it breaks the 3.2-stable build. Reported-by: Ben Guthro <ben@guthro.net> Cc: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-13 09:36:07 -07:00
Greg Kroah-Hartman	7459f11685	Linux 3.2.10	2012-03-12 13:22:49 -07:00
Ohad Ben-Cohen	75d67f37ab	ARM: OMAP: fix iommu, not mailbox commit `134d12fae0` upstream. For some weird (freudian?) reason, commit `435792d` "ARM: OMAP: make iommu subsys_initcall to fix builtin omap3isp" unintentionally changed the mailbox's initcall instead of the iommu's. Fix that. Reported-by: Fernando Guzman Lugo <fernando.lugo@ti.com> Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com> Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Cc: Joerg Roedel <Joerg.Roedel@amd.com> Cc: Tony Lindgren <tony@atomide.com> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:51 -07:00
Danny Kukawka	b252c0019c	spi-topcliff-pch: rename pch_spi_pcidev to pch_spi_pcidev_driver commit `c88db23325` upstream. Rename static struct pci_driver pch_spi_pcidev to pch_spi_pcidev_driver to get rid of warnings from modpost checks. Signed-off-by: Danny Kukawka <danny.kukawka@bisect.de> Signed-off-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:51 -07:00
Christian Gmeiner	8c40863a24	mfd: Fix cs5535 section mismatch commit `97e43c983c` upstream. Silence following warnings: WARNING: drivers/mfd/cs5535-mfd.o(.data+0x20): Section mismatch in reference from the variable cs5535_mfd_drv to the function .devinit.text:cs5535_mfd_probe() The variable cs5535_mfd_drv references the function __devinit cs5535_mfd_probe() If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: driver, _template, _timer, _sht, _ops, _probe, _probe_one, _console WARNING: drivers/mfd/cs5535-mfd.o(.data+0x28): Section mismatch in reference from the variable cs5535_mfd_drv to the function .devexit.text:cs5535_mfd_remove() The variable cs5535_mfd_drv references the function __devexit cs5535_mfd_remove() If the reference is valid then annotate the variable with __exit* (see linux/init.h) or name the variable: driver, _template, _timer, _sht, _ops, _probe, _probe_one, _console Rename the variable from _drv to _driver so modpost ignore the OK references to __devinit/__devexit functions. Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com> Acked-by: Andres Salomon <dilinger@queued.net> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:50 -07:00
Danny Kukawka	750e7bd21d	cs5535-mfgpt: don't call __init function from __devinit commit `474de3bbad` upstream. Fix scan_timers() to be __devinit and not __init since the function get called from cs5535_mfgpt_probe which is __devinit. Signed-off-by: Danny Kukawka <danny.kukawka@bisect.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:50 -07:00
Jonathan E Brassow	b6f0ec2f96	dm raid: fix flush support commit `0ca93de9b7` upstream. Fix dm-raid flush support. Both md and dm have support for flush, but the dm-raid target forgot to set the flag to indicate that flushes should be passed on. (Important for data integrity e.g. with writeback cache enabled.) Signed-off-by: Jonathan Brassow <jbrassow@redhat.com> Acked-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:50 -07:00
Jonathan E Brassow	5e3604168b	dm raid: set MD_CHANGE_DEVS when rebuilding commit `3aa3b2b2b1` upstream. The 'rebuild' parameter is used to rebuild individual devices in an array (e.g. resynchronize a RAID1 device or recalculate a parity device in higher RAID). The MD_CHANGE_DEVS flag must be set when this parameter is given in order to write out the superblocks and make the change take immediate effect. The code that handles new devices in super_load already sets MD_CHANGE_DEVS and 'FirstUse'. (The 'FirstUse' flag was being set as a special case for rebuilds in super_init_validation.) Add a condition for rebuilds in super_load to take care of both flags without the special case in 'super_init_validation'. Signed-off-by: Jonathan Brassow <jbrassow@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:50 -07:00
Joe Thornber	73b249403d	dm thin metadata: decrement counter after removing mapped block commit `af63bcb817` upstream. Correct the number of mapped sectors shown on a thin device's status line by decrementing td->mapped_blocks in __remove() each time a block is removed. Signed-off-by: Joe Thornber <ejt@redhat.com> Acked-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:46 -07:00
Joe Thornber	b995290dfc	dm thin metadata: unlock superblock in init_pmd error path commit `4469a5f387` upstream. If dm_sm_disk_create() fails the superblock must be unlocked. Signed-off-by: Joe Thornber <ejt@redhat.com> Acked-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:41 -07:00
Mike Snitzer	6cb44f13d1	dm thin metadata: remove incorrect close_device on creation error paths commit `1f3db25d8b` upstream. The __open_device() error paths in __create_thin() and __create_snap() incorrectly call __close_device() even if td was not initialized by __open_device(). Remove this. Also document __open_device() return values, remove a redundant td->changed = 1 in __create_thin(), and insert an additional safeguard against creating an already-existing device. Signed-off-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:41 -07:00
Mike Snitzer	4175e9d6c4	dm flakey: fix crash on read when corrupt_bio_byte not set commit `1212268fd9` upstream. The following BUG is hit on the first read that is submitted to a dm flakey test device while the device is "down" if the corrupt_bio_byte feature wasn't requested when the device's table was loaded. Example DM table that will hit this BUG: 0 2097152 flakey 8:0 2048 0 30 This bug was introduced by commit `a3998799fb` (dm flakey: add corrupt_bio_byte feature) in v3.1-rc1. BUG: unable to handle kernel paging request at ffff8801cfce3fff IP: [<ffffffffa008c233>] corrupt_bio_data+0x6e/0xae [dm_flakey] PGD 1606063 PUD 0 Oops: 0002 [#1] SMP ... Call Trace: <IRQ> [<ffffffffa008c2b5>] flakey_end_io+0x42/0x48 [dm_flakey] [<ffffffffa00dca98>] clone_endio+0x54/0xb6 [dm_mod] [<ffffffff81130587>] bio_endio+0x2d/0x2f [<ffffffff811c819a>] req_bio_endio+0x96/0x9f [<ffffffff811c94b9>] blk_update_request+0x1dc/0x3a9 [<ffffffff812f5ee2>] ? rcu_read_unlock+0x21/0x23 [<ffffffff811c96a6>] blk_update_bidi_request+0x20/0x6e [<ffffffff811c9713>] blk_end_bidi_request+0x1f/0x5d [<ffffffff811c978d>] blk_end_request+0x10/0x12 [<ffffffff8128f450>] scsi_io_completion+0x1e5/0x4b1 [<ffffffff812882a9>] scsi_finish_command+0xec/0xf5 [<ffffffff8128f830>] scsi_softirq_done+0xff/0x108 [<ffffffff811ce284>] blk_done_softirq+0x84/0x98 [<ffffffff81048d19>] __do_softirq+0xe3/0x1d5 [<ffffffff8138f83f>] ? _raw_spin_lock+0x62/0x69 [<ffffffff810997cf>] ? handle_irq_event+0x4c/0x61 [<ffffffff8139833c>] call_softirq+0x1c/0x30 [<ffffffff81003b37>] do_softirq+0x4b/0xa3 [<ffffffff81048a39>] irq_exit+0x53/0xca [<ffffffff81398acd>] do_IRQ+0x9d/0xb4 [<ffffffff81390333>] common_interrupt+0x73/0x73 ... Signed-off-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:41 -07:00
Milan Broz	6cfee31902	dm io: fix discard support commit `0c535e0d6f` upstream. This patch fixes a crash by recognising discards in dm_io. Currently dm_mirror can send REQ_DISCARD bios if running over a discard-enabled device and without support in dm_io the system crashes badly. BUG: unable to handle kernel paging request at 00800000 IP: __bio_add_page.part.17+0xf5/0x1e0 ... bio_add_page+0x56/0x70 dispatch_io+0x1cf/0x240 [dm_mod] ? km_get_page+0x50/0x50 [dm_mod] ? vm_next_page+0x20/0x20 [dm_mod] ? mirror_flush+0x130/0x130 [dm_mirror] dm_io+0xdc/0x2b0 [dm_mod] ... Introduced in 2.6.38-rc1 by commit `5fc2ffeabb` (dm raid1: support discard). Signed-off-by: Milan Broz <mbroz@redhat.com> Acked-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:41 -07:00
Jesper Juhl	e2ece17ace	dm ioctl: do not leak argv if target message only contains whitespace commit `902c6a96a7` upstream. If 'argc' is zero we jump to the 'out:' label, but this leaks the (unused) memory that 'dm_split_args()' allocated for 'argv' if the string being split consisted entirely of whitespace. Jump to the 'out_argv:' label instead to free up that memory. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:41 -07:00
Jan Beulich	a5a2f494f9	x86/amd: iommu_set_device_table() must not be __init commit `6b7f000eb6` upstream. This function is called from enable_iommus(), which in turn is used from amd_iommu_resume(). Signed-off-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:41 -07:00
Sebastian Siewior	5df11c989c	net/usbnet: avoid recursive locking in usbnet_stop() commit `4231d47e6f` upstream. \|kernel BUG at kernel/rtmutex.c:724! \|[<c029599c>] (rt_spin_lock_slowlock+0x108/0x2bc) from [<c01c2330>] (defer_bh+0x1c/0xb4) \|[<c01c2330>] (defer_bh+0x1c/0xb4) from [<c01c3afc>] (rx_complete+0x14c/0x194) \|[<c01c3afc>] (rx_complete+0x14c/0x194) from [<c01cac88>] (usb_hcd_giveback_urb+0xa0/0xf0) \|[<c01cac88>] (usb_hcd_giveback_urb+0xa0/0xf0) from [<c01e1ff4>] (musb_giveback+0x34/0x40) \|[<c01e1ff4>] (musb_giveback+0x34/0x40) from [<c01e2b1c>] (musb_advance_schedule+0xb4/0x1c0) \|[<c01e2b1c>] (musb_advance_schedule+0xb4/0x1c0) from [<c01e2ca8>] (musb_cleanup_urb.isra.9+0x80/0x8c) \|[<c01e2ca8>] (musb_cleanup_urb.isra.9+0x80/0x8c) from [<c01e2ed0>] (musb_urb_dequeue+0xec/0x108) \|[<c01e2ed0>] (musb_urb_dequeue+0xec/0x108) from [<c01cbb90>] (unlink1+0xbc/0xcc) \|[<c01cbb90>] (unlink1+0xbc/0xcc) from [<c01cc2ec>] (usb_hcd_unlink_urb+0x54/0xa8) \|[<c01cc2ec>] (usb_hcd_unlink_urb+0x54/0xa8) from [<c01c2a84>] (unlink_urbs.isra.17+0x2c/0x58) \|[<c01c2a84>] (unlink_urbs.isra.17+0x2c/0x58) from [<c01c2b44>] (usbnet_terminate_urbs+0x94/0x10c) \|[<c01c2b44>] (usbnet_terminate_urbs+0x94/0x10c) from [<c01c2d68>] (usbnet_stop+0x100/0x15c) \|[<c01c2d68>] (usbnet_stop+0x100/0x15c) from [<c020f718>] (__dev_close_many+0x94/0xc8) defer_bh() takes the lock which is hold during unlink_urbs(). The safe walk suggest that the skb will be removed from the list and this is done by defer_bh() so it seems to be okay to drop the lock here. Reported-by: AnÃbal Almeida Pinto <anibal.pinto@efacec.com> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Acked-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Marek Olšák	b5718645fe	drm/radeon/kms: set SX_MISC in the r6xx blit code (v2) commit `cf00790dea` upstream. Mesa may set it to 1, causing all primitives to be killed. v2: also update the r7xx code Signed-off-by: Marek Olšák <maraeo@gmail.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Christian Lamparter	2cfb4e5c22	carl9170: fix frame delivery if sta is in powersave mode commit `9926a67557` upstream. Nicolas Cavallari discovered that carl9170 has some serious problems delivering data to sleeping stations. It turns out that the driver was not honoring two important flags (IEEE80211_TX_CTL_POLL_RESPONSE and IEEE80211_TX_CTL_CLEAR_PS_FILT) which are set on frames that should be sent although the receiving station is still in powersave mode. Reported-by: Nicolas Cavallari <Nicolas.Cavallari@lri.fr> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Nicolas Cavallari	273c20d423	carl9170: Fix memory accounting when sta is in power-save mode. commit `992d52529d` upstream. On Access Point mode, when transmitting a packet, if the destination station is in powersave mode, we abort transmitting the packet to the device queue, but we do not reclaim the allocated memory. Given enough packets, we can go in a state where there is no packet on the device queue, but we think the device has no memory left, so no packet gets transmitted, connections breaks and the AP stops working. This undo the allocation done in the TX path when the station is in power-save mode. Signed-off-by: Nicolas Cavallari <cavallar@lri.fr> Acked-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Guenter Roeck	139e7860c9	hwmon: (zl6100) Maintain delay parameter in driver instance data commit `7ad6307ad6` upstream. A global delay parameter has the side effect of being overwritten with 0 if a single ZL2004 or ZL6105 is instantiated. If other chips supported by the same driver are in the system, this will result in access errors for those chips. To solve the problem, keep a per-instance copy of the delay parameter, and do not change the original parameter. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Guenter Roeck	dabd9c99a0	hwmon: (jc42) Add support for AT30TS00, TS3000GB2, TSE2002GB2, and MCP9804 commit `1bd612a258` upstream. Also update IDT datasheet locations. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Jean Delvare	06a9a71ecc	hwmon: (jc42) Add support for ST Microelectronics STTS2002 and STTS3000 commit `4de86126a7` upstream. These are fully compatible with Jedec JC 42.4 as far as I can see. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Guenter Roeck	f9e158428b	hwmon: (pmbus_core) Fix maximum number of POUT alarm attributes commit `7cb3c44fb1` upstream. There are up to three POUT alarm attributes, not two, since cap_alarm was added. Reported-by: Michele Petracca <mi.petracca@gmail.com> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:40 -07:00
Akio Idehara	349409f0cc	Input: ALPS - fix touchpad detection when buttons are pressed commit `99c90ab31f` upstream. ALPS touchpad detection fails if some buttons of ALPS are pressed. The reason is that the "E6" query response byte is different from what is expected. This was tested on a Toshiba Portege R500. Signed-off-by: Akio Idehara <zbe64533@gmail.com> Tested-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:39 -07:00
Ben Hutchings	d6bc693499	media: staging: lirc_serial: Do not assume error codes returned by request_irq() commit `affc9a0d59` upstream. lirc_serial_probe() must fail if request_irq() returns an error, even if it isn't EBUSY or EINVAL, Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:39 -07:00
Ben Hutchings	47cd23fd08	media: staging: lirc_serial: Fix deadlock on resume failure commit `1ff1d88e86` upstream. A resume function cannot remove the device it is resuming! Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:39 -07:00
Ben Hutchings	1632fb6031	media: staging: lirc_serial: Free resources on failure paths of lirc_serial_probe() commit `c8e57e1b76` upstream. Failure to allocate the I/O region leaves the IRQ allocated. A later failure leaves them both allocated. Reported-by: Torsten Crass <torsten.crass@eBiology.de> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:39 -07:00
Ben Hutchings	06b267b55c	media: staging: lirc_serial: Fix init/exit order commit `9105b8b200` upstream. Currently the module init function registers a platform_device and only then allocates its IRQ and I/O region. This allows allocation to race with the device's suspend() function. Instead, allocate resources in the platform driver's probe() function and free them in the remove() function. The module exit function removes the platform device before the character device that provides access to it. Change it to reverse the order of initialisation. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:39 -07:00
Will Deacon	261d612b2e	ARM: 7357/1: perf: fix overflow handling for xscale2 PMUs commit `3f31ae1213` upstream. xscale2 PMUs indicate overflow not via the PMU control register, but by a separate overflow FLAG register instead. This patch fixes the xscale2 PMU code to use this register to detect to overflow and ensures that we clear any pending overflow when disabling a counter. Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:39 -07:00
Will Deacon	288733a606	ARM: 7356/1: perf: check that we have an event in the PMU IRQ handlers commit `f6f5a30c83` upstream. The PMU IRQ handlers in perf assume that if a counter has overflowed then perf must be responsible. In the paranoid world of crazy hardware, this could be false, so check that we do have a valid event before attempting to dereference NULL in the interrupt path. Signed-off-by: Ming Lei <tom.leiming@gmail.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:39 -07:00
Will Deacon	075964ad43	ARM: 7355/1: perf: clear overflow flag when disabling counter on ARMv7 PMU commit `99c1745b9c` upstream. When disabling a counter on an ARMv7 PMU, we should also clear the overflow flag in case an overflow occurred whilst stopping the counter. This prevents a spurious overflow being picked up later and leading to either false accounting or a NULL dereference. Reported-by: Ming Lei <tom.leiming@gmail.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Will Deacon	14e84b15bc	ARM: 7354/1: perf: limit sample_period to half max_period in non-sampling mode commit `5727347180` upstream. On ARM, the PMU does not stop counting after an overflow and therefore IRQ latency affects the new counter value read by the kernel. This is significant for non-sampling runs where it is possible for the new value to overtake the previous one, causing the delta to be out by up to max_period events. Commit `a737823d` ("ARM: 6835/1: perf: ensure overflows aren't missed due to IRQ latency") attempted to fix this problem by allowing interrupt handlers to pass an overflow flag to the event update function, causing the overflow calculation to assume that the counter passed through zero when going from prev to new. Unfortunately, this doesn't work when overflow occurs on the perf_task_tick path because we have the flag cleared and end up computing a large negative delta. This patch removes the overflow flag from armpmu_event_update and instead limits the sample_period to half of the max_period for non-sampling profiling runs. Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Will Deacon	2ae3680cf8	ARM: 7345/1: errata: update workaround for A9 erratum #743622 commit `efbc74ace9` upstream. Erratum #743622 affects all r2 variants of the Cortex-A9 processor, so ensure that the workaround is applied regardless of the revision. Reported-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Rob Clark	eb49e7c101	OMAPDSS: HDMI: hot plug detect fix commit `ca888a7958` upstream. The "OMAPDSS: HDMI: PHY burnout fix" commit switched the HDMI driver over to using a GPIO for plug detect. Unfortunately the ->detect() method was not also updated, causing HDMI to no longer work for the omapdrm driver (because it would actually check if a connection was detected before attempting to enable display). Signed-off-by: Rob Clark <rob@ti.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Tomi Valkeinen	338b287562	OMAPDSS: HDMI: PHY burnout fix commit `c49d005b6c` upstream. A hardware bug in the OMAP4 HDMI PHY causes physical damage to the board if the HDMI PHY is kept powered on when the cable is not connected. This patch solves the problem by adding hot-plug-detection into the HDMI IP driver. This is not a real HPD support in the sense that nobody else than the IP driver gets to know about the HPD events, but is only meant to fix the HW bug. The strategy is simple: If the display device is turned off by the user, the PHY power is set to OFF. When the display device is turned on by the user, the PHY power is set either to LDOON or TXON, depending on whether the HDMI cable is connected. The reason to avoid PHY OFF when the display device is on, but the cable is disconnected, is that when the PHY is turned OFF, the HDMI IP is not "ticking" and thus the DISPC does not receive pixel clock from the HDMI IP. This would, for example, prevent any VSYNCs from happening, and would thus affect the users of omapdss. By using LDOON when the cable is disconnected we'll avoid the HW bug, but keep the HDMI working as usual from the user's point of view. Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Tomi Valkeinen	27b7be99f3	OMAP: 4430SDP/Panda: add HDMI HPD gpio commit `aa74274b46` upstream. Both Panda and 4430SDP use GPIO 63 as HDMI hot-plug-detect. Configure this GPIO in the board files. Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Tomi Valkeinen	08324b6a29	OMAP: 4430SDP/Panda: setup HDMI GPIO muxes commit `78a1ad8f12` upstream. The HDMI GPIO pins LS_OE and CT_CP_HPD are not currently configured. This patch configures them as output pins. Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Tomi Valkeinen	9bf9c2aa95	OMAPDSS: remove wrong HDMI HPD muxing commit `7bb122d155` upstream. "hdmi_hpd" pin is muxed to INPUT and PULLUP, but the pin is not currently used, and in the future when it is used, the pin is used as a GPIO and is board specific, not an OMAP4 wide thing. So remove the muxing for now. Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:38 -07:00
Tomi Valkeinen	4426a123e1	OMAP: 4430SDP/Panda: rename HPD GPIO to CT_CP_HPD commit `3932a32fcf` upstream. The GPIO 60 on 4430sdp and Panda is not HPD GPIO, as currently marked in the board files, but CT_CP_HPD, which is used to enable/disable HPD functionality. This patch renames the GPIO. Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:37 -07:00
Tomi Valkeinen	6be5647f79	OMAP: 4430SDP/Panda: use gpio_free_array to free HDMI gpios commit `575753e3be` upstream. Instead of freeing the GPIOs individually, use gpio_free_array(). Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:37 -07:00
Andrew Lunn	4386ec707e	ARM: orion: Fix Orion5x GPIO regression from MPP cleanup commit `b065403710` upstream. Patchset "ARM: orion: Refactor the MPP code common in the orion platform" broke at least Orion5x based platforms. These platforms have pins configured as GPIO when the selector is not 0x0. However the common code assumes the selector is always 0x0 for a GPIO lines. It then ignores the GPIO bits in the MPP definitions, resulting in that Orion5x machines cannot correctly configure there GPIO lines. The Fix removes the assumption that the selector is always 0x0. In order that none GPIO configurations are correctly blocked, Kirkwood and mv78xx0 MPP definitions are corrected to only set the GPIO bits for GPIO configurations. This third version, which does not contain any whitespace changes, and is rebased on v3.3-rc2. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Acked-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Olof Johansson <olof@lixom.net>	2012-03-12 12:31:37 -07:00
Andrew Lunn	041b2375a0	ARM: orion: Fix USB phy for orion5x. commit `7205335358` upstream. The patch "ARM: orion: Consolidate USB platform setup code.", commit `4fcd3f374a` broke USB on TS-7800 and other orion5x boards, because the wrong type of PHY was being passed to the EHCI driver in the platform data. Orion5x needs EHCI_PHY_ORION and all the others want EHCI_PHY_NA. Allow the mach- code to tell the generic plat-orion code which USB PHY enum to place into the platform data. Version 2: Rebase to v3.3-rc2. Reported-by: Ambroz Bizjak <ambrop7@gmail.com> Signed-off-by: Andrew Lunn <andrew@lunn.ch> Tested-by: Ambroz Bizjak <ambrop7@gmail.com> Acked-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:37 -07:00
Wu Fengguang	1231a3d071	drm/i915: fix ELD writing for SandyBridge commit `b3f33cbf7a` upstream. SandyBridge should be using the same register addresses as IvyBridge. Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:37 -07:00
Kenneth Graunke	68d5d009e3	drm/i915: gen7: Disable the RHWO optimization as it can cause GPU hangs. commit `d71de14ddf` upstream. The BSpec Workarounds page states that bits 10 and 26 must be set to avoid 3D ring hangs. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41353 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44610 Tested-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Kenneth Graunke <kenneth@whitecape.org> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:37 -07:00
Eugeni Dodonov	0cb90a0f52	drm/i915: gen7: work around a system hang on IVB commit `db099c8f96` upstream. This adds the workaround for WaCatErrorRejectionIssue which could result in a system hang. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41353 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44610 Tested-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Reviewed-by: Kenneth Graunke <kenneth@whitecape.org> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:37 -07:00
Eugeni Dodonov	a7cf47dd84	drm/i915: gen7: Implement an L3 caching workaround. commit `e4e0c058a1` upstream. This adds two cache-related workarounds for Ivy Bridge which can lead to 3D ring hangs and corruptions. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41353 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44610 Tested-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Kenneth Graunke <kenneth@whitecape.org> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Eugeni Dodonov	e48cb70003	drm/i915: gen7: implement rczunit workaround commit `eae66b50c7` upstream. This is yet another workaround related to clock gating which we need on Ivy Bridge. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41353 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44610 Tested-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Kenneth Graunke <kenneth@whitecape.org> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Larry Finger	7b53686e99	rtl8192cu: Add new device IDs commit `6cddafab54` upstream. The latest vendor (non-mac80211) driver of 9/22/2011 shows some new device IDs for rtl8192cu. In addition, some typos in the table are fixed and one duplicate is removed. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Keng-Yu Lin	c85ec339a3	ACPI / PM: Do not save/restore NVS on Asus K54C/K54HR commit `5a50a7c32d` upstream. The models do not resume correctly without acpi_sleep=nonvs. Signed-off-by: Keng-Yu Lin <kengyu@canonical.com> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Fabio Baltieri	5ef549f260	avr32: select generic atomic64_t support commit `31e0017e6f` upstream. Enable use of the generic atomic64 implementation on AVR32 platforms. Without this the kernel fails to build as the architecture does not provide its version. Signed-off-by: Fabio Baltieri <fabio.baltieri@gmail.com> Acked-by: Hans-Christian Egtvedt <egtvedt@samfundet.no> Cc: Haavard Skinnemoen <hskinnemoen@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Stanislaw Gruszka	6e118375b1	bsg: fix sysfs link remove warning commit `37b40adf2d` upstream. We create "bsg" link if q->kobj.sd is not NULL, so remove it only when the same condition is true. Fixes: WARNING: at fs/sysfs/inode.c:323 sysfs_hash_and_remove+0x2b/0x77() sysfs: can not remove 'bsg', no directory Call Trace: [<c0429683>] warn_slowpath_common+0x6a/0x7f [<c0537a68>] ? sysfs_hash_and_remove+0x2b/0x77 [<c042970b>] warn_slowpath_fmt+0x2b/0x2f [<c0537a68>] sysfs_hash_and_remove+0x2b/0x77 [<c053969a>] sysfs_remove_link+0x20/0x23 [<c05d88f1>] bsg_unregister_queue+0x40/0x6d [<c0692263>] __scsi_remove_device+0x31/0x9d [<c069149f>] scsi_forget_host+0x41/0x52 [<c0689fa9>] scsi_remove_host+0x71/0xe0 [<f7de5945>] quiesce_and_remove_host+0x51/0x83 [usb_storage] [<f7de5a1e>] usb_stor_disconnect+0x18/0x22 [usb_storage] [<c06c29de>] usb_unbind_interface+0x4e/0x109 [<c067a80f>] __device_release_driver+0x6b/0xa6 [<c067a861>] device_release_driver+0x17/0x22 [<c067a46a>] bus_remove_device+0xd6/0xe6 [<c06785e2>] device_del+0xf2/0x137 [<c06c101f>] usb_disable_device+0x94/0x1a0 Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Javier Martin	b3b7b02653	ASoC: i.MX SSI: Fix DSP_A format. commit `5ed80a75b2` upstream. According to i.MX27 Reference Manual (p 1593) TXBIT0 bit selects whether the most significant or the less significant part of the data word written to the FIFO is transmitted. As DSP_A is the same as DSP_B with a data offset of 1 bit, it doesn't make any sense to remove TXBIT0 bit here. Signed-off-by: Javier Martin <javier.martin@vista-silicon.com> Acked-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Mark Brown	aee50f92f5	ASoC: dapm: Check for bias level when powering down commit `7679e42ec8` upstream. Recent enhancements in the bias management means that we might not be in standby when the CODEC is idle and can have active widgets without being in full power mode but the shutdown functionality assumes these things. Add checks for the bias level at each stage so that we don't do transitions other than the ON->PREPARE->STANDBY->OFF ones that the drivers are expecting. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:36 -07:00
Florian Tobias Schandinat	85115b995d	viafb: fix IGA1 modesetting on VX900 commit `e29206381a` upstream. Even if the documentation calls this bit "Reserved" it has to be set to 0 for correct modesetting on IGA1. Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:35 -07:00
Florian Tobias Schandinat	7be431e4a9	viafb: select HW scaling on VX900 for IGA2 commit `050f0e02c8` upstream. VX900 can do hardware scaling for both IGAs in contrast to previous hardware which could do it only for IGA2. This patch ensures that we set the parameter for IGA2 and not for IGA1. This fixes hardware scaling on VX900 until we have the infrastructure to support it for both IGAs. Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:35 -07:00
Boaz Harrosh	65088b82b2	osd_uld: Bump MAX_OSD_DEVICES from 64 to 1,048,576 commit `41f8ad7636` upstream. It used to be that minors where 8 bit. But now they are actually 20 bit. So the fix is simplicity itself. I've tested with 300 devices and all user-mode utils work just fine. I have also mechanically added 10,000 to the ida (so devices are /dev/osd10000, /dev/osd10001 ...) and was able to mkfs an exofs filesystem and access osds from user-mode. All the open-osd user-mode code uses the same library to access devices through their symbolic names in /dev/osdX so I'd say it's pretty safe. (Well tested) This patch is very important because some of the systems that will be deploying the 3.2 pnfs-objects code are larger than 64 OSDs and will stop to work properly when reaching that number. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:27 -07:00
Phil Sutter	cc64dc24b0	crypto: mv_cesa - fix final callback not ignoring input data commit `f8f54e190d` upstream. Broken by commit `6ef84509f3` for users passing a request with non-zero 'nbytes' field, like e.g. testmgr. Signed-off-by: Phil Sutter <phil.sutter@viprinet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:27 -07:00
Alan Stern	9a77650215	HID: usbhid: Add NOGET quirk for the AIREN Slim+ keyboard commit `37891abc84` upstream. This patch (as1531) adds a NOGET quirk for the Slim+ keyboard marketed by AIREN. This keyboard seems to have a lot of bugs; NOGET works around only one of them. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: okias <d.okias@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:27 -07:00
Alexandre Bounine	51ee89d819	rapidio/tsi721: fix queue wrapping bug in inbound doorbell handler commit `b24823e61b` upstream. Fix a bug that causes a kernel panic when the number of received doorbells is larger than number of entries in the inbound doorbell queue (current default value = 512). Another possible indication for this bug is large number of spurious doorbells reported by tsi721 driver after reaching the queue size maximum. Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com> Cc: Chul Kim <chul.kim@idt.com> Cc: Matt Porter <mporter@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:27 -07:00
Steffen Maier	fcf3a2fb3c	S390: qdio: fix handler function arguments for zfcp data router commit `7b3cc67d44` upstream. Git commit `25f269f173` "[S390] qdio: EQBS retry after CCQ 96" introduced a regression in regard to the zfcp data router. Revoke the incorrect simplification of the function call arguments for the qdio handler to make the zfcp hardware data router working again. This is applicable to 3.2+ kernels. Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com> Reviewed-by: Jan Glauber <jang@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
Stephen Rothwell	c8db5a5fc6	tty/powerpc: early udbg consoles can't be modules commit `f21c6d4a49` upstream. Fixes these build errors: ERROR: ".udbg_printf" [drivers/tty/ehv_bytechan.ko] undefined! ERROR: ".register_early_udbg_console" [drivers/tty/ehv_bytechan.ko] undefined! ERROR: "udbg_putc" [drivers/tty/ehv_bytechan.ko] undefined! Cc: Timur Tabi <timur@freescale.com> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
Johannes Berg	dec68ee3f8	iwlwifi: fix key removal commit `5dcbf48047` upstream. When trying to remove a key, we always send key flags just setting the key type, not including the multicast flag and the key ID. As a result, whenever any key was removed, the unicast key 0 would be removed, causing a complete connection loss after the second rekey (the first doesn't cause a key removal). Fix the key removal code to include the key ID and multicast flag, thus removing the correct key. Reported-by: Alexander Schnaidt <alex.schnaidt@googlemail.com> Tested-by: Alexander Schnaidt <alex.schnaidt@googlemail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
Andrea Arcangeli	6226c22502	mm: thp: fix BUG on mm->nr_ptes commit `1c641e8471` upstream. Dave Jones reports a few Fedora users hitting the BUG_ON(mm->nr_ptes...) in exit_mmap() recently. Quoting Hugh's discovery and explanation of the SMP race condition: "mm->nr_ptes had unusual locking: down_read mmap_sem plus page_table_lock when incrementing, down_write mmap_sem (or mm_users 0) when decrementing; whereas THP is careful to increment and decrement it under page_table_lock. Now most of those paths in THP also hold mmap_sem for read or write (with appropriate checks on mm_users), but two do not: when split_huge_page() is called by hwpoison_user_mappings(), and when called by add_to_swap(). It's conceivable that the latter case is responsible for the exit_mmap() BUG_ON mm->nr_ptes that has been reported on Fedora." The simplest way to fix it without having to alter the locking is to make split_huge_page() a noop in nr_ptes terms, so by counting the preallocated pagetables that exists for every mapped hugepage. It was an arbitrary choice not to count them and either way is not wrong or right, because they are not used but they're still allocated. Reported-by: Dave Jones <davej@redhat.com> Reported-by: Hugh Dickins <hughd@google.com> Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Acked-by: Hugh Dickins <hughd@google.com> Cc: David Rientjes <rientjes@google.com> Cc: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
Prashanth Nageshappa	4050cecbaf	kprobes: return proper error code from register_kprobe() commit `f986a499ef` upstream. register_kprobe() aborts if the address of the new request falls in a prohibited area (such as ftrace pouch, __kprobes annotated functions, non-kernel text addresses, jump label text). We however don't return the right error on this abort, resulting in a silent failure - incorrect adding/reporting of kprobes ('perf probe do_fork+18' or 'perf probe mcount' for instance). In V2 we are incorporating Masami Hiramatsu's feedback. This patch fixes it by returning -EINVAL upon failure. While we are here, rename the label used for exit to be more appropriate. Signed-off-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Signed-off-by: Prashanth K Nageshappa <prashanth@linux.vnet.ibm.com> Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Jason Baron <jbaron@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
Felix Fietkau	06592e8c1b	ath9k_hw: prevent writes to const data on AR9160 commit `9bbb8168ed` upstream. Duplicate the data for iniAddac early on, to avoid having to do redundant memcpy calls later. While we're at it, make AR5416 < v2.2 use the same codepath. Fixes a reported crash on x86. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Reported-by: Magnus Määttä <magnus.maatta@logica.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
Mohammed Shafi Shajakhan	2e4c9873de	mac80211: zero initialize count field in ieee80211_tx_rate commit `8617b093d0` upstream. rate control algorithms concludes the rate as invalid with rate[i].idx < -1 , while they do also check for rate[i].count is non-zero. it would be safer to zero initialize the 'count' field. recently we had a ath9k rate control crash where the ath9k rate control in ath_tx_status assumed to check only for rate[i].count being non-zero in one instance and ended up in using invalid rate index for 'connection monitoring NULL func frames' which eventually lead to the crash. thanks to Pavel Roskin for fixing it and finding the root cause. https://bugzilla.redhat.com/show_bug.cgi?id=768639 Cc: Pavel Roskin <proski@gnu.org> Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
Jeff Layton	88d7d4e4a4	cifs: fix dentry refcount leak when opening a FIFO on lookup commit `5bccda0ebc` upstream. The cifs code will attempt to open files on lookup under certain circumstances. What happens though if we find that the file we opened was actually a FIFO or other special file? Currently, the open filehandle just ends up being leaked leading to a dentry refcount mismatch and oops on umount. Fix this by having the code close the filehandle on the server if it turns out not to be a regular file. While we're at it, change this spaghetti if statement into a switch too. Reported-by: CAI Qian <caiqian@redhat.com> Tested-by: CAI Qian <caiqian@redhat.com> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:26 -07:00
David Howells	ce6e3def61	NOMMU: Don't need to clear vm_mm when deleting a VMA commit `b94cfaf668` upstream. Don't clear vm_mm in a deleted VMA as it's unnecessary and might conceivably break the filesystem or driver VMA close routine. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Anton Vorontsov	3516a8a4a7	mm: memcg: Correct unregistring of events attached to the same eventfd commit `371528caec` upstream. There is an issue when memcg unregisters events that were attached to the same eventfd: - On the first call mem_cgroup_usage_unregister_event() removes all events attached to a given eventfd, and if there were no events left, thresholds->primary would become NULL; - Since there were several events registered, cgroups core will call mem_cgroup_usage_unregister_event() again, but now kernel will oops, as the function doesn't expect that threshold->primary may be NULL. That's a good question whether mem_cgroup_usage_unregister_event() should actually remove all events in one go, but nowadays it can't do any better as cftype->unregister_event callback doesn't pass any private event-associated cookie. So, let's fix the issue by simply checking for threshold->primary. FWIW, w/o the patch the following oops may be observed: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0 Pid: 574, comm: kworker/0:2 Not tainted 3.3.0-rc4+ #9 Bochs Bochs RIP: 0010:[<ffffffff810be32c>] [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0 RSP: 0018:ffff88001d0b9d60 EFLAGS: 00010246 Process kworker/0:2 (pid: 574, threadinfo ffff88001d0b8000, task ffff88001de91cc0) Call Trace: [<ffffffff8107092b>] cgroup_event_remove+0x2b/0x60 [<ffffffff8103db94>] process_one_work+0x174/0x450 [<ffffffff8103e413>] worker_thread+0x123/0x2d0 Signed-off-by: Anton Vorontsov <anton.vorontsov@linaro.org> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Kirill A. Shutemov <kirill@shutemov.name> Cc: Michal Hocko <mhocko@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Jeff Moyer	6deb7d23c3	aio: wake up waiters when freeing unused kiocbs commit `880641bb9d` upstream. Bart Van Assche reported a hung fio process when either hot-removing storage or when interrupting the fio process itself. The (pruned) call trace for the latter looks like so: fio D 0000000000000001 0 6849 6848 0x00000004 ffff880092541b88 0000000000000046 ffff880000000000 ffff88012fa11dc0 ffff88012404be70 ffff880092541fd8 ffff880092541fd8 ffff880092541fd8 ffff880128b894d0 ffff88012404be70 ffff880092541b88 000000018106f24d Call Trace: schedule+0x3f/0x60 io_schedule+0x8f/0xd0 wait_for_all_aios+0xc0/0x100 exit_aio+0x55/0xc0 mmput+0x2d/0x110 exit_mm+0x10d/0x130 do_exit+0x671/0x860 do_group_exit+0x44/0xb0 get_signal_to_deliver+0x218/0x5a0 do_signal+0x65/0x700 do_notify_resume+0x65/0x80 int_signal+0x12/0x17 The problem lies with the allocation batching code. It will opportunistically allocate kiocbs, and then trim back the list of iocbs when there is not enough room in the completion ring to hold all of the events. In the case above, what happens is that the pruning back of events ends up freeing up the last active request and the context is marked as dead, so it is thus responsible for waking up waiters. Unfortunately, the code does not check for this condition, so we end up with a hung task. Signed-off-by: Jeff Moyer <jmoyer@redhat.com> Reported-by: Bart Van Assche <bvanassche@acm.org> Tested-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Sascha Hauer	623376278e	mmc: sdhci-esdhc-imx: fix for mmc cards on i.MX5 commit `5b6b0ad6e5` upstream. On i.MX53 we have to write a special SDHCI_CMD_ABORTCMD to the SDHCI_TRANSFER_MODE register during a MMC_STOP_TRANSMISSION command. This works for SD cards. However, with MMC cards the MMC_SET_BLOCK_COUNT command is used instead, but this needs the same handling. Fix MMC cards by testing for the MMC_SET_BLOCK_COUNT command aswell. Tested on a custom i.MX53 board with a Transcend MMC+ card and eMMC. The kernel started used MMC_SET_BLOCK_COUNT in 3.0, so this is a regression for these boards introduced in 3.0; it should go to 3.0/3.1/3.2-stable. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Acked-by: Shawn Guo <shawn.guo@linaro.org> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Ludovic Desroches	e8d7adfd8c	mmc: atmel-mci: don't use dma features when using DMA with no chan available commit `ef8781989a` upstream. Some callbacks are set too early -- i.e. we can have dma capabilities but we can't get a dma channel. So wait to get the dma channel before setting callbacks and change logs consequently. Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com> Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Andrew Morton	ac42356c79	alpha: fix 32/64-bit bug in futex support commit `62aca40365` upstream. Michael Cree said: : : I have noticed some user space problems (pulseaudio crashes in pthread : : code, glibc/nptl test suite failures, java compiler freezes on SMP alpha : : systems) that arise when using a 2.6.39 or later kernel on Alpha. : : Bisecting between 2.6.38 and 2.6.39 (using glibc/nptl test suite as : : criterion for good/bad kernel) eventually leads to: : : : : `8d7718aa08` is the first bad commit : : commit `8d7718aa08` : : Author: Michel Lespinasse <walken@google.com> : : Date: Thu Mar 10 18:50:58 2011 -0800 : : : : futex: Sanitize futex ops argument types : : : : Change futex_atomic_op_inuser and futex_atomic_cmpxchg_inatomic : : prototypes to use u32 types for the futex as this is the data type the : : futex core code uses all over the place. : : : : Looking at the commit I see there is a change of the uaddr argument in : : the Alpha architecture specific code for futexes from int to u32, but I : : don't see why this should cause a problem. Richard Henderson said: : futex_atomic_cmpxchg_inatomic(u32 uval, u32 __user uaddr, : u32 oldval, u32 newval) : ... : : "r"(uaddr), "r"((long)oldval), "r"(newval) : : : There is no 32-bit compare instruction. These are implemented by : consistently extending the values to a 64-bit type. Since the : load instruction sign-extends, we want to sign-extend the other : quantity as well (despite the fact it's logically unsigned). : : So: : : - : "r"(uaddr), "r"((long)oldval), "r"(newval) : + : "r"(uaddr), "r"((long)(int)oldval), "r"(newval) : : should do the trick. Michael said: : This fixes the glibc test suite failures and the pulseaudio related : crashes, but it does not fix the java compiiler lockups that I was (and : are still) observing. That is some other problem. Reported-by: Michael Cree <mcree@orcon.net.nz> Tested-by: Michael Cree <mcree@orcon.net.nz> Acked-by: Phil Carmody <ext-phil.2.carmody@nokia.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Michel Lespinasse <walken@google.com> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Reviewed-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Scott Talbert	4826cda9a7	Move Logitech Harmony 900 from cdc_ether to zaurus commit `ee932bf9ac` upstream. In the current kernel implementation, the Logitech Harmony 900 remote control is matched to the cdc_ether driver through the generic USB_CDC_SUBCLASS_MDLM entry. However, this device appears to be of the pseudo-MDLM (Belcarra) type, rather than the standard one. This patch blacklists the Harmony 900 from the cdc_ether driver and whitelists it for the pseudo-MDLM driver in zaurus. Signed-off-by: Scott Talbert <talbert@techie.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Gusakov Andrey	69c59bc6c4	ARM: S3C24XX: DMA resume regression fix commit `e39d40c65d` upstream. s3c2410_dma_suspend suspends channels from 0 to dma_channels. s3c2410_dma_resume resumes channels in reverse order. So pointer should be decremented instead of being incremented. Signed-off-by: Gusakov Andrey <dron0gus@gmail.com> Reviewed-by: Heiko Stuebner <heiko@sntech.de> Signed-off-by: Kukjin Kim <kgene.kim@samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:25 -07:00
Thomas Gleixner	8ab46fc85e	genirq: Clear action->thread_mask if IRQ_ONESHOT is not set commit `52abb700e1` upstream. Xommit ac5637611(genirq: Unmask oneshot irqs when thread was not woken) fails to unmask when a !IRQ_ONESHOT threaded handler is handled by handle_level_irq. This happens because thread_mask is or'ed unconditionally in irq_wake_thread(), but for !IRQ_ONESHOT interrupts never cleared. So the check for !desc->thread_active fails and keeps the interrupt disabled. Keep the thread_mask zero for !IRQ_ONESHOT interrupts. Document the thread_mask magic while at it. Reported-and-tested-by: Sven Joachim <svenjoac@gmx.de> Reported-and-tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:24 -07:00
Mark Brown	315e73b400	mfd: Test for jack detection when deciding if wm8994 should suspend commit `e7c248a049` upstream. The jack detection on WM1811 is often required during system suspend, add it as another check when deciding if we should suspend. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:24 -07:00
Jean Delvare	5e39bbafe8	mfd: Fix ACPI conflict check commit `81b5482c32` upstream. The code is currently always checking the first resource of every device only (several times.) This has been broken since the ACPI check was added in February 2010 in commit `91fedede03`. Fix the check to run on each resource individually, once. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:24 -07:00
H. Peter Anvin	e34e9e8732	regset: Return -EFAULT, not -EIO, on host-side memory fault commit `5189fa19a4` upstream. There is only one error code to return for a bad user-space buffer pointer passed to a system call in the same address space as the system call is executed, and that is EFAULT. Furthermore, the low-level access routines, which catch most of the faults, return EFAULT already. Signed-off-by: H. Peter Anvin <hpa@zytor.com> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Roland McGrath <roland@hack.frob.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:24 -07:00
H. Peter Anvin	58458d037c	regset: Prevent null pointer reference on readonly regsets commit `c8e252586f` upstream. The regset common infrastructure assumed that regsets would always have .get and .set methods, but not necessarily .active methods. Unfortunately people have since written regsets without .set methods. Rather than putting in stub functions everywhere, handle regsets with null .get or .set methods explicitly. Signed-off-by: H. Peter Anvin <hpa@zytor.com> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Roland McGrath <roland@hack.frob.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:24 -07:00
Takashi Iwai	b174882508	ALSA: hda - Always set HP pin in unsol handler for STAC/IDT codecs commit `7bff172a35` upstream. A bug report with an old Sony laptop showed that we can't rely on BIOS setting the pins of headphones but the driver should set always by itself. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:24 -07:00
Takashi Iwai	a4b6027fff	ALSA: hda - Add a fake mute feature commit `3868137ea4` upstream. Some codecs don't supply the mute amp-capabilities although the lowest volume gives the mute. It'd be handy if the parser provides the mute mixers in such a case. This patch adds an extension amp-cap bit (which is used only in the driver) to represent the min volume = mute state. Also modified the amp cache code to support the fake mute feature when this bit is set but the real mute bit is unset. In addition, conexant cx5051 parser uses this new feature to implement the missing mute controls. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42825 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:23 -07:00
Takashi Iwai	2f5b7338fb	ALSA: hda/realtek - Fix resume of multiple input sources commit `068b939431` upstream. When there are multiple input sources, the driver wrongly overwrites with the value of the last input source on other slots at resume. Thus the primary input source may be shown wrongly. Reported-and-tested-by: Julian Sikorski <belegdol@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:23 -07:00
Joerg Roedel	9701e4af71	perf/x86/kvm: Fix Host-Only/Guest-Only counting with SVM disabled commit `1018faa6cf` upstream. It turned out that a performance counter on AMD does not count at all when the GO or HO bit is set in the control register and SVM is disabled in EFER. This patch works around this issue by masking out the HO bit in the performance counter control register when SVM is not enabled. The GO bit is not touched because it is only set when the user wants to count in guest-mode only. So when SVM is disabled the counter should not run at all and the not-counting is the intended behaviour. Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Avi Kivity <avi@redhat.com> Cc: Stephane Eranian <eranian@google.com> Cc: David Ahern <dsahern@gmail.com> Cc: Gleb Natapov <gleb@redhat.com> Cc: Robert Richter <robert.richter@amd.com> Link: http://lkml.kernel.org/r/1330523852-19566-1-git-send-email-joerg.roedel@amd.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:23 -07:00
David Howells	5798b013af	S390: KEYS: Enable the compat keyctl wrapper on s390x commit `1d05772060` upstream. Enable the compat keyctl wrapper on s390x so that 32-bit s390 userspace can call the keyctl() syscall. There's an s390x assembly wrapper that truncates all the register values to 32-bits and this then calls compat_sys_keyctl() - but the latter only exists if CONFIG_KEYS_COMPAT is enabled, and the s390 Kconfig doesn't enable it. Without this patch, 32-bit calls to the keyctl() syscall are given an ENOSYS error: [root@devel4 ~]# keyctl show Session Keyring -3: key inaccessible (Function not implemented) Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: dan@danny.cz Cc: Carsten Otte <cotte@de.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Cc: linux-s390@vger.kernel.org Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:23 -07:00
Jett.Zhou	8916bd5524	regulator: fix the ldo configure according to 88pm860x spec commit `3380643b0e` upstream. Signed-off-by: Jett.Zhou <jtzhou@marvell.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:23 -07:00
Wolfram Sang	46774e8405	i2c: mxs: only flag completion when queue is completely done commit `844990daa2` upstream. The hardware generates an interrupt for every completed command in the queue while the code assumed that it will only generate one interrupt when the queue is empty. So, explicitly check if the queue is really empty. This patch fixed problems which occurred due to high traffic on the bus. While we are here, move the completion-initialization after the parameter error checking. Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Marek Vasut <marek.vasut@gmail.com> Cc: Lothar Waßmann <LW@KARO-electronics.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:23 -07:00
Maxim Uvarov	0097478480	watchdog: hpwdt: clean up set_memory_x call for 32 bit commit `97d2a10d58` upstream. 1. address has to be page aligned. 2. set_memory_x uses page size argument, not size. Bug causes with following commit: commit da28179b4e90dda56912ee825c7eaa62fc103797 Author: Mingarelli, Thomas <Thomas.Mingarelli@hp.com> Date: Mon Nov 7 10:59:00 2011 +0100 watchdog: hpwdt: Changes to handle NX secure bit in 32bit path commit `e67d668e14` upstream. This patch makes use of the set_memory_x() kernel API in order to make necessary BIOS calls to source NMIs. Signed-off-by: Maxim Uvarov <maxim.uvarov@oracle.com> Signed-off-by: Wim Van Sebroeck <wim@iguana.be> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:23 -07:00
Roland Stigge	58688fc767	ARM: LPC32xx: Fix irq on GPI_28 commit `f6737055c1` upstream. The GPI_28 IRQ was not registered properly. The registration of IRQ_LPC32XX_GPI_28 was added and the (wrong) IRQ_LPC32XX_GPI_11 at LPC32XX_SIC1_IRQ(4) was replaced by IRQ_LPC32XX_GPI_28 (see manual of LPC32xx / interrupt controller). Signed-off-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:22 -07:00
Roland Stigge	aef5ebd137	ARM: LPC32xx: Fix interrupt controller init commit `35dd0a75d4` upstream. This patch fixes the initialization of the interrupt controller of the LPC32xx by correctly setting up SIC1 and SIC2 instead of (wrongly) using the same value as for the Main Interrupt Controller (MIC). Signed-off-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:22 -07:00
Roland Stigge	bd4789a33a	ARM: LPC32xx: irq.c: Clear latched event commit `94ed7830cb` upstream. This patch fixes the wakeup disable function by clearing latched events. Signed-off-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:22 -07:00
Roland Stigge	41e2eca62b	ARM: LPC32xx: serial.c: Fixed loop limit commit `ff424aa4c8` upstream. This patch fixes a wrong loop limit on UART init. Signed-off-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:22 -07:00
Roland Stigge	a1be2b5ecb	ARM: LPC32xx: serial.c: HW bug workaround commit `2707208ee8` upstream. This patch fixes a HW bug by flushing RX FIFOs of the UARTs on init. It was ported from NXP's git.lpclinux.com tree. Signed-off-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:22 -07:00
Alban Browaeys	c7554566fd	drm/i915: Prevent a machine hang by checking crtc->active before loading lut commit `aed3f09db3` upstream. Before loading the lut (gamma), check the active state of intel_crtc, otherwise at least on gen2 hang ensue. This is reproducible in Xorg via: xset dpms force off then xgamma -rgamma 2.0 # freeze. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44505 Signed-off-by: Alban Browaeys <prahal@yahoo.com> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:22 -07:00
Heiko Carstens	da42eb9e4a	compat: fix compile breakage on s390 commit `048cd4e51d` upstream. The new is_compat_task() define for the !COMPAT case in include/linux/compat.h conflicts with a similar define in arch/s390/include/asm/compat.h. This is the minimal patch which fixes the build issues. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:22 -07:00
Linus Torvalds	3274092b49	Fix autofs compile without CONFIG_COMPAT commit `3c761ea05a` upstream. The autofs compat handling fix caused a compile failure when CONFIG_COMPAT isn't defined. Instead of adding random #ifdef'fery in autofs, let's just make the compat helpers earlier to use: without CONFIG_COMPAT, is_compat_task() just hardcodes to zero. We could probably do something similar for a number of other cases where we have #ifdef's in code, but this is the low-hanging fruit. Reported-and-tested-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:21 -07:00
Ian Kent	cebf41113c	autofs: work around unhappy compat problem on x86-64 commit `a32744d4ab` upstream. When the autofs protocol version 5 packet type was added in commit `5c0a32fc2c` ("autofs4: add new packet type for v5 communications"), it obvously tried quite hard to be word-size agnostic, and uses explicitly sized fields that are all correctly aligned. However, with the final "char name[NAME_MAX+1]" array at the end, the actual size of the structure ends up being not very well defined: because the struct isn't marked 'packed', doing a "sizeof()" on it will align the size of the struct up to the biggest alignment of the members it has. And despite all the members being the same, the alignment of them is different: a "__u64" has 4-byte alignment on x86-32, but native 8-byte alignment on x86-64. And while 'NAME_MAX+1' ends up being a nice round number (256), the name[] array starts out a 4-byte aligned. End result: the "packed" size of the structure is 300 bytes: 4-byte, but not 8-byte aligned. As a result, despite all the fields being in the same place on all architectures, sizeof() will round up that size to 304 bytes on architectures that have 8-byte alignment for u64. Note that this is not a problem for 32-bit compat mode on POWER, since there __u64 is 8-byte aligned even in 32-bit mode. But on x86, 32-bit and 64-bit alignment is different for 64-bit entities, and as a result the structure that has exactly the same layout has different sizes. So on x86-64, but no other architecture, we will just subtract 4 from the size of the structure when running in a compat task. That way we will write the properly sized packet that user mode expects. Not pretty. Sadly, this very subtle, and unnecessary, size difference has been encoded in user space that wants to read packets of exactly the right size, and will refuse to touch anything else. Reported-and-tested-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:21 -07:00
Ohad Ben-Cohen	808288955e	ARM: OMAP: make iommu subsys_initcall to fix builtin omap3isp commit `435792d934` upstream. omap3isp depends on omap's iommu and will fail to probe if initialized before it (which always happen if they are builtin). Make omap's iommu subsys_initcall as an interim solution until the probe deferral mechanism is merged. Reported-by: James <angweiyang@gmail.com> Debugged-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com> Cc: Tony Lindgren <tony@atomide.com> Cc: Hiroshi Doyu <hdoyu@nvidia.com> Cc: Joerg Roedel <Joerg.Roedel@amd.com> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-03-12 12:31:21 -07:00
Greg Kroah-Hartman	44fb3170ae	Linux 3.2.9	2012-02-29 16:32:49 -08:00
Dan Carpenter	c1dd346c39	cdrom: use copy_to_user() without the underscores commit `822bfa51ce` upstream. "nframes" comes from the user and "nframes * CD_FRAMESIZE_RAW" can wrap on 32 bit systems. That would have been ok if we used the same wrapped value for the copy, but we use a shifted value. We should just use the checked version of copy_to_user() because it's not going to make a difference to the speed. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:24 -08:00
Jason Baron	203aa5260e	epoll: limit paths commit `28d82dc1c4` upstream. The current epoll code can be tickled to run basically indefinitely in both loop detection path check (on ep_insert()), and in the wakeup paths. The programs that tickle this behavior set up deeply linked networks of epoll file descriptors that cause the epoll algorithms to traverse them indefinitely. A couple of these sample programs have been previously posted in this thread: https://lkml.org/lkml/2011/2/25/297. To fix the loop detection path check algorithms, I simply keep track of the epoll nodes that have been already visited. Thus, the loop detection becomes proportional to the number of epoll file descriptor and links. This dramatically decreases the run-time of the loop check algorithm. In one diabolical case I tried it reduced the run-time from 15 mintues (all in kernel time) to .3 seconds. Fixing the wakeup paths could be done at wakeup time in a similar manner by keeping track of nodes that have already been visited, but the complexity is harder, since there can be multiple wakeups on different cpus...Thus, I've opted to limit the number of possible wakeup paths when the paths are created. This is accomplished, by noting that the end file descriptor points that are found during the loop detection pass (from the newly added link), are actually the sources for wakeup events. I keep a list of these file descriptors and limit the number and length of these paths that emanate from these 'source file descriptors'. In the current implemetation I allow 1000 paths of length 1, 500 of length 2, 100 of length 3, 50 of length 4 and 10 of length 5. Note that it is sufficient to check the 'source file descriptors' reachable from the newly added link, since no other 'source file descriptors' will have newly added links. This allows us to check only the wakeup paths that may have gotten too long, and not re-check all possible wakeup paths on the system. In terms of the path limit selection, I think its first worth noting that the most common case for epoll, is probably the model where you have 1 epoll file descriptor that is monitoring n number of 'source file descriptors'. In this case, each 'source file descriptor' has a 1 path of length 1. Thus, I believe that the limits I'm proposing are quite reasonable and in fact may be too generous. Thus, I'm hoping that the proposed limits will not prevent any workloads that currently work to fail. In terms of locking, I have extended the use of the 'epmutex' to all epoll_ctl add and remove operations. Currently its only used in a subset of the add paths. I need to hold the epmutex, so that we can correctly traverse a coherent graph, to check the number of paths. I believe that this additional locking is probably ok, since its in the setup/teardown paths, and doesn't affect the running paths, but it certainly is going to add some extra overhead. Also, worth noting is that the epmuex was recently added to the ep_ctl add operations in the initial path loop detection code using the argument that it was not on a critical path. Another thing to note here, is the length of epoll chains that is allowed. Currently, eventpoll.c defines: /* Maximum number of nesting allowed inside epoll sets */ #define EP_MAX_NESTS 4 This basically means that I am limited to a graph depth of 5 (EP_MAX_NESTS + 1). However, this limit is currently only enforced during the loop check detection code, and only when the epoll file descriptors are added in a certain order. Thus, this limit is currently easily bypassed. The newly added check for wakeup paths, stricly limits the wakeup paths to a length of 5, regardless of the order in which ep's are linked together. Thus, a side-effect of the new code is a more consistent enforcement of the graph depth. Thus far, I've tested this, using the sample programs previously mentioned, which now either return quickly or return -EINVAL. I've also testing using the piptest.c epoll tester, which showed no difference in performance. I've also created a number of different epoll networks and tested that they behave as expectded. I believe this solves the original diabolical test cases, while still preserving the sane epoll nesting. Signed-off-by: Jason Baron <jbaron@redhat.com> Cc: Nelson Elhage <nelhage@ksplice.com> Cc: Davide Libenzi <davidel@xmailserver.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:24 -08:00
Oleg Nesterov	e6aa5c0ba6	epoll: ep_unregister_pollwait() can use the freed pwq->whead commit `971316f050` upstream. signalfd_cleanup() ensures that ->signalfd_wqh is not used, but this is not enough. eppoll_entry->whead still points to the memory we are going to free, ep_unregister_pollwait()->remove_wait_queue() is obviously unsafe. Change ep_poll_callback(POLLFREE) to set eppoll_entry->whead = NULL, change ep_unregister_pollwait() to check pwq->whead != NULL under rcu_read_lock() before remove_wait_queue(). We add the new helper, ep_remove_wait_queue(), for this. This works because sighand_cachep is SLAB_DESTROY_BY_RCU and because ->signalfd_wqh is initialized in sighand_ctor(), not in copy_sighand. ep_unregister_pollwait()->remove_wait_queue() can play with already freed and potentially reused ->sighand, but this is fine. This memory must have the valid ->signalfd_wqh until rcu_read_unlock(). Reported-by: Maxime Bizon <mbizon@freebox.fr> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:24 -08:00
Oleg Nesterov	7741374fa2	epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() commit `d80e731eca` upstream. This patch is intentionally incomplete to simplify the review. It ignores ep_unregister_pollwait() which plays with the same wqh. See the next change. epoll assumes that the EPOLL_CTL_ADD'ed file controls everything f_op->poll() needs. In particular it assumes that the wait queue can't go away until eventpoll_release(). This is not true in case of signalfd, the task which does EPOLL_CTL_ADD uses its ->sighand which is not connected to the file. This patch adds the special event, POLLFREE, currently only for epoll. It expects that init_poll_funcptr()'ed hook should do the necessary cleanup. Perhaps it should be defined as EPOLLFREE in eventpoll. __cleanup_sighand() is changed to do wake_up_poll(POLLFREE) if ->signalfd_wqh is not empty, we add the new signalfd_cleanup() helper. ep_poll_callback(POLLFREE) simply does list_del_init(task_list). This make this poll entry inconsistent, but we don't care. If you share epoll fd which contains our sigfd with another process you should blame yourself. signalfd is "really special". I simply do not know how we can define the "right" semantics if it used with epoll. The main problem is, epoll calls signalfd_poll() once to establish the connection with the wait queue, after that signalfd_poll(NULL) returns the different/inconsistent results depending on who does EPOLL_CTL_MOD/signalfd_read/etc. IOW: apart from sigmask, signalfd has nothing to do with the file, it works with the current thread. In short: this patch is the hack which tries to fix the symptoms. It also assumes that nobody can take tasklist_lock under epoll locks, this seems to be true. Note: - we do not have wake_up_all_poll() but wake_up_poll() is fine, poll/epoll doesn't use WQ_FLAG_EXCLUSIVE. - signalfd_cleanup() uses POLLHUP along with POLLFREE, we need a couple of simple changes in eventpoll.c to make sure it can't be "lost". Reported-by: Maxime Bizon <mbizon@freebox.fr> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:23 -08:00
Nikolaus Schulz	a93a91746f	hwmon: (f75375s) Fix register write order when setting fans to full speed commit `c1c1a3d012` upstream. By hwmon sysfs interface convention, setting pwm_enable to zero sets a fan to full speed. In the f75375s driver, this need be done by enabling manual fan control, plus duty mode for the F875387 chip, and then setting the maximum duty cycle. Fix a bug where the two necessary register writes were swapped, effectively discarding the setting to full-speed. Signed-off-by: Nikolaus Schulz <mail@microschulz.de> Cc: Riku Voipio <riku.voipio@iki.fi> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:23 -08:00
Jarod Wilson	7171d39d21	imon: don't wedge hardware after early callbacks commit `8791d63af0` upstream. This patch is just a minor update to one titled "imon: Input from ffdc device type ignored" from Corinna Vinschen. An earlier patch to prevent an oops when we got early callbacks also has the nasty side-effect of wedging imon hardware, as we don't acknowledge the urb. Rework the check slightly here to bypass processing the packet, as the driver isn't yet fully initialized, but still acknowlege the urb and submit a new rx_urb. Do this for both interfaces -- irrelevant for ffdc hardware, but relevant for newer hardware, though newer hardware doesn't spew the constant stream of data as soon as the hardware is initialized like the older ffdc devices, so they'd be less likely to trigger this anyway... Tested with both an ffdc device and an 0042 device. Reported-by: Corinna Vinschen <vinschen@redhat.com> Signed-off-by: Jarod Wilson <jarod@redhat.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:22 -08:00
Janne Grunau	81fa1b3087	hdpvr: fix race conditon during start of streaming commit `afa159538a` upstream. status has to be set to STREAMING before the streaming worker is queued. hdpvr_transmit_buffers() will exit immediately otherwise. Reported-by: Joerg Desch <vvd.joede@googlemail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:21 -08:00
Oliver Hartkopp	9bda01cc81	can: sja1000: fix isr hang when hw is unplugged under load commit `a7762b10c1` upstream. In the case of hotplug enabled devices (PCMCIA/PCIeC) the removal of the hardware can cause an infinite loop in the common sja1000 isr. Use the already retrieved status register to indicate a possible hardware removal and double check by reading the mode register in sja1000_is_absent. Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Acked-by: Wolfgang Grandegger <wg@grandegger.com> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:21 -08:00
Ben Hutchings	c3d65b135f	builddeb: Don't create files in /tmp with predictable names commit `6c63522460` upstream. The current use of /tmp for file lists is insecure. Put them under $objtree/debian instead. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Acked-by: maximilian attems <max@stro.at> Signed-off-by: Michal Marek <mmarek@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:20 -08:00
Christian Riesch	df9a5f8f94	davinci_emac: Do not free all rx dma descriptors during init commit `5d69703263` upstream. This patch fixes a regression that was introduced by commit `0a5f384677` davinci_emac: Add Carrier Link OK check in Davinci RX Handler Said commit adds a check whether the carrier link is ok. If the link is not ok, the skb is freed and no new dma descriptor added to the rx dma channel. This causes trouble during initialization when the carrier status has not yet been updated. If a lot of packets are received while netif_carrier_ok returns false, all dma descriptors are freed and the rx dma transfer is stopped. The bug occurs when the board is connected to a network with lots of traffic and the ifconfig down/up is done, e.g., when reconfiguring the interface with DHCP. The bug can be reproduced by flood pinging the davinci board while doing ifconfig eth0 down ifconfig eth0 up on the board. After that, the rx path stops working and the overrun value reported by ifconfig is counting up. This patch reverts commit `0a5f384677` and instead issues warnings only if cpdma_chan_submit returns -ENOMEM. Signed-off-by: Christian Riesch <christian.riesch@omicron.at> Cc: Cyril Chemparathy <cyril@ti.com> Cc: Sascha Hauer <s.hauer@pengutronix.de> Tested-by: Rajashekhara, Sudhakar <sudhakar.raj@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:19 -08:00
Guo-Fu Tseng	5fbc730462	jme: Fix FIFO flush issue commit `ba9adbe67e` upstream. Set the RX FIFO flush watermark lower. According to Federico and JMicron's reply, setting it to 16QW would be stable on most platforms. Otherwise, user might experience packet drop issue. Reported-by: Federico Quagliata <federico@quagliata.org> Fixed-by: Federico Quagliata <federico@quagliata.org> Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:19 -08:00
Simon Horman	9b83c78d64	ipvs: fix matching of fwmark templates during scheduling commit `e0aac52e17` upstream. Commit `f11017ec2d` (2.6.37) moved the fwmark variable in subcontext that is invalidated before reaching the ip_vs_ct_in_get call. As vaddr is provided as pointer in the param structure make sure the fwmark variable is in same context. As the fwmark templates can not be matched, more and more template connections are created and the controlled connections can not go to single real server. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:19 -08:00
Alan Stern	8c1c1c37c2	scsi_pm: Fix bug in the SCSI power management handler commit `fea6d607e1` upstream. This patch (as1520) fixes a bug in the SCSI layer's power management implementation. LUN scanning can be carried out asynchronously in do_scan_async(), and sd uses an asynchronous thread for the time-consuming parts of disk probing in sd_probe_async(). Currently nothing coordinates these async threads with system sleep transitions; they can and do attempt to continue scanning/probing SCSI devices even after the host adapter has been suspended. As one might expect, the outcome is not ideal. This is what the "prepare" stage of system suspend was created for. After the prepare callback has been called for a host, target, or device, drivers are not allowed to register any children underneath them. Currently the SCSI prepare callback is not implemented; this patch rectifies that omission. For SCSI hosts, the prepare routine calls scsi_complete_async_scans() to wait until async scanning is finished. It might be slightly more efficient to wait only until the host in question has been scanned, but there's currently no way to do that. Besides, during a sleep transition we will ultimately have to wait until all the host scanning has finished anyway. For SCSI devices, the prepare routine calls async_synchronize_full() to wait until sd probing is finished. The routine does nothing for SCSI targets, because asynchronous target scanning is done only as part of host scanning. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:18 -08:00
Huajun Li	0234f05698	scsi_scan: Fix 'Poison overwritten' warning caused by using freed 'shost' commit `267a6ad4ae` upstream. In do_scan_async(), calling scsi_autopm_put_host(shost) may reference freed shost, and cause Posison overwitten warning. Yes, this case can happen, for example, an USB is disconnected just when do_scan_async() thread starts to run, then scsi_host_put() called in scsi_finish_async_scan() will lead to shost be freed(because the refcount of shost->shost_gendev decreases to 1 after USB disconnects), at this point, if references shost again, system will show following warning msg. To make scsi_autopm_put_host(shost) always reference a valid shost, put it just before scsi_host_put() in function scsi_finish_async_scan(). [ 299.281565] ============================================================================= [ 299.281634] BUG kmalloc-4096 (Tainted: G I ): Poison overwritten [ 299.281682] ----------------------------------------------------------------------------- [ 299.281684] [ 299.281752] INFO: 0xffff880056c305d0-0xffff880056c305d0. First byte 0x6a instead of 0x6b [ 299.281816] INFO: Allocated in scsi_host_alloc+0x4a/0x490 age=1688 cpu=1 pid=2004 [ 299.281870] __slab_alloc+0x617/0x6c1 [ 299.281901] __kmalloc+0x28c/0x2e0 [ 299.281931] scsi_host_alloc+0x4a/0x490 [ 299.281966] usb_stor_probe1+0x5b/0xc40 [usb_storage] [ 299.282010] storage_probe+0xa4/0xe0 [usb_storage] [ 299.282062] usb_probe_interface+0x172/0x330 [usbcore] [ 299.282105] driver_probe_device+0x257/0x3b0 [ 299.282138] __driver_attach+0x103/0x110 [ 299.282171] bus_for_each_dev+0x8e/0xe0 [ 299.282201] driver_attach+0x26/0x30 [ 299.282230] bus_add_driver+0x1c4/0x430 [ 299.282260] driver_register+0xb6/0x230 [ 299.282298] usb_register_driver+0xe5/0x270 [usbcore] [ 299.282337] 0xffffffffa04ab03d [ 299.282364] do_one_initcall+0x47/0x230 [ 299.282396] sys_init_module+0xa0f/0x1fe0 [ 299.282429] INFO: Freed in scsi_host_dev_release+0x18a/0x1d0 age=85 cpu=0 pid=2008 [ 299.282482] __slab_free+0x3c/0x2a1 [ 299.282510] kfree+0x296/0x310 [ 299.282536] scsi_host_dev_release+0x18a/0x1d0 [ 299.282574] device_release+0x74/0x100 [ 299.282606] kobject_release+0xc7/0x2a0 [ 299.282637] kobject_put+0x54/0xa0 [ 299.282668] put_device+0x27/0x40 [ 299.282694] scsi_host_put+0x1d/0x30 [ 299.282723] do_scan_async+0x1fc/0x2b0 [ 299.282753] kthread+0xdf/0xf0 [ 299.282782] kernel_thread_helper+0x4/0x10 [ 299.282817] INFO: Slab 0xffffea00015b0c00 objects=7 used=7 fp=0x (null) flags=0x100000000004080 [ 299.282882] INFO: Object 0xffff880056c30000 @offset=0 fp=0x (null) [ 299.282884] ... Signed-off-by: Huajun Li <huajun.li.lee@gmail.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:17 -08:00
Thomas Gleixner	37ef0e621b	genirq: Handle pending irqs in irq_startup() commit `b4bc724e82` upstream. An interrupt might be pending when irq_startup() is called, but the startup code does not invoke the resend logic. In some cases this prevents the device from issuing another interrupt which renders the device non functional. Call the resend function in irq_startup() to keep things going. Reported-and-tested-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:17 -08:00
Thomas Gleixner	aa0eb3474b	genirq: Unmask oneshot irqs when thread was not woken commit `ac56376111` upstream. When the primary handler of an interrupt which is marked IRQ_ONESHOT returns IRQ_HANDLED or IRQ_NONE, then the interrupt thread is not woken and the unmask logic of the interrupt line is never invoked. This keeps the interrupt masked forever. This was not noticed as most IRQ_ONESHOT users wake the thread unconditionally (usually because they cannot access the underlying device from hard interrupt context). Though this behaviour was nowhere documented and not necessarily intentional. Some drivers can avoid the thread wakeup in certain cases and run into the situation where the interrupt line s kept masked. Handle it gracefully. Reported-and-tested-by: Lothar Wassmann <lw@karo-electronics.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:16 -08:00
Pavel Roskin	72633f08ad	ath9k: stop on rates with idx -1 in ath9k rate control's .tx_status commit `2504a6423b` upstream. Rate control algorithms are supposed to stop processing when they encounter a rate with the index -1. Checking for rate->count not being zero is not enough. Allowing a rate with negative index leads to memory corruption in ath_debug_stat_rc(). One consequence of the bug is discussed at https://bugzilla.redhat.com/show_bug.cgi?id=768639 Signed-off-by: Pavel Roskin <proski@gnu.org> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:15 -08:00
Andreas Herrmann	03fedc5c56	x86/amd: Fix L1i and L2 cache sharing information for AMD family 15h processors commit `32c3233885` upstream. For L1 instruction cache and L2 cache the shared CPU information is wrong. On current AMD family 15h CPUs those caches are shared between both cores of a compute unit. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=42607 Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com> Cc: Petkov Borislav <Borislav.Petkov@amd.com> Cc: Dave Jones <davej@redhat.com> Link: http://lkml.kernel.org/r/20120208195229.GA17523@alberich.amd.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:14 -08:00
Russell King	758e4d3da5	ARM: omap: fix oops in arch/arm/mach-omap2/vp.c when pmic is not found commit `d980e0f8d8` upstream. When the PMIC is not found, voltdm->pmic will be NULL. vp.c's initialization function tries to dereferences this, which causes an oops: Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0004000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT Modules linked in: CPU: 0 Not tainted (3.3.0-rc2+ #204) PC is at omap_vp_init+0x5c/0x15c LR is at omap_vp_init+0x58/0x15c pc : [<c03db880>] lr : [<c03db87c>] psr: 60000013 sp : c181ff30 ip : c181ff68 fp : c181ff64 r10: c0407808 r9 : c040786c r8 : c0407814 r7 : c0026868 r6 : c00264fc r5 : c040ad6c r4 : 00000000 r3 : 00000040 r2 : 000032c8 r1 : 0000fa00 r0 : 000032c8 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 10c5387d Table: 80004019 DAC: 00000015 Process swapper (pid: 1, stack limit = 0xc181e2e8) Stack: (0xc181ff30 to 0xc1820000) ff20: c0381d00 c02e9c6d c0383582 c040786c ff40: c040ad6c c00264fc c0026868 c0407814 00000000 c03d9de4 c181ff8c c181ff68 ff60: c03db448 c03db830 c02e982c c03fdfb8 c03fe004 c0039988 00000013 00000000 ff80: c181ff9c c181ff90 c03d9df8 c03db390 c181ffdc c181ffa0 c0008798 c03d9df0 ffa0: c181ffc4 c181ffb0 c0055a44 c0187050 c0039988 c03fdfb8 c03fe004 c0039988 ffc0: 00000013 00000000 00000000 00000000 c181fff4 c181ffe0 c03d1284 c0008708 ffe0: 00000000 c03d1208 00000000 c181fff8 c0039988 c03d1214 1077ce40 01f7ee08 Backtrace: [<c03db824>] (omap_vp_init+0x0/0x15c) from [<c03db448>] (omap_voltage_late_init+0xc4/0xfc) [<c03db384>] (omap_voltage_late_init+0x0/0xfc) from [<c03d9df8>] (omap2_common_pm_late_init+0x14/0x54) r8:00000000 r7:00000013 r6:c0039988 r5:c03fe004 r4:c03fdfb8 [<c03d9de4>] (omap2_common_pm_late_init+0x0/0x54) from [<c0008798>] (do_one_initcall+0x9c/0x164) [<c00086fc>] (do_one_initcall+0x0/0x164) from [<c03d1284>] (kernel_init+0x7c/0x120) [<c03d1208>] (kernel_init+0x0/0x120) from [<c0039988>] (do_exit+0x0/0x2cc) r5:c03d1208 r4:00000000 Code: e5ca300b e5900034 ebf69027 e5994024 (e5941000) ---[ end trace aed617dddaf32c3d ]--- Kernel panic - not syncing: Attempted to kill init! Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Cc: Igor Grinberg <grinberg@compulab.co.il> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:13 -08:00
Russell King	527cba8ab2	ARM: omap: fix oops in drivers/video/omap2/dss/dpi.c commit `4041071571` upstream. When a PMIC is not found, this driver is unable to obtain its 'vdds_dsi_reg' regulator. Even through its initialization function fails, other code still calls its enable function, which fails to check whether it has this regulator before asking for it to be enabled. This fixes the oops, however a better fix would be to sort out the upper layers to prevent them calling into a module which failed to initialize. Unable to handle kernel NULL pointer dereference at virtual address 00000038 pgd = c0004000 [00000038] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT Modules linked in: CPU: 0 Not tainted (3.3.0-rc2+ #228) PC is at regulator_enable+0x10/0x70 LR is at omapdss_dpi_display_enable+0x54/0x15c pc : [<c01b9a08>] lr : [<c01af994>] psr: 60000013 sp : c181fd90 ip : c181fdb0 fp : c181fdac r10: c042eff0 r9 : 00000060 r8 : c044a164 r7 : c042c0e4 r6 : c042bd60 r5 : 00000000 r4 : c042bd60 r3 : c084de48 r2 : c181e000 r1 : c042bd60 r0 : 00000000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 10c5387d Table: 80004019 DAC: 00000015 Process swapper (pid: 1, stack limit = 0xc181e2e8) Stack: (0xc181fd90 to 0xc1820000) fd80: c001754c c042bd60 00000000 c042bd60 fda0: c181fdcc c181fdb0 c01af994 c01b9a04 c0016104 c042bd60 c042bd60 c044a338 fdc0: c181fdec c181fdd0 c01b5ed0 c01af94c c042bd60 c042bd60 c1aa8000 c1aa8a0c fde0: c181fe04 c181fdf0 c01b5f54 c01b5ea8 c02fc18c c042bd60 c181fe3c c181fe08 fe00: c01b2a18 c01b5f48 c01aed14 c02fc160 c01df8ec 00000002 c042bd60 00000003 fe20: c042bd60 c1aa8000 c1aa8a0c c042eff8 c181fe84 c181fe40 c01b3874 c01b29fc fe40: c042eff8 00000000 c042f000 c0449db8 c044ed78 00000000 c181fe74 c042eff8 fe60: c042eff8 c0449db8 c0449db8 c044ed78 00000000 00000000 c181fe94 c181fe88 fe80: c01e452c c01b35e8 c181feb4 c181fe98 c01e2fdc c01e4518 c042eff8 c0449db8 fea0: c0449db8 c181fef0 c181fecc c181feb8 c01e3104 c01e2f48 c042eff8 c042f02c fec0: c181feec c181fed0 c01e3190 c01e30c0 c01e311c 00000000 c01e311c c0449db8 fee0: c181ff14 c181fef0 c01e1998 c01e3128 c18330a8 c1892290 c04165e8 c0449db8 ff00: c0449db8 c1ab60c0 c181ff24 c181ff18 c01e2e28 c01e194c c181ff54 c181ff28 ff20: c01e2218 c01e2e14 c039afed c181ff38 c04165e8 c041660c c0449db8 00000013 ff40: 00000000 c03ffdb8 c181ff7c c181ff58 c01e384c c01e217c c181ff7c c04165e8 ff60: c041660c c003a37c 00000013 00000000 c181ff8c c181ff80 c01e488c c01e3790 ff80: c181ff9c c181ff90 c03ffdcc c01e484c c181ffdc c181ffa0 c0008798 c03ffdc4 ffa0: c181ffc4 c181ffb0 c0056440 c0187810 c003a37c c04165e8 c041660c c003a37c ffc0: 00000013 00000000 00000000 00000000 c181fff4 c181ffe0 c03ea284 c0008708 ffe0: 00000000 c03ea208 00000000 c181fff8 c003a37c c03ea214 1073cec0 01f7ee08 Backtrace: [<c01b99f8>] (regulator_enable+0x0/0x70) from [<c01af994>] (omapdss_dpi_display_enable+0x54/0x15c) r6:c042bd60 r5:00000000 r4:c042bd60 [<c01af940>] (omapdss_dpi_display_enable+0x0/0x15c) from [<c01b5ed0>] (generic_dpi_panel_power_on+0x34/0x78) r6:c044a338 r5:c042bd60 r4:c042bd60 [<c01b5e9c>] (generic_dpi_panel_power_on+0x0/0x78) from [<c01b5f54>] (generic_dpi_panel_enable+0x18/0x28) r7:c1aa8a0c r6:c1aa8000 r5:c042bd60 r4:c042bd60 [<c01b5f3c>] (generic_dpi_panel_enable+0x0/0x28) from [<c01b2a18>] (omapfb_init_display+0x28/0x150) r4:c042bd60 [<c01b29f0>] (omapfb_init_display+0x0/0x150) from [<c01b3874>] (omapfb_probe+0x298/0x318) r8:c042eff8 r7:c1aa8a0c r6:c1aa8000 r5:c042bd60 r4:00000003 [<c01b35dc>] (omapfb_probe+0x0/0x318) from [<c01e452c>] (platform_drv_probe+0x20/0x24) [<c01e450c>] (platform_drv_probe+0x0/0x24) from [<c01e2fdc>] (really_probe+0xa0/0x178) [<c01e2f3c>] (really_probe+0x0/0x178) from [<c01e3104>] (driver_probe_device+0x50/0x68) r7:c181fef0 r6:c0449db8 r5:c0449db8 r4:c042eff8 [<c01e30b4>] (driver_probe_device+0x0/0x68) from [<c01e3190>] (__driver_attach+0x74/0x98) r5:c042f02c r4:c042eff8 [<c01e311c>] (__driver_attach+0x0/0x98) from [<c01e1998>] (bus_for_each_dev+0x58/0x98) r6:c0449db8 r5:c01e311c r4:00000000 [<c01e1940>] (bus_for_each_dev+0x0/0x98) from [<c01e2e28>] (driver_attach+0x20/0x28) r7:c1ab60c0 r6:c0449db8 r5:c0449db8 r4:c04165e8 [<c01e2e08>] (driver_attach+0x0/0x28) from [<c01e2218>] (bus_add_driver+0xa8/0x22c) [<c01e2170>] (bus_add_driver+0x0/0x22c) from [<c01e384c>] (driver_register+0xc8/0x154) [<c01e3784>] (driver_register+0x0/0x154) from [<c01e488c>] (platform_driver_register+0x4c/0x60) r8:00000000 r7:00000013 r6:c003a37c r5:c041660c r4:c04165e8 [<c01e4840>] (platform_driver_register+0x0/0x60) from [<c03ffdcc>] (omapfb_init+0x14/0x34) [<c03ffdb8>] (omapfb_init+0x0/0x34) from [<c0008798>] (do_one_initcall+0x9c/0x164) [<c00086fc>] (do_one_initcall+0x0/0x164) from [<c03ea284>] (kernel_init+0x7c/0x120) [<c03ea208>] (kernel_init+0x0/0x120) from [<c003a37c>] (do_exit+0x0/0x2d8) r5:c03ea208 r4:00000000 Code: e1a0c00d e92dd870 e24cb004 e24dd004 (e5906038) ---[ end trace 9e2474c2e193b223 ]--- Acked-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Cc: Igor Grinberg <grinberg@compulab.co.il> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:13 -08:00
Guenter Roeck	4651f6ab6b	hwmon: (ads1015) Fix file leak in probe function commit `363434b5dc` upstream. An error while creating sysfs attribute files in the driver's probe function results in an error abort, but already created files are not removed. This patch fixes the problem. Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Cc: Dirk Eibach <eibach@gdsys.de> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:13 -08:00
Chris D Schimp	b7b3a0104a	hwmon: (max6639) Fix PPR register initialization to set both channels commit `2f2da1ac0b` upstream. Initialize PPR register for both channels, and set correct PPR register bits. Also remove unnecessary variable initializations. Signed-off-by: Chris D Schimp <silverchris@gmail.com> [guenter.roeck@ericsson.com: Merged two patches into one] Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Acked-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:12 -08:00
Chris D Schimp	8003623db5	hwmon: (max6639) Fix FAN_FROM_REG calculation commit `b63d97a36e` upstream. RPM calculation from tachometer value does not depend on PPR. Also, do not report negative RPM values. Signed-off-by: Chris D Schimp <silverchris@gmail.com> [guenter.roeck@ericsson.com: do not report negative RPM values] Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Acked-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:12 -08:00
David Howells	8f6c3d1a58	NOMMU: Lock i_mmap_mutex for access to the VMA prio list commit `918e556ec2` upstream. Lock i_mmap_mutex for access to the VMA prio list to prevent concurrent access. Currently, certain parts of the mmap handling are protected by the region mutex, but not all. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:11 -08:00
Takashi Iwai	8f421627d1	ALSA: hda/realtek - Fix surround output regression on Acer Aspire 5935 commit `ef8d60fb79` upstream. The previous fix for the speaker on Acer Aspire 59135 introduced another problem for surround outputs. It changed the connections on the line-in/mic pins for limiting the routes, but it left the modified connections. Thus wrong connection indices were written when set to 4ch or 6ch mode. This patch fixes it by restoring the right connections just after parsing the tree but before the initialization. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42740 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:11 -08:00
Takashi Iwai	0da0c63e05	ALSA: hda/realtek - Fix overflow of vol/sw check bitmap commit `c14c95f62e` upstream. The bitmap introduced in the commit [`527e4d73`: ALSA: hda/realtek - Fix missing volume controls with ALC260] is too narrow for some codecs, which may have more NIDs than 0x20, thus it may overflow the bitmap array on them. Just double the number to cover all and also add a sanity-check code to be safer. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:10 -08:00
Mark Brown	8fb548906e	ASoC: wm8962: Fix sidetone enumeration texts commit `31794bc37b` upstream. The sidetone enumeration texts have left and right swapped. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:10 -08:00
Andy Grover	d2227f84ba	target: Allow control CDBs with data > 1 page commit `4949314c72` upstream. We need to handle >1 page control cdbs, so extend the code to do a vmap if bigger than 1 page. It seems like kmap() is still preferable if just a page, fewer TLB shootdowns(?), so keep using that when possible. Rename function pair for their new scope. Signed-off-by: Andy Grover <agrover@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:09 -08:00
Alan Stern	2ab9cc5409	usb-storage: fix freezing of the scanning thread commit `bb94a40668` upstream. This patch (as1521b) fixes the interaction between usb-storage's scanning thread and the freezer. The current implementation has a race: If the device is unplugged shortly after being plugged in and just as a system sleep begins, the scanning thread may get frozen before the khubd task. Khubd won't be able to freeze until the disconnect processing is complete, and the disconnect processing can't proceed until the scanning thread finishes, so the sleep transition will fail. The implementation in the 3.2 kernel suffers from an additional problem. There the scanning thread calls set_freezable_with_signal(), and the signals sent by the freezer will mess up the thread's I/O delays, which are all interruptible. The solution to both problems is the same: Replace the kernel thread used for scanning with a delayed-work routine on the system freezable work queue. Freezable work queues have the nice property that you can cancel a work item even while the work queue is frozen, and no signals are needed. The 3.2 version of this patch solves the problem in Bugzilla #42730. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:08 -08:00
Elric Fu	1a62497909	USB: Set hub depth after USB3 hub reset commit `a45aa3b305` upstream. The superspeed device attached to a USB 3.0 hub(such as VIA's) doesn't respond the address device command after resume. The root cause is the superspeed hub will miss the Hub Depth value that is used as an offset into the route string to locate the bits it uses to determine the downstream port number after reset, and all packets can't be routed to the device attached to the superspeed hub. Hub driver sends a Set Hub Depth request to the superspeed hub except for USB 3.0 root hub when the hub is initialized and doesn't send the request again after reset due to the resume process. So moving the code that sends the Set Hub Depth request to the superspeed hub from hub_configure() to hub_activate() is to cover those situations include initialization and reset. The patch should be backported to kernels as old as 2.6.39. Signed-off-by: Elric Fu <elricfu1@gmail.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:08 -08:00
Sarah Sharp	4d5845033e	USB: Don't fail USB3 probe on missing legacy PCI IRQ. commit `68d07f64b8` upstream. Intel has a PCI USB xhci host controller on a new platform. It doesn't have a line IRQ definition in BIOS. The Linux driver refuses to initialize this controller, but Windows works well because it only depends on MSI. Actually, Linux also can work for MSI. This patch avoids the line IRQ checking for USB3 HCDs in usb core PCI probe. It allows the xHCI driver to try to enable MSI or MSI-X first. It will fail the probe if MSI enabling failed and there's no legacy PCI IRQ. This patch should be backported to kernels as old as 2.6.32. Signed-off-by: Alex Shi <alex.shi@intel.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:08 -08:00
Sarah Sharp	0eec53088b	xhci: Fix encoding for HS bulk/control NAK rate. commit `340a3504fd` upstream. The xHCI 0.96 spec says that HS bulk and control endpoint NAK rate must be encoded as an exponent of two number of microframes. The endpoint descriptor has the NAK rate encoded in number of microframes. We were just copying the value from the endpoint descriptor into the endpoint context interval field, which was not correct. This lead to the VIA host rejecting the add of a bulk OUT endpoint from any USB 2.0 mass storage device. The fix is to use the correct encoding. Refactor the code to convert number of frames to an exponential number of microframes, and make sure we convert the number of microframes in HS bulk and control endpoints to an exponent. This should be back ported to kernels as old as 2.6.31, that contain the commit `dfa49c4ad1` "USB: xhci - fix math in xhci_get_endpoint_interval" Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Tested-by: Felipe Contreras <felipe.contreras@gmail.com> Suggested-by: Andiry Xu <andiry.xu@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:07 -08:00
Sarah Sharp	60e1345a34	xhci: Fix oops caused by more USB2 ports than USB3 ports. commit `3278a55a1a` upstream. The code to set the device removable bits in the USB 2.0 roothub descriptor was accidentally looking at the USB 3.0 port registers instead of the USB 2.0 registers. This can cause an oops if there are more USB 2.0 registers than USB 3.0 registers. This should be backported to kernels as old as 2.6.39, that contain the commit `4bbb0ace9a` "xhci: Return a USB 3.0 hub descriptor for USB3 roothub." Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:07 -08:00
Sarah Sharp	6dc2acf66f	USB: Fix handoff when BIOS disables host PCI device. commit `cab928ee1f` upstream. On some systems with an Intel Panther Point xHCI host controller, the BIOS disables the xHCI PCI device during boot, and switches the xHCI ports over to EHCI. This allows the BIOS to access USB devices without having xHCI support. The downside is that the xHCI BIOS handoff mechanism will fail because memory mapped I/O is not enabled for the disabled PCI device. Jesse Barnes says this is expected behavior. The PCI core will enable BARs before quirks run, but it will leave it in an undefined state, and it may not have memory mapped I/O enabled. Make the generic USB quirk handler call pci_enable_device() to re-enable MMIO, and call pci_disable_device() once the host-specific BIOS handoff is finished. This will balance the ref counts in the PCI core. When the PCI probe function is called, usb_hcd_pci_probe() will call pci_enable_device() again. This should be back ported to kernels as old as 2.6.31. That was the first kernel with xHCI support, and no one has complained about BIOS handoffs failing due to memory mapped I/O being disabled on other hosts (EHCI, UHCI, or OHCI). Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Acked-by: Oliver Neukum <oneukum@suse.de> Cc: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:06 -08:00
Sarah Sharp	d8c3ee4541	USB: Remove duplicate USB 3.0 hub feature #defines. commit `d9f5343e35` upstream. Somehow we ended up with duplicate hub feature #defines in ch11.h. Tatyana Brokhman first created the USB 3.0 hub feature macros in 2.6.38 with commit `0eadcc0920` "usb: USB3.0 ch11 definitions". In 2.6.39, I modified a patch from John Youn that added similar macros in a different place in the same file, and committed `dbe79bbe9d` "USB 3.0 Hub Changes". Some of the #defines used different names for the same values. Others used exactly the same names with the same values, like these gems: #define USB_PORT_FEAT_BH_PORT_RESET 28 ... #define USB_PORT_FEAT_BH_PORT_RESET 28 According to my very geeky husband (who looked it up in the C99 spec), it is allowed to have object-like macros with duplicate names as long as the replacement list is exactly the same. However, he recalled that some compilers will give warnings when they find duplicate macros. It's probably best to remove the duplicates in the stable tree, so that the code compiles for everyone. The macros are now fixed to move the feature requests that are specific to USB 3.0 hubs into a new section (out of the USB 2.0 hub feature section), and use the most common macro name. This patch should be backported to 2.6.39. Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Cc: Tatyana Brokhman <tlinder@codeaurora.org> Cc: John Youn <johnyoun@synopsys.com> Cc: Jamey Sharp <jamey@minilop.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:06 -08:00
Andrew Lunn	f891ac47c2	USB: Serial: ti_usb_3410_5052: Add Abbot Diabetes Care cable id commit `7fd25702ba` upstream. This USB-serial cable with mini stereo jack enumerates as: Bus 001 Device 004: ID 1a61:3410 Abbott Diabetes Care It is a TI3410 inside. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:06 -08:00
Rui li	4cc383ba35	USB: option: cleanup zte 3g-dongle's pid in option.c commit `b9e44fe5ec` upstream. 1. Remove all old mass-storage ids's pid: 0x0026,0x0053,0x0098,0x0099,0x0149,0x0150,0x0160; 2. As the pid from 0x1401 to 0x1510 which have not surely assigned to use for serial-port or mass-storage port,so i think it should be removed now, and will re-add after it have assigned in future; 3. sort the pid to WCDMA and CDMA. Signed-off-by: Rui li <li.rui27@zte.com.cn> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:05 -08:00
Bruno Thomsen	4a24486839	USB: Added Kamstrup VID/PIDs to cp210x serial driver. commit `c6c1e4491d` upstream. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:05 -08:00
Neal Cardwell	c90fa02e73	tcp: fix tcp_shifted_skb() adjustment of lost_cnt_hint for FACK [ Upstream commit `0af2a0d057` ] This commit ensures that lost_cnt_hint is correctly updated in tcp_shifted_skb() for FACK TCP senders. The lost_cnt_hint adjustment in tcp_sacktag_one() only applies to non-FACK senders, so FACK senders need their own adjustment. This applies the spirit of `1e5289e121` - except now that the sequence range passed into tcp_sacktag_one() is correct we need only have a special case adjustment for FACK. Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:05 -08:00
Neal Cardwell	85a90ef604	tcp: fix range tcp_shifted_skb() passes to tcp_sacktag_one() [ Upstream commit `daef52bab1` ] Fix the newly-SACKed range to be the range of newly-shifted bytes. Previously - since `832d11c5cd` - tcp_shifted_skb() incorrectly called tcp_sacktag_one() with the start and end sequence numbers of the skb it passes in set to the range just beyond the range that is newly-SACKed. This commit also removes a special-case adjustment to lost_cnt_hint in tcp_shifted_skb() since the pre-existing adjustment of lost_cnt_hint in tcp_sacktag_one() now properly handles this things now that the correct start sequence number is passed in. Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:04 -08:00
Neal Cardwell	aaa9bcd960	tcp: allow tcp_sacktag_one() to tag ranges not aligned with skbs [ Upstream commit `cc9a672ee5` ] This commit allows callers of tcp_sacktag_one() to pass in sequence ranges that do not align with skb boundaries, as tcp_shifted_skb() needs to do in an upcoming fix in this patch series. In fact, now tcp_sacktag_one() does not need to depend on an input skb at all, which makes its semantics and dependencies more clear. Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:04 -08:00
Eric Dumazet	156f251f74	gro: more generic L2 header check [ Upstream commit `5ca3b72c5d` ] Shlomo Pongratz reported GRO L2 header check was suited for Ethernet only, and failed on IB/ipoib traffic. He provided a patch faking a zeroed header to let GRO aggregates frames. Roland Dreier, Herbert Xu, and others suggested we change GRO L2 header check to be more generic, ie not assuming L2 header is 14 bytes, but taking into account hard_header_len. __napi_gro_receive() has special handling for the common case (Ethernet) to avoid a memcmp() call and use an inline optimized function instead. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Reported-by: Shlomo Pongratz <shlomop@mellanox.com> Cc: Roland Dreier <roland@kernel.org> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:04 -08:00
Roland Dreier	afd87adacb	IPoIB: Stop lying about hard_header_len and use skb->cb to stash LL addresses [ Upstream commit `936d7de3d7` ] Commit `a0417fa3a1` ("net: Make qdisc_skb_cb upper size bound explicit.") made it possible for a netdev driver to use skb->cb between its header_ops.create method and its .ndo_start_xmit method. Use this in ipoib_hard_header() to stash away the LL address (GID + QPN), instead of the "ipoib_pseudoheader" hack. This allows IPoIB to stop lying about its hard_header_len, which will let us fix the L2 check for GRO. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:03 -08:00
David S. Miller	79246cb059	net: Make qdisc_skb_cb upper size bound explicit. [ Upstream commit `16bda13d90` ] Just like skb->cb[], so that qdisc_skb_cb can be encapsulated inside of other data structures. This is intended to be used by IPoIB so that it can remember addressing information stored at hard_header_ops->create() time that it can fetch when the packet gets to the transmit routine. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:02 -08:00
Li Wei	763fe579c1	ipv4: Fix wrong order of ip_rt_get_source() and update iph->daddr. [ Upstream commit `5dc7883f2a` ] This patch fix a bug which introduced by commit `ac8a4810` (ipv4: Save nexthop address of LSRR/SSRR option to IPCB.).In that patch, we saved the nexthop of SRR in ip_option->nexthop and update iph->daddr until we get to ip_forward_options(), but we need to update it before ip_rt_get_source(), otherwise we may get a wrong src. Signed-off-by: Li Wei <lw@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:02 -08:00
Shawn Lu	017d762758	tcp_v4_send_reset: binding oif to iif in no sock case [ Upstream commit `e2446eaab5` ] Binding RST packet outgoing interface to incoming interface for tcp v4 when there is no socket associate with it. when sk is not NULL, using sk->sk_bound_dev_if instead. (suggested by Eric Dumazet). This has few benefits: 1. tcp_v6_send_reset already did that. 2. This helps tcp connect with SO_BINDTODEVICE set. When connection is lost, we still able to sending out RST using same interface. 3. we are sending reply, it is most likely to be succeed if iif is used Signed-off-by: Shawn Lu <shawn.lu@ericsson.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:01 -08:00
Julian Anastasov	f4df037cf3	ipv4: reset flowi parameters on route connect [ Upstream commit `e6b45241c5` ] Eric Dumazet found that commit `813b3b5db8` (ipv4: Use caller's on-stack flowi as-is in output route lookups.) that comes in 3.0 added a regression. The problem appears to be that resulting flowi4_oif is used incorrectly as input parameter to some routing lookups. The result is that when connecting to local port without listener if the IP address that is used is not on a loopback interface we incorrectly assign RTN_UNICAST to the output route because no route is matched by oif=lo. The RST packet can not be sent immediately by tcp_v4_send_reset because it expects RTN_LOCAL. So, change ip_route_connect and ip_route_newports to update the flowi4 fields that are input parameters because we do not want unnecessary binding to oif. To make it clear what are the input parameters that can be modified during lookup and to show which fields of floiw4 are reused add a new function to update the flowi4 structure: flowi4_update_output. Thanks to Yurij M. Plotnikov for providing a bug report including a program to reproduce the problem. Thanks to Eric Dumazet for tracking the problem down to tcp_v4_send_reset and providing initial fix. Reported-by: Yurij M. Plotnikov <Yurij.Plotnikov@oktetlabs.ru> Signed-off-by: Julian Anastasov <ja@ssi.bg> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:00 -08:00
David Lv	d14d408060	via-velocity: S3 resume fix. [ Upstream commit `b530b1930b` ] Initially diagnosed on Ubuntu 11.04 with kernel 2.6.38. velocity_close is not called during a suspend / resume cycle in this driver and it has no business playing directly with power states. Signed-off-by: David Lv <DavidLv@viatech.com.cn> Acked-by: Francois Romieu <romieu@fr.zoreil.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:00 -08:00
Hagen Paul Pfeifer	b21abc775d	veth: Enforce minimum size of VETH_INFO_PEER [ Upstream commit `237114384a` ] VETH_INFO_PEER carries struct ifinfomsg plus optional IFLA attributes. A minimal size of sizeof(struct ifinfomsg) must be enforced or we may risk accessing that struct beyond the limits of the netlink message. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:31:00 -08:00
Hagen Paul Pfeifer	a1845875b3	net_sched: Bug in netem reordering [ Upstream commit `eb10192447` ] Not now, but it looks you are correct. q->qdisc is NULL until another additional qdisc is attached (beside tfifo). See `50612537e9`. The following patch should work. From: Hagen Paul Pfeifer <hagen@jauu.net> netem: catch NULL pointer by updating the real qdisc statistic Reported-by: Vijay Subramanian <subramanian.vijay@gmail.com> Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:59 -08:00
Eric Dumazet	39994fb222	netpoll: netpoll_poll_dev() should access dev->flags [ Upstream commit `58e05f357a` ] commit `5a698af53f` (bond: service netpoll arp queue on master device) tested IFF_SLAVE flag against dev->priv_flags instead of dev->flags Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: WANG Cong <amwang@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:58 -08:00
Thomas Graf	1b22d2ddf4	net: Don't proxy arp respond if iif == rt->dst.dev if private VLAN is disabled [ Upstream commit `70620c46ac` ] Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed the behavior of arp proxy to send arp replies back out on the interface the request came in even if the private VLAN feature is disabled. Previously we checked rt->dst.dev != skb->dev for in scenarios, when proxy arp is enabled on for the netdevice and also when individual proxy neighbour entries have been added. This patch adds the check back for the pneigh_lookup() scenario. Signed-off-by: Thomas Graf <tgraf@suug.ch> Acked-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:57 -08:00
Eric Dumazet	96dd4ee679	3c59x: shorten timer period for slave devices [ Upstream commit `3013dc0cce` ] Jean Delvare reported bonding on top of 3c59x adapters was not detecting network cable removal fast enough. 3c59x indeed uses a 60 seconds timer to check link status if carrier is on, and 5 seconds if carrier is off. This patch reduces timer period to 5 seconds if device is a bonding slave. Reported-by: Jean Delvare <jdelvare@suse.de> Acked-by: Jean Delvare <jdelvare@suse.de> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:57 -08:00
Rabin Vincent	ceb484992b	ARM: 7325/1: fix v7 boot with lockdep enabled commit `8e43a905dd` upstream. Bootup with lockdep enabled has been broken on v7 since `b46c0f7465` ("ARM: 7321/1: cache-v7: Disable preemption when reading CCSIDR"). This is because v7_setup (which is called very early during boot) calls v7_flush_dcache_all, and the save_and_disable_irqs added by that patch ends up attempting to call into lockdep C code (trace_hardirqs_off()) when we are in no position to execute it (no stack, MMU off). Fix this by using a notrace variant of save_and_disable_irqs. The code already uses the notrace variant of restore_irqs. Reviewed-by: Nicolas Pitre <nico@linaro.org> Acked-by: Stephen Boyd <sboyd@codeaurora.org> Cc: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Rabin Vincent <rabin@rab.in> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:57 -08:00
Stephen Boyd	1bbe8912e0	ARM: 7321/1: cache-v7: Disable preemption when reading CCSIDR commit `b46c0f7465` upstream. armv7's flush_cache_all() flushes caches via set/way. To determine the cache attributes (line size, number of sets, etc.) the assembly first writes the CSSELR register to select a cache level and then reads the CCSIDR register. The CSSELR register is banked per-cpu and is used to determine which cache level CCSIDR reads. If the task is migrated between when the CSSELR is written and the CCSIDR is read the CCSIDR value may be for an unexpected cache level (for example L1 instead of L2) and incorrect cache flushing could occur. Disable interrupts across the write and read so that the correct cache attributes are read and used for the cache flushing routine. We disable interrupts instead of disabling preemption because the critical section is only 3 instructions and we want to call v7_dcache_flush_all from __v7_setup which doesn't have a full kernel stack with a struct thread_info. This fixes a problem we see in scm_call() when flush_cache_all() is called from preemptible context and sometimes the L2 cache is not properly flushed out. Signed-off-by: Stephen Boyd <sboyd@codeaurora.org> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Reviewed-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:56 -08:00
Weston Andros Adamson	8ed3fe820f	NFSv4: fix server_scope memory leak commit `abe9a6d57b` upstream. server_scope would never be freed if nfs4_check_cl_exchange_flags() returned non-zero Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:56 -08:00
Trond Myklebust	0cea513e39	NFSv4: Ensure we throw out bad delegation stateids on NFS4ERR_BAD_STATEID commit `b9f9a03150` upstream. To ensure that we don't just reuse the bad delegation when we attempt to recover the nfs4_state that received the bad stateid error. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:55 -08:00
Trond Myklebust	4a818b4288	NFSv4: Fix an Oops in the NFSv4 getacl code commit `331818f1c4` upstream. Commit `bf118a342f` (NFSv4: include bitmap in nfsv4 get acl data) introduces the 'acl_scratch' page for the case where we may need to decode multi-page data. However it fails to take into account the fact that the variable may be NULL (for the case where we're not doing multi-page decode), and it also attaches it to the encoding xdr_stream rather than the decoding one. The immediate result is an Oops in nfs4_xdr_enc_getacl due to the call to page_address() with a NULL page pointer. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Andy Adamson <andros@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:55 -08:00
Johan Rudholm	f3d763847f	mmc: core: check for zero length ioctl data commit `4d6144de8b` upstream. If the read or write buffer size associated with the command sent through the mmc_blk_ioctl is zero, do not prepare data buffer. This enables a ioctl(2) call to for instance send a MMC_SWITCH to set a byte in the ext_csd. Signed-off-by: Johan Rudholm <johan.rudholm@stericsson.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:54 -08:00
Takashi Iwai	2a8e5e8a2d	ALSA: hda - Fix redundant jack creations for cx5051 [Note that since the patch isn't applicable (and unnecessary) to 3.3-rc, there is no corresponding upstream fix.] The cx5051 parser calls snd_hda_input_jack_add() in the init callback to create and initialize the jack detection instances. Since the init callback is called at each time when the device gets woken up after suspend or power-saving mode, the duplicated instances are accumulated at each call. This ends up with the kernel warnings with the too large array size. The fix is simply to move the calls of snd_hda_input_jack_add() into the parser section instead of the init callback. The fix is needed only up to 3.2 kernel, since the HD-audio jack layer was redesigned in the 3.3 kernel. Reported-by: Russell King <rmk+kernel@arm.linux.org.uk> Tested-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:54 -08:00
Javi Merino	32818d15fe	ARM: 7326/2: PL330: fix null pointer dereference in pl330_chan_ctrl() commit `46e33c606a` upstream. This fixes the thrd->req_running field being accessed before thrd is checked for null. The error was introduced in `abb959f`: ARM: 7237/1: PL330: Fix driver freeze Reference: <1326458191-23492-1-git-send-email-mans.rullgard@linaro.org> Signed-off-by: Mans Rullgard <mans.rullgard@linaro.org> Acked-by: Javi Merino <javi.merino@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:53 -08:00
Miklos Szeredi	3c40e5e082	vfs: fix d_inode_lookup() dentry ref leak commit `e188dc02d3` upstream. d_inode_lookup() leaks a dentry reference on IS_DEADDIR(). Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:53 -08:00
Martin Schwidefsky	cadd96ffcc	S390: correct ktime to tod clock comparator conversion commit `cf1eb40f8f` upstream. The conversion of the ktime to a value suitable for the clock comparator does not take changes to wall_to_monotonic into account. In fact the conversion just needs the boot clock (sched_clock_base_cc) and the total_sleep_time. This is applicable to 3.2+ kernels. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:53 -08:00
Tyler Hicks	6b6cd603f9	eCryptfs: Copy up lower inode attrs after setting lower xattr commit `545d680938` upstream. After passing through a ->setxattr() call, eCryptfs needs to copy the inode attributes from the lower inode to the eCryptfs inode, as they may have changed in the lower filesystem's ->setxattr() path. One example is if an extended attribute containing a POSIX Access Control List is being set. The new ACL may cause the lower filesystem to modify the mode of the lower inode and the eCryptfs inode would need to be updated to reflect the new mode. https://launchpad.net/bugs/926292 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reported-by: Sebastien Bacher <seb128@ubuntu.com> Cc: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:52 -08:00
Lars-Peter Clausen	2a66303d51	regmap: Fix cache defaults initialization from raw cache defaults commit `61cddc57dc` upstream. Currently registers with a value of 0 are ignored when initializing the register defaults from raw defaults. This worked in the past, because registers without a explicit default were assumed to have a default value of 0. This was changed in commit `b03622a8` ("regmap: Ensure rbtree syncs registers set to zero properly"). As a result registers, which have a raw default value of 0 are now assumed to have no default. This again can result in unnecessary writes when syncing the cache. It will also result in unnecessary reads for e.g. the first update operation. In the case where readback is not possible this will even let the update operation fail, if the register has not been written to before. So this patch removes the check. Instead it adds a check to ignore raw defaults for registers which are volatile, since those registers are not cached. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:52 -08:00
Tim Gardner	35c224c3c9	ipheth: Add iPhone 4S commit `72ba009b8a` upstream. BugLink: http://bugs.launchpad.net/bugs/900802 Signed-off-by: Till Kamppeter <till.kamppeter@gmail.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:52 -08:00
Mohammed Shafi Shajakhan	c5ffed9245	mac80211: Fix a rwlock bad magic bug commit `b57e6b560f` upstream. read_lock(&tpt_trig->trig.leddev_list_lock) is accessed via the path ieee80211_open (->) ieee80211_do_open (->) ieee80211_mod_tpt_led_trig (->) ieee80211_start_tpt_led_trig (->) tpt_trig_timer before initializing it. the intilization of this read/write lock happens via the path ieee80211_led_init (->) led_trigger_register, but we are doing 'ieee80211_led_init' after 'ieeee80211_if_add' where we register netdev_ops. so we access leddev_list_lock before initializing it and causes the following bug in chrome laptops with AR928X cards with the following script while true do sudo modprobe -v ath9k sleep 3 sudo modprobe -r ath9k sleep 3 done BUG: rwlock bad magic on CPU#1, wpa_supplicant/358, f5b9eccc Pid: 358, comm: wpa_supplicant Not tainted 3.0.13 #1 Call Trace: [<8137b9df>] rwlock_bug+0x3d/0x47 [<81179830>] do_raw_read_lock+0x19/0x29 [<8137f063>] _raw_read_lock+0xd/0xf [<f9081957>] tpt_trig_timer+0xc3/0x145 [mac80211] [<f9081f3a>] ieee80211_mod_tpt_led_trig+0x152/0x174 [mac80211] [<f9076a3f>] ieee80211_do_open+0x11e/0x42e [mac80211] [<f9075390>] ? ieee80211_check_concurrent_iface+0x26/0x13c [mac80211] [<f9076d97>] ieee80211_open+0x48/0x4c [mac80211] [<812dbed8>] __dev_open+0x82/0xab [<812dc0c9>] __dev_change_flags+0x9c/0x113 [<812dc1ae>] dev_change_flags+0x18/0x44 [<8132144f>] devinet_ioctl+0x243/0x51a [<81321ba9>] inet_ioctl+0x93/0xac [<812cc951>] sock_ioctl+0x1c6/0x1ea [<812cc78b>] ? might_fault+0x20/0x20 [<810b1ebb>] do_vfs_ioctl+0x46e/0x4a2 [<810a6ebb>] ? fget_light+0x2f/0x70 [<812ce549>] ? sys_recvmsg+0x3e/0x48 [<810b1f35>] sys_ioctl+0x46/0x69 [<8137fa77>] sysenter_do_call+0x12/0x2 Cc: Gary Morain <gmorain@google.com> Cc: Paul Stewart <pstew@google.com> Cc: Abhijit Pradhan <abhijit@qca.qualcomm.com> Cc: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com> Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Acked-by: Johannes Berg <johannes.berg@intel.com> Tested-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:51 -08:00
Yinghai Lu	608951f12d	PCI: workaround hard-wired bus number V2 commit `71f6bd4a23` upstream. Fixes PCI device detection on IBM xSeries IBM 3850 M2 / x3950 M2 when using ACPI resources (_CRS). This is default, a manual workaround (without this patch) would be pci=nocrs boot param. V2: Add dev_warn if the workaround is hit. This should reveal how common such setups are (via google) and point to possible problems if things are still not working as expected. -> Suggested by Jan Beulich. Tested-by: garyhade@us.ibm.com Signed-off-by: Yinghai Lu <yinghai.lu@oracle.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:51 -08:00
Alex Deucher	74d54f57ce	drm/radeon/kms: fix MSI re-arm on rv370+ commit `b7f5b7dec3` upstream. MSI_REARM_EN register is a write only trigger register. There is no need RMW when re-arming. May fix: https://bugs.freedesktop.org/show_bug.cgi?id=41668 Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:50 -08:00
Nicolas Ferre	4f89dcb180	ARM: at91: USB AT91 gadget registration for module commit `e8c9dc93e2` upstream. Registration of at91_udc as a module will enable SoC related code. Fix following an idea from Karel Znamenacek. Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Acked-by: Karel Znamenacek <karel@ryston.cz> Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:49 -08:00
Anton Blanchard	90f91ae159	powerpc/perf: power_pmu_start restores incorrect values, breaking frequency events commit `9a45a9407c` upstream. perf on POWER stopped working after commit `e050e3f0a7` (perf: Fix broken interrupt rate throttling). That patch exposed a bug in the POWER perf_events code. Since the PMCs count upwards and take an exception when the top bit is set, we want to write 0x80000000 - left in power_pmu_start. We were instead programming in left which effectively disables the counter until we eventually hit 0x80000000. This could take seconds or longer. With the patch applied I get the expected number of samples: SAMPLE events: 9948 Signed-off-by: Anton Blanchard <anton@samba.org> Acked-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:49 -08:00
Greg Kroah-Hartman	ae9aea55d1	Security: tomoyo: add .gitignore file commit `735e93c704` upstream. This adds the .gitignore file for the autogenerated TOMOYO files to keep git from complaining after building things. Cc: Kentaro Takeda <takedakn@nttdata.co.jp> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: James Morris <jmorris@namei.org> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-29 16:30:48 -08:00
Greg Kroah-Hartman	1de504ea25	Linux 3.2.8	2012-02-27 10:26:22 -08:00
Linus Torvalds	9016ec4271	i387: re-introduce FPU state preloading at context switch time commit `34ddc81a23` upstream. After all the FPU state cleanups and finally finding the problem that caused all our FPU save/restore problems, this re-introduces the preloading of FPU state that was removed in commit `b3b0870ef3` ("i387: do not preload FPU state at task switch time"). However, instead of simply reverting the removal, this reimplements preloading with several fixes, most notably - properly abstracted as a true FPU state switch, rather than as open-coded save and restore with various hacks. In particular, implementing it as a proper FPU state switch allows us to optimize the CR0.TS flag accesses: there is no reason to set the TS bit only to then almost immediately clear it again. CR0 accesses are quite slow and expensive, don't flip the bit back and forth for no good reason. - Make sure that the same model works for both x86-32 and x86-64, so that there are no gratuitous differences between the two due to the way they save and restore segment state differently due to architectural differences that really don't matter to the FPU state. - Avoid exposing the "preload" state to the context switch routines, and in particular allow the concept of lazy state restore: if nothing else has used the FPU in the meantime, and the process is still on the same CPU, we can avoid restoring state from memory entirely, just re-expose the state that is still in the FPU unit. That optimized lazy restore isn't actually implemented here, but the infrastructure is set up for it. Of course, older CPU's that use 'fnsave' to save the state cannot take advantage of this, since the state saving also trashes the state. In other words, there is now an actual _design_ to the FPU state saving, rather than just random historical baggage. Hopefully it's easier to follow as a result. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:55 -08:00
Linus Torvalds	555558c5bf	i387: move TS_USEDFPU flag from thread_info to task_struct commit `f94edacf99` upstream. This moves the bit that indicates whether a thread has ownership of the FPU from the TS_USEDFPU bit in thread_info->status to a word of its own (called 'has_fpu') in task_struct->thread.has_fpu. This fixes two independent bugs at the same time: - changing 'thread_info->status' from the scheduler causes nasty problems for the other users of that variable, since it is defined to be thread-synchronous (that's what the "TS_" part of the naming was supposed to indicate). So perfectly valid code could (and did) do ti->status \|= TS_RESTORE_SIGMASK; and the compiler was free to do that as separate load, or and store instructions. Which can cause problems with preemption, since a task switch could happen in between, and change the TS_USEDFPU bit. The change to TS_USEDFPU would be overwritten by the final store. In practice, this seldom happened, though, because the 'status' field was seldom used more than once, so gcc would generally tend to generate code that used a read-modify-write instruction and thus happened to avoid this problem - RMW instructions are naturally low fat and preemption-safe. - On x86-32, the current_thread_info() pointer would, during interrupts and softirqs, point to a copy of the real thread_info, because x86-32 uses %esp to calculate the thread_info address, and thus the separate irq (and softirq) stacks would cause these kinds of odd thread_info copy aliases. This is normally not a problem, since interrupts aren't supposed to look at thread information anyway (what thread is running at interrupt time really isn't very well-defined), but it confused the heck out of irq_fpu_usable() and the code that tried to squirrel away the FPU state. (It also caused untold confusion for us poor kernel developers). It also turns out that using 'task_struct' is actually much more natural for most of the call sites that care about the FPU state, since they tend to work with the task struct for other reasons anyway (ie scheduling). And the FPU data that we are going to save/restore is found there too. Thanks to Arjan Van De Ven <arjan@linux.intel.com> for pointing us to the %esp issue. Cc: Arjan van de Ven <arjan@linux.intel.com> Reported-and-tested-by: Raphael Prevost <raphael@buro.asia> Acked-and-tested-by: Suresh Siddha <suresh.b.siddha@intel.com> Tested-by: Peter Anvin <hpa@zytor.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:54 -08:00
Linus Torvalds	9147fbe60a	i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to restore commit `4903062b54` upstream. The AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception is pending. In order to not leak FIP state from one process to another, we need to do a floating point load after the fxsave of the old process, and before the fxrstor of the new FPU state. That resets the state to the (uninteresting) kernel load, rather than some potentially sensitive user information. We used to do this directly after the FPU state save, but that is actually very inconvenient, since it (a) corrupts what is potentially perfectly good FPU state that we might want to lazy avoid restoring later and (b) on x86-64 it resulted in a very annoying ordering constraint, where "__unlazy_fpu()" in the task switch needs to be delayed until after the DS segment has been reloaded just to get the new DS value. Coupling it to the fxrstor instead of the fxsave automatically avoids both of these issues, and also ensures that we only do it when actually necessary (the FP state after a save may never actually get used). It's simply a much more natural place for the leaked state cleanup. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:54 -08:00
Linus Torvalds	ba6aaed5cc	i387: do not preload FPU state at task switch time commit `b3b0870ef3` upstream. Yes, taking the trap to re-load the FPU/MMX state is expensive, but so is spending several days looking for a bug in the state save/restore code. And the preload code has some rather subtle interactions with both paravirtualization support and segment state restore, so it's not nearly as simple as it should be. Also, now that we no longer necessarily depend on a single bit (ie TS_USEDFPU) for keeping track of the state of the FPU, we migth be able to do better. If we are really switching between two processes that keep touching the FP state, save/restore is inevitable, but in the case of having one process that does most of the FPU usage, we may actually be able to do much better than the preloading. In particular, we may be able to keep track of which CPU the process ran on last, and also per CPU keep track of which process' FP state that CPU has. For modern CPU's that don't destroy the FPU contents on save time, that would allow us to do a lazy restore by just re-enabling the existing FPU state - with no restore cost at all! Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:54 -08:00
Linus Torvalds	29515b215b	i387: don't ever touch TS_USEDFPU directly, use helper functions commit `6d59d7a9f5` upstream. This creates three helper functions that do the TS_USEDFPU accesses, and makes everybody that used to do it by hand use those helpers instead. In addition, there's a couple of helper functions for the "change both CR0.TS and TS_USEDFPU at the same time" case, and the places that do that together have been changed to use those. That means that we have fewer random places that open-code this situation. The intent is partly to clarify the code without actually changing any semantics yet (since we clearly still have some hard to reproduce bug in this area), but also to make it much easier to use another approach entirely to caching the CR0.TS bit for software accesses. Right now we use a bit in the thread-info 'status' variable (this patch does not change that), but we might want to make it a full field of its own or even make it a per-cpu variable. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:54 -08:00
Linus Torvalds	38358b6185	i387: move TS_USEDFPU clearing out of __save_init_fpu and into callers commit `b6c66418dc` upstream. Touching TS_USEDFPU without touching CR0.TS is confusing, so don't do it. By moving it into the callers, we always do the TS_USEDFPU next to the CR0.TS accesses in the source code, and it's much easier to see how the two go hand in hand. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:53 -08:00
Linus Torvalds	a5c2871665	i387: fix x86-64 preemption-unsafe user stack save/restore commit `15d8791cae` upstream. Commit `5b1cbac377` ("i387: make irq_fpu_usable() tests more robust") added a sanity check to the #NM handler to verify that we never cause the "Device Not Available" exception in kernel mode. However, that check actually pinpointed a (fundamental) race where we do cause that exception as part of the signal stack FPU state save/restore code. Because we use the floating point instructions themselves to save and restore state directly from user mode, we cannot do that atomically with testing the TS_USEDFPU bit: the user mode access itself may cause a page fault, which causes a task switch, which saves and restores the FP/MMX state from the kernel buffers. This kind of "recursive" FP state save is fine per se, but it means that when the signal stack save/restore gets restarted, it will now take the '#NM' exception we originally tried to avoid. With preemption this can happen even without the page fault - but because of the user access, we cannot just disable preemption around the save/restore instruction. There are various ways to solve this, including using the "enable/disable_page_fault()" helpers to not allow page faults at all during the sequence, and fall back to copying things by hand without the use of the native FP state save/restore instructions. However, the simplest thing to do is to just allow the #NM from kernel space, but fix the race in setting and clearing CR0.TS that this all exposed: the TS bit changes and the TS_USEDFPU bit absolutely have to be atomic wrt scheduling, so while the actual state save/restore can be interrupted and restarted, the act of actually clearing/setting CR0.TS and the TS_USEDFPU bit together must not. Instead of just adding random "preempt_disable/enable()" calls to what is already excessively ugly code, this introduces some helper functions that mostly mirror the "kernel_fpu_begin/end()" functionality, just for the user state instead. Those helper functions should probably eventually replace the other ad-hoc CR0.TS and TS_USEDFPU tests too, but I'll need to think about it some more: the task switching functionality in particular needs to expose the difference between the 'prev' and 'next' threads, while the new helper functions intentionally were written to only work with 'current'. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:53 -08:00
Linus Torvalds	0a7ea9d5aa	i387: fix sense of sanity check commit `c38e234562` upstream. The check for save_init_fpu() (introduced in commit `5b1cbac377`: "i387: make irq_fpu_usable() tests more robust") was the wrong way around, but I hadn't noticed, because my "tests" were bogus: the FPU exceptions are disabled by default, so even doing a divide by zero never actually triggers this code at all unless you do extra work to enable them. So if anybody did enable them, they'd get one spurious warning. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:53 -08:00
Linus Torvalds	42f2560ed6	i387: make irq_fpu_usable() tests more robust commit `5b1cbac377` upstream. Some code - especially the crypto layer - wants to use the x86 FP/MMX/AVX register set in what may be interrupt (typically softirq) context. That can be ok, but the tests for when it was ok were somewhat suspect. We cannot touch the thread-specific status bits either, so we'd better check that we're not going to try to save FP state or anything like that. Now, it may be that the TS bit is always cleared before we set the USEDFPU bit (and only set when we had already cleared the USEDFP before), so the TS bit test may actually have been sufficient, but it certainly was not obviously so. So this explicitly verifies that we will not touch the TS_USEDFPU bit, and adds a few related sanity-checks. Because it seems that somehow AES-NI is corrupting user FP state. The cause is not clear, and this patch doesn't fix it, but while debugging it I really wanted the code to be more obviously correct and robust. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:53 -08:00
Linus Torvalds	4733009df6	i387: math_state_restore() isn't called from asm commit `be98c2cdb1` upstream. It was marked asmlinkage for some really old and stale legacy reasons. Fix that and the equally stale comment. Noticed when debugging the irq_fpu_usable() bugs. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-27 10:25:52 -08:00
Greg Kroah-Hartman	9d0231c207	Linux 3.2.7	2012-02-20 13:42:16 -08:00
Alexey Dobriyan	7c51cb723a	crypto: sha512 - use standard ror64() commit `f2ea0f5f04` upstream. Use standard ror64() instead of hand-written. There is no standard ror64, so create it. The difference is shift value being "unsigned int" instead of uint64_t (for which there is no reason). gcc starts to emit native ROR instructions which it doesn't do for some reason currently. This should make the code faster. Patch survives in-tree crypto test and ping flood with hmac(sha512) on. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:20 -08:00
Stefano Stabellini	3601bce60f	xen pvhvm: do not remap pirqs onto evtchns if !xen_have_vector_callback commit `207d543f47` upstream. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:20 -08:00
Seungwon Jeon	00863fc272	mmc: dw_mmc: Fix PIO mode with support of highmem commit `f9c2a0dc42` upstream. Current PIO mode makes a kernel crash with CONFIG_HIGHMEM. Highmem pages have a NULL from sg_virt(sg). This patch fixes the following problem. Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0004000 [00000000] *pgd=00000000 Internal error: Oops: 817 [#1] PREEMPT SMP Modules linked in: CPU: 0 Not tainted (3.0.15-01423-gdbf465f #589) PC is at dw_mci_pull_data32+0x4c/0x9c LR is at dw_mci_read_data_pio+0x54/0x1f0 pc : [<c0358824>] lr : [<c035988c>] psr: 20000193 sp : c0619d48 ip : c0619d70 fp : c0619d6c r10: 00000000 r9 : 00000002 r8 : 00001000 r7 : 00000200 r6 : 00000000 r5 : e1dd3100 r4 : 00000000 r3 : 65622023 r2 : 0000007f r1 : eeb96000 r0 : e1dd3100 Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment xkernel Control: 10c5387d Table: 61e2004a DAC: 00000015 Process swapper (pid: 0, stack limit = 0xc06182f0) Stack: (0xc0619d48 to 0xc061a000) 9d40: e1dd3100 e1a4f000 00000000 e1dd3100 e1a4f000 00000200 9d60: c0619da4 c0619d70 c035988c c03587e4 c0619d9c e18158f4 e1dd3100 e1dd3100 9d80: 00000020 00000000 00000000 00000020 c06e8a84 00000000 c0619e04 c0619da8 9da0: c0359b24 c0359844 e18158f4 e1dd3164 e1dd3168 e1dd3150 3d02fc79 e1dd3154 9dc0: e1dd3178 00000000 00000020 00000000 e1dd3150 00000000 c10dd7e8 e1a84900 9de0: c061e7cc 00000000 00000000 0000008d c06e8a84 c061e780 c0619e4c c0619e08 9e00: c00c4738 c0359a34 3d02fc79 00000000 c0619e4c c05a1698 c05a1670 c05a165c 9e20: c04de8b0 c061e780 c061e7cc e1a84900 ffffed68 0000008d c0618000 00000000 9e40: c0619e6c c0619e50 c00c48b4 c00c46c8 c061e780 c00423ac c061e7cc ffffed68 9e60: c0619e8c c0619e70 c00c7358 c00c487c 0000008d ffffee38 c0618000 ffffed68 9e80: c0619ea4 c0619e90 c00c4258 c00c72b0 c00423ac ffffee38 c0619ecc c0619ea8 9ea0: c004241c c00c4234 ffffffff f8810000 0000006d 00000002 00000001 7fffffff 9ec0: c0619f44 c0619ed0 c0048bc0 c00423c4 220ae7a9 00000000 386f0d30 0005d3a4 9ee0: c00423ac c10dd0b8 c06f2cd8 c0618000 c0594778 c003a674 7fffffff c0619f44 9f00: 386f0d30 c0619f18 c00a6f94 c005be3c 80000013 ffffffff 386f0d30 0005d3a4 9f20: 386f0d30 0005d2d1 c10dd0a8 c10dd0b8 c06f2cd8 c0618000 c0619f74 c0619f48 9f40: c0345858 c005be00 c00a2440 c0618000 c0618000 c00410d8 c06c1944 c00410fc 9f60: c0594778 c003a674 c0619f9c c0619f78 c004a7e8 c03457b4 c0618000 c06c18f8 9f80: 00000000 c0039c70 c06c18d4 c003a674 c0619fb4 c0619fa0 c04ceafc c004a714 9fa0: c06287b4 c06c18f8 c0619ff4 c0619fb8 c0008b68 c04cea68 c0008578 00000000 9fc0: 00000000 c003a674 00000000 10c5387d c0628658 c003aa78 c062f1c4 4000406a 9fe0: 413fc090 00000000 00000000 c0619ff8 40008044 c0008858 00000000 00000000 Backtrace: [<c03587d8>] (dw_mci_pull_data32+0x0/0x9c) from [<c035988c>] (dw_mci_read_data_pio+0x54/0x1f0) r6:00000200 r5:e1a4f000 r4:e1dd3100 [<c0359838>] (dw_mci_read_data_pio+0x0/0x1f0) from [<c0359b24>] (dw_mci_interrupt+0xfc/0x4a4) [<c0359a28>] (dw_mci_interrupt+0x0/0x4a4) from [<c00c4738>] (handle_irq_event_percpu+0x7c/0x1b4) [<c00c46bc>] (handle_irq_event_percpu+0x0/0x1b4) from [<c00c48b4>] (handle_irq_event+0x44/0x64) [<c00c4870>] (handle_irq_event+0x0/0x64) from [<c00c7358>] (handle_fasteoi_irq+0xb4/0x124) r7:ffffed68 r6:c061e7cc r5:c00423ac r4:c061e780 [<c00c72a4>] (handle_fasteoi_irq+0x0/0x124) from [<c00c4258>] (generic_handle_irq+0x30/0x38) r7:ffffed68 r6:c0618000 r5:ffffee38 r4:0000008d [<c00c4228>] (generic_handle_irq+0x0/0x38) from [<c004241c>] (asm_do_IRQ+0x64/0xe0) r5:ffffee38 r4:c00423ac [<c00423b8>] (asm_do_IRQ+0x0/0xe0) from [<c0048bc0>] (__irq_svc+0x80/0x14c) Exception stack(0xc0619ed0 to 0xc0619f18) Signed-off-by: Seungwon Jeon <tgih.jun@samsung.com> Acked-by: Will Newton <will.newton@imgtec.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:20 -08:00
Ludovic Desroches	b207384ec8	mmc: atmel-mci: save and restore sdioirq when soft reset is performed commit `18ee684b8a` upstream. Sometimes a software reset is needed. Then some registers are saved and restored but the interrupt mask register is missing. It causes issues with sdio devices whose interrupts are masked after reset. Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com> Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:20 -08:00
Takashi Iwai	2edcb814b3	ALSA: hda - Fix silent speaker output on Acer Aspire 6935 commit `02a237b24d` upstream. Since 3.2 kernel, the driver starts trying to assign the multi-io DACs before the speaker, thus it assigns DAC2/3 for multi-io and DAC4 for the speaker for a standard laptop setup like a HP, a speaker, a mic-in and a line-in. However, on Acer Aspire 6935, it seems that the speaker pin 0x14 must be connected with either DAC1 or 2; otherwise it results in silence by some reason, although the codec itself allows the routing to DAC3/4. As a workaround, the connection list of each pin is reduced to be mapped to either only DAC1/2 or DAC3/4, so that the compatible assignment as in kernel 3.1 is achieved. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42740 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:19 -08:00
Takashi Iwai	852c3a36c2	ALSA: hda - Fix initialization of secondary capture source on VT1705 commit `fc1156c0b0` upstream. VT1705 codec has two ADCs where the secondary ADC has no MUX but only a fixed connection to the mic pin. This confused the driver and it tries always overriding the input-source selection by assumption of the existing MUX for the secondary ADC, resulted in resetting the input-source at each time PM (including power-saving) occurs. The fix is simply to check the existence of MUX for secondary ADCs in the initialization code. Tested-by: Anisse Astier <anisse@astier.eu> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:19 -08:00
Daniel T Chen	c9353a7b06	ALSA: intel8x0: Fix default inaudible sound on Gateway M520 commit `27c3afe6e1` upstream. BugLink: https://bugs.launchpad.net/bugs/930842 The reporter states that audio is inaudible by default without muting 'External Amplifier'. Add a quirk to handle his SSID so that changing the control is not necessary. Reported-and-tested-by: Benjamin Carlson <elderbubba0810@gmail.com> Signed-off-by: Daniel T Chen <crimsun@ubuntu.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:18 -08:00
Rabin Vincent	884d833e27	backing-dev: fix wakeup timer races with bdi_unregister() commit `2673b4cf5d` upstream. While `7a401a972d` ("backing-dev: ensure wakeup_timer is deleted") addressed the problem of the bdi being freed with a queued wakeup timer, there are other races that could happen if the wakeup timer expires after/during bdi_unregister(), before bdi_destroy() is called. wakeup_timer_fn() could attempt to wakeup a task which has already has been freed, or could access a NULL bdi->dev via the wake_forker_thread tracepoint. Cc: Jens Axboe <axboe@kernel.dk> Reported-by: Chanho Min <chanho.min@lge.com> Reviewed-by: Namjae Jeon <linkinjeon@gmail.com> Signed-off-by: Rabin Vincent <rabin@rab.in> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:18 -08:00
Herbert Xu	03b762ab87	crypto: sha512 - Avoid stack bloat on i386 commit `3a92d687c8` upstream. Unfortunately in reducing W from 80 to 16 we ended up unrolling the loop twice. As gcc has issues dealing with 64-bit ops on i386 this means that we end up using even more stack space (>1K). This patch solves the W reduction by moving LOAD_OP/BLEND_OP into the loop itself, thus avoiding the need to duplicate it. While the stack space still isn't great (>0.5K) it is at least in the same ball park as the amount of stack used for our C sha1 implementation. Note that this patch basically reverts to the original code so the diff looks bigger than it really is. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:18 -08:00
Herbert Xu	f334f74575	crypto: sha512 - Use binary and instead of modulus commit `58d7d18b52` upstream. The previous patch used the modulus operator over a power of 2 unnecessarily which may produce suboptimal binary code. This patch changes changes them to binary ands instead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:18 -08:00
Jeff Layton	23cfecf979	cifs: don't return error from standard_receive3 after marking response malformed commit `ff4fa4a25a` upstream. standard_receive3 will check the validity of the response from the server (via checkSMB). It'll pass the result of that check to handle_mid which will dequeue it and mark it with a status of MID_RESPONSE_MALFORMED if checkSMB returned an error. At that point, standard_receive3 will also return an error, which will make the demultiplex thread skip doing the callback for the mid. This is wrong -- if we were able to identify the request and the response is marked malformed, then we want the demultiplex thread to do the callback. Fix this by making standard_receive3 return 0 in this situation. Reported-and-Tested-by: Mark Moseley <moseleymark@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:18 -08:00
Jeff Layton	77d04b76d6	cifs: request oplock when doing open on lookup commit `8b0192a5f4` upstream. Currently, it's always set to 0 (no oplock requested). Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:17 -08:00
Nikolaus Schulz	90d9b5dce1	hwmon: (f75375s) Fix automatic pwm mode setting for F75373 & F75375 commit `09e87e5c4f` upstream. In order to enable temperature mode aka automatic mode for the F75373 and F75375 chips, the two FANx_MODE bits in the fan configuration register need be set to 01, not 10. Signed-off-by: Nikolaus Schulz <mail@microschulz.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:17 -08:00
Wu Fengguang	422204b779	writeback: fix dereferencing NULL bdi->dev on trace_writeback_queue commit `977b7e3a52` upstream. When a SD card is hot removed without umount, del_gendisk() will call bdi_unregister() without destroying/freeing it. This leaves the bdi in the bdi->dev = NULL, bdi->wb.task = NULL, bdi->bdi_list removed state. When sync(2) gets the bdi before bdi_unregister() and calls bdi_queue_work() after the unregister, trace_writeback_queue will be dereferencing the NULL bdi->dev. Fix it with a simple test for NULL. LKML-reference: http://lkml.org/lkml/2012/1/18/346 Reported-by: Rabin Vincent <rabin@rab.in> Tested-by: Namjae Jeon <linkinjeon@gmail.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:17 -08:00
Wu Fengguang	aec14f459c	writeback: fix NULL bdi->dev in trace writeback_single_inode commit `15eb77a07c` upstream. bdi_prune_sb() resets sb->s_bdi to default_backing_dev_info when the tearing down the original bdi. Fix trace_writeback_single_inode to use sb->s_bdi=default_backing_dev_info rather than bdi->dev=NULL for a teared down bdi. Reported-by: Rabin Vincent <rabin@rab.in> Tested-by: Rabin Vincent <rabin@rab.in> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:16 -08:00
Eliad Peller	60d08dde8e	mac80211: timeout a single frame in the rx reorder buffer commit `07ae2dfcf4` upstream. The current code checks for stored_mpdu_num > 1, causing the reorder_timer to be triggered indefinitely, but the frame is never timed-out (until the next packet is received) Signed-off-by: Eliad Peller <eliad@wizery.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:16 -08:00
Dan Carpenter	a0cbc2da8e	relay: prevent integer overflow in relay_open() commit `f6302f1bcd` upstream. "subbuf_size" and "n_subbufs" come from the user and they need to be capped to prevent an integer overflow. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:16 -08:00
Wu Fengguang	736020248c	lib: proportion: lower PROP_MAX_SHIFT to 32 on 64-bit kernel commit `3310225dfc` upstream. PROP_MAX_SHIFT should be set to <=32 on 64-bit box. This fixes two bugs in the below lines of bdi_dirty_limit(): bdi_dirty = numerator; do_div(bdi_dirty, denominator); 1) divide error: do_div() only uses the lower 32 bit of the denominator, which may trimmed to be 0 when PROP_MAX_SHIFT > 32. 2) overflow: (bdi_dirty numerator) could easily overflow if numerator used up to 48 bits, leaving only 16 bits to bdi_dirty Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Reported-by: Ilya Tumaykin <librarian_rus@yahoo.com> Tested-by: Ilya Tumaykin <librarian_rus@yahoo.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:16 -08:00
Atsushi Nemoto	5f892ebab0	net: enable TC35815 for MIPS again commit `a1728800be` upstream. 8<---------------------------------------------------------------------- From: Ralf Roesch <ralf.roesch@rw-gmbh.de> Date: Wed, 16 Nov 2011 09:33:50 +0100 Subject: net: enable TC35815 for MIPS again TX493[8,9] MIPS SoCs support 2 Ethernet channels of type TC35815 which are connected to the internal PCI controller. And JMR3927 MIPS board has a TC35815 chip on board. These dependencies were lost on movement to drivers/net/ethernet/toshiba. Signed-off-by: Ralf Roesch <ralf.roesch@rw-gmbh.de> Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:16 -08:00
Nikolaus Schulz	82546bf5cc	hwmon: (f75375s) Fix bit shifting in f75375_write16 commit `eb2f255b2d` upstream. In order to extract the high byte of the 16-bit word, shift the word to the right, not to the left. Signed-off-by: Nikolaus Schulz <mail@microschulz.de> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:16 -08:00
Felix Fietkau	39141a87c7	ath9k_hw: fix a RTS/CTS timeout regression commit `55a2bb4a6d` upstream. commit `adb5066` "ath9k_hw: do not apply the 2.4 ghz ack timeout workaround to cts" reduced the hardware CTS timeout to the normal values specified by the standard, but it turns out while it doesn't need the same extra time that it needs for the ACK timeout, it does need more than the value specified in the standard, but only for 2.4 GHz. This patch brings the CTS timeout value in sync with the initialization values, while still allowing adjustment for bigger distances. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Reported-by: Seth Forshee <seth.forshee@canonical.com> Reported-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:15 -08:00
Felix Fietkau	07c07e5269	ath9k: fix a WEP crypto related regression commit `f88373fa47` upstream. commit `b4a82a0` "ath9k_hw: fix interpretation of the rx KeyMiss flag" fixed the interpretation of the KeyMiss flag for keycache based lookups, however WEP encryption uses a static index, so KeyMiss is always asserted for it, even though frames are decrypted properly. Fix this by clearing the ATH9K_RXERR_KEYMISS flag if no keycache based lookup was performed. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Reported-by: Laurent Bonnans <bonnans.l@gmail.com> Reported-by: Jurica Vukadin <u.ra604@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:14 -08:00
Mohammed Shafi Shajakhan	801cb74a25	ath9k: Fix kernel panic during driver initilization commit `07445f6882` upstream. all works need to be initialized before ieee80211_register_hw to prevent mac80211 call backs such as drv_start, drv_config getting started. otherwise we would queue/cancel works before initializing them and it leads to kernel panic. this issue can be recreated with the following script in Chrome laptops with AR928X cards, with background scan running (or) Network manager is running while true do sudo modprobe -v ath9k sleep 3 sudo modprobe -r ath9k sleep 3 done EIP: [<81040a47>] __cancel_work_timer+0xb8/0xe1 SS:ESP 0068:f6be9d70 ---[ end trace 4f86d6139a9900ef ]--- Registered led device: ath9k-phy0 ieee80211 phy0: Atheros AR9280 Rev:2 mem=0xf88a0000, irq=16 Kernel panic - not syncing: Fatal exception Pid: 456, comm: wpa_supplicant Tainted: G D 3.0.13 #1 Call Trace: [<81379e21>] panic+0x53/0x14a [<81004a30>] oops_end+0x73/0x81 [<81004b53>] die+0x4c/0x55 [<81002710>] do_trap+0x7c/0x83 [<81002855>] ? do_bounds+0x58/0x58 [<810028cc>] do_invalid_op+0x77/0x81 [<81040a47>] ? __cancel_work_timer+0xb8/0xe1 [<810489ec>] ? sched_clock_cpu+0x81/0x11f [<8103f809>] ? wait_on_work+0xe2/0xf7 [<8137f807>] error_code+0x67/0x6c [<810300d8>] ? wait_consider_task+0x4ba/0x84c [<81040a47>] ? __cancel_work_timer+0xb8/0xe1 [<810380c9>] ? try_to_del_timer_sync+0x5f/0x67 [<81040a91>] cancel_work_sync+0xf/0x11 [<f88d7b7c>] ath_set_channel+0x62/0x25c [ath9k] [<f88d67d1>] ? ath9k_tx_last_beacon+0x26a/0x85c [ath9k] [<f88d8899>] ath_radio_disable+0x3f1/0x68e [ath9k] [<f90d0edb>] ieee80211_hw_config+0x111/0x116 [mac80211] [<f90dd95c>] __ieee80211_recalc_idle+0x919/0xa37 [mac80211] [<f90dda76>] __ieee80211_recalc_idle+0xa33/0xa37 [mac80211] [<812dbed8>] __dev_open+0x82/0xab Cc: Gary Morain <gmorain@google.com> Cc: Paul Stewart <pstew@google.com> Cc: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com> Tested-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:14 -08:00
Daniel Vetter	e0de290452	drm/i915: no lvds quirk for AOpen MP45 commit `e57b6886f5` upstream. According to a bug report, it doesn't have one. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44263 Acked-by: Chris Wilson <chris@chris-wilson.co.uk> Signed-Off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:14 -08:00
Keith Packard	3d794f8723	drm/i915: Force explicit bpp selection for intel_dp_link_required commit `c898261c0d` upstream. It is never correct to use intel_crtc->bpp in intel_dp_link_required, so instead pass an explicit bpp in to this function. This patch only supports 18bpp and 24bpp modes, which means that 10bpc modes will be computed incorrectly. Fixing that will require more extensive changes, and so must be addressed separately from this bugfix. intel_dp_link_required is called from intel_dp_mode_valid and intel_dp_mode_fixup. * intel_dp_mode_valid is called to list supported modes; in this case, the current crtc values cannot be relevant as the modes in question may never be selected. Thus, using intel_crtc->bpp is never right. * intel_dp_mode_fixup is called during mode setting, but it is run well before ironlake_crtc_mode_set is called to set intel_crtc->bpp, so using intel_crtc-bpp in this path can only ever get a stale value. Cc: Lubos Kolouch <lubos.kolouch@gmail.com> Cc: Adam Jackson <ajax@redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=42263 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44881 Tested-by: Dave Airlie <airlied@redhat.com> Tested-by: camalot@picnicpark.org (Dell Latitude 6510) Tested-by: Roland Dreier <roland@digitalvampire.org> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:14 -08:00
Jiri Olsa	bb937c6a47	perf tools: Fix perf stack to non executable on x86_64 commit `7a0153ee15` upstream. By adding following objects: bench/mem-memcpy-x86-64-asm.o the x86_64 perf binary ended up with executable stack. The reason was that above object are assembler sourced and is missing the GNU-stack note section. In such case the linker assumes that the final binary should not be restricted at all and mark the stack as RWX. Adding section ".note.GNU-stack" definition to mentioned object, with all flags disabled, thus omiting this object from linker stack flags decision. Problem introduced in: $ git describe `ea7872b` v2.6.37-rc2-19-gea7872b Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=783570 Reported-by: Clark Williams <williams@redhat.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Link: http://lkml.kernel.org/r/1328100848-5630-1-git-send-email-jolsa@redhat.com Signed-off-by: Jiri Olsa <jolsa@redhat.com> [ committer note: Backported fix to perf/urgent (3.3-rc2+) ] Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:13 -08:00
Naveen N. Rao	838d7aabe2	perf evsel: Fix an issue where perf report fails to show the proper percentage commit `a4a03fc7ef` upstream. This patch fixes an issue where perf report shows nan% for certain perf.data files. The below is from a report for a do_fork probe: -nan% sshd [kernel.kallsyms] [k] do_fork -nan% packagekitd [kernel.kallsyms] [k] do_fork -nan% dbus-daemon [kernel.kallsyms] [k] do_fork -nan% bash [kernel.kallsyms] [k] do_fork A git bisect shows commit `f3bda2c` as the cause. However, looking back through the git history, I saw commit `640c03c` which seems to have removed the required initialization for perf_sample->period. The problem only started showing after commit `f3bda2c`. The below patch re-introduces the initialization and it fixes the problem for me. With the below patch, for the same perf.data: 73.08% bash [kernel.kallsyms] [k] do_fork 8.97% 11-dhclient [kernel.kallsyms] [k] do_fork 6.41% sshd [kernel.kallsyms] [k] do_fork 3.85% 20-chrony [kernel.kallsyms] [k] do_fork 2.56% sendmail [kernel.kallsyms] [k] do_fork This patch applies over current linux-tip commit 9949284. Problem introduced in: $ git describe `640c03c` v2.6.37-rc3-83-g640c03c Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Robert Richter <robert.richter@amd.com> Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com> Link: http://lkml.kernel.org/r/20120203170113.5190.25558.stgit@localhost6.localdomain6 Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:13 -08:00
Greg Rose	3039fb27d5	igb: fix vf lookup commit `0629292117` upstream. Recent addition of code to find already allocated VFs failed to take account that systems with 2 or more multi-port SR-IOV capable controllers might have already enabled VFs. Make sure that the VFs the function is finding are actually subordinate to the particular instance of the adapter that is looking for them and not subordinate to some device that has previously enabled SR-IOV. This is applicable to 3.2+ kernels. Reported-by: David Ahern <daahern@cisco.com> Signed-off-by: Greg Rose <gregory.v.rose@intel.com> Tested-by: Robert E Garrett <robertX.e.garrett@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:13 -08:00
Greg Rose	ec00c9c49a	ixgbe: fix vf lookup commit `a4b08329c7` upstream. Recent addition of code to find already allocated VFs failed to take account that systems with 2 or more multi-port SR-IOV capable controllers might have already enabled VFs. Make sure that the VFs the function is finding are actually subordinate to the particular instance of the adapter that is looking for them and not subordinate to some device that has previously enabled SR-IOV. This bug exists in 3.2 stable as well as 3.3 release candidates. Reported-by: David Ahern <daahern@cisco.com> Signed-off-by: Greg Rose <gregory.v.rose@intel.com> Tested-by: Robert E Garrett <robertX.e.garrett@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-20 12:46:12 -08:00
Greg Kroah-Hartman	c2db2e264b	Linux 3.2.6	2012-02-13 11:17:29 -08:00
Andreas Herrmann	8f44619e1e	powernow-k8: Fix indexing issue commit `a8eb28480e` upstream. The driver uses the pstate number from the status register as index in its table of ACPI pstates (powernow_table). This is wrong as this is not a 1-to-1 mapping. For example we can have _PSS information to just utilize Pstate 0 and Pstate 4, ie. powernow-k8: Core Performance Boosting: on. powernow-k8: 0 : pstate 0 (2200 MHz) powernow-k8: 1 : pstate 4 (1400 MHz) In this example the driver's powernow_table has just 2 entries. Using the pstate number (4) as index into this table is just plain wrong. Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:04 -08:00
Andreas Herrmann	af2ff52142	powernow-k8: Avoid Pstate MSR accesses on systems supporting CPB commit `201bf0f129` upstream. Due to CPB we can't directly map SW Pstates to Pstate MSRs. Get rid of the paranoia check. (assuming that the ACPI Pstate information is correct.) Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:04 -08:00
Axel Lin	6bffce08e4	mmc: cb710 core: Add missing spin_lock_init for irq_lock of struct cb710_chip commit `b5266ea675` upstream. Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:04 -08:00
Dan Magenheimer	5c97f5b2d4	zcache: fix deadlock condition commit `9256a4789b` upstream. I discovered this deadlock condition awhile ago working on RAMster but it affects zcache as well. The list spinlock must be locked prior to the page spinlock and released after. As a result, the page copy must also be done while the locks are held. Applies to 3.2. Konrad, please push (via GregKH?)... this is definitely a bug fix so need not be pushed during a -rc0 window. Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:04 -08:00
Dan Magenheimer	c1efec8273	zcache: Set SWIZ_BITS to 8 to reduce tmem bucket lock contention. commit `e8b4553457` upstream. SWIZ_BITS > 8 results in a much larger number of "tmem_obj" allocations, likely one per page-placed-in-frontswap. The tmem_obj is not huge (roughly 100 bytes), but it is large enough to add a not-insignificant memory overhead to zcache. The SWIZ_BITS=8 will get roughly the same lock contention without the space wastage. The effect of SWIZ_BITS can be thought of as "2^SWIZ_BITS is the number of unique oids that be generated" (This concept is limited to frontswap's use of tmem). Acked-by: Seth Jennings <sjenning@linux.vnet.ibm.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:04 -08:00
Rui li	57c313f718	USB: add new zte 3g-dongle's pid to option.c commit `1608ea5f4b` upstream. As ZTE have and will use more pid for new products this year, so we need to add some new zte 3g-dongle's pid on option.c , and delete one pid 0x0154 because it use for mass-storage port. Signed-off-by: Rui li <li.rui27@zte.com.cn> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:04 -08:00
Milan Kocian	294913e9df	USB: usbserial: add new PID number (0xa951) to the ftdi driver commit `90451e6973` upstream. Signed-off-by: Milan Kocian <milon@wq.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:03 -08:00
Jayachandran C	0bbd5d1b0a	usb: Skip PCI USB quirk handling for Netlogic XLP commit `e4436a7c17` upstream. The Netlogic XLP SoC's on-chip USB controller appears as a PCI USB device, but does not need the EHCI/OHCI handoff done in usb/host/pci-quirks.c. The pci-quirks.c is enabled for all vendors and devices, and is enabled if USB and PCI are configured. If we do not skip the qurik handling on XLP, the readb() call in ehci_bios_handoff() will cause a crash since byte access is not supported for EHCI registers in XLP. Signed-off-by: Jayachandran C <jayachandranc@netlogicmicro.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:03 -08:00
Timo Juhani Lindfors	d99aad98ef	usb: gadget: zero: fix bug in loopback autoresume handling commit `683da59d7b` upstream. `ab943a2e12` (USB: gadget: gadget zero uses new suspend/resume hooks) introduced a copy-paste error where f_loopback.c writes to a variable declared in f_sourcesink.c. This prevents one from creating gadgets that only have a loopback function. Signed-off-by: Timo Juhani Lindfors <timo.lindfors@iki.fi> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:03 -08:00
Kuninori Morimoto	915cf0ec84	usb: ch9.h: usb_endpoint_maxp() uses __le16_to_cpu() commit `9c0a835a9d` upstream. The usb/ch9.h will be installed to /usr/include/linux, and be used from user space. But le16_to_cpu() is only defined for kernel code. Without this patch, user space compile will be broken. Special thanks to Stefan Becker Reported-by: Stefan Becker <chemobejk@gmail.com> Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:03 -08:00
Larry Finger	bc5d453eab	staging: r8712u: Use asynchronous firmware loading commit `8c213fa591` upstream. In https://bugs.archlinux.org/task/27996, failure of driver r8712u is reported, with a timeout during module loading due to synchronous loading of the firmware. The code now uses request_firmware_nowait(). Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:03 -08:00
Larry Finger	1cbce5d4ad	staging: r8712u: Add new Sitecom UsB ID commit `1793bf1ded` upstream. Add USB ID for SITECOM WLA-1000 V1 001 WLAN Reported-and-tested-by: Roland Gruber <post@rolandgruber.de> Reported-and-tested-by: Dario Lucia <dario.lucia@gmail.com> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:03 -08:00
Pekka Paalanen	ebb468b38e	Staging: asus_oled: fix NULL-ptr crash on unloading commit `3589e74595` upstream. Asus_oled triggers the following bug on module unloading: usbcore: deregistering interface driver asus-oled BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 IP: [<ffffffff8111292b>] sysfs_delete_link+0x30/0x66 Call Trace: [<ffffffff81225373>] device_remove_class_symlinks+0x6b/0x70 [<ffffffff812256a8>] device_del+0x9f/0x1ab [<ffffffff812257c5>] device_unregister+0x11/0x1e [<ffffffffa000cb82>] asus_oled_disconnect+0x4f/0x9e [asus_oled] [<ffffffff81277430>] usb_unbind_interface+0x54/0x103 [<ffffffff812276c4>] __device_release_driver+0xa2/0xeb [<ffffffff81227794>] driver_detach+0x87/0xad [<ffffffff812269e9>] bus_remove_driver+0x91/0xc1 [<ffffffff81227fb4>] driver_unregister+0x66/0x6e [<ffffffff812771ed>] usb_deregister+0xbb/0xc4 [<ffffffffa000ce87>] asus_oled_exit+0x2f/0x31 [asus_oled] [<ffffffff81068365>] sys_delete_module+0x1b8/0x21b [<ffffffff810ae3de>] ? do_munmap+0x2ef/0x313 [<ffffffff813699bb>] system_call_fastpath+0x16/0x1b This is due to an incorrect destruction sequence in asus_oled_exit(). Fix the order, fixes the bug. Tested on an Asus G50V laptop only. Cc: Jakub Schmidtke <sjakub@gmail.com> Signed-off-by: Pekka Paalanen <pq@iki.fi> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:02 -08:00
Pekka Paalanen	d352f16e64	Staging: asus_oled: fix image processing commit `635032cb39` upstream. Programming an image was broken, because odev->buf_offs was not advanced for val == 0 in append_values(). This regression was introduced in: commit `1ff12a4aa3` Author: Kevin A. Granade <kevin.granade@gmail.com> Date: Sat Sep 5 01:03:39 2009 -0500 Staging: asus_oled: Cleaned up checkpatch issues. Fix the image processing by special-casing val == 0. I have tested this change on an Asus G50V laptop only. Cc: Jakub Schmidtke <sjakub@gmail.com> Cc: Kevin A. Granade <kevin.granade@gmail.com> Signed-off-by: Pekka Paalanen <pq@iki.fi> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:02 -08:00
Roland Dreier	95db7f1f8d	target: Fail INQUIRY commands with EVPD==0 but PAGE CODE!=0 commit `bf0053550a` upstream. My draft of SPC-4 says: If the PAGE CODE field is not set to zero when the EVPD bit is set to zero, the command shall be terminated with CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST, and the additional sense code set to INVALID FIELD IN CDB. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:02 -08:00
Roland Dreier	0e14d6b67d	target: Return correct ASC for unimplemented VPD pages commit `bb1acb2ee0` upstream. My draft of SPC-4 says: If the device server does not implement the requested vital product data page, then the command shall be terminated with CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST, and the additional sense code set to INVALID FIELD IN CDB. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:02 -08:00
Nicholas Bellinger	f467de45d9	target: Add workaround for zero-length control CDB handling commit `91ec1d3535` upstream. This patch adds a work-around for handling zero allocation length control CDBs (type SCF_SCSI_CONTROL_SG_IO_CDB) that was causing an OOPs with the following raw calls: # sg_raw -v /dev/sdd 3 0 0 0 0 0 # sg_raw -v /dev/sdd 0x1a 0 1 0 0 0 This patch will follow existing zero-length handling for data I/O and silently return with GOOD status. This addresses the zero length issue, but the proper long-term resolution for handling arbitary allocation lengths will be to refactor out data-phase handling in individual CDB emulation logic within target_core_cdb.c Reported-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:02 -08:00
Roland Dreier	f4d055fcee	target: Correct sense key for INVALID FIELD IN {PARAMETER LIST,CDB} commit `9fbc890987` upstream. According to SPC-4, the sense key for commands that are failed with INVALID FIELD IN PARAMETER LIST and INVALID FIELD IN CDB should be ILLEGAL REQUEST (5h) rather than ABORTED COMMAND (Bh). Without this patch, a tcm_loop LUN incorrectly gives: # sg_raw -r 1 -v /dev/sda 3 1 0 0 ff 0 Sense Information: Fixed format, current; Sense key: Aborted Command Additional sense: Invalid field in cdb Raw sense data (in hex): 70 00 0b 00 00 00 00 0a 00 00 00 00 24 00 00 00 00 00 While a real SCSI disk gives: Sense Information: Fixed format, current; Sense key: Illegal Request Additional sense: Invalid field in cdb Raw sense data (in hex): 70 00 05 00 00 00 00 18 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 with the main point being that the real disk gives a sense key of ILLEGAL REQUEST (5h). Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:01 -08:00
Marco Sanvido	1348bc5266	target: Allow PERSISTENT RESERVE IN for non-reservation holder commit `6816966a84` upstream. Initiators that aren't the active reservation holder should be able to do a PERSISTENT RESERVE IN command in all cases, so add it to the list of allowed CDBs in core_scsi3_pr_seq_non_holder(). Signed-off-by: Marco Sanvido <marco@purestorage.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:01 -08:00
Marco Sanvido	1c7a78d3cf	target: Use correct preempted registration sense code commit `9e08e34e37` upstream. The comments quote the right parts of the spec: * d) Establish a unit attention condition for the * initiator port associated with every I_T nexus * that lost its registration other than the I_T * nexus on which the PERSISTENT RESERVE OUT command * was received, with the additional sense code set * to REGISTRATIONS PREEMPTED. and * e) Establish a unit attention condition for the initiator * port associated with every I_T nexus that lost its * persistent reservation and/or registration, with the * additional sense code set to REGISTRATIONS PREEMPTED; but the actual code accidentally uses ASCQ_2AH_RESERVATIONS_PREEMPTED instead of ASCQ_2AH_REGISTRATIONS_PREEMPTED. Fix this. Signed-off-by: Marco Sanvido <marco@purestorage.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:01 -08:00
Hugh Dickins	d0a77dc1ab	mm: fix UP THP spin_is_locked BUGs commit `b9980cdcf2` upstream. Fix CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_SMP=n CONFIG_DEBUG_VM=y CONFIG_DEBUG_SPINLOCK=n kernel: spin_is_locked() is then always false, and so triggers some BUGs in Transparent HugePage codepaths. asm-generic/bug.h mentions this problem, and provides a WARN_ON_SMP(x); but being too lazy to add VM_BUG_ON_SMP, BUG_ON_SMP, WARN_ON_SMP_ONCE, VM_WARN_ON_SMP_ONCE, just test NR_CPUS != 1 in the existing VM_BUG_ONs. Signed-off-by: Hugh Dickins <hughd@google.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:01 -08:00
Mel Gorman	a7d2576c85	mm: compaction: check for overlapping nodes during isolation for migration commit `dc9086004b` upstream. When isolating pages for migration, migration starts at the start of a zone while the free scanner starts at the end of the zone. Migration avoids entering a new zone by never going beyond the free scanned. Unfortunately, in very rare cases nodes can overlap. When this happens, migration isolates pages without the LRU lock held, corrupting lists which will trigger errors in reclaim or during page free such as in the following oops BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: [<ffffffff810f795c>] free_pcppages_bulk+0xcc/0x450 PGD 1dda554067 PUD 1e1cb58067 PMD 0 Oops: 0000 [#1] SMP CPU 37 Pid: 17088, comm: memcg_process_s Tainted: G X RIP: free_pcppages_bulk+0xcc/0x450 Process memcg_process_s (pid: 17088, threadinfo ffff881c2926e000, task ffff881c2926c0c0) Call Trace: free_hot_cold_page+0x17e/0x1f0 __pagevec_free+0x90/0xb0 release_pages+0x22a/0x260 pagevec_lru_move_fn+0xf3/0x110 putback_lru_page+0x66/0xe0 unmap_and_move+0x156/0x180 migrate_pages+0x9e/0x1b0 compact_zone+0x1f3/0x2f0 compact_zone_order+0xa2/0xe0 try_to_compact_pages+0xdf/0x110 __alloc_pages_direct_compact+0xee/0x1c0 __alloc_pages_slowpath+0x370/0x830 __alloc_pages_nodemask+0x1b1/0x1c0 alloc_pages_vma+0x9b/0x160 do_huge_pmd_anonymous_page+0x160/0x270 do_page_fault+0x207/0x4c0 page_fault+0x25/0x30 The "X" in the taint flag means that external modules were loaded but but is unrelated to the bug triggering. The real problem was because the PFN layout looks like this Zone PFN ranges: DMA 0x00000010 -> 0x00001000 DMA32 0x00001000 -> 0x00100000 Normal 0x00100000 -> 0x01e80000 Movable zone start PFN for each node early_node_map[14] active PFN ranges 0: 0x00000010 -> 0x0000009b 0: 0x00000100 -> 0x0007a1ec 0: 0x0007a354 -> 0x0007a379 0: 0x0007f7ff -> 0x0007f800 0: 0x00100000 -> 0x00680000 1: 0x00680000 -> 0x00e80000 0: 0x00e80000 -> 0x01080000 1: 0x01080000 -> 0x01280000 0: 0x01280000 -> 0x01480000 1: 0x01480000 -> 0x01680000 0: 0x01680000 -> 0x01880000 1: 0x01880000 -> 0x01a80000 0: 0x01a80000 -> 0x01c80000 1: 0x01c80000 -> 0x01e80000 The fix is straight-forward. isolate_migratepages() has to make a similar check to isolate_freepage to ensure that it never isolates pages from a zone it does not hold the LRU lock for. This was discovered in a 3.0-based kernel but it affects 3.1.x, 3.2.x and current mainline. Signed-off-by: Mel Gorman <mgorman@suse.de> Acked-by: Michal Nazarewicz <mina86@mina86.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:01 -08:00
Joerg Roedel	d7cd8fc525	iommu/msm: Fix error handling in msm_iommu_unmap() commit `05df1f3c2a` upstream. Error handling in msm_iommu_unmap() is broken. On some error conditions retval is set to a non-zero value which causes the function to return 'len' at the end. This hides the error from the user. Zero should be returned in those error cases. Cc: David Brown <davidb@codeaurora.org> Cc: Stepan Moskovchenko <stepanm@codeaurora.org> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Acked-by: David Brown <davidb@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:01 -08:00
Joerg Roedel	61c39c6dcc	iommu/amd: Work around broken IVRS tables commit `af1be04901` upstream. On some systems the IVRS table does not contain all PCI devices present in the system. In case a device not present in the IVRS table is translated by the IOMMU no DMA is possible from that device by default. This patch fixes this by removing the DTE entry for every PCI device present in the system and not covered by IVRS. Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:00 -08:00
Clemens Ladisch	bc7e7c8b24	ALSA: oxygen, virtuoso: fix exchanged L/R volumes of aux and CD inputs commit `2492250e44` upstream. The driver accidentally exchanged the left/right fields for stereo AC'97 mixer registers. This affected only the aux and CD inputs because the line input bypasses the AC'97 codec and the mic input is mono; cards without AC'97 (Xonar DS/DG/HDAV Slim, HG2PCI, HiFier) were not affected. Reported-and-tested-by: Abby Cedar <abbycedar@yahoo.com.au> Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:00 -08:00
Russell King	93636af609	pcmcia: fix socket refcount decrementing on each resume commit `025e4ab3db` upstream. This fixes a memory-corrupting bug: not only does it cause the warning, but as a result of dropping the refcount to zero, it causes the pcmcia_socket0 device structure to be freed while it still has references, causing slab caches corruption. A fatal oops quickly follows this warning - often even just a 'dmesg' following the warning causes the kernel to oops. While testing suspend/resume on an ARM device with PCMCIA support, and a CF card inserted, I found that after five suspend and resumes, the kernel would complain, and shortly die after with slab corruption. WARNING: at include/linux/kref.h:41 kobject_get+0x28/0x50() As the message doesn't give a clue about which kobject, and the built-in debugging in drivers/base/power/main.c happens too late, this was added right before each get_device(): printk("%s: %p [%s] %u\n", __func__, dev, kobject_name(&dev->kobj), atomic_read(&dev->kobj.kref.refcount)); and on the 3rd s2ram cycle, the following behaviour observed: On the 3rd suspend/resume cycle: dpm_prepare: c1a0d998 [pcmcia_socket0] 3 dpm_suspend: c1a0d998 [pcmcia_socket0] 3 dpm_suspend_noirq: c1a0d998 [pcmcia_socket0] 3 dpm_resume_noirq: c1a0d998 [pcmcia_socket0] 3 dpm_resume: c1a0d998 [pcmcia_socket0] 3 dpm_complete: c1a0d998 [pcmcia_socket0] 2 4th: dpm_prepare: c1a0d998 [pcmcia_socket0] 2 dpm_suspend: c1a0d998 [pcmcia_socket0] 2 dpm_suspend_noirq: c1a0d998 [pcmcia_socket0] 2 dpm_resume_noirq: c1a0d998 [pcmcia_socket0] 2 dpm_resume: c1a0d998 [pcmcia_socket0] 2 dpm_complete: c1a0d998 [pcmcia_socket0] 1 5th: dpm_prepare: c1a0d998 [pcmcia_socket0] 1 dpm_suspend: c1a0d998 [pcmcia_socket0] 1 dpm_suspend_noirq: c1a0d998 [pcmcia_socket0] 1 dpm_resume_noirq: c1a0d998 [pcmcia_socket0] 1 dpm_resume: c1a0d998 [pcmcia_socket0] 1 dpm_complete: c1a0d998 [pcmcia_socket0] 0 ------------[ cut here ]------------ WARNING: at include/linux/kref.h:41 kobject_get+0x28/0x50() Modules linked in: ucb1x00_core Backtrace: [<c0212090>] (dump_backtrace+0x0/0x110) from [<c04799dc>] (dump_stack+0x18/0x1c) [<c04799c4>] (dump_stack+0x0/0x1c) from [<c021cba0>] (warn_slowpath_common+0x50/0x68) [<c021cb50>] (warn_slowpath_common+0x0/0x68) from [<c021cbdc>] (warn_slowpath_null+0x24/0x28) [<c021cbb8>] (warn_slowpath_null+0x0/0x28) from [<c0335374>] (kobject_get+0x28/0x50) [<c033534c>] (kobject_get+0x0/0x50) from [<c03804f4>] (get_device+0x1c/0x24) [<c0388c90>] (dpm_complete+0x0/0x1a0) from [<c0389cc0>] (dpm_resume_end+0x1c/0x20) ... Looking at commit `7b24e79882` ("pcmcia: split up central event handler"), the following change was made to cs.c: return 0; } #endif - - send_event(skt, CS_EVENT_PM_RESUME, CS_EVENT_PRI_LOW); + if (!(skt->state & SOCKET_CARDBUS) && (skt->callback)) + skt->callback->early_resume(skt); return 0; } And the corresponding change in ds.c is from: -static int ds_event(struct pcmcia_socket skt, event_t event, int priority) -{ - struct pcmcia_socket s = pcmcia_get_socket(skt); ... - switch (event) { ... - case CS_EVENT_PM_RESUME: - if (verify_cis_cache(skt) != 0) { - dev_dbg(&skt->dev, "cis mismatch - different card\n"); - /* first, remove the card / - ds_event(skt, CS_EVENT_CARD_REMOVAL, CS_EVENT_PRI_HIGH); - mutex_lock(&s->ops_mutex); - destroy_cis_cache(skt); - kfree(skt->fake_cis); - skt->fake_cis = NULL; - s->functions = 0; - mutex_unlock(&s->ops_mutex); - / now, add the new card / - ds_event(skt, CS_EVENT_CARD_INSERTION, - CS_EVENT_PRI_LOW); - } - break; ... - } - pcmcia_put_socket(s); - return 0; -} / ds_event / to: +static int pcmcia_bus_early_resume(struct pcmcia_socket skt) +{ + if (!verify_cis_cache(skt)) { + pcmcia_put_socket(skt); + return 0; + } + dev_dbg(&skt->dev, "cis mismatch - different card\n"); + /* first, remove the card / + pcmcia_bus_remove(skt); + mutex_lock(&skt->ops_mutex); + destroy_cis_cache(skt); + kfree(skt->fake_cis); + skt->fake_cis = NULL; + skt->functions = 0; + mutex_unlock(&skt->ops_mutex); + / now, add the new card */ + pcmcia_bus_add(skt); + return 0; +} As can be seen, the original function called pcmcia_get_socket() and pcmcia_put_socket() around the guts, whereas the replacement code calls pcmcia_put_socket() only in one path. This creates an imbalance in the refcounting. Testing with pcmcia_put_socket() put removed shows that the bug is gone: dpm_suspend: c1a10998 [pcmcia_socket0] 5 dpm_suspend_noirq: c1a10998 [pcmcia_socket0] 5 dpm_resume_noirq: c1a10998 [pcmcia_socket0] 5 dpm_resume: c1a10998 [pcmcia_socket0] 5 dpm_complete: c1a10998 [pcmcia_socket0] 5 Tested-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Cc: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:00 -08:00
Mark Brown	a79cee16df	ASoC: wm8994: Fix typo in VMID ramp setting commit `f647e1526f` upstream. The VMID ramp rate is supposed to be 0x3, not 11b. Fix that. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:00 -08:00
Mark Brown	e9ee45b83b	ASoC: wm8994: Enabling VMID should take a runtime PM reference commit `db966f8abb` upstream. We can enable VMID independently of the bias in some use cases so we need to ensure that the core device is powered up. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:00 -08:00
Susan Gao	ef7dcc8c0f	ASoC: wm8962: Fix word length configuration commit `2b6712b195` upstream. Signed-off-by: Susan Gao <sgao@opensource.wolfsonmicro.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:17:00 -08:00
Mark Brown	520a5189a6	ASoC: wm_hubs: Correct line input to line output 2 paths commit `43b6cec27e` upstream. The second line output mixer has the controls for the line input bypasses in the opposite order. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:59 -08:00
Mark Brown	f11e42f520	ASoC: wm_hubs: Fix routing of input PGAs to line output mixer commit `ee76744c51` upstream. IN1L/R is routed to both line output mixers, we don't route IN1 to LINEOUT1 and IN2 to LINEOUT2. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:59 -08:00
Nicholas Bellinger	7b88c23d62	iscsi-target: Fix discovery with INADDR_ANY and IN6ADDR_ANY_INIT commit `2f9bc894c6` upstream. This patch addresses a bug with sendtargets discovery where INADDR_ANY (0.0.0.0) + IN6ADDR_ANY_INIT ([0:0:0:0:0:0:0:0]) network portals where incorrectly being reported back to initiators instead of the address of the connecting interface. To address this, save local socket ->getname() output during iscsi login setup, and makes iscsit_build_sendtargets_response() return these TargetAddress keys when INADDR_ANY or IN6ADDR_ANY_INIT portals are in use. Reported-by: Dax Kelson <dkelson@gurulabs.com> Reported-by: Andy Grover <agrover@redhat.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:59 -08:00
Nicholas Bellinger	49f4afd3b1	iscsi-target: Fix double list_add with iscsit_alloc_buffs reject commit `cd931ee62f` upstream. This patch fixes a bug where the iscsit_add_reject_from_cmd() call from a failure to iscsit_alloc_buffs() was incorrectly passing add_to_conn=1 and causing a double list_add after iscsi_cmd->i_list had already been added in iscsit_handle_scsi_cmd(). Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:59 -08:00
Nicholas Bellinger	fa577fc1c4	iscsi-target: Fix reject release handling in iscsit_free_cmd() commit `c1ce4bd56f` upstream. This patch addresses a bug where iscsit_free_cmd() was incorrectly calling iscsit_release_cmd() for ISCSI_OP_REJECT because iscsi_add_reject*() will overwrite the original iscsi_cmd->iscsi_opcode assignment. This bug was introduced with the following commit: commit 0be67f2ed8f577d2c72d917928394c5885fa9134 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Sun Oct 9 01:48:14 2011 -0700 iscsi-target: Remove SCF_SE_LUN_CMD flag abuses and was manifesting itself as list corruption with the following: [ 131.191092] ------------[ cut here ]------------ [ 131.191092] WARNING: at lib/list_debug.c:53 __list_del_entry+0x8d/0x98() [ 131.191092] Hardware name: VMware Virtual Platform [ 131.191092] list_del corruption. prev->next should be ffff880022d3c100, but was 6b6b6b6b6b6b6b6b [ 131.191092] Modules linked in: tcm_vhost ib_srpt ib_cm ib_sa ib_mad ib_core tcm_qla2xxx qla2xxx tcm_loop tcm_fc libfc scsi_transport_fc crc32c iscsi_target_mod target_core_stgt scsi_tgt target_core_pscsi target_core_file target_core_iblock target_core_mod configfs ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sr_mod cdrom sd_mod e1000 ata_piix libata mptspi mptscsih mptbase [last unloaded: scsi_wait_scan] [ 131.191092] Pid: 2250, comm: iscsi_ttx Tainted: G W 3.2.0-rc4+ #42 [ 131.191092] Call Trace: [ 131.191092] [<ffffffff8103b553>] warn_slowpath_common+0x80/0x98 [ 131.191092] [<ffffffff8103b5ff>] warn_slowpath_fmt+0x41/0x43 [ 131.191092] [<ffffffff811d0279>] __list_del_entry+0x8d/0x98 [ 131.191092] [<ffffffffa01395c9>] transport_lun_remove_cmd+0x9b/0xb7 [target_core_mod] [ 131.191092] [<ffffffffa013a55c>] transport_generic_free_cmd+0x5d/0x71 [target_core_mod] [ 131.191092] [<ffffffffa01a012b>] iscsit_free_cmd+0x1e/0x27 [iscsi_target_mod] [ 131.191092] [<ffffffffa01a13be>] iscsit_close_connection+0x14d/0x5b2 [iscsi_target_mod] [ 131.191092] [<ffffffffa0196a0c>] iscsit_take_action_for_connection_exit+0xdb/0xe0 [iscsi_target_mod] [ 131.191092] [<ffffffffa01a55d4>] iscsi_target_tx_thread+0x15cb/0x1608 [iscsi_target_mod] [ 131.191092] [<ffffffff8103609a>] ? check_preempt_wakeup+0x121/0x185 [ 131.191092] [<ffffffff81030801>] ? __dequeue_entity+0x2e/0x33 [ 131.191092] [<ffffffffa01a4009>] ? iscsit_send_text_rsp+0x25f/0x25f [iscsi_target_mod] [ 131.191092] [<ffffffffa01a4009>] ? iscsit_send_text_rsp+0x25f/0x25f [iscsi_target_mod] [ 131.191092] [<ffffffff8138f706>] ? schedule+0x55/0x57 [ 131.191092] [<ffffffff81056c7d>] kthread+0x7d/0x85 [ 131.191092] [<ffffffff81399534>] kernel_thread_helper+0x4/0x10 [ 131.191092] [<ffffffff81056c00>] ? kthread_worker_fn+0x16d/0x16d [ 131.191092] [<ffffffff81399530>] ? gs_change+0x13/0x13 Reported-by: <jrepac@yahoo.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:59 -08:00
Ben Hutchings	6492a0fb92	lockdep, bug: Exclude TAINT_OOT_MODULE from disabling lock debugging commit `9ec84acee1` upstream. We do want to allow lock debugging for GPL-compatible modules that are not (yet) built in-tree. This was disabled as a side-effect of commit `2449b8ba07` ('module,bug: Add TAINT_OOT_MODULE flag for modules not built in-tree'). Lock debug warnings now include taint flags, so kernel developers should still be able to deflect warnings caused by out-of-tree modules. The TAINT_PROPRIETARY_MODULE flag for non-GPL-compatible modules will still disable lock debugging. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Cc: Nick Bowler <nbowler@elliptictech.com> Cc: Dave Jones <davej@redhat.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Randy Dunlap <rdunlap@xenotime.net> Cc: Debian kernel maintainers <debian-kernel@lists.debian.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Alan Cox <alan@linux.intel.com> Link: http://lkml.kernel.org/r/1323268258.18450.11.camel@deadeye Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:59 -08:00
Peter Zijlstra	1a90d01be2	lockdep, bug: Exclude TAINT_FIRMWARE_WORKAROUND from disabling lockdep commit `df754e6af2` upstream. It's unlikely that TAINT_FIRMWARE_WORKAROUND causes false lockdep messages, so do not disable lockdep in that case. We still want to keep lockdep disabled in the TAINT_OOT_MODULE case: - bin-only modules can cause various instabilities in their and in unrelated kernel code - they are impossible to debug for kernel developers - they also typically do not have the copyright license permission to link to the GPL-ed lockdep code. Suggested-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Link: http://lkml.kernel.org/n/tip-xopopjjens57r0i13qnyh2yo@git.kernel.org Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:58 -08:00
Hubert Feurstein	c1a4af09ce	atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume commit `9f1065032c` upstream. An error was existing in the saving of CONTRAST_CTR register across suspend/resume. Signed-off-by: Hubert Feurstein <h.feurstein@gmail.com> Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:58 -08:00
Shirish Pargaonkar	85f2f3e05e	cifs: Fix oops in session setup code for null user mounts commit `de47a4176c` upstream. For null user mounts, do not invoke string length function during session setup. Reported-and-Tested-by: Chris Clayton <chris2553@googlemail.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:58 -08:00
Guenter Roeck	38c8c07ac7	hwmon: (w83627ehf) Fix number of fans for NCT6776F commit `585c0fd821` upstream. NCT6776F can select fan input pins for fans 3 to 5 with a secondary set of chip register bits. Check that second set of bits in addition to the first set to detect if fans 3..5 are monitored. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:58 -08:00
Li Wang	3d1b7976d3	eCryptfs: Infinite loop due to overflow in ecryptfs_write() commit `684a3ff7e6` upstream. ecryptfs_write() can enter an infinite loop when truncating a file to a size larger than 4G. This only happens on architectures where size_t is represented by 32 bits. This was caused by a size_t overflow due to it incorrectly being used to store the result of a calculation which uses potentially large values of type loff_t. [tyhicks@canonical.com: rewrite subject and commit message] Signed-off-by: Li Wang <liwang@nudt.edu.cn> Signed-off-by: Yunchuan Wen <wenyunchuan@kylinos.com.cn> Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:58 -08:00
Daniel Vetter	69ac25cd32	drm/i915: protect force_wake_(get\|put) with the gt_lock commit `9f1f46a45a` upstream. The problem this patch solves is that the forcewake accounting necessary for register reads is protected by dev->struct_mutex. But the hangcheck and error_capture code need to access registers without grabbing this mutex because we hold it while waiting for the gpu. So a new lock is required. Because currently the error_state capture is called from the error irq handler and the hangcheck code runs from a timer, it needs to be an irqsafe spinlock (note that the registers used by the irq handler (neglecting the error handling part) only uses registers that don't need the forcewake dance). We could tune this down to a normal spinlock when we rework the error_state capture and hangcheck code to run from a workqueue. But we don't have any read in a fastpath that needs forcewake, so I've decided to not care much about overhead. This prevents tests/gem_hangcheck_forcewake from i-g-t from killing my snb on recent kernels - something must have slightly changed the timings. On previous kernels it only trigger a WARN about the broken locking. v2: Drop the previous patch for the register writes. v3: Improve the commit message per Chris Wilson's suggestions. Signed-Off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:58 -08:00
Daniel Vetter	97b068a665	drm/i915: convert force_wake_get to func pointer in the gpu reset code commit `8109021313` upstream. This was forgotten in the original multi-threaded forcewake conversion: commit `8d715f0024` Author: Keith Packard <keithp at keithp.com> Date: Fri Nov 18 20:39:01 2011 -0800 drm/i915: add multi-threaded forcewake support Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Reviewed-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:57 -08:00
Eugeni Dodonov	a390a377bf	drm/i915: handle 3rd pipe commit `07c1e8c146` upstream. We don't need to check 3rd pipe specifically, as it shares PLL with some other one. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41977 Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:57 -08:00
Rodrigo Vivi	eb10e9cd3a	drm/i915: Fix TV Out refresh rate. commit `23bd15ec66` upstream. TV Out refresh rate was half of the specification for almost all modes. Due to this reason pixel clock was so low for some modes causing flickering screen. Signed-off-by: Rodrigo Vivi <rodrigo.vivi@gmail.com> Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:57 -08:00
Daniel Vetter	2d0e8c7883	drm/i915: check ACTHD of all rings commit `097354eb14` upstream. Otherwise hangcheck spuriously fires when running blitter/bsd-only workloads. Contrary to a similar patch by Ben Widawsky this does not check INSTDONE of the other rings. Chris Wilson implied that in a failure to detect a hang, most likely because INSTDONE was fluctuating. Thus only check ACTHD, which as far as I know is rather reliable. Also, blitter and bsd rings can't launch complex tasks from a single instruction (like 3D_PRIM on the render with complex or even infinite shaders). This fixes spurious gpu hang detection when running tests/gem_hangcheck_forcewake on snb/ivb. Signed-Off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:57 -08:00
Wu Fengguang	e306967621	drm/i915: DisplayPort hot remove notification to audio driver commit `832afda6a7` upstream. On DP monitor hot remove, clear DP_AUDIO_OUTPUT_ENABLE accordingly, so that the audio driver will receive hot plug events and take action to refresh its device state and ELD contents. Note that the DP_AUDIO_OUTPUT_ENABLE bit may be enabled or disabled only when the link training is complete and set to "Normal". Tested OK for both hot plug/remove and DPMS on/off. Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:57 -08:00
Wu Fengguang	febaacc3a6	drm/i915: HDMI hot remove notification to audio driver commit `2deed76118` upstream. On HDMI monitor hot remove, clear SDVO_AUDIO_ENABLE accordingly, so that the audio driver will receive hot plug events and take action to refresh its device state and ELD contents. The cleared SDVO_AUDIO_ENABLE bit needs to be restored to prevent losing HDMI audio after DPMS on. CC: Wang Zhenyu <zhenyu.z.wang@intel.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:57 -08:00
Jan Kara	43f4a516b2	udf: Mark LVID buffer as uptodate before marking it dirty commit `853a0c25ba` upstream. When we hit EIO while writing LVID, the buffer uptodate bit is cleared. This then results in an anoying warning from mark_buffer_dirty() when we write the buffer again. So just set uptodate flag unconditionally. Reviewed-by: Namjae Jeon <linkinjeon@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Cc: Dave Jones <davej@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:56 -08:00
Francois Romieu	ff91ca433a	8139cp: fix missing napi_gro_flush. commit `b189e81061` upstream. The driver uses __napi_complete and napi_gro_receive. Without it, the driver hits the BUG_ON(n->gro_list) assertion hard in __napi_complete. Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Tested-by: Marin Glibic <zhilla2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:56 -08:00
Srivatsa S. Bhat	695cb013a3	PM / Hibernate: Thaw kernel threads in SNAPSHOT_CREATE_IMAGE ioctl path commit `fe9161db2e` upstream. In the SNAPSHOT_CREATE_IMAGE ioctl, if the call to hibernation_snapshot() fails, the frozen tasks are not thawed. And in the case of success, if we happen to exit due to a successful freezer test, all tasks (including those of userspace) are thawed, whereas actually we should have thawed only the kernel threads at that point. Fix both these issues. Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:56 -08:00
Srivatsa S. Bhat	26b67a54a3	PM / Hibernate: Thaw processes in SNAPSHOT_CREATE_IMAGE ioctl test path commit `97819a2622` upstream. Commit `2aede851dd` (PM / Hibernate: Freeze kernel threads after preallocating memory) moved the freezing of kernel threads to hibernation_snapshot() function. So now, if the call to hibernation_snapshot() returns early due to a successful hibernation test, the caller has to thaw processes to ensure that the system gets back to its original state. But in SNAPSHOT_CREATE_IMAGE hibernation ioctl, the caller does not thaw processes in case hibernation_snapshot() returned due to a successful freezer test. Fix this issue. But note we still send the value of 'in_suspend' (which is now 0) to userspace, because we are not in an error path per-se, and moreover, the value of in_suspend correctly depicts the situation here. Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:56 -08:00
Chanho Min	6341f8928c	sched/rt: Fix task stack corruption under __ARCH_WANT_INTERRUPTS_ON_CTXSW commit `cb297a3e43` upstream. This issue happens under the following conditions: 1. preemption is off 2. __ARCH_WANT_INTERRUPTS_ON_CTXSW is defined 3. RT scheduling class 4. SMP system Sequence is as follows: 1.suppose current task is A. start schedule() 2.task A is enqueued pushable task at the entry of schedule() __schedule prev = rq->curr; ... put_prev_task put_prev_task_rt enqueue_pushable_task 4.pick the task B as next task. next = pick_next_task(rq); 3.rq->curr set to task B and context_switch is started. rq->curr = next; 4.At the entry of context_swtich, release this cpu's rq->lock. context_switch prepare_task_switch prepare_lock_switch raw_spin_unlock_irq(&rq->lock); 5.Shortly after rq->lock is released, interrupt is occurred and start IRQ context 6.try_to_wake_up() which called by ISR acquires rq->lock try_to_wake_up ttwu_remote rq = __task_rq_lock(p) ttwu_do_wakeup(rq, p, wake_flags); task_woken_rt 7.push_rt_task picks the task A which is enqueued before. task_woken_rt push_rt_tasks(rq) next_task = pick_next_pushable_task(rq) 8.At find_lock_lowest_rq(), If double_lock_balance() returns 0, lowest_rq can be the remote rq. (But,If preemption is on, double_lock_balance always return 1 and it does't happen.) push_rt_task find_lock_lowest_rq if (double_lock_balance(rq, lowest_rq)).. 9.find_lock_lowest_rq return the available rq. task A is migrated to the remote cpu/rq. push_rt_task ... deactivate_task(rq, next_task, 0); set_task_cpu(next_task, lowest_rq->cpu); activate_task(lowest_rq, next_task, 0); 10. But, task A is on irq context at this cpu. So, task A is scheduled by two cpus at the same time until restore from IRQ. Task A's stack is corrupted. To fix it, don't migrate an RT task if it's still running. Signed-off-by: Chanho Min <chanho.min@lge.com> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Steven Rostedt <rostedt@goodmis.org> Link: http://lkml.kernel.org/r/CAOAMb1BHA=5fm7KTewYyke6u-8DP0iUuJMpgQw54vNeXFsGpoQ@mail.gmail.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:56 -08:00
Alex Deucher	307a5a187c	drm/radeon/kms: fix TRAVIS panel setup commit `304a48400d` upstream. Different versions of the DP to LVDS bridge chip need different panel mode settings depending on the chip version used. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=41569 Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:56 -08:00
Seth Forshee	d11fa680b5	drm/radeon/kms: disable output polling when suspended commit `86698c20f7` upstream. Polling the outputs when the device is suspended can result in erroneous status updates. Disable output polling during suspend to prevent this from happening. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:55 -08:00
Ben Skeggs	3d15bd1a90	drm/nouveau/gem: fix fence_sync race / oops commit `525895ba38` upstream. Due to a race it was possible for a fence to be destroyed while another thread was trying to synchronise with it. If this happened in the fallback non-semaphore path, it lead to the following oops due to fence->channel being NULL. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<fa9632ce>] nouveau_fence_update+0xe/0xe0 [nouveau] *pde = a649c067 SMP Modules linked in: fuse nouveau(O) ttm(O) drm_kms_helper(O) drm(O) mxm_wmi video wmi netconsole configfs lockd bnep bluetooth rfkill ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_codec_realtek snd_hda_intel snd_hda_cobinfmt_misc uinput ata_generic pata_acpi pata_aet2c_algo_bit i2c_core [last unloaded: wmi] Pid: 2255, comm: gnome-shell Tainted: G O 3.2.0-0.rc5.git0.1.fc17.i686 #1 System manufacturer System Product Name/M2A-VM EIP: 0060:[<fa9632ce>] EFLAGS: 00010296 CPU: 1 EIP is at nouveau_fence_update+0xe/0xe0 [nouveau] EAX: 00000000 EBX: ddfc6dd0 ECX: dd111580 EDX: 00000000 ESI: 00003e80 EDI: dd111580 EBP: dd121d00 ESP: dd121ce8 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process gnome-shell (pid: 2255, ti=dd120000 task=dd111580 task.ti=dd120000) Stack: 7dc86c76 00000000 00003e80 ddfc6dd0 00003e80 dd111580 dd121d0c fa96371f 00000000 dd121d3c fa963773 dd111580 01000246 000ec53d 00000000 ddfc6dd0 00001f40 00000000 ddfc6dd0 00000010 dc7df840 dd121d6c fa9639a0 00000000 Call Trace: [<fa96371f>] __nouveau_fence_signalled+0x1f/0x30 [nouveau] [<fa963773>] __nouveau_fence_wait+0x43/0xd0 [nouveau] [<fa9639a0>] nouveau_fence_sync+0x1a0/0x1c0 [nouveau] [<fa964046>] validate_list+0x176/0x300 [nouveau] [<f7d9c9c0>] ? ttm_bo_mem_put+0x30/0x30 [ttm] [<fa964b8a>] nouveau_gem_ioctl_pushbuf+0x48a/0xfd0 [nouveau] [<c0406481>] ? die+0x31/0x80 [<f7c93d98>] drm_ioctl+0x388/0x490 [drm] [<c0406481>] ? die+0x31/0x80 [<fa964700>] ? nouveau_gem_ioctl_new+0x150/0x150 [nouveau] [<c0635c7b>] ? file_has_perm+0xcb/0xe0 [<f7c93a10>] ? drm_copy_field+0x80/0x80 [drm] [<c0564f56>] do_vfs_ioctl+0x86/0x5b0 [<c0406481>] ? die+0x31/0x80 [<c0635f22>] ? selinux_file_ioctl+0x62/0x130 [<c0554f30>] ? fget_light+0x30/0x340 [<c05654ef>] sys_ioctl+0x6f/0x80 [<c099e3a4>] syscall_call+0x7/0xb [<c0406481>] ? die+0x31/0x80 [<c0406481>] ? die+0x31/0x80 Signed-off-by: Ben Skeggs <bskeggs@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:55 -08:00
Michel Dänzer	97f2f58ea0	drm/radeon: Set DESKTOP_HEIGHT register to the framebuffer (not mode) height. commit `1b61925061` upstream. The value of this register is transferred to the V_COUNTER register at the beginning of vertical blank. V_COUNTER is the reference for VLINE waits and goes from VIEWPORT_Y_START to VIEWPORT_Y_START+VIEWPORT_HEIGHT during scanout, so if VIEWPORT_Y_START is not 0, V_COUNTER actually went backwards at the beginning of vertical blank, and VLINE waits excluding the whole scanout area could never finish (possibly only if VIEWPORT_Y_START is larger than the length of vertical blank in scanlines). Setting DESKTOP_HEIGHT to the framebuffer height should prevent this for any kind of VLINE wait. Fixes https://bugs.freedesktop.org/show_bug.cgi?id=45329 . Signed-off-by: Michel Dänzer <michel.daenzer@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:55 -08:00
Venkatesh Pallipadi	f51d67a64f	PM / QoS: CPU C-state breakage with PM Qos change commit `d020283dc6` upstream. Looks like change "PM QoS: Move and rename the implementation files" merged during the 3.2 development cycle made PM QoS depend on CONFIG_PM which depends on (PM_SLEEP \|\| PM_RUNTIME). That breaks CPU C-states with kernels not having these CONFIGs, causing CPUs to spend time in Polling loop idle instead of going into deep C-states, consuming way way more power. This is with either acpi idle or intel idle enabled. Either CONFIG_PM should be enabled with any pm_qos users or the !CONFIG_PM pm_qos_request() should return sane defaults not to break the existing users. Here's is the patch for the latter option. [rjw: Modified the changelog slightly.] Signed-off-by: Venkatesh Pallipadi <venki@google.com> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:55 -08:00
Rafael J. Wysocki	d483054fe4	PM / Hibernate: Fix s2disk regression related to freezing workqueues commit `181e9bdef3` upstream. Commit `2aede851dd` PM / Hibernate: Freeze kernel threads after preallocating memory introduced a mechanism by which kernel threads were frozen after the preallocation of hibernate image memory to avoid problems with frozen kernel threads not responding to memory freeing requests. However, it overlooked the s2disk code path in which the SNAPSHOT_CREATE_IMAGE ioctl was run directly after SNAPSHOT_FREE, which caused freeze_workqueues_begin() to BUG(), because it saw that worqueues had been already frozen. Although in principle this issue might be addressed by removing the relevant BUG_ON() from freeze_workqueues_begin(), that would reintroduce the very problem that commit `2aede851dd` attempted to avoid into that particular code path. For this reason, to fix the issue at hand, introduce thaw_kernel_threads() and make the SNAPSHOT_FREE ioctl execute it. Special thanks to Srivatsa S. Bhat for detailed analysis of the problem. Reported-and-tested-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:55 -08:00
Mel Gorman	9da11afefb	mm: compaction: check pfn_valid when entering a new MAX_ORDER_NR_PAGES block during isolation for migration commit `0bf380bc70` upstream. When isolating for migration, migration starts at the start of a zone which is not necessarily pageblock aligned. Further, it stops isolating when COMPACT_CLUSTER_MAX pages are isolated so migrate_pfn is generally not aligned. This allows isolate_migratepages() to call pfn_to_page() on an invalid PFN which can result in a crash. This was originally reported against a 3.0-based kernel with the following trace in a crash dump. PID: 9902 TASK: d47aecd0 CPU: 0 COMMAND: "memcg_process_s" #0 [d72d3ad0] crash_kexec at c028cfdb #1 [d72d3b24] oops_end at c05c5322 #2 [d72d3b38] __bad_area_nosemaphore at c0227e60 #3 [d72d3bec] bad_area at c0227fb6 #4 [d72d3c00] do_page_fault at c05c72ec #5 [d72d3c80] error_code (via page_fault) at c05c47a4 EAX: 00000000 EBX: 000c0000 ECX: 00000001 EDX: 00000807 EBP: 000c0000 DS: 007b ESI: 00000001 ES: 007b EDI: f3000a80 GS: 6f50 CS: 0060 EIP: c030b15a ERR: ffffffff EFLAGS: 00010002 #6 [d72d3cb4] isolate_migratepages at c030b15a #7 [d72d3d14] zone_watermark_ok at c02d26cb #8 [d72d3d2c] compact_zone at `c030b8de` #9 [d72d3d68] compact_zone_order at c030bba1 #10 [d72d3db4] try_to_compact_pages at c030bc84 #11 [d72d3ddc] __alloc_pages_direct_compact at c02d61e7 #12 [d72d3e08] __alloc_pages_slowpath at c02d66c7 #13 [d72d3e78] __alloc_pages_nodemask at c02d6a97 #14 [d72d3eb8] alloc_pages_vma at c030a845 #15 [d72d3ed4] do_huge_pmd_anonymous_page at c03178eb #16 [d72d3f00] handle_mm_fault at c02f36c6 #17 [d72d3f30] do_page_fault at c05c70ed #18 [`d72d3fb0`] error_code (via page_fault) at c05c47a4 EAX: b71ff000 EBX: 00000001 ECX: 00001600 EDX: 00000431 DS: 007b ESI: 08048950 ES: 007b EDI: bfaa3788 SS: 007b ESP: bfaa36e0 EBP: bfaa3828 GS: 6f50 CS: 0073 EIP: 080487c8 ERR: ffffffff EFLAGS: 00010202 It was also reported by Herbert van den Bergh against 3.1-based kernel with the following snippet from the console log. BUG: unable to handle kernel paging request at 01c00008 IP: [<c0522399>] isolate_migratepages+0x119/0x390 pdpt = 000000002f7ce001 pde = 0000000000000000 It is expected that it also affects 3.2.x and current mainline. The problem is that pfn_valid is only called on the first PFN being checked and that PFN is not necessarily aligned. Lets say we have a case like this H = MAX_ORDER_NR_PAGES boundary \| = pageblock boundary m = cc->migrate_pfn f = cc->free_pfn o = memory hole H------\|------H------\|----m-Hoooooo\|ooooooH-f----\|------H The migrate_pfn is just below a memory hole and the free scanner is beyond the hole. When isolate_migratepages started, it scans from migrate_pfn to migrate_pfn+pageblock_nr_pages which is now in a memory hole. It checks pfn_valid() on the first PFN but then scans into the hole where there are not necessarily valid struct pages. This patch ensures that isolate_migratepages calls pfn_valid when necessary. Reported-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com> Tested-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com> Signed-off-by: Mel Gorman <mgorman@suse.de> Acked-by: Michal Nazarewicz <mina86@mina86.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:55 -08:00
Carsten Otte	e7908f7b77	mm/filemap_xip.c: fix race condition in xip_file_fault() commit `99f02ef1f1` upstream. Fix a race condition that shows in conjunction with xip_file_fault() when two threads of the same user process fault on the same memory page. In this case, the race winner will install the page table entry and the unlucky loser will cause an oops: xip_file_fault calls vm_insert_pfn (via vm_insert_mixed) which drops out at this check: retval = -EBUSY; if (!pte_none(*pte)) goto out_unlock; The resulting -EBUSY return value will trigger a BUG_ON() in xip_file_fault. This fix simply considers the fault as fixed in this case, because the race winner has successfully installed the pte. [akpm@linux-foundation.org: use conventional (and consistent) comment layout] Reported-by: David Sadler <dsadler@us.ibm.com> Signed-off-by: Carsten Otte <cotte@de.ibm.com> Reported-by: Louis Alex Eisner <leisner@cs.ucsd.edu> Cc: Hugh Dickins <hughd@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:54 -08:00
Nikolaus Voss	2139363dee	at_hdmac: bugfix for enabling channel irq commit `bda3a47c88` upstream. commit `463894705e` deleted redundant chan_id and chancnt initialization in dma drivers as this is done in dma_async_device_register(). However, atc_enable_irq() relied on chan_id set before registering the device, what left only channel 0 functional for this driver. This patch introduces atc_enable/disable_chan_irq() as a variant of atc_enable/disable_irq() with the channel as explicit argument. Signed-off-by: Nikolaus Voss <n.voss@weinmann.de> Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: Vinod Koul <vinod.koul@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:54 -08:00
Artem Bityutskiy	061d6b14b3	Revert "mtd: atmel_nand: optimize read/write buffer functions" commit `500823195d` upstream. This reverts commit `fb5427508a`. The reason is that it breaks 16 bits NAND flash as it was reported by Nikolaus Voss and confirmed by Eric Bénard. Nicolas Ferre <nicolas.ferre@atmel.com> alco confirmed: "After double checking with designers, I must admit that I misunderstood the way of optimizing accesses to SMC. 16 bit nand is not so common those days..." Reported-by: Nikolaus Voss <n.voss@weinmann.de> Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:54 -08:00
Huang Shijie	5e71844e1d	mtd: gpmi-nand bugfix: reset the BCH module when it is not MX23 commit `9398d1ce09` upstream. In MX28, if we do not reset the BCH module. The BCH module may becomes unstable when the board reboots for several thousands times. This bug has been catched in customer's production. The patch adds some comments (some from Wolfram Sang), and fixes it now. Also change gpmi_reset_block() to static. Signed-off-by: Huang Shijie <b32955@freescale.com> Acked-by: Marek Vasut <marek.vasut@gmail.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:54 -08:00
Jiang Liu	ff016619c9	kprobes: fix a memory leak in function pre_handler_kretprobe() commit `55ca6140e9` upstream. In function pre_handler_kretprobe(), the allocated kretprobe_instance object will get leaked if the entry_handler callback returns non-zero. This may cause all the preallocated kretprobe_instance objects exhausted. This issue can be reproduced by changing samples/kprobes/kretprobe_example.c to probe "mutex_unlock". And the fix is straightforward: just put the allocated kretprobe_instance object back onto the free_instances list. [akpm@linux-foundation.org: use raw_spin_lock/unlock] Signed-off-by: Jiang Liu <jiang.liu@huawei.com> Acked-by: Jim Keniston <jkenisto@us.ibm.com> Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:54 -08:00
Bernd Schubert	3ef7302303	RDMA/core: Fix kernel panic by always initializing qp->usecnt commit `e47e321a35` upstream. We have just been investigating kernel panics related to cq->ibcq.event_handler() completion calls. The problem is that ib_destroy_qp() fails with -EBUSY. Further investigation revealed qp->usecnt is not initialized. This counter was introduced in linux-3.2 by commit `0e0ec7e063` ("RDMA/core: Export ib_open_qp() to share XRC TGT QPs") but it only gets initialized for IB_QPT_XRC_TGT, but it is checked in ib_destroy_qp() for any QP type. Fix this by initializing qp->usecnt for every QP we create. Signed-off-by: Bernd Schubert <bernd.schubert@itwm.fraunhofer.de> Signed-off-by: Sven Breuner <sven.breuner@itwm.fraunhofer.de> [ Initialize qp->usecnt in uverbs too. - Sean ] Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:54 -08:00
Jack Morgenstein	a48d135810	IB/mlx4: pass SMP vendor-specific attribute MADs to firmware commit `a6f7feae6d` upstream. In the current code, vendor-specific MADs (e.g with the FDR-10 attribute) are silently dropped by the driver, resulting in timeouts at the sending side and inability to query/configure the relevant feature. However, the ConnectX firmware is able to handle such MADs. For unsupported attributes, the firmware returns a GET_RESPONSE MAD containing an error status. For example, for a FDR-10 node with LID 11: # ibstat mlx4_0 1 CA: 'mlx4_0' Port 1: State: Active Physical state: LinkUp Rate: 40 (FDR10) Base lid: 11 LMC: 0 SM lid: 24 Capability mask: 0x02514868 Port GUID: 0x0002c903002e65d1 Link layer: InfiniBand Extended Port Query (EPI) vendor mad timeouts before the patch: # smpquery MEPI 11 -d ibwarn: [4196] smp_query_via: attr 0xff90 mod 0x0 route Lid 11 ibwarn: [4196] _do_madrpc: retry 1 (timeout 1000 ms) ibwarn: [4196] _do_madrpc: retry 2 (timeout 1000 ms) ibwarn: [4196] _do_madrpc: timeout after 3 retries, 3000 ms ibwarn: [4196] mad_rpc: _do_madrpc failed; dport (Lid 11) smpquery: iberror: [pid 4196] main: failed: operation EPI: ext port info query failed EPI query works OK with the patch: # smpquery MEPI 11 -d ibwarn: [6548] smp_query_via: attr 0xff90 mod 0x0 route Lid 11 ibwarn: [6548] mad_rpc: data offs 64 sz 64 mad data 0000 0000 0000 0001 0000 0001 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 # Ext Port info: Lid 11 port 0 StateChangeEnable:...............0x00 LinkSpeedSupported:..............0x01 LinkSpeedEnabled:................0x01 LinkSpeedActive:.................0x01 Signed-off-by: Jack Morgenstein <jackm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Acked-by: Ira Weiny <weiny2@llnl.gov> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:53 -08:00
Stefan Richter	c1a1e15fd6	firewire: ohci: disable MSI on Ricoh controllers commit `320cfa6ce0` upstream. The PCIe device FireWire (IEEE 1394) [0c00]: Ricoh Co Ltd FireWire Host Controller [1180:e832] (prog-if 10 [OHCI]) is unable to access attached FireWire devices when MSI is enabled but works if MSI is disabled. http://www.mail-archive.com/alsa-user@lists.sourceforge.net/msg28251.html Hence add the "disable MSI" quirks flag for this device, or in fact for safety and simplicity for all current (R5U230, R5U231, R5U240) and future Ricoh PCIe 1394 controllers. Reported-by: Stefan Thomas <kontrapunktstefan@googlemail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:53 -08:00
Clemens Ladisch	49b7e22b82	firewire: ohci: add reset packet quirk for SB Audigy commit `d1bb399ad0` upstream. The Audigy's SB1394 controller is actually from Texas Instruments and has the same bus reset packet generation bug, so it needs the same quirk entry. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:53 -08:00
Oleg Nesterov	43904e95ba	proc: make sure mem_open() doesn't pin the target's memory commit `6d08f2c713` upstream. Once /proc/pid/mem is opened, the memory can't be released until mem_release() even if its owner exits. Change mem_open() to do atomic_inc(mm_count) + mmput(), this only pins mm_struct. Change mem_rw() to do atomic_inc_not_zero(mm_count) before access_remote_vm(), this verifies that this mm is still alive. I am not sure what should mem_rw() return if atomic_inc_not_zero() fails. With this patch it returns zero to match the "mm == NULL" case, may be it should return -EINVAL like it did before `e268337d`. Perhaps it makes sense to add the additional fatal_signal_pending() check into the main loop, to ensure we do not hold this memory if the target task was oom-killed. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:53 -08:00
Oleg Nesterov	034089b6f4	proc: unify mem_read() and mem_write() commit `572d34b946` upstream. No functional changes, cleanup and preparation. mem_read() and mem_write() are very similar. Move this code into the new common helper, mem_rw(), which takes the additional "int write" argument. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:53 -08:00
Oleg Nesterov	3a196fbe26	proc: mem_release() should check mm != NULL commit `71879d3cb3` upstream. mem_release() can hit mm == NULL, add the necessary check. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:53 -08:00
Samuel Thibault	58f75a56e3	drivers/tty/vt/vt_ioctl.c: fix KDFONTOP 32bit compatibility layer commit `cbcb834605` upstream. KDFONTOP(GET) currently fails with EIO when being run in a 32bit userland with a 64bit kernel if the font width is not 8. This is because of the setting of the KD_FONT_FLAG_OLD flag, which makes con_font_get return EIO in such case. This flag should not be set for KDFONTOP, since it's actually the whole point of this flag (see comment in con_font_set for instance). Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Cc: Arthur Taylor <art@ified.ca> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Jiri Olsa <jolsa@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:52 -08:00
Yegor Yefremov	04712489fd	ARM: OMAP2+: GPMC: fix device size setup commit `8ef5d844cc` upstream. following statement can only change device size from 8-bit(0) to 16-bit(1), but not vice versa: regval \|= GPMC_CONFIG1_DEVICESIZE(wval); so as this field has 1 reserved bit, that could be used in future, just clear both bits and then OR with the desired value Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:52 -08:00
Will Deacon	a4e4a6ee0c	ARM: 7308/1: vfp: flush thread hwstate before copying ptrace registers commit `8130b9d7b9` upstream. If we are context switched whilst copying into a thread's vfp_hard_struct then the partial copy may be corrupted by the VFP context switching code (see "ARM: vfp: flush thread hwstate before restoring context from sigframe"). This patch updates the ptrace VFP set code so that the thread state is flushed before the copy, therefore disabling VFP and preventing corruption from occurring. Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:52 -08:00
Dave Martin	c85ca4cdfa	ARM: 7307/1: vfp: fix ptrace regset modification race commit `247f4993a5` upstream. In a preemptible kernel, vfp_set() can be preempted, causing the hardware VFP context to be switched while the thread vfp state is being read and modified. This leads to a race condition which can cause the thread vfp state to become corrupted if lazy VFP context save occurs due to preemption in between the time thread->vfpstate is read and the time the modified state is written back. This may occur if preemption occurs during the execution of a ptrace() call which modifies the VFP register state of a thread. Such instances should be very rare in most realistic scenarios -- none has been reported, so far as I am aware. Only uniprocessor systems should be affected, since VFP context save is not currently lazy in SMP kernels. The problem was introduced by my earlier patch migrating to use regsets to implement ptrace. This patch does a vfp_sync_hwstate() before reading thread->vfpstate, to make sure that the thread's VFP state is not live in the hardware registers while the registers are modified. Thanks to Will Deacon for spotting this. Signed-off-by: Dave Martin <dave.martin@linaro.org> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:52 -08:00
Will Deacon	04c6e8a252	ARM: 7306/1: vfp: flush thread hwstate before restoring context from sigframe commit `2af276dfb1` upstream. Following execution of a signal handler, we currently restore the VFP context from the ucontext in the signal frame. This involves copying from the user stack into the current thread's vfp_hard_struct and then flushing the new data out to the hardware registers. This is problematic when using a preemptible kernel because we could be context switched whilst updating the vfp_hard_struct. If the current thread has made use of VFP since the last context switch, the VFP notifier will copy from the hardware registers into the vfp_hard_struct, overwriting any data that had been partially copied by the signal code. Disabling preemption across copy_from_user calls is a terrible idea, so instead we move the VFP thread flush before we update the vfp_hard_struct. Since the flushing is performed lazily, this has the effect of disabling VFP and clearing the CPU's VFP state pointer, therefore preventing the thread from being updated with stale data on the next context switch. Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:52 -08:00
UK KIM	f886b09222	ASoC: wm_hubs: fix wrong bits for LINEOUT2 N/P mixer commit `114395c61a` upstream. Signed-off-by: UK KIM <w0806.kim@samsung.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:52 -08:00
Mark Brown	7e1a603295	ASoC: wm_hubs: Enable line out VMID buffer for single ended line outputs commit `77231abe55` upstream. For optimal performance the single ended line outputs require that the line output VMID buffer be enabled. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:51 -08:00
Takashi Iwai	1e7c377772	ALSA: hda - Disable dynamic-power control for VIA as default commit `b5bcc18940` upstream. Since the dynamic pin power-control and the analog low-current mode may lead to pop-noise, it's safer to set it off as default. Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=741128 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:51 -08:00
David Henningsson	b23a6ba81e	ALSA: HDA: Fix duplicated output to more than one codec commit `54c2a89f60` upstream. This typo caused the wrong codec's nid to be checked for wcaps type. As a result, sometimes speakers would duplicate the output sent to HDMI output. BugLink: https://bugs.launchpad.net/bugs/924320 Signed-off-by: David Henningsson <david.henningsson@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:51 -08:00
Takashi Iwai	cb935a3a4f	ALSA: hda - Allow analog low-current mode when dynamic power-control is on commit `e9d010c2e8` upstream. VIA codecs have several different power-saving features, and one of them is the analog low-current mode. But it turned out that the ALC mode causes pop-noises at each on/off time on some machines. As a quick workaround, disable the ALC when another power-saving feature, the dynamic pin power-control, is turned off, too, since the dynamic power-control is already exposed as a mixer enum element so that user can turn it on/off freely. Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=741128 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:51 -08:00
Dylan Reid	d0f03303d8	ALSA: hda - Fix calling cs_automic twice for Cirrus codecs. commit `f70eecde3b` upstream. If cs_automic is called twice (like it is during init) while the mic is present, it will over-write the last_input with the new one, causing it to switch back to the automic input when the mic is unplugged. This leaves the driver in a state (cur_input, last_input, and automix_idx the same) where the internal mic can not be selected until it is rebooted without the mic attached. Check that the mic hasn't already been switched to before setting last_input. Signed-off-by: Dylan Reid <dgreid@chromium.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:51 -08:00
Takashi Iwai	4f53e64f2e	ALSA: hda - Apply 0x0f-VREF fix to all ASUS laptops with ALC861/660 commit `31150f2327` upstream. It turned out that other ASUS laptops require the similar fix to enable the VREF on the pin 0x0f for the secret output amp, not only ASUS A6Rp. Moreover, it's required even when the pin is being used as the output. Thus, writing a fixed value doesn't work always. This patch applies the VREF-fix for all ASUS laptops with ALC861/660 in a fixup function that checks the current value and turns on only the VREF value no matter whether input or output direction is set. The automute function is modified as well to keep the pin VREF upon muting/unmuting via pin-control; otherwise the pin VREF is reset at plugging/unplugging a jack. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42588 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:50 -08:00
David Henningsson	ab692dfced	ALSA: HDA: Remove quirk for Asus N53Jq commit `a389d67cf9` upstream. The user reports that he needs to add model=auto for audio to work properly. In fact, since node 0x15 is not even a pin node, the existing fixup is definitely wrong. Relevant information can be found in the buglink below. BugLink: https://bugs.launchpad.net/bugs/918254 Signed-off-by: David Henningsson <david.henningsson@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:50 -08:00
Takashi Iwai	02e85499ff	ALSA: hda - Fix the logic to detect VIA analog low-current mode commit `924339239f` upstream. The analog low-current mode must be enabled when the no stream is running but the current detection checks it in a wrong way. Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=741128 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:50 -08:00
Shaohua Li	76af79f393	readahead: fix pipeline break caused by block plug commit `3deaa7190a` upstream. Herbert Poetzl reported a performance regression since 2.6.39. The test is a simple dd read, but with big block size. The reason is: T1: ra (A, A+128k), (A+128k, A+256k) T2: lock_page for page A, submit the 256k T3: hit page A+128K, ra (A+256k, A+384). the range isn't submitted because of plug and there isn't any lock_page till we hit page A+256k because all pages from A to A+256k is in memory T4: hit page A+256k, ra (A+384, A+ 512). Because of plug, the range isn't submitted again. T5: lock_page A+256k, so (A+256k, A+512k) will be submitted. The task is waitting for (A+256k, A+512k) finish. There is no request to disk in T3 and T4, so readahead pipeline breaks. We really don't need block plug for generic_file_aio_read() for buffered I/O. The readahead already has plug and has fine grained control when I/O should be submitted. Deleting plug for buffered I/O fixes the regression. One side effect is plug makes the request size 256k, the size is 128k without it. This is because default ra size is 128k and not a reason we need plug here. Vivek said: : We submit some readahead IO to device request queue but because of nested : plug, queue never gets unplugged. When read logic reaches a page which is : not in page cache, it waits for page to be read from the disk : (lock_page_killable()) and that time we flush the plug list. : : So effectively read ahead logic is kind of broken in parts because of : nested plugging. Removing top level plug (generic_file_aio_read()) for : buffered reads, will allow unplugging queue earlier for readahead. Signed-off-by: Shaohua Li <shaohua.li@intel.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Reported-by: Herbert Poetzl <herbert@13thfloor.at> Tested-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-13 11:16:50 -08:00
Greg Kroah-Hartman	61339713b4	Linux 3.2.5	2012-02-06 09:47:00 -08:00
Matthew Garrett	2dcce0a318	PCI: Rework ASPM disable code commit `3c076351c4` upstream. Right now we forcibly clear ASPM state on all devices if the BIOS indicates that the feature isn't supported. Based on the Microsoft presentation "PCI Express In Depth for Windows Vista and Beyond", I'm starting to think that this may be an error. The implication is that unless the platform grants full control via _OSC, Windows will not touch any PCIe features - including ASPM. In that case clearing ASPM state would be an error unless the platform has granted us that control. This patch reworks the ASPM disabling code such that the actual clearing of state is triggered by a successful handoff of PCIe control to the OS. The general ASPM code undergoes some changes in order to ensure that the ability to clear the bits isn't overridden by ASPM having already been disabled. Further, this theoretically now allows for situations where only a subset of PCIe roots hand over control, leaving the others in the BIOS state. It's difficult to know for sure that this is the right thing to do - there's zero public documentation on the interaction between all of these components. But enough vendors enable ASPM on platforms and then set this bit that it seems likely that they're expecting the OS to leave them alone. Measured to save around 5W on an idle Thinkpad X220. Signed-off-by: Matthew Garrett <mjg@redhat.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-06 09:41:06 -08:00
Greg Kroah-Hartman	141936cc59	Linux 3.2.4	2012-02-03 12:39:51 -08:00
Greg Kroah-Hartman	39fcddc24c	Revert "ASoC: Don't go through cache when applying WM5100 rev A updates" This reverts commit `78fd753407` (upstream commit `495174a8ff`) as it breaks the build. Reported-by: Tim Gardner <rtg.canonical@gmail.com> Cc: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 12:27:49 -08:00
Greg Kroah-Hartman	63fb153973	Revert "ASoC: Mark WM5100 register map cache only when going into BIAS_OFF" This reverts commit `11a17e56ac` (`e53e417331` upstream) as it breaks the build. Reported-by: Tim Gardner <rtg.canonical@gmail.com> Cc: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 12:26:40 -08:00
Greg Kroah-Hartman	69bade053d	Linux 3.2.3	2012-02-03 09:23:33 -08:00
Philippe Langlais	7b171c58d5	mach-ux500: no MMC_CAP_SD_HIGHSPEED on Snowball commit `2ab1159e80` upstream. MMC_CAP_SD_HIGHSPEED is not supported on Snowball board resulting on initialization errors. Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org> Signed-off-by: Fredrik Soderstedt <fredrik.soderstedt@stericsson.com> Signed-off-by: Philippe Langlais <philippe.langlais@linaro.org> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>	2012-02-03 09:22:27 -08:00
Johan Hovold	3ae5a60fe9	USB: cp210x: allow more baud rates above 1Mbaud commit `d1620ca9e7` upstream. Allow more baud rates to be set in [1M,2M] baud. Signed-off-by: Johan Hovold <jhovold@gmail.com> Cc: Preston Fick <preston.fick@silabs.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:27 -08:00
Johan Hovold	5e005e788f	USB: cp210x: initialise baud rate at open commit `cdc32fd6f7` upstream. The newer cp2104 devices require the baud rate to be initialised after power on. Make sure it is set when port is opened. Signed-off-by: Johan Hovold <jhovold@gmail.com> Cc: Preston Fick <preston.fick@silabs.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:26 -08:00
Johan Hovold	4a48179074	USB: cp210x: clean up, refactor and document speed handling commit `e5990874e5` upstream. Clean up and refactor speed handling. Document baud rate handling for CP210{1,2,4,5,10}. Signed-off-by: Johan Hovold <jhovold@gmail.com> Cc: Preston Fick <preston.fick@silabs.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:25 -08:00
Johan Hovold	0155ff5bd1	USB: cp210x: fix up set_termios variables commit `34b76fcaee` upstream. [Based on a patch from Johan, mangled by gregkh to keep things in line] Fix up the variable usage in the set_termios call. Signed-off-by: Johan Hovold <jhovold@gmail.com> Cc: Preston Fick <preston.fick@silabs.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:24 -08:00
Johan Hovold	ba8c8553a0	USB: cp210x: do not map baud rates to B0 commit `be125d9c8d` upstream. We do not implement B0 hangup yet so map low baudrates to 300bps. Signed-off-by: Johan Hovold <jhovold@gmail.com> Cc: Preston Fick <preston.fick@silabs.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:23 -08:00
Preston Fick	98c7a0b0cb	USB: cp210x: fix CP2104 baudrate usage commit `7f482fc88a` upstream. This fix changes the way baudrates are set on the CP210x devices from Silicon Labs. The CP2101/2/3 will respond to both a GET/SET_BAUDDIV command, and GET/SET_BAUDRATE command, while CP2104 and higher devices only respond to GET/SET_BAUDRATE. The current cp210x.ko driver in kernel version 3.2.0 only implements the GET/SET_BAUDDIV command. This patch implements the two new codes for the GET/SET_BAUDRATE commands. Then there is a change in the way that the baudrate is assigned or retrieved. This is done according to the CP210x USB specification in AN571. This document can be found here: http://www.silabs.com/pages/DownloadDoc.aspx?FILEURL=Support%20Documents/TechnicalDocs/AN571.pdf&src=DocumentationWebPart Sections 5.3/5.4 describe the USB packets for the old baudrate method. Sections 5.5/5.6 describe the USB packets for the new method. This patch also implements the new request scheme, and eliminates the unnecessary baudrate calculations since it uses the "actual baudrate" method. This patch solves the problem reported for the CP2104 in bug 42586, and also keeps support for all other devices (CP2101/2/3). This patchfile is also attached to the bug report on bugzilla.kernel.org. This patch has been developed and test on the 3.2.0 mainline kernel version under Ubuntu 10.11. Signed-off-by: Preston Fick <preston.fick@silabs.com> [duplicate patch also sent by Johan - gregkh] Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:23 -08:00
Johan Hovold	80ffa0316e	USB: cp210x: call generic open last in open commit `55b2afbb92` upstream. Make sure port is fully initialised before calling generic open. Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:23 -08:00
Renato Caldas	9bf2add888	USB: serial: CP210x: Added USB-ID for the Link Instruments MSO-19 commit `791b7d7cf6` upstream. This device is a Oscilloscope/Logic Analizer/Pattern Generator/TDR, using a Silabs CP2103 USB to UART Bridge. Signed-off-by: Renato Caldas <rmsc@fe.up.pt> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:23 -08:00
shawnlu	377db2f8fb	tcp: md5: using remote adress for md5 lookup in rst packet [ Upstream commit `8a622e71f5` ] md5 key is added in socket through remote address. remote address should be used in finding md5 key when sending out reset packet. Signed-off-by: shawnlu <shawn.lu@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:21 -08:00
Neal Cardwell	bcabae7b18	tcp: fix tcp_trim_head() to adjust segment count with skb MSS [ Upstream commit `5b35e1e6e9` ] This commit fixes tcp_trim_head() to recalculate the number of segments in the skb with the skb's existing MSS, so trimming the head causes the skb segment count to be monotonically non-increasing - it should stay the same or go down, but not increase. Previously tcp_trim_head() used the current MSS of the connection. But if there was a decrease in MSS between original transmission and ACK (e.g. due to PMTUD), this could cause tcp_trim_head() to counter-intuitively increase the segment count when trimming bytes off the head of an skb. This violated assumptions in tcp_tso_acked() that tcp_trim_head() only decreases the packet count, so that packets_acked in tcp_tso_acked() could underflow, leading tcp_clean_rtx_queue() to pass u32 pkts_acked values as large as 0xffffffff to ca_ops->pkts_acked(). As an aside, if tcp_trim_head() had really wanted the skb to reflect the current MSS, it should have called tcp_set_skb_tso_segs() unconditionally, since a decrease in MSS would mean that a single-packet skb should now be sliced into multiple segments. Signed-off-by: Neal Cardwell <ncardwell@google.com> Acked-by: Nandita Dukkipati <nanditad@google.com> Acked-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:21 -08:00
David S. Miller	e5efde92dd	rds: Make rds_sock_lock BH rather than IRQ safe. [ Upstream commit `efc3dbc374` ] rds_sock_info() triggers locking warnings because we try to perform a local_bh_enable() (via sock_i_ino()) while hardware interrupts are disabled (via taking rds_sock_lock). There is no reason for rds_sock_lock to be a hardware IRQ disabling lock, none of these access paths run in hardware interrupt context. Therefore making it a BH disabling lock is safe and sufficient to fix this bug. Reported-by: Kumar Sanghvi <kumaras@chelsio.com> Reported-by: Josh Boyer <jwboyer@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:21 -08:00
Eric Dumazet	4704f3edfd	net: reintroduce missing rcu_assign_pointer() calls [ Upstream commit `cf778b00e9` ] commit `a9b3cd7f32` (rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER) did a lot of incorrect changes, since it did a complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x, y). We miss needed barriers, even on x86, when y is not NULL. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:20 -08:00
Eric Dumazet	cb65f39fb5	net: bpf_jit: fix divide by 0 generation [ Upstream commit `d00a9dd21b` ] Several problems fixed in this patch : 1) Target of the conditional jump in case a divide by 0 is performed by a bpf is wrong. 2) Must 'generate' the full function prologue/epilogue at pass=0, or else we can stop too early in pass=1 if the proglen doesnt change. (if the increase of prologue/epilogue equals decrease of all instructions length because some jumps are converted to near jumps) 3) Change the wrong length detection at the end of code generation to issue a more explicit message, no need for a full stack trace. Reported-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:20 -08:00
Eric Dumazet	54652156e5	macvlan: fix a possible use after free [ Upstream commit `4ec7ac1203` ] Commit `bc416d9768` (macvlan: handle fragmented multicast frames) added a possible use after free in macvlan_handle_frame(), since ip_check_defrag() uses pskb_may_pull() : skb header can be reallocated. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:19 -08:00
James Chapman	7596e3d4d2	l2tp: l2tp_ip - fix possible oops on packet receive [ Upstream commit `68315801db` ] When a packet is received on an L2TP IP socket (L2TPv3 IP link encapsulation), the l2tpip socket's backlog_rcv function calls xfrm4_policy_check(). This is not necessary, since it was called before the skb was added to the backlog. With CONFIG_NET_NS enabled, xfrm4_policy_check() will oops if skb->dev is null, so this trivial patch removes the call. This bug has always been present, but only when CONFIG_NET_NS is enabled does it cause problems. Most users are probably using UDP encapsulation for L2TP, hence the problem has only recently surfaced. EIP: 0060:[<c12bb62b>] EFLAGS: 00210246 CPU: 0 EIP is at l2tp_ip_recvmsg+0xd4/0x2a7 EAX: 00000001 EBX: d77b5180 ECX: 00000000 EDX: 00200246 ESI: 00000000 EDI: d63cbd30 EBP: d63cbd18 ESP: d63cbcf4 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Call Trace: [<c1218568>] sock_common_recvmsg+0x31/0x46 [<c1215c92>] __sock_recvmsg_nosec+0x45/0x4d [<c12163a1>] __sock_recvmsg+0x31/0x3b [<c1216828>] sock_recvmsg+0x96/0xab [<c10b2693>] ? might_fault+0x47/0x81 [<c10b2693>] ? might_fault+0x47/0x81 [<c1167fd0>] ? _copy_from_user+0x31/0x115 [<c121e8c8>] ? copy_from_user+0x8/0xa [<c121ebd6>] ? verify_iovec+0x3e/0x78 [<c1216604>] __sys_recvmsg+0x10a/0x1aa [<c1216792>] ? sock_recvmsg+0x0/0xab [<c105a99b>] ? __lock_acquire+0xbdf/0xbee [<c12d5a99>] ? do_page_fault+0x193/0x375 [<c10d1200>] ? fcheck_files+0x9b/0xca [<c10d1259>] ? fget_light+0x2a/0x9c [<c1216bbb>] sys_recvmsg+0x2b/0x43 [<c1218145>] sys_socketcall+0x16d/0x1a5 [<c11679f0>] ? trace_hardirqs_on_thunk+0xc/0x10 [<c100305f>] sysenter_do_call+0x12/0x38 Code: c6 05 8c ea a8 c1 01 e8 0c d4 d9 ff 85 f6 74 07 3e ff 86 80 00 00 00 b9 17 b6 2b c1 ba 01 00 00 00 b8 78 ed 48 c1 e8 23 f6 d9 ff <ff> 76 0c 68 28 e3 30 c1 68 2d 44 41 c1 e8 89 57 01 00 83 c4 0c Signed-off-by: James Chapman <jchapman@katalix.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:19 -08:00
Jiri Bohac	4f59cc3720	bonding: fix enslaving in alb mode when link down [ Upstream commit `b924551bed` ] bond_alb_init_slave() is called from bond_enslave() and sets the slave's MAC address. This is done differently for TLB and ALB modes. bond->alb_info.rlb_enabled is used to discriminate between the two modes but this flag may be uninitialized if the slave is being enslaved prior to calling bond_open() -> bond_alb_initialize() on the master. It turns out all the callers of alb_set_slave_mac_addr() pass bond->alb_info.rlb_enabled as the hw parameter. This patch cleans up the unnecessary parameter of alb_set_slave_mac_addr() and makes the function decide based on the bonding mode instead, which fixes the above problem. Reported-by: Narendra K <Narendra_K@Dell.com> Signed-off-by: Jiri Bohac <jbohac@suse.cz> Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:19 -08:00
Eric Dumazet	2703165a07	af_unix: fix EPOLLET regression for stream sockets [ Upstream commit `6f01fd6e6f` ] Commit `0884d7aa24` (AF_UNIX: Fix poll blocking problem when reading from a stream socket) added a regression for epoll() in Edge Triggered mode (EPOLLET) Appropriate fix is to use skb_peek()/skb_unlink() instead of skb_dequeue(), and only call skb_unlink() when skb is fully consumed. This remove the need to requeue a partial skb into sk_receive_queue head and the extra sk->sk_data_ready() calls that added the regression. This is safe because once skb is given to sk_receive_queue, it is not modified by a writer, and readers are serialized by u->readlock mutex. This also reduce number of spinlock acquisition for small reads or MSG_PEEK users so should improve overall performance. Reported-by: Nick Mathewson <nickm@freehaven.net> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Alexey Moiseytsev <himeraster@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:18 -08:00
Eric W. Biederman	9e13095455	net caif: Register properly as a pernet subsystem. [ Upstream commit `8a8ee9aff6` ] caif is a subsystem and as such it needs to register with register_pernet_subsys instead of register_pernet_device. Among other problems using register_pernet_device was resulting in net_generic being called before the caif_net structure was allocated. Which has been causing net_generic to fail with either BUG_ON's or by return NULL pointers. A more ugly problem that could be caused is packets in flight why the subsystem is shutting down. To remove confusion also remove the cruft cause by inappropriately trying to fix this bug. With the aid of the previous patch I have tested this patch and confirmed that using register_pernet_subsys makes the failure go away as it should. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Sjur Brændeland <sjur.brandeland@stericsson.com> Tested-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:18 -08:00
Eric W. Biederman	952f4da950	netns: Fail conspicously if someone uses net_generic at an inappropriate time. [ Upstream commit `5ee4433efe` ] By definition net_generic should never be called when it can return NULL. Fail conspicously with a BUG_ON to make it clear when people mess up that a NULL return should never happen. Recently there was a bug in the CAIF subsystem where it was registered with register_pernet_device instead of register_pernet_subsys. It was erroneously concluded that net_generic could validly return NULL and that net_assign_generic was buggy (when it was just inefficient). Hopefully this BUG_ON will prevent people to coming to similar erroneous conclusions in the futrue. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Tested-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:18 -08:00
Eric Dumazet	a2c82f7bee	netns: fix net_alloc_generic() [ Upstream commit `073862ba5d` ] When a new net namespace is created, we should attach to it a "struct net_generic" with enough slots (even empty), or we can hit the following BUG_ON() : [ 200.752016] kernel BUG at include/net/netns/generic.h:40! ... [ 200.752016] [<ffffffff825c3cea>] ? get_cfcnfg+0x3a/0x180 [ 200.752016] [<ffffffff821cf0b0>] ? lockdep_rtnl_is_held+0x10/0x20 [ 200.752016] [<ffffffff825c41be>] caif_device_notify+0x2e/0x530 [ 200.752016] [<ffffffff810d61b7>] notifier_call_chain+0x67/0x110 [ 200.752016] [<ffffffff810d67c1>] raw_notifier_call_chain+0x11/0x20 [ 200.752016] [<ffffffff821bae82>] call_netdevice_notifiers+0x32/0x60 [ 200.752016] [<ffffffff821c2b26>] register_netdevice+0x196/0x300 [ 200.752016] [<ffffffff821c2ca9>] register_netdev+0x19/0x30 [ 200.752016] [<ffffffff81c1c67a>] loopback_net_init+0x4a/0xa0 [ 200.752016] [<ffffffff821b5e62>] ops_init+0x42/0x180 [ 200.752016] [<ffffffff821b600b>] setup_net+0x6b/0x100 [ 200.752016] [<ffffffff821b6466>] copy_net_ns+0x86/0x110 [ 200.752016] [<ffffffff810d5789>] create_new_namespaces+0xd9/0x190 net_alloc_generic() should take into account the maximum index into the ptr array, as a subsystem might use net_generic() anytime. This also reduces number of reallocations in net_assign_generic() Reported-by: Sasha Levin <levinsasha928@gmail.com> Tested-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Sjur Brændeland <sjur.brandeland@stericsson.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:17 -08:00
Bjørn Mork	1cbb248944	USB: cdc-wdm: Avoid hanging on interface with no USB_CDC_DMM_TYPE commit `15699e6faf` upstream. The probe does not strictly require the USB_CDC_DMM_TYPE descriptor, which is a good thing as it makes the driver usable on non-conforming interfaces. A user could e.g. bind to it to a CDC ECM interface by using the new_id and bind sysfs files. But this would fail with a 0 buffer length due to the missing descriptor. Fix by defining a reasonable fallback size: The minimum device receive buffer size required by the CDC WMC standard, revision 1.1 Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:17 -08:00
Bjørn Mork	7a55df4694	USB: cdc-wdm: better allocate a buffer that is at least as big as we tell the USB core commit `655e247daf` upstream. As it turns out, there was a mismatch between the allocated inbuf size (desc->bMaxPacketSize0, typically something like 64) and the length we specified in the URB (desc->wMaxCommand, typically something like 2048) Signed-off-by: Bjørn Mork <bjorn@mork.no> Cc: Oliver Neukum <oliver@neukum.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:17 -08:00
Bjørn Mork	4ac2b6d3cc	USB: cdc-wdm: call wake_up_all to allow driver to shutdown on device removal commit `62aaf24dc1` upstream. wdm_disconnect() waits for the mutex held by wdm_read() before calling wake_up_all(). This causes a deadlock, preventing device removal to complete. Do the wake_up_all() before we start waiting for the locks. Signed-off-by: Bjørn Mork <bjorn@mork.no> Cc: Oliver Neukum <oliver@neukum.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:16 -08:00
Vivien Didelot	9f5765fe83	hwmon: (sht15) fix bad error code commit `6edf3c30af` upstream. When no platform data was supplied, returned error code was 0. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:15 -08:00
Guenter Roeck	ccba7e5de8	hwmon: (w83627ehf) Disable setting DC mode for pwm2, pwm3 on NCT6776F commit `ad77c3e180` upstream. NCT6776F only supports pwm mode for pwm2 and pwm3. Return error if an attempt is made to set those pwm channels to DC mode. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:15 -08:00
Jean Delvare	543c6a0b0b	hwmon: (f71805f) Fix clamping of temperature limits commit `86b2bbfdbd` upstream. Properly clamp temperature limits set by the user. Without this fix, attempts to write temperature limits above the maximum supported by the chip (255 degrees Celsius) would arbitrarily and unexpectedly result in the limit being set to 0 degree Celsius. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:15 -08:00
Sekhar Nori	8df2b7563c	usb: musb: davinci: fix build breakage commit `006896fc61` upstream. Commit `0020afb369` (ARM: mach-davinci: remove mach/memory.h) removed mach/memory.h for DaVinci which broke DaVinci MUSB build. mach/memory.h is not actually needed in davinci.c, so remove it. While at it, also remove some more machine specific inclulde files which are not needed for build. Tested on DM644x EVM using USB card reader. Signed-off-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:14 -08:00
Andiry Xu	2089fa6dd5	xHCI: Cleanup isoc transfer ring when TD length mismatch found commit `cf840551a8` upstream. When a TD length mismatch is found during isoc TRB enqueue, it directly returns -EINVAL. However, isoc transfer is partially enqueued at this time, and the ring should be cleared. This should be backported to kernels as old as 2.6.36, which contain the commit `522989a27c` "xhci: Fix failed enqueue in the middle of isoch TD." Signed-off-by: Andiry Xu <andiry.xu@amd.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:14 -08:00
Sarah Sharp	28d9b0f6c9	xhci: Fix USB 3.0 device restart on resume. commit `d0cd5d482b` upstream. The xHCI hub port code gets passed a zero-based port number by the USB core. It then adds one to in order to find a device slot by port number and device speed by calling xhci_find_slot_id_by_port. That function clearly states it requires a one-based port number. The xHCI port status change event handler was using a zero-based port number that it got from find_faked_portnum_from_hw_portnum, not a one-based port number. This lead to the doorbells never being rung for a device after a resume, or worse, a different device with the same speed having its doorbell rung (which could lead to bad power management in the xHCI host controller). This patch should be backported to kernels as old as 2.6.39. Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Acked-by: Andiry Xu <andiry.xu@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:13 -08:00
Julia Lawall	e4c86151df	drivers/usb/host/ehci-fsl.c: add missing iounmap commit `2492c6e645` upstream. Add missing iounmap in error handling code, in a case where the function already preforms iounmap on some other execution path. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression e; statement S,S1; int ret; @@ e = $ioremap\\|ioremap_nocache$(...) ... when != iounmap(e) if (<+...e...+>) S ... when any when != iounmap(e) *if (...) { ... when != iounmap(e) return ...; } ... when any iounmap(e); // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:12 -08:00
Andiry Xu	e8958f4adc	usb: gadget: storage: endian fix commit `a850163901` upstream. Fix some endian issues for storage gadgets. Signed-off-by: Andiry Xu <andiry.xu@amd.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:12 -08:00
Alexander Shishkin	e64e861c1c	usb: gadget: langwell: don't call gadget's disconnect() commit `37fd371084` upstream. UDC core will call disconnect() and unbind() for us upon the gadget removal, so we should not do it ourselves. Otherwise, a composite gadget will explode, for example. Others might too. This was introduced during conversion to new style gadget in `2c7f0989` (usb: gadget: langwell: convert to new style). Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Heikki Krogerus <heikki.krogerus@linux.intel.com> Cc: linux-usb@vger.kernel.org Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:11 -08:00
Harrison Metzger	b70ce05260	USB: usbsevseg: fix max length commit `1097ccebe6` upstream. This changes the max length for the usb seven segment delcom device to 8 from 6. Delcom has both 6 and 8 variants and having 8 works fine with devices which are only 6. Signed-off-by: Harrison Metzger <harrisonmetz@gmail.com> Signed-off-by: Stuart Pook <stuart@acm.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:10 -08:00
Stanislaw Gruszka	6368caf20f	USB: Realtek cr: fix autopm scheduling while atomic commit `b3ef051db7` upstream. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=784345 Reported-by: Francis Moreau <francis.moro@gmail.com> Reported-and-tested-by: Christian D <chrisudeussen@gmail.com> Reported-and-tested-by: Jimmy Dorff <jdorff@phy.duke.edu> Reported-and-tested-by: collura@ieee.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:09 -08:00
Ryan Mallon	093875a49e	vmwgfx: Fix assignment in vmw_framebuffer_create_handle commit `bf9c05d5b6` upstream. The assignment of handle in vmw_framebuffer_create_handle doesn't actually do anything useful and is incorrectly assigning an integer value to a pointer argument. It appears that this is a typo and should be dereferencing handle rather than assigning to it directly. This fixes a bug where an undefined handle value is potentially returned to user-space. Signed-off-by: Ryan Mallon <rmallon@gmail.com> Reviewed-by: Jakob Bornecrantz<jakob@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:08 -08:00
Johannes Berg	5e86a6c85f	iwlwifi: fix PCI-E transport "inta" race commit `b49ba04a3a` upstream. When an interrupt comes in, we read the reason bits and collect them into "trans_pcie->inta". This happens with the spinlock held. However, there's a bug resetting this variable -- that happens after the spinlock has been released. This means that it is possible for interrupts to be missed if the reset happens after some other interrupt reasons were already added to the variable. I found this by code inspection, looking for a reason that we sometimes see random commands time out. It seems possible that this causes such behaviour, but I can't say for sure right now since it happens extremely infrequently on my test systems. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:07 -08:00
Lucas Kannebley Tavares	103e53a3d8	jsm: Fixed EEH recovery error commit `26aa38cafa` upstream. There was an error on the jsm driver that would cause it to be unable to recover after a second error is detected. At the first error, the device recovers properly: [72521.485691] EEH: Detected PCI bus error on device 0003:02:00.0 [72521.485695] EEH: This PCI device has failed 1 times in the last hour: ... [72532.035693] ttyn3 at MMIO 0x0 (irq = 49) is a jsm [72532.105689] jsm: Port 3 added However, at the second error, it cascades until EEH disables the device: [72631.229549] Call Trace: ... [72641.725687] jsm: Port 3 added [72641.725695] EEH: Detected PCI bus error on device 0003:02:00.0 [72641.725698] EEH: This PCI device has failed 3 times in the last hour: It was caused because the PCI state was not being saved after the first restore. Therefore, at the second recovery the PCI state would not be restored. Signed-off-by: Lucas Kannebley Tavares <lucaskt@linux.vnet.ibm.com> Signed-off-by: Breno Leitao <brenohl@br.ibm.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:07 -08:00
Rabin Vincent	48aeab6f55	serial: amba-pl011: lock console writes against interrupts commit `ef605fdb33` upstream. Protect against pl011_console_write() and the interrupt for the console UART running concurrently on different CPUs. Otherwise the console_write could spin for a long time waiting for the UART to become not busy, while the other CPU continuously services UART interrupts and keeps the UART busy. The checks for sysrq and oops_in_progress are taken from 8250.c. Signed-off-by: Rabin Vincent <rabin.vincent@stericsson.com> Reviewed-by: Srinidhi Kasagar <srinidhi.kasagar@stericsson.com> Reviewed-by: Bibek Basu <bibek.basu@stericsson.com> Reviewed-by: Shreshtha Kumar Sahu <shreshthakumar.sahu@stericsson.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:07 -08:00
Jiri Slaby	1fe9bb4495	TTY: fix UV serial console regression commit `0eee50af5b` upstream. Commit `74c2107759` (serial: Use block_til_ready helper) and its fixup `3f582b8c11` (serial: fix termios settings in open) introduced a regression on UV systems. The serial eventually freezes while being used. It's completely unpredictable and sometimes needs a heap of traffic to happen first. To reproduce this, yast installation was used as it turned out to be pretty reliable in reproducing. Especially during installation process where one doesn't have an SSH daemon running. And no monitor as the HW is completely headless. So this was fun to find. Given the machine doesn't boot on vanilla before 2.6.36 final. (And the commits above are older.) Unless there is some bad race in the code, the hardware seems to be pretty broken. Otherwise pure MSR read should not cause such a bug, or? So to prevent the bug, revert to the old behavior. I.e. read modem status only if we really have to -- for non-CLOCAL set serials. Non-CLOCAL works on this hardware OK, I tried. See? I don't. And document that shit. Signed-off-by: Jiri Slaby <jslaby@suse.cz> References: https://lkml.org/lkml/2011/12/6/573 References: https://bugzilla.novell.com/show_bug.cgi?id=718518 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:06 -08:00
Eric W. Biederman	a76f8a0752	usb: io_ti: Make edge_remove_sysfs_attrs the port_remove method. commit `6d443d8499` upstream. Calling edge_remove_sysfs_attrs from edge_disconnect is too late as the device has already been removed from sysfs. Do the simple and obvious thing and make edge_remove_sysfs_attrs the port_remove method. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Reported-by: Wolfgang Frisch <wfpub@roembden.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:05 -08:00
Felipe Balbi	119fd91db5	usb: dwc3: ep0: tidy up Pending Request handling commit `68d8a78157` upstream. The way our code was written, we should never have a DWC3_EP_PENDING_REQUEST flag set out of a Data Phase and the code in __dwc3_gadget_ep0_queue() did not reflect that situation properly. Tidy up that case to avoid any possible mistakes when starting requests for IRQs which are long gone. Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:04 -08:00
Dan Williams	b270ee6883	qcaux: add more Pantech UML190 and UML290 ports commit `074cc73506` upstream. More ports we now know how to talk to. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:03 -08:00
Bjørn Mork	d8e13a17cf	USB: cdc-wdm: use two mutexes to allow simultaneous read and write commit `e8537bd2c4` upstream. using a separate read and write mutex for locking is sufficient to make the driver accept simultaneous read and write. This improves useability a lot. Signed-off-by: Bjørn Mork <bjorn@mork.no> Cc: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:02 -08:00
Bjørn Mork	3f60c1956f	USB: cdc-wdm: updating desc->length must be protected by spin_lock commit `c428b70c1e` upstream. wdm_in_callback() will also touch this field, so we cannot change it without locking Signed-off-by: Bjørn Mork <bjorn@mork.no> Acked-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:01 -08:00
Alan Cox	95c13665f4	USB: ftdi_sio: Add more identifiers commit `2353f806c9` upstream. 0x04d8, 0x000a: Hornby Elite Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:22:00 -08:00
Peter Naulls	06397403f3	USB: serial: ftdi additional IDs commit `fc216ec363` upstream. I tested this against 2.6.39 in the Ubuntu kernel, however I see the IDs are not in latest 3.2 git. This adds IDs for the FTDI controller in the Rainforest Automation Zigbee dongle. Signed-off-by: Peter Naulls <peter@chocky.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:59 -08:00
Peter Korsgaard	baaa4ecd65	USB: ftdi_sio: add PID for TI XDS100v2 / BeagleBone A3 commit `55f13aeae0` upstream. Port A for JTAG, port B for serial. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:58 -08:00
Johan Hovold	b26a274f99	USB: ftdi_sio: fix initial baud rate commit `108e02b129` upstream. Fix regression introduced by commit `b1ffb4c851` ("USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c") which caused the termios settings to no longer be initialised at open. Consequently it was no longer possible to set the port to the default speed of 9600 baud without first changing to another baud rate and back again. Reported-by: Roland Ramthun <mail@roland-ramthun.de> Signed-off-by: Johan Hovold <jhovold@gmail.com> Tested-by: Roland Ramthun <mail@roland-ramthun.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:57 -08:00
Johan Hovold	3393e255e6	USB: ftdi_sio: fix TIOCSSERIAL baud_base handling commit `eb833a9e09` upstream. Return EINVAL if new baud_base does not match the current one. The baud_base is device specific and can not be changed. This restores the old (pre-2005) behaviour which was changed due to a misunderstanding regarding this fact (see https://lkml.org/lkml/2005/1/20/84). Reported-by: Torbjörn Lofterud <torbjorn@pi.nxs.se> Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:56 -08:00
Kentaro Matsuyama	ac13bcf69a	USB: option: Add LG docomo L-02C commit `e423d7401f` upstream. Add vendor and product ID for USB 3G/LTE modem of docomo L-02C Signed-off-by: Kentaro Matsuyama <kentaro.matsuyama@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:55 -08:00
nagalakshmi.nandigama@lsi.com	4ad2f9e91b	mpt2sas: Removed redundant calling of _scsih_probe_devices() from _scsih_probe commit `2cb6fc8c01` upstream. Removed redundant calling of _scsih_probe_devices() from _scsih_probe as it is getting called from _scsih_scan_finished. Also moved the function scsi_scan_host(shost) to get called after the volumes on warp drive are reported to the OS. Otherwise by the time the (ioc->hide_drives) flags is set, the volumes on warp drive are reported to the OS already. Also modified the initialization of reply queues only in case of driver load time in the function _base_make_ioc_operational(). Signed-off-by: Nagalakshmi Nandigama <nagalakshmi.nandigama@lsi.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:54 -08:00
David Vrabel	34793f20e7	x86: xen: size struct xen_spinlock to always fit in arch_spinlock_t commit `7a7546b377` upstream. If NR_CPUS < 256 then arch_spinlock_t is only 16 bits wide but struct xen_spinlock is 32 bits. When a spin lock is contended and xl->spinners is modified the two bytes immediately after the spin lock would be corrupted. This is a regression caused by `84eb950db1` (x86, ticketlock: Clean up types and accessors) which reduced the size of arch_spinlock_t. Fix this by making xl->spinners a u8 if NR_CPUS < 256. A BUILD_BUG_ON() is also added to check the sizes of the two structures are compatible. In many cases this was not noticable as there would often be padding bytes after the lock (e.g., if any of CONFIG_GENERIC_LOCKBREAK, CONFIG_DEBUG_SPINLOCK, or CONFIG_DEBUG_LOCK_ALLOC were enabled). The bnx2 driver is affected. In struct bnx2, phy_lock and indirect_lock may have no padding after them. Contention on phy_lock would corrupt indirect_lock making it appear locked and the driver would deadlock. Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:51 -08:00
Eric W. Biederman	bfd534c72b	sysfs: Complain bitterly about attempts to remove files from nonexistent directories. commit `ce59791936` upstream. Recently an OOPS was observed from the usb serial io_ti driver when it tried to remove sysfs directories. Upon investigation it turns out this driver was always buggy and that a recent sysfs change had stopped guarding itself against removing attributes from sysfs directories that had already been removed. :( Historically we have been silent about attempting to files from nonexistent sysfs directories and have politely returned error codes. That has resulted in people writing broken code that ignores the error codes. Issue a kernel WARNING and a stack backtrace to make it clear in no uncertain terms that abusing sysfs is not ok, and the callers need to fix their code. This change transforms the io_ti OOPS into a more comprehensible error message and stack backtrace. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Reported-by: Wolfgang Frisch <wfpub@roembden.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:47 -08:00
Will Deacon	33d812de49	ARM: 7296/1: proc-v7.S: remove HARVARD_CACHE preprocessor guards commit `612539e81f` upstream. On v7, we use the same cache maintenance instructions for data lines as for unified lines. This was not the case for v6, where HARVARD_CACHE was defined to indicate the L1 cache topology. This patch removes the erroneous compile-time check for HARVARD_CACHE in proc-v7.S, ensuring that we perform I-side invalidation at boot. Reported-and-Acked-by: Shawn Guo <shawn.guo@linaro.org> Acked-by: Catalin Marinas <Catalin.Marinas@arm.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:46 -08:00
Srinidhi KASAGAR	61766889e6	mach-ux500: enable ARM errata 764369 commit `d65015f7c5` upstream. This applies ARM errata 764369 for all ux500 platforms. Signed-off-by: Srinidhi Kasagar <srinidhi.kasagar@stericsson.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:45 -08:00
Nicolas Ferre	5e0ff93a21	ARM: at91: fix at91rm9200 soc subtype handling commit `3e90772f76` upstream. Currently setting it to PQFP changes subtype to BGA as subtypes are swapped in at91rm9200_set_type(). Wrong subtype causes GPIO bank D not to work at all. After this fix, subtype is still set as unknown. But board code should fill it in with proper value. Another information is thus printed. Bug discovery and first implementation made by Veli-Pekka Peltola. Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:45 -08:00
Eric Anholt	3141ec6065	drm/i915: Re-enable gen7 RC6 and GPU turbo after resume. commit `04115a9dee` upstream. Signed-off-by: Eric Anholt <eric@anholt.net> Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Reviewed-by: Kenneth Graunke <kenneth@whitecape.org> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:44 -08:00
Paulo Zanoni	e71fe01dba	drm/i915/sdvo: always set positive sync polarity commit `ba68e08622` upstream. This is a revert of `81a14b4684`. We already set the mode polarity using the SDVO commands with struct intel_sdvo_dtd. We have at least 3 bugs that get fixed with this patch. The documentation, despite not clear, can also be interpreted in a way that suggests this patch is needed. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=15766 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=42174 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=43333 Reviewed-by: Eric Anholt <eric@anholt.net> Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Paulo Zanoni <paulo.r.zanoni@intel.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:44 -08:00
Daniel Vetter	17f3e1fd29	drm/i915: paper over missed irq issues with force wake voodoo commit `4cd53c0c8b` upstream. Two things seem to do the trick on my ivb machine here: - prevent the gt from powering down while waiting for seqno notification interrupts by grabbing the force_wake in get_irq (and dropping it in put_irq again). - ordering writes from the ring's CS by reading a CS register, ACTHD seems to work. Only the blt&bsd ring on ivb seem to be massively affected by this, but for paranoia do this dance also on the render ring and on snb (i.e. all gpus with forcewake). Tested with Eric's glCopyPixels loop which without this patch scores a missed irq every few seconds. This patch needs my forcewake rework to use a spinlock instead of dev->struct_mutex. After crawling through docs a lot I've found the following nugget: Internal doc "SNB GT PM Programming Guide", Section 4.3.1: "GT does not generate interrupts while in RC6 (by design)" So it looks like rc6 and irq generation are indeed related. v2: Improve the comment per Eugeni Dodonov's suggestion. v3: Add the documentation snipped. Also restrict the w/a to ivb only for -fixes, as suggested by Keith Packard. Cc: Eric Anholt <eric@anholt.net> Cc: Kenneth Graunke <kenneth@whitecape.org> Cc: Eugeni Dodonov <eugeni.dodonov@intel.com> Tested-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Reviewed-by: Eugeni Dodonov <eugeni.dodonov@intel.com> Signed-Off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:43 -08:00
Takashi Iwai	18bcb7e9a3	ALSA: hda - Fix silent output on Haier W18 laptop commit `b3a81520bd` upstream. The very same problem is seen on Haier W18 laptop with ALC861 as seen on ASUS A6Rp, which was fixed by the commit `3b25eb69`. Now we just need to add a new SSID entry pointing to the same fixup. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42656 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:42 -08:00
Takashi Iwai	4046af9883	ALSA: hda - Fix silent output on ASUS A6Rp commit `3b25eb690e` upstream. The refactoring of Realtek codec driver in 3.2 kernel caused a regression for ASUS A6Rp laptop; it doesn't give any output. The reason was that this machine has a secret master mute (or EAPD) control via NID 0x0f VREF. Setting VREF50 on this node makes the sound working again. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42588 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:40 -08:00
Gustavo Maciel Dias Vieira	d4c0bb30d1	ALSA: hda: set mute led polarity for laptops with buggy BIOS based on SSID commit `a6a600d10a` upstream. HP laptop models with buggy BIOS are apparently frequent, including machines with different codecs. Set the polarity of the mute led based on the SSID and include an entry for the HP Mini 110-3100. Signed-off-by: Gustavo Maciel Dias Vieira <gustavo@sagui.org> Tested-by: Predrag Ivanovic <predivan@open.telekom.rs> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:39 -08:00
Andreas Schwab	b1cd343b25	m68k: Fix assembler constraint to prevent overeager gcc optimisation commit `2a3535069e` upstream. Passing the address of a variable as an operand to an asm statement doesn't mark the value of this variable as used, so gcc may optimize its initialisation away. Fix this by using the "m" constraint instead. Signed-off-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:38 -08:00
Andreas Herrmann	26e15e85d0	x86/microcode_amd: Add support for CPU family specific container files commit `5b68edc91c` upstream. We've decided to provide CPU family specific container files (starting with CPU family 15h). E.g. for family 15h we have to load microcode_amd_fam15h.bin instead of microcode_amd.bin Rationale is that starting with family 15h patch size is larger than 2KB which was hard coded as maximum patch size in various microcode loaders (not just Linux). Container files which include patches larger than 2KB cause different kinds of trouble with such old patch loaders. Thus we have to ensure that the default container file provides only patches with size less than 2KB. Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com> Cc: Borislav Petkov <borislav.petkov@amd.com> Cc: <stable@kernel.org> Link: http://lkml.kernel.org/r/20120120164412.GD24508@alberich.amd.com [ documented the naming convention and tidied the code a bit. ] Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:38 -08:00
Russ Anderson	5d9b4b40f7	x86/uv: Fix uv_gpa_to_soc_phys_ram() shift commit `5a51467b14` upstream. uv_gpa_to_soc_phys_ram() was inadvertently ignoring the shift values. This fix takes the shift into account. Signed-off-by: Russ Anderson <rja@sgi.com> Link: http://lkml.kernel.org/r/20120119020753.GA7228@sgi.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:36 -08:00
Cliff Wickman	c7e4489fb8	x86/uv: Fix uninitialized spinlocks commit `d2ebc71d47` upstream. Initialize two spinlocks in tlb_uv.c and also properly define/initialize the uv_irq_lock. The lack of explicit initialization seems to be functionally harmless, but it is diagnosed when these are turned on: CONFIG_DEBUG_SPINLOCK=y CONFIG_DEBUG_MUTEXES=y CONFIG_DEBUG_LOCK_ALLOC=y CONFIG_LOCKDEP=y Signed-off-by: Cliff Wickman <cpw@sgi.com> Cc: Dimitri Sivanich <sivanich@sgi.com> Link: http://lkml.kernel.org/r/E1RnXd1-0003wU-PM@eag09.americas.sgi.com [ Added the uv_irq_lock initialization fix by Dimitri Sivanich ] Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:35 -08:00
Stefan Berger	2c6b180537	tpm_tis: add delay after aborting command commit `a927b81317` upstream. This patch adds a delay after aborting a command. Some TPMs need this and will not process the subsequent command correctly otherwise. It's worth noting that a TPM randomly failing to process a command, maps to randomly failing suspend/resume operations. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:35 -08:00
Alexey Dobriyan	64d4ed6a2f	crypto: sha512 - reduce stack usage to safe number commit `51fc6dc8f9` upstream. For rounds 16--79, W[i] only depends on W[i - 2], W[i - 7], W[i - 15] and W[i - 16]. Consequently, keeping all W[80] array on stack is unnecessary, only 16 values are really needed. Using W[16] instead of W[80] greatly reduces stack usage (~750 bytes to ~340 bytes on x86_64). Line by line explanation: * BLEND_OP array is "circular" now, all indexes have to be modulo 16. Round number is positive, so remainder operation should be without surprises. * initial full message scheduling is trimmed to first 16 values which come from data block, the rest is calculated before it's needed. * original loop body is unrolled version of new SHA512_0_15 and SHA512_16_79 macros, unrolling was done to not do explicit variable renaming. Otherwise it's the very same code after preprocessing. See sha1_transform() code which does the same trick. Patch survives in-tree crypto test and original bugreport test (ping flood with hmac(sha512). See FIPS 180-2 for SHA-512 definition http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:33 -08:00
Alexey Dobriyan	1a23579303	crypto: sha512 - make it work, undo percpu message schedule commit `84e31fdb7c` upstream. commit `f9e2bca6c2` aka "crypto: sha512 - Move message schedule W[80] to static percpu area" created global message schedule area. If sha512_update will ever be entered twice, hash will be silently calculated incorrectly. Probably the easiest way to notice incorrect hashes being calculated is to run 2 ping floods over AH with hmac(sha512): #!/usr/sbin/setkey -f flush; spdflush; add IP1 IP2 ah 25 -A hmac-sha512 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025; add IP2 IP1 ah 52 -A hmac-sha512 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000052; spdadd IP1 IP2 any -P out ipsec ah/transport//require; spdadd IP2 IP1 any -P in ipsec ah/transport//require; XfrmInStateProtoError will start ticking with -EBADMSG being returned from ah_input(). This never happens with, say, hmac(sha1). With patch applied (on BOTH sides), XfrmInStateProtoError does not tick with multiple bidirectional ping flood streams like it doesn't tick with SHA-1. After this patch sha512_transform() will start using ~750 bytes of stack on x86_64. This is OK for simple loads, for something more heavy, stack reduction will be done separatedly. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:33 -08:00
Jan Kara	fde1c2621a	jbd: Issue cache flush after checkpointing commit `353b67d8ce` upstream. When we reach cleanup_journal_tail(), there is no guarantee that checkpointed buffers are on a stable storage - especially if buffers were written out by log_do_checkpoint(), they are likely to be only in disk's caches. Thus when we update journal superblock, effectively removing old transaction from journal, this write of superblock can get to stable storage before those checkpointed buffers which can result in filesystem corruption after a crash. A similar problem can happen if we replay the journal and wipe it before flushing disk's caches. Thus we must unconditionally issue a cache flush before we update journal superblock in these cases. The fix is slightly complicated by the fact that we have to get log tail before we issue cache flush but we can store it in the journal superblock only after the cache flush. Otherwise we risk races where new tail is written before appropriate cache flush is finished. I managed to reproduce the corruption using somewhat tweaked Chris Mason's barrier-test scheduler. Also this should fix occasional reports of 'Bit already freed' filesystem errors which are totally unreproducible but inspection of several fs images I've gathered over time points to a problem like this. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:32 -08:00
Johannes Berg	427038dfb7	mac80211: fix work removal on deauth request commit `bc4934bc61` upstream. When deauth is requested while an auth or assoc work item is in progress, we currently delete it without regard for any state it might need to clean up. Fix it by cleaning up for those items. In the case Pontus found, the problem manifested itself as such: authenticate with 00:23:69:aa:dd:7b (try 1) authenticated failed to insert Dummy STA entry for the AP (error -17) deauthenticating from 00:23:69:aa:dd:7b by local choice (reason=2) It could also happen differently if the driver uses the tx_sync callback. We can't just call the ->done() method of the work items because that will lock up due to the locking in cfg80211. This fix isn't very clean, but that seems acceptable since I have patches pending to remove this code completely. Reported-by: Pontus Fuchs <pontus.fuchs@gmail.com> Tested-by: Pontus Fuchs <pontus.fuchs@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:31 -08:00
Stanislaw Gruszka	4bc34a5c5c	brcmsmac: fix tx queue flush infinite loop commit `f96b08a7e6` upstream. This patch workaround live deadlock problem caused by infinite loop in brcms_c_wait_for_tx_completion(). I do not consider the patch as the proper fix, which should fix the real reason of tx queue flush failure, but patch helps with system lockup. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=42576 Reported-and-tested-by: Patrick <ragamuffin@datacomm.ch> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:31 -08:00
Mark Brown	7f7158eb11	ASoC: wm8996: Call _POST_PMU callback for CPVDD commit `a14304edcd` upstream. We should be allowing a 5ms delay after the charge pump is started in order to ensure it has finished ramping. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:30 -08:00
Mark Brown	78fd753407	ASoC: Don't go through cache when applying WM5100 rev A updates commit `495174a8ff` upstream. These are all to either uncached registers or fixes to register defaults, in the former case the cache won't do anything and in the latter case we're fixing things so the cache sync will do the right thing. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:29 -08:00
Mark Brown	a79a9da284	ASoC: Disable register synchronisation for low frequency WM8996 SYSCLK commit `fed2200711` upstream. With a low frequency SYSCLK and a fast I2C clock register synchronisation may occasionally take too long to take effect, causing I/O issues. Disable synchronisation in order to avoid any issues. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:28 -08:00
Mark Brown	11a17e56ac	ASoC: Mark WM5100 register map cache only when going into BIAS_OFF commit `e53e417331` upstream. Writing to the registers won't work if we do actually manage to hit a fully powered off state. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:27 -08:00
Jan Kara	358d013928	xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() commit `9b025eb3a8` upstream. Commit `b52a360b` forgot to call xfs_iunlock() when it detected corrupted symplink and bailed out. Fix it by jumping to 'out' instead of doing return. CC: Carlos Maiolino <cmaiolino@redhat.com> Signed-off-by: Jan Kara <jack@suse.cz> Reviewed-by: Alex Elder <elder@kernel.org> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:27 -08:00
Thomas Hellstrom	92d49a0e29	drm: Fix authentication kernel crash commit `598781d711` upstream. If the master tries to authenticate a client using drm_authmagic and that client has already closed its drm file descriptor, either wilfully or because it was terminated, the call to drm_authmagic will dereference a stale pointer into kmalloc'ed memory and corrupt it. Typically this results in a hard system hang. This patch fixes that problem by removing any authentication tokens (struct drm_magic_entry) open for a file descriptor when that file descriptor is closed. Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:26 -08:00
Alex Deucher	b3bed4ecc4	drm/radeon/kms: rework modeset sequence for DCE41 and DCE5 commit `3a47824d85` upstream. dig transmitter control table only has ENABLE/DISABLE actions on DCE4.1/DCE5. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=44955 Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:26 -08:00
Alex Deucher	deaac4ba38	drm/radeon/kms: move panel mode setup into encoder mode set commit `386d4d751e` upstream. Needs to happen earlier in the mode set. Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:25 -08:00
Alex Deucher	406f5c55aa	drm/radeon/kms: Add an MSI quirk for Dell RS690 commit `44517c4449` upstream. Interrupts only work with MSIs. https://bugs.freedesktop.org/show_bug.cgi?id=37679 Reported-by: Dmitry Podgorny <pasis.uax@gmail.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:25 -08:00
Tyler Hicks	1924fe5874	eCryptfs: Fix oops when printing debug info in extent crypto functions commit `58ded24f0f` upstream. If pages passed to the eCryptfs extent-based crypto functions are not mapped and the module parameter ecryptfs_verbosity=1 was specified at loading time, a NULL pointer dereference will occur. Note that this wouldn't happen on a production system, as you wouldn't pass ecryptfs_verbosity=1 on a production system. It leaks private information to the system logs and is for debugging only. The debugging info printed in these messages is no longer very useful and rather than doing a kmap() in these debugging paths, it will be better to simply remove the debugging paths completely. https://launchpad.net/bugs/913651 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:24 -08:00
Tyler Hicks	963f50802b	eCryptfs: Check inode changes in setattr commit `a261a03904` upstream. Most filesystems call inode_change_ok() very early in ->setattr(), but eCryptfs didn't call it at all. It allowed the lower filesystem to make the call in its ->setattr() function. Then, eCryptfs would copy the appropriate inode attributes from the lower inode to the eCryptfs inode. This patch changes that and actually calls inode_change_ok() on the eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call would happen earlier in ecryptfs_setattr(), but there are some possible inode initialization steps that must happen first. Since the call was already being made on the lower inode, the change in functionality should be minimal, except for the case of a file extending truncate call. In that case, inode_newsize_ok() was never being called on the eCryptfs inode. Rather than inode_newsize_ok() catching maximum file size errors early on, eCryptfs would encrypt zeroed pages and write them to the lower filesystem until the lower filesystem's write path caught the error in generic_write_checks(). This patch introduces a new function, called ecryptfs_inode_newsize_ok(), which checks if the new lower file size is within the appropriate limits when the truncate operation will be growing the lower file. In summary this change prevents eCryptfs truncate operations (and the resulting page encryptions), which would exceed the lower filesystem limits or FSIZE rlimits, from ever starting. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Li Wang <liwang@nudt.edu.cn> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:24 -08:00
Tyler Hicks	ccc10d459b	eCryptfs: Make truncate path killable commit `5e6f0d7690` upstream. ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a page, zeroes out the appropriate portions, and then encrypts the page before writing it to the lower filesystem. It was unkillable and due to the lack of sparse file support could result in tying up a large portion of system resources, while encrypting pages of zeros, with no way for the truncate operation to be stopped from userspace. This patch adds the ability for ecryptfs_write() to detect a pending fatal signal and return as gracefully as possible. The intent is to leave the lower file in a useable state, while still allowing a user to break out of the encryption loop. If a pending fatal signal is detected, the eCryptfs inode size is updated to reflect the modified inode size and then -EINTR is returned. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:23 -08:00
Tim Gardner	75d26d309c	ecryptfs: Improve metadata read failure logging commit `30373dc0c8` upstream. Print inode on metadata read failure. The only real way of dealing with metadata read failures is to delete the underlying file system file. Having the inode allows one to 'find . -inum INODE`. [tyhicks@canonical.com: Removed some minor not-for-stable parts] Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:23 -08:00
Tyler Hicks	2f46e90c60	eCryptfs: Sanitize write counts of /dev/ecryptfs commit `db10e55651` upstream. A malicious count value specified when writing to /dev/ecryptfs may result in a a very large kernel memory allocation. This patch peeks at the specified packet payload size, adds that to the size of the packet headers and compares the result with the write count value. The resulting maximum memory allocation size is approximately 532 bytes. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:22 -08:00
Takashi Iwai	d8643c8e87	ALSA: hda - Fix silent outputs from docking-station jacks of Dell laptops commit `b4ead019af` upstream. The recent change of the power-widget handling for IDT codecs caused the silent output from the docking-station line-out jack. This was partially fixed by the commit `f2cbba7602` "ALSA: hda - Fix the lost power-setup of seconary pins after PM resume". But the line-out on the docking-station is still silent when booted with the jack plugged even by this fix. The remainig bug is that the power-widget is set off in stac92xx_init() because the pins in cfg->line_out_pins[] aren't checked there properly but only hp_pins[] are checked in is_nid_hp_pin(). This patch fixes the problem by checking both HP and line-out pins and leaving the power-map correctly. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42637 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:22 -08:00
Takashi Iwai	f0e6e77be2	ALSA: hda - Fix buffer-alignment regression with Nvidia HDMI commit `52409aa6a0` upstream. The commit `2ae66c2655` ALSA: hda: option to enable arbitrary buffer/period sizes introduced a regression on machines with Intel controller and Nvidia HDMI. The reason is that the driver modifies the global variable align_buffer_size when an Intel controller is found, and the Nvidia HDMI controller is probed after Intel although Nvidia chips require the aligned buffers. This patch fixes the problem by moving the flag into the local struct so that it's not affected by other controllers. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42567 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-02-03 09:21:21 -08:00
Greg Kroah-Hartman	3499d6424f	Linux 3.2.2	2012-01-25 16:39:32 -08:00
Hugh Dickins	4556a6d95a	SHM_UNLOCK: fix Unevictable pages stranded after swap commit `245132643e` upstream. Commit `cc39c6a9bb` ("mm: account skipped entries to avoid looping in find_get_pages") correctly fixed an infinite loop; but left a problem that find_get_pages() on shmem would return 0 (appearing to callers to mean end of tree) when it meets a run of nr_pages swap entries. The only uses of find_get_pages() on shmem are via pagevec_lookup(), called from invalidate_mapping_pages(), and from shmctl SHM_UNLOCK's scan_mapping_unevictable_pages(). The first is already commented, and not worth worrying about; but the second can leave pages on the Unevictable list after an unusual sequence of swapping and locking. Fix that by using shmem_find_get_pages_and_swap() (then ignoring the swap) instead of pagevec_lookup(). But I don't want to contaminate vmscan.c with shmem internals, nor shmem.c with LRU locking. So move scan_mapping_unevictable_pages() into shmem.c, renaming it shmem_unlock_mapping(); and rename check_move_unevictable_page() to check_move_unevictable_pages(), looping down an array of pages, oftentimes under the same lock. Leave out the "rotate unevictable list" block: that's a leftover from when this was used for /proc/sys/vm/scan_unevictable_pages, whose flawed handling involved looking at pages at tail of LRU. Was there significance to the sequence first ClearPageUnevictable, then test page_evictable, then SetPageUnevictable here? I think not, we're under LRU lock, and have no barriers between those. Signed-off-by: Hugh Dickins <hughd@google.com> Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Minchan Kim <minchan.kim@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Shaohua Li <shaohua.li@intel.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michel Lespinasse <walken@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:59 -08:00
Hugh Dickins	2a4073c2bb	SHM_UNLOCK: fix long unpreemptible section commit `85046579bd` upstream. scan_mapping_unevictable_pages() is used to make SysV SHM_LOCKed pages evictable again once the shared memory is unlocked. It does this with pagevec_lookup()s across the whole object (which might occupy most of memory), and takes 300ms to unlock 7GB here. A cond_resched() every PAGEVEC_SIZE pages would be good. However, KOSAKI-san points out that this is called under shmem.c's info->lock, and it's also under shm.c's shm_lock(), both spinlocks. There is no strong reason for that: we need to take these pages off the unevictable list soonish, but those locks are not required for it. So move the call to scan_mapping_unevictable_pages() from shmem.c's unlock handling up to shm.c's unlock handling. Remove the recently added barrier, not needed now we have spin_unlock() before the scan. Use get_file(), with subsequent fput(), to make sure we have a reference to mapping throughout scan_mapping_unevictable_pages(): that's something that was previously guaranteed by the shm_lock(). Remove shmctl's lru_add_drain_all(): we don't fault in pages at SHM_LOCK time, and we lazily discover them to be Unevictable later, so it serves no purpose for SHM_LOCK; and serves no purpose for SHM_UNLOCK, since pages still on pagevec are not marked Unevictable. The original code avoided redundant rescans by checking VM_LOCKED flag at its level: now avoid them by checking shp's SHM_LOCKED. The original code called scan_mapping_unevictable_pages() on a locked area at shm_destroy() time: perhaps we once had accounting cross-checks which required that, but not now, so skip the overhead and just let inode eviction deal with them. Put check_move_unevictable_page() and scan_mapping_unevictable_pages() under CONFIG_SHMEM (with stub for the TINY case when ramfs is used), more as comment than to save space; comment them used for SHM_UNLOCK. Signed-off-by: Hugh Dickins <hughd@google.com> Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Minchan Kim <minchan.kim@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Shaohua Li <shaohua.li@intel.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michel Lespinasse <walken@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:59 -08:00
Stanislaw Gruszka	671f9c9e2f	iwlegacy: 3945: fix hw passive scan on radar channels commit `68acc4afb0` upstream. Patch fix firmware error on "iw dev wlan0 scan passive" for hardware scanning (with disable_hw_scan=0 module parameter). iwl3945 0000:03:00.0: Microcode SW error detected. Restarting 0x82000008. iwl3945 0000:03:00.0: Loaded firmware version: 15.32.2.9 iwl3945 0000:03:00.0: Start IWL Error Log Dump: iwl3945 0000:03:00.0: Status: 0x0002A2E4, count: 1 iwl3945 0000:03:00.0: Desc Time asrtPC blink2 ilink1 nmiPC Line iwl3945 0000:03:00.0: SYSASSERT (0x5) 0041263900 0x13756 0x0031C 0x00000 764 iwl3945 0000:03:00.0: Error Reply type 0x000002FC cmd C_SCAN (0x80) seq 0x443E ser 0x00340000 iwl3945 0000:03:00.0: Command C_SCAN failed: FW Error iwl3945 0000:03:00.0: Can't stop Rx DMA. We have disable ability to change passive scanning to active on particular channel when traffic is detected on that channel. Otherwise firmware will report error, when we try to do passive scan on radar channels. Reported-and-debugged-by: Pedro Francisco <pedrogfrancisco@gmail.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:59 -08:00
Wey-Yi Guy	fd7c0921d8	iwlagn: check for SMPS mode commit `b2ccccdca4` upstream. Check and report WARN only when its invalid Resolves: https://bugzilla.kernel.org/show_bug.cgi?id=42621 https://bugzilla.redhat.com/show_bug.cgi?id=766071 Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:59 -08:00
Michal Hocko	3a508e6e61	mm: fix NULL ptr dereference in __count_immobile_pages commit `687875fb7d` upstream. Fix the following NULL ptr dereference caused by cat /sys/devices/system/memory/memory0/removable Pid: 13979, comm: sed Not tainted 3.0.13-0.5-default #1 IBM BladeCenter LS21 -[7971PAM]-/Server Blade RIP: __count_immobile_pages+0x4/0x100 Process sed (pid: 13979, threadinfo ffff880221c36000, task ffff88022e788480) Call Trace: is_pageblock_removable_nolock+0x34/0x40 is_mem_section_removable+0x74/0xf0 show_mem_removable+0x41/0x70 sysfs_read_file+0xfe/0x1c0 vfs_read+0xc7/0x130 sys_read+0x53/0xa0 system_call_fastpath+0x16/0x1b We are crashing because we are trying to dereference NULL zone which came from pfn=0 (struct page ffffea0000000000). According to the boot log this page is marked reserved: e820 update range: 0000000000000000 - 0000000000010000 (usable) ==> (reserved) and early_node_map confirms that: early_node_map[3] active PFN ranges 1: 0x00000010 -> 0x0000009c 1: 0x00000100 -> 0x000bffa3 1: 0x00100000 -> 0x00240000 The problem is that memory_present works in PAGE_SECTION_MASK aligned blocks so the reserved range sneaks into the the section as well. This also means that free_area_init_node will not take care of those reserved pages and they stay uninitialized. When we try to read the removable status we walk through all available sections and hope that the zone is valid for all pages in the section. But this is not true in this case as the zone and nid are not initialized. We have only one node in this particular case and it is marked as node=1 (rather than 0) and that made the problem visible because page_to_nid will return 0 and there are no zones on the node. Let's check that the zone is valid and that the given pfn falls into its boundaries and mark the section not removable. This might cause some false positives, probably, but we do not have any sane way to find out whether the page is reserved by the platform or it is just not used for whatever other reasons. Signed-off-by: Michal Hocko <mhocko@suse.cz> Acked-by: Mel Gorman <mgorman@suse.de> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: David Rientjes <rientjes@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:59 -08:00
Will Deacon	bd1dc8b105	proc: clear_refs: do not clear reserved pages commit `85e72aa538` upstream. /proc/pid/clear_refs is used to clear the Referenced and YOUNG bits for pages and corresponding page table entries of the task with PID pid, which includes any special mappings inserted into the page tables in order to provide things like vDSOs and user helper functions. On ARM this causes a problem because the vectors page is mapped as a global mapping and since `ec706dab` ("ARM: add a vma entry for the user accessible vector page"), a VMA is also inserted into each task for this page to aid unwinding through signals and syscall restarts. Since the vectors page is required for handling faults, clearing the YOUNG bit (and subsequently writing a faulting pte) means that we lose the vectors page globally and cannot fault it back in. This results in a system deadlock on the next exception. To see this problem in action, just run: $ echo 1 > /proc/self/clear_refs on an ARM platform (as any user) and watch your system hang. I think this has been the case since 2.6.37 This patch avoids clearing the aforementioned bits for reserved pages, therefore leaving the vectors page intact on ARM. Since reserved pages are not candidates for swap, this change should not have any impact on the usefulness of clear_refs. Signed-off-by: Will Deacon <will.deacon@arm.com> Reported-by: Moussa Ba <moussaba@micron.com> Acked-by: Hugh Dickins <hughd@google.com> Cc: David Rientjes <rientjes@google.com> Cc: Russell King <rmk@arm.linux.org.uk> Acked-by: Nicolas Pitre <nico@linaro.org> Cc: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:58 -08:00
Ananth N Mavinakayanahalli	6ee7663e97	kprobes: initialize before using a hlist commit `d496aab567` upstream. Commit `ef53d9c5e` ("kprobes: improve kretprobe scalability with hashed locking") introduced a bug where we can potentially leak kretprobe_instances since we initialize a hlist head after having used it. Initialize the hlist head before using it. Reported by: Jim Keniston <jkenisto@us.ibm.com> Acked-by: Jim Keniston <jkenisto@us.ibm.com> Signed-off-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Srinivasa D S <srinivasa@in.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:57 -08:00
Jeff Layton	bdac3a105a	cifs: lower default wsize when unix extensions are not used commit `ce91acb3ac` upstream. We've had some reports of servers (namely, the Solaris in-kernel CIFS server) that don't deal properly with writes that are "too large" even though they set CAP_LARGE_WRITE_ANDX. Change the default to better mirror what windows clients do. Cc: Pavel Shilovsky <piastry@etersoft.ru> Reported-by: Nick Davis <phireph0x@yahoo.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:57 -08:00
Dan Rosenberg	5f4972712d	score: fix off-by-one index into syscall table commit `c25a785d66` upstream. If the provided system call number is equal to __NR_syscalls, the current check will pass and a function pointer just after the system call table may be called, since sys_call_table is an array with total size __NR_syscalls. Whether or not this is a security bug depends on what the compiler puts immediately after the system call table. It's likely that this won't do anything bad because there is an additional NULL check on the syscall entry, but if there happens to be a non-NULL value immediately after the system call table, this may result in local privilege escalation. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Chen Liqin <liqin.chen@sunplusct.com> Cc: Lennox Wu <lennox.wu@gmail.com> Cc: Eugene Teo <eugeneteo@kernel.sg> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:56 -08:00
Toshiharu Okada	8d73850001	i2c-eg20t: modified the setting of transfer rate. commit `ff35e8b189` upstream. This patch modified the setting value of I2C Bus Transfer Rate Setting Counter regisrer. Signed-off-by: Toshiharu Okada <toshiharu-linux@dsn.okisemi.com> Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:56 -08:00
Dave Chinner	afa2f5f83e	xfs: fix endian conversion issue in discard code commit `b1c770c273` upstream When finding the longest extent in an AG, we read the value directly out of the AGF buffer without endian conversion. This will give an incorrect length, resulting in FITRIM operations potentially not trimming everything that it should. Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Ben Myers <bpm@sgi.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:55 -08:00
Stanislaw Gruszka	e9651ec2db	rt2800pci: fix spurious interrupts generation commit `dfd00c4c8f` upstream. Same devices can generate interrupt without properly setting bit in INT_SOURCE_CSR register (spurious interrupt), what will cause IRQ line will be disabled by interrupts controller driver. We discovered that clearing INT_MASK_CSR stops such behaviour. We previously first read that register, and then clear all know interrupt sources bits and do not touch reserved bits. After this patch, we write to all register content (I believe writing to reserved bits on that register will not cause any problems, I tested that on my rt2800pci device). This fix very bad performance problem, practically making device unusable (since worked without interrupts), reported in: https://bugzilla.redhat.com/show_bug.cgi?id=658451 We previously tried to workaround that issue in commit `4ba7d99978` "rt2800pci: handle spurious interrupts", but it was reverted in commit `82e5fc2a34` as thing, that will prevent to detect real spurious interrupts. Reported-and-tested-by: Amir Hedayaty <hedayaty@gmail.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:55 -08:00
Felix Fietkau	b4a82a0a2e	ath9k_hw: fix interpretation of the rx KeyMiss flag commit `7a532fe713` upstream. Documentation states that the KeyMiss flag is only valid if RxFrameOK is unset, however empirical evidence has shown that this is false. When KeyMiss is set (and RxFrameOK is 1), the hardware passes a valid frame which has not been decrypted. The driver then falsely marks the frame as decrypted, and when using CCMP this corrupts the rx CCMP PN, leading to connection hangs. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:55 -08:00
Cliff Wickman	ebd11e15ac	x86/UV2: Work around BAU bug commit `c5d35d399e` upstream. This patch implements a workaround for a UV2 hardware bug. The bug is a non-atomic update of a memory-mapped register. When hardware message delivery and software message acknowledge occur simultaneously the pending message acknowledge for the arriving message may be lost. This causes the sender's message status to stay busy. Part of the workaround is to not acknowledge a completed message until it is verified that no other message is actually using the resource that is mistakenly recorded in the completed message. Part of the workaround is to test for long elapsed time in such a busy condition, then handle it by using a spare sending descriptor. The stay-busy condition is eventually timed out by hardware, and then the original sending descriptor can be re-used. Most of that logic change is in keeping track of the current descriptor and the state of the spares. The occurrences of the workaround are added to the BAU statistics. Signed-off-by: Cliff Wickman <cpw@sgi.com> Link: http://lkml.kernel.org/r/20120116211947.GC5767@sgi.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:53 -08:00
Cliff Wickman	5869dc3cc7	x86/UV2: Fix BAU destination timeout initialization commit `d059f9fa84` upstream. Move the call to enable_timeouts() forward so that BAU_MISC_CONTROL is initialized before using it in calculate_destination_timeout(). Fix the calculation of a BAU destination timeout for UV2 (in calculate_destination_timeout()). Signed-off-by: Cliff Wickman <cpw@sgi.com> Link: http://lkml.kernel.org/r/20120116211848.GB5767@sgi.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:53 -08:00
Cliff Wickman	4043409406	x86/UV2: Fix new UV2 hardware by using native UV2 broadcast mode commit `da87c937e5` upstream. Update the use of the Broadcast Assist Unit on SGI Altix UV2 to the use of native UV2 mode on new hardware (not the legacy mode). UV2 native mode has a different format for a broadcast message. We also need quick differentiaton between UV1 and UV2. Signed-off-by: Cliff Wickman <cpw@sgi.com> Link: http://lkml.kernel.org/r/20120116211750.GA5767@sgi.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:53 -08:00
Alexander Aring	a92ad2dcdc	I2C: OMAP: correct SYSC register offset for OMAP4 commit `2727b17539` upstream. Correct OMAP_I2C_SYSC_REG offset in omap4 register map. Offset 0x20 is reserved and OMAP_I2C_SYSC_REG has 0x10 as offset. Signed-off-by: Alexander Aring <a.aring@phytec.de> [khilman@ti.com: minor changelog edits] Signed-off-by: Kevin Hilman <khilman@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:52 -08:00
Steven Rostedt	8962e9fcab	tracepoints/module: Fix disabling tracepoints with taint CRAP or OOT commit `c10076c430` upstream. Tracepoints are disabled for tainted modules, which is usually because the module is either proprietary or was forced, and we don't want either of them using kernel tracepoints. But, a module can also be tainted by being in the staging directory or compiled out of tree. Either is fine for use with tracepoints, no need to punish them. I found this out when I noticed that my sample trace event module, when done out of tree, stopped working. Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Ben Hutchings <ben@decadent.org.uk> Cc: Dave Jones <davej@redhat.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:52 -08:00
Miroslav Slugen	8f3ceefaed	tuner: Fix numberspace conflict between xc4000 and pti 5nf05 tuners commit `cd4ca7afc6` upstream. Update xc4000 tuner definition, number 81 is already in use by TUNER_PARTSNIC_PTI_5NF05. Signed-off-by: Miroslav Slugen <thunder.mmm@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:51 -08:00
Miroslav Slugen	fe77de3ae1	cx88: fix: don't duplicate xc4000 entry for radio commit `b6854e3f31` upstream. All radio tuners in cx88 driver using same address for radio and tuner, so there is no need to probe it twice for same tuner and we can use radio_type UNSET, this also fix broken radio since kernel 2.6.39-rc1 for those tuners. Signed-off-by: Miroslav Slugen <thunder.mmm@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:51 -08:00
Miroslav Slugen	60dfee83be	cx23885-dvb: check if dvb_attach() succeded commit `a7c8aadad3` upstream. Fix possible null dereference for Leadtek DTV 3200H XC4000 tuner when no firmware file available. Signed-off-by: Miroslav Slugen <thunder.mmm@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:50 -08:00
Rafał Miłecki	c893fe01b3	bcma: invalidate the mapped core over suspend/resume commit `28e7d218da` upstream. This clears the currently mapped core when suspending, to force re-mapping after resume. Without that we were touching default core registers believing some other core is mapped. Such a behaviour resulted in lockups on some machines. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:50 -08:00
Roland Dreier	8967b2b814	target: Set additional sense length field in sense data commit `895f302252` upstream. The target code was not setting the additional sense length field in the sense data it returned, which meant that at least the Linux stack ignored the ASC/ASCQ fields. For example, without this patch, on a tcm_loop device: # sg_raw -v /dev/sda 2 0 0 0 0 0 gives cdb to send: 02 00 00 00 00 00 SCSI Status: Check Condition Sense Information: Fixed format, current; Sense key: Illegal Request Raw sense data (in hex): 70 00 05 00 00 00 00 00 while after the patch we correctly get the following (which matches what a regular disk returns): cdb to send: 02 00 00 00 00 00 SCSI Status: Check Condition Sense Information: Fixed format, current; Sense key: Illegal Request Additional sense: Invalid command operation code Raw sense data (in hex): 70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 00 00 00 Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:50 -08:00
Roland Dreier	9ce1ae0acd	target: Set response format in INQUIRY response commit `ce136176fe` upstream. Current SCSI specs say that the "response format" field in the standard INQUIRY response should be set to 2, and all the real SCSI devices I have do put 2 here. So let's do that too. Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:49 -08:00
Stratos Psomadakis	b328e18f8b	sym53c8xx: Fix NULL pointer dereference in slave_destroy commit `cced5041ed` upstream. sym53c8xx_slave_destroy unconditionally assumes that sym53c8xx_slave_alloc has succesesfully allocated a sym_lcb. This can lead to a NULL pointer dereference (exposed by commit `4e6c82b`). Signed-off-by: Stratos Psomadakis <psomas@gentoo.org> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:48 -08:00
Lin Ming	b9547c0e2f	ACPI: processor: fix acpi_get_cpuid for UP processor commit `d640113fe8` upstream. For UP processor, it is likely that no _MAT method or MADT table defined. So currently acpi_get_cpuid(...) always return -1 for UP processor. This is wrong. It should return valid value for CPU0. In the other hand, BIOS may define multiple CPU handles even for UP processor, for example Scope (_PR) { Processor (CPU0, 0x00, 0x00000410, 0x06) {} Processor (CPU1, 0x01, 0x00000410, 0x06) {} Processor (CPU2, 0x02, 0x00000410, 0x06) {} Processor (CPU3, 0x03, 0x00000410, 0x06) {} } We should only return valid value for CPU0's acpi handle. And return invalid value for others. http://marc.info/?t=132329819900003&r=1&w=2 Reported-and-tested-by: wallak@free.fr Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:48 -08:00
Lin Ming	0726687ca1	ACPICA: Put back the call to acpi_os_validate_address commit `da4d8b287a` upstream. The call to acpi_os_validate_address in acpi_ds_get_region_arguments was removed by mistake in commit 9ad19ac(ACPICA: Split large dsopcode and dsload.c files). Put it back. Reported-and-bisected-by: Luca Tettamanti <kronos.it@gmail.com> Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:48 -08:00
Kurt Garloff	a591555d5d	ACPI, ia64: Use SRAT table rev to use 8bit or 16/32bit PXM fields (ia64) commit `9f10f6a520` upstream. In SRAT v1, we had 8bit proximity domain (PXM) fields; SRAT v2 provides 32bits for these. The new fields were reserved before. According to the ACPI spec, the OS must disregrard reserved fields. ia64 did handle the PXM fields almost consistently, but depending on sgi's sn2 platform. This patch leaves the sn2 logic in, but does also use 16/32 bits for PXM if the SRAT has rev 2 or higher. The patch also adds __init to the two pxm accessor functions, as they access __initdata now and are called from an __init function only anyway. Note that the code only uses 16 bits for the PXM field in the processor proximity field; the patch does not address this as 16 bits are more than enough. Signed-off-by: Kurt Garloff <kurt@garloff.de> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:47 -08:00
Kurt Garloff	f318322990	ACPI, x86: Use SRAT table rev to use 8bit or 32bit PXM fields (x86/x86-64) commit `cd298f60a2` upstream. In SRAT v1, we had 8bit proximity domain (PXM) fields; SRAT v2 provides 32bits for these. The new fields were reserved before. According to the ACPI spec, the OS must disregrard reserved fields. x86/x86-64 was rather inconsistent prior to this patch; it used 8 bits for the pxm field in cpu_affinity, but 32 bits in mem_affinity. This patch makes it consistent: Either use 8 bits consistently (SRAT rev 1 or lower) or 32 bits (SRAT rev 2 or higher). cc: x86@kernel.org Signed-off-by: Kurt Garloff <kurt@garloff.de> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:47 -08:00
Kurt Garloff	45ed93deef	ACPI: Store SRAT table revision commit `8df0eb7c9d` upstream. In SRAT v1, we had 8bit proximity domain (PXM) fields; SRAT v2 provides 32bits for these. The new fields were reserved before. According to the ACPI spec, the OS must disregrard reserved fields. In order to know whether or not, we must know what version the SRAT table has. This patch stores the SRAT table revision for later consumption by arch specific __init functions. Signed-off-by: Kurt Garloff <kurt@garloff.de> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:46 -08:00
Shaohua Li	caa3e3bed0	intel_idle: fix API misuse commit `39a74fdedd` upstream. smp_call_function() only lets all other CPUs execute a specific function, while we expect all CPUs do in intel_idle. Without the fix, we could have one cpu which has auto_demotion enabled or has no broadcast timer setup. Usually we don't see impact because auto demotion just harms power and the intel_idle init is called in CPU 0, where boradcast timer delivers interrupt, but this still could be a problem. Signed-off-by: Shaohua Li <shaohua.li@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:46 -08:00
Thomas Renninger	872f97c4e0	intel idle: Make idle driver more robust commit `5c2a9f06a9` upstream. kvm -cpu host passes the original cpuid info to the guest. Latest kvm version seem to return true for mwait_leaf cpuid function on recent Intel CPUs. But it does not return mwait C-states (mwait_substates), instead zero is returned. While real CPUs seem to always return non-zero values, the intel idle driver should not get active in kvm (mwait_substates == 0) case and bail out. Otherwise a Null pointer exception will happen later when the cpuidle subsystem tries to get active: [0.984807] BUG: unable to handle kernel NULL pointer dereference at (null) [0.984807] IP: [<(null)>] (null) ... [0.984807][<ffffffff8143cf34>] ? cpuidle_idle_call+0xb4/0x340 [0.984807][<ffffffff8159e7bc>] ? __atomic_notifier_call_chain+0x4c/0x70 [0.984807][<ffffffff81001198>] ? cpu_idle+0x78/0xd0 Reference: https://bugzilla.novell.com/show_bug.cgi?id=726296 Signed-off-by: Thomas Renninger <trenn@suse.de> CC: Bruno Friedmann <bruno@ioda-net.ch> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:45 -08:00
Tetsuo Handa	f42395415b	TOMOYO: Accept \000 as a valid character. commit `25add8cf99` upstream. TOMOYO 2.5 in Linux 3.2 and later handles Unix domain socket's address. Thus, tomoyo_correct_word2() needs to accept \000 as a valid character, or TOMOYO 2.5 cannot handle Unix domain's abstract socket address. Reported-by: Steven Allen <steven@stebalien.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:45 -08:00
David Henningsson	3991280f95	ALSA: HDA: Fix internal microphone on Dell Studio 16 XPS 1645 commit `ffe535edb9` upstream. More than one user reports that changing the model from "both" to "dmic" makes their Internal Mic work. Tested-by: Martin Ling <martin-launchpad@earth.li> BugLink: https://bugs.launchpad.net/bugs/795823 Signed-off-by: David Henningsson <david.henningsson@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:44 -08:00
Clemens Ladisch	c1f9335c01	ALSA: virtuoso: Xonar DS: fix polarity of front output commit `f0e48b6bd4` upstream. The two DACs for the front output and the surround/center/LFE/back outputs are wired up out of phase, so when channels are duplicated, their sound can cancel out each other and result in a weaker bass response. To fix this, reverse the polarity of the neutron flow to the front output. Reported-any-tested-by: Daniel Hill <daniel@enemyplanet.geek.nz> Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:44 -08:00
David Henningsson	2f1bce58c2	ALSA: HDA: Use LPIB position fix for Macbook Pro 7,1 commit `b01de4fb40` upstream. Several users have reported "choppy" audio under the 3.2 kernel, and that changing position_fix to 1 has resolved their problem. The chip is an nVidia Corporation MCP89 High Definition Audio, [10de:0d94] (rev a2). BugLink: https://bugs.launchpad.net/bugs/909419 Signed-off-by: David Henningsson <david.henningsson@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:44 -08:00
Linus Torvalds	4d96a0c102	proc: clean up and fix /proc/<pid>/mem handling commit `e268337dfe` upstream. Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very robust, and it also doesn't match the permission checking of any of the other related files. This changes it to do the permission checks at open time, and instead of tracking the process, it tracks the VM at the time of the open. That simplifies the code a lot, but does mean that if you hold the file descriptor open over an execve(), you'll continue to read from the _old_ VM. That is different from our previous behavior, but much simpler. If somebody actually finds a load where this matters, we'll need to revert this commit. I suspect that nobody will ever notice - because the process mapping addresses will also have changed as part of the execve. So you cannot actually usefully access the fd across a VM change simply because all the offsets for IO would have changed too. Reported-by: Jüri Aedla <asd@ut.ee> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:43 -08:00
Paolo Bonzini	10f176d299	dm: do not forward ioctls from logical volumes to the underlying device commit `ec8013bedd` upstream. A logical volume can map to just part of underlying physical volume. In this case, it must be treated like a partition. Based on a patch from Alasdair G Kergon. Cc: Alasdair G Kergon <agk@redhat.com> Cc: dm-devel@redhat.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:42 -08:00
Paolo Bonzini	d33310de0d	block: fail SCSI passthrough ioctls on partition devices commit `0bfc96cb77` upstream. [ Changes with respect to 3.3: return -ENOTTY from scsi_verify_blk_ioctl and -ENOIOCTLCMD from sd_compat_ioctl. ] Linux allows executing the SG_IO ioctl on a partition or LVM volume, and will pass the command to the underlying block device. This is well-known, but it is also a large security problem when (via Unix permissions, ACLs, SELinux or a combination thereof) a program or user needs to be granted access only to part of the disk. This patch lets partitions forward a small set of harmless ioctls; others are logged with printk so that we can see which ioctls are actually sent. In my tests only CDROM_GET_CAPABILITY actually occurred. Of course it was being sent to a (partition on a) hard disk, so it would have failed with ENOTTY and the patch isn't changing anything in practice. Still, I'm treating it specially to avoid spamming the logs. In principle, this restriction should include programs running with CAP_SYS_RAWIO. If for example I let a program access /dev/sda2 and /dev/sdb, it still should not be able to read/write outside the boundaries of /dev/sda2 independent of the capabilities. However, for now programs with CAP_SYS_RAWIO will still be allowed to send the ioctls. Their actions will still be logged. This patch does not affect the non-libata IDE driver. That driver however already tests for bd != bd->bd_contains before issuing some ioctl; it could be restricted further to forbid these ioctls even for programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO. Cc: linux-scsi@vger.kernel.org Cc: Jens Axboe <axboe@kernel.dk> Cc: James Bottomley <JBottomley@parallels.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [ Make it also print the command name when warning - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:42 -08:00
Paolo Bonzini	36a7ce632f	block: add and use scsi_blk_cmd_ioctl commit `577ebb374c` upstream. Introduce a wrapper around scsi_cmd_ioctl that takes a block device. The function will then be enhanced to detect partition block devices and, in that case, subject the ioctls to whitelisting. Cc: linux-scsi@vger.kernel.org Cc: Jens Axboe <axboe@kernel.dk> Cc: James Bottomley <JBottomley@parallels.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:42 -08:00
Martin Schwidefsky	ca4a557300	fix cputime overflow in uptime_proc_show commit `c3e0ef9a29` upstream. For 32-bit architectures using standard jiffies the idletime calculation in uptime_proc_show will quickly overflow. It takes (2^32 / HZ) seconds of idle-time, or e.g. 12.45 days with no load on a quad-core with HZ=1000. Switch to 64-bit calculations. Cc: Michael Abbott <michael.abbott@diamond.ac.uk> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:41 -08:00
Masatoshi Hoshikawa	b44d4773ae	HID: hid-multitouch: add support 9 new Xiroku devices commit `11576c6114` upstream. This patch adds support for the Xiroku Inc. panels (SPX/MPX/CSR/etc.). Signed-off-by: Masatoshi Hoshikawa <hoshikawa@xiroku.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:41 -08:00
Benjamin Tissoires	087a51c4c1	HID: multitouch: add support for 3M 32" commit `c4fad877cd` upstream. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Acked-by: Henrik Rydberg <rydberg@euromail.se> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:40 -08:00
Benjamin Tissoires	990848a5b6	HID: multitouch: add support of Atmel multitouch panels commit `b105712469` upstream. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Acked-by: Henrik Rydberg <rydberg@euromail.se> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:40 -08:00
Benjamin Tissoires	45bc79a2dc	HID: hid-multitouch: add support for new Hanvon panels commit `545803651d` upstream. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr> Acked-by: Henrik Rydberg <rydberg@euromail.se> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:39 -08:00
Benjamin Tissoires	020aef897a	HID: multitouch: add support for the MSI Windpad 110W commit `66f06127f3` upstream. Just another eGalax device. Please note that adding this device to have_special_driver in hid-core.c is not required anymore. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:39 -08:00
Marek Vasut	00ba434244	HID: multitouch: Add egalax ID for Acer Iconia W500 commit `bb9ff21072` upstream. This patch adds USB ID for the touchpanel in Acer Iconia W500. The panel supports up to five fingers, therefore the need for a new addition of panel types. Signed-off-by: Marek Vasut <marek.vasut@gmail.com> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:38 -08:00
Benjamin Tissoires	13ceb211f7	HID: multitouch: cleanup with eGalax PID definitions commit `e36f690b37` upstream. This is just a renaming of USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH{N} to USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_{PID} to handle more eGalax devices. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:38 -08:00
Chris Bagwell	67285c330d	HID: hid-multitouch - add another eGalax id commit `1fd8f04749` upstream. This allows ASUS Eee Slate touchscreens to work. Signed-off-by: Chris Bagwell <chris@cnpbagwell.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:38 -08:00
Johannes Berg	5cb46f3196	mac80211: revert on-channel work optimisations commit `e76aadc572` upstream. Backport note: This patch it's a full revert of commit `b23b025f` "mac80211: Optimize scans on current operating channel.". On upstrem revert `e76aadc5` we keep some bits from that commit, which are needed for upstream version of mac80211. The on-channel work optimisations have caused a number of issues, and the code is unfortunately very complex and almost impossible to follow. Instead of attempting to put in more workarounds let's just remove those optimisations, we can work on them again later, after we change the whole auth/assoc design. This should fix rate_control_send_low() warnings, see RH bug 731365. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:37 -08:00
Peng Tao	b4e8ff2994	pnfsblock: limit bio page count commit `74a6eeb44c` upstream. One bio can have at most BIO_MAX_PAGES pages. We should limit it bec otherwise bio_alloc will fail when there are many pages in one read/write_pagelist. Signed-off-by: Peng Tao <peng_tao@emc.com> Signed-off-by: Benny Halevy <bhalevy@tonian.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:37 -08:00
Peng Tao	7e0f9f47b4	pnfsblock: don't spinlock when freeing block_dev commit `93a3844ee0` upstream. bl_free_block_dev() may sleep. We can not call it with spinlock held. Besides, there is no need to take bm_lock as we are last user freeing bm_devlist. Signed-off-by: Peng Tao <peng_tao@emc.com> Signed-off-by: Benny Halevy <bhalevy@tonian.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:36 -08:00
Peng Tao	ae6481331e	pnfsblock: acquire im_lock in _preload_range commit `39e567ae36` upstream. When calling _add_entry, we should take the im_lock to protect agains other modifiers. Signed-off-by: Peng Tao <peng_tao@emc.com> Signed-off-by: Benny Halevy <bhalevy@tonian.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:36 -08:00
Miklos Szeredi	1f489b2d82	fix shrink_dcache_parent() livelock commit `eaf5f90735` upstream. Two (or more) concurrent calls of shrink_dcache_parent() on the same dentry may cause shrink_dcache_parent() to loop forever. Here's what appears to happen: 1 - CPU0: select_parent(P) finds C and puts it on dispose list, returns 1 2 - CPU1: select_parent(P) locks P->d_lock 3 - CPU0: shrink_dentry_list() locks C->d_lock dentry_kill(C) tries to lock P->d_lock but fails, unlocks C->d_lock 4 - CPU1: select_parent(P) locks C->d_lock, moves C from dispose list being processed on CPU0 to the new dispose list, returns 1 5 - CPU0: shrink_dentry_list() finds dispose list empty, returns 6 - Goto 2 with CPU0 and CPU1 switched Basically select_parent() steals the dentry from shrink_dentry_list() and thinks it found a new one, causing shrink_dentry_list() to think it's making progress and loop over and over. One way to trigger this is to make udev calls stat() on the sysfs file while it is going away. Having a file in /lib/udev/rules.d/ with only this one rule seems to the trick: ATTR{vendor}=="0x8086", ATTR{device}=="0x10ca", ENV{PCI_SLOT_NAME}="%k", ENV{MATCHADDR}="$attr{address}", RUN+="/bin/true" Then execute the following loop: while true; do echo -bond0 > /sys/class/net/bonding_masters echo +bond0 > /sys/class/net/bonding_masters echo -bond1 > /sys/class/net/bonding_masters echo +bond1 > /sys/class/net/bonding_masters done One fix would be to check all callers and prevent concurrent calls to shrink_dcache_parent(). But I think a better solution is to stop the stealing behavior. This patch adds a new dentry flag that is set when the dentry is added to the dispose list. The flag is cleared in dentry_lru_del() in case the dentry gets a new reference just before being pruned. If the dentry has this flag, select_parent() will skip it and let shrink_dentry_list() retry pruning it. With select_parent() skipping those dentries there will not be the appearance of progress (new dentries found) when there is none, hence shrink_dcache_parent() will not loop forever. Set the flag is also set in prune_dcache_sb() for consistency as suggested by Linus. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:35 -08:00
Dave Chinner	9ba5dc56ab	dcache: use a dispose list in select_parent commit `b48f03b319` upstream. select_parent currently abuses the dentry cache LRU to provide cleanup features for child dentries that need to be freed. It moves them to the tail of the LRU, then tells shrink_dcache_parent() to calls __shrink_dcache_sb to unconditionally move them to a dispose list (as DCACHE_REFERENCED is ignored). __shrink_dcache_sb() has to relock the dentries to move them off the LRU onto the dispose list, but otherwise does not touch the dentries that select_parent() moved to the tail of the LRU. It then passses the dispose list to shrink_dentry_list() which tries to free the dentries. IOWs, the use of __shrink_dcache_sb() is superfluous - we can build exactly the same list of dentries for disposal directly in select_parent() and call shrink_dentry_list() instead of calling __shrink_dcache_sb() to do that. This means that we avoid long holds on the lru lock walking the LRU moving dentries to the dispose list We also avoid the need to relock each dentry just to move it off the LRU, reducing the numebr of times we lock each dentry to dispose of them in shrink_dcache_parent() from 3 to 2 times. Further, we remove one of the two callers of __shrink_dcache_sb(). This also means that __shrink_dcache_sb can be moved into back into prune_dcache_sb() and we no longer have to handle referenced dentries conditionally, simplifying the code. Signed-off-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:35 -08:00
Haogang Chen	053ae10f55	uvcvideo: Fix integer overflow in uvc_ioctl_ctrl_map() commit `806e23e95f` upstream. There is a potential integer overflow in uvc_ioctl_ctrl_map(). When a large xmap->menu_count is passed from the userspace, the subsequent call to kmalloc() will allocate a buffer smaller than expected. map->menu_count and map->menu_info would later be used in a loop (e.g. in uvc_query_v4l2_ctrl), which leads to out-of-bound access. The patch checks the ioctl argument and returns -EINVAL for zero or too large values in xmap->menu_count. Signed-off-by: Haogang Chen <haogangchen@gmail.com> [laurent.pinchart@ideasonboard.com Prevent excessive memory consumption] Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:34 -08:00
David Daney	29ea3528d4	recordmcount: Fix handling of elf64 big-endian objects. commit `2e885057b7` upstream. In ELF64, the sh_flags field is 64-bits wide. recordmcount was erroneously treating it as a 32-bit wide field. For little endian objects this works because the flags of interest (SHF_EXECINSTR) reside in the lower 32 bits of the word, and you get the same result with either a 32-bit or 64-bit read. Big endian objects on the other hand do not work at all with this error. The fix: Correctly treat sh_flags as 64-bits wide in elf64 objects. The symptom I observed was that my __start_mcount_loc..__stop_mcount_loc was empty even though ftrace function tracing was enabled. Link: http://lkml.kernel.org/r/1324345362-12230-1-git-send-email-ddaney.cavm@gmail.com Signed-off-by: David Daney <david.daney@cavium.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:34 -08:00
Jack Steiner	4f62b2e511	x86, UV: Update Boot messages for SGI UV2 platform commit `da517a08ac` upstream. SGI UV systems print a message during boot: UV: Found <num> blades Due to packaging changes, the blade count is not accurate for on the next generation of the platform. This patch corrects the count. Signed-off-by: Jack Steiner <steiner@sgi.com> Link: http://lkml.kernel.org/r/20120106191900.GA19772@sgi.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:33 -08:00
Miklos Szeredi	a8b1c0addb	fsnotify: don't BUG in fsnotify_destroy_mark() commit `fed474857e` upstream. Removing the parent of a watched file results in "kernel BUG at fs/notify/mark.c:139". To reproduce add "-w /tmp/audit/dir/watched_file" to audit.rules rm -rf /tmp/audit/dir This is caused by fsnotify_destroy_mark() being called without an extra reference taken by the caller. Reported by Francesco Cosoleto here: https://bugzilla.novell.com/show_bug.cgi?id=689860 Fix by removing the BUG_ON and adding a comment about not accessing mark after the iput. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:33 -08:00
Sasha Levin	6437ff72d1	nfsd: Fix oops when parsing a 0 length export commit `b2ea70afad` upstream. expkey_parse() oopses when handling a 0 length export. This is easily triggerable from usermode by writing 0 bytes into '/proc/[proc id]/net/rpc/nfsd.fh/channel'. Below is the log: [ 1402.286893] BUG: unable to handle kernel paging request at ffff880077c49fff [ 1402.287632] IP: [<ffffffff812b4b99>] expkey_parse+0x28/0x2e1 [ 1402.287632] PGD 2206063 PUD 1fdfd067 PMD 1ffbc067 PTE 8000000077c49160 [ 1402.287632] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 1402.287632] CPU 1 [ 1402.287632] Pid: 20198, comm: trinity Not tainted 3.2.0-rc2-sasha-00058-gc65cd37 #6 [ 1402.287632] RIP: 0010:[<ffffffff812b4b99>] [<ffffffff812b4b99>] expkey_parse+0x28/0x2e1 [ 1402.287632] RSP: 0018:ffff880077f0fd68 EFLAGS: 00010292 [ 1402.287632] RAX: ffff880077c49fff RBX: 00000000ffffffea RCX: 0000000001043400 [ 1402.287632] RDX: 0000000000000000 RSI: ffff880077c4a000 RDI: ffffffff82283de0 [ 1402.287632] RBP: ffff880077f0fe18 R08: 0000000000000001 R09: ffff880000000000 [ 1402.287632] R10: 0000000000000000 R11: 0000000000000001 R12: ffff880077c4a000 [ 1402.287632] R13: ffffffff82283de0 R14: 0000000001043400 R15: ffffffff82283de0 [ 1402.287632] FS: 00007f25fec3f700(0000) GS:ffff88007d400000(0000) knlGS:0000000000000000 [ 1402.287632] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 1402.287632] CR2: ffff880077c49fff CR3: 0000000077e1d000 CR4: 00000000000406e0 [ 1402.287632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1402.287632] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1402.287632] Process trinity (pid: 20198, threadinfo ffff880077f0e000, task ffff880077db17b0) [ 1402.287632] Stack: [ 1402.287632] ffff880077db17b0 ffff880077c4a000 ffff880077f0fdb8 ffffffff810b411e [ 1402.287632] ffff880000000000 ffff880077db17b0 ffff880077c4a000 ffffffff82283de0 [ 1402.287632] 0000000001043400 ffffffff82283de0 ffff880077f0fde8 ffffffff81111f63 [ 1402.287632] Call Trace: [ 1402.287632] [<ffffffff810b411e>] ? lock_release+0x1af/0x1bc [ 1402.287632] [<ffffffff81111f63>] ? might_fault+0x97/0x9e [ 1402.287632] [<ffffffff81111f1a>] ? might_fault+0x4e/0x9e [ 1402.287632] [<ffffffff81a8bcf2>] cache_do_downcall+0x3e/0x4f [ 1402.287632] [<ffffffff81a8c950>] cache_write.clone.16+0xbb/0x130 [ 1402.287632] [<ffffffff81a8c9df>] ? cache_write_pipefs+0x1a/0x1a [ 1402.287632] [<ffffffff81a8c9f8>] cache_write_procfs+0x19/0x1b [ 1402.287632] [<ffffffff8118dc54>] proc_reg_write+0x8e/0xad [ 1402.287632] [<ffffffff8113fe81>] vfs_write+0xaa/0xfd [ 1402.287632] [<ffffffff8114142d>] ? fget_light+0x35/0x9e [ 1402.287632] [<ffffffff8113ff8b>] sys_write+0x48/0x6f [ 1402.287632] [<ffffffff81bbdb92>] system_call_fastpath+0x16/0x1b [ 1402.287632] Code: c0 c9 c3 55 48 63 d2 48 89 e5 48 8d 44 32 ff 41 57 41 56 41 55 41 54 53 bb ea ff ff ff 48 81 ec 88 00 00 00 48 89 b5 58 ff ff ff [ 1402.287632] 38 0a 0f 85 89 02 00 00 c6 00 00 48 8b 3d 44 4a e5 01 48 85 [ 1402.287632] RIP [<ffffffff812b4b99>] expkey_parse+0x28/0x2e1 [ 1402.287632] RSP <ffff880077f0fd68> [ 1402.287632] CR2: ffff880077c49fff [ 1402.287632] ---[ end trace 368ef53ff773a5e3 ]--- Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Neil Brown <neilb@suse.de> Cc: linux-nfs@vger.kernel.org Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:33 -08:00
J. Bruce Fields	4c5ecfd2e1	nfsd4: fix lockowner matching commit `b93d87c198` upstream. Lockowners are looked up by file as well as by owner, but we were forgetting to do a comparison on the file. This could cause an incorrect result from lockt. (Note looking up the inode from the lockowner is pretty awkward here. The data structures need fixing.) Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:32 -08:00
J. Bruce Fields	dd96317396	svcrpc: avoid memory-corruption on pool shutdown commit `b4f36f88b3` upstream. Socket callbacks use svc_xprt_enqueue() to add an xprt to a pool->sp_sockets list. In normal operation a server thread will later come along and take the xprt off that list. On shutdown, after all the threads have exited, we instead manually walk the sv_tempsocks and sv_permsocks lists to find all the xprt's and delete them. So the sp_sockets lists don't really matter any more. As a result, we've mostly just ignored them and hoped they would go away. Which has gotten us into trouble; witness for example `ebc63e531c` "svcrpc: fix list-corrupting race on nfsd shutdown", the result of Ben Greear noticing that a still-running svc_xprt_enqueue() could re-add an xprt to an sp_sockets list just before it was deleted. The fix was to remove it from the list at the end of svc_delete_xprt(). But that only made corruption less likely--I can see nothing that prevents a svc_xprt_enqueue() from adding another xprt to the list at the same moment that we're removing this xprt from the list. In fact, despite the earlier xpo_detach(), I don't even see what guarantees that svc_xprt_enqueue() couldn't still be running on this xprt. So, instead, note that svc_xprt_enqueue() essentially does: lock sp_lock if XPT_BUSY unset add to sp_sockets unlock sp_lock So, if we do: set XPT_BUSY on every xprt. Empty every sp_sockets list, under the sp_socks locks. Then we're left knowing that the sp_sockets lists are all empty and will stay that way, since any svc_xprt_enqueue() will check XPT_BUSY under the sp_lock and see it set. And then we can continue deleting the xprt's. (Thanks to Jeff Layton for being correctly suspicious of this code....) Cc: Ben Greear <greearb@candelatech.com> Cc: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:32 -08:00
J. Bruce Fields	0832fe15fc	svcrpc: destroy server sockets all at once commit `2fefb8a09e` upstream. There's no reason I can see that we need to call sv_shutdown between closing the two lists of sockets. Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:31 -08:00
J. Bruce Fields	bcf641763c	svcrpc: fix double-free on shutdown of nfsd after changing pool mode commit `61c8504c42` upstream. The pool_to and to_pool fields of the global svc_pool_map are freed on shutdown, but are initialized in nfsd startup only in the SVC_POOL_PERCPU and SVC_POOL_PERNODE cases. They are initialized to zero on kernel startup. So as long as you use only SVC_POOL_GLOBAL (the default), this will never be a problem. You're also OK if you only ever use SVC_POOL_PERCPU or SVC_POOL_PERNODE. However, the following sequence events leads to a double-free: 1. set SVC_POOL_PERCPU or SVC_POOL_PERNODE 2. start nfsd: both fields are initialized. 3. shutdown nfsd: both fields are freed. 4. set SVC_POOL_GLOBAL 5. start nfsd: the fields are left untouched. 6. shutdown nfsd: now we try to free them again. Step 4 is actually unnecessary, since (for some bizarre reason), nfsd automatically resets the pool mode to SVC_POOL_GLOBAL on shutdown. Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:31 -08:00
Steven Rostedt	b20b30d4d3	kconfig/streamline-config.pl: Fix parsing Makefile with variables commit `364212fdda` upstream. Thomas Lange reported that when he did a 'make localmodconfig', his config was missing the brcmsmac driver, even though he had the module loaded. Looking into this, I found the file: drivers/net/wireless/brcm80211/brcmsmac/Makefile had the following in the Makefile: MODULEPFX := brcmsmac obj-$(CONFIG_BRCMSMAC) += $(MODULEPFX).o The way streamline-config.pl works, is parsing all the obj-$(CONFIG_FOO) += foo.o lines to find that CONFIG_FOO belongs to the module foo.ko. But in this case, the brcmsmac.o was not used, but a variable in its place. By changing streamline-config.pl to remember defined variables in Makefiles and substituting them when they are used in the obj-X lines, allows Thomas (and others) to have their brcmsmac module stay configured when it is loaded and running "make localmodconfig". Reported-by: Thomas Lange <thomas-lange2@gmx.de> Tested-by: Thomas Lange <thomas-lange2@gmx.de> Cc: Arend van Spriel <arend@broadcom.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:30 -08:00
Steven Rostedt	336f4a0f50	kconfig/streamline-config.pl: Simplify backslash line concatination commit `d060d963e8` upstream. Simplify the way lines ending with backslashes (continuation) in Makefiles is parsed. This is needed to implement a necessary fix. Tested-by: Thomas Lange <thomas-lange2@gmx.de> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:30 -08:00
Jiri Olsa	afe62ad1ea	ftrace: Fix unregister ftrace_ops accounting commit `30fb6aa740` upstream. Multiple users of the function tracer can register their functions with the ftrace_ops structure. The accounting within ftrace will update the counter on each function record that is being traced. When the ftrace_ops filtering adds or removes functions, the function records will be updated accordingly if the ftrace_ops is still registered. When a ftrace_ops is removed, the counter of the function records, that the ftrace_ops traces, are decremented. When they reach zero the functions that they represent are modified to stop calling the mcount code. When changes are made, the code is updated via stop_machine() with a command passed to the function to tell it what to do. There is an ENABLE and DISABLE command that tells the called function to enable or disable the functions. But the ENABLE is really a misnomer as it should just update the records, as records that have been enabled and now have a count of zero should be disabled. The DISABLE command is used to disable all functions regardless of their counter values. This is the big off switch and is not the complement of the ENABLE command. To make matters worse, when a ftrace_ops is unregistered and there is another ftrace_ops registered, neither the DISABLE nor the ENABLE command are set when calling into the stop_machine() function and the records will not be updated to match their counter. A command is passed to that function that will update the mcount code to call the registered callback directly if it is the only one left. This means that the ftrace_ops that is still registered will have its callback called by all functions that have been set for it as well as the ftrace_ops that was just unregistered. Here's a way to trigger this bug. Compile the kernel with CONFIG_FUNCTION_PROFILER set and with CONFIG_FUNCTION_GRAPH not set: CONFIG_FUNCTION_PROFILER=y # CONFIG_FUNCTION_GRAPH is not set This will force the function profiler to use the function tracer instead of the function graph tracer. # cd /sys/kernel/debug/tracing # echo schedule > set_ftrace_filter # echo function > current_tracer # cat set_ftrace_filter schedule # cat trace # tracer: nop # # entries-in-buffer/entries-written: 692/68108025 #P:4 # # _-----=> irqs-off # / _----=> need-resched # \| / _---=> hardirq/softirq # \|\| / _--=> preempt-depth # \|\|\| / delay # TASK-PID CPU# \|\|\|\| TIMESTAMP FUNCTION # \| \| \| \|\|\|\| \| \| kworker/0:2-909 [000] .... 531.235574: schedule <-worker_thread <idle>-0 [001] .N.. 531.235575: schedule <-cpu_idle kworker/0:2-909 [000] .... 531.235597: schedule <-worker_thread sshd-2563 [001] .... 531.235647: schedule <-schedule_hrtimeout_range_clock # echo 1 > function_profile_enabled # echo 0 > function_porfile_enabled # cat set_ftrace_filter schedule # cat trace # tracer: function # # entries-in-buffer/entries-written: 159701/118821262 #P:4 # # _-----=> irqs-off # / _----=> need-resched # \| / _---=> hardirq/softirq # \|\| / _--=> preempt-depth # \|\|\| / delay # TASK-PID CPU# \|\|\|\| TIMESTAMP FUNCTION # \| \| \| \|\|\|\| \| \| <idle>-0 [002] ...1 604.870655: local_touch_nmi <-cpu_idle <idle>-0 [002] d..1 604.870655: enter_idle <-cpu_idle <idle>-0 [002] d..1 604.870656: atomic_notifier_call_chain <-enter_idle <idle>-0 [002] d..1 604.870656: __atomic_notifier_call_chain <-atomic_notifier_call_chain The same problem could have happened with the trace_probe_ops, but they are modified with the set_frace_filter file which does the update at closure of the file. The simple solution is to change ENABLE to UPDATE and call it every time an ftrace_ops is unregistered. Link: http://lkml.kernel.org/r/1323105776-26961-3-git-send-email-jolsa@redhat.com Signed-off-by: Jiri Olsa <jolsa@redhat.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:29 -08:00
Gleb Natapov	802f43594d	Unused iocbs in a batch should not be accounted as active. commit `69e4747ee9` upstream. Since commit `080d676de0` ("aio: allocate kiocbs in batches") iocbs are allocated in a batch during processing of first iocbs. All iocbs in a batch are automatically added to ctx->active_reqs list and accounted in ctx->reqs_active. If one (not the last one) of iocbs submitted by an user fails, further iocbs are not processed, but they are still present in ctx->active_reqs and accounted in ctx->reqs_active. This causes process to stuck in a D state in wait_for_all_aios() on exit since ctx->reqs_active will never go down to zero. Furthermore since kiocb_batch_free() frees iocb without removing it from active_reqs list the list become corrupted which may cause oops. Fix this by removing iocb from ctx->active_reqs and updating ctx->reqs_active in kiocb_batch_free(). Signed-off-by: Gleb Natapov <gleb@redhat.com> Reviewed-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:29 -08:00
Dan Carpenter	bb9b57cc54	V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() commit `6c06108be5` upstream. If ctrls->count is too high the multiplication could overflow and array_size would be lower than expected. Mauro and Hans Verkuil suggested that we cap it at 1024. That comes from the maximum number of controls with lots of room for expantion. $ grep V4L2_CID include/linux/videodev2.h \| wc -l 211 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:29 -08:00
Alexander Elbs	37cd47c536	mmc: sd: Fix SDR12 timing regression commit `dd8df17fe8` upstream. This patch fixes a failure to recognize SD cards reported on a Dell Vostro with O2 Micro SD card reader. Patch `49c468f` ("mmc: sd: add support for uhs bus speed mode selection") caused the problem, by setting the SDHCI_CTRL_HISPD flag even for legacy timings. Signed-off-by: Alexander Elbs <alex@segv.de> Acked-by: Philip Rakity <prakity@marvell.com> Acked-by: Arindam Nath <arindam.nath@amd.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:28 -08:00
Aaron Lu	5b39b6d126	mmc: sdhci: Fix tuning timer incorrect setting when suspending host commit `c6ced0db08` upstream. When suspending host, the tuning timer shoule be deactivated. And the HOST_NEEDS_TUNING flag should be set after tuning timer is deactivated. Signed-off-by: Philip Rakity <prakity@marvell.com> Signed-off-by: Aaron Lu <aaron.lu@amd.com> Acked-by: Adrian Hunter <adrian.hunter@intel.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:27 -08:00
Girish K S	4ed074c646	mmc: core: Fix voltage select in DDR mode commit `913047e9e5` upstream. This patch fixes the wrong comparison before setting the interface voltage in DDR mode. The assignment to the variable ddr before comaprison is either ddr = MMC_1_2V_DDR_MODE; or ddr == MMC_1_8V_DDR_MODE. But the comparison is done with the extended csd value if ddr == EXT_CSD_CARD_TYPE_DDR_1_2V. Signed-off-by: Girish K S <girish.shivananjappa@linaro.org> Acked-by: Subhash Jadavani <subhashj@codeaurora.org> Acked-by: Philip Rakity <prakity@marvell.com> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:27 -08:00
Jean Delvare	69b97cf56b	i2c: Fix error value returned by several bus drivers commit `7c1f59c9d5` upstream. When adding checks for ACPI resource conflicts to many bus drivers, not enough attention was paid to the error paths, and for several drivers this causes 0 to be returned on error in some cases. Fix this by properly returning a non-zero value on every error. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:27 -08:00
Artem Bityutskiy	172b291a15	UBIFS: make debugging messages light again commit `1f5d78dc48` upstream. We switch to dynamic debugging in commit `56e46742e8` but did not take into account that now we do not control anymore whether a specific message is enabled or not. So now we lock the "dbg_lock" and release it in every debugging macro, which make them not so light-weight. This commit removes the "dbg_lock" protection from the debugging macros to fix the issue. The downside is that now our DBGKEY() stuff is broken, but this is not critical at all and will be fixed later. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:26 -08:00
Artem Bityutskiy	6aeb366d6a	UBIFS: fix debugging messages commit `d34315da91` upstream. Patch `56e46742e8` broke UBIFS debugging messages: before that commit when UBIFS debugging was enabled, users saw few useful debugging messages after mount. However, that patch turned 'dbg_msg()' into 'pr_debug()', so to enable the debugging messages users have to enable them first via /sys/kernel/debug/dynamic_debug/control, which is very impractical. This commit makes 'dbg_msg()' to use 'printk()' instead of 'pr_debug()', just as it was before the breakage. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:25 -08:00
Richard Weinberger	f15be6f6ce	UBI: make vid_hdr non-static commit `6bdccffe8c` upstream. Remove 'static' modifier from the 'vid_hdr' local variable. I do not know how it slipped in, but this is a bug and will break UBI if someone attaches 2 UBI volumes at the same time. Artem: amended teh commit message, added -stable. Signed-off-by: Richard Weinberger <rw@linutronix.de> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:25 -08:00
Artem Bityutskiy	a6027dbd01	UBI: fix debugging messages commit `72f0d453d8` upstream. Patch `ab50ff6847` broke UBI debugging messages: before that commit when UBI debugging was enabled, users saw few useful debugging messages after attaching an MTD device. However, that patch turned 'dbg_msg()' into 'pr_debug()', so to enable the debugging messages users have to enable them first via /sys/kernel/debug/dynamic_debug/control, which is very impractical. This commit makes 'dbg_msg()' to use 'printk()' instead of 'pr_debug()', just as it was before the breakage. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:25 -08:00
Richard Weinberger	9a9cc2b976	UBI: fix nameless volumes handling commit `4a59c797a1` upstream. Currently it's possible to create a volume without a name. E.g: ubimkvol -n 32 -s 2MiB -t static /dev/ubi0 -N "" After that vtbl_check() will always fail because it does not permit empty strings. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:24 -08:00
Ludwig Nussel	5b781fb93a	x86: Fix mmap random address range commit `9af0c7a6fa` upstream. On x86_32 casting the unsigned int result of get_random_int() to long may result in a negative value. On x86_32 the range of mmap_rnd() therefore was -255 to 255. The 32bit mode on x86_64 used 0 to 255 as intended. The bug was introduced by `675a081` ("x86: unify mmap_{32\|64}.c") in January 2008. Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: harvey.harrison@gmail.com Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Link: http://lkml.kernel.org/r/201111152246.pAFMklOB028527@wpaz5.hot.corp.google.com Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:24 -08:00
KAMEZAWA Hiroyuki	e6e6e8cd34	memcg: add mem_cgroup_replace_page_cache() to fix LRU issue commit `ab936cbcd0` upstream. Commit `ef6a3c6311` ("mm: add replace_page_cache_page() function") added a function replace_page_cache_page(). This function replaces a page in the radix-tree with a new page. WHen doing this, memory cgroup needs to fix up the accounting information. memcg need to check PCG_USED bit etc. In some(many?) cases, 'newpage' is on LRU before calling replace_page_cache(). So, memcg's LRU accounting information should be fixed, too. This patch adds mem_cgroup_replace_page_cache() and removes the old hooks. In that function, old pages will be unaccounted without touching res_counter and new page will be accounted to the memcg (of old page). WHen overwriting pc->mem_cgroup of newpage, take zone->lru_lock and avoid races with LRU handling. Background: replace_page_cache_page() is called by FUSE code in its splice() handling. Here, 'newpage' is replacing oldpage but this newpage is not a newly allocated page and may be on LRU. LRU mis-accounting will be critical for memory cgroup because rmdir() checks the whole LRU is empty and there is no account leak. If a page is on the other LRU than it should be, rmdir() will fail. This bug was added in March 2011, but no bug report yet. I guess there are not many people who use memcg and FUSE at the same time with upstream kernels. The result of this bug is that admin cannot destroy a memcg because of account leak. So, no panic, no deadlock. And, even if an active cgroup exist, umount can succseed. So no problem at shutdown. Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Michal Hocko <mhocko@suse.cz> Cc: Miklos Szeredi <mszeredi@suse.cz> Cc: Hugh Dickins <hughd@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:23 -08:00
Rajkumar Manoharan	c9bc8b3164	ath9k: Fix regression in channelwidth switch at the same channel commit `1a19f77f36` upstream. The commit "ath9k: Fix invalid noisefloor reading due to channel update" preserves the current channel noisefloor readings before updating channel type at the same channel index. It is also updating the curchan pointer. As survey updation is also referring curchan pointer to fetch the appropriate index, which might leads to invalid memory access. This patch partially reverts the change and stores the noise floor history buffer before updating channel type w/o updating curchan. Cc: Gary Morain <gmorain@google.com> Cc: Paul Stewart <pstew@google.com> Reported-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:23 -08:00
Stanislaw Gruszka	62b2e1674e	mac80211: fix rx->key NULL pointer dereference in promiscuous mode commit `1140afa862` upstream. Since: commit `816c04fe7e` Author: Christian Lamparter <chunkeey@googlemail.com> Date: Sat Apr 30 15:24:30 2011 +0200 mac80211: consolidate MIC failure report handling is possible to that we dereference rx->key == NULL when driver set RX_FLAG_MMIC_STRIPPED and not RX_FLAG_IV_STRIPPED and we are in promiscuous mode. This happen with rt73usb and rt61pci at least. Before the commit we always check rx->key against NULL, so I assume fix should be done in mac80211 (also mic_fail path has similar check). References: https://bugzilla.redhat.com/show_bug.cgi?id=769766 http://rt2x00.serialmonkey.com/pipermail/users_rt2x00.serialmonkey.com/2012-January/004395.html Reported-by: Stuart D Gathman <stuart@gathman.org> Reported-by: Kai Wohlfahrt <kai.scorpio@gmail.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:23 -08:00
Larry Finger	8bf3ae0e91	rtl8192se: Fix BUG caused by failure to check skb allocation commit `d90db4b12b` upstream. When downloading firmware into the device, the driver fails to check the return when allocating an skb. When the allocation fails, a BUG can be generated, as seen in https://bugzilla.redhat.com/show_bug.cgi?id=771656. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:23 -08:00
Fabio Estevam	c656fce141	include/linux/crash_dump.h needs elf.h commit `1f536b9e9f` upstream. Building an ARM target we get the following warnings: CC arch/arm/kernel/setup.o In file included from arch/arm/kernel/setup.c:39: arch/arm/include/asm/elf.h:102:1: warning: "vmcore_elf64_check_arch" redefined In file included from arch/arm/kernel/setup.c:24: include/linux/crash_dump.h:30:1: warning: this is the location of the previous definition Quoting Russell King: "linux/crash_dump.h makes no attempt to include asm/elf.h, but it depends on stuff in asm/elf.h to determine how stuff inside this file is defined at parse time. So, if asm/elf.h is included after linux/crash_dump.h or not at all, you get a different result from the situation where asm/elf.h is included before." So add elf.h header to crash_dump.h to avoid this problem. The original discussion about this can be found at: http://www.spinics.net/lists/arm-kernel/msg154113.html Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:22 -08:00
Jussi Kivilinna	197d67f122	asix: fix setting custom MAC address on Asix 88772 devices commit `8ef66bdc4b` upstream. In kernel v3.2 initialization sequence for Asix 88772 devices was changed so that hardware is reseted on every time interface is brought up (ifconfig up), instead just at USB probe time. This causes problem with setting custom MAC address to device as ax88772_reset causes reload of MAC address from EEPROM. This patch fixes the issue by rewriting MAC address at end of ax88772_reset. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: Grant Grundler <grundler@chromium.org> Cc: Allan Chou <allan@asix.com.tw> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:22 -08:00
Jussi Kivilinna	fcf99ac631	asix: fix setting custom MAC address on Asix 88178 devices commit `71bc5d9406` upstream. In kernel v3.2 initialization sequence for Asix 88178 devices was changed so that hardware is reseted on every time interface is brought up (ifconfig up), instead just at USB probe time. This causes problem with setting custom MAC address to device as ax88178_reset causes reload of MAC address from EEPROM. This patch fixes the issue by rewriting MAC address at end of ax88178_reset. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: Grant Grundler <grundler@chromium.org> Cc: Allan Chou <allan@asix.com.tw> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:21 -08:00
Bjorn Helgaas	40cfe76cac	PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB commit `eb31aae8cb` upstream. Some Dell BIOSes have MCFG tables that don't report the entire MMCONFIG area claimed by the chipset. If we move PCI devices into that claimed-but-unreported area, they don't work. This quirk reads the AMD MMCONFIG MSRs and adds PNP0C01 resources as needed to cover the entire area. Example problem scenario: BIOS-e820: 00000000cfec5400 - 00000000d4000000 (reserved) Fam 10h mmconf [d0000000, dfffffff] PCI: MMCONFIG for domain 0000 [bus 00-3f] at [mem 0xd0000000-0xd3ffffff] (base 0xd0000000) pnp 00:0c: [mem 0xd0000000-0xd3ffffff] pci 0000:00:12.0: reg 10: [mem 0xffb00000-0xffb00fff] pci 0000:00:12.0: no compatible bridge window for [mem 0xffb00000-0xffb00fff] pci 0000:00:12.0: BAR 0: assigned [mem 0xd4000000-0xd40000ff] Reported-by: Lisa Salimbas <lisa.salimbas@canonical.com> Reported-by: <thuban@singularity.fr> Tested-by: dann frazier <dann.frazier@canonical.com> References: https://bugzilla.kernel.org/show_bug.cgi?id=31602 References: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/647043 References: https://bugzilla.redhat.com/show_bug.cgi?id=770308 Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:21 -08:00
Eric Dumazet	65722fdd70	slub: fix a possible memleak in __slab_alloc() commit `73736e0387` upstream. Zhihua Che reported a possible memleak in slub allocator on CONFIG_PREEMPT=y builds. It is possible current thread migrates right before disabling irqs in __slab_alloc(). We must check again c->freelist, and perform a normal allocation instead of scratching c->freelist. Many thanks to Zhihua Che for spotting this bug, introduced in 2.6.39 V2: Its also possible an IRQ freed one (or several) object(s) and populated c->freelist, so its not a CONFIG_PREEMPT only problem. Reported-by: Zhihua Che <zhihua.che@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Christoph Lameter <cl@linux.com> Signed-off-by: Pekka Enberg <penberg@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:21 -08:00
Roberto Sassu	858452ff41	ima: fix invalid memory reference commit `7b7e5916aa` upstream. Don't free a valid measurement entry on TPM PCR extend failure. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:21 -08:00
Roberto Sassu	4483c1f05a	ima: free duplicate measurement memory commit `45fae74939` upstream. Info about new measurements are cached in the iint for performance. When the inode is flushed from cache, the associated iint is flushed as well. Subsequent access to the inode will cause the inode to be re-measured and will attempt to add a duplicate entry to the measurement list. This patch frees the duplicate measurement memory, fixing a memory leak. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:20 -08:00
NeilBrown	45c5b2b95f	md/raid1: perform bad-block tests for WriteMostly devices too. commit `307729c8bc` upstream. We normally try to avoid reading from write-mostly devices, but when we do we really have to check for bad blocks and be sure not to try reading them. With the current code, best_good_sectors might not get set and that causes zero-length read requests to be send down which is very confusing. This bug was introduced in commit `d2eb35acfd` and so the patch is suitable for 3.1.x and 3.2.x Reported-and-tested-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> Reported-and-tested-by: Art -kwaak- van Breemen <ard@telegraafnet.nl> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:20 -08:00
Ian Campbell	ee1f334f2f	xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. commit `9e7860cee1` upstream. Haogang Chen found out that: There is a potential integer overflow in process_msg() that could result in cross-domain attack. body = kmalloc(msg->hdr.len + 1, GFP_NOIO \| __GFP_HIGH); When a malicious guest passes 0xffffffff in msg->hdr.len, the subsequent call to xb_read() would write to a zero-length buffer. The other end of this connection is always the xenstore backend daemon so there is no guest (malicious or otherwise) which can do this. The xenstore daemon is a trusted component in the system. However this seem like a reasonable robustness improvement so we should have it. And Ian when read the API docs found that: The payload length (len field of the header) is limited to 4096 (XENSTORE_PAYLOAD_MAX) in both directions. If a client exceeds the limit, its xenstored connection will be immediately killed by xenstored, which is usually catastrophic from the client's point of view. Clients (particularly domains, which cannot just reconnect) should avoid this. so this patch checks against that instead. This also avoids a potential integer overflow pointed out by Haogang Chen. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Haogang Chen <haogangchen@gmail.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:19 -08:00
nagalakshmi.nandigama@lsi.com	312544d8ea	SCSI: mpt2sas : Fix for memory allocation error for large host credits commit `aff132d95f` upstream. The amount of memory required for tracking chain buffers is rather large, and when the host credit count is big, memory allocation failure occurs inside __get_free_pages. The fix is to limit the number of chains to 100,000. In addition, the number of host credits is limited to 30,000 IOs. However this limitation can be overridden this using the command line option max_queue_depth. The algorithm for calculating the reply_post_queue_depth is changed so that it is equal to (reply_free_queue_depth + 16), previously it was (reply_free_queue_depth * 2). Signed-off-by: Nagalakshmi Nandigama <nagalakshmi.nandigama@lsi.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:19 -08:00
nagalakshmi.nandigama@lsi.com	7af050182f	SCSI: mpt2sas: Release spinlock for the raid device list before blocking it commit `30c43282f3` upstream. Added code to release the spinlock that is used to protect the raid device list before calling a function that can block. The blocking was causing a reschedule, and subsequently it is tried to acquire the same lock, resulting in a panic (NMI Watchdog detecting a CPU lockup). Signed-off-by: Nagalakshmi Nandigama <nagalakshmi.nandigama@lsi.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:19 -08:00
Bjorn Helgaas	8caedf258f	x86/PCI: build amd_bus.o only when CONFIG_AMD_NB=y commit `5cf9a4e69c` upstream. We only need amd_bus.o for AMD systems with PCI. arch/x86/pci/Makefile already depends on CONFIG_PCI=y, so this patch just adds the dependency on CONFIG_AMD_NB. Cc: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:18 -08:00
Bjorn Helgaas	dc106336ae	x86/PCI: amd: factor out MMCONFIG discovery commit `24d25dbfa6` upstream. This factors out the AMD native MMCONFIG discovery so we can use it outside amd_bus.c. amd_bus.c reads AMD MSRs so it can remove the MMCONFIG area from the PCI resources. We may also need the MMCONFIG information to work around BIOS defects in the ACPI MCFG table. Cc: Borislav Petkov <borislav.petkov@amd.com> Cc: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:18 -08:00
Gary Hade	11d4681a71	x86/PCI: Ignore CPU non-addressable _CRS reserved memory resources commit `ae5cd86455` upstream. This assures that a _CRS reserved host bridge window or window region is not used if it is not addressable by the CPU. The new code either trims the window to exclude the non-addressable portion or totally ignores the window if the entire window is non-addressable. The current code has been shown to be problematic with 32-bit non-PAE kernels on systems where _CRS reserves resources above 4GB. Signed-off-by: Gary Hade <garyhade@us.ibm.com> Reviewed-by: Bjorn Helgaas <bhelgaas@google.com> Cc: Thomas Renninger <trenn@novell.com> Cc: linux-kernel@vger.kernel.org Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:18 -08:00
Eric W. Biederman	0a2a71a594	PCI: msi: Disable msi interrupts when we initialize a pci device commit `a776c491ca` upstream. I traced a nasty kexec on panic boot failure to the fact that we had screaming msi interrupts and we were not disabling the msi messages at kernel startup. The booting kernel had not enabled those interupts so was not prepared to handle them. I can see no reason why we would ever want to leave the msi interrupts enabled at boot if something else has enabled those interrupts. The pci spec specifies that msi interrupts should be off by default. Drivers are expected to enable the msi interrupts if they want to use them. Our interrupt handling code reprograms the interrupt handlers at boot and will not be be able to do anything useful with an unexpected interrupt. This patch applies cleanly all of the way back to 2.6.32 where I noticed the problem. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:18 -08:00
Alex Williamson	c1c3cd99e1	PCI: Fix PCI_EXP_TYPE_RC_EC value commit `1830ea91c2` upstream. Spec shows this as 1010b = 0xa Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:17 -08:00
Artem Bityutskiy	50bc9144d4	UBI: fix use-after-free on error path commit `e57e0d8e81` upstream. When we fail to erase a PEB, we free the corresponding erase entry object, but then re-schedule this object if the error code was something like -EAGAIN. Obviously, it is a bug to use the object after we have freed it. Reported-by: Emese Revfy <re.emese@gmail.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:17 -08:00
Bhavesh Parekh	73461014f2	UBI: fix missing scrub when there is a bit-flip commit `e801e128b2` upstream. Under some cases, when scrubbing the PEB if we did not get the lock on the PEB it fails to scrub. Add that PEB again to the scrub list Artem: minor amendments. Signed-off-by: Bhavesh Parekh <bparekh@nvidia.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:17 -08:00
David Herrmann	51437e46e2	HID: wiimote: Select INPUT_FF_MEMLESS commit `ef6f41157f` upstream. We depend on memless force-feedback support, therefore correctly select the related config options. Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:16 -08:00
Chase Douglas	44b39e3bed	HID: bump maximum global item tag report size to 96 bytes commit `e46e927b9b` upstream. This allows the latest N-Trig devices to function properly. BugLink: https://bugs.launchpad.net/bugs/724831 Signed-off-by: Chase Douglas <chase.douglas@canonical.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:16 -08:00
Jeff Layton	7462f4ae18	nfs: fix regression in handling of context= option in NFSv4 commit `8a0d551a59` upstream. Setting the security context of a NFSv4 mount via the context= mount option is currently broken. The NFSv4 codepath allocates a parsed options struct, and then parses the mount options to fill it. It eventually calls nfs4_remote_mount which calls security_init_mnt_opts. That clobbers the lsm_opts struct that was populated earlier. This bug also looks like it causes a small memory leak on each v4 mount where context= is used. Fix this by moving the initialization of the lsm_opts into nfs_alloc_parsed_mount_data. Also, add a destructor for nfs_parsed_mount_data to make it easier to free all of the allocations hanging off of it, and to ensure that the security_free_mnt_opts is called whenever security_init_mnt_opts is. I believe this regression was introduced quite some time ago, probably by commit `c02d7adf`. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:16 -08:00
Andy Adamson	628fc192ad	NFSv4: include bitmap in nfsv4 get acl data commit `bf118a342f` upstream. The NFSv4 bitmap size is unbounded: a server can return an arbitrary sized bitmap in an FATTR4_WORD0_ACL request. Replace using the nfs4_fattr_bitmap_maxsz as a guess to the maximum bitmask returned by a server with the inclusion of the bitmap (xdr length plus bitmasks) and the acl data xdr length to the (cached) acl page data. This is a general solution to commit `e5012d1f` "NFSv4.1: update nfs4_fattr_bitmap_maxsz" and fixes hitting a BUG_ON in xdr_shrink_bufhead when getting ACLs. Fix a bug in decode_getacl that returned -EINVAL on ACLs > page when getxattr was called with a NULL buffer, preventing ACL > PAGE_SIZE from being retrieved. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:15 -08:00
NeilBrown	42a50a9815	NFS - fix recent breakage to NFS error handling. commit `2edb6bc385` upstream. From c6d615d2b97fe305cbf123a8751ced859dca1d5e Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb@suse.de> Date: Wed, 16 Nov 2011 09:39:05 +1100 Subject: NFS - fix recent breakage to NFS error handling. commit `02c24a8218` made a small and presumably unintended change to write error handling in NFS. Previously an error from filemap_write_and_wait_range would only be of interest if nfs_file_fsync did not return an error. After this commit, an error from filemap_write_and_wait_range would mean that (the rest of) nfs_file_fsync would not even be called. This means that: 1/ you are more likely to see EIO than e.g. EDQUOT or ENOSPC. 2/ NFS_CONTEXT_ERROR_WRITE remains set for longer so more writes are synchronous. This patch restores previous behaviour. Cc: Josef Bacik <josef@redhat.com> Cc: Jan Kara <jack@suse.cz> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:15 -08:00
Andy Adamson	cf3781f0c3	NFSv4.1: fix backchannel slotid off-by-one bug commit `61f2e51065` upstream. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:14 -08:00
Chuck Lever	873829e045	NFS: Retry mounting NFSROOT commit `43717c7dae` upstream. Lukas Razik <linux@razik.name> reports that on his SPARC system, booting with an NFS root file system stopped working after commit `56463e50` "NFS: Use super.c for NFSROOT mount option parsing." We found that the network switch to which Lukas' client was attached was delaying access to the LAN after the client's NIC driver reported that its link was up. The delay was longer than the timeouts used in the NFS client during mounting. NFSROOT worked for Lukas before commit `56463e50` because in those kernels, the client's first operation was an rpcbind request to determine which port the NFS server was listening on. When that request failed after a long timeout, the client simply selected the default NFS port (2049). By that time the switch was allowing access to the LAN, and the mount succeeded. Neither of these client behaviors is desirable, so reverting `56463e50` is really not a choice. Instead, introduce a mechanism that retries the NFSROOT mount request several times. This is the same tactic that normal user space NFS mounts employ to overcome server and network delays. Signed-off-by: Lukas Razik <linux@razik.name> [ cel: match kernel coding style, add proper patch description ] [ cel: add exponential back-off ] Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Tested-by: Lukas Razik <linux@razik.name> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:14 -08:00
Boaz Harrosh	8a272277cb	pnfs-obj: Must return layout on IO error commit `fe0fe83585` upstream. As mandated by the standard. In case of an IO error, a pNFS objects layout driver must return it's layout. This is because all device errors are reported to the server as part of the layout return buffer. This is implemented the same way PNFS_LAYOUTRET_ON_SETATTR is done, through a bit flag on the pnfs_layoutdriver_type->flags member. The flag is set by the layout driver that wants a layout_return preformed at pnfs_ld_{write,read}_done in case of an error. (Though I have not defined a wrapper like pnfs_ld_layoutret_on_setattr because this code is never called outside of pnfs.c and pnfs IO paths) Without this patch 3.[0-2] Kernels leak memory and have an annoying WARN_ON after every IO error utilizing the pnfs-obj driver. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:13 -08:00
Boaz Harrosh	246a6b5724	pnfs-obj: pNFS errors are communicated on iodata->pnfs_error commit `5c0b4129c0` upstream. Some time along the way pNFS IO errors were switched to communicate with a special iodata->pnfs_error member instead of the regular RPC members. But objlayout was not switched over. Fix that! Without this fix any IO error is hanged, because IO is not switched to MDS and pages are never cleared or read. [Applies to 3.2.0. Same bug different patch for 3.1/0 Kernels] Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:13 -08:00
Michel Dänzer	27bdee9ac3	radeon: Fix disabling PCI bus mastering on big endian hosts. commit `3df96909b7` upstream. It would previously write basically random bits to PCI configuration space... Not very surprising that the GPU tended to stop responding completely. The resulting MCE even froze the whole machine sometimes. Now resetting the GPU after a lockup has at least a fighting chance of succeeding. Signed-off-by: Michel Dänzer <michel.daenzer@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:12 -08:00
Alex Deucher	7ca755c00a	drm/radeon/kms: disable writeback on pre-R300 asics commit `28eebb703e` upstream. We often end up missing fences on older asics with writeback enabled which leads to delays in the userspace accel code, so just disable it by default on those asics. Reported-by: Helge Deller <deller@gmx.de> Reported-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:12 -08:00
Rafał Miłecki	d21e9677f8	drm/radeon/kms: workaround invalid AVI infoframe checksum issue commit `92db7f6c86` upstream. This change was verified to fix both issues with no video I've investigated. I've also checked checksum calculation with fglrx on: RV620, HD54xx, HD5450, HD6310, HD6320. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:11 -08:00
Takashi Iwai	c2a3399e46	ALSA: hda - Fix the lost power-setup of seconary pins after PM resume commit `f2cbba7602` upstream. When multiple headphone or other detectable output pins are present, the power-map has to be updated after resume appropriately, but the current driver doesn't check all pins but only the first pin (since it's enough to check it for the mute-behavior). This resulted in the silent output from the secondary outputs after PM resume. This patch fixes the problem by checking all pins at (re-)init time. Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=740347 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:11 -08:00
Takashi Iwai	0c7fe97698	ALSA: hda - Fix the detection of "Loopback Mixing" control for VIA codecs commit `4808d12d1d` upstream. Currently the driver checks only the out_mix_path[] for the primary output route for judging whether to create the loopback-mixing control or not. But, there are cases where aamix-routing is available only on headphone or speaker paths but not on the primary output path. So, the driver ignores such cases inappropriately. This patch fixes the check of the loopback-mixing control by testing all mix-routing paths. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:10 -08:00
Takashi Iwai	6dcb7c2f7d	ALSA: hda - Return the error from get_wcaps_type() for invalid NIDs commit `3a90274de3` upstream. When an invalid NID is given, get_wcaps() returns zero as the error, but get_wcaps_type() takes it as the normal value and returns a bogus AC_WID_AUD_OUT value. This confuses the parser. With this patch, get_wcaps_type() returns -1 when value 0 is given, i.e. an invalid NID is passed to get_wcaps(). Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=740118 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:10 -08:00
Takashi Iwai	ecb40a3ada	ALSA: hda - Use auto-parser for HP laptops with cx20459 codec commit `de4da59e48` upstream. These laptops can work well with the auto-parser and their BIOS setups, and in addition, the auto-parser fixes the problem with S3/S4 where the unsol event handling is killed after resume due to fallback to the single-cmd mode. Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=740115 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:09 -08:00
Takashi Iwai	b4133832cf	ALSA: usb-audio - Avoid flood of frame-active debug messages commit `80c8a2a372` upstream. With some buggy devices, the usb-audio driver may give "frame xxx active" kernel messages too often. Better to keep it as debug-only using snd_printdd(), and also add the rate-limit for avoiding floods. Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=738681 Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:09 -08:00
Pavel Hofman	662a1ccf42	ALSA: ice1724 - Check for ac97 to avoid kernel oops commit `e7848163aa` upstream. Cards with identical PCI ids but no AC97 config in EEPROM do not have the ac97 field initialized. We must check for this case to avoid kernel oops. Signed-off-by: Pavel Hofman <pavel.hofman@ivitera.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:09 -08:00
David Henningsson	c3353b061d	ALSA: HDA: Fix automute for Cirrus Logic 421x commit `78e2a928e3` upstream. There was a bug in the automute logic causing speakers not to mute when headphones were plugged in. Tested-by: Hsin-Yi Chen <hychen@canonical.com> Signed-off-by: David Henningsson <david.henningsson@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:08 -08:00
David Henningsson	54e9649c27	ALSA: HDA: Fix master control for Cirrus Logic 421X commit `40d03e63e9` upstream. The control name "HP/Speakers" is non-standard, and since there is only one DAC on this chip there is no need for a virtual master anyway. Signed-off-by: David Henningsson <david.henningsson@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:08 -08:00
Karsten Wiese	634cc98dde	ALSA: snd-usb-us122l: Delete calls to preempt_disable commit `d0f3a2eb90` upstream. They are not needed here. Signed-off-by: Karsten Wiese <fzu@wemgehoertderstaat.de> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:08 -08:00
Xi Wang	e2860111ea	ext4: fix undefined behavior in ext4_fill_flex_info() commit `d50f2ab6f0` upstream. Commit `503358ae01` ("ext4: avoid divide by zero when trying to mount a corrupted file system") fixes CVE-2009-4307 by performing a sanity check on s_log_groups_per_flex, since it can be set to a bogus value by an attacker. sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex; groups_per_flex = 1 << sbi->s_log_groups_per_flex; if (groups_per_flex < 2) { ... } This patch fixes two potential issues in the previous commit. 1) The sanity check might only work on architectures like PowerPC. On x86, 5 bits are used for the shifting amount. That means, given a large s_log_groups_per_flex value like 36, groups_per_flex = 1 << 36 is essentially 1 << 4 = 16, rather than 0. This will bypass the check, leaving s_log_groups_per_flex and groups_per_flex inconsistent. 2) The sanity check relies on undefined behavior, i.e., oversized shift. A standard-confirming C compiler could rewrite the check in unexpected ways. Consider the following equivalent form, assuming groups_per_flex is unsigned for simplicity. groups_per_flex = 1 << sbi->s_log_groups_per_flex; if (groups_per_flex == 0 \|\| groups_per_flex == 1) { We compile the code snippet using Clang 3.0 and GCC 4.6. Clang will completely optimize away the check groups_per_flex == 0, leaving the patched code as vulnerable as the original. GCC keeps the check, but there is no guarantee that future versions will do the same. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:07 -08:00
Djalal Harouni	19800ba524	ext4: add missing ext4_resize_end on error paths commit `014a177037` upstream. Online resize ioctls 'EXT4_IOC_GROUP_EXTEND' and 'EXT4_IOC_GROUP_ADD' call ext4_resize_begin() to check permissions and to set the EXT4_RESIZING bit lock, they do their work and they must finish with ext4_resize_end() which calls clear_bit_unlock() to unlock and to avoid -EBUSY errors for the next resize operations. This patch adds the missing ext4_resize_end() calls on error paths. Patch tested. Signed-off-by: Djalal Harouni <tixxdz@opendz.org> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:07 -08:00
Ben Hutchings	36a8176166	drivers/rtc/interface.c: fix alarm rollover when day or month is out-of-range commit `e74a8f2edb` upstream. Commit `f44f7f96a2` ("RTC: Initialize kernel state from RTC") introduced a potential infinite loop. If an alarm time contains a wildcard month and an invalid day (> 31), or a wildcard year and an invalid month (>= 12), the loop searching for the next matching date will never terminate. Treat the invalid values as wildcards. Fixes <http://bugs.debian.org/646429>, <http://bugs.debian.org/653331> Reported-by: leo weppelman <leoweppelman@googlemail.com> Reported-by: "P. van Gaans" <mailme667@yahoo.co.uk> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Cc: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: Marcelo Roberto Jimenez <mroberto@cpti.cetuc.puc-rio.br> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: John Stultz <john.stultz@linaro.org> Acked-by: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:06 -08:00
Wolfram Sang	0fbc846f71	mtd: tests: stresstest: bail out if device has not enough eraseblocks commit `2f4478ccff` upstream. stresstest needs at least two eraseblocks. Bail out gracefully if that condition is not met. Fixes the following 'division by zero' OOPS: [ 619.100000] mtd_stresstest: MTD device size 131072, eraseblock size 131072, page size 2048, count of eraseblocks 1, pages per eraseblock 64, OOB size 64 [ 619.120000] mtd_stresstest: scanning for bad eraseblocks [ 619.120000] mtd_stresstest: scanned 1 eraseblocks, 0 are bad [ 619.130000] mtd_stresstest: doing operations [ 619.130000] mtd_stresstest: 0 operations done [ 619.140000] Division by zero in kernel. ... caused by /* Read or write up 2 eraseblocks at a time - hence 'ebcnt - 1' */ eb %= (ebcnt - 1); Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:06 -08:00
Brian Norris	4eb4226e5e	mtd: mtd_blkdevs: don't increase 'open' count on error path commit `342ff28f5a` upstream. Some error paths in mtd_blkdevs were fixed in the following commit: commit `94735ec404` mtd: mtd_blkdevs: fix error path in blktrans_open But on these error paths, the block device's `dev->open' count is already incremented before we check for errors. This meant that, while the error path was handled correctly on the first time through blktrans_open(), the device is erroneously considered already open on the second time through. This problem can be seen, for instance, when a UBI volume is simultaneously mounted as a UBIFS partition and read through its corresponding gluebi mtdblockX device. This results in blktrans_open() passing its error checks (with `dev->open > 0') without actually having a handle on the device. Here's a summarized log of the actions and results with nandsim: # modprobe nandsim # modprobe mtdblock # modprobe gluebi # modprobe ubifs # ubiattach /dev/ubi_ctrl -m 0 ... # ubimkvol /dev/ubi0 -N test -s 16MiB ... # mount -t ubifs ubi0:test /mnt # ls /dev/mtdblock* /dev/mtdblock0 /dev/mtdblock1 # cat /dev/mtdblock1 > /dev/null cat: can't open '/dev/mtdblock4': Device or resource busy # cat /dev/mtdblock1 > /dev/null CPU 0 Unable to handle kernel paging request at virtual address fffffff0, epc == 8031536c, ra == 8031f280 Oops[#1]: ... Call Trace: [<8031536c>] ubi_leb_read+0x14/0x164 [<8031f280>] gluebi_read+0xf0/0x148 [<802edba8>] mtdblock_readsect+0x64/0x198 [<802ecfe4>] mtd_blktrans_thread+0x330/0x3f4 [<8005be98>] kthread+0x88/0x90 [<8000bc04>] kernel_thread_helper+0x10/0x18 Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:05 -08:00
Roman Tereshonkov	fc3bd1ff1d	mtd: mtdoops: skip reading initially bad blocks commit `3538c56329` upstream. Use block_isbad to check and skip the bad blocks reading. This will allow to get rid of the read errors if bad blocks are present initially. Signed-off-by: Roman Tereshonkov <roman.tereshonkov@nokia.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:05 -08:00
Roman Tereshonkov	bf77ff6f97	mtdoops: fix the oops_page_used array size commit `556f063580` upstream. The array of unsigned long pointed by oops_page_used is allocated by vmalloc which requires the size to be in bytes. BITS_PER_LONG is equal to 32. If we want to allocate memory for 32 pages with one bit per page then 32 / BITS_PER_LONG is equal to 1 byte that is 8 bits. To fix it we need to multiply the result by sizeof(unsigned long) equal to 4. Signed-off-by: Roman Tereshonkov <roman.tereshonkov@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-25 16:13:05 -08:00
Greg Kroah-Hartman	b8ed9e5b8c	Linux 3.2.1	2012-01-12 11:42:45 -08:00
Xi Wang	da777f649c	xfs: fix acl count validation in xfs_acl_from_disk() commit `093019cf1b` upstream. Commit `fa8b18ed` didn't prevent the integer overflow and possible memory corruption. "count" can go negative and bypass the check. Signed-off-by: Xi Wang <xi.wang@gmail.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Ben Myers <bpm@sgi.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:46 -08:00
Thilo-Alexander Ginkel	f9fd8d6232	usb: cdc-acm: Fix acm_tty_hangup() vs. acm_tty_close() race [Not upstream as it was fixed differently for 3.3 with a much more "intrusive" rework of the driver - gregkh] There is a race condition involving acm_tty_hangup() and acm_tty_close() where hangup() would attempt to access tty->driver_data without proper locking and NULL checking after close() has potentially already set it to NULL. One possibility to (sporadically) trigger this behavior is to perform a suspend/resume cycle with a running WWAN data connection. This patch addresses the issue by introducing a NULL check for tty->driver_data in acm_tty_hangup() protected by open_mutex and exiting gracefully when hangup() is invoked on a device that has already been closed. Signed-off-by: Thilo-Alexander Ginkel <thilo@ginkel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:46 -08:00
stephen hemminger	f60d8cd0b0	bonding: fix error handling if slave is busy (v2) commit `f7d9821a6a` upstream. If slave device already has a receive handler registered, then the error unwind of bonding device enslave function is broken. The following will leave a pointer to freed memory in the slave device list, causing a later kernel panic. # modprobe dummy # ip li add dummy0-1 link dummy0 type macvlan # modprobe bonding # echo +dummy0 >/sys/class/net/bond0/bonding/slaves The fix is to detach the slave (which removes it from the list) in the unwind path. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Reviewed-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:45 -08:00
Aurelien Jacobs	4a75c21908	asix: fix infinite loop in rx_fixup() commit `6c15d74def` upstream. At this point if skb->len happens to be 2, the subsequant skb_pull(skb, 4) call won't work and the skb->len won't be decreased and won't ever reach 0, resulting in an infinite loop. With an ASIX 88772 under heavy load, without this patch, rx_fixup() reaches an infinite loop in less than a minute. With this patch applied, no infinite loop even after hours of heavy load. Signed-off-by: Aurelien Jacobs <aurel@gnuage.org> Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: David S. Miller <davem@davemloft.net>	2012-01-12 11:29:44 -08:00
Ben Hutchings	25c413ad00	igmp: Avoid zero delay when receiving odd mixture of IGMP queries commit `a8c1f65c79` upstream. Commit `5b7c840667` ('ipv4: correct IGMP behavior on v3 query during v2-compatibility mode') added yet another case for query parsing, which can result in max_delay = 0. Substitute a value of 1, as in the usual v3 case. Reported-by: Simon McVittie <smcv@debian.org> References: http://bugs.debian.org/654876 Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>	2012-01-12 11:29:44 -08:00
Felipe Balbi	d2570fc048	usb: ch9: fix up MaxStreams helper commit `18b7ede5f7` upstream. [ removed the dwc3 portion of the patch as it didn't apply to older kernels - gregkh] According to USB 3.0 Specification Table 9-22, if bmAttributes [4:0] are set to zero, it means "no streams supported", but the way this helper was defined on Linux, we will always have one stream which might cause several problems. For example on DWC3, we would tell the controller endpoint has streams enabled and yet start transfers with Stream ID set to 0, which would goof up the host side. While doing that, convert the macro to an inline function due to the different checks we now need. Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:43 -08:00
Hans de Goede	5b511b7833	xhci: Properly handle COMP_2ND_BW_ERR commit `71d85724bd` upstream. I encountered a result of COMP_2ND_BW_ERR while improving how the pwc webcam driver handles not having the full usb1 bandwidth available to itself. I created the following test setup, a NEC xhci controller with a single TT USB 2 hub plugged into it, with a usb keyboard and a pwc webcam plugged into the usb2 hub. This caused the following to show up in dmesg when trying to stream from the pwc camera at its highest alt setting: xhci_hcd 0000:01:00.0: ERROR: unexpected command completion code 0x23. usb 6-2.1: Not enough bandwidth for altsetting 9 And usb_set_interface returned -EINVAL, which caused my pwc code to not do the right thing as it expected -ENOSPC. This patch makes the xhci driver properly handle COMP_2ND_BW_ERR and makes usb_set_interface return -ENOSPC as expected. This should be backported to stable kernels as old as 2.6.32. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:43 -08:00
Clemens Ladisch	4781ace0dd	usb: fix number of mapped SG DMA entries commit `bc677d5b64` upstream. Add a new field num_mapped_sgs to struct urb so that we have a place to store the number of mapped entries and can also retain the original value of entries in num_sgs. Previously, usb_hcd_map_urb_for_dma() would overwrite this with the number of mapped entries, which would break dma_unmap_sg() because it requires the original number of entries. This fixes warnings like the following when using USB storage devices: ------------[ cut here ]------------ WARNING: at lib/dma-debug.c:902 check_unmap+0x4e4/0x695() ehci_hcd 0000:00:12.2: DMA-API: device driver frees DMA sg list with different entry count [map count=4] [unmap count=1] Modules linked in: ohci_hcd ehci_hcd Pid: 0, comm: kworker/0:1 Not tainted 3.2.0-rc2+ #319 Call Trace: <IRQ> [<ffffffff81036d3b>] warn_slowpath_common+0x80/0x98 [<ffffffff81036de7>] warn_slowpath_fmt+0x41/0x43 [<ffffffff811fa5ae>] check_unmap+0x4e4/0x695 [<ffffffff8105e92c>] ? trace_hardirqs_off+0xd/0xf [<ffffffff8147208b>] ? _raw_spin_unlock_irqrestore+0x33/0x50 [<ffffffff811fa84a>] debug_dma_unmap_sg+0xeb/0x117 [<ffffffff8137b02f>] usb_hcd_unmap_urb_for_dma+0x71/0x188 [<ffffffff8137b166>] unmap_urb_for_dma+0x20/0x22 [<ffffffff8137b1c5>] usb_hcd_giveback_urb+0x5d/0xc0 [<ffffffffa0000d02>] ehci_urb_done+0xf7/0x10c [ehci_hcd] [<ffffffffa0001140>] qh_completions+0x429/0x4bd [ehci_hcd] [<ffffffffa000340a>] ehci_work+0x95/0x9c0 [ehci_hcd] ... ---[ end trace f29ac88a5a48c580 ]--- Mapped at: [<ffffffff811faac4>] debug_dma_map_sg+0x45/0x139 [<ffffffff8137bc0b>] usb_hcd_map_urb_for_dma+0x22e/0x478 [<ffffffff8137c494>] usb_hcd_submit_urb+0x63f/0x6fa [<ffffffff8137d01c>] usb_submit_urb+0x2c7/0x2de [<ffffffff8137dcd4>] usb_sg_wait+0x55/0x161 Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:43 -08:00
Malte Schröder	d2758dc6e9	USB: Add USB-ID for Multiplex RC serial adapter to cp210x.c commit `08e87d0d77` upstream. Hi, below patch adds the USB-ID of the serial adapters sold by Multiplex RC (www.multiplex-rc.de). Signed-off-by: Malte Schröder <maltesch@gmx.de> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:42 -08:00
Janne Snabb	3ff8999cb9	usb: option: add ZD Incorporated HSPA modem commit `3c8c931671` upstream. Add support for Chinese Noname HSPA USB modem which is apparently manufactured by a company called ZD Incorporated (based on texts in the Windows drivers). This product is available at least from Dealextreme (SKU 80032) and possibly in India with name Olive V-MW250. It is based on Qualcomm MSM6280 chip. I needed to also add "options usb-storage quirks=0685:7000:i" in modprobe configuration because udevd or the kernel keeps poking the embedded fake-cd-rom which fails and causes the device to reset. There might be a better way to accomplish the same. usb_modeswitch is not needed with this device. Signed-off-by: Janne Snabb <snabb@epipe.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:42 -08:00
Johan Hovold	b4868343c4	USB: omninet: fix write_room commit `694c6301e5` upstream. Fix regression introduced by commit `507ca9bc04` ([PATCH] USB: add ability for usb-serial drivers to determine if their write urb is currently being used.) which inverted the logic in write_room so that it returns zero when the write urb is actually free. Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:41 -08:00
Felipe Contreras	945d49b38f	usb: musb: fix pm_runtime mismatch commit `772aed45b6` upstream. In musb_init_controller() there's a pm_runtime_put(), but there's no pm_runtime_get(), which creates a mismatch that causes the driver to sleep when it shouldn't. This was introduced in 7acc619[1], but it wasn't triggered in my setup until 18a2689[2] was merged to Linus' branch at point df0914[3]. IOW; when PM is working as it was supposed to. However, it seems most of the time this is used in a way that keeps the counter above 0, so nobody noticed. Also, it seems to depend on the configuration used in versions before 3.1, but not later (or in it). I found the problem by loading isp1704_charger before any usb gadgets: http://article.gmane.org/gmane.linux.kernel/1226122 All versions after 2.6.39 are affected. [1] usb: musb: Idle path retention and offmode support for OMAP3 [2] OMAP2+: musb: hwmod adaptation for musb registration [3] Merge branch 'omap-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6 Cc: Hema HK <hemahk@ti.com> Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Felipe Balbi <balbi@ti.com>	2012-01-12 11:29:41 -08:00
Oliver Neukum	dd857f5b4d	USB: add quirk for another camera commit `35284b3d2f` upstream. The Guillemot Webcam Hercules Dualpix Exchange camera has been reported with a second ID. Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:40 -08:00
Tanmay Upadhyay	966c248e66	USB: pxa168: Fix compilation error commit `35657c4d72` upstream. After commit `c430131a02` (Support controllers with big endian capability regs), HC_LENGTH takes two arguments. This patch fixes following compilation error: In file included from drivers/usb/host/ehci-hcd.c:1323: drivers/usb/host/ehci-pxa168.c:302:54: error: macro "HC_LENGTH" requires 2 arguments, but only 1 given In file included from drivers/usb/host/ehci-hcd.c:1323: drivers/usb/host/ehci-pxa168.c: In function 'ehci_pxa168_drv_probe': drivers/usb/host/ehci-pxa168.c:302: error: 'HC_LENGTH' undeclared (first use in this function) drivers/usb/host/ehci-pxa168.c:302: error: (Each undeclared identifier is reported only once drivers/usb/host/ehci-pxa168.c:302: error: for each function it appears in.) Signed-off-by: Tanmay Upadhyay <tanmay.upadhyay@einfochips.com> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:40 -08:00
Huajun Li	ab8887268c	usb: usb-storage doesn't support dynamic id currently, the patch disables the feature to fix an oops commit `1a3a026ba1` upstream. Echo vendor and product number of a non usb-storage device to usb-storage driver's new_id, then plug in the device to host and you will find following oops msg, the root cause is usb_stor_probe1() refers invalid id entry if giving a dynamic id, so just disable the feature. [ 3105.018012] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC [ 3105.018062] CPU 0 [ 3105.018075] Modules linked in: usb_storage usb_libusual bluetooth dm_crypt binfmt_misc snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep hp_wmi ppdev sparse_keymap snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device psmouse snd serio_raw tpm_infineon soundcore i915 snd_page_alloc tpm_tis parport_pc tpm tpm_bios drm_kms_helper drm i2c_algo_bit video lp parport usbhid hid sg sr_mod sd_mod ehci_hcd uhci_hcd usbcore e1000e usb_common floppy [ 3105.018408] [ 3105.018419] Pid: 189, comm: khubd Tainted: G I 3.2.0-rc7+ #29 Hewlett-Packard HP Compaq dc7800p Convertible Minitower/0AACh [ 3105.018481] RIP: 0010:[<ffffffffa045830d>] [<ffffffffa045830d>] usb_stor_probe1+0x2fd/0xc20 [usb_storage] [ 3105.018536] RSP: 0018:ffff880056a3d830 EFLAGS: 00010286 [ 3105.018562] RAX: ffff880065f4e648 RBX: ffff88006bb28000 RCX: 0000000000000000 [ 3105.018597] RDX: ffff88006f23c7b0 RSI: 0000000000000001 RDI: 0000000000000206 [ 3105.018632] RBP: ffff880056a3d900 R08: 0000000000000000 R09: ffff880067365000 [ 3105.018665] R10: 00000000000002ac R11: 0000000000000010 R12: ffff6000b41a7340 [ 3105.018698] R13: ffff880065f4ef60 R14: ffff88006bb28b88 R15: ffff88006f23d270 [ 3105.018733] FS: 0000000000000000(0000) GS:ffff88007a200000(0000) knlGS:0000000000000000 [ 3105.018773] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 3105.018801] CR2: 00007fc99c8c4650 CR3: 0000000001e05000 CR4: 00000000000006f0 [ 3105.018835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3105.018870] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 3105.018906] Process khubd (pid: 189, threadinfo ffff880056a3c000, task ffff88005677a400) [ 3105.018945] Stack: [ 3105.018959] 0000000000000000 0000000000000000 ffff880056a3d8d0 0000000000000002 [ 3105.019011] 0000000000000000 ffff880056a3d918 ffff880000000000 0000000000000002 [ 3105.019058] ffff880056a3d8d0 0000000000000012 ffff880056a3d8d0 0000000000000006 [ 3105.019105] Call Trace: [ 3105.019128] [<ffffffffa0458cd4>] storage_probe+0xa4/0xe0 [usb_storage] [ 3105.019173] [<ffffffffa0097822>] usb_probe_interface+0x172/0x330 [usbcore] [ 3105.019211] [<ffffffff815fda67>] driver_probe_device+0x257/0x3b0 [ 3105.019243] [<ffffffff815fdd43>] __device_attach+0x73/0x90 [ 3105.019272] [<ffffffff815fdcd0>] ? __driver_attach+0x110/0x110 [ 3105.019303] [<ffffffff815fb93c>] bus_for_each_drv+0x9c/0xf0 [ 3105.019334] [<ffffffff815fd6c7>] device_attach+0xf7/0x120 [ 3105.019364] [<ffffffff815fc905>] bus_probe_device+0x45/0x80 [ 3105.019396] [<ffffffff815f98a6>] device_add+0x876/0x990 [ 3105.019434] [<ffffffffa0094e42>] usb_set_configuration+0x822/0x9e0 [usbcore] [ 3105.019479] [<ffffffffa00a3492>] generic_probe+0x62/0xf0 [usbcore] [ 3105.019518] [<ffffffffa0097a46>] usb_probe_device+0x66/0xb0 [usbcore] [ 3105.019555] [<ffffffff815fda67>] driver_probe_device+0x257/0x3b0 [ 3105.019589] [<ffffffff815fdd43>] __device_attach+0x73/0x90 [ 3105.019617] [<ffffffff815fdcd0>] ? __driver_attach+0x110/0x110 [ 3105.019648] [<ffffffff815fb93c>] bus_for_each_drv+0x9c/0xf0 [ 3105.019680] [<ffffffff815fd6c7>] device_attach+0xf7/0x120 [ 3105.019709] [<ffffffff815fc905>] bus_probe_device+0x45/0x80 [ 3105.021040] usb usb6: usb auto-resume [ 3105.021045] usb usb6: wakeup_rh [ 3105.024849] [<ffffffff815f98a6>] device_add+0x876/0x990 [ 3105.025086] [<ffffffffa0088987>] usb_new_device+0x1e7/0x2b0 [usbcore] [ 3105.025086] [<ffffffffa008a4d7>] hub_thread+0xb27/0x1ec0 [usbcore] [ 3105.025086] [<ffffffff810d5200>] ? wake_up_bit+0x50/0x50 [ 3105.025086] [<ffffffffa00899b0>] ? usb_remote_wakeup+0xa0/0xa0 [usbcore] [ 3105.025086] [<ffffffff810d49b8>] kthread+0xd8/0xf0 [ 3105.025086] [<ffffffff81939884>] kernel_thread_helper+0x4/0x10 [ 3105.025086] [<ffffffff8192a8c0>] ? _raw_spin_unlock_irq+0x50/0x80 [ 3105.025086] [<ffffffff8192b1b4>] ? retint_restore_args+0x13/0x13 [ 3105.025086] [<ffffffff810d48e0>] ? __init_kthread_worker+0x80/0x80 [ 3105.025086] [<ffffffff81939880>] ? gs_change+0x13/0x13 [ 3105.025086] Code: 00 48 83 05 cd ad 00 00 01 48 83 05 cd ad 00 00 01 4c 8b ab 30 0c 00 00 48 8b 50 08 48 83 c0 30 48 89 45 a0 4c 89 a3 40 0c 00 00 <41> 0f b6 44 24 10 48 89 55 a8 3c ff 0f 84 b8 04 00 00 48 83 05 [ 3105.025086] RIP [<ffffffffa045830d>] usb_stor_probe1+0x2fd/0xc20 [usb_storage] [ 3105.025086] RSP <ffff880056a3d830> [ 3105.060037] hub 6-0:1.0: hub_resume [ 3105.062616] usb usb5: usb auto-resume [ 3105.064317] ehci_hcd 0000:00:1d.7: resume root hub [ 3105.094809] ---[ end trace a7919e7f17c0a727 ]--- [ 3105.130069] hub 5-0:1.0: hub_resume [ 3105.132131] usb usb4: usb auto-resume [ 3105.132136] usb usb4: wakeup_rh [ 3105.180059] hub 4-0:1.0: hub_resume [ 3106.290052] usb usb6: suspend_rh (auto-stop) [ 3106.290077] usb usb4: suspend_rh (auto-stop) Signed-off-by: Huajun Li <huajun.li.lee@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:39 -08:00
Greg Kroah-Hartman	d6b3d54200	USB: isight: fix kernel bug when loading firmware commit `59bf5cf94f` upstream. We were sending data on the stack when uploading firmware, which causes some machines fits, and is not allowed. Fix this by using the buffer we already had around for this very purpose. Reported-by: Wouter M. Koolen <wmkoolen@cwi.nl> Tested-by: Wouter M. Koolen <wmkoolen@cwi.nl> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:38 -08:00
Julia Lawall	30234e2694	drivers/usb/class/cdc-acm.c: clear dangling pointer commit `e7c8e8605d` upstream. On some failures, the country_code field of an acm structure is freed without freeing the acm structure itself. Elsewhere, operations including memcpy and kfree are performed on the country_code field. The patch sets the country_code field to NULL when it is freed, and likewise sets the country_code_size field to 0. Signed-off-by: Julia Lawall <julia@diku.dk> Acked-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:38 -08:00
Jan Kara	9e9f6a20b5	udf: Fix deadlock when converting file from in-ICB one to normal one commit `d2eb8c3593` upstream. During BKL removal in 2.6.38, conversion of files from in-ICB format to normal format got broken. We call ->writepage with i_data_sem held but udf_get_block() also acquires i_data_sem thus creating A-A deadlock. We fix the problem by dropping i_data_sem before calling ->writepage() which is safe since i_mutex still protects us against any changes in the file. Also fix pagelock - i_data_sem lock inversion in udf_expand_file_adinicb() by dropping i_data_sem before calling find_or_create_page(). Reported-by: Matthias Matiak <netzpython@mail-on.us> Tested-by: Matthias Matiak <netzpython@mail-on.us> Reviewed-by: Namjae Jeon <linkinjeon@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:37 -08:00
Li Zefan	62cf6918d6	cgroup: fix to allow mounting a hierarchy by name commit `0d19ea8665` upstream. If we mount a hierarchy with a specified name, the name is unique, and we can use it to mount the hierarchy without specifying its set of subsystem names. This feature is documented is Documentation/cgroups/cgroups.txt section 2.3 Here's an example: # mount -t cgroup -o cpuset,name=myhier xxx /cgroup1 # mount -t cgroup -o name=myhier xxx /cgroup2 But it was broken by commit `32a8cf235e` (cgroup: make the mount options parsing more accurate) This fixes the regression. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:35 -08:00
Claudio Scordino	b71bb82900	atmel_serial: fix spinlock lockup in RS485 code commit `dbf1115d3f` upstream. Patch to fix a spinlock lockup in the driver that sometimes happens when the tasklet starts. Signed-off-by: Claudio Scordino <claudio@evidence.eu.com> Signed-off-by: Dave Bender <codehero@gmail.com> Tested-by: Dave Bender <codehero@gmail.com> Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:35 -08:00
Sarah Sharp	7f35a6941c	usbfs: Fix oops related to user namespace conversion. commit `1b41c8321e` upstream. When running the Point Grey "flycap" program for their USB 3.0 camera (which was running as a USB 2.0 device for some reason), I trigger this oops whenever I try to open a video stream: Dec 15 16:48:34 puck kernel: [ 1798.715559] BUG: unable to handle kernel NULL pointer dereference at (null) Dec 15 16:48:34 puck kernel: [ 1798.719153] IP: [<ffffffff8147841e>] free_async+0x1e/0x70 Dec 15 16:48:34 puck kernel: [ 1798.720991] PGD 6f833067 PUD 6fc56067 PMD 0 Dec 15 16:48:34 puck kernel: [ 1798.722815] Oops: 0002 [#1] SMP Dec 15 16:48:34 puck kernel: [ 1798.724627] CPU 0 Dec 15 16:48:34 puck kernel: [ 1798.724636] Modules linked in: ecryptfs encrypted_keys sha1_generic trusted binfmt_misc sha256_generic aesni_intel cryptd aes_x86_64 aes_generic parport_pc dm_crypt ppdev joydev snd_hda_codec_hdmi snd_hda_codec_conexant arc4 iwlwifi snd_hda_intel snd_hda_codec snd_hwdep snd_pcm thinkpad_acpi mac80211 snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer btusb uvcvideo snd_seq_device bluetooth videodev psmouse snd v4l2_compat_ioctl32 serio_raw tpm_tis cfg80211 tpm tpm_bios nvram soundcore snd_page_alloc lp parport i915 xhci_hcd ahci libahci drm_kms_helper drm sdhci_pci sdhci e1000e i2c_algo_bit video Dec 15 16:48:34 puck kernel: [ 1798.734212] Dec 15 16:48:34 puck kernel: [ 1798.736162] Pid: 2713, comm: FlyCap2 Not tainted 3.2.0-rc5+ #28 LENOVO 4286CTO/4286CTO Dec 15 16:48:34 puck kernel: [ 1798.738148] RIP: 0010:[<ffffffff8147841e>] [<ffffffff8147841e>] free_async+0x1e/0x70 Dec 15 16:48:34 puck kernel: [ 1798.740134] RSP: 0018:ffff88005715fd78 EFLAGS: 00010296 Dec 15 16:48:34 puck kernel: [ 1798.742118] RAX: 00000000fffffff4 RBX: ffff88006fe8f900 RCX: 0000000000004118 Dec 15 16:48:34 puck kernel: [ 1798.744116] RDX: 0000000001000000 RSI: 0000000000016390 RDI: 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.746087] RBP: ffff88005715fd88 R08: 0000000000000000 R09: ffffffff8146f22e Dec 15 16:48:34 puck kernel: [ 1798.748018] R10: ffff88006e520ac0 R11: 0000000000000001 R12: ffff88005715fe28 Dec 15 16:48:34 puck kernel: [ 1798.749916] R13: ffff88005d31df00 R14: ffff88006fe8f900 R15: 00007f688c995cb8 Dec 15 16:48:34 puck kernel: [ 1798.751785] FS: 00007f68a366da40(0000) GS:ffff880100200000(0000) knlGS:0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.753659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Dec 15 16:48:34 puck kernel: [ 1798.755509] CR2: 0000000000000000 CR3: 00000000706bb000 CR4: 00000000000406f0 Dec 15 16:48:34 puck kernel: [ 1798.757334] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.759124] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Dec 15 16:48:34 puck kernel: [ 1798.760871] Process FlyCap2 (pid: 2713, threadinfo ffff88005715e000, task ffff88006c675b80) Dec 15 16:48:34 puck kernel: [ 1798.762605] Stack: Dec 15 16:48:34 puck kernel: [ 1798.764297] ffff88005715fe28 0000000000000000 ffff88005715fe08 ffffffff81479058 Dec 15 16:48:34 puck kernel: [ 1798.766020] 0000000000000000 ffffea0000004000 ffff880000004118 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.767750] ffff880000000001 ffff88006e520ac0 fffffff46fd81180 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.769472] Call Trace: Dec 15 16:48:34 puck kernel: [ 1798.771147] [<ffffffff81479058>] proc_do_submiturb+0x778/0xa00 Dec 15 16:48:34 puck kernel: [ 1798.772798] [<ffffffff8147a5fd>] usbdev_do_ioctl+0x24d/0x1200 Dec 15 16:48:34 puck kernel: [ 1798.774410] [<ffffffff8147b5de>] usbdev_ioctl+0xe/0x20 Dec 15 16:48:34 puck kernel: [ 1798.775975] [<ffffffff81189259>] do_vfs_ioctl+0x99/0x600 Dec 15 16:48:34 puck kernel: [ 1798.777534] [<ffffffff81189851>] sys_ioctl+0x91/0xa0 Dec 15 16:48:34 puck kernel: [ 1798.779088] [<ffffffff816247c2>] system_call_fastpath+0x16/0x1b ec 15 16:48:34 puck kernel: [ 1798.780634] Code: 51 ff ff ff e9 29 ff ff ff 0f 1f 40 00 55 48 89 e5 53 48 83 ec 08 66 66 66 66 90 48 89 fb 48 8b 7f 18 e8 a6 ea c0 ff 4 8 8b 7b 20 <f0> ff 0f 0f 94 c0 84 c0 74 05 e8 d3 99 c1 ff 48 8b 43 40 48 8b Dec 15 16:48:34 puck kernel: [ 1798.783970] RIP [<ffffffff8147841e>] free_async+0x1e/0x70 Dec 15 16:48:34 puck kernel: [ 1798.785630] RSP <ffff88005715fd78> Dec 15 16:48:34 puck kernel: [ 1798.787274] CR2: 0000000000000000 Dec 15 16:48:34 puck kernel: [ 1798.794728] ---[ end trace 52894d3355f88d19 ]--- markup_oops.pl says the oops is in put_cred: ffffffff81478401: 48 89 e5 mov %rsp,%rbp ffffffff81478404: 53 push %rbx ffffffff81478405: 48 83 ec 08 sub $0x8,%rsp ffffffff81478409: e8 f2 c0 1a 00 callq ffffffff81624500 <mcount> ffffffff8147840e: 48 89 fb mov %rdi,%rbx \| %ebx => ffff88006fe8f900 put_pid(as->pid); ffffffff81478411: 48 8b 7f 18 mov 0x18(%rdi),%rdi ffffffff81478415: e8 a6 ea c0 ff callq ffffffff81086ec0 <put_pid> put_cred(as->cred); ffffffff8147841a: 48 8b 7b 20 mov 0x20(%rbx),%rdi \| %edi => 0 %ebx = ffff88006fe8f900 / static inline int atomic_dec_and_test(atomic_t v) { unsigned char c; asm volatile(LOCK_PREFIX "decl %0; sete %1" ffffffff8147841e: f0 ff 0f lock decl (%rdi) \| %edi = 0 <--- faulting instruction ffffffff81478421: 0f 94 c0 sete %al static inline void put_cred(const struct cred _cred) { struct cred cred = (struct cred ) _cred; validate_creds(cred); if (atomic_dec_and_test(&(cred)->usage)) ffffffff81478424: 84 c0 test %al,%al ffffffff81478426: 74 05 je ffffffff8147842d <free_async+0x2d> __put_cred(cred); ffffffff81478428: e8 d3 99 c1 ff callq ffffffff81091e00 <__put_cred> kfree(as->urb->transfer_buffer); ffffffff8147842d: 48 8b 43 40 mov 0x40(%rbx),%rax ffffffff81478431: 48 8b 78 68 mov 0x68(%rax),%rdi ffffffff81478435: e8 a6 e1 ce ff callq ffffffff811665e0 <kfree> kfree(as->urb->setup_packet); ffffffff8147843a: 48 8b 43 40 mov 0x40(%rbx),%rax ffffffff8147843e: 48 8b b8 90 00 00 00 mov 0x90(%rax),%rdi ffffffff81478445: e8 96 e1 ce ff callq ffffffff811665e0 <kfree> usb_free_urb(as->urb); ffffffff8147844a: 48 8b 7b 40 mov 0x40(%rbx),%rdi ffffffff8147844e: e8 0d 6b ff ff callq ffffffff8146ef60 <usb_free_urb> This bug seems to have been introduced by commit `d178bc3a70` "user namespace: usb: make usb urbs user namespace aware (v2)" I'm not sure if this is right fix, but it does stop the oops. Unfortunately, the Point Grey software still refuses to work, but it's a closed source app, so I can't fix it. Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:34 -08:00
Alan Stern	170b209abe	USB: update documentation for usbmon commit `d8cae98cdd` upstream. The documentation for usbmon is out of date; the usbfs "devices" file now exists in /sys/kernel/debug/usb rather than /proc/bus/usb. This patch (as1505) updates the documentation accordingly, and also mentions that the necessary information can be found by running lsusb. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:34 -08:00
K. Y. Srinivasan	d1883e7052	Drivers:hv: Fix a bug in vmbus_driver_unregister() commit `8f257a142f` upstream. The function vmbus_exists() was introduced recently to deal with cases where the vmbus driver failed to initialize and yet other Hyper-V drivers attempted to register with the vmbus bus driver. This patch introduced a bug where vmbus_driver_unregister() would fail to unregister the driver. This patch fixes the problem. Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Fuzhou Chen <fuzhouch@microsoft.com> Cc: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:33 -08:00
K. Y. Srinivasan	32eef9ed02	drivers: hv: Don't OOPS when you cannot init vmbus commit `cf6a2eacbc` upstream. The hv vmbus driver was causing an OOPS since it was trying to register drivers on top of the bus even if initialization of the bus has failed for some reason (such as the odd chance someone would run a hv enabled kernel in a non-hv environment). Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:32 -08:00
Jan Kara	0558681f02	ext3: Don't warn from writepage when readonly inode is spotted after error commit `33c104d415` upstream. WARN_ON_ONCE(IS_RDONLY(inode)) tends to trip when filesystem hits error and is remounted read-only. This unnecessarily scares users (well, they should be scared because of filesystem error, but the stack trace distracts them from the right source of their fear ;-). We could as well just remove the WARN_ON but it's not hard to fix it to not trip on filesystem with errors and not use more cycles in the common case so that's what we do. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:32 -08:00
Jeff Mahoney	04e06ee56d	reiserfs: Force inode evictions before umount to avoid crash commit `a9e36da655` upstream. This patch fixes a crash in reiserfs_delete_xattrs during umount. When shrink_dcache_for_umount clears the dcache from generic_shutdown_super, delayed evictions are forced to disk. If an evicted inode has extended attributes associated with it, it will need to walk the xattr tree to locate and remove them. But since shrink_dcache_for_umount will BUG if it encounters active dentries, the xattr tree must be released before it's called or it will crash during every umount. This patch forces the evictions to occur before generic_shutdown_super by calling shrink_dcache_sb first. The additional evictions caused by the removal of each associated xattr file and dir will be automatically handled as they're added to the LRU list. CC: reiserfs-devel@vger.kernel.org Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:30 -08:00
Jan Kara	e75c11aceb	reiserfs: Fix quota mount option parsing commit `a06d789b42` upstream. When jqfmt mount option is not specified on remount, we mistakenly clear s_jquota_fmt value stored in superblock. Fix the problem. CC: reiserfs-devel@vger.kernel.org Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:30 -08:00
Boaz Harrosh	88e0281800	ore: FIX breakage when MISC_FILESYSTEMS is not set commit `831c2dc5f4` upstream. As Reported by Randy Dunlap When MISC_FILESYSTEMS is not enabled and NFS4.1 is: fs/built-in.o: In function `objio_alloc_io_state': objio_osd.c:(.text+0xcb525): undefined reference to `ore_get_rw_state' fs/built-in.o: In function `_write_done': objio_osd.c:(.text+0xcb58d): undefined reference to `ore_check_io' fs/built-in.o: In function `_read_done': ... When MISC_FILESYSTEMS, which is more of a GUI thing then anything else, is not selected. exofs/Kconfig is never examined during Kconfig, and it can not do it's magic stuff to automatically select everything needed. We must split exofs/Kconfig in two. The ore one is always included. And the exofs one is left in it's old place in the menu. Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:29 -08:00
Boaz Harrosh	673a3083dc	ore: Must support none-PAGE-aligned IO commit `724577ca35` upstream. NFS might send us offsets that are not PAGE aligned. So we must read in the reminder of the first/last pages, in cases we need it for Parity calculations. We only add an sg segments to read the partial page. But we don't mark it as read=true because it is a lock-for-write page. TODO: In some cases (IO spans a single unit) we can just adjust the raid_unit offset/length, but this is left for later Kernels. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:29 -08:00
Boaz Harrosh	0889c17965	ore: fix BUG_ON, too few sgs when reading commit `361aba569f` upstream. When reading RAID5 files, in rare cases, we calculated too few sg segments. There should be two extra for the beginning and end partial units. Also "too few sg segments" should not be a BUG_ON there is all the mechanics in place to handle it, as a short read. So just return -ENOMEM and the rest of the code will gracefully split the IO. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:28 -08:00
Boaz Harrosh	688485273b	ore: Fix crash in case of an IO error. commit `ffefb8eaa3` upstream. The users of ore_check_io() expect the reported device (In case of error) to be indexed relative to the passed-in ore_components table, and not the logical dev index. This causes a crash inside objlayoutdriver in case of an IO error. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:27 -08:00
Steven Rostedt	9234152953	perf: Fix parsing of __print_flags() in TP_printk() commit `49908a1b25` upstream. A update is made to the sched:sched_switch event that adds some logic to the first parameter of the __print_flags() that shows the state of tasks. This change cause perf to fail parsing the flags. A simple fix is needed to have the parser be able to process ops within the argument. Reported-by: Andrew Vagin <avagin@openvz.org> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:27 -08:00
Johannes Berg	0b58bf9909	iwlagn: fix (remove) use of PAGE_SIZE commit `106671369e` upstream. The ICT code erroneously uses PAGE_SIZE. The bug is that PAGE_SIZE isn't necessarily 4096, so on such platforms this code will not work correctly as we'll try to attempt to read an index in the table that the device never wrote, it always has 4096-byte pages. Additionally, the manual alignment code here is unnecessary -- Documentation/DMA-API-HOWTO.txt states: The cpu return address and the DMA bus master address are both guaranteed to be aligned to the smallest PAGE_SIZE order which is greater than or equal to the requested size. This invariant exists (for example) to guarantee that if you allocate a chunk which is smaller than or equal to 64 kilobytes, the extent of the buffer you receive will not cross a 64K boundary. Just use appropriate new constants and get rid of the alignment code. Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:26 -08:00
Johannes Berg	01b366aa69	iwlagn: fix TID use bug commit `9a215e40d7` upstream. The driver everywhere uses max TID count as 9, which is wrong, it should be 8. I think the reason it uses 9 here is off-by-one confusion by whoever wrote this. We do use the value IWL_MAX_TID_COUNT for "not QoS/no TID" but that is completely correct even if it is 8 and not 9 since 0-7 are only valid. As a side effect, this fixes the following bug: Open BA session requested for 00:23:cd:16:8a:7e tid 8 ------------[ cut here ]------------ kernel BUG at drivers/net/wireless/iwlwifi/iwl-trans-pcie-int.h:350! ... when you do echo "tx start 8" > /sys/kernel/debug/ieee80211/////agg_status Reported-by: Nikolay Martynov <mar.kolya@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:25 -08:00
Eli Cohen	585ea9bc67	IB/uverbs: Protect QP multicast list commit `e214a0fe2b` upstream. Userspace verbs multicast attach/detach operations on a QP are done while holding the rwsem of the QP for reading. That's not sufficient since a reader lock allows more than one reader to acquire the lock. However, multicast attach/detach does list manipulation that can corrupt the list if multiple threads run in parallel. Fix this by acquiring the rwsem as a writer to serialize attach/detach operations. Add idr_write_qp() and put_qp_write() to encapsulate this. This fixes oops seen when running applications that perform multicast joins/leaves. Reported by: Mike Dubman <miked@mellanox.com> Signed-off-by: Eli Cohen <eli@mellanox.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:24 -08:00
Ram Vepa	0d878668d0	IB/qib: Fix a possible data corruption when receiving packets commit `eddfb67525` upstream. Prevent a receive data corruption by ensuring that the write to update the rcvhdrheadn register to generate an interrupt is at the very end of the receive processing. Signed-off-by: Ramkrishna Vepa <ram.vepa@qlogic.com> Signed-off-by: Mike Marciniszyn <mike.marciniszyn@qlogic.com> Signed-off-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:23 -08:00
Li Zhong	ddcf85d72f	powerpc: Fix unpaired probe_hcall_entry and probe_hcall_exit commit `e4f387d8db` upstream. Unpaired calling of probe_hcall_entry and probe_hcall_exit might happen as following, which could cause incorrect preempt count. __trace_hcall_entry => trace_hcall_entry -> probe_hcall_entry => get_cpu_var => preempt_disable __trace_hcall_exit => trace_hcall_exit -> probe_hcall_exit => put_cpu_var => preempt_enable where: A => B and A -> B means A calls B, but => means A will call B through function name, and B will definitely be called. -> means A will call B through function pointer, so B might not be called if the function pointer is not set. So error happens when only one of probe_hcall_entry and probe_hcall_exit get called during a hcall. This patch tries to move the preempt count operations from probe_hcall_entry and probe_hcall_exit to its callers. Reported-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Li Zhong <zhong@linux.vnet.ibm.com> Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:23 -08:00
Anton Blanchard	8e04782a06	powerpc/time: Handle wrapping of decrementer commit `37fb9a0231` upstream. When re-enabling interrupts we have code to handle edge sensitive decrementers by resetting the decrementer to 1 whenever it is negative. If interrupts were disabled long enough that the decrementer wrapped to positive we do nothing. This means interrupts can be delayed for a long time until it finally goes negative again. While we hope interrupts are never be disabled long enough for the decrementer to go positive, we have a very good test team that can drive any kernel into the ground. The softlockup data we get back from these fails could be seconds in the future, completely missing the cause of the lockup. We already keep track of the timebase of the next event so use that to work out if we should trigger a decrementer exception. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:22 -08:00
Pontus Fuchs	f92fed3f1d	wl12xx: Restore testmode ABI commit `3f1764945e` upstream. Commit `80900d0140` accidently broke the ABI for testmode commands. Restore the ABI again. Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:22 -08:00
Pontus Fuchs	67d3bda61b	wl12xx: Check buffer bound when processing nvs data commit `f6efe96edd` upstream. An nvs with malformed contents could cause the processing of the calibration data to read beyond the end of the buffer. Prevent this from happening by adding bound checking. Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com> Reviewed-by: Luciano Coelho <coelho@ti.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:21 -08:00
Pontus Fuchs	240ecc4a6f	wl12xx: Validate FEM index from ini file and FW commit `2131d3c2f9` upstream. Check for out of bound FEM index to prevent reading beyond ini memory end. Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com> Reviewed-by: Luciano Coelho <coelho@ti.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:21 -08:00
Rafał Miłecki	618bbbe723	bcma: support for suspend and resume commit `775ab52142` upstream. bcma used to lock up machine without enabling PCI or initializing CC. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:20 -08:00
Andres Salomon	dd4f146b63	libertas: clean up scan thread handling commit `afbca95f95` upstream. The libertas scan thread expects priv->scan_req to be non-NULL. In theory, it should always be set. In practice, we've seen the following oops: [ 8363.067444] Unable to handle kernel NULL pointer dereference at virtual address 00000004 [ 8363.067490] pgd = c0004000 [ 8363.078393] [00000004] *pgd=00000000 [ 8363.086711] Internal error: Oops: 17 [#1] PREEMPT [ 8363.091375] Modules linked in: fuse libertas_sdio libertas psmouse mousedev ov7670 mmp_camera joydev videobuf2_core videobuf2_dma_sg videobuf2_memops [last unloaded: scsi_wait_scan] [ 8363.107490] CPU: 0 Not tainted (3.0.0-gf7ccc69 #671) [ 8363.112799] PC is at lbs_scan_worker+0x108/0x5a4 [libertas] [ 8363.118326] LR is at 0x0 [ 8363.120836] pc : [<bf03a854>] lr : [<00000000>] psr: 60000113 [ 8363.120845] sp : ee66bf48 ip : 00000000 fp : 00000000 [ 8363.120845] r10: ee2c2088 r9 : c04e2efc r8 : eef97005 [ 8363.132231] r7 : eee0716f r6 : ee2c02c0 r5 : ee2c2088 r4 : eee07160 [ 8363.137419] r3 : 00000000 r2 : a0000113 r1 : 00000001 r0 : eee07160 [ 8363.143896] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel [ 8363.157630] Control: 10c5387d Table: 2e754019 DAC: 00000015 [ 8363.163334] Process kworker/u:1 (pid: 25, stack limit = 0xee66a2f8) While I've not found a smoking gun, there are two places that raised red flags for me. The first is in _internal_start_scan, when we queue up a scan; we first queue the worker, and then set priv->scan_req. There's theoretically a 50mS delay which should be plenty, but doing things that way just seems racy (and not in the good way). The second is in the scan worker thread itself. Depending on the state of priv->scan_channel, we cancel pending scan runs and then requeue a run in 300mS. We then send the scan command down to the hardware, sleep, and if we get scan results for all the desired channels, we set priv->scan_req to NULL. However, it that's happened in less than 300mS, what happens with the pending scan run? This patch addresses both of those concerns. With the patch applied, we have not seen the oops in the past two weeks. Signed-off-by: Andres Salomon <dilinger@queued.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:20 -08:00
Benjamin Herrenschmidt	69236e6011	offb: Fix bug in calculating requested vram size commit `c055fe0797` upstream. We used to try to request 8 times more vram than needed, which would fail if the card has a too small BAR (observed with qemu & kvm). Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:19 -08:00
Benjamin Herrenschmidt	dfedad6119	offb: Fix setting of the pseudo-palette for >8bpp commit `1bb0b7d215` upstream. When using a >8bpp framebuffer, offb advertises truecolor, not directcolor, and doesn't touch the color map even if it has a corresponding access method for the real hardware. Thus it needs to set the pseudo-palette with all 3 components of the color, like other truecolor framebuffers, not with copies of the color index like a directcolor framebuffer would do. This went unnoticed for a long time because it's pretty hard to get offb to kick in with anything but 8bpp (old BootX under MacOS will do that and qemu does it). Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:18 -08:00
Larry Finger	2289fb57dc	rt2800usb: Move ID out of unknown commit `3f81f8f152` upstream. Testing on the openSUSE wireless forum has shown that a Linksys WUSB54GC v3 with USB ID 1737:0077 works with rt2800usb when the ID is written to /sys/.../new_id. This ID can therefore be moved out of UNKNOWN. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:18 -08:00
Neil Horman	a5a0cdd640	firmware: Fix an oops on reading fw_priv->fw in sysfs loading file commit `eea915bb0d` upstream. This oops was reported recently: firmware_loading_store+0xf9/0x17b dev_attr_store+0x20/0x22 sysfs_write_file+0x101/0x134 vfs_write+0xac/0xf3 sys_write+0x4a/0x6e system_call_fastpath+0x16/0x1b The complete backtrace was unfortunately not captured, but details can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=769920 The cause is fairly clear. Its caused by the fact that firmware_loading_store has a case 0 in its switch statement that reads and writes the fw_priv->fw poniter without the protection of the fw_lock mutex. since there is a window between the time that _request_firmware sets fw_priv->fw to NULL and the time the corresponding sysfs file is unregistered, its possible for a user space application to race in, and write a zero to the loading file, causing a NULL dereference in firmware_loading_store. Fix it by extending the protection of the fw_lock mutex to cover all of the firware_loading_store function. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:17 -08:00
Joe Perches	170797705f	Documentation: Update stable address commit `2eb7f204db` upstream. The Japanese/Korean/Chinese versions still need updating. Also, the stable kernel 2.6.x.y descriptions are out of date and should be updated as well. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:17 -08:00
Joe Perches	13e864be18	MAINTAINERS: stable: Update address commit `bc7a2f3abc` upstream. The old address hasn't worked since the great intrusion of August 2011. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>	2012-01-12 11:29:16 -08:00
Linus Torvalds	805a6af8db	Linux 3.2	2012-01-04 15:55:44 -08:00
Linus Torvalds	869682384e	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: fix CAN MAINTAINERS SCM tree type mwifiex: fix crash during simultaneous scan and connect b43: fix regression in PIO case ath9k: Fix kernel panic in AR2427 in AP mode CAN MAINTAINERS update net: fsl: fec: fix build for mx23-only kernel sch_qfq: fix overflow in qfq_update_start() Revert "Bluetooth: Increase HCI reset timeout in hci_dev_do_close"	2012-01-04 15:03:49 -08:00
Al Viro	d6042eac44	minixfs: misplaced checks lead to dentry leak bitmap size sanity checks should be done before allocating ->s_root; there their cleanup on failure would be correct. As it is, we do iput() on root inode, but leak the root dentry... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-01-04 15:03:06 -08:00
Oleg Nesterov	8a88951b58	ptrace: ensure JOBCTL_STOP_SIGMASK is not zero after detach This is the temporary simple fix for 3.2, we need more changes in this area. 1. do_signal_stop() assumes that the running untraced thread in the stopped thread group is not possible. This was our goal but it is not yet achieved: a stopped-but-resumed tracee can clone the running thread which can initiate another group-stop. Remove WARN_ON_ONCE(!current->ptrace). 2. A new thread always starts with ->jobctl = 0. If it is auto-attached and this group is stopped, __ptrace_unlink() sets JOBCTL_STOP_PENDING but JOBCTL_STOP_SIGMASK part is zero, this triggers WANR_ON(!signr) in do_jobctl_trap() if another debugger attaches. Change __ptrace_unlink() to set the artificial SIGSTOP for report. Alternatively we could change ptrace_init_task() to copy signr from current, but this means we can copy it for no reason and hide the possible similar problems. Acked-by: Tejun Heo <tj@kernel.org> Cc: <stable@kernel.org> [3.1] Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-01-04 15:01:59 -08:00
Oleg Nesterov	50b8d25748	ptrace: partially fix the do_wait(WEXITED) vs EXIT_DEAD->EXIT_ZOMBIE race Test-case: int main(void) { int pid, status; pid = fork(); if (!pid) { for (;;) { if (!fork()) return 0; if (waitpid(-1, &status, 0) < 0) { printf("ERR!! wait: %m\n"); return 0; } } } assert(ptrace(PTRACE_ATTACH, pid, 0,0) == 0); assert(waitpid(-1, NULL, 0) == pid); assert(ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_TRACEFORK) == 0); do { ptrace(PTRACE_CONT, pid, 0, 0); pid = waitpid(-1, NULL, 0); } while (pid > 0); return 1; } It fails because ->real_parent sees its child in EXIT_DEAD state while the tracer is going to change the state back to EXIT_ZOMBIE in wait_task_zombie(). The offending commit is `823b018e` which moved the EXIT_DEAD check, but in fact we should not blame it. The original code was not correct as well because it didn't take ptrace_reparented() into account and because we can't really trust ->ptrace. This patch adds the additional check to close this particular race but it doesn't solve the whole problem. We simply can't rely on ->ptrace in this case, it can be cleared if the tracer is multithreaded by the exiting ->parent. I think we should kill EXIT_DEAD altogether, we should always remove the soon-to-be-reaped child from ->children or at least we should never do the DEAD->ZOMBIE transition. But this is too complex for 3.2. Reported-and-tested-by: Denys Vlasenko <vda.linux@googlemail.com> Tested-by: Lukasz Michalik <lmi@ift.uni.wroc.pl> Acked-by: Tejun Heo <tj@kernel.org> Cc: <stable@kernel.org> [3.0+] Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-01-04 15:01:59 -08:00
Linus Torvalds	8d9cbf8240	Merge git://git.samba.org/sfrench/cifs-2.6 * git://git.samba.org/sfrench/cifs-2.6: [CIFS] default ntlmv2 for cifs mount delayed to 3.3 cifs: fix bad buffer length check in coalesce_t2	2012-01-04 14:57:55 -08:00
John W. Linville	d8f46ff110	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem	2012-01-04 11:37:30 -05:00
Linus Torvalds	f423fc627b	Revert "rtc: Expire alarms after the time is set." This reverts commit `93b2ec0128`. The call to "schedule_work()" in rtc_initialize_alarm() happens too early, and can cause oopses at bootup Neil Brown explains why we do it: "If you set an alarm in the future, then shutdown and boot again after that time, then you will end up with a timer_queue node which is in the past. When this happens the queue gets stuck. That entry-in-the-past won't get removed until and interrupt happens and an interrupt won't happen because the RTC only triggers an interrupt when the alarm is "now". So you'll find that e.g. "hwclock" will always tell you that 'select' timed out. So we force the interrupt work to happen at the start just in case." and has a patch that convert it to do things in-process rather than with the worker thread, but right now it's too late to play around with this, so we just revert the patch that caused problems for now. Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Requested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Requested-by: John Stultz <john.stultz@linaro.org> Cc: Neil Brown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-01-04 07:57:22 -08:00
Steve French	225de11e31	[CIFS] default ntlmv2 for cifs mount delayed to 3.3 Turned out the ntlmv2 (default security authentication) upgrade was harder to test than expected, and we ran out of time to test against Apple and a few other servers that we wanted to. Delay upgrade of default security from ntlm to ntlmv2 (on mount) to 3.3. Still works fine to specify it explicitly via "sec=ntlmv2" so this should be fine. Acked-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>	2012-01-04 07:54:40 -06:00
Jeff Layton	497728e11a	cifs: fix bad buffer length check in coalesce_t2 The current check looks to see if the RFC1002 length is larger than CIFSMaxBufSize, and fails if it is. The buffer is actually larger than that by MAX_CIFS_HDR_SIZE. This bug has been around for a long time, but the fact that we used to cap the clients MaxBufferSize at the same level as the server tended to paper over it. Commit `c974befa` changed that however and caused this bug to bite in more cases. Reported-and-Tested-by: Konstantinos Skarlatos <k.skarlatos@gmail.com> Tested-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>	2012-01-03 20:34:17 -06:00
Linus Torvalds	157e8bf8b4	Revert "rtc: Disable the alarm in the hardware" This reverts commit `c0afabd3d5`. It causes failures on Toshiba laptops - instead of disabling the alarm, it actually seems to enable it on the affected laptops, resulting in (for example) the laptop powering on automatically five minutes after shutdown. There's a patch for it that appears to work for at least some people, but it's too late to play around with this, so revert for now and try again in the next merge window. See for example http://bugs.debian.org/652869 Reported-and-bisected-by: Andreas Friedrich <afrie@gmx.net> (Toshiba Tecra) Reported-by: Antonio-M. Corbi Bellot <antonio.corbi@ua.es> (Toshiba Portege R500) Reported-by: Marco Santos <marco.santos@waynext.com> (Toshiba Portege Z830) Reported-by: Christophe Vu-Brugier <cvubrugier@yahoo.fr> (Toshiba Portege R830) Cc: Jonathan Nieder <jrnieder@gmail.com> Requested-by: John Stultz <john.stultz@linaro.org> Cc: stable@kernel.org # for the versions that applied this Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-01-03 17:32:13 -08:00
Mandeep Singh Baines	f9fab10bbd	hung_task: fix false positive during vfork vfork parent uninterruptibly and unkillably waits for its child to exec/exit. This wait is of unbounded length. Ignore such waits in the hung_task detector. Signed-off-by: Mandeep Singh Baines <msb@chromium.org> Reported-by: Sasha Levin <levinsasha928@gmail.com> LKML-Reference: <1325344394.28904.43.camel@lappy> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: John Kacur <jkacur@redhat.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-01-03 16:14:32 -08:00
Jan Kara	30e053248d	security: Fix security_old_inode_init_security() when CONFIG_SECURITY is not set Commit `1e39f384bb` ("evm: fix build problems") makes the stub version of security_old_inode_init_security() return 0 when CONFIG_SECURITY is not set. But that makes callers such as reiserfs_security_init() assume that security_old_inode_init_security() has set name, value, and len arguments properly - but security_old_inode_init_security() left them uninitialized which then results in interesting failures. Revert security_old_inode_init_security() to the old behavior of returning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this just fine. [ Also fixed the S_PRIVATE(inode) case of the actual non-stub security_old_inode_init_security() function to return EOPNOTSUPP for the same reason, as pointed out by Mimi Zohar. It got incorrectly changed to match the new function in commit `fb88c2b6cb`: "evm: fix security/security_old_init_security return code". - Linus ] Reported-by: Jorge Bastos <mysql.jorge@decimal.pt> Acked-by: James Morris <jmorris@namei.org> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2012-01-03 16:12:19 -08:00
Oliver Hartkopp	405cc27365	fix CAN MAINTAINERS SCM tree type As pointed out by Joe Perches the SCM tree type was missing in my patch. Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> CC: Oliver Hartkopp <oliver.hartkopp@volkswagen.de> CC: Urs Thuermann <urs.thuermann@volkswagen.de> CC: Wolfgang Grandegger <wg@grandegger.com> CC: Marc Kleine-Budde <mkl@pengutronix.de> CC: linux-can@vger.kernel.org	2012-01-03 14:57:43 -05:00
Amitkumar Karwar	b015dbc0f9	mwifiex: fix crash during simultaneous scan and connect If 'iw connect' command is fired when driver is already busy in serving 'iw scan' command, ssid specific scan operation for connect is skipped. In this case cmd wait queue handler gets called with no command in queue (i.e. adapter->cmd_queued = NULL). This patch adds a NULL check in mwifiex_wait_queue_complete() routine to fix crash observed during simultaneous scan and assoc operations. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>	2012-01-03 14:40:45 -05:00
Guennadi Liakhovetski	09009512e5	b43: fix regression in PIO case This patch fixes the regression, introduced by commit `17030f48e3` From: Rafał Miłecki <zajec5@gmail.com> Date: Thu, 11 Aug 2011 17:16:27 +0200 Subject: [PATCH] b43: support new RX header, noticed to be used in 598.314+ fw in PIO case. Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>	2012-01-03 14:40:45 -05:00
Mohammed Shafi Shajakhan	b25bfda382	ath9k: Fix kernel panic in AR2427 in AP mode don't do aggregation related stuff for 'AP mode client power save handling' if aggregation is not enabled in the driver, otherwise it will lead to panic because those data structures won't be never intialized in 'ath_tx_node_init' if aggregation is disabled EIP is at ath_tx_aggr_wakeup+0x37/0x80 [ath9k] EAX: e8c09a20 EBX: f2a304e8 ECX: 00000001 EDX: 00000000 ESI: e8c085e0 EDI: f2a304ac EBP: f40e1ca4 ESP: f40e1c8c DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process swapper/1 (pid: 0, ti=f40e0000 task=f408e860 task.ti=f40dc000) Stack: 0001e966 e8c09a20 00000000 f2a304ac e8c085e0 f2a304ac f40e1cb0 f8186741 f8186700 f40e1d2c f922988d f2a304ac 00000202 00000001 c0b4ba43 00000000 0000000f e8eb75c0 e8c085e0 205b0001 34383220 f2a304ac f2a30000 00010020 Call Trace: [<f8186741>] ath9k_sta_notify+0x41/0x50 [ath9k] [<f8186700>] ? ath9k_get_survey+0x110/0x110 [ath9k] [<f922988d>] ieee80211_sta_ps_deliver_wakeup+0x9d/0x350 [mac80211] [<c018dc75>] ? __module_address+0x95/0xb0 [<f92465b3>] ap_sta_ps_end+0x63/0xa0 [mac80211] [<f9246746>] ieee80211_rx_h_sta_process+0x156/0x2b0 [mac80211] [<f9247d1e>] ieee80211_rx_handlers+0xce/0x510 [mac80211] [<c018440b>] ? trace_hardirqs_on+0xb/0x10 [<c056936e>] ? skb_queue_tail+0x3e/0x50 [<f9248271>] ieee80211_prepare_and_rx_handle+0x111/0x750 [mac80211] [<f9248bf9>] ieee80211_rx+0x349/0xb20 [mac80211] [<f9248949>] ? ieee80211_rx+0x99/0xb20 [mac80211] [<f818b0b8>] ath_rx_tasklet+0x818/0x1d00 [ath9k] [<f8187a75>] ? ath9k_tasklet+0x35/0x1c0 [ath9k] [<f8187a75>] ? ath9k_tasklet+0x35/0x1c0 [ath9k] [<f8187b33>] ath9k_tasklet+0xf3/0x1c0 [ath9k] [<c0151b7e>] tasklet_action+0xbe/0x180 Cc: stable@kernel.org Cc: Senthil Balasubramanian <senthilb@qca.qualcomm.com> Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Reported-by: Ashwin Mendonca <ashwinloyal@gmail.com> Tested-by: Ashwin Mendonca <ashwinloyal@gmail.com> Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>	2012-01-03 14:40:45 -05:00
John W. Linville	f9dc73e541	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth	2012-01-03 14:26:56 -05:00
Oliver Hartkopp	ec78213acd	CAN MAINTAINERS update Update the CAN MAINTAINERS section: - point out active maintainers - pull the CAN driver discussion away from netdev ML - point to the new CAN web site on gitorious.org - add CAN development git repository URL to submit patches Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> CC: Oliver Hartkopp <oliver.hartkopp@volkswagen.de> CC: Urs Thuermann <urs.thuermann@volkswagen.de> CC: Wolfgang Grandegger <wg@grandegger.com> CC: Marc Kleine-Budde <mkl@pengutronix.de> CC: linux-can@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>	2012-01-03 13:55:15 -05:00
Wolfram Sang	0d9032477f	net: fsl: fec: fix build for mx23-only kernel If one only selects mx23-based boards, compile fails: drivers/net/ethernet/freescale/fec.c:410:2: error: 'FEC_HASH_TABLE_HIGH' undeclared (first use in this function) drivers/net/ethernet/freescale/fec.c:411:2: error: 'FEC_HASH_TABLE_LOW' undeclared (first use in this function) This is because fec.h uses CONFIG_SOC_IMX28 to determine the register layout of the core which makes sense since the MX23 does not have a fec. However, Kconfig uses the broader ARCH_MXS symbol and this way even makes the fec-driver default for MX23. Adapt Kconfig to use the more precise SOC_IMX28 as well. Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Cc: Fabio Estevam <fabio.estevam@freescale.com> Cc: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: David S. Miller <davem@davemloft.net> Acked-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>	2012-01-03 13:48:41 -05:00
Eric Dumazet	6bafcac323	sch_qfq: fix overflow in qfq_update_start() grp->slot_shift is between 22 and 41, so using 32bit wide variables is probably a typo. This could explain QFQ hangs Dave reported to me, after 2^23 packets ? (23 = 64 - 41) Reported-by: Dave Taht <dave.taht@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Dave Taht <dave.taht@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>	2012-01-03 12:58:23 -05:00
Alexander Müller	4376eee92e	drm/radeon/kms/atom: fix possible segfault in pm setup If we end up with no power states, don't look up current vddc. fixes: https://bugs.freedesktop.org/show_bug.cgi?id=44130 agd5f: fix patch formatting Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>	2012-01-03 09:17:16 +00:00
Linus Torvalds	115e8e705e	Merge branch 'devicetree/merge' of git://git.secretlab.ca/git/linux-2.6 * 'devicetree/merge' of git://git.secretlab.ca/git/linux-2.6: dt/device: Fix auxdata matching to handle entries without a name override	2012-01-02 12:34:03 -08:00
Linus Torvalds	733bbb7e1c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: netfilter: ctnetlink: fix timeout calculation ipvs: try also real server with port 0 in backup server skge: restore rx multicast filter on resume and after config changes mlx4_en: nullify cq->vector field when closing completion queue	2012-01-01 19:36:08 -08:00
Linus Torvalds	c7f46b7aa4	Merge branch 'fix/asoc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound * 'fix/asoc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ASoC: wm8776: add missing break in sample size switch	2011-12-31 11:55:06 -08:00
Mauro Carvalho Chehab	ac97ecc886	gspca: Fix falling back to lower isoc alt settings The current gspca core code has a regression where it no longer properly falls back to lower alt settings when there is not enough bandwidth. This causes many iso based usb-1 cameras to not work when plugged into a usb2 hub or a sandybridge chipset motherboard! This patch fixes this. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-31 11:53:58 -08:00
Hugh Dickins	e6780f7243	futex: Fix uninterruptible loop due to gate_area It was found (by Sasha) that if you use a futex located in the gate area we get stuck in an uninterruptible infinite loop, much like the ZERO_PAGE issue. While looking at this problem, PeterZ realized you'll get into similar trouble when hitting any install_special_pages() mapping. And are there still drivers setting up their own special mmaps without page->mapping, and without special VM or pte flags to make get_user_pages fail? In most cases, if page->mapping is NULL, we do not need to retry at all: Linus points out that even /proc/sys/vm/drop_caches poses no problem, because it ends up using remove_mapping(), which takes care not to interfere when the page reference count is raised. But there is still one case which does need a retry: if memory pressure called shmem_writepage in between get_user_pages_fast dropping page table lock and our acquiring page lock, then the page gets switched from filecache to swapcache (and ->mapping set to NULL) whatever the refcount. Fault it back in to get the page->mapping needed for key->shared.inode. Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Hugh Dickins <hughd@google.com> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-31 11:48:28 -08:00
Xi Wang	c121638277	netfilter: ctnetlink: fix timeout calculation The sanity check (timeout < 0) never works; the dividend is unsigned and so is the division, which should have been a signed division. long timeout = (ct->timeout.expires - jiffies) / HZ; if (timeout < 0) timeout = 0; This patch converts the time values to signed for the division. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>	2011-12-31 16:59:04 +01:00
Julian Anastasov	52793dbe3d	ipvs: try also real server with port 0 in backup server We should not forget to try for real server with port 0 in the backup server when processing the sync message. We should do it in all cases because the backup server can use different forwarding method. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>	2011-12-31 16:06:29 +01:00
Florian Zumbiehl	fe3c8cc922	skge: restore rx multicast filter on resume and after config changes Restore skge hardware registers for multicast filtering to their appropriate values after system resume and after hardware restarts that are done when changing certain settings. Signed-off-by: Florian Zumbiehl <florz@florz.de> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>	2011-12-30 23:32:45 -05:00
Yevgeny Petrilin	cd3109d23c	mlx4_en: nullify cq->vector field when closing completion queue Caused loss of connectivity when changing ring size. Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il> Signed-off-by: David S. Miller <davem@davemloft.net>	2011-12-30 17:15:41 -05:00
Linus Torvalds	06867fbb8a	Merge branch 'fixes' of http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm * 'fixes' of http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm: ARM: 7237/1: PL330: Fix driver freeze ARM: 7197/1: errata: Remove SMP dependency for erratum 751472 ARM: 7196/1: errata: Remove SMP dependency for erratum 720789 ARM: 7220/1: mmc: mmci: Fixup error handling for dma ARM: 7214/1: mmc: mmci: Fixup handling of MCI_STARTBITERR	2011-12-30 13:45:34 -08:00
Linus Torvalds	604a16b74c	Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: plat-orion: make gpiochip label unique enable uncompress log on cpuimx35sd cpuimx35: fix touchscreen support cpuimx35sd: fix Kconfig clock-imx35: fix reboot in internal boot mode dma: MX3_IPU fix depends imx_v4_v5_defconfig: update default configuration cpuimx25sd: fix Kconfig arm/imx: fix cpufreq section mismatch ARM:imx:fix pwm period value ARM: OMAP: hwmod data: fix iva and mailbox hwmods for OMAP 3	2011-12-30 13:43:45 -08:00
Linus Torvalds	c63c4edcc8	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: sentelic - fix retrieving number of buttons Input: sentelic - release mutex upon register write failure	2011-12-30 13:42:41 -08:00
Linus Torvalds	d65616a92c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: ceph: disable use of dcache for readdir etc.	2011-12-30 13:34:22 -08:00
Linus Torvalds	e95bf44fba	Merge branch 'v3.2-samsung-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung * 'v3.2-samsung-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung: ARM: EXYNOS: Remove duplicated SROMC static memory mapping ARM: SAMSUNG: Fix build error when selecting CPU_FREQ_S3C24XX_DEBUGFS on S3C2440	2011-12-30 13:34:00 -08:00
Linus Torvalds	3b87487ac5	Revert "clockevents: Set noop handler in clockevents_exchange_device()" This reverts commit `de28f25e82`. It results in resume problems for various people. See for example http://thread.gmane.org/gmane.linux.kernel/1233033 http://thread.gmane.org/gmane.linux.kernel/1233389 http://thread.gmane.org/gmane.linux.kernel/1233159 http://thread.gmane.org/gmane.linux.kernel/1227868/focus=1230877 and the fedora and ubuntu bug reports https://bugzilla.redhat.com/show_bug.cgi?id=767248 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/904569 which got bisected down to the stable version of this commit. Reported-by: Jonathan Nieder <jrnieder@gmail.com> Reported-by: Phil Miller <mille121@illinois.edu> Reported-by: Philip Langdale <philipl@overt.org> Reported-by: Tim Gardner <tim.gardner@canonical.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Greg KH <gregkh@suse.de> Cc: stable@kernel.org # for stable kernels that applied the original Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-30 13:24:40 -08:00
Linus Torvalds	995b4103a7	Merge git://www.linux-watchdog.org/linux-watchdog * git://www.linux-watchdog.org/linux-watchdog: watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing (part 2) watchdog: hpwdt: Changes to handle NX secure bit in 32bit path watchdog: sp805: Fix section mismatch in ID table. watchdog: move coh901327 state holders	2011-12-30 12:13:03 -08:00
Linus Torvalds	89307babf9	Merge branch 'iommu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu * 'iommu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu: Initialize domain->handler in iommu_domain_alloc()	2011-12-29 17:36:15 -08:00
Linus Torvalds	50b2abed6b	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: packet: fix possible dev refcnt leak when bind fail netem: dont call vfree() under spinlock and BH disabled netfilter: ctnetlink: fix scheduling while atomic if helper is autoloaded netfilter: ctnetlink: fix return value of ctnetlink_get_expect()	2011-12-29 17:35:33 -08:00
Linus Torvalds	7578ed02e4	Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Fix raw_spin_unlock_irqrestore() usage oprofile, arm/sh: Fix oprofile_arch_exit() linkage issue	2011-12-29 17:09:16 -08:00
Linus Torvalds	d2bac6ab93	Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs * 'for-linus' of git://oss.sgi.com/xfs/xfs: xfs: log all dirty inodes in xfs_fs_sync_fs xfs: log the inode in ->write_inode calls for kupdate	2011-12-29 17:05:45 -08:00
Linus Torvalds	1cac8e884f	Merge branch 'for-linus' of git://git.kernel.dk/linux-block * 'for-linus' of git://git.kernel.dk/linux-block: block: fix blk_queue_end_tag() block: re-use existing 'reading' variable instead of checking direction again block, cfq: fix empty queue crash caused by request merge	2011-12-29 16:33:37 -08:00
Hillf Danton	b0365c8d0c	mm: hugetlb: fix non-atomic enqueue of huge page If a huge page is enqueued under the protection of hugetlb_lock, then the operation is atomic and safe. Signed-off-by: Hillf Danton <dhillf@gmail.com> Reviewed-by: Michal Hocko <mhocko@suse.cz> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: <stable@vger.kernel.org> [2.6.37+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-29 16:31:57 -08:00
Andreas Schwab	34845636a1	procfs: do not confuse jiffies with cputime64_t Commit `2a95ea6c0d` ("procfs: do not overflow get_{idle,iowait}_time for nohz") did not take into account that one some architectures jiffies and cputime use different units. This causes get_idle_time() to return numbers in the wrong units, making the idle time fields in /proc/stat wrong. Instead of converting the usec value returned by get_cpu_{idle,iowait}_time_us to units of jiffies, use the new function usecs_to_cputime64 to convert it to the correct unit of cputime64_t. Signed-off-by: Andreas Schwab <schwab@linux-m68k.org> Acked-by: Michal Hocko <mhocko@suse.cz> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "Artem S. Tashkinov" <t.artem@mailcity.com> Cc: Dave Jones <davej@redhat.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-29 16:31:57 -08:00
KOSAKI Motohiro	e26a51148f	mm/mempolicy.c: refix mbind_range() vma issue commit `8aacc9f550` ("mm/mempolicy.c: fix pgoff in mbind vma merge") is the slightly incorrect fix. Why? Think following case. 1. map 4 pages of a file at offset 0 [0123] 2. map 2 pages just after the first mapping of the same file but with page offset 2 [0123][23] 3. mbind() 2 pages from the first mapping at offset 2. mbind_range() should treat new vma is, [0123][23] \|23\| mbind vma but it does [0123][23] \|01\| mbind vma Oops. then, it makes wrong vma merge and splitting ([01][0123] or similar). This patch fixes it. [testcase] test result - before the patch case4: 126: test failed. expect '2,4', actual '2,2,2' case5: passed case6: passed case7: passed case8: passed case_n: 246: test failed. expect '4,2', actual '1,4' ------------[ cut here ]------------ kernel BUG at mm/filemap.c:135! invalid opcode: 0000 [#4] SMP DEBUG_PAGEALLOC (snip long bug on messages) test result - after the patch case4: passed case5: passed case6: passed case7: passed case8: passed case_n: passed source: mbind_vma_test.c ============================================================ #include <numaif.h> #include <numa.h> #include <sys/mman.h> #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <string.h> static unsigned long pagesize; void* mmap_addr; struct bitmask nmask; char buf[1024]; FILE file; char retbuf[10240] = ""; int mapped_fd; char rubysrc = "ruby -e '\ pid = %d; \ vstart = 0x%llx; \ vend = 0x%llx; \ s = `pmap -q #{pid}`; \ rary = []; \ s.each_line {\|line\|; \ ary=line.split(\" \"); \ addr = ary[0].to_i(16); \ if(vstart <= addr && addr < vend) then \ rary.push(ary[1].to_i()/4); \ end; \ }; \ print rary.join(\",\"); \ '"; void init(void) { void addr; char buf[128]; nmask = numa_allocate_nodemask(); numa_bitmask_setbit(nmask, 0); pagesize = getpagesize(); sprintf(buf, "%s", "mbind_vma_XXXXXX"); mapped_fd = mkstemp(buf); if (mapped_fd == -1) perror("mkstemp "), exit(1); unlink(buf); if (lseek(mapped_fd, pagesize8, SEEK_SET) < 0) perror("lseek "), exit(1); if (write(mapped_fd, "\0", 1) < 0) perror("write "), exit(1); addr = mmap(NULL, pagesize8, PROT_NONE, MAP_SHARED, mapped_fd, 0); if (addr == MAP_FAILED) perror("mmap "), exit(1); if (mprotect(addr+pagesize, pagesize6, PROT_READ\|PROT_WRITE) < 0) perror("mprotect "), exit(1); mmap_addr = addr + pagesize; / make page populate / memset(mmap_addr, 0, pagesize6); } void fin(void) { void* addr = mmap_addr - pagesize; munmap(addr, pagesize8); memset(buf, 0, sizeof(buf)); memset(retbuf, 0, sizeof(retbuf)); } void mem_bind(int index, int len) { int err; err = mbind(mmap_addr+pagesizeindex, pagesizelen, MPOL_BIND, nmask->maskp, nmask->size, 0); if (err) perror("mbind "), exit(err); } void mem_interleave(int index, int len) { int err; err = mbind(mmap_addr+pagesizeindex, pagesizelen, MPOL_INTERLEAVE, nmask->maskp, nmask->size, 0); if (err) perror("mbind "), exit(err); } void mem_unbind(int index, int len) { int err; err = mbind(mmap_addr+pagesizeindex, pagesizelen, MPOL_DEFAULT, NULL, 0, 0); if (err) perror("mbind "), exit(err); } void Assert(char expected, char value, char name, int line) { if (strcmp(expected, value) == 0) { fprintf(stderr, "%s: passed\n", name); return; } else { fprintf(stderr, "%s: %d: test failed. expect '%s', actual '%s'\n", name, line, expected, value); // exit(1); } } /* AAAA PPPPPPNNNNNN might become PPNNNNNNNNNN case 4 below / void case4(void) { init(); sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize6); mem_bind(0, 4); mem_unbind(2, 2); file = popen(buf, "r"); fread(retbuf, sizeof(retbuf), 1, file); Assert("2,4", retbuf, "case4", __LINE__); fin(); } /* AAAA PPPPPPNNNNNN might become PPPPPPPPPPNN case 5 below / void case5(void) { init(); sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize6); mem_bind(0, 2); mem_bind(2, 2); file = popen(buf, "r"); fread(retbuf, sizeof(retbuf), 1, file); Assert("4,2", retbuf, "case5", __LINE__); fin(); } /* AAAA PPPPNNNNXXXX might become PPPPPPPPPPPP 6 / void case6(void) { init(); sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize6); mem_bind(0, 2); mem_bind(4, 2); mem_bind(2, 2); file = popen(buf, "r"); fread(retbuf, sizeof(retbuf), 1, file); Assert("6", retbuf, "case6", __LINE__); fin(); } /* AAAA PPPPNNNNXXXX might become PPPPPPPPXXXX 7 / void case7(void) { init(); sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize6); mem_bind(0, 2); mem_interleave(4, 2); mem_bind(2, 2); file = popen(buf, "r"); fread(retbuf, sizeof(retbuf), 1, file); Assert("4,2", retbuf, "case7", __LINE__); fin(); } /* AAAA PPPPNNNNXXXX might become PPPPNNNNNNNN 8 / void case8(void) { init(); sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize6); mem_bind(0, 2); mem_interleave(4, 2); mem_interleave(2, 2); file = popen(buf, "r"); fread(retbuf, sizeof(retbuf), 1, file); Assert("2,4", retbuf, "case8", __LINE__); fin(); } void case_n(void) { init(); sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize6); / make redundunt mappings [0][1234][34][7] / mmap(mmap_addr + pagesize4, pagesize2, PROT_READ\|PROT_WRITE, MAP_FIXED\|MAP_SHARED, mapped_fd, pagesize3); /* Expect to do nothing. / mem_unbind(2, 2); file = popen(buf, "r"); fread(retbuf, sizeof(retbuf), 1, file); Assert("4,2", retbuf, "case_n", __LINE__); fin(); } int main(int argc, char* argv) { case4(); case5(); case6(); case7(); case8(); case_n(); return 0; } ============================================================= Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Minchan Kim <minchan.kim@gmail.com> Cc: Caspar Zhang <caspar@casparzhang.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Christoph Lameter <cl@linux.com> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: Mel Gorman <mel@csn.ul.ie> Cc: Lee Schermerhorn <lee.schermerhorn@hp.com> Cc: <stable@vger.kernel.org> [3.1.x] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-29 16:31:57 -08:00
Hans de Goede	757e55c23d	gspca: Fix bulk mode cameras no longer working (regression fix) The new iso bandwidth calculation code accidentally has broken support for bulk mode cameras. This has broken the following drivers: finepix, jeilinj, ovfx2, ov534, ov534_9, se401, sq905, sq905c, sq930x, stv0680, vicam. Thix patch fixes this. Fix tested with: se401, sq905, sq905c, stv0680 & vicam cams. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-29 16:29:00 -08:00
Tai-hwa Liang	6ccbcf2cb4	Input: sentelic - fix retrieving number of buttons Fixing wrong register offset which is used to retrieve the number of buttons attached to the hardware. Signed-off-by: Tai-hwa Liang <avatar@sentelic.com> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>	2011-12-29 09:52:59 -08:00
Sage Weil	a4d46363ce	ceph: disable use of dcache for readdir etc. Ceph attempts to use the dcache to satisfy negative lookups and readdir when the entire directory contents are in cache. Disable this behavior until lingering bugs in this code are shaken out; we'll re-enable these hooks once things are fully stable. Signed-off-by: Sage Weil <sage@newdream.net>	2011-12-29 08:05:14 -08:00
Dan Williams	f2b20d4365	block: fix blk_queue_end_tag() Commit `5e081591` "block: warn if tag is greater than real_max_depth" cleaned up blk_queue_end_tag() to warn when the tag is truly invalid (greater than real_max_depth). However, it changed behavior in the tag < max_depth case to not end the request. Leading to triggering of BUG_ON(blk_queued_rq(rq)) in the request completion path: http://marc.info/?l=linux-kernel&m=132204370518629&w=2 In order to allow blk_queue_resize_tags() to shrink the tag space blk_queue_end_tag() must always complete tags with a value less than real_max_depth regardless of the current max_depth. The comment about "handling the shrink case" seems to be what prompted changes in this space, so remove it and BUG on all invalid tags (made even simpler by Matthew's suggestion to use an unsigned compare). Signed-off-by: Dan Williams <dan.j.williams@intel.com> Cc: Tao Ma <boyu.mt@taobao.com> Cc: Matthew Wilcox <matthew@wil.cx> Reported-by: Meelis Roos <mroos@ut.ee> Reported-by: Ed Nadolski <edmund.nadolski@intel.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>	2011-12-29 09:16:28 +01:00
Thomas Abraham	9edf52621d	ARM: EXYNOS: Remove duplicated SROMC static memory mapping SROMC static memory mapping is included in the common s5p initialization code. Hence, remove the duplicated SROMC static memory mapping for EXYNOS. Signed-off-by: Thomas Abraham <thomas.abraham@linaro.org> Cc: stable@kernel.org Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>	2011-12-28 15:10:30 +09:00
Denis Kuzmenko	baaf939db4	ARM: SAMSUNG: Fix build error when selecting CPU_FREQ_S3C24XX_DEBUGFS on S3C2440 Following is happened when CONFIG_CPU_FREQ_S3C24XX_DEBUGFS is selected without building of s3c2410-iotiming.c file: arch/arm/mach-s3c2440/built-in.o:(.data+0x38c): undefined reference to `s3c2410_iotiming_debugfs Basically, the CONFIG_S3C2410_IOTIMING is not selected for MACH_MINI2440. Because the s3c2410-iotiming.c is not ever compiled and enabling CONFIG_CPU_FREQ_S3C24XX_DEBUGFS option caused undefined reference to s3c2410_iotiming_debugfs() defined in that file. The s3c2410_iotiming_debugfs defined as NULL for this case. Signed-off-by: Denis Kuzmenko <linux@solonet.org.ua> Cc: stable@kernel.org [kgene.kim@samsung.com: removed useless changes] Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>	2011-12-28 15:08:28 +09:00
Wei Yongjun	aef950b4ba	packet: fix possible dev refcnt leak when bind fail If bind is fail when bind is called after set PACKET_FANOUT sock option, the dev refcnt will leak. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net>	2011-12-27 22:32:41 -05:00
Wim Van Sebroeck	0d098587ce	watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing (part 2) Redhat Bugzilla: Bug 727875 - TCO_EN bit is disabled by TCO driver The previous patch breaks reset watchdog behaviour on the older hardware. It is therefor better to make sure that the behaviour for older hardware (<=ICH5 or 6300ESB) is preserved and that the behaviour for newer hardware is changed. We therefor use the iTCO_version to see if we need the clearing of the SMI_TCO_EN bit in the SMI_EN register. So the new behaviour becomes: turn_SMI_watchdog_clear_off=0 -> Do not turn off SMI clearing watchdog. turn_SMI_watchdog_clear_off=1 -> Turn off SMI clearing watchdog when iTCO_version=1 (ICHO till ICH5 + 6300ESB only) turn_SMI_watchdog_clear_off=2 -> Turn off SMI clearing watchdog. Signed-off-by: Wim Van Sebroeck <wim@iguana.be>	2011-12-27 20:35:59 +01:00
Keith Packard	371de6e4e0	drm/i915: Disable RC6 on Sandybridge by default RC6 fails again. > I found my system freeze mostly during starting up X and KDE. Sometimes it > works for some minutes, sometimes it freezes immediatly. When the freeze > happens, everything is dead (even the reset button does not work, I need to > power cycle). > I disabled RC6, and my system runs wonderfully. > The system is a Z68 Pro board with Sandybridge i5-2500K processor, 8 > GB of RAM and UEFI firmware. Reported-by: Kai Krakow <hurikhan77@gmail.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-26 21:07:27 -08:00
Keith Packard	ebbd857e6b	drm/i915: Disable semaphores by default on SNB Semaphores still cause problems on some machines: > From Udo Steinberg: > > With Linux-3.2-rc6 I'm frequently seeing GPU hangs when large amounts of > text scroll in an xterm, such as when extracting a tar archive. Such as this > one (note the timestamps): > > I can reproduce it fairly easily with something > as simple as: > > while true; do dmesg; done This patch turns them off on SNB while leaving them on for IVB. Reported-by: Udo Steinberg <udo@hypervisor.org> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: Eugeni Dodonov <eugeni@dodonov.net> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-26 21:07:26 -08:00
Linus Torvalds	7f54492fbc	Merge branch 'kvm-updates/3.2' of git://git.kernel.org/pub/scm/virt/kvm/kvm * 'kvm-updates/3.2' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: PPC: e500: include linux/export.h KVM: PPC: fix kvmppc_start_thread() for CONFIG_SMP=N KVM: PPC: protect use of kvmppc_h_pr KVM: PPC: move compute_tlbie_rb to book3s_64 common header KVM: Don't automatically expose the TSC deadline timer in cpuid KVM: Device assignment permission checks KVM: Remove ability to assign a device without iommu support KVM: x86: Prevent starting PIT timers in the absence of irqchip support	2011-12-26 13:17:00 -08:00
Linus Torvalds	6fd8fb7f55	Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 post 3.2-rc7 pull request * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: MAINTAINERS: firewire git URL update	2011-12-26 12:46:17 -08:00
Linus Torvalds	6d4b9e38d3	vfs: fix handling of lock allocation failure in lease-break case Bruce Fields notes that commit `778fc546f7` ("locks: fix tracking of inprogress lease breaks") introduced a possible error pointer dereference on failure to allocate memory. locks_conflict() will dereference the passed-in new lease lock structure that may be an error pointer. This means an open (without O_NONBLOCK set) on a file with a lease applied (generally only done when Samba or nfsd (with v4) is running) could crash if a kmalloc() fails. So instead of playing games with IS_ERROR() all over the place, just check the allocation failure early. That makes the code more straightforward, and avoids this possible bad pointer dereference. Based-on-patch-by: J. Bruce Fields <bfields@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2011-12-26 10:25:26 -08:00
Mingarelli, Thomas	e67d668e14	watchdog: hpwdt: Changes to handle NX secure bit in 32bit path This patch makes use of the set_memory_x() kernel API in order to make necessary BIOS calls to source NMIs. This is needed for SLES11 SP2 and the latest upstream kernel as it appears the NX Execute Disable has grown in its control. Signed-off by: Thomas Mingarelli <thomas.mingarelli@hp.com> Signed-off by: Wim Van Sebroeck <wim@iguana.be> Cc: stable@kernel.org	2011-12-26 15:14:38 +01:00
Nick Bowler	bb558dac67	watchdog: sp805: Fix section mismatch in ID table. The AMBA ID table is marked as __initdata, yet it is referenced by the driver struct which is not. This causes a (somewhat unhelpful) section mismatch warning: WARNING: drivers/watchdog/sp805_wdt.o(.data+0x4c): Section mismatch in reference from the variable sp805_wdt_driver to the (unknown reference) .init.data:(unknown) Fix this by removing the annotation. Signed-off-by: Nick Bowler <nbowler@elliptictech.com> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>	2011-12-26 15:14:31 +01:00
Linus Walleij	452190cb05	watchdog: move coh901327 state holders The state holders used in the PM path of the drivers report as unused variables when compiling without CONFIG_PM so let's move them inside CONFIG_PM. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>	2011-12-26 15:14:24 +01:00
Scott Wood	fae9dbb4b4	KVM: PPC: e500: include linux/export.h This is required for THIS_MODULE. We recently stopped acquiring it via some other header. Signed-off-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>	2011-12-26 13:28:03 +02:00
Michael Neuling	251da03897	KVM: PPC: fix kvmppc_start_thread() for CONFIG_SMP=N Currently kvmppc_start_thread() tries to wake other SMT threads via xics_wake_cpu(). Unfortunately xics_wake_cpu only exists when CONFIG_SMP=Y so when compiling with CONFIG_SMP=N we get: arch/powerpc/kvm/built-in.o: In function `.kvmppc_start_thread': book3s_hv.c:(.text+0xa1e0): undefined reference to `.xics_wake_cpu' The following should be fine since kvmppc_start_thread() shouldn't called to start non-zero threads when SMP=N since threads_per_core=1. Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Alexander Graf <agraf@suse.de>	2011-12-26 13:28:02 +02:00
Andreas Schwab	96f38d7286	KVM: PPC: protect use of kvmppc_h_pr kvmppc_h_pr is only available if CONFIG_KVM_BOOK3S_64_PR. Signed-off-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Alexander Graf <agraf@suse.de>	2011-12-26 13:28:01 +02:00
Andreas Schwab	36cc66d638	KVM: PPC: move compute_tlbie_rb to book3s_64 common header compute_tlbie_rb is only used on ppc64 and cannot be compiled on ppc32. Signed-off-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Alexander Graf <agraf@suse.de>	2011-12-26 13:28:00 +02:00
Jan Kiszka	4d25a066b6	KVM: Don't automatically expose the TSC deadline timer in cpuid Unlike all of the other cpuid bits, the TSC deadline timer bit is set unconditionally, regardless of what userspace wants. This is broken in several ways: - if userspace doesn't use KVM_CREATE_IRQCHIP, and doesn't emulate the TSC deadline timer feature, a guest that uses the feature will break - live migration to older host kernels that don't support the TSC deadline timer will cause the feature to be pulled from under the guest's feet; breaking it - guests that are broken wrt the feature will fail. Fix by not enabling the feature automatically; instead report it to userspace. Because the feature depends on KVM_CREATE_IRQCHIP, which we cannot guarantee will be called, we expose it via a KVM_CAP_TSC_DEADLINE_TIMER and not KVM_GET_SUPPORTED_CPUID. Fixes the Illumos guest kernel, which uses the TSC deadline timer feature. [avi: add the KVM_CAP + documentation] Reported-by: Alexey Zaytsev <alexey.zaytsev@gmail.com> Tested-by: Alexey Zaytsev <alexey.zaytsev@gmail.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>	2011-12-26 13:27:44 +02:00
Alex Williamson	3d27e23b17	KVM: Device assignment permission checks Only allow KVM device assignment to attach to devices which: - Are not bridges - Have BAR resources (assume others are special devices) - The user has permissions to use Assigning a bridge is a configuration error, it's not supported, and typically doesn't result in the behavior the user is expecting anyway. Devices without BAR resources are typically chipset components that also don't have host drivers. We don't want users to hold such devices captive or cause system problems by fencing them off into an iommu domain. We determine "permission to use" by testing whether the user has access to the PCI sysfs resource files. By default a normal user will not have access to these files, so it provides a good indication that an administration agent has granted the user access to the device. [Yang Bai: add missing #include] [avi: fix comment style] Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Yang Bai <hamo.by@gmail.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>	2011-12-25 19:03:54 +02:00
Alex Williamson	423873736b	KVM: Remove ability to assign a device without iommu support This option has no users and it exposes a security hole that we can allow devices to be assigned without iommu protection. Make KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>	2011-12-25 17:13:31 +02:00
Jan Kiszka	0924ab2cfa	KVM: x86: Prevent starting PIT timers in the absence of irqchip support User space may create the PIT and forgets about setting up the irqchips. In that case, firing PIT IRQs will crash the host: BUG: unable to handle kernel NULL pointer dereference at 0000000000000128 IP: [<ffffffffa10f6280>] kvm_set_irq+0x30/0x170 [kvm] ... Call Trace: [<ffffffffa11228c1>] pit_do_work+0x51/0xd0 [kvm] [<ffffffff81071431>] process_one_work+0x111/0x4d0 [<ffffffff81071bb2>] worker_thread+0x152/0x340 [<ffffffff81075c8e>] kthread+0x7e/0x90 [<ffffffff815a4474>] kernel_thread_helper+0x4/0x10 Prevent this by checking the irqchip mode before starting a timer. We can't deny creating the PIT if the irqchips aren't set up yet as current user land expects this order to work. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>	2011-12-25 17:13:18 +02:00
Stefan Richter	2ca526bf49	MAINTAINERS: firewire git URL update Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>	2011-12-25 14:05:05 +01:00
Linus Torvalds	4962516b23	Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: vmwgfx: fix incorrect VRAM size check in vmw_kms_fb_create() drm/radeon/kms: bail on BTC parts if MC ucode is missing	2011-12-24 13:34:44 -08:00
David S. Miller	c43c5f3958	Merge branch 'nf' of git://1984.lsi.us.es/net	2011-12-24 16:10:26 -05:00
Eric Dumazet	bb52c7acf8	netem: dont call vfree() under spinlock and BH disabled commit `6373a9a286` (netem: use vmalloc for distribution table) added a regression, since vfree() is called while holding a spinlock and BH being disabled. Fix this by doing the pointers swap in critical section, and freeing after spinlock release. Also add __GFP_NOWARN to the kmalloc() try, since we fallback to vmalloc(). Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>	2011-12-24 16:08:50 -05:00
Pablo Neira Ayuso	1a31a4a838	netfilter: ctnetlink: fix scheduling while atomic if helper is autoloaded This patch fixes one scheduling while atomic error: [ 385.565186] ctnetlink v0.93: registering with nfnetlink. [ 385.565349] BUG: scheduling while atomic: lt-expect_creat/16163/0x00000200 It can be triggered with utils/expect_create included in libnetfilter_conntrack if the FTP helper is not loaded. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>	2011-12-24 19:49:04 +01:00
Pablo Neira Ayuso	81378f728f	netfilter: ctnetlink: fix return value of ctnetlink_get_expect() This fixes one bogus error that is returned to user-space: libnetfilter_conntrack/utils# ./expect_get TEST: get expectation (-1)(Unknown error 18446744073709551504) This patch includes the correct handling for EAGAIN (nfnetlink uses this error value to restart the operation after module auto-loading). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>	2011-12-24 19:49:04 +01:00
Javi Merino	abb959f8a3	ARM: 7237/1: PL330: Fix driver freeze Add a req_running field to the pl330_thread to track which request (if any) has been submitted to the DMA. This mechanism replaces the old one in which we tried to guess the same by looking at the PC of the DMA, which could prevent the driver from sending more requests if it didn't guess correctly. Reference: <1323631637-9610-1-git-send-email-javi.merino@arm.com> Signed-off-by: Javi Merino <javi.merino@arm.com> Acked-by: Jassi Brar <jaswinder.singh@linaro.org> Tested-by: Tushar Behera <tushar.behera@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>	2011-12-23 22:57:26 +00:00
Christoph Hellwig	be4f1ac828	xfs: log all dirty inodes in xfs_fs_sync_fs Since Linux 2.6.36 the writeback code has introduces various measures for live lock prevention during sync(). Unfortunately some of these are actively harmful for the XFS model, where the inode gets marked dirty for metadata from the data I/O handler. The older_than_this checks that are now more strictly enforced since writeback: avoid livelocking WB_SYNC_ALL writeback by only calling into __writeback_inodes_sb and thus only sampling the current cut off time once. But on a slow enough devices the previous asynchronous sync pass might not have fully completed yet, and thus XFS might mark metadata dirty only after that sampling of the cut off time for the blocking pass already happened. I have not myself reproduced this myself on a real system, but by introducing artificial delay into the XFS I/O completion workqueues it can be reproduced easily. Fix this by iterating over all XFS inodes in ->sync_fs and log all that are dirty. This might log inode that only got redirtied after the previous pass, but given how cheap delayed logging of inodes is it isn't a major concern for performance. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Dave Chinner <dchinner@redhat.com> Tested-by: Mark Tinguely <tinguely@sgi.com> Reviewed-by: Mark Tinguely <tinguely@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>	2011-12-23 16:41:47 -06:00
Christoph Hellwig	0b8fd3033c	xfs: log the inode in ->write_inode calls for kupdate If the writeback code writes back an inode because it has expired we currently use the non-blockin ->write_inode path. This means any inode that is pinned is skipped. With delayed logging and a workload that has very little log traffic otherwise it is very likely that an inode that gets constantly written to is always pinned, and thus we keep refusing to write it. The VM writeback code at that point redirties it and doesn't try to write it again for another 30 seconds. This means under certain scenarious time based metadata writeback never happens. Fix this by calling into xfs_log_inode for kupdate in addition to data integrity syncs, and thus transfer the inode to the log ASAP. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Dave Chinner <dchinner@redhat.com> Tested-by: Mark Tinguely <tinguely@sgi.com> Reviewed-by: Mark Tinguely <tinguely@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>	2011-12-23 16:41:47 -06:00
Dave Martin	ba90c516ba	ARM: 7197/1: errata: Remove SMP dependency for erratum 751472 Activation conditions for a workaround should not be encoded in the workaround's direct dependencies if this makes otherwise reasonable configuration choices impossible. This patches uses the SMP/UP patching facilities instead to compile out the workaround if the configuration means that it is definitely not needed. This means that configs for buggy silicon can simply select ARM_ERRATA_751472, without preventing a UP kernel from being built or duplicatiing knowledge about when to activate the workaround. This seems the correct way to do things, because the erratum is a property of the silicon, irrespective of what the kernel config happens to be. Signed-off-by: Dave Martin <dave.martin@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>	2011-12-23 22:34:48 +00:00
Dave Martin	e66dc7452a	ARM: 7196/1: errata: Remove SMP dependency for erratum 720789 Activation conditions for a workaround should not be encoded in the workaround's direct dependencies if this makes otherwise reasonable configuration choices impossible. The workaround for erratum 720789 only affects a code path which is not active in UP kernels; hence it should be safe to turn on in UP kernels, without penalty. This patch simply removes the extra dependency on SMP from Kconfig. This means that configs for buggy silicon can simply select ARM_ERRATA_720789, without preventing a UP kernel from being built or duplicatiing knowledge about when to activate the workaround. Signed-off-by: Dave Martin <dave.martin@linaro.org> Acked-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>	2011-12-23 22:34:47 +00:00
Gustavo F. Padovan	cad44c2bf6	Revert "Bluetooth: Increase HCI reset timeout in hci_dev_do_close" This reverts commit `e1b6eb3ccb`. This was causing a delay of 10 seconds in the resume process of a Thinkpad laptop. I'm afraid this could affect more devices once 3.2 is released. Reported-by: Tomáš Janoušek <tomi@nomi.cz> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>	2011-12-23 19:00:02 -02:00
Joachim Eastwood	990fc3d0b2	ASoC: wm8776: add missing break in sample size switch Broken in commit `d1dc698a54` Signed-off-by: Joachim Eastwood <joachim.eastwood@jotron.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>	2011-12-23 18:03:21 +00:00
Robert Richter	2e64694de2	perf/x86: Fix raw_spin_unlock_irqrestore() usage Use raw_spin_unlock_irqrestore() as equivalent to raw_spin_lock_irqsave(). Signed-off-by: Robert Richter <robert.richter@amd.com> Cc: Stephane Eranian <eranian@google.com> Cc: Peter Zijlstra <peterz@infradead.org> Link: http://lkml.kernel.org/r/1324646665-13334-1-git-send-email-robert.richter@amd.com Signed-off-by: Ingo Molnar <mingo@elte.hu>	2011-12-23 17:57:01 +01:00
Vladimir Zapolskiy	55205c916e	oprofile, arm/sh: Fix oprofile_arch_exit() linkage issue This change fixes a linking problem, which happens if oprofile is selected to be compiled as built-in: `oprofile_arch_exit' referenced in section `.init.text' of arch/arm/oprofile/built-in.o: defined in discarded section `.exit.text' of arch/arm/oprofile/built-in.o The problem is appeared after commit `87121ca504`, which introduced oprofile_arch_exit() calls from __init function. Note that the aforementioned commit has been backported to stable branches, and the problem is known to be reproduced at least with 3.0.13 and 3.1.5 kernels. Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@nokia.com> Signed-off-by: Robert Richter <robert.richter@amd.com> Cc: Will Deacon <will.deacon@arm.com> Cc: oprofile-list <oprofile-list@lists.sourceforge.net> Cc: <stable@kernel.org> Link: http://lkml.kernel.org/r/20111222151540.GB16765@erda.amd.com Signed-off-by: Ingo Molnar <mingo@elte.hu>	2011-12-23 11:58:34 +01:00
Tai-hwa Liang	d9bae67a7a	Input: sentelic - release mutex upon register write failure Make sure that mutex is released upon register writing failure. This fixes boot freezing observed on ARM based OLPC (http://dev.laptop.org/ticket/11357). Signed-off-by: Paul Fox <pgf@laptop.org> Signed-off-by: Tai-hwa Liang <avatar@sentelic.com> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>	2011-12-23 01:15:31 -08:00
Xi Wang	8a78389651	vmwgfx: fix incorrect VRAM size check in vmw_kms_fb_create() Commit `e133e737` didn't correctly fix the integer overflow issue. - unsigned int required_size; + u64 required_size; ... required_size = mode_cmd->pitch * mode_cmd->height; - if (unlikely(required_size > dev_priv->vram_size)) { + if (unlikely(required_size > (u64) dev_priv->vram_size)) { Note that both pitch and height are u32. Their product is still u32 and would overflow before being assigned to required_size. A correct way is to convert pitch and height to u64 before the multiplication. required_size = (u64)mode_cmd->pitch * (u64)mode_cmd->height; This patch calls the existing vmw_kms_validate_mode_vram() for validation. Signed-off-by: Xi Wang <xi.wang@gmail.com> Reviewed-and-tested-by: Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com>	2011-12-22 12:31:02 +00:00
Alex Deucher	77e00f2ea9	drm/radeon/kms: bail on BTC parts if MC ucode is missing We already do this for cayman, need to also do it for BTC parts. The default memory and voltage setup is not adequate for advanced operation. Continuing will result in an unusable display. Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@kernel.org Cc: Jean Delvare <khali@linux-fr.org> Signed-off-by: Dave Airlie <airlied@redhat.com>	2011-12-22 12:28:01 +00:00
majianpeng	609f6ea1c9	block: re-use existing 'reading' variable instead of checking direction again Signed-off-by: majianpeng <majianpeng@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>	2011-12-21 15:27:24 +01:00
Olof Johansson	00ca4e4c8f	Merge branch 'fixes-hwmod-regression' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes	2011-12-20 09:56:00 -08:00
Holger Brunck	0b35a45bde	ARM: plat-orion: make gpiochip label unique The former implementation adds a fix gpiochip label string to the framework. This is confusing because orion_gpio_init is called more than once and this ends up in different gpiochips with the same label. This patch adds the already present orion_gpio_chip_count to the label string to make it unique in the system. Signed-off-by: Holger Brunck <holger.brunck@keymile.com> Cc: Lennert Buytenhek <kernel@wantstofly.org> Acked-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Olof Johansson <olof@lixom.net>	2011-12-19 20:55:36 -08:00
Eric Bénard	334fef05fd	enable uncompress log on cpuimx35sd Signed-off-by: Eric Bénard <eric@eukrea.com> Cc: Sascha Hauer <kernel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:09 +01:00
Eric Bénard	4d4b2562fc	cpuimx35: fix touchscreen support Signed-off-by: Eric Bénard <eric@eukrea.com> Cc: Sascha Hauer <kernel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:09 +01:00
Eric Bénard	a69aa72af3	cpuimx35sd: fix Kconfig in `0d6cfa3a75` I fixed the mach-types records. We also need to make the name consistent in Kconfig else the machine_is_eukrea_cpuimx35sd macro fails, and thus audio codec is not properly initalized. Signed-off-by: Eric Bénard <eric@eukrea.com> Cc: Sascha Hauer <kernel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:08 +01:00
Eric Bénard	9cd39fba1b	clock-imx35: fix reboot in internal boot mode commit `8d75a26` "ARM: mx35: use generic function for displaying silicon revision" disabled IIM clock after reading silicon revision which will prevent reboot in internal boot mode. Signed-off-by: Eric Bénard <eric@eukrea.com> Cc: Jason Liu <jason.hui@linaro.org> Cc: Sascha Hauer <kernel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:08 +01:00
Eric Bénard	eb444fee92	dma: MX3_IPU fix depends ARCH_MX3 was removed in commit `a89cf59` : "arm/imx: merge i.MX3 and i.MX6" thus preventing to select MX3_IPU, thus preventing IPU and display to work on i.MX3x SOC. i.MX SDMA support is also affected. Signed-off-by: Eric Bénard <eric@eukrea.com> Cc: Sascha Hauer <kernel@pengutronix.de> Cc: Vinod Koul <vinod.koul@intel.com> Cc: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:07 +01:00
Eric Bénard	83f250625b	imx_v4_v5_defconfig: update default configuration - add new machine APF9328 - update CPUIMX25 -> CPUIMX25SD - add drivers : - MXC nand driver - DM9000 - SMSC Phy - SPIdev - Led GPIO Signed-off-by: Eric Bénard <eric@eukrea.com> Cc: Sascha Hauer <kernel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:06 +01:00
Eric Bénard	01dd520a50	cpuimx25sd: fix Kconfig in `0d6cfa3a75` I fixed the mach-types records. We also need to make the name consistent in Kconfig else the machine_is_eukrea_cpuimx25sd macro fails, and thus audio codec is not properly initalized. Signed-off-by: Eric Bénard <eric@eukrea.com> Cc: Sascha Hauer <kernel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:06 +01:00
Richard Zhao	e1bff3149a	arm/imx: fix cpufreq section mismatch WARNING: arch/arm/plat-mxc/built-in.o(.data+0x488): Section mismatch in reference from the variable mxc_driver to the function .init.text:mxc_cpufreq_init() The variable mxc_driver references the function __init mxc_cpufreq_init() If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: _template, _timer, _sht, _ops, _probe, _probe_one, *_console Signed-off-by: Richard Zhao <richard.zhao@linaro.org> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>	2011-12-19 12:26:05 +01:00
Jason Chen	5776ac2eb3	ARM:imx:fix pwm period value According to imx pwm RM, the real period value should be PERIOD value in PWMPR plus 2. PWMO (Hz) = PCLK(Hz) / (period +2) Signed-off-by: Jason Chen <jason.chen@linaro.org> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Cc: stable@kernel.org	2011-12-19 12:25:35 +01:00
Ulf Hansson	3b6e3c7385	ARM: 7220/1: mmc: mmci: Fixup error handling for dma When getting a cmd irq during an ongoing data transfer with dma, the dma job were never terminated. This is now corrected. Cc: <stable@vger.kernel.org> Tested-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Per Forlin <per.forlin@stericsson.com> Signed-off-by: Ulf Hansson <ulf.hansson@stericsson.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>	2011-12-18 23:07:22 +00:00
Ulf Hansson	b63038d6f4	ARM: 7214/1: mmc: mmci: Fixup handling of MCI_STARTBITERR The interrupt was previously enabled and then correctly cleared. Now we also handle it correctly. Cc: <stable@vger.kernel.org> Tested-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Ulf Hansson <ulf.hansson@stericsson.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>	2011-12-18 23:05:57 +00:00
KyongHo Cho	8bd6960c6a	iommu: Initialize domain->handler in iommu_domain_alloc() Since it is not guaranteed that an iommu driver initializes in its domain_init() function, it must be initialized with NULL to prevent calling a function in an arbitrary location when iommu fault occurred. Signed-off-by: KyongHo Cho <pullip.cho@samsung.com> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>	2011-12-16 15:05:13 +01:00
Shaohua Li	6ae0516b8a	block, cfq: fix empty queue crash caused by request merge All requests of a queue could be merged to other requests of other queue. Such queue will not have request in it, but it's in service tree. This will cause kernel oops. I encounter a BUG_ON() in cfq_dispatch_request() with next patch, but the issue should exist without the patch. Signed-off-by: Shaohua Li <shaohua.li@intel.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>	2011-12-16 14:04:23 +01:00
Felipe Contreras	7c17c7701c	ARM: OMAP: hwmod data: fix iva and mailbox hwmods for OMAP 3 Seems the commit `7e89098` was overly aggressive in adding iva and mailbox hwmods so now they are registered twice. ------------[ cut here ]------------ WARNING: at arch/arm/mach-omap2/omap_hwmod.c:1959 omap_hwmod_register+0x104/0x12c() omap_hwmod: iva: _register returned -22 Modules linked in: [<c0012aa4>] (unwind_backtrace+0x0/0xec) from [<c002f970>] (warn_slowpath_common+0x4c/0x64) [<c002f970>] (warn_slowpath_common+0x4c/0x64) from [<c002fa08>] (warn_slowpath_fmt+0x2c/0x3c) [<c002fa08>] (warn_slowpath_fmt+0x2c/0x3c) from [<c02fdb4c>] (omap_hwmod_register+0x104/0x12c) [<c02fdb4c>] (omap_hwmod_register+0x104/0x12c) from [<c02fbb44>] (omap3_init_early+0x1c/0x28) [<c02fbb44>] (omap3_init_early+0x1c/0x28) from [<c02f9580>] (setup_arch+0x6b8/0x7a4) [<c02f9580>] (setup_arch+0x6b8/0x7a4) from [<c02f754c>] (start_kernel+0x6c/0x264) [<c02f754c>] (start_kernel+0x6c/0x264) from [<80008040>] (0x80008040) ---[ end trace 1b75b31a2719ed1c ]--- ------------[ cut here ]------------ WARNING: at arch/arm/mach-omap2/omap_hwmod.c:1959 omap_hwmod_register+0x104/0x12c() omap_hwmod: mailbox: _register returned -22 Modules linked in: [<c0012aa4>] (unwind_backtrace+0x0/0xec) from [<c002f970>] (warn_slowpath_common+0x4c/0x64) [<c002f970>] (warn_slowpath_common+0x4c/0x64) from [<c002fa08>] (warn_slowpath_fmt+0x2c/0x3c) [<c002fa08>] (warn_slowpath_fmt+0x2c/0x3c) from [<c02fdb4c>] (omap_hwmod_register+0x104/0x12c) [<c02fdb4c>] (omap_hwmod_register+0x104/0x12c) from [<c02fbb44>] (omap3_init_early+0x1c/0x28) [<c02fbb44>] (omap3_init_early+0x1c/0x28) from [<c02f9580>] (setup_arch+0x6b8/0x7a4) [<c02f9580>] (setup_arch+0x6b8/0x7a4) from [<c02f754c>] (start_kernel+0x6c/0x264) [<c02f754c>] (start_kernel+0x6c/0x264) from [<80008040>] (0x80008040) ---[ end trace 1b75b31a2719ed1d ]--- Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Paul Walmsley <paul@pwsan.com>	2011-12-15 22:38:36 -07:00
Grant Likely	f88e1ae8ac	dt/device: Fix auxdata matching to handle entries without a name override There is no requirement to override name entries in auxdata. Fix the entry matching to use .compatible instead of .name to find the end of the list. Signed-off-by: Grant Likely <grant.likely@secretlab.ca>	2011-12-12 14:41:45 -07:00

695 changed files with 7184 additions and 3810 deletions

4

Documentation/HOWTO

View File

 @ -275,8 +275,8 @@ versions.
 If no 2.6.x.y kernel is available, then the highest numbered 2.6.x
 kernel is the current stable kernel.
 .6.x.y are maintained by the "stable" team <stable@kernel.org>, and are
 released as needs dictate.  The normal release period is approximately
 .6.x.y are maintained by the "stable" team <stable@vger.kernel.org>, and
 are released as needs dictate.  The normal release period is approximately
 two weeks, but it can be longer if there are no pressing problems.  A
 security-related problem, instead, can cause a release to happen almost
 instantly.

8

Documentation/development-process/5.Posting

View File

 @ -271,10 +271,10 @@ copies should go to:
    the linux-kernel list.
  - If you are fixing a bug, think about whether the fix should go into the
    next stable update.  If so, stable@kernel.org should get a copy of the
    patch.  Also add a "Cc: stable@kernel.org" to the tags within the patch
    itself; that will cause the stable team to get a notification when your
    fix goes into the mainline.
    next stable update.  If so, stable@vger.kernel.org should get a copy of
    the patch.  Also add a "Cc: stable@vger.kernel.org" to the tags within
    the patch itself; that will cause the stable team to get a notification
    when your fix goes into the mainline.
 When selecting recipients for a patch, it is good to have an idea of who
 you think will eventually accept the patch and get it merged.  While it

26

Documentation/hwmon/jc42

View File

 @ -7,21 +7,29 @@ Supported chips:
     Addresses scanned: I2C 0x18 - 0x1f
     Datasheets:
 	http://www.analog.com/static/imported-files/data_sheets/ADT7408.pdf
   * IDT TSE2002B3, TS3000B3
     Prefix: 'tse2002b3', 'ts3000b3'
   * Atmel AT30TS00
     Prefix: 'at30ts00'
     Addresses scanned: I2C 0x18 - 0x1f
     Datasheets:
 	http://www.idt.com/products/getdoc.cfm?docid=18715691
 	http://www.idt.com/products/getdoc.cfm?docid=18715692
 	http://www.atmel.com/Images/doc8585.pdf
   * IDT TSE2002B3, TSE2002GB2, TS3000B3, TS3000GB2
     Prefix: 'tse2002', 'ts3000'
     Addresses scanned: I2C 0x18 - 0x1f
     Datasheets:
 	http://www.idt.com/sites/default/files/documents/IDT_TSE2002B3C_DST_20100512_120303152056.pdf
 	http://www.idt.com/sites/default/files/documents/IDT_TSE2002GB2A1_DST_20111107_120303145914.pdf
 	http://www.idt.com/sites/default/files/documents/IDT_TS3000B3A_DST_20101129_120303152013.pdf
 	http://www.idt.com/sites/default/files/documents/IDT_TS3000GB2A1_DST_20111104_120303151012.pdf
   * Maxim MAX6604
     Prefix: 'max6604'
     Addresses scanned: I2C 0x18 - 0x1f
     Datasheets:
 	http://datasheets.maxim-ic.com/en/ds/MAX6604.pdf
   * Microchip MCP9805, MCP98242, MCP98243, MCP9843
     Prefixes: 'mcp9805', 'mcp98242', 'mcp98243', 'mcp9843'
   * Microchip MCP9804, MCP9805, MCP98242, MCP98243, MCP9843
     Prefixes: 'mcp9804', 'mcp9805', 'mcp98242', 'mcp98243', 'mcp9843'
     Addresses scanned: I2C 0x18 - 0x1f
     Datasheets:
 	http://ww1.microchip.com/downloads/en/DeviceDoc/22203C.pdf
 	http://ww1.microchip.com/downloads/en/DeviceDoc/21977b.pdf
 	http://ww1.microchip.com/downloads/en/DeviceDoc/21996a.pdf
 	http://ww1.microchip.com/downloads/en/DeviceDoc/22153c.pdf
 @ -48,6 +56,12 @@ Supported chips:
     Datasheets:
 	http://www.st.com/stonline/products/literature/ds/13447/stts424.pdf
 	http://www.st.com/stonline/products/literature/ds/13448/stts424e02.pdf
   * ST Microelectronics STTS2002, STTS3000
     Prefix: 'stts2002', 'stts3000'
     Addresses scanned: I2C 0x18 - 0x1f
     Datasheets:
 	http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/DATASHEET/CD00225278.pdf
 	http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/DATA_BRIEF/CD00270920.pdf
   * JEDEC JC 42.4 compliant temperature sensor chips
     Prefix: 'jc42'
     Addresses scanned: I2C 0x18 - 0x1f

2

Documentation/hwmon/w83627ehf

View File

 @ -50,7 +50,7 @@ W83627DHG, W83627DHG-P, W83627UHG, W83667HG, W83667HG-B, W83667HG-I
 (NCT6775F), and NCT6776F super I/O chips. We will refer to them collectively
 as Winbond chips.
 The chips implement 2 to 4 temperature sensors (9 for NCT6775F and NCT6776F),
 The chips implement 3 to 4 temperature sensors (9 for NCT6775F and NCT6776F),
 to 5 fan rotation speed sensors, 8 to 10 analog voltage sensors, one VID
 (except for 627UHG), alarms with beep warnings (control unimplemented),
 and some automatic fan regulation strategies (plus manual fan control mode).

14

Documentation/hwmon/zl6100

View File

 @ -73,14 +73,12 @@ Module parameters
 delay
 -----
 Some Intersil/Zilker Labs DC-DC controllers require a minimum interval between
 I2C bus accesses. According to Intersil, the minimum interval is 2 ms, though
 ms appears to be sufficient and has not caused any problems in testing.
 The problem is known to affect ZL6100, ZL2105, and ZL2008. It is known not to
 affect ZL2004 and ZL6105. The driver automatically sets the interval to 1 ms
 except for ZL2004 and ZL6105. To enable manual override, the driver provides a
 writeable module parameter, 'delay', which can be used to set the interval to
 a value between 0 and 65,535 microseconds.
 Intersil/Zilker Labs DC-DC controllers require a minimum interval between I2C
 bus accesses. According to Intersil, the minimum interval is 2 ms, though 1 ms
 appears to be sufficient and has not caused any problems in testing. The problem
 is known to affect all currently supported chips. For manual override, the
 driver provides a writeable module parameter, 'delay', which can be used to set
 the interval to a value between 0 and 65,535 microseconds.
 Sysfs entries

14

Documentation/usb/usbmon.txt

View File

 @ -47,10 +47,11 @@ This allows to filter away annoying devices that talk continuously.
 . Find which bus connects to the desired device
 Run "cat /proc/bus/usb/devices", and find the T-line which corresponds to
 the device. Usually you do it by looking for the vendor string. If you have
 many similar devices, unplug one and compare two /proc/bus/usb/devices outputs.
 The T-line will have a bus number. Example:
 Run "cat /sys/kernel/debug/usb/devices", and find the T-line which corresponds
 to the device. Usually you do it by looking for the vendor string. If you have
 many similar devices, unplug one and compare the two
 /sys/kernel/debug/usb/devices outputs. The T-line will have a bus number.
 Example:
 T:  Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=12  MxCh= 0
 D:  Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
 @ -58,7 +59,10 @@ P:  Vendor=0557 ProdID=2004 Rev= 1.00
 S:  Manufacturer=ATEN
 S:  Product=UC100KM V2.00
 Bus=03 means it's bus 3.
 "Bus=03" means it's bus 3. Alternatively, you can look at the output from
 "lsusb" and get the bus number from the appropriate line. Example:
 Bus 003 Device 002: ID 0557:2004 ATEN UC100KM V2.00
 . Start 'cat'

16

Documentation/virtual/kvm/api.txt

View File

 @ -1100,6 +1100,15 @@ emulate them efficiently. The fields in each entry are defined as follows:
    eax, ebx, ecx, edx: the values returned by the cpuid instruction for
          this function/index combination
 The TSC deadline timer feature (CPUID leaf 1, ecx[24]) is always returned
 as false, since the feature depends on KVM_CREATE_IRQCHIP for local APIC
 support.  Instead it is reported via
   ioctl(KVM_CHECK_EXTENSION, KVM_CAP_TSC_DEADLINE_TIMER)
 if that returns true and you use KVM_CREATE_IRQCHIP, or if you emulate the
 feature in userspace, then you can enable the feature for KVM_SET_CPUID2.
 .47 KVM_PPC_GET_PVINFO
 Capability: KVM_CAP_PPC_GET_PVINFO
 @ -1151,6 +1160,13 @@ following flags are specified:
 /* Depends on KVM_CAP_IOMMU */
 #define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)
 The KVM_DEV_ASSIGN_ENABLE_IOMMU flag is a mandatory option to ensure
 isolation of the device.  Usages not specifying this flag are deprecated.
 Only PCI header type 0 devices with PCI BAR resources are supported by
 device assignment.  The user requesting this ioctl must have read/write
 access to the PCI sysfs resource files associated with the device.
 .49 KVM_DEASSIGN_PCI_DEVICE
 Capability: KVM_CAP_DEVICE_DEASSIGNMENT

15

MAINTAINERS

View File

 @ -1698,11 +1698,9 @@ F:	arch/x86/include/asm/tce.h
 CAN NETWORK LAYER
 M:	Oliver Hartkopp <socketcan@hartkopp.net>
 M:	Oliver Hartkopp <oliver.hartkopp@volkswagen.de>
 M:	Urs Thuermann <urs.thuermann@volkswagen.de>
 L:	linux-can@vger.kernel.org
 L:	netdev@vger.kernel.org
 W:	http://developer.berlios.de/projects/socketcan/
 W:	http://gitorious.org/linux-can
 T:	git git://gitorious.org/linux-can/linux-can-next.git
 S:	Maintained
 F:	net/can/
 F:	include/linux/can.h
 @ -1713,9 +1711,10 @@ F:	include/linux/can/gw.h
 CAN NETWORK DRIVERS
 M:	Wolfgang Grandegger <wg@grandegger.com>
 M:	Marc Kleine-Budde <mkl@pengutronix.de>
 L:	linux-can@vger.kernel.org
 L:	netdev@vger.kernel.org
 W:	http://developer.berlios.de/projects/socketcan/
 W:	http://gitorious.org/linux-can
 T:	git git://gitorious.org/linux-can/linux-can-next.git
 S:	Maintained
 F:	drivers/net/can/
 F:	include/linux/can/dev.h
 @ -2700,7 +2699,7 @@ FIREWIRE SUBSYSTEM
 M:	Stefan Richter <stefanr@s5r6.in-berlin.de>
 L:	linux1394-devel@lists.sourceforge.net
 W:	http://ieee1394.wiki.kernel.org/
 T:	git git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6.git
 T:	git git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394.git
 S:	Maintained
 F:	drivers/firewire/
 F:	include/linux/firewire*.h
 @ -6259,7 +6258,7 @@ F:	arch/alpha/kernel/srm_env.c
 STABLE BRANCH
 M:	Greg Kroah-Hartman <greg@kroah.com>
 L:	stable@kernel.org
 L:	stable@vger.kernel.org
 S:	Maintained
 STAGING SUBSYSTEM

									
										4

Makefile
									
												View File
												
				@ -1,7 +1,7 @@

				VERSION = 3

				PATCHLEVEL = 2

				SUBLEVEL = 0

				EXTRAVERSION = -rc7

				SUBLEVEL = 12

				EXTRAVERSION =

				NAME = Saber-toothed Squirrel

				# *DOCUMENTATION*

									
										2

arch/alpha/include/asm/futex.h
									
												View File
												
				@ -108,7 +108,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,

					"	lda	$31,3b-2b(%0)\n"

					"	.previous\n"

					:	"+r"(ret), "=&r"(prev), "=&r"(cmp)

					:	"r"(uaddr), "r"((long)oldval), "r"(newval)

					:	"r"(uaddr), "r"((long)(int)oldval), "r"(newval)

					:	"memory");

					*uval = prev;

6

arch/arm/Kconfig

View File

 @ -1246,7 +1246,7 @@ config PL310_ERRATA_588369
 config ARM_ERRATA_720789
 	bool "ARM errata: TLBIASIDIS and TLBIMVAIS operations can broadcast a faulty ASID"
 	depends on CPU_V7 && SMP
 	depends on CPU_V7
 	help
 	  This option enables the workaround for the 720789 Cortex-A9 (prior to
 	  r2p0) erratum. A faulty ASID can be sent to the other CPUs for the
 @ -1272,7 +1272,7 @@ config ARM_ERRATA_743622
 	depends on CPU_V7
 	help
 	  This option enables the workaround for the 743622 Cortex-A9
 	  (r2p0..r2p2) erratum. Under very rare conditions, a faulty
 	  (r2p*) erratum. Under very rare conditions, a faulty
 	  optimisation in the Cortex-A9 Store Buffer may lead to data
 	  corruption. This workaround sets a specific bit in the diagnostic
 	  register of the Cortex-A9 which disables the Store Buffer
 @ -1282,7 +1282,7 @@ config ARM_ERRATA_743622
 config ARM_ERRATA_751472
 	bool "ARM errata: Interrupted ICIALLUIS may prevent completion of broadcasted operation"
 	depends on CPU_V7 && SMP
 	depends on CPU_V7
 	help
 	  This option enables the workaround for the 751472 Cortex-A9 (prior
 	  to r3p0) erratum. An interrupted ICIALLUIS operation may prevent the

									
										115

arch/arm/common/pl330.c
									
												View File
												
				@ -221,17 +221,6 @@

				 */

				#define MCODE_BUFF_PER_REQ	256

				/*

				 * Mark a _pl330_req as free.

				 * We do it by writing DMAEND as the first instruction

				 * because no valid request is going to have DMAEND as

				 * its first instruction to execute.

				 */

				#define MARK_FREE(req)	do { \

								_emit_END(0, (req)->mc_cpu); \

								(req)->mc_len = 0; \

							} while (0)

				/* If the _pl330_req is available to the client */

				#define IS_FREE(req)	(*((u8 *)((req)->mc_cpu)) == CMD_DMAEND)

				@ -301,8 +290,10 @@ struct pl330_thread {

					struct pl330_dmac *dmac;

					/* Only two at a time */

					struct _pl330_req req[2];

					/* Index of the last submitted request */

					/* Index of the last enqueued request */

					unsigned lstenq;

					/* Index of the last submitted request or -1 if the DMA is stopped */

					int req_running;

				};

				enum pl330_dmac_state {

				@ -778,6 +769,22 @@ static inline void _execute_DBGINSN(struct pl330_thread *thrd,

					writel(0, regs + DBGCMD);

				}

				/*

				 * Mark a _pl330_req as free.

				 * We do it by writing DMAEND as the first instruction

				 * because no valid request is going to have DMAEND as

				 * its first instruction to execute.

				 */

				static void mark_free(struct pl330_thread *thrd, int idx)

				{

					struct _pl330_req *req = &thrd->req[idx];

					_emit_END(0, req->mc_cpu);

					req->mc_len = 0;

					thrd->req_running = -1;

				}

				static inline u32 _state(struct pl330_thread *thrd)

				{

					void __iomem *regs = thrd->dmac->pinfo->base;

				@ -836,31 +843,6 @@ static inline u32 _state(struct pl330_thread *thrd)

					}

				}

				/* If the request 'req' of thread 'thrd' is currently active */

				static inline bool _req_active(struct pl330_thread *thrd,

						struct _pl330_req *req)

				{

					void __iomem *regs = thrd->dmac->pinfo->base;

					u32 buf = req->mc_bus, pc = readl(regs + CPC(thrd->id));

					if (IS_FREE(req))

						return false;

					return (pc >= buf && pc <= buf + req->mc_len) ? true : false;

				}

				/* Returns 0 if the thread is inactive, ID of active req + 1 otherwise */

				static inline unsigned _thrd_active(struct pl330_thread *thrd)

				{

					if (_req_active(thrd, &thrd->req[0]))

						return 1; /* First req active */

					if (_req_active(thrd, &thrd->req[1]))

						return 2; /* Second req active */

					return 0;

				}

				static void _stop(struct pl330_thread *thrd)

				{

					void __iomem *regs = thrd->dmac->pinfo->base;

				@ -892,17 +874,22 @@ static bool _trigger(struct pl330_thread *thrd)

					struct _arg_GO go;

					unsigned ns;

					u8 insn[6] = {0, 0, 0, 0, 0, 0};

					int idx;

					/* Return if already ACTIVE */

					if (_state(thrd) != PL330_STATE_STOPPED)

						return true;

					if (!IS_FREE(&thrd->req[1 - thrd->lstenq]))

						req = &thrd->req[1 - thrd->lstenq];

					else if (!IS_FREE(&thrd->req[thrd->lstenq]))

						req = &thrd->req[thrd->lstenq];

					else

						req = NULL;

					idx = 1 - thrd->lstenq;

					if (!IS_FREE(&thrd->req[idx]))

						req = &thrd->req[idx];

					else {

						idx = thrd->lstenq;

						if (!IS_FREE(&thrd->req[idx]))

							req = &thrd->req[idx];

						else

							req = NULL;

					}

					/* Return if no request */

					if (!req || !req->r)

				@ -933,6 +920,8 @@ static bool _trigger(struct pl330_thread *thrd)

					/* Only manager can execute GO */

					_execute_DBGINSN(thrd, insn, true);

					thrd->req_running = idx;

					return true;

				}

				@ -1382,8 +1371,8 @@ static void pl330_dotask(unsigned long data)

							thrd->req[0].r = NULL;

							thrd->req[1].r = NULL;

							MARK_FREE(&thrd->req[0]);

							MARK_FREE(&thrd->req[1]);

							mark_free(thrd, 0);

							mark_free(thrd, 1);

							/* Clear the reset flag */

							pl330->dmac_tbd.reset_chan &= ~(1 << i);

				@ -1461,14 +1450,12 @@ int pl330_update(const struct pl330_info *pi)

							thrd = &pl330->channels[id];

							active = _thrd_active(thrd);

							if (!active) /* Aborted */

							active = thrd->req_running;

							if (active == -1) /* Aborted */

								continue;

							active -= 1;

							rqdone = &thrd->req[active];

							MARK_FREE(rqdone);

							mark_free(thrd, active);

							/* Get going again ASAP */

							_start(thrd);

				@ -1515,6 +1502,7 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op)

						return -EINVAL;

					pl330 = thrd->dmac;

					active = thrd->req_running;

					spin_lock_irqsave(&pl330->lock, flags);

				@ -1525,28 +1513,24 @@ int pl330_chan_ctrl(void *ch_id, enum pl330_chan_op op)

						thrd->req[0].r = NULL;

						thrd->req[1].r = NULL;

						MARK_FREE(&thrd->req[0]);

						MARK_FREE(&thrd->req[1]);

						mark_free(thrd, 0);

						mark_free(thrd, 1);

						break;

					case PL330_OP_ABORT:

						active = _thrd_active(thrd);

						/* Make sure the channel is stopped */

						_stop(thrd);

						/* ABORT is only for the active req */

						if (!active)

						if (active == -1)

							break;

						active--;

						thrd->req[active].r = NULL;

						MARK_FREE(&thrd->req[active]);

						mark_free(thrd, active);

						/* Start the next */

					case PL330_OP_START:

						if (!_thrd_active(thrd) && !_start(thrd))

						if ((active == -1) && !_start(thrd))

							ret = -EIO;

						break;

				@ -1587,14 +1571,13 @@ int pl330_chan_status(void *ch_id, struct pl330_chanstatus *pstatus)

					else

						pstatus->faulting = false;

					active = _thrd_active(thrd);

					active = thrd->req_running;

					if (!active) {

					if (active == -1) {

						/* Indicate that the thread is not running */

						pstatus->top_req = NULL;

						pstatus->wait_req = NULL;

					} else {

						active--;

						pstatus->top_req = thrd->req[active].r;

						pstatus->wait_req = !IS_FREE(&thrd->req[1 - active])

									? thrd->req[1 - active].r : NULL;

				@ -1659,9 +1642,9 @@ void *pl330_request_channel(const struct pl330_info *pi)

								thrd->free = false;

								thrd->lstenq = 1;

								thrd->req[0].r = NULL;

								MARK_FREE(&thrd->req[0]);

								mark_free(thrd, 0);

								thrd->req[1].r = NULL;

								MARK_FREE(&thrd->req[1]);

								mark_free(thrd, 1);

								break;

							}

						}

				@ -1767,14 +1750,14 @@ static inline void _reset_thread(struct pl330_thread *thrd)

					thrd->req[0].mc_bus = pl330->mcode_bus

								+ (thrd->id * pi->mcbufsz);

					thrd->req[0].r = NULL;

					MARK_FREE(&thrd->req[0]);

					mark_free(thrd, 0);

					thrd->req[1].mc_cpu = thrd->req[0].mc_cpu

								+ pi->mcbufsz / 2;

					thrd->req[1].mc_bus = thrd->req[0].mc_bus

								+ pi->mcbufsz / 2;

					thrd->req[1].r = NULL;

					MARK_FREE(&thrd->req[1]);

					mark_free(thrd, 1);

				}

				static int dmac_alloc_threads(struct pl330_dmac *pl330)

12

arch/arm/configs/imx_v4_v5_defconfig

View File

 @ -18,9 +18,10 @@ CONFIG_ARCH_MXC=y
 CONFIG_ARCH_IMX_V4_V5=y
 CONFIG_ARCH_MX1ADS=y
 CONFIG_MACH_SCB9328=y
 CONFIG_MACH_APF9328=y
 CONFIG_MACH_MX21ADS=y
 CONFIG_MACH_MX25_3DS=y
 CONFIG_MACH_EUKREA_CPUIMX25=y
 CONFIG_MACH_EUKREA_CPUIMX25SD=y
 CONFIG_MACH_MX27ADS=y
 CONFIG_MACH_PCM038=y
 CONFIG_MACH_CPUIMX27=y
 @ -72,17 +73,16 @@ CONFIG_MTD_CFI_GEOMETRY=y
 CONFIG_MTD_CFI_INTELEXT=y
 CONFIG_MTD_PHYSMAP=y
 CONFIG_MTD_NAND=y
 CONFIG_MTD_NAND_MXC=y
 CONFIG_MTD_UBI=y
 CONFIG_MISC_DEVICES=y
 CONFIG_EEPROM_AT24=y
 CONFIG_EEPROM_AT25=y
 CONFIG_NETDEVICES=y
 CONFIG_NET_ETHERNET=y
 CONFIG_SMC91X=y
 CONFIG_DM9000=y
 CONFIG_SMC91X=y
 CONFIG_SMC911X=y
 # CONFIG_NETDEV_1000 is not set
 # CONFIG_NETDEV_10000 is not set
 CONFIG_SMSC_PHY=y
 # CONFIG_INPUT_MOUSEDEV is not set
 CONFIG_INPUT_EVDEV=y
 # CONFIG_INPUT_KEYBOARD is not set
 @ -100,6 +100,7 @@ CONFIG_I2C_CHARDEV=y
 CONFIG_I2C_IMX=y
 CONFIG_SPI=y
 CONFIG_SPI_IMX=y
 CONFIG_SPI_SPIDEV=y
 CONFIG_W1=y
 CONFIG_W1_MASTER_MXC=y
 CONFIG_W1_SLAVE_THERM=y
 @ -139,6 +140,7 @@ CONFIG_MMC=y
 CONFIG_MMC_MXC=y
 CONFIG_NEW_LEDS=y
 CONFIG_LEDS_CLASS=y
 CONFIG_LEDS_GPIO=y
 CONFIG_LEDS_MC13783=y
 CONFIG_LEDS_TRIGGERS=y
 CONFIG_LEDS_TRIGGER_TIMER=y

									
										5

arch/arm/include/asm/assembler.h
									
												View File
												
				@ -137,6 +137,11 @@

					disable_irq

					.endm

					.macro	save_and_disable_irqs_notrace, oldcpsr

					mrs	\oldcpsr, cpsr

					disable_irq_notrace

					.endm

				/*

				 * Restore interrupt state previously stored in a register.  We don't

				 * guarantee that this will preserve the flags.

									
										2

arch/arm/include/asm/pmu.h
									
												View File
												
				@ -125,7 +125,7 @@ int __init armpmu_register(struct arm_pmu *armpmu, char *name, int type);

				u64 armpmu_event_update(struct perf_event *event,

							struct hw_perf_event *hwc,

							int idx, int overflow);

							int idx);

				int armpmu_event_set_period(struct perf_event *event,

							    struct hw_perf_event *hwc,

									
										22

arch/arm/kernel/perf_event.c
									
												View File
												
				@ -187,7 +187,7 @@ armpmu_event_set_period(struct perf_event *event,

				u64

				armpmu_event_update(struct perf_event *event,

						    struct hw_perf_event *hwc,

						    int idx, int overflow)

						    int idx)

				{

					struct arm_pmu *armpmu = to_arm_pmu(event->pmu);

					u64 delta, prev_raw_count, new_raw_count;

				@ -200,13 +200,7 @@ again:

							     new_raw_count) != prev_raw_count)

						goto again;

					new_raw_count &= armpmu->max_period;

					prev_raw_count &= armpmu->max_period;

					if (overflow)

						delta = armpmu->max_period - prev_raw_count + new_raw_count + 1;

					else

						delta = new_raw_count - prev_raw_count;

					delta = (new_raw_count - prev_raw_count) & armpmu->max_period;

					local64_add(delta, &event->count);

					local64_sub(delta, &hwc->period_left);

				@ -223,7 +217,7 @@ armpmu_read(struct perf_event *event)

					if (hwc->idx < 0)

						return;

					armpmu_event_update(event, hwc, hwc->idx, 0);

					armpmu_event_update(event, hwc, hwc->idx);

				}

				static void

				@ -239,7 +233,7 @@ armpmu_stop(struct perf_event *event, int flags)

					if (!(hwc->state & PERF_HES_STOPPED)) {

						armpmu->disable(hwc, hwc->idx);

						barrier(); /* why? */

						armpmu_event_update(event, hwc, hwc->idx, 0);

						armpmu_event_update(event, hwc, hwc->idx);

						hwc->state |= PERF_HES_STOPPED | PERF_HES_UPTODATE;

					}

				}

				@ -519,7 +513,13 @@ __hw_perf_event_init(struct perf_event *event)

					hwc->config_base	    |= (unsigned long)mapping;

					if (!hwc->sample_period) {

						hwc->sample_period  = armpmu->max_period;

						/*

						 * For non-sampling runs, limit the sample_period to half

						 * of the counter width. That way, the new counter value

						 * is far less likely to overtake the previous one unless

						 * you have some serious IRQ latency issues.

						 */

						hwc->sample_period  = armpmu->max_period >> 1;

						hwc->last_period    = hwc->sample_period;

						local64_set(&hwc->period_left, hwc->sample_period);

					}

									
										22

arch/arm/kernel/perf_event_v6.c
									
												View File
												
				@ -463,23 +463,6 @@ armv6pmu_enable_event(struct hw_perf_event *hwc,

					raw_spin_unlock_irqrestore(&events->pmu_lock, flags);

				}

				static int counter_is_active(unsigned long pmcr, int idx)

				{

					unsigned long mask = 0;

					if (idx == ARMV6_CYCLE_COUNTER)

						mask = ARMV6_PMCR_CCOUNT_IEN;

					else if (idx == ARMV6_COUNTER0)

						mask = ARMV6_PMCR_COUNT0_IEN;

					else if (idx == ARMV6_COUNTER1)

						mask = ARMV6_PMCR_COUNT1_IEN;

					if (mask)

						return pmcr & mask;

					WARN_ONCE(1, "invalid counter number (%d)\n", idx);

					return 0;

				}

				static irqreturn_t

				armv6pmu_handle_irq(int irq_num,

						    void *dev)

				@ -509,7 +492,8 @@ armv6pmu_handle_irq(int irq_num,

						struct perf_event *event = cpuc->events[idx];

						struct hw_perf_event *hwc;

						if (!counter_is_active(pmcr, idx))

						/* Ignore if we don't have an event. */

						if (!event)

							continue;

						/*

				@ -520,7 +504,7 @@ armv6pmu_handle_irq(int irq_num,

							continue;

						hwc = &event->hw;

						armpmu_event_update(event, hwc, idx, 1);

						armpmu_event_update(event, hwc, idx);

						data.period = event->hw.last_period;

						if (!armpmu_event_set_period(event, hwc, idx))

							continue;

									
										11

arch/arm/kernel/perf_event_v7.c
									
												View File
												
				@ -878,6 +878,11 @@ static inline int armv7_pmnc_disable_intens(int idx)

					counter = ARMV7_IDX_TO_COUNTER(idx);

					asm volatile("mcr p15, 0, %0, c9, c14, 2" : : "r" (BIT(counter)));

					isb();

					/* Clear the overflow flag in case an interrupt is pending. */

					asm volatile("mcr p15, 0, %0, c9, c12, 3" : : "r" (BIT(counter)));

					isb();

					return idx;

				}

				@ -1024,6 +1029,10 @@ static irqreturn_t armv7pmu_handle_irq(int irq_num, void *dev)

						struct perf_event *event = cpuc->events[idx];

						struct hw_perf_event *hwc;

						/* Ignore if we don't have an event. */

						if (!event)

							continue;

						/*

						 * We have a single interrupt for all counters. Check that

						 * each counter has overflowed before we process it.

				@ -1032,7 +1041,7 @@ static irqreturn_t armv7pmu_handle_irq(int irq_num, void *dev)

							continue;

						hwc = &event->hw;

						armpmu_event_update(event, hwc, idx, 1);

						armpmu_event_update(event, hwc, idx);

						data.period = event->hw.last_period;

						if (!armpmu_event_set_period(event, hwc, idx))

							continue;

									
										20

arch/arm/kernel/perf_event_xscale.c
									
												View File
												
				@ -253,11 +253,14 @@ xscale1pmu_handle_irq(int irq_num, void *dev)

						struct perf_event *event = cpuc->events[idx];

						struct hw_perf_event *hwc;

						if (!event)

							continue;

						if (!xscale1_pmnc_counter_has_overflowed(pmnc, idx))

							continue;

						hwc = &event->hw;

						armpmu_event_update(event, hwc, idx, 1);

						armpmu_event_update(event, hwc, idx);

						data.period = event->hw.last_period;

						if (!armpmu_event_set_period(event, hwc, idx))

							continue;

				@ -590,11 +593,14 @@ xscale2pmu_handle_irq(int irq_num, void *dev)

						struct perf_event *event = cpuc->events[idx];

						struct hw_perf_event *hwc;

						if (!xscale2_pmnc_counter_has_overflowed(pmnc, idx))

						if (!event)

							continue;

						if (!xscale2_pmnc_counter_has_overflowed(of_flags, idx))

							continue;

						hwc = &event->hw;

						armpmu_event_update(event, hwc, idx, 1);

						armpmu_event_update(event, hwc, idx);

						data.period = event->hw.last_period;

						if (!armpmu_event_set_period(event, hwc, idx))

							continue;

				@ -661,7 +667,7 @@ xscale2pmu_enable_event(struct hw_perf_event *hwc, int idx)

				static void

				xscale2pmu_disable_event(struct hw_perf_event *hwc, int idx)

				{

					unsigned long flags, ien, evtsel;

					unsigned long flags, ien, evtsel, of_flags;

					struct pmu_hw_events *events = cpu_pmu->get_hw_events();

					ien = xscale2pmu_read_int_enable();

				@ -670,26 +676,31 @@ xscale2pmu_disable_event(struct hw_perf_event *hwc, int idx)

					switch (idx) {

					case XSCALE_CYCLE_COUNTER:

						ien &= ~XSCALE2_CCOUNT_INT_EN;

						of_flags = XSCALE2_CCOUNT_OVERFLOW;

						break;

					case XSCALE_COUNTER0:

						ien &= ~XSCALE2_COUNT0_INT_EN;

						evtsel &= ~XSCALE2_COUNT0_EVT_MASK;

						evtsel |= XSCALE_PERFCTR_UNUSED << XSCALE2_COUNT0_EVT_SHFT;

						of_flags = XSCALE2_COUNT0_OVERFLOW;

						break;

					case XSCALE_COUNTER1:

						ien &= ~XSCALE2_COUNT1_INT_EN;

						evtsel &= ~XSCALE2_COUNT1_EVT_MASK;

						evtsel |= XSCALE_PERFCTR_UNUSED << XSCALE2_COUNT1_EVT_SHFT;

						of_flags = XSCALE2_COUNT1_OVERFLOW;

						break;

					case XSCALE_COUNTER2:

						ien &= ~XSCALE2_COUNT2_INT_EN;

						evtsel &= ~XSCALE2_COUNT2_EVT_MASK;

						evtsel |= XSCALE_PERFCTR_UNUSED << XSCALE2_COUNT2_EVT_SHFT;

						of_flags = XSCALE2_COUNT2_OVERFLOW;

						break;

					case XSCALE_COUNTER3:

						ien &= ~XSCALE2_COUNT3_INT_EN;

						evtsel &= ~XSCALE2_COUNT3_EVT_MASK;

						evtsel |= XSCALE_PERFCTR_UNUSED << XSCALE2_COUNT3_EVT_SHFT;

						of_flags = XSCALE2_COUNT3_OVERFLOW;

						break;

					default:

						WARN_ONCE(1, "invalid counter number (%d)\n", idx);

				@ -699,6 +710,7 @@ xscale2pmu_disable_event(struct hw_perf_event *hwc, int idx)

					raw_spin_lock_irqsave(&events->pmu_lock, flags);

					xscale2pmu_write_event_select(evtsel);

					xscale2pmu_write_int_enable(ien);

					xscale2pmu_write_overflow_flags(of_flags);

					raw_spin_unlock_irqrestore(&events->pmu_lock, flags);

				}

									
										8

arch/arm/kernel/ptrace.c
									
												View File
												
				@ -699,10 +699,13 @@ static int vfp_set(struct task_struct *target,

				{

					int ret;

					struct thread_info *thread = task_thread_info(target);

					struct vfp_hard_struct new_vfp = thread->vfpstate.hard;

					struct vfp_hard_struct new_vfp;

					const size_t user_fpregs_offset = offsetof(struct user_vfp, fpregs);

					const size_t user_fpscr_offset = offsetof(struct user_vfp, fpscr);

					vfp_sync_hwstate(thread);

					new_vfp = thread->vfpstate.hard;

					ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,

								  &new_vfp.fpregs,

								  user_fpregs_offset,

				@ -723,9 +726,8 @@ static int vfp_set(struct task_struct *target,

					if (ret)

						return ret;

					vfp_sync_hwstate(thread);

					thread->vfpstate.hard = new_vfp;

					vfp_flush_hwstate(thread);

					thread->vfpstate.hard = new_vfp;

					return 0;

				}

									
										5

arch/arm/kernel/signal.c
									
												View File
												
				@ -227,6 +227,8 @@ static int restore_vfp_context(struct vfp_sigframe __user *frame)

					if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE)

						return -EINVAL;

					vfp_flush_hwstate(thread);

					/*

					 * Copy the floating point registers. There can be unused

					 * registers see asm/hwcap.h for details.

				@ -251,9 +253,6 @@ static int restore_vfp_context(struct vfp_sigframe __user *frame)

					__get_user_error(h->fpinst, &frame->ufp_exc.fpinst, err);

					__get_user_error(h->fpinst2, &frame->ufp_exc.fpinst2, err);

					if (!err)

						vfp_flush_hwstate(thread);

					return err ? -EFAULT : 0;

				}

									
										2

arch/arm/mach-at91/at91rm9200_devices.c
									
												View File
												
				@ -83,7 +83,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {}

				 *  USB Device (Gadget)

				 * -------------------------------------------------------------------- */

				#ifdef CONFIG_USB_AT91

				#if defined(CONFIG_USB_AT91) || defined(CONFIG_USB_AT91_MODULE)

				static struct at91_udc_data udc_data;

				static struct resource udc_resources[] = {

									
										2

arch/arm/mach-at91/at91sam9260_devices.c
									
												View File
												
				@ -84,7 +84,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {}

				 *  USB Device (Gadget)

				 * -------------------------------------------------------------------- */

				#ifdef CONFIG_USB_AT91

				#if defined(CONFIG_USB_AT91) || defined(CONFIG_USB_AT91_MODULE)

				static struct at91_udc_data udc_data;

				static struct resource udc_resources[] = {

									
										2

arch/arm/mach-at91/at91sam9261_devices.c
									
												View File
												
				@ -87,7 +87,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {}

				 *  USB Device (Gadget)

				 * -------------------------------------------------------------------- */

				#ifdef CONFIG_USB_AT91

				#if defined(CONFIG_USB_AT91) || defined(CONFIG_USB_AT91_MODULE)

				static struct at91_udc_data udc_data;

				static struct resource udc_resources[] = {

									
										2

arch/arm/mach-at91/at91sam9263_devices.c
									
												View File
												
				@ -92,7 +92,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {}

				 *  USB Device (Gadget)

				 * -------------------------------------------------------------------- */

				#ifdef CONFIG_USB_AT91

				#if defined(CONFIG_USB_AT91) || defined(CONFIG_USB_AT91_MODULE)

				static struct at91_udc_data udc_data;

				static struct resource udc_resources[] = {

									
										7

arch/arm/mach-at91/setup.c
									
												View File
												
				@ -27,9 +27,12 @@ EXPORT_SYMBOL(at91_soc_initdata);

				void __init at91rm9200_set_type(int type)

				{

					if (type == ARCH_REVISON_9200_PQFP)

						at91_soc_initdata.subtype = AT91_SOC_RM9200_BGA;

					else

						at91_soc_initdata.subtype = AT91_SOC_RM9200_PQFP;

					else

						at91_soc_initdata.subtype = AT91_SOC_RM9200_BGA;

					pr_info("AT91: filled in soc subtype: %s\n",

						at91_get_soc_subtype(&at91_soc_initdata));

				}

				void __init at91_init_irq_default(void)

									
										3

arch/arm/mach-dove/common.c
									
												View File
												
				@ -29,6 +29,7 @@

				#include <asm/mach/arch.h>

				#include <linux/irq.h>

				#include <plat/time.h>

				#include <plat/ehci-orion.h>

				#include <plat/common.h>

				#include "common.h"

				@ -72,7 +73,7 @@ void __init dove_map_io(void)

				void __init dove_ehci0_init(void)

				{

					orion_ehci_init(&dove_mbus_dram_info,

							DOVE_USB0_PHYS_BASE, IRQ_DOVE_USB0);

							DOVE_USB0_PHYS_BASE, IRQ_DOVE_USB0, EHCI_PHY_NA);

				}

				/*****************************************************************************

									
										5

arch/arm/mach-exynos/cpu.c
									
												View File
												
				@ -110,11 +110,6 @@ static struct map_desc exynos4_iodesc[] __initdata = {

						.pfn		= __phys_to_pfn(EXYNOS4_PA_DMC0),

						.length		= SZ_4K,

						.type		= MT_DEVICE,

					}, {

						.virtual	= (unsigned long)S5P_VA_SROMC,

						.pfn		= __phys_to_pfn(EXYNOS4_PA_SROMC),

						.length		= SZ_4K,

						.type		= MT_DEVICE,

					}, {

						.virtual	= (unsigned long)S3C_VA_USB_HSPHY,

						.pfn		= __phys_to_pfn(EXYNOS4_PA_HSPHY),

8

arch/arm/mach-imx/Kconfig

View File

 @ -132,7 +132,7 @@ config MACH_MX25_3DS
 	select IMX_HAVE_PLATFORM_MXC_NAND
 	select IMX_HAVE_PLATFORM_SDHCI_ESDHC_IMX
 config MACH_EUKREA_CPUIMX25
 config MACH_EUKREA_CPUIMX25SD
 	bool "Support Eukrea CPUIMX25 Platform"
 	select SOC_IMX25
 	select IMX_HAVE_PLATFORM_FLEXCAN
 @ -148,7 +148,7 @@ config MACH_EUKREA_CPUIMX25
 choice
 	prompt "Baseboard"
 	depends on MACH_EUKREA_CPUIMX25
 	depends on MACH_EUKREA_CPUIMX25SD
 	default MACH_EUKREA_MBIMXSD25_BASEBOARD
 config MACH_EUKREA_MBIMXSD25_BASEBOARD
 @ -542,7 +542,7 @@ config MACH_MX35_3DS
 	  Include support for MX35PDK platform. This includes specific
 	  configurations for the board and its peripherals.
 config MACH_EUKREA_CPUIMX35
 config MACH_EUKREA_CPUIMX35SD
 	bool "Support Eukrea CPUIMX35 Platform"
 	select SOC_IMX35
 	select IMX_HAVE_PLATFORM_FLEXCAN
 @ -560,7 +560,7 @@ config MACH_EUKREA_CPUIMX35
 choice
 	prompt "Baseboard"
 	depends on MACH_EUKREA_CPUIMX35
 	depends on MACH_EUKREA_CPUIMX35SD
 	default MACH_EUKREA_MBIMXSD35_BASEBOARD
 config MACH_EUKREA_MBIMXSD35_BASEBOARD

									
										4

arch/arm/mach-imx/Makefile
									
												View File
												
				@ -24,7 +24,7 @@ obj-$(CONFIG_MACH_MX21ADS) += mach-mx21ads.o

				# i.MX25 based machines

				obj-$(CONFIG_MACH_MX25_3DS) += mach-mx25_3ds.o

				obj-$(CONFIG_MACH_EUKREA_CPUIMX25) += mach-eukrea_cpuimx25.o

				obj-$(CONFIG_MACH_EUKREA_CPUIMX25SD) += mach-eukrea_cpuimx25.o

				obj-$(CONFIG_MACH_EUKREA_MBIMXSD25_BASEBOARD) += eukrea_mbimxsd25-baseboard.o

				# i.MX27 based machines

				@ -57,7 +57,7 @@ obj-$(CONFIG_MACH_BUG) += mach-bug.o

				# i.MX35 based machines

				obj-$(CONFIG_MACH_PCM043) += mach-pcm043.o

				obj-$(CONFIG_MACH_MX35_3DS) += mach-mx35_3ds.o

				obj-$(CONFIG_MACH_EUKREA_CPUIMX35) += mach-cpuimx35.o

				obj-$(CONFIG_MACH_EUKREA_CPUIMX35SD) += mach-cpuimx35.o

				obj-$(CONFIG_MACH_EUKREA_MBIMXSD35_BASEBOARD) += eukrea_mbimxsd35-baseboard.o

				obj-$(CONFIG_MACH_VPR200) += mach-vpr200.o

									
										20

arch/arm/mach-imx/clock-imx35.c
									
												View File
												
				@ -507,7 +507,7 @@ static struct clk_lookup lookups[] = {

				int __init mx35_clocks_init()

				{

					unsigned int cgr2 = 3 << 26, cgr3 = 0;

					unsigned int cgr2 = 3 << 26;

				#if defined(CONFIG_DEBUG_LL) && !defined(CONFIG_DEBUG_ICEDCC)

					cgr2 |= 3 << 16;

				@ -521,6 +521,12 @@ int __init mx35_clocks_init()

					__raw_writel((3 << 18), CCM_BASE + CCM_CGR0);

					__raw_writel((3 << 2) | (3 << 4) | (3 << 6) | (3 << 8) | (3 << 16),

							CCM_BASE + CCM_CGR1);

					__raw_writel(cgr2, CCM_BASE + CCM_CGR2);

					__raw_writel(0, CCM_BASE + CCM_CGR3);

					clk_enable(&iim_clk);

					imx_print_silicon_rev("i.MX35", mx35_revision());

					clk_disable(&iim_clk);

					/*

					 * Check if we came up in internal boot mode. If yes, we need some

				@ -529,17 +535,11 @@ int __init mx35_clocks_init()

					 */

					if (!(__raw_readl(CCM_BASE + CCM_RCSR) & (3 << 10))) {

						/* Additionally turn on UART1, SCC, and IIM clocks */

						cgr2 |= 3 << 16 | 3 << 4;

						cgr3 |= 3 << 2;

						clk_enable(&iim_clk);

						clk_enable(&uart1_clk);

						clk_enable(&scc_clk);

					}

					__raw_writel(cgr2, CCM_BASE + CCM_CGR2);

					__raw_writel(cgr3, CCM_BASE + CCM_CGR3);

					clk_enable(&iim_clk);

					imx_print_silicon_rev("i.MX35", mx35_revision());

					clk_disable(&iim_clk);

				#ifdef CONFIG_MXC_USE_EPIT

					epit_timer_init(&epit1_clk,

							MX35_IO_ADDRESS(MX35_EPIT1_BASE_ADDR), MX35_INT_EPIT1);

									
										8

arch/arm/mach-imx/mach-cpuimx35.c
									
												View File
												
				@ -53,12 +53,18 @@ static const struct imxi2c_platform_data

					.bitrate =		100000,

				};

				#define TSC2007_IRQGPIO		IMX_GPIO_NR(3, 2)

				static int tsc2007_get_pendown_state(void)

				{

					return !gpio_get_value(TSC2007_IRQGPIO);

				}

				static struct tsc2007_platform_data tsc2007_info = {

					.model			= 2007,

					.x_plate_ohms		= 180,

					.get_pendown_state = tsc2007_get_pendown_state,

				};

				#define TSC2007_IRQGPIO		IMX_GPIO_NR(3, 2)

				static struct i2c_board_info eukrea_cpuimx35_i2c_devices[] = {

					{

						I2C_BOARD_INFO("pcf8563", 0x51),

									
										3

arch/arm/mach-kirkwood/common.c
									
												View File
												
				@ -28,6 +28,7 @@

				#include <plat/cache-feroceon-l2.h>

				#include <plat/mvsdio.h>

				#include <plat/orion_nand.h>

				#include <plat/ehci-orion.h>

				#include <plat/common.h>

				#include <plat/time.h>

				#include "common.h"

				@ -74,7 +75,7 @@ void __init kirkwood_ehci_init(void)

				{

					kirkwood_clk_ctrl |= CGC_USB0;

					orion_ehci_init(&kirkwood_mbus_dram_info,

							USB_PHYS_BASE, IRQ_KIRKWOOD_USB);

							USB_PHYS_BASE, IRQ_KIRKWOOD_USB, EHCI_PHY_NA);

				}

									
										320

arch/arm/mach-kirkwood/mpp.h
									
												View File
												
				@ -31,313 +31,313 @@

				#define MPP_F6282_MASK		MPP(  0, 0x0, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP0_GPIO		MPP(  0, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP0_NF_IO2		MPP(  0, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP0_SPI_SCn		MPP(  0, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP0_NF_IO2		MPP(  0, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP0_SPI_SCn		MPP(  0, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP1_GPO		MPP(  1, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP1_NF_IO3		MPP(  1, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP1_SPI_MOSI		MPP(  1, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP1_NF_IO3		MPP(  1, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP1_SPI_MOSI		MPP(  1, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP2_GPO		MPP(  2, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP2_NF_IO4		MPP(  2, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP2_SPI_SCK		MPP(  2, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP2_NF_IO4		MPP(  2, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP2_SPI_SCK		MPP(  2, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP3_GPO		MPP(  3, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP3_NF_IO5		MPP(  3, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP3_SPI_MISO		MPP(  3, 0x2, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP3_NF_IO5		MPP(  3, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP3_SPI_MISO		MPP(  3, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP4_GPIO		MPP(  4, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP4_NF_IO6		MPP(  4, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP4_UART0_RXD		MPP(  4, 0x2, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP4_SATA1_ACTn		MPP(  4, 0x5, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP4_NF_IO6		MPP(  4, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP4_UART0_RXD		MPP(  4, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP4_SATA1_ACTn		MPP(  4, 0x5, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP4_LCD_VGA_HSYNC	MPP(  4, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP4_PTP_CLK		MPP(  4, 0xd, 1, 0, 1,   1,   1,   1,   0 )

				#define MPP4_PTP_CLK		MPP(  4, 0xd, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP5_GPO		MPP(  5, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP5_NF_IO7		MPP(  5, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP5_UART0_TXD		MPP(  5, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP5_PTP_TRIG_GEN	MPP(  5, 0x4, 0, 1, 1,   1,   1,   1,   0 )

				#define MPP5_SATA0_ACTn		MPP(  5, 0x5, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP5_NF_IO7		MPP(  5, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP5_UART0_TXD		MPP(  5, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP5_PTP_TRIG_GEN	MPP(  5, 0x4, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP5_SATA0_ACTn		MPP(  5, 0x5, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP5_LCD_VGA_VSYNC	MPP(  5, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP6_SYSRST_OUTn	MPP(  6, 0x1, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP6_SPI_MOSI		MPP(  6, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP6_PTP_TRIG_GEN	MPP(  6, 0x3, 0, 1, 1,   1,   1,   1,   0 )

				#define MPP6_SYSRST_OUTn	MPP(  6, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP6_SPI_MOSI		MPP(  6, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP6_PTP_TRIG_GEN	MPP(  6, 0x3, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP7_GPO		MPP(  7, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP7_PEX_RST_OUTn	MPP(  7, 0x1, 0, 1, 1,   1,   1,   1,   0 )

				#define MPP7_SPI_SCn		MPP(  7, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP7_PTP_TRIG_GEN	MPP(  7, 0x3, 0, 1, 1,   1,   1,   1,   0 )

				#define MPP7_LCD_PWM		MPP(  7, 0xb, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP7_PEX_RST_OUTn	MPP(  7, 0x1, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP7_SPI_SCn		MPP(  7, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP7_PTP_TRIG_GEN	MPP(  7, 0x3, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP7_LCD_PWM		MPP(  7, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP8_GPIO		MPP(  8, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP8_TW0_SDA		MPP(  8, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP8_UART0_RTS		MPP(  8, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP8_UART1_RTS		MPP(  8, 0x3, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP8_MII0_RXERR		MPP(  8, 0x4, 1, 0, 0,   1,   1,   1,   1 )

				#define MPP8_SATA1_PRESENTn	MPP(  8, 0x5, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP8_PTP_CLK		MPP(  8, 0xc, 1, 0, 1,   1,   1,   1,   0 )

				#define MPP8_MII0_COL		MPP(  8, 0xd, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP8_TW0_SDA		MPP(  8, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP8_UART0_RTS		MPP(  8, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP8_UART1_RTS		MPP(  8, 0x3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP8_MII0_RXERR		MPP(  8, 0x4, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP8_SATA1_PRESENTn	MPP(  8, 0x5, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP8_PTP_CLK		MPP(  8, 0xc, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP8_MII0_COL		MPP(  8, 0xd, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP9_GPIO		MPP(  9, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP9_TW0_SCK		MPP(  9, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP9_UART0_CTS		MPP(  9, 0x2, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP9_UART1_CTS		MPP(  9, 0x3, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP9_SATA0_PRESENTn	MPP(  9, 0x5, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP9_PTP_EVENT_REQ	MPP(  9, 0xc, 1, 0, 1,   1,   1,   1,   0 )

				#define MPP9_MII0_CRS		MPP(  9, 0xd, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP9_TW0_SCK		MPP(  9, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP9_UART0_CTS		MPP(  9, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP9_UART1_CTS		MPP(  9, 0x3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP9_SATA0_PRESENTn	MPP(  9, 0x5, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP9_PTP_EVENT_REQ	MPP(  9, 0xc, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP9_MII0_CRS		MPP(  9, 0xd, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP10_GPO		MPP( 10, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP10_SPI_SCK		MPP( 10, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP10_UART0_TXD		MPP( 10, 0X3, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP10_SATA1_ACTn	MPP( 10, 0x5, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP10_PTP_TRIG_GEN	MPP( 10, 0xc, 0, 1, 1,   1,   1,   1,   0 )

				#define MPP10_SPI_SCK		MPP( 10, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP10_UART0_TXD		MPP( 10, 0X3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP10_SATA1_ACTn	MPP( 10, 0x5, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP10_PTP_TRIG_GEN	MPP( 10, 0xc, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP11_GPIO		MPP( 11, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP11_SPI_MISO		MPP( 11, 0x2, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP11_UART0_RXD		MPP( 11, 0x3, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP11_PTP_EVENT_REQ	MPP( 11, 0x4, 1, 0, 1,   1,   1,   1,   0 )

				#define MPP11_PTP_TRIG_GEN	MPP( 11, 0xc, 0, 1, 1,   1,   1,   1,   0 )

				#define MPP11_PTP_CLK		MPP( 11, 0xd, 1, 0, 1,   1,   1,   1,   0 )

				#define MPP11_SATA0_ACTn	MPP( 11, 0x5, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP11_SPI_MISO		MPP( 11, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP11_UART0_RXD		MPP( 11, 0x3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP11_PTP_EVENT_REQ	MPP( 11, 0x4, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP11_PTP_TRIG_GEN	MPP( 11, 0xc, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP11_PTP_CLK		MPP( 11, 0xd, 0, 0, 1,   1,   1,   1,   0 )

				#define MPP11_SATA0_ACTn	MPP( 11, 0x5, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP12_GPO		MPP( 12, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP12_SD_CLK		MPP( 12, 0x1, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP12_AU_SPDIF0		MPP( 12, 0xa, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP12_SPI_MOSI		MPP( 12, 0xb, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP12_TW1_SDA		MPP( 12, 0xd, 1, 0, 0,   0,   0,   0,   1 )

				#define MPP12_SD_CLK		MPP( 12, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP12_AU_SPDIF0		MPP( 12, 0xa, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP12_SPI_MOSI		MPP( 12, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP12_TW1_SDA		MPP( 12, 0xd, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP13_GPIO		MPP( 13, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP13_SD_CMD		MPP( 13, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP13_UART1_TXD		MPP( 13, 0x3, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP13_AU_SPDIFRMCLK	MPP( 13, 0xa, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP13_LCDPWM		MPP( 13, 0xb, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP13_SD_CMD		MPP( 13, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP13_UART1_TXD		MPP( 13, 0x3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP13_AU_SPDIFRMCLK	MPP( 13, 0xa, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP13_LCDPWM		MPP( 13, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP14_GPIO		MPP( 14, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP14_SD_D0		MPP( 14, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP14_UART1_RXD		MPP( 14, 0x3, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP14_SATA1_PRESENTn	MPP( 14, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP14_AU_SPDIFI		MPP( 14, 0xa, 1, 0, 0,   0,   0,   0,   1 )

				#define MPP14_AU_I2SDI		MPP( 14, 0xb, 1, 0, 0,   0,   0,   0,   1 )

				#define MPP14_MII0_COL		MPP( 14, 0xd, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP14_SD_D0		MPP( 14, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP14_UART1_RXD		MPP( 14, 0x3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP14_SATA1_PRESENTn	MPP( 14, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP14_AU_SPDIFI		MPP( 14, 0xa, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP14_AU_I2SDI		MPP( 14, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP14_MII0_COL		MPP( 14, 0xd, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP15_GPIO		MPP( 15, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP15_SD_D1		MPP( 15, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP15_UART0_RTS		MPP( 15, 0x2, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP15_UART1_TXD		MPP( 15, 0x3, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP15_SATA0_ACTn	MPP( 15, 0x4, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP15_SPI_CSn		MPP( 15, 0xb, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP15_SD_D1		MPP( 15, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP15_UART0_RTS		MPP( 15, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP15_UART1_TXD		MPP( 15, 0x3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP15_SATA0_ACTn	MPP( 15, 0x4, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP15_SPI_CSn		MPP( 15, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP16_GPIO		MPP( 16, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP16_SD_D2		MPP( 16, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP16_UART0_CTS		MPP( 16, 0x2, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP16_UART1_RXD		MPP( 16, 0x3, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP16_SATA1_ACTn	MPP( 16, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP16_LCD_EXT_REF_CLK	MPP( 16, 0xb, 1, 0, 0,   0,   0,   0,   1 )

				#define MPP16_MII0_CRS		MPP( 16, 0xd, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP16_SD_D2		MPP( 16, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP16_UART0_CTS		MPP( 16, 0x2, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP16_UART1_RXD		MPP( 16, 0x3, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP16_SATA1_ACTn	MPP( 16, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP16_LCD_EXT_REF_CLK	MPP( 16, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP16_MII0_CRS		MPP( 16, 0xd, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP17_GPIO		MPP( 17, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP17_SD_D3		MPP( 17, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP17_SATA0_PRESENTn	MPP( 17, 0x4, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP17_SATA1_ACTn	MPP( 17, 0xa, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP17_TW1_SCK		MPP( 17, 0xd, 1, 1, 0,   0,   0,   0,   1 )

				#define MPP17_SD_D3		MPP( 17, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP17_SATA0_PRESENTn	MPP( 17, 0x4, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP17_SATA1_ACTn	MPP( 17, 0xa, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP17_TW1_SCK		MPP( 17, 0xd, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP18_GPO		MPP( 18, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP18_NF_IO0		MPP( 18, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP18_PEX0_CLKREQ	MPP( 18, 0x2, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP18_NF_IO0		MPP( 18, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP18_PEX0_CLKREQ	MPP( 18, 0x2, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP19_GPO		MPP( 19, 0x0, 0, 1, 1,   1,   1,   1,   1 )

				#define MPP19_NF_IO1		MPP( 19, 0x1, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP19_NF_IO1		MPP( 19, 0x1, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP20_GPIO		MPP( 20, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP20_TSMP0		MPP( 20, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP20_TDM_CH0_TX_QL	MPP( 20, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP20_TSMP0		MPP( 20, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP20_TDM_CH0_TX_QL	MPP( 20, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP20_GE1_TXD0		MPP( 20, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP20_AU_SPDIFI		MPP( 20, 0x4, 1, 0, 0,   0,   1,   1,   1 )

				#define MPP20_SATA1_ACTn	MPP( 20, 0x5, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP20_AU_SPDIFI		MPP( 20, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP20_SATA1_ACTn	MPP( 20, 0x5, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP20_LCD_D0		MPP( 20, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP21_GPIO		MPP( 21, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP21_TSMP1		MPP( 21, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP21_TDM_CH0_RX_QL	MPP( 21, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP21_TSMP1		MPP( 21, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP21_TDM_CH0_RX_QL	MPP( 21, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP21_GE1_TXD1		MPP( 21, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP21_AU_SPDIFO		MPP( 21, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP21_SATA0_ACTn	MPP( 21, 0x5, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP21_AU_SPDIFO		MPP( 21, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP21_SATA0_ACTn	MPP( 21, 0x5, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP21_LCD_D1		MPP( 21, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP22_GPIO		MPP( 22, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP22_TSMP2		MPP( 22, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP22_TDM_CH2_TX_QL	MPP( 22, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP22_TSMP2		MPP( 22, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP22_TDM_CH2_TX_QL	MPP( 22, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP22_GE1_TXD2		MPP( 22, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP22_AU_SPDIFRMKCLK	MPP( 22, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP22_SATA1_PRESENTn	MPP( 22, 0x5, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP22_AU_SPDIFRMKCLK	MPP( 22, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP22_SATA1_PRESENTn	MPP( 22, 0x5, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP22_LCD_D2		MPP( 22, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP23_GPIO		MPP( 23, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP23_TSMP3		MPP( 23, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP23_TDM_CH2_RX_QL	MPP( 23, 0x2, 1, 0, 0,   0,   1,   1,   1 )

				#define MPP23_TSMP3		MPP( 23, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP23_TDM_CH2_RX_QL	MPP( 23, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP23_GE1_TXD3		MPP( 23, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP23_AU_I2SBCLK	MPP( 23, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP23_SATA0_PRESENTn	MPP( 23, 0x5, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP23_AU_I2SBCLK	MPP( 23, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP23_SATA0_PRESENTn	MPP( 23, 0x5, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP23_LCD_D3		MPP( 23, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP24_GPIO		MPP( 24, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP24_TSMP4		MPP( 24, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP24_TDM_SPI_CS0	MPP( 24, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP24_TSMP4		MPP( 24, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP24_TDM_SPI_CS0	MPP( 24, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP24_GE1_RXD0		MPP( 24, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP24_AU_I2SDO		MPP( 24, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP24_AU_I2SDO		MPP( 24, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP24_LCD_D4		MPP( 24, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP25_GPIO		MPP( 25, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP25_TSMP5		MPP( 25, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP25_TDM_SPI_SCK	MPP( 25, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP25_TSMP5		MPP( 25, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP25_TDM_SPI_SCK	MPP( 25, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP25_GE1_RXD1		MPP( 25, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP25_AU_I2SLRCLK	MPP( 25, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP25_AU_I2SLRCLK	MPP( 25, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP25_LCD_D5		MPP( 25, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP26_GPIO		MPP( 26, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP26_TSMP6		MPP( 26, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP26_TDM_SPI_MISO	MPP( 26, 0x2, 1, 0, 0,   0,   1,   1,   1 )

				#define MPP26_TSMP6		MPP( 26, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP26_TDM_SPI_MISO	MPP( 26, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP26_GE1_RXD2		MPP( 26, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP26_AU_I2SMCLK	MPP( 26, 0x4, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP26_AU_I2SMCLK	MPP( 26, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP26_LCD_D6		MPP( 26, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP27_GPIO		MPP( 27, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP27_TSMP7		MPP( 27, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP27_TDM_SPI_MOSI	MPP( 27, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP27_TSMP7		MPP( 27, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP27_TDM_SPI_MOSI	MPP( 27, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP27_GE1_RXD3		MPP( 27, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP27_AU_I2SDI		MPP( 27, 0x4, 1, 0, 0,   0,   1,   1,   1 )

				#define MPP27_AU_I2SDI		MPP( 27, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP27_LCD_D7		MPP( 27, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP28_GPIO		MPP( 28, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP28_TSMP8		MPP( 28, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP28_TSMP8		MPP( 28, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP28_TDM_CODEC_INTn	MPP( 28, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP28_GE1_COL		MPP( 28, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP28_AU_EXTCLK		MPP( 28, 0x4, 1, 0, 0,   0,   1,   1,   1 )

				#define MPP28_AU_EXTCLK		MPP( 28, 0x4, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP28_LCD_D8		MPP( 28, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP29_GPIO		MPP( 29, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP29_TSMP9		MPP( 29, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP29_TSMP9		MPP( 29, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP29_TDM_CODEC_RSTn	MPP( 29, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP29_GE1_TCLK		MPP( 29, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP29_LCD_D9		MPP( 29, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP30_GPIO		MPP( 30, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP30_TSMP10		MPP( 30, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP30_TDM_PCLK		MPP( 30, 0x2, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP30_TSMP10		MPP( 30, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP30_TDM_PCLK		MPP( 30, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP30_GE1_RXCTL		MPP( 30, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP30_LCD_D10		MPP( 30, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP31_GPIO		MPP( 31, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP31_TSMP11		MPP( 31, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP31_TDM_FS		MPP( 31, 0x2, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP31_TSMP11		MPP( 31, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP31_TDM_FS		MPP( 31, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP31_GE1_RXCLK		MPP( 31, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP31_LCD_D11		MPP( 31, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP32_GPIO		MPP( 32, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP32_TSMP12		MPP( 32, 0x1, 1, 1, 0,   0,   1,   1,   1 )

				#define MPP32_TDM_DRX		MPP( 32, 0x2, 1, 0, 0,   0,   1,   1,   1 )

				#define MPP32_TSMP12		MPP( 32, 0x1, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP32_TDM_DRX		MPP( 32, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP32_GE1_TCLKOUT	MPP( 32, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP32_LCD_D12		MPP( 32, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP33_GPO		MPP( 33, 0x0, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP33_TDM_DTX		MPP( 33, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP33_TDM_DTX		MPP( 33, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP33_GE1_TXCTL		MPP( 33, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP33_LCD_D13		MPP( 33, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP34_GPIO		MPP( 34, 0x0, 1, 1, 0,   1,   1,   1,   1 )

				#define MPP34_TDM_SPI_CS1	MPP( 34, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP34_TDM_SPI_CS1	MPP( 34, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP34_GE1_TXEN		MPP( 34, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP34_SATA1_ACTn	MPP( 34, 0x5, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP34_SATA1_ACTn	MPP( 34, 0x5, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP34_LCD_D14		MPP( 34, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP35_GPIO		MPP( 35, 0x0, 1, 1, 1,   1,   1,   1,   1 )

				#define MPP35_TDM_CH0_TX_QL	MPP( 35, 0x2, 0, 1, 0,   0,   1,   1,   1 )

				#define MPP35_TDM_CH0_TX_QL	MPP( 35, 0x2, 0, 0, 0,   0,   1,   1,   1 )

				#define MPP35_GE1_RXERR		MPP( 35, 0x3, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP35_SATA0_ACTn	MPP( 35, 0x5, 0, 1, 0,   1,   1,   1,   1 )

				#define MPP35_SATA0_ACTn	MPP( 35, 0x5, 0, 0, 0,   1,   1,   1,   1 )

				#define MPP35_LCD_D15		MPP( 22, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP35_MII0_RXERR	MPP( 35, 0xc, 1, 0, 1,   1,   1,   1,   1 )

				#define MPP35_MII0_RXERR	MPP( 35, 0xc, 0, 0, 1,   1,   1,   1,   1 )

				#define MPP36_GPIO		MPP( 36, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP36_TSMP0		MPP( 36, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP36_TDM_SPI_CS1	MPP( 36, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP36_AU_SPDIFI		MPP( 36, 0x4, 1, 0, 1,   0,   0,   1,   1 )

				#define MPP36_TW1_SDA		MPP( 36, 0xb, 1, 1, 0,   0,   0,   0,   1 )

				#define MPP36_TSMP0		MPP( 36, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP36_TDM_SPI_CS1	MPP( 36, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP36_AU_SPDIFI		MPP( 36, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP36_TW1_SDA		MPP( 36, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP37_GPIO		MPP( 37, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP37_TSMP1		MPP( 37, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP37_TDM_CH2_TX_QL	MPP( 37, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP37_AU_SPDIFO		MPP( 37, 0x4, 0, 1, 1,   0,   0,   1,   1 )

				#define MPP37_TW1_SCK		MPP( 37, 0xb, 1, 1, 0,   0,   0,   0,   1 )

				#define MPP37_TSMP1		MPP( 37, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP37_TDM_CH2_TX_QL	MPP( 37, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP37_AU_SPDIFO		MPP( 37, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP37_TW1_SCK		MPP( 37, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP38_GPIO		MPP( 38, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP38_TSMP2		MPP( 38, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP38_TDM_CH2_RX_QL	MPP( 38, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP38_AU_SPDIFRMLCLK	MPP( 38, 0x4, 0, 1, 1,   0,   0,   1,   1 )

				#define MPP38_TSMP2		MPP( 38, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP38_TDM_CH2_RX_QL	MPP( 38, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP38_AU_SPDIFRMLCLK	MPP( 38, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP38_LCD_D18		MPP( 38, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP39_GPIO		MPP( 39, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP39_TSMP3		MPP( 39, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP39_TDM_SPI_CS0	MPP( 39, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP39_AU_I2SBCLK	MPP( 39, 0x4, 0, 1, 1,   0,   0,   1,   1 )

				#define MPP39_TSMP3		MPP( 39, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP39_TDM_SPI_CS0	MPP( 39, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP39_AU_I2SBCLK	MPP( 39, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP39_LCD_D19		MPP( 39, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP40_GPIO		MPP( 40, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP40_TSMP4		MPP( 40, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP40_TDM_SPI_SCK	MPP( 40, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP40_AU_I2SDO		MPP( 40, 0x4, 0, 1, 1,   0,   0,   1,   1 )

				#define MPP40_TSMP4		MPP( 40, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP40_TDM_SPI_SCK	MPP( 40, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP40_AU_I2SDO		MPP( 40, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP40_LCD_D20		MPP( 40, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP41_GPIO		MPP( 41, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP41_TSMP5		MPP( 41, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP41_TDM_SPI_MISO	MPP( 41, 0x2, 1, 0, 0,   0,   0,   1,   1 )

				#define MPP41_AU_I2SLRCLK	MPP( 41, 0x4, 0, 1, 1,   0,   0,   1,   1 )

				#define MPP41_TSMP5		MPP( 41, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP41_TDM_SPI_MISO	MPP( 41, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP41_AU_I2SLRCLK	MPP( 41, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP41_LCD_D21		MPP( 41, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP42_GPIO		MPP( 42, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP42_TSMP6		MPP( 42, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP42_TDM_SPI_MOSI	MPP( 42, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP42_AU_I2SMCLK	MPP( 42, 0x4, 0, 1, 1,   0,   0,   1,   1 )

				#define MPP42_TSMP6		MPP( 42, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP42_TDM_SPI_MOSI	MPP( 42, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP42_AU_I2SMCLK	MPP( 42, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP42_LCD_D22		MPP( 42, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP43_GPIO		MPP( 43, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP43_TSMP7		MPP( 43, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP43_TSMP7		MPP( 43, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP43_TDM_CODEC_INTn	MPP( 43, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP43_AU_I2SDI		MPP( 43, 0x4, 1, 0, 1,   0,   0,   1,   1 )

				#define MPP43_AU_I2SDI		MPP( 43, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP43_LCD_D23		MPP( 22, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP44_GPIO		MPP( 44, 0x0, 1, 1, 1,   0,   0,   1,   1 )

				#define MPP44_TSMP8		MPP( 44, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP44_TSMP8		MPP( 44, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP44_TDM_CODEC_RSTn	MPP( 44, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP44_AU_EXTCLK		MPP( 44, 0x4, 1, 0, 1,   0,   0,   1,   1 )

				#define MPP44_AU_EXTCLK		MPP( 44, 0x4, 0, 0, 1,   0,   0,   1,   1 )

				#define MPP44_LCD_CLK		MPP( 44, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP45_GPIO		MPP( 45, 0x0, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP45_TSMP9		MPP( 45, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP45_TDM_PCLK		MPP( 45, 0x2, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP45_TSMP9		MPP( 45, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP45_TDM_PCLK		MPP( 45, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP245_LCD_E		MPP( 45, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP46_GPIO		MPP( 46, 0x0, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP46_TSMP10		MPP( 46, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP46_TDM_FS		MPP( 46, 0x2, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP46_TSMP10		MPP( 46, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP46_TDM_FS		MPP( 46, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP46_LCD_HSYNC		MPP( 46, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP47_GPIO		MPP( 47, 0x0, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP47_TSMP11		MPP( 47, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP47_TDM_DRX		MPP( 47, 0x2, 1, 0, 0,   0,   0,   1,   1 )

				#define MPP47_TSMP11		MPP( 47, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP47_TDM_DRX		MPP( 47, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP47_LCD_VSYNC		MPP( 47, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP48_GPIO		MPP( 48, 0x0, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP48_TSMP12		MPP( 48, 0x1, 1, 1, 0,   0,   0,   1,   1 )

				#define MPP48_TDM_DTX		MPP( 48, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP48_TSMP12		MPP( 48, 0x1, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP48_TDM_DTX		MPP( 48, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP48_LCD_D16		MPP( 22, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP49_GPIO		MPP( 49, 0x0, 1, 1, 0,   0,   0,   1,   0 )

				#define MPP49_GPO		MPP( 49, 0x0, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP49_TSMP9		MPP( 49, 0x1, 1, 1, 0,   0,   0,   1,   0 )

				#define MPP49_TDM_CH0_RX_QL	MPP( 49, 0x2, 0, 1, 0,   0,   0,   1,   1 )

				#define MPP49_PTP_CLK		MPP( 49, 0x5, 1, 0, 0,   0,   0,   1,   0 )

				#define MPP49_PEX0_CLKREQ	MPP( 49, 0xa, 0, 1, 0,   0,   0,   0,   1 )

				#define MPP49_TSMP9		MPP( 49, 0x1, 0, 0, 0,   0,   0,   1,   0 )

				#define MPP49_TDM_CH0_RX_QL	MPP( 49, 0x2, 0, 0, 0,   0,   0,   1,   1 )

				#define MPP49_PTP_CLK		MPP( 49, 0x5, 0, 0, 0,   0,   0,   1,   0 )

				#define MPP49_PEX0_CLKREQ	MPP( 49, 0xa, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP49_LCD_D17		MPP( 49, 0xb, 0, 0, 0,   0,   0,   0,   1 )

				#define MPP_MAX			49

									
										2

arch/arm/mach-lpc32xx/include/mach/irqs.h
									
												View File
												
				@ -61,7 +61,7 @@

				 */

				#define IRQ_LPC32XX_JTAG_COMM_TX	LPC32XX_SIC1_IRQ(1)

				#define IRQ_LPC32XX_JTAG_COMM_RX	LPC32XX_SIC1_IRQ(2)

				#define IRQ_LPC32XX_GPI_11		LPC32XX_SIC1_IRQ(4)

				#define IRQ_LPC32XX_GPI_28		LPC32XX_SIC1_IRQ(4)

				#define IRQ_LPC32XX_TS_P		LPC32XX_SIC1_IRQ(6)

				#define IRQ_LPC32XX_TS_IRQ		LPC32XX_SIC1_IRQ(7)

				#define IRQ_LPC32XX_TS_AUX		LPC32XX_SIC1_IRQ(8)

									
										25

arch/arm/mach-lpc32xx/irq.c
									
												View File
												
				@ -118,6 +118,10 @@ static const struct lpc32xx_event_info lpc32xx_events[NR_IRQS] = {

						.event_group = &lpc32xx_event_pin_regs,

						.mask = LPC32XX_CLKPWR_EXTSRC_GPI_06_BIT,

					},

					[IRQ_LPC32XX_GPI_28] = {

						.event_group = &lpc32xx_event_pin_regs,

						.mask = LPC32XX_CLKPWR_EXTSRC_GPI_28_BIT,

					},

					[IRQ_LPC32XX_GPIO_00] = {

						.event_group = &lpc32xx_event_int_regs,

						.mask = LPC32XX_CLKPWR_INTSRC_GPIO_00_BIT,

				@ -305,9 +309,18 @@ static int lpc32xx_irq_wake(struct irq_data *d, unsigned int state)

						if (state)

							eventreg |= lpc32xx_events[d->irq].mask;

						else

						else {

							eventreg &= ~lpc32xx_events[d->irq].mask;

							/*

							 * When disabling the wakeup, clear the latched

							 * event

							 */

							__raw_writel(lpc32xx_events[d->irq].mask,

								lpc32xx_events[d->irq].

								event_group->rawstat_reg);

						}

						__raw_writel(eventreg,

							lpc32xx_events[d->irq].event_group->enab_reg);

				@ -380,13 +393,15 @@ void __init lpc32xx_init_irq(void)

					/* Setup SIC1 */

					__raw_writel(0, LPC32XX_INTC_MASK(LPC32XX_SIC1_BASE));

					__raw_writel(MIC_APR_DEFAULT, LPC32XX_INTC_POLAR(LPC32XX_SIC1_BASE));

					__raw_writel(MIC_ATR_DEFAULT, LPC32XX_INTC_ACT_TYPE(LPC32XX_SIC1_BASE));

					__raw_writel(SIC1_APR_DEFAULT, LPC32XX_INTC_POLAR(LPC32XX_SIC1_BASE));

					__raw_writel(SIC1_ATR_DEFAULT,

								LPC32XX_INTC_ACT_TYPE(LPC32XX_SIC1_BASE));

					/* Setup SIC2 */

					__raw_writel(0, LPC32XX_INTC_MASK(LPC32XX_SIC2_BASE));

					__raw_writel(MIC_APR_DEFAULT, LPC32XX_INTC_POLAR(LPC32XX_SIC2_BASE));

					__raw_writel(MIC_ATR_DEFAULT, LPC32XX_INTC_ACT_TYPE(LPC32XX_SIC2_BASE));

					__raw_writel(SIC2_APR_DEFAULT, LPC32XX_INTC_POLAR(LPC32XX_SIC2_BASE));

					__raw_writel(SIC2_ATR_DEFAULT,

								LPC32XX_INTC_ACT_TYPE(LPC32XX_SIC2_BASE));

					/* Configure supported IRQ's */

					for (i = 0; i < NR_IRQS; i++) {

									
										20

arch/arm/mach-lpc32xx/serial.c
									
												View File
												
				@ -88,6 +88,7 @@ struct uartinit {

					char *uart_ck_name;

					u32 ck_mode_mask;

					void __iomem *pdiv_clk_reg;

					resource_size_t mapbase;

				};

				static struct uartinit uartinit_data[] __initdata = {

				@ -97,6 +98,7 @@ static struct uartinit uartinit_data[] __initdata = {

						.ck_mode_mask =

							LPC32XX_UART_CLKMODE_LOAD(LPC32XX_UART_CLKMODE_ON, 5),

						.pdiv_clk_reg = LPC32XX_CLKPWR_UART5_CLK_CTRL,

						.mapbase = LPC32XX_UART5_BASE,

					},

				#endif

				#ifdef CONFIG_ARCH_LPC32XX_UART3_SELECT

				@ -105,6 +107,7 @@ static struct uartinit uartinit_data[] __initdata = {

						.ck_mode_mask =

							LPC32XX_UART_CLKMODE_LOAD(LPC32XX_UART_CLKMODE_ON, 3),

						.pdiv_clk_reg = LPC32XX_CLKPWR_UART3_CLK_CTRL,

						.mapbase = LPC32XX_UART3_BASE,

					},

				#endif

				#ifdef CONFIG_ARCH_LPC32XX_UART4_SELECT

				@ -113,6 +116,7 @@ static struct uartinit uartinit_data[] __initdata = {

						.ck_mode_mask =

							LPC32XX_UART_CLKMODE_LOAD(LPC32XX_UART_CLKMODE_ON, 4),

						.pdiv_clk_reg = LPC32XX_CLKPWR_UART4_CLK_CTRL,

						.mapbase = LPC32XX_UART4_BASE,

					},

				#endif

				#ifdef CONFIG_ARCH_LPC32XX_UART6_SELECT

				@ -121,6 +125,7 @@ static struct uartinit uartinit_data[] __initdata = {

						.ck_mode_mask =

							LPC32XX_UART_CLKMODE_LOAD(LPC32XX_UART_CLKMODE_ON, 6),

						.pdiv_clk_reg = LPC32XX_CLKPWR_UART6_CLK_CTRL,

						.mapbase = LPC32XX_UART6_BASE,

					},

				#endif

				};

				@ -165,11 +170,24 @@ void __init lpc32xx_serial_init(void)

						/* pre-UART clock divider set to 1 */

						__raw_writel(0x0101, uartinit_data[i].pdiv_clk_reg);

						/*

						 * Force a flush of the RX FIFOs to work around a

						 * HW bug

						 */

						puart = uartinit_data[i].mapbase;

						__raw_writel(0xC1, LPC32XX_UART_IIR_FCR(puart));

						__raw_writel(0x00, LPC32XX_UART_DLL_FIFO(puart));

						j = LPC32XX_SUART_FIFO_SIZE;

						while (j--)

							tmp = __raw_readl(

								LPC32XX_UART_DLL_FIFO(puart));

						__raw_writel(0, LPC32XX_UART_IIR_FCR(puart));

					}

					/* This needs to be done after all UART clocks are setup */

					__raw_writel(clkmodes, LPC32XX_UARTCTL_CLKMODE);

					for (i = 0; i < ARRAY_SIZE(uartinit_data) - 1; i++) {

					for (i = 0; i < ARRAY_SIZE(uartinit_data); i++) {

						/* Force a flush of the RX FIFOs to work around a HW bug */

						puart = serial_std_platform_data[i].mapbase;

						__raw_writel(0xC1, LPC32XX_UART_IIR_FCR(puart));

									
										3

arch/arm/mach-mv78xx0/common.c
									
												View File
												
				@ -20,6 +20,7 @@

				#include <mach/mv78xx0.h>

				#include <mach/bridge-regs.h>

				#include <plat/cache-feroceon-l2.h>

				#include <plat/ehci-orion.h>

				#include <plat/orion_nand.h>

				#include <plat/time.h>

				#include <plat/common.h>

				@ -170,7 +171,7 @@ void __init mv78xx0_map_io(void)

				void __init mv78xx0_ehci0_init(void)

				{

					orion_ehci_init(&mv78xx0_mbus_dram_info,

							USB0_PHYS_BASE, IRQ_MV78XX0_USB_0);

							USB0_PHYS_BASE, IRQ_MV78XX0_USB_0, EHCI_PHY_NA);

				}

									
										226

arch/arm/mach-mv78xx0/mpp.h
									
												View File
												
				@ -24,296 +24,296 @@

				#define MPP_78100_A0_MASK    MPP(0, 0x0, 0, 0, 1)

				#define MPP0_GPIO        MPP(0, 0x0, 1, 1, 1)

				#define MPP0_GE0_COL        MPP(0, 0x1, 1, 0, 1)

				#define MPP0_GE1_TXCLK        MPP(0, 0x2, 0, 1, 1)

				#define MPP0_GE0_COL        MPP(0, 0x1, 0, 0, 1)

				#define MPP0_GE1_TXCLK        MPP(0, 0x2, 0, 0, 1)

				#define MPP0_UNUSED        MPP(0, 0x3, 0, 0, 1)

				#define MPP1_GPIO        MPP(1, 0x0, 1, 1, 1)

				#define MPP1_GE0_RXERR        MPP(1, 0x1, 1, 0, 1)

				#define MPP1_GE1_TXCTL        MPP(1, 0x2, 0, 1, 1)

				#define MPP1_GE0_RXERR        MPP(1, 0x1, 0, 0, 1)

				#define MPP1_GE1_TXCTL        MPP(1, 0x2, 0, 0, 1)

				#define MPP1_UNUSED        MPP(1, 0x3, 0, 0, 1)

				#define MPP2_GPIO        MPP(2, 0x0, 1, 1, 1)

				#define MPP2_GE0_CRS        MPP(2, 0x1, 1, 0, 1)

				#define MPP2_GE1_RXCTL        MPP(2, 0x2, 1, 0, 1)

				#define MPP2_GE0_CRS        MPP(2, 0x1, 0, 0, 1)

				#define MPP2_GE1_RXCTL        MPP(2, 0x2, 0, 0, 1)

				#define MPP2_UNUSED        MPP(2, 0x3, 0, 0, 1)

				#define MPP3_GPIO        MPP(3, 0x0, 1, 1, 1)

				#define MPP3_GE0_TXERR        MPP(3, 0x1, 0, 1, 1)

				#define MPP3_GE1_RXCLK        MPP(3, 0x2, 1, 0, 1)

				#define MPP3_GE0_TXERR        MPP(3, 0x1, 0, 0, 1)

				#define MPP3_GE1_RXCLK        MPP(3, 0x2, 0, 0, 1)

				#define MPP3_UNUSED        MPP(3, 0x3, 0, 0, 1)

				#define MPP4_GPIO        MPP(4, 0x0, 1, 1, 1)

				#define MPP4_GE0_TXD4        MPP(4, 0x1, 0, 1, 1)

				#define MPP4_GE1_TXD0        MPP(4, 0x2, 0, 1, 1)

				#define MPP4_GE0_TXD4        MPP(4, 0x1, 0, 0, 1)

				#define MPP4_GE1_TXD0        MPP(4, 0x2, 0, 0, 1)

				#define MPP4_UNUSED        MPP(4, 0x3, 0, 0, 1)

				#define MPP5_GPIO        MPP(5, 0x0, 1, 1, 1)

				#define MPP5_GE0_TXD5        MPP(5, 0x1, 0, 1, 1)

				#define MPP5_GE1_TXD1        MPP(5, 0x2, 0, 1, 1)

				#define MPP5_GE0_TXD5        MPP(5, 0x1, 0, 0, 1)

				#define MPP5_GE1_TXD1        MPP(5, 0x2, 0, 0, 1)

				#define MPP5_UNUSED        MPP(5, 0x3, 0, 0, 1)

				#define MPP6_GPIO        MPP(6, 0x0, 1, 1, 1)

				#define MPP6_GE0_TXD6        MPP(6, 0x1, 0, 1, 1)

				#define MPP6_GE1_TXD2        MPP(6, 0x2, 0, 1, 1)

				#define MPP6_GE0_TXD6        MPP(6, 0x1, 0, 0, 1)

				#define MPP6_GE1_TXD2        MPP(6, 0x2, 0, 0, 1)

				#define MPP6_UNUSED        MPP(6, 0x3, 0, 0, 1)

				#define MPP7_GPIO        MPP(7, 0x0, 1, 1, 1)

				#define MPP7_GE0_TXD7        MPP(7, 0x1, 0, 1, 1)

				#define MPP7_GE1_TXD3        MPP(7, 0x2, 0, 1, 1)

				#define MPP7_GE0_TXD7        MPP(7, 0x1, 0, 0, 1)

				#define MPP7_GE1_TXD3        MPP(7, 0x2, 0, 0, 1)

				#define MPP7_UNUSED        MPP(7, 0x3, 0, 0, 1)

				#define MPP8_GPIO        MPP(8, 0x0, 1, 1, 1)

				#define MPP8_GE0_RXD4        MPP(8, 0x1, 1, 0, 1)

				#define MPP8_GE1_RXD0        MPP(8, 0x2, 1, 0, 1)

				#define MPP8_GE0_RXD4        MPP(8, 0x1, 0, 0, 1)

				#define MPP8_GE1_RXD0        MPP(8, 0x2, 0, 0, 1)

				#define MPP8_UNUSED        MPP(8, 0x3, 0, 0, 1)

				#define MPP9_GPIO        MPP(9, 0x0, 1, 1, 1)

				#define MPP9_GE0_RXD5        MPP(9, 0x1, 1, 0, 1)

				#define MPP9_GE1_RXD1        MPP(9, 0x2, 1, 0, 1)

				#define MPP9_GE0_RXD5        MPP(9, 0x1, 0, 0, 1)

				#define MPP9_GE1_RXD1        MPP(9, 0x2, 0, 0, 1)

				#define MPP9_UNUSED        MPP(9, 0x3, 0, 0, 1)

				#define MPP10_GPIO        MPP(10, 0x0, 1, 1, 1)

				#define MPP10_GE0_RXD6        MPP(10, 0x1, 1, 0, 1)

				#define MPP10_GE1_RXD2        MPP(10, 0x2, 1, 0, 1)

				#define MPP10_GE0_RXD6        MPP(10, 0x1, 0, 0, 1)

				#define MPP10_GE1_RXD2        MPP(10, 0x2, 0, 0, 1)

				#define MPP10_UNUSED        MPP(10, 0x3, 0, 0, 1)

				#define MPP11_GPIO        MPP(11, 0x0, 1, 1, 1)

				#define MPP11_GE0_RXD7        MPP(11, 0x1, 1, 0, 1)

				#define MPP11_GE1_RXD3        MPP(11, 0x2, 1, 0, 1)

				#define MPP11_GE0_RXD7        MPP(11, 0x1, 0, 0, 1)

				#define MPP11_GE1_RXD3        MPP(11, 0x2, 0, 0, 1)

				#define MPP11_UNUSED        MPP(11, 0x3, 0, 0, 1)

				#define MPP12_GPIO        MPP(12, 0x0, 1, 1, 1)

				#define MPP12_M_BB        MPP(12, 0x3, 1, 0, 1)

				#define MPP12_UA0_CTSn        MPP(12, 0x4, 1, 0, 1)

				#define MPP12_NAND_FLASH_REn0    MPP(12, 0x5, 0, 1, 1)

				#define MPP12_TDM0_SCSn        MPP(12, 0X6, 0, 1, 1)

				#define MPP12_M_BB        MPP(12, 0x3, 0, 0, 1)

				#define MPP12_UA0_CTSn        MPP(12, 0x4, 0, 0, 1)

				#define MPP12_NAND_FLASH_REn0    MPP(12, 0x5, 0, 0, 1)

				#define MPP12_TDM0_SCSn        MPP(12, 0X6, 0, 0, 1)

				#define MPP12_UNUSED        MPP(12, 0x1, 0, 0, 1)

				#define MPP13_GPIO        MPP(13, 0x0, 1, 1, 1)

				#define MPP13_SYSRST_OUTn    MPP(13, 0x3, 0, 1, 1)

				#define MPP13_UA0_RTSn        MPP(13, 0x4, 0, 1, 1)

				#define MPP13_NAN_FLASH_WEn0    MPP(13, 0x5, 0, 1, 1)

				#define MPP13_TDM_SCLK        MPP(13, 0x6, 0, 1, 1)

				#define MPP13_SYSRST_OUTn    MPP(13, 0x3, 0, 0, 1)

				#define MPP13_UA0_RTSn        MPP(13, 0x4, 0, 0, 1)

				#define MPP13_NAN_FLASH_WEn0    MPP(13, 0x5, 0, 0, 1)

				#define MPP13_TDM_SCLK        MPP(13, 0x6, 0, 0, 1)

				#define MPP13_UNUSED        MPP(13, 0x1, 0, 0, 1)

				#define MPP14_GPIO        MPP(14, 0x0, 1, 1, 1)

				#define MPP14_SATA1_ACTn    MPP(14, 0x3, 0, 1, 1)

				#define MPP14_UA1_CTSn        MPP(14, 0x4, 1, 0, 1)

				#define MPP14_NAND_FLASH_REn1    MPP(14, 0x5, 0, 1, 1)

				#define MPP14_TDM_SMOSI        MPP(14, 0x6, 0, 1, 1)

				#define MPP14_SATA1_ACTn    MPP(14, 0x3, 0, 0, 1)

				#define MPP14_UA1_CTSn        MPP(14, 0x4, 0, 0, 1)

				#define MPP14_NAND_FLASH_REn1    MPP(14, 0x5, 0, 0, 1)

				#define MPP14_TDM_SMOSI        MPP(14, 0x6, 0, 0, 1)

				#define MPP14_UNUSED        MPP(14, 0x1, 0, 0, 1)

				#define MPP15_GPIO        MPP(15, 0x0, 1, 1, 1)

				#define MPP15_SATA0_ACTn    MPP(15, 0x3, 0, 1, 1)

				#define MPP15_UA1_RTSn        MPP(15, 0x4, 0, 1, 1)

				#define MPP15_NAND_FLASH_WEn1    MPP(15, 0x5, 0, 1, 1)

				#define MPP15_TDM_SMISO        MPP(15, 0x6, 1, 0, 1)

				#define MPP15_SATA0_ACTn    MPP(15, 0x3, 0, 0, 1)

				#define MPP15_UA1_RTSn        MPP(15, 0x4, 0, 0, 1)

				#define MPP15_NAND_FLASH_WEn1    MPP(15, 0x5, 0, 0, 1)

				#define MPP15_TDM_SMISO        MPP(15, 0x6, 0, 0, 1)

				#define MPP15_UNUSED        MPP(15, 0x1, 0, 0, 1)

				#define MPP16_GPIO        MPP(16, 0x0, 1, 1, 1)

				#define MPP16_SATA1_PRESENTn    MPP(16, 0x3, 0, 1, 1)

				#define MPP16_UA2_TXD        MPP(16, 0x4, 0, 1, 1)

				#define MPP16_NAND_FLASH_REn3    MPP(16, 0x5, 0, 1, 1)

				#define MPP16_TDM_INTn        MPP(16, 0x6, 1, 0, 1)

				#define MPP16_SATA1_PRESENTn    MPP(16, 0x3, 0, 0, 1)

				#define MPP16_UA2_TXD        MPP(16, 0x4, 0, 0, 1)

				#define MPP16_NAND_FLASH_REn3    MPP(16, 0x5, 0, 0, 1)

				#define MPP16_TDM_INTn        MPP(16, 0x6, 0, 0, 1)

				#define MPP16_UNUSED        MPP(16, 0x1, 0, 0, 1)

				#define MPP17_GPIO        MPP(17, 0x0, 1, 1, 1)

				#define MPP17_SATA0_PRESENTn    MPP(17, 0x3, 0, 1, 1)

				#define MPP17_UA2_RXD        MPP(17, 0x4, 1, 0, 1)

				#define MPP17_NAND_FLASH_WEn3    MPP(17, 0x5, 0, 1, 1)

				#define MPP17_TDM_RSTn        MPP(17, 0x6, 0, 1, 1)

				#define MPP17_SATA0_PRESENTn    MPP(17, 0x3, 0, 0, 1)

				#define MPP17_UA2_RXD        MPP(17, 0x4, 0, 0, 1)

				#define MPP17_NAND_FLASH_WEn3    MPP(17, 0x5, 0, 0, 1)

				#define MPP17_TDM_RSTn        MPP(17, 0x6, 0, 0, 1)

				#define MPP17_UNUSED        MPP(17, 0x1, 0, 0, 1)

				#define MPP18_GPIO        MPP(18, 0x0, 1, 1, 1)

				#define MPP18_UA0_CTSn        MPP(18, 0x4, 1, 0, 1)

				#define MPP18_BOOT_FLASH_REn    MPP(18, 0x5, 0, 1, 1)

				#define MPP18_UA0_CTSn        MPP(18, 0x4, 0, 0, 1)

				#define MPP18_BOOT_FLASH_REn    MPP(18, 0x5, 0, 0, 1)

				#define MPP18_UNUSED        MPP(18, 0x1, 0, 0, 1)

				#define MPP19_GPIO        MPP(19, 0x0, 1, 1, 1)

				#define MPP19_UA0_CTSn        MPP(19, 0x4, 0, 1, 1)

				#define MPP19_BOOT_FLASH_WEn    MPP(19, 0x5, 0, 1, 1)

				#define MPP19_UA0_CTSn        MPP(19, 0x4, 0, 0, 1)

				#define MPP19_BOOT_FLASH_WEn    MPP(19, 0x5, 0, 0, 1)

				#define MPP19_UNUSED        MPP(19, 0x1, 0, 0, 1)

				#define MPP20_GPIO        MPP(20, 0x0, 1, 1, 1)

				#define MPP20_UA1_CTSs        MPP(20, 0x4, 1, 0, 1)

				#define MPP20_TDM_PCLK        MPP(20, 0x6, 1, 1, 0)

				#define MPP20_UA1_CTSs        MPP(20, 0x4, 0, 0, 1)

				#define MPP20_TDM_PCLK        MPP(20, 0x6, 0, 0, 0)

				#define MPP20_UNUSED        MPP(20, 0x1, 0, 0, 1)

				#define MPP21_GPIO        MPP(21, 0x0, 1, 1, 1)

				#define MPP21_UA1_CTSs        MPP(21, 0x4, 0, 1, 1)

				#define MPP21_TDM_FSYNC        MPP(21, 0x6, 1, 1, 0)

				#define MPP21_UA1_CTSs        MPP(21, 0x4, 0, 0, 1)

				#define MPP21_TDM_FSYNC        MPP(21, 0x6, 0, 0, 0)

				#define MPP21_UNUSED        MPP(21, 0x1, 0, 0, 1)

				#define MPP22_GPIO        MPP(22, 0x0, 1, 1, 1)

				#define MPP22_UA3_TDX        MPP(22, 0x4, 0, 1, 1)

				#define MPP22_NAND_FLASH_REn2    MPP(22, 0x5, 0, 1, 1)

				#define MPP22_TDM_DRX        MPP(22, 0x6, 1, 0, 1)

				#define MPP22_UA3_TDX        MPP(22, 0x4, 0, 0, 1)

				#define MPP22_NAND_FLASH_REn2    MPP(22, 0x5, 0, 0, 1)

				#define MPP22_TDM_DRX        MPP(22, 0x6, 0, 0, 1)

				#define MPP22_UNUSED        MPP(22, 0x1, 0, 0, 1)

				#define MPP23_GPIO        MPP(23, 0x0, 1, 1, 1)

				#define MPP23_UA3_RDX        MPP(23, 0x4, 1, 0, 1)

				#define MPP23_NAND_FLASH_WEn2    MPP(23, 0x5, 0, 1, 1)

				#define MPP23_TDM_DTX        MPP(23, 0x6, 0, 1, 1)

				#define MPP23_UA3_RDX        MPP(23, 0x4, 0, 0, 1)

				#define MPP23_NAND_FLASH_WEn2    MPP(23, 0x5, 0, 0, 1)

				#define MPP23_TDM_DTX        MPP(23, 0x6, 0, 0, 1)

				#define MPP23_UNUSED        MPP(23, 0x1, 0, 0, 1)

				#define MPP24_GPIO        MPP(24, 0x0, 1, 1, 1)

				#define MPP24_UA2_TXD        MPP(24, 0x4, 0, 1, 1)

				#define MPP24_TDM_INTn        MPP(24, 0x6, 1, 0, 1)

				#define MPP24_UA2_TXD        MPP(24, 0x4, 0, 0, 1)

				#define MPP24_TDM_INTn        MPP(24, 0x6, 0, 0, 1)

				#define MPP24_UNUSED        MPP(24, 0x1, 0, 0, 1)

				#define MPP25_GPIO        MPP(25, 0x0, 1, 1, 1)

				#define MPP25_UA2_RXD        MPP(25, 0x4, 1, 0, 1)

				#define MPP25_TDM_RSTn        MPP(25, 0x6, 0, 1, 1)

				#define MPP25_UA2_RXD        MPP(25, 0x4, 0, 0, 1)

				#define MPP25_TDM_RSTn        MPP(25, 0x6, 0, 0, 1)

				#define MPP25_UNUSED        MPP(25, 0x1, 0, 0, 1)

				#define MPP26_GPIO        MPP(26, 0x0, 1, 1, 1)

				#define MPP26_UA2_CTSn        MPP(26, 0x4, 1, 0, 1)

				#define MPP26_TDM_PCLK        MPP(26, 0x6, 1, 1, 1)

				#define MPP26_UA2_CTSn        MPP(26, 0x4, 0, 0, 1)

				#define MPP26_TDM_PCLK        MPP(26, 0x6, 0, 0, 1)

				#define MPP26_UNUSED        MPP(26, 0x1, 0, 0, 1)

				#define MPP27_GPIO        MPP(27, 0x0, 1, 1, 1)

				#define MPP27_UA2_RTSn        MPP(27, 0x4, 0, 1, 1)

				#define MPP27_TDM_FSYNC        MPP(27, 0x6, 1, 1, 1)

				#define MPP27_UA2_RTSn        MPP(27, 0x4, 0, 0, 1)

				#define MPP27_TDM_FSYNC        MPP(27, 0x6, 0, 0, 1)

				#define MPP27_UNUSED        MPP(27, 0x1, 0, 0, 1)

				#define MPP28_GPIO        MPP(28, 0x0, 1, 1, 1)

				#define MPP28_UA3_TXD        MPP(28, 0x4, 0, 1, 1)

				#define MPP28_TDM_DRX        MPP(28, 0x6, 1, 0, 1)

				#define MPP28_UA3_TXD        MPP(28, 0x4, 0, 0, 1)

				#define MPP28_TDM_DRX        MPP(28, 0x6, 0, 0, 1)

				#define MPP28_UNUSED        MPP(28, 0x1, 0, 0, 1)

				#define MPP29_GPIO        MPP(29, 0x0, 1, 1, 1)

				#define MPP29_UA3_RXD        MPP(29, 0x4, 1, 0, 1)

				#define MPP29_SYSRST_OUTn    MPP(29, 0x5, 0, 1, 1)

				#define MPP29_TDM_DTX        MPP(29, 0x6, 0, 1, 1)

				#define MPP29_UA3_RXD        MPP(29, 0x4, 0, 0, 1)

				#define MPP29_SYSRST_OUTn    MPP(29, 0x5, 0, 0, 1)

				#define MPP29_TDM_DTX        MPP(29, 0x6, 0, 0, 1)

				#define MPP29_UNUSED        MPP(29, 0x1, 0, 0, 1)

				#define MPP30_GPIO        MPP(30, 0x0, 1, 1, 1)

				#define MPP30_UA3_CTSn        MPP(30, 0x4, 1, 0, 1)

				#define MPP30_UA3_CTSn        MPP(30, 0x4, 0, 0, 1)

				#define MPP30_UNUSED        MPP(30, 0x1, 0, 0, 1)

				#define MPP31_GPIO        MPP(31, 0x0, 1, 1, 1)

				#define MPP31_UA3_RTSn        MPP(31, 0x4, 0, 1, 1)

				#define MPP31_TDM1_SCSn        MPP(31, 0x6, 0, 1, 1)

				#define MPP31_UA3_RTSn        MPP(31, 0x4, 0, 0, 1)

				#define MPP31_TDM1_SCSn        MPP(31, 0x6, 0, 0, 1)

				#define MPP31_UNUSED        MPP(31, 0x1, 0, 0, 1)

				#define MPP32_GPIO        MPP(32, 0x1, 1, 1, 1)

				#define MPP32_UA3_TDX        MPP(32, 0x4, 0, 1, 1)

				#define MPP32_SYSRST_OUTn    MPP(32, 0x5, 0, 1, 1)

				#define MPP32_TDM0_RXQ        MPP(32, 0x6, 0, 1, 1)

				#define MPP32_UA3_TDX        MPP(32, 0x4, 0, 0, 1)

				#define MPP32_SYSRST_OUTn    MPP(32, 0x5, 0, 0, 1)

				#define MPP32_TDM0_RXQ        MPP(32, 0x6, 0, 0, 1)

				#define MPP32_UNUSED        MPP(32, 0x3, 0, 0, 1)

				#define MPP33_GPIO        MPP(33, 0x1, 1, 1, 1)

				#define MPP33_UA3_RDX        MPP(33, 0x4, 1, 0, 1)

				#define MPP33_TDM0_TXQ        MPP(33, 0x6, 0, 1, 1)

				#define MPP33_UA3_RDX        MPP(33, 0x4, 0, 0, 1)

				#define MPP33_TDM0_TXQ        MPP(33, 0x6, 0, 0, 1)

				#define MPP33_UNUSED        MPP(33, 0x3, 0, 0, 1)

				#define MPP34_GPIO        MPP(34, 0x1, 1, 1, 1)

				#define MPP34_UA2_TDX        MPP(34, 0x4, 0, 1, 1)

				#define MPP34_TDM1_RXQ        MPP(34, 0x6, 0, 1, 1)

				#define MPP34_UA2_TDX        MPP(34, 0x4, 0, 0, 1)

				#define MPP34_TDM1_RXQ        MPP(34, 0x6, 0, 0, 1)

				#define MPP34_UNUSED        MPP(34, 0x3, 0, 0, 1)

				#define MPP35_GPIO        MPP(35, 0x1, 1, 1, 1)

				#define MPP35_UA2_RDX        MPP(35, 0x4, 1, 0, 1)

				#define MPP35_TDM1_TXQ        MPP(35, 0x6, 0, 1, 1)

				#define MPP35_UA2_RDX        MPP(35, 0x4, 0, 0, 1)

				#define MPP35_TDM1_TXQ        MPP(35, 0x6, 0, 0, 1)

				#define MPP35_UNUSED        MPP(35, 0x3, 0, 0, 1)

				#define MPP36_GPIO        MPP(36, 0x1, 1, 1, 1)

				#define MPP36_UA0_CTSn        MPP(36, 0x2, 1, 0, 1)

				#define MPP36_UA2_TDX        MPP(36, 0x4, 0, 1, 1)

				#define MPP36_TDM0_SCSn        MPP(36, 0x6, 0, 1, 1)

				#define MPP36_UA0_CTSn        MPP(36, 0x2, 0, 0, 1)

				#define MPP36_UA2_TDX        MPP(36, 0x4, 0, 0, 1)

				#define MPP36_TDM0_SCSn        MPP(36, 0x6, 0, 0, 1)

				#define MPP36_UNUSED        MPP(36, 0x3, 0, 0, 1)

				#define MPP37_GPIO        MPP(37, 0x1, 1, 1, 1)

				#define MPP37_UA0_RTSn        MPP(37, 0x2, 0, 1, 1)

				#define MPP37_UA2_RXD        MPP(37, 0x4, 1, 0, 1)

				#define MPP37_SYSRST_OUTn    MPP(37, 0x5, 0, 1, 1)

				#define MPP37_TDM_SCLK        MPP(37, 0x6, 0, 1, 1)

				#define MPP37_UA0_RTSn        MPP(37, 0x2, 0, 0, 1)

				#define MPP37_UA2_RXD        MPP(37, 0x4, 0, 0, 1)

				#define MPP37_SYSRST_OUTn    MPP(37, 0x5, 0, 0, 1)

				#define MPP37_TDM_SCLK        MPP(37, 0x6, 0, 0, 1)

				#define MPP37_UNUSED        MPP(37, 0x3, 0, 0, 1)

				#define MPP38_GPIO        MPP(38, 0x1, 1, 1, 1)

				#define MPP38_UA1_CTSn        MPP(38, 0x2, 1, 0, 1)

				#define MPP38_UA3_TXD        MPP(38, 0x4, 0, 1, 1)

				#define MPP38_SYSRST_OUTn    MPP(38, 0x5, 0, 1, 1)

				#define MPP38_TDM_SMOSI        MPP(38, 0x6, 0, 1, 1)

				#define MPP38_UA1_CTSn        MPP(38, 0x2, 0, 0, 1)

				#define MPP38_UA3_TXD        MPP(38, 0x4, 0, 0, 1)

				#define MPP38_SYSRST_OUTn    MPP(38, 0x5, 0, 0, 1)

				#define MPP38_TDM_SMOSI        MPP(38, 0x6, 0, 0, 1)

				#define MPP38_UNUSED        MPP(38, 0x3, 0, 0, 1)

				#define MPP39_GPIO        MPP(39, 0x1, 1, 1, 1)

				#define MPP39_UA1_RTSn        MPP(39, 0x2, 0, 1, 1)

				#define MPP39_UA3_RXD        MPP(39, 0x4, 1, 0, 1)

				#define MPP39_SYSRST_OUTn    MPP(39, 0x5, 0, 1, 1)

				#define MPP39_TDM_SMISO        MPP(39, 0x6, 1, 0, 1)

				#define MPP39_UA1_RTSn        MPP(39, 0x2, 0, 0, 1)

				#define MPP39_UA3_RXD        MPP(39, 0x4, 0, 0, 1)

				#define MPP39_SYSRST_OUTn    MPP(39, 0x5, 0, 0, 1)

				#define MPP39_TDM_SMISO        MPP(39, 0x6, 0, 0, 1)

				#define MPP39_UNUSED        MPP(39, 0x3, 0, 0, 1)

				#define MPP40_GPIO        MPP(40, 0x1, 1, 1, 1)

				#define MPP40_TDM_INTn        MPP(40, 0x6, 1, 0, 1)

				#define MPP40_TDM_INTn        MPP(40, 0x6, 0, 0, 1)

				#define MPP40_UNUSED        MPP(40, 0x0, 0, 0, 1)

				#define MPP41_GPIO        MPP(41, 0x1, 1, 1, 1)

				#define MPP41_TDM_RSTn        MPP(41, 0x6, 0, 1, 1)

				#define MPP41_TDM_RSTn        MPP(41, 0x6, 0, 0, 1)

				#define MPP41_UNUSED        MPP(41, 0x0, 0, 0, 1)

				#define MPP42_GPIO        MPP(42, 0x1, 1, 1, 1)

				#define MPP42_TDM_PCLK        MPP(42, 0x6, 1, 1, 1)

				#define MPP42_TDM_PCLK        MPP(42, 0x6, 0, 0, 1)

				#define MPP42_UNUSED        MPP(42, 0x0, 0, 0, 1)

				#define MPP43_GPIO        MPP(43, 0x1, 1, 1, 1)

				#define MPP43_TDM_FSYNC        MPP(43, 0x6, 1, 1, 1)

				#define MPP43_TDM_FSYNC        MPP(43, 0x6, 0, 0, 1)

				#define MPP43_UNUSED        MPP(43, 0x0, 0, 0, 1)

				#define MPP44_GPIO        MPP(44, 0x1, 1, 1, 1)

				#define MPP44_TDM_DRX        MPP(44, 0x6, 1, 0, 1)

				#define MPP44_TDM_DRX        MPP(44, 0x6, 0, 0, 1)

				#define MPP44_UNUSED        MPP(44, 0x0, 0, 0, 1)

				#define MPP45_GPIO        MPP(45, 0x1, 1, 1, 1)

				#define MPP45_SATA0_ACTn    MPP(45, 0x3, 0, 1, 1)

				#define MPP45_TDM_DRX        MPP(45, 0x6, 0, 1, 1)

				#define MPP45_SATA0_ACTn    MPP(45, 0x3, 0, 0, 1)

				#define MPP45_TDM_DRX        MPP(45, 0x6, 0, 0, 1)

				#define MPP45_UNUSED        MPP(45, 0x0, 0, 0, 1)

				#define MPP46_GPIO        MPP(46, 0x1, 1, 1, 1)

				#define MPP46_TDM_SCSn        MPP(46, 0x6, 0, 1, 1)

				#define MPP46_TDM_SCSn        MPP(46, 0x6, 0, 0, 1)

				#define MPP46_UNUSED        MPP(46, 0x0, 0, 0, 1)

				@ -323,14 +323,14 @@

				#define MPP48_GPIO        MPP(48, 0x1, 1, 1, 1)

				#define MPP48_SATA1_ACTn    MPP(48, 0x3, 0, 1, 1)

				#define MPP48_SATA1_ACTn    MPP(48, 0x3, 0, 0, 1)

				#define MPP48_UNUSED        MPP(48, 0x2, 0, 0, 1)

				#define MPP49_GPIO        MPP(49, 0x1, 1, 1, 1)

				#define MPP49_SATA0_ACTn    MPP(49, 0x3, 0, 1, 1)

				#define MPP49_M_BB        MPP(49, 0x4, 1, 0, 1)

				#define MPP49_SATA0_ACTn    MPP(49, 0x3, 0, 0, 1)

				#define MPP49_M_BB        MPP(49, 0x4, 0, 0, 1)

				#define MPP49_UNUSED        MPP(49, 0x2, 0, 0, 1)

									
										22

arch/arm/mach-omap2/board-4430sdp.c
									
												View File
												
				@ -52,8 +52,9 @@

				#define ETH_KS8851_QUART		138

				#define OMAP4_SFH7741_SENSOR_OUTPUT_GPIO	184

				#define OMAP4_SFH7741_ENABLE_GPIO		188

				#define HDMI_GPIO_HPD 60 /* Hot plug pin for HDMI */

				#define HDMI_GPIO_CT_CP_HPD 60 /* HPD mode enable/disable */

				#define HDMI_GPIO_LS_OE 41 /* Level shifter for HDMI */

				#define HDMI_GPIO_HPD  63 /* Hotplug detect */

				#define DISPLAY_SEL_GPIO	59	/* LCD2/PicoDLP switch */

				#define DLP_POWER_ON_GPIO	40

				@ -597,12 +598,8 @@ static void __init omap_sfh7741prox_init(void)

				static void sdp4430_hdmi_mux_init(void)

				{

					/* PAD0_HDMI_HPD_PAD1_HDMI_CEC */

					omap_mux_init_signal("hdmi_hpd",

							OMAP_PIN_INPUT_PULLUP);

					omap_mux_init_signal("hdmi_cec",

							OMAP_PIN_INPUT_PULLUP);

					/* PAD0_HDMI_DDC_SCL_PAD1_HDMI_DDC_SDA */

					omap_mux_init_signal("hdmi_ddc_scl",

							OMAP_PIN_INPUT_PULLUP);

					omap_mux_init_signal("hdmi_ddc_sda",

				@ -610,8 +607,9 @@ static void sdp4430_hdmi_mux_init(void)

				}

				static struct gpio sdp4430_hdmi_gpios[] = {

					{ HDMI_GPIO_HPD,	GPIOF_OUT_INIT_HIGH,	"hdmi_gpio_hpd"   },

					{ HDMI_GPIO_CT_CP_HPD, GPIOF_OUT_INIT_HIGH, "hdmi_gpio_ct_cp_hpd" },

					{ HDMI_GPIO_LS_OE,	GPIOF_OUT_INIT_HIGH,	"hdmi_gpio_ls_oe" },

					{ HDMI_GPIO_HPD, GPIOF_DIR_IN, "hdmi_gpio_hpd" },

				};

				static int sdp4430_panel_enable_hdmi(struct omap_dss_device *dssdev)

				@ -628,8 +626,7 @@ static int sdp4430_panel_enable_hdmi(struct omap_dss_device *dssdev)

				static void sdp4430_panel_disable_hdmi(struct omap_dss_device *dssdev)

				{

					gpio_free(HDMI_GPIO_LS_OE);

					gpio_free(HDMI_GPIO_HPD);

					gpio_free_array(sdp4430_hdmi_gpios, ARRAY_SIZE(sdp4430_hdmi_gpios));

				}

				static struct nokia_dsi_panel_data dsi1_panel = {

				@ -745,6 +742,10 @@ static void sdp4430_lcd_init(void)

						pr_err("%s: Could not get lcd2_reset_gpio\n", __func__);

				}

				static struct omap_dss_hdmi_data sdp4430_hdmi_data = {

					.hpd_gpio = HDMI_GPIO_HPD,

				};

				static struct omap_dss_device sdp4430_hdmi_device = {

					.name = "hdmi",

					.driver_name = "hdmi_panel",

				@ -752,6 +753,7 @@ static struct omap_dss_device sdp4430_hdmi_device = {

					.platform_enable = sdp4430_panel_enable_hdmi,

					.platform_disable = sdp4430_panel_disable_hdmi,

					.channel = OMAP_DSS_CHANNEL_DIGIT,

					.data = &sdp4430_hdmi_data,

				};

				static struct picodlp_panel_data sdp4430_picodlp_pdata = {

				@ -829,6 +831,10 @@ static void omap_4430sdp_display_init(void)

					sdp4430_hdmi_mux_init();

					sdp4430_picodlp_init();

					omap_display_init(&sdp4430_dss_data);

					omap_mux_init_gpio(HDMI_GPIO_LS_OE, OMAP_PIN_OUTPUT);

					omap_mux_init_gpio(HDMI_GPIO_CT_CP_HPD, OMAP_PIN_OUTPUT);

					omap_mux_init_gpio(HDMI_GPIO_HPD, OMAP_PIN_INPUT_PULLDOWN);

				}

				#ifdef CONFIG_OMAP_MUX

									
										22

arch/arm/mach-omap2/board-omap4panda.c
									
												View File
												
				@ -51,8 +51,9 @@

				#define GPIO_HUB_NRESET		62

				#define GPIO_WIFI_PMENA		43

				#define GPIO_WIFI_IRQ		53

				#define HDMI_GPIO_HPD 60 /* Hot plug pin for HDMI */

				#define HDMI_GPIO_CT_CP_HPD 60 /* HPD mode enable/disable */

				#define HDMI_GPIO_LS_OE 41 /* Level shifter for HDMI */

				#define HDMI_GPIO_HPD  63 /* Hotplug detect */

				/* wl127x BT, FM, GPS connectivity chip */

				static int wl1271_gpios[] = {46, -1, -1};

				@ -481,12 +482,8 @@ int __init omap4_panda_dvi_init(void)

				static void omap4_panda_hdmi_mux_init(void)

				{

					/* PAD0_HDMI_HPD_PAD1_HDMI_CEC */

					omap_mux_init_signal("hdmi_hpd",

							OMAP_PIN_INPUT_PULLUP);

					omap_mux_init_signal("hdmi_cec",

							OMAP_PIN_INPUT_PULLUP);

					/* PAD0_HDMI_DDC_SCL_PAD1_HDMI_DDC_SDA */

					omap_mux_init_signal("hdmi_ddc_scl",

							OMAP_PIN_INPUT_PULLUP);

					omap_mux_init_signal("hdmi_ddc_sda",

				@ -494,8 +491,9 @@ static void omap4_panda_hdmi_mux_init(void)

				}

				static struct gpio panda_hdmi_gpios[] = {

					{ HDMI_GPIO_HPD,	GPIOF_OUT_INIT_HIGH, "hdmi_gpio_hpd"   },

					{ HDMI_GPIO_CT_CP_HPD, GPIOF_OUT_INIT_HIGH, "hdmi_gpio_ct_cp_hpd" },

					{ HDMI_GPIO_LS_OE,	GPIOF_OUT_INIT_HIGH, "hdmi_gpio_ls_oe" },

					{ HDMI_GPIO_HPD, GPIOF_DIR_IN, "hdmi_gpio_hpd" },

				};

				static int omap4_panda_panel_enable_hdmi(struct omap_dss_device *dssdev)

				@ -512,10 +510,13 @@ static int omap4_panda_panel_enable_hdmi(struct omap_dss_device *dssdev)

				static void omap4_panda_panel_disable_hdmi(struct omap_dss_device *dssdev)

				{

					gpio_free(HDMI_GPIO_LS_OE);

					gpio_free(HDMI_GPIO_HPD);

					gpio_free_array(panda_hdmi_gpios, ARRAY_SIZE(panda_hdmi_gpios));

				}

				static struct omap_dss_hdmi_data omap4_panda_hdmi_data = {

					.hpd_gpio = HDMI_GPIO_HPD,

				};

				static struct omap_dss_device  omap4_panda_hdmi_device = {

					.name = "hdmi",

					.driver_name = "hdmi_panel",

				@ -523,6 +524,7 @@ static struct omap_dss_device  omap4_panda_hdmi_device = {

					.platform_enable = omap4_panda_panel_enable_hdmi,

					.platform_disable = omap4_panda_panel_disable_hdmi,

					.channel = OMAP_DSS_CHANNEL_DIGIT,

					.data = &omap4_panda_hdmi_data,

				};

				static struct omap_dss_device *omap4_panda_dss_devices[] = {

				@ -546,6 +548,10 @@ void omap4_panda_display_init(void)

					omap4_panda_hdmi_mux_init();

					omap_display_init(&omap4_panda_dss_data);

					omap_mux_init_gpio(HDMI_GPIO_LS_OE, OMAP_PIN_OUTPUT);

					omap_mux_init_gpio(HDMI_GPIO_CT_CP_HPD, OMAP_PIN_OUTPUT);

					omap_mux_init_gpio(HDMI_GPIO_HPD, OMAP_PIN_INPUT_PULLDOWN);

				}

				static void __init omap4_panda_init(void)

									
										6

arch/arm/mach-omap2/gpmc.c
									
												View File
												
				@ -528,7 +528,13 @@ int gpmc_cs_configure(int cs, int cmd, int wval)

					case GPMC_CONFIG_DEV_SIZE:

						regval  = gpmc_cs_read_reg(cs, GPMC_CS_CONFIG1);

						/* clear 2 target bits */

						regval &= ~GPMC_CONFIG1_DEVICESIZE(3);

						/* set the proper value */

						regval |= GPMC_CONFIG1_DEVICESIZE(wval);

						gpmc_cs_write_reg(cs, GPMC_CS_CONFIG1, regval);

						break;

									
										3

arch/arm/mach-omap2/omap-iommu.c
									
												View File
												
				@ -150,7 +150,8 @@ err_out:

						platform_device_put(omap_iommu_pdev[i]);

					return err;

				}

				module_init(omap_iommu_init);

				/* must be ready before omap3isp is probed */

				subsys_initcall(omap_iommu_init);

				static void __exit omap_iommu_exit(void)

				{

									
										4

arch/arm/mach-omap2/omap_hwmod_3xxx_data.c
									
												View File
												
				@ -3247,18 +3247,14 @@ static __initdata struct omap_hwmod *omap3xxx_hwmods[] = {

				/* 3430ES1-only hwmods */

				static __initdata struct omap_hwmod *omap3430es1_hwmods[] = {

					&omap3xxx_iva_hwmod,

					&omap3430es1_dss_core_hwmod,

					&omap3xxx_mailbox_hwmod,

					NULL

				};

				/* 3430ES2+-only hwmods */

				static __initdata struct omap_hwmod *omap3430es2plus_hwmods[] = {

					&omap3xxx_iva_hwmod,

					&omap3xxx_dss_core_hwmod,

					&omap3xxx_usbhsotg_hwmod,

					&omap3xxx_mailbox_hwmod,

					NULL

				};

									
										5

arch/arm/mach-omap2/vp.c
									
												View File
												
				@ -41,6 +41,11 @@ void __init omap_vp_init(struct voltagedomain *voltdm)

					u32 val, sys_clk_rate, timeout, waittime;

					u32 vddmin, vddmax, vstepmin, vstepmax;

					if (!voltdm->pmic || !voltdm->pmic->uv_to_vsel) {

						pr_err("%s: No PMIC info for vdd_%s\n", __func__, voltdm->name);

						return;

					}

					if (!voltdm->read || !voltdm->write) {

						pr_err("%s: No read/write API for accessing vdd_%s regs\n",

							__func__, voltdm->name);

									
										4

arch/arm/mach-orion5x/common.c
									
												View File
												
				@ -29,6 +29,7 @@

				#include <mach/hardware.h>

				#include <mach/orion5x.h>

				#include <plat/orion_nand.h>

				#include <plat/ehci-orion.h>

				#include <plat/time.h>

				#include <plat/common.h>

				#include "common.h"

				@ -72,7 +73,8 @@ void __init orion5x_map_io(void)

				void __init orion5x_ehci0_init(void)

				{

					orion_ehci_init(&orion5x_mbus_dram_info,

							ORION5X_USB0_PHYS_BASE, IRQ_ORION5X_USB0_CTRL);

							ORION5X_USB0_PHYS_BASE, IRQ_ORION5X_USB0_CTRL,

							EHCI_PHY_ORION);

				}

1

arch/arm/mach-ux500/Kconfig

View File

 @ -7,6 +7,7 @@ config UX500_SOC_COMMON
 	select HAS_MTU
 	select ARM_ERRATA_753970
 	select ARM_ERRATA_754322
 	select ARM_ERRATA_764369
 menu "Ux500 SoC"

									
										2

arch/arm/mach-ux500/board-mop500-sdi.c
									
												View File
												
				@ -233,6 +233,8 @@ void __init snowball_sdi_init(void)

				{

					u32 periphid = 0x10480180;

					/* On Snowball MMC_CAP_SD_HIGHSPEED isn't supported on sdi0 */

					mop500_sdi0_data.capabilities &= ~MMC_CAP_SD_HIGHSPEED;

					mop500_sdi2_data.capabilities |= MMC_CAP_MMC_HIGHSPEED;

					/* On-board eMMC */

									
										6

arch/arm/mm/cache-v7.S
									
												View File
												
				@ -54,9 +54,15 @@ loop1:

					and	r1, r1, #7			@ mask of the bits for current cache only

					cmp	r1, #2				@ see what cache we have at this level

					blt	skip				@ skip if no cache, or just i-cache

				#ifdef CONFIG_PREEMPT

					save_and_disable_irqs_notrace r9	@ make cssr&csidr read atomic

				#endif

					mcr	p15, 2, r10, c0, c0, 0		@ select current cache level in cssr

					isb					@ isb to sych the new cssr&csidr

					mrc	p15, 1, r1, c0, c0, 0		@ read the new csidr

				#ifdef CONFIG_PREEMPT

					restore_irqs_notrace r9

				#endif

					and	r2, r1, #7			@ extract the length of the cache lines

					add	r2, r2, #4			@ add 4 (line length offset)

					ldr	r4, =0x3ff

									
										16

arch/arm/mm/proc-v7.S
									
												View File
												
				@ -271,10 +271,6 @@ ENDPROC(cpu_v7_do_resume)

				 *	Initialise TLB, Caches, and MMU state ready to switch the MMU

				 *	on.  Return in r0 the new CP15 C1 control register setting.

				 *

				 *	We automatically detect if we have a Harvard cache, and use the

				 *	Harvard cache control instructions insead of the unified cache

				 *	control instructions.

				 *

				 *	This should be able to cover all ARMv7 cores.

				 *

				 *	It is assumed that:

				@ -356,24 +352,22 @@ __v7_setup:

					mcreq	p15, 0, r10, c15, c0, 1		@ write diagnostic register

				#endif

				#ifdef CONFIG_ARM_ERRATA_743622

					teq	r6, #0x20			@ present in r2p0

					teqne	r6, #0x21			@ present in r2p1

					teqne	r6, #0x22			@ present in r2p2

					teq	r5, #0x00200000			@ only present in r2p*

					mrceq	p15, 0, r10, c15, c0, 1		@ read diagnostic register

					orreq	r10, r10, #1 << 6		@ set bit #6

					mcreq	p15, 0, r10, c15, c0, 1		@ write diagnostic register

				#endif

				#ifdef CONFIG_ARM_ERRATA_751472

					cmp	r6, #0x30			@ present prior to r3p0

				#if defined(CONFIG_ARM_ERRATA_751472) && defined(CONFIG_SMP)

					ALT_SMP(cmp r6, #0x30)			@ present prior to r3p0

					ALT_UP_B(1f)

					mrclt	p15, 0, r10, c15, c0, 1		@ read diagnostic register

					orrlt	r10, r10, #1 << 11		@ set bit #11

					mcrlt	p15, 0, r10, c15, c0, 1		@ write diagnostic register

				1:

				#endif

				3:	mov	r10, #0

				#ifdef HARVARD_CACHE

					mcr	p15, 0, r10, c7, c5, 0		@ I+BTB cache invalidate

				#endif

					dsb

				#ifdef CONFIG_MMU

					mcr	p15, 0, r10, c8, c7, 0		@ invalidate I + D TLBs

									
										2

arch/arm/oprofile/common.c
									
												View File
												
				@ -116,7 +116,7 @@ int __init oprofile_arch_init(struct oprofile_operations *ops)

					return oprofile_perf_init(ops);

				}

				void __exit oprofile_arch_exit(void)

				void oprofile_arch_exit(void)

				{

					oprofile_perf_exit();

				}

									
										2

arch/arm/plat-mxc/cpufreq.c
									
												View File
												
				@ -98,7 +98,7 @@ static int mxc_set_target(struct cpufreq_policy *policy,

					return ret;

				}

				static int __init mxc_cpufreq_init(struct cpufreq_policy *policy)

				static int mxc_cpufreq_init(struct cpufreq_policy *policy)

				{

					int ret;

					int i;

									
										1

arch/arm/plat-mxc/include/mach/uncompress.h
									
												View File
												
				@ -98,6 +98,7 @@ static __inline__ void __arch_decomp_setup(unsigned long arch_id)

					case MACH_TYPE_PCM043:

					case MACH_TYPE_LILLY1131:

					case MACH_TYPE_VPR200:

					case MACH_TYPE_EUKREA_CPUIMX35SD:

						uart_base = MX3X_UART1_BASE_ADDR;

						break;

					case MACH_TYPE_MAGX_ZN5:

									
										9

arch/arm/plat-mxc/pwm.c
									
												View File
												
				@ -77,6 +77,15 @@ int pwm_config(struct pwm_device *pwm, int duty_ns, int period_ns)

						do_div(c, period_ns);

						duty_cycles = c;

						/*

						 * according to imx pwm RM, the real period value should be

						 * PERIOD value in PWMPR plus 2.

						 */

						if (period_cycles > 2)

							period_cycles -= 2;

						else

							period_cycles = 0;

						writel(duty_cycles, pwm->mmio_base + MX3_PWMSAR);

						writel(period_cycles, pwm->mmio_base + MX3_PWMPR);

									
										9

arch/arm/plat-orion/common.c
									
												View File
												
				@ -806,10 +806,7 @@ void __init orion_xor1_init(unsigned long mapbase_low,

				/*****************************************************************************

				 * EHCI

				 ****************************************************************************/

				static struct orion_ehci_data orion_ehci_data = {

					.phy_version	= EHCI_PHY_NA,

				};

				static struct orion_ehci_data orion_ehci_data;

				static u64 ehci_dmamask = DMA_BIT_MASK(32);

				@ -830,9 +827,11 @@ static struct platform_device orion_ehci = {

				void __init orion_ehci_init(struct mbus_dram_target_info *mbus_dram_info,

							    unsigned long mapbase,

							    unsigned long irq)

							    unsigned long irq,

							    enum orion_ehci_phy_ver phy_version)

				{

					orion_ehci_data.dram = mbus_dram_info;

					orion_ehci_data.phy_version = phy_version;

					fill_resources(&orion_ehci, orion_ehci_resources, mapbase, SZ_4K - 1,

						       irq);

									
										6

arch/arm/plat-orion/gpio.c
									
												View File
												
				@ -384,12 +384,16 @@ void __init orion_gpio_init(int gpio_base, int ngpio,

					struct orion_gpio_chip *ochip;

					struct irq_chip_generic *gc;

					struct irq_chip_type *ct;

					char gc_label[16];

					if (orion_gpio_chip_count == ARRAY_SIZE(orion_gpio_chips))

						return;

					snprintf(gc_label, sizeof(gc_label), "orion_gpio%d",

						orion_gpio_chip_count);

					ochip = orion_gpio_chips + orion_gpio_chip_count;

					ochip->chip.label = "orion_gpio";

					ochip->chip.label = kstrdup(gc_label, GFP_KERNEL);

					ochip->chip.request = orion_gpio_request;

					ochip->chip.direction_input = orion_gpio_direction_input;

					ochip->chip.get = orion_gpio_get;

									
										3

arch/arm/plat-orion/include/plat/common.h
									
												View File
												
				@ -95,7 +95,8 @@ void __init orion_xor1_init(unsigned long mapbase_low,

				void __init orion_ehci_init(struct mbus_dram_target_info *mbus_dram_info,

							    unsigned long mapbase,

							    unsigned long irq);

							    unsigned long irq,

							    enum orion_ehci_phy_ver phy_version);

				void __init orion_ehci_1_init(struct mbus_dram_target_info *mbus_dram_info,

							      unsigned long mapbase,

									
										3

arch/arm/plat-orion/mpp.c
									
												View File
												
				@ -64,8 +64,7 @@ void __init orion_mpp_conf(unsigned int *mpp_list, unsigned int variant_mask,

							gpio_mode |= GPIO_INPUT_OK;

						if (*mpp_list & MPP_OUTPUT_MASK)

							gpio_mode |= GPIO_OUTPUT_OK;

						if (sel != 0)

							gpio_mode = 0;

						orion_gpio_set_valid(num, gpio_mode);

					}

									
										2

arch/arm/plat-s3c24xx/dma.c
									
												View File
												
				@ -1249,7 +1249,7 @@ static void s3c2410_dma_resume(void)

					struct s3c2410_dma_chan *cp = s3c2410_chans + dma_channels - 1;

					int channel;

					for (channel = dma_channels - 1; channel >= 0; cp++, channel--)

					for (channel = dma_channels - 1; channel >= 0; cp--, channel--)

						s3c2410_dma_resume_chan(cp);

				}

									
										25

arch/arm/plat-samsung/include/plat/cpu-freq-core.h
									
												View File
												
				@ -202,14 +202,6 @@ extern int s3c_plltab_register(struct cpufreq_frequency_table *plls,

				extern struct s3c_cpufreq_config *s3c_cpufreq_getconfig(void);

				extern struct s3c_iotimings *s3c_cpufreq_getiotimings(void);

				extern void s3c2410_iotiming_debugfs(struct seq_file *seq,

								     struct s3c_cpufreq_config *cfg,

								     union s3c_iobank *iob);

				extern void s3c2412_iotiming_debugfs(struct seq_file *seq,

								     struct s3c_cpufreq_config *cfg,

								     union s3c_iobank *iob);

				#ifdef CONFIG_CPU_FREQ_S3C24XX_DEBUGFS

				#define s3c_cpufreq_debugfs_call(x) x

				#else

				@ -226,6 +218,10 @@ extern void s3c2410_cpufreq_setrefresh(struct s3c_cpufreq_config *cfg);

				extern void s3c2410_set_fvco(struct s3c_cpufreq_config *cfg);

				#ifdef CONFIG_S3C2410_IOTIMING

				extern void s3c2410_iotiming_debugfs(struct seq_file *seq,

								     struct s3c_cpufreq_config *cfg,

								     union s3c_iobank *iob);

				extern int s3c2410_iotiming_calc(struct s3c_cpufreq_config *cfg,

								 struct s3c_iotimings *iot);

				@ -235,6 +231,7 @@ extern int s3c2410_iotiming_get(struct s3c_cpufreq_config *cfg,

				extern void s3c2410_iotiming_set(struct s3c_cpufreq_config *cfg,

								 struct s3c_iotimings *iot);

				#else

				#define s3c2410_iotiming_debugfs NULL

				#define s3c2410_iotiming_calc NULL

				#define s3c2410_iotiming_get NULL

				#define s3c2410_iotiming_set NULL

				@ -242,8 +239,10 @@ extern void s3c2410_iotiming_set(struct s3c_cpufreq_config *cfg,

				/* S3C2412 compatible routines */

				extern int s3c2412_iotiming_get(struct s3c_cpufreq_config *cfg,

								struct s3c_iotimings *timings);

				#ifdef CONFIG_S3C2412_IOTIMING

				extern void s3c2412_iotiming_debugfs(struct seq_file *seq,

								     struct s3c_cpufreq_config *cfg,

								     union s3c_iobank *iob);

				extern int s3c2412_iotiming_get(struct s3c_cpufreq_config *cfg,

								struct s3c_iotimings *timings);

				@ -253,6 +252,12 @@ extern int s3c2412_iotiming_calc(struct s3c_cpufreq_config *cfg,

				extern void s3c2412_iotiming_set(struct s3c_cpufreq_config *cfg,

								 struct s3c_iotimings *iot);

				#else

				#define s3c2412_iotiming_debugfs NULL

				#define s3c2412_iotiming_calc NULL

				#define s3c2412_iotiming_get NULL

				#define s3c2412_iotiming_set NULL

				#endif /* CONFIG_S3C2412_IOTIMING */

				#ifdef CONFIG_CPU_FREQ_S3C24XX_DEBUG

				#define s3c_freq_dbg(x...) printk(KERN_INFO x)

1

arch/avr32/Kconfig

View File

 @ -8,6 +8,7 @@ config AVR32
 	select HAVE_KPROBES
 	select HAVE_GENERIC_HARDIRQS
 	select GENERIC_IRQ_PROBE
 	select GENERIC_ATOMIC64
 	select HARDIRQS_SW_RESEND
 	select GENERIC_IRQ_SHOW
 	select ARCH_HAVE_NMI_SAFE_CMPXCHG

									
										1

arch/ia64/include/asm/cputime.h
									
												View File
												
				@ -60,6 +60,7 @@ typedef u64 cputime64_t;

				 */

				#define cputime_to_usecs(__ct)		((__ct) / NSEC_PER_USEC)

				#define usecs_to_cputime(__usecs)	((__usecs) * NSEC_PER_USEC)

				#define usecs_to_cputime64(__usecs)	usecs_to_cputime(__usecs)

				/*

				 * Convert cputime <-> seconds

									
										10

arch/ia64/kernel/acpi.c
									
												View File
												
				@ -429,22 +429,24 @@ static u32 __devinitdata pxm_flag[PXM_FLAG_LEN];

				static struct acpi_table_slit __initdata *slit_table;

				cpumask_t early_cpu_possible_map = CPU_MASK_NONE;

				static int get_processor_proximity_domain(struct acpi_srat_cpu_affinity *pa)

				static int __init

				get_processor_proximity_domain(struct acpi_srat_cpu_affinity *pa)

				{

					int pxm;

					pxm = pa->proximity_domain_lo;

					if (ia64_platform_is("sn2"))

					if (ia64_platform_is("sn2") || acpi_srat_revision >= 2)

						pxm += pa->proximity_domain_hi[0] << 8;

					return pxm;

				}

				static int get_memory_proximity_domain(struct acpi_srat_mem_affinity *ma)

				static int __init

				get_memory_proximity_domain(struct acpi_srat_mem_affinity *ma)

				{

					int pxm;

					pxm = ma->proximity_domain;

					if (!ia64_platform_is("sn2"))

					if (!ia64_platform_is("sn2") && acpi_srat_revision <= 1)

						pxm &= 0xff;

					return pxm;

									
										8

arch/m68k/atari/config.c
									
												View File
												
				@ -414,9 +414,9 @@ void __init config_atari(void)

									 * FDC val = 4 -> Supervisor only */

						asm volatile ("\n"

							"	.chip	68030\n"

							"	pmove	%0@,%/tt1\n"

							"	pmove	%0,%/tt1\n"

							"	.chip	68k"

							: : "a" (&tt1_val));

							: : "m" (tt1_val));

					} else {

					        asm volatile ("\n"

							"	.chip	68040\n"

				@ -569,10 +569,10 @@ static void atari_reset(void)

							: "d0");

					} else

						asm volatile ("\n"

							"	pmove	%0@,%%tc\n"

							"	pmove	%0,%%tc\n"

							"	jmp	%1@"

							: /* no outputs */

							: "a" (&tc_val), "a" (reset_addr));

							: "m" (tc_val), "a" (reset_addr));

				}

									
										4

arch/m68k/kernel/process_mm.c
									
												View File
												
				@ -189,8 +189,8 @@ void flush_thread(void)

					current->thread.fs = __USER_DS;

					if (!FPU_IS_EMU)

						asm volatile (".chip 68k/68881\n\t"

							      "frestore %0@\n\t"

							      ".chip 68k" : : "a" (&zero));

							      "frestore %0\n\t"

							      ".chip 68k" : : "m" (zero));

				}

				/*

									
										4

arch/m68k/kernel/process_no.c
									
												View File
												
				@ -163,8 +163,8 @@ void flush_thread(void)

				#ifdef CONFIG_FPU

					if (!FPU_IS_EMU)

						asm volatile (".chip 68k/68881\n\t"

							      "frestore %0@\n\t"

							      ".chip 68k" : : "a" (&zero));

							      "frestore %0\n\t"

							      ".chip 68k" : : "m" (zero));

				#endif

				}

									
										36

arch/m68k/kernel/traps.c
									
												View File
												
				@ -552,13 +552,13 @@ static inline void bus_error030 (struct frame *fp)

				#ifdef DEBUG

						asm volatile ("ptestr %3,%2@,#7,%0\n\t"

							      "pmove %%psr,%1@"

							      : "=a&" (desc)

							      : "a" (&temp), "a" (addr), "d" (ssw));

							      "pmove %%psr,%1"

							      : "=a&" (desc), "=m" (temp)

							      : "a" (addr), "d" (ssw));

				#else

						asm volatile ("ptestr %2,%1@,#7\n\t"

							      "pmove %%psr,%0@"

							      : : "a" (&temp), "a" (addr), "d" (ssw));

							      "pmove %%psr,%0"

							      : "=m" (temp) : "a" (addr), "d" (ssw));

				#endif

						mmusr = temp;

				@ -605,20 +605,18 @@ static inline void bus_error030 (struct frame *fp)

							       !(ssw & RW) ? "write" : "read", addr,

							       fp->ptregs.pc, ssw);

							asm volatile ("ptestr #1,%1@,#0\n\t"

								      "pmove %%psr,%0@"

								      : /* no outputs */

								      : "a" (&temp), "a" (addr));

								      "pmove %%psr,%0"

								      : "=m" (temp)

								      : "a" (addr));

							mmusr = temp;

							printk ("level 0 mmusr is %#x\n", mmusr);

				#if 0

							asm volatile ("pmove %%tt0,%0@"

								      : /* no outputs */

								      : "a" (&tlong));

							asm volatile ("pmove %%tt0,%0"

								      : "=m" (tlong));

							printk("tt0 is %#lx, ", tlong);

							asm volatile ("pmove %%tt1,%0@"

								      : /* no outputs */

								      : "a" (&tlong));

							asm volatile ("pmove %%tt1,%0"

								      : "=m" (tlong));

							printk("tt1 is %#lx\n", tlong);

				#endif

				#ifdef DEBUG

				@ -668,13 +666,13 @@ static inline void bus_error030 (struct frame *fp)

				#ifdef DEBUG

					asm volatile ("ptestr #1,%2@,#7,%0\n\t"

						      "pmove %%psr,%1@"

						      : "=a&" (desc)

						      : "a" (&temp), "a" (addr));

						      "pmove %%psr,%1"

						      : "=a&" (desc), "=m" (temp)

						      : "a" (addr));

				#else

					asm volatile ("ptestr #1,%1@,#7\n\t"

						      "pmove %%psr,%0@"

						      : : "a" (&temp), "a" (addr));

						      "pmove %%psr,%0"

						      : "=m" (temp) : "a" (addr));

				#endif

					mmusr = temp;

									
										6

arch/m68k/mm/cache.c
									
												View File
												
				@ -52,9 +52,9 @@ static unsigned long virt_to_phys_slow(unsigned long vaddr)

						unsigned long *descaddr;

						asm volatile ("ptestr %3,%2@,#7,%0\n\t"

							      "pmove %%psr,%1@"

							      : "=a&" (descaddr)

							      : "a" (&mmusr), "a" (vaddr), "d" (get_fs().seg));

							      "pmove %%psr,%1"

							      : "=a&" (descaddr), "=m" (mmusr)

							      : "a" (vaddr), "d" (get_fs().seg));

						if (mmusr & (MMU_I|MMU_B|MMU_L))

							return 0;

						descaddr = phys_to_virt((unsigned long)descaddr);

									
										2

arch/powerpc/include/asm/cputime.h
									
												View File
												
				@ -150,6 +150,8 @@ static inline cputime_t usecs_to_cputime(const unsigned long us)

					return ct;

				}

				#define usecs_to_cputime64(us)		usecs_to_cputime(us)

				/*

				 * Convert cputime <-> seconds

				 */

									
										33

arch/powerpc/include/asm/kvm_book3s.h
									
												View File
												
				@ -381,39 +381,6 @@ static inline bool kvmppc_critical_section(struct kvm_vcpu *vcpu)

				}

				#endif

				static inline unsigned long compute_tlbie_rb(unsigned long v, unsigned long r,

									     unsigned long pte_index)

				{

					unsigned long rb, va_low;

					rb = (v & ~0x7fUL) << 16;		/* AVA field */

					va_low = pte_index >> 3;

					if (v & HPTE_V_SECONDARY)

						va_low = ~va_low;

					/* xor vsid from AVA */

					if (!(v & HPTE_V_1TB_SEG))

						va_low ^= v >> 12;

					else

						va_low ^= v >> 24;

					va_low &= 0x7ff;

					if (v & HPTE_V_LARGE) {

						rb |= 1;			/* L field */

						if (cpu_has_feature(CPU_FTR_ARCH_206) &&

						    (r & 0xff000)) {

							/* non-16MB large page, must be 64k */

							/* (masks depend on page size) */

							rb |= 0x1000;		/* page encoding in LP field */

							rb |= (va_low & 0x7f) << 16; /* 7b of VA in AVA/LP field */

							rb |= (va_low & 0xfe);	/* AVAL field (P7 doesn't seem to care) */

						}

					} else {

						/* 4kB page */

						rb |= (va_low & 0x7ff) << 12;	/* remaining 11b of VA */

					}

					rb |= (v >> 54) & 0x300;		/* B field */

					return rb;

				}

				/* Magic register values loaded into r3 and r4 before the 'sc' assembly

				 * instruction for the OSI hypercalls */

				#define OSI_SC_MAGIC_R3			0x113724FA

									
										33

arch/powerpc/include/asm/kvm_book3s_64.h
									
												View File
												
				@ -29,4 +29,37 @@ static inline struct kvmppc_book3s_shadow_vcpu *to_svcpu(struct kvm_vcpu *vcpu)

				#define SPAPR_TCE_SHIFT		12

				static inline unsigned long compute_tlbie_rb(unsigned long v, unsigned long r,

									     unsigned long pte_index)

				{

					unsigned long rb, va_low;

					rb = (v & ~0x7fUL) << 16;		/* AVA field */

					va_low = pte_index >> 3;

					if (v & HPTE_V_SECONDARY)

						va_low = ~va_low;

					/* xor vsid from AVA */

					if (!(v & HPTE_V_1TB_SEG))

						va_low ^= v >> 12;

					else

						va_low ^= v >> 24;

					va_low &= 0x7ff;

					if (v & HPTE_V_LARGE) {

						rb |= 1;			/* L field */

						if (cpu_has_feature(CPU_FTR_ARCH_206) &&

						    (r & 0xff000)) {

							/* non-16MB large page, must be 64k */

							/* (masks depend on page size) */

							rb |= 0x1000;		/* page encoding in LP field */

							rb |= (va_low & 0x7f) << 16; /* 7b of VA in AVA/LP field */

							rb |= (va_low & 0xfe);	/* AVAL field (P7 doesn't seem to care) */

						}

					} else {

						/* 4kB page */

						rb |= (va_low & 0x7ff) << 12;	/* remaining 11b of VA */

					}

					rb |= (v >> 54) & 0x300;		/* B field */

					return rb;

				}

				#endif /* __ASM_KVM_BOOK3S_64_H__ */

									
										2

arch/powerpc/include/asm/time.h
									
												View File
												
				@ -219,5 +219,7 @@ DECLARE_PER_CPU(struct cpu_usage, cpu_usage_array);

				extern void secondary_cpu_time_init(void);

				extern void iSeries_time_init_early(void);

				extern void decrementer_check_overflow(void);

				#endif /* __KERNEL__ */

				#endif /* __POWERPC_TIME_H */

									
										15

arch/powerpc/kernel/irq.c
									
												View File
												
				@ -164,16 +164,13 @@ notrace void arch_local_irq_restore(unsigned long en)

					 */

					local_paca->hard_enabled = en;

				#ifndef CONFIG_BOOKE

					/* On server, re-trigger the decrementer if it went negative since

					 * some processors only trigger on edge transitions of the sign bit.

					 *

					 * BookE has a level sensitive decrementer (latches in TSR) so we

					 * don't need that

					/*

					 * Trigger the decrementer if we have a pending event. Some processors

					 * only trigger on edge transitions of the sign bit. We might also

					 * have disabled interrupts long enough that the decrementer wrapped

					 * to positive.

					 */

					if ((int)mfspr(SPRN_DEC) < 0)

						mtspr(SPRN_DEC, 1);

				#endif /* CONFIG_BOOKE */

					decrementer_check_overflow();

					/*

					 * Force the delivery of pending soft-disabled interrupts on PS3.

									
										8

arch/powerpc/kernel/perf_event.c
									
												View File
												
				@ -865,6 +865,7 @@ static void power_pmu_start(struct perf_event *event, int ef_flags)

				{

					unsigned long flags;

					s64 left;

					unsigned long val;

					if (!event->hw.idx || !event->hw.sample_period)

						return;

				@ -880,7 +881,12 @@ static void power_pmu_start(struct perf_event *event, int ef_flags)

					event->hw.state = 0;

					left = local64_read(&event->hw.period_left);

					write_pmc(event->hw.idx, left);

					val = 0;

					if (left < 0x80000000L)

						val = 0x80000000L - left;

					write_pmc(event->hw.idx, val);

					perf_event_update_userpage(event);

					perf_pmu_enable(event->pmu);

									
										9

arch/powerpc/kernel/time.c
									
												View File
												
				@ -889,6 +889,15 @@ static void __init clocksource_init(void)

					       clock->name, clock->mult, clock->shift);

				}

				void decrementer_check_overflow(void)

				{

					u64 now = get_tb_or_rtc();

					struct decrementer_clock *decrementer = &__get_cpu_var(decrementers);

					if (now >= decrementer->next_tb)

						set_dec(1);

				}

				static int decrementer_set_next_event(unsigned long evt,

								      struct clock_event_device *dev)

				{

									
										2

arch/powerpc/kvm/book3s_hv.c
									
												View File
												
				@ -538,7 +538,7 @@ static void kvmppc_start_thread(struct kvm_vcpu *vcpu)

					tpaca->kvm_hstate.napping = 0;

					vcpu->cpu = vc->pcpu;

					smp_wmb();

				#ifdef CONFIG_PPC_ICP_NATIVE

				#if defined(CONFIG_PPC_ICP_NATIVE) && defined(CONFIG_SMP)

					if (vcpu->arch.ptid) {

						tpaca->cpu_start = 0x80;

						wmb();

									
										2

arch/powerpc/kvm/book3s_pr.c
									
												View File
												
				@ -658,10 +658,12 @@ program_interrupt:

							ulong cmd = kvmppc_get_gpr(vcpu, 3);

							int i;

				#ifdef CONFIG_KVM_BOOK3S_64_PR

							if (kvmppc_h_pr(vcpu, cmd) == EMULATE_DONE) {

								r = RESUME_GUEST;

								break;

							}

				#endif

							run->papr_hcall.nr = cmd;

							for (i = 0; i < 9; ++i) {

									
										1

arch/powerpc/kvm/e500.c
									
												View File
												
				@ -15,6 +15,7 @@

				#include <linux/kvm_host.h>

				#include <linux/slab.h>

				#include <linux/err.h>

				#include <linux/export.h>

				#include <asm/reg.h>

				#include <asm/cputable.h>

									
										4

arch/powerpc/platforms/pseries/hvCall_inst.c
									
												View File
												
				@ -109,7 +109,7 @@ static void probe_hcall_entry(void *ignored, unsigned long opcode, unsigned long

					if (opcode > MAX_HCALL_OPCODE)

						return;

					h = &get_cpu_var(hcall_stats)[opcode / 4];

					h = &__get_cpu_var(hcall_stats)[opcode / 4];

					h->tb_start = mftb();

					h->purr_start = mfspr(SPRN_PURR);

				}

				@ -126,8 +126,6 @@ static void probe_hcall_exit(void *ignored, unsigned long opcode, unsigned long

					h->num_calls++;

					h->tb_total += mftb() - h->tb_start;

					h->purr_total += mfspr(SPRN_PURR) - h->purr_start;

					put_cpu_var(hcall_stats);

				}

				static int __init hcall_inst_init(void)

									
										2

arch/powerpc/platforms/pseries/lpar.c
									
												View File
												
				@ -554,6 +554,7 @@ void __trace_hcall_entry(unsigned long opcode, unsigned long *args)

						goto out;

					(*depth)++;

					preempt_disable();

					trace_hcall_entry(opcode, args);

					(*depth)--;

				@ -576,6 +577,7 @@ void __trace_hcall_exit(long opcode, unsigned long retval,

					(*depth)++;

					trace_hcall_exit(opcode, retval, retbuf);

					preempt_enable();

					(*depth)--;

				out:

3

arch/s390/Kconfig

View File

 @ -230,6 +230,9 @@ config COMPAT
 config SYSVIPC_COMPAT
 	def_bool y if COMPAT && SYSVIPC
 config KEYS_COMPAT
 	def_bool y if COMPAT && KEYS
 config AUDIT_ARCH
 	def_bool y

									
										7

arch/s390/include/asm/compat.h
									
												View File
												
				@ -172,13 +172,6 @@ static inline int is_compat_task(void)

					return is_32bit_task();

				}

				#else

				static inline int is_compat_task(void)

				{

					return 0;

				}

				#endif

				static inline void __user *arch_compat_alloc_user_space(long len)

									
										2

arch/s390/include/asm/cputime.h
									
												View File
												
				@ -87,6 +87,8 @@ usecs_to_cputime(const unsigned int m)

					return (cputime_t) m * 4096;

				}

				#define usecs_to_cputime64(m)		usecs_to_cputime(m)

				/*

				 * Convert cputime to milliseconds and back.

				 */

									
										1

arch/s390/kernel/process.c
									
												View File
												
				@ -29,7 +29,6 @@

				#include <asm/irq.h>

				#include <asm/timer.h>

				#include <asm/nmi.h>

				#include <asm/compat.h>

				#include <asm/smp.h>

				#include "entry.h"

									
										2

arch/s390/kernel/ptrace.c
									
												View File
												
				@ -20,8 +20,8 @@

				#include <linux/regset.h>

				#include <linux/tracehook.h>

				#include <linux/seccomp.h>

				#include <linux/compat.h>

				#include <trace/syscall.h>

				#include <asm/compat.h>

				#include <asm/segment.h>

				#include <asm/page.h>

				#include <asm/pgtable.h>

									
										2

arch/s390/kernel/setup.c
									
												View File
												
				@ -45,6 +45,7 @@

				#include <linux/kexec.h>

				#include <linux/crash_dump.h>

				#include <linux/memory.h>

				#include <linux/compat.h>

				#include <asm/ipl.h>

				#include <asm/uaccess.h>

				@ -58,7 +59,6 @@

				#include <asm/ptrace.h>

				#include <asm/sections.h>

				#include <asm/ebcdic.h>

				#include <asm/compat.h>

				#include <asm/kvm_virtio.h>

				#include <asm/diag.h>

									
										1

arch/s390/kernel/signal.c
									
												View File
												
				@ -30,7 +30,6 @@

				#include <asm/ucontext.h>

				#include <asm/uaccess.h>

				#include <asm/lowcore.h>

				#include <asm/compat.h>

				#include "entry.h"

				#define _BLOCKABLE (~(sigmask(SIGKILL) | sigmask(SIGSTOP)))

									
										7

arch/s390/kernel/time.c
									
												View File
												
				@ -113,11 +113,14 @@ static void fixup_clock_comparator(unsigned long long delta)

				static int s390_next_ktime(ktime_t expires,

							   struct clock_event_device *evt)

				{

					struct timespec ts;

					u64 nsecs;

					nsecs = ktime_to_ns(ktime_sub(expires, ktime_get_monotonic_offset()));

					ts.tv_sec = ts.tv_nsec = 0;

					monotonic_to_bootbased(&ts);

					nsecs = ktime_to_ns(ktime_add(timespec_to_ktime(ts), expires));

					do_div(nsecs, 125);

					S390_lowcore.clock_comparator = TOD_UNIX_EPOCH + (nsecs << 9);

					S390_lowcore.clock_comparator = sched_clock_base_cc + (nsecs << 9);

					set_clock_comparator(S390_lowcore.clock_comparator);

					return 0;

				}

									
										1

arch/s390/mm/fault.c
									
												View File
												
				@ -36,7 +36,6 @@

				#include <asm/pgtable.h>

				#include <asm/irq.h>

				#include <asm/mmu_context.h>

				#include <asm/compat.h>

				#include "../kernel/entry.h"

				#ifndef CONFIG_64BIT

									
										2

arch/s390/mm/mmap.c
									
												View File
												
				@ -29,8 +29,8 @@

				#include <linux/mman.h>

				#include <linux/module.h>

				#include <linux/random.h>

				#include <linux/compat.h>

				#include <asm/pgalloc.h>

				#include <asm/compat.h>

				static unsigned long stack_maxrandom_size(void)

				{

									
										2

arch/score/kernel/entry.S
									
												View File
												
				@ -408,7 +408,7 @@ ENTRY(handle_sys)

					sw	r9, [r0, PT_EPC]

					cmpi.c	r27, __NR_syscalls 	# check syscall number

					bgtu	illegal_syscall

					bgeu	illegal_syscall

					slli	r8, r27, 2		# get syscall routine

					la	r11, sys_call_table

									
										4

arch/sh/oprofile/common.c
									
												View File
												
				@ -49,7 +49,7 @@ int __init oprofile_arch_init(struct oprofile_operations *ops)

					return oprofile_perf_init(ops);

				}

				void __exit oprofile_arch_exit(void)

				void oprofile_arch_exit(void)

				{

					oprofile_perf_exit();

					kfree(sh_pmu_op_name);

				@ -60,5 +60,5 @@ int __init oprofile_arch_init(struct oprofile_operations *ops)

					ops->backtrace = sh_backtrace;

					return -ENODEV;

				}

				void __exit oprofile_arch_exit(void) {}

				void oprofile_arch_exit(void) {}

				#endif /* CONFIG_HW_PERF_EVENTS */

									
										2

arch/sparc/Makefile
									
												View File
												
				@ -31,7 +31,7 @@ UTS_MACHINE    := sparc

				#KBUILD_CFLAGS += -g -pipe -fcall-used-g5 -fcall-used-g7

				KBUILD_CFLAGS += -m32 -pipe -mno-fpu -fcall-used-g5 -fcall-used-g7

				KBUILD_AFLAGS += -m32

				KBUILD_AFLAGS += -m32 -Wa,-Av8

				#LDFLAGS_vmlinux = -N -Ttext 0xf0004000

				#  Since 2.5.40, the first stage is left not btfix-ed.

									
										2

arch/x86/include/asm/amd_nb.h
									
												View File
												
				@ -1,6 +1,7 @@

				#ifndef _ASM_X86_AMD_NB_H

				#define _ASM_X86_AMD_NB_H

				#include <linux/ioport.h>

				#include <linux/pci.h>

				struct amd_nb_bus_dev_range {

				@ -13,6 +14,7 @@ extern const struct pci_device_id amd_nb_misc_ids[];

				extern const struct amd_nb_bus_dev_range amd_nb_bus_dev_ranges[];

				extern bool early_is_amd_nb(u32 value);

				extern struct resource *amd_get_mmconfig_range(struct resource *res);

				extern int amd_cache_northbridges(void);

				extern void amd_flush_garts(void);

				extern int amd_numa_init(void);

									
										284

arch/x86/include/asm/i387.h
									
												View File
												
				@ -29,8 +29,8 @@ extern unsigned int sig_xstate_size;

				extern void fpu_init(void);

				extern void mxcsr_feature_mask_init(void);

				extern int init_fpu(struct task_struct *child);

				extern asmlinkage void math_state_restore(void);

				extern void __math_state_restore(void);

				extern void __math_state_restore(struct task_struct *);

				extern void math_state_restore(void);

				extern int dump_fpu(struct pt_regs *, struct user_i387_struct *);

				extern user_regset_active_fn fpregs_active, xfpregs_active;

				@ -212,19 +212,11 @@ static inline void fpu_fxsave(struct fpu *fpu)

				#endif	/* CONFIG_X86_64 */

				/* We need a safe address that is cheap to find and that is already

				   in L1 during context switch. The best choices are unfortunately

				   different for UP and SMP */

				#ifdef CONFIG_SMP

				#define safe_address (__per_cpu_offset[0])

				#else

				#define safe_address (kstat_cpu(0).cpustat.user)

				#endif

				/*

				 * These must be called with preempt disabled

				 * These must be called with preempt disabled. Returns

				 * 'true' if the FPU state is still intact.

				 */

				static inline void fpu_save_init(struct fpu *fpu)

				static inline int fpu_save_init(struct fpu *fpu)

				{

					if (use_xsave()) {

						fpu_xsave(fpu);

				@ -233,33 +225,33 @@ static inline void fpu_save_init(struct fpu *fpu)

						 * xsave header may indicate the init state of the FP.

						 */

						if (!(fpu->state->xsave.xsave_hdr.xstate_bv & XSTATE_FP))

							return;

							return 1;

					} else if (use_fxsr()) {

						fpu_fxsave(fpu);

					} else {

						asm volatile("fnsave %[fx]; fwait"

							     : [fx] "=m" (fpu->state->fsave));

						return;

						return 0;

					}

					if (unlikely(fpu->state->fxsave.swd & X87_FSW_ES))

					/*

					 * If exceptions are pending, we need to clear them so

					 * that we don't randomly get exceptions later.

					 *

					 * FIXME! Is this perhaps only true for the old-style

					 * irq13 case? Maybe we could leave the x87 state

					 * intact otherwise?

					 */

					if (unlikely(fpu->state->fxsave.swd & X87_FSW_ES)) {

						asm volatile("fnclex");

					/* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception

					   is pending.  Clear the x87 state here by setting it to fixed

					   values. safe_address is a random variable that should be in L1 */

					alternative_input(

						ASM_NOP8 ASM_NOP2,

						"emms\n\t"	  	/* clear stack tags */

						"fildl %P[addr]",	/* set F?P to defined value */

						X86_FEATURE_FXSAVE_LEAK,

						[addr] "m" (safe_address));

						return 0;

					}

					return 1;

				}

				static inline void __save_init_fpu(struct task_struct *tsk)

				static inline int __save_init_fpu(struct task_struct *tsk)

				{

					fpu_save_init(&tsk->thread.fpu);

					task_thread_info(tsk)->status &= ~TS_USEDFPU;

					return fpu_save_init(&tsk->thread.fpu);

				}

				static inline int fpu_fxrstor_checking(struct fpu *fpu)

				@ -280,40 +272,186 @@ static inline int restore_fpu_checking(struct task_struct *tsk)

					return fpu_restore_checking(&tsk->thread.fpu);

				}

				/*

				 * Software FPU state helpers. Careful: these need to

				 * be preemption protection *and* they need to be

				 * properly paired with the CR0.TS changes!

				 */

				static inline int __thread_has_fpu(struct task_struct *tsk)

				{

					return tsk->thread.has_fpu;

				}

				/* Must be paired with an 'stts' after! */

				static inline void __thread_clear_has_fpu(struct task_struct *tsk)

				{

					tsk->thread.has_fpu = 0;

				}

				/* Must be paired with a 'clts' before! */

				static inline void __thread_set_has_fpu(struct task_struct *tsk)

				{

					tsk->thread.has_fpu = 1;

				}

				/*

				 * Encapsulate the CR0.TS handling together with the

				 * software flag.

				 *

				 * These generally need preemption protection to work,

				 * do try to avoid using these on their own.

				 */

				static inline void __thread_fpu_end(struct task_struct *tsk)

				{

					__thread_clear_has_fpu(tsk);

					stts();

				}

				static inline void __thread_fpu_begin(struct task_struct *tsk)

				{

					clts();

					__thread_set_has_fpu(tsk);

				}

				/*

				 * FPU state switching for scheduling.

				 *

				 * This is a two-stage process:

				 *

				 *  - switch_fpu_prepare() saves the old state and

				 *    sets the new state of the CR0.TS bit. This is

				 *    done within the context of the old process.

				 *

				 *  - switch_fpu_finish() restores the new state as

				 *    necessary.

				 */

				typedef struct { int preload; } fpu_switch_t;

				/*

				 * FIXME! We could do a totally lazy restore, but we need to

				 * add a per-cpu "this was the task that last touched the FPU

				 * on this CPU" variable, and the task needs to have a "I last

				 * touched the FPU on this CPU" and check them.

				 *

				 * We don't do that yet, so "fpu_lazy_restore()" always returns

				 * false, but some day..

				 */

				#define fpu_lazy_restore(tsk) (0)

				#define fpu_lazy_state_intact(tsk) do { } while (0)

				static inline fpu_switch_t switch_fpu_prepare(struct task_struct *old, struct task_struct *new)

				{

					fpu_switch_t fpu;

					fpu.preload = tsk_used_math(new) && new->fpu_counter > 5;

					if (__thread_has_fpu(old)) {

						if (__save_init_fpu(old))

							fpu_lazy_state_intact(old);

						__thread_clear_has_fpu(old);

						old->fpu_counter++;

						/* Don't change CR0.TS if we just switch! */

						if (fpu.preload) {

							__thread_set_has_fpu(new);

							prefetch(new->thread.fpu.state);

						} else

							stts();

					} else {

						old->fpu_counter = 0;

						if (fpu.preload) {

							if (fpu_lazy_restore(new))

								fpu.preload = 0;

							else

								prefetch(new->thread.fpu.state);

							__thread_fpu_begin(new);

						}

					}

					return fpu;

				}

				/*

				 * By the time this gets called, we've already cleared CR0.TS and

				 * given the process the FPU if we are going to preload the FPU

				 * state - all we need to do is to conditionally restore the register

				 * state itself.

				 */

				static inline void switch_fpu_finish(struct task_struct *new, fpu_switch_t fpu)

				{

					if (fpu.preload)

						__math_state_restore(new);

				}

				/*

				 * Signal frame handlers...

				 */

				extern int save_i387_xstate(void __user *buf);

				extern int restore_i387_xstate(void __user *buf);

				static inline void __unlazy_fpu(struct task_struct *tsk)

				{

					if (task_thread_info(tsk)->status & TS_USEDFPU) {

						__save_init_fpu(tsk);

						stts();

					} else

						tsk->fpu_counter = 0;

				}

				static inline void __clear_fpu(struct task_struct *tsk)

				{

					if (task_thread_info(tsk)->status & TS_USEDFPU) {

					if (__thread_has_fpu(tsk)) {

						/* Ignore delayed exceptions from user space */

						asm volatile("1: fwait\n"

							     "2:\n"

							     _ASM_EXTABLE(1b, 2b));

						task_thread_info(tsk)->status &= ~TS_USEDFPU;

						stts();

						__thread_fpu_end(tsk);

					}

				}

				/*

				 * Were we in an interrupt that interrupted kernel mode?

				 *

				 * We can do a kernel_fpu_begin/end() pair *ONLY* if that

				 * pair does nothing at all: the thread must not have fpu (so

				 * that we don't try to save the FPU state), and TS must

				 * be set (so that the clts/stts pair does nothing that is

				 * visible in the interrupted kernel thread).

				 */

				static inline bool interrupted_kernel_fpu_idle(void)

				{

					return !__thread_has_fpu(current) &&

						(read_cr0() & X86_CR0_TS);

				}

				/*

				 * Were we in user mode (or vm86 mode) when we were

				 * interrupted?

				 *

				 * Doing kernel_fpu_begin/end() is ok if we are running

				 * in an interrupt context from user mode - we'll just

				 * save the FPU state as required.

				 */

				static inline bool interrupted_user_mode(void)

				{

					struct pt_regs *regs = get_irq_regs();

					return regs && user_mode_vm(regs);

				}

				/*

				 * Can we use the FPU in kernel mode with the

				 * whole "kernel_fpu_begin/end()" sequence?

				 *

				 * It's always ok in process context (ie "not interrupt")

				 * but it is sometimes ok even from an irq.

				 */

				static inline bool irq_fpu_usable(void)

				{

					return !in_interrupt() ||

						interrupted_user_mode() ||

						interrupted_kernel_fpu_idle();

				}

				static inline void kernel_fpu_begin(void)

				{

					struct thread_info *me = current_thread_info();

					struct task_struct *me = current;

					WARN_ON_ONCE(!irq_fpu_usable());

					preempt_disable();

					if (me->status & TS_USEDFPU)

						__save_init_fpu(me->task);

					else

					if (__thread_has_fpu(me)) {

						__save_init_fpu(me);

						__thread_clear_has_fpu(me);

						/* We do 'stts()' in kernel_fpu_end() */

					} else

						clts();

				}

				@ -323,14 +461,6 @@ static inline void kernel_fpu_end(void)

					preempt_enable();

				}

				static inline bool irq_fpu_usable(void)

				{

					struct pt_regs *regs;

					return !in_interrupt() || !(regs = get_irq_regs()) || \

						user_mode(regs) || (read_cr0() & X86_CR0_TS);

				}

				/*

				 * Some instructions like VIA's padlock instructions generate a spurious

				 * DNA fault but don't modify SSE registers. And these instructions

				@ -362,21 +492,65 @@ static inline void irq_ts_restore(int TS_state)

						stts();

				}

				/*

				 * The question "does this thread have fpu access?"

				 * is slightly racy, since preemption could come in

				 * and revoke it immediately after the test.

				 *

				 * However, even in that very unlikely scenario,

				 * we can just assume we have FPU access - typically

				 * to save the FP state - we'll just take a #NM

				 * fault and get the FPU access back.

				 *

				 * The actual user_fpu_begin/end() functions

				 * need to be preemption-safe, though.

				 *

				 * NOTE! user_fpu_end() must be used only after you

				 * have saved the FP state, and user_fpu_begin() must

				 * be used only immediately before restoring it.

				 * These functions do not do any save/restore on

				 * their own.

				 */

				static inline int user_has_fpu(void)

				{

					return __thread_has_fpu(current);

				}

				static inline void user_fpu_end(void)

				{

					preempt_disable();

					__thread_fpu_end(current);

					preempt_enable();

				}

				static inline void user_fpu_begin(void)

				{

					preempt_disable();

					if (!user_has_fpu())

						__thread_fpu_begin(current);

					preempt_enable();

				}

				/*

				 * These disable preemption on their own and are safe

				 */

				static inline void save_init_fpu(struct task_struct *tsk)

				{

					WARN_ON_ONCE(!__thread_has_fpu(tsk));

					preempt_disable();

					__save_init_fpu(tsk);

					stts();

					__thread_fpu_end(tsk);

					preempt_enable();

				}

				static inline void unlazy_fpu(struct task_struct *tsk)

				{

					preempt_disable();

					__unlazy_fpu(tsk);

					if (__thread_has_fpu(tsk)) {

						__save_init_fpu(tsk);

						__thread_fpu_end(tsk);

					} else

						tsk->fpu_counter = 0;

					preempt_enable();

				}

									
										8

arch/x86/include/asm/perf_event.h
									
												View File
												
				@ -212,4 +212,12 @@ static inline perf_guest_switch_msr *perf_guest_get_msrs(int *nr)

				static inline void perf_events_lapic_init(void)	{ }

				#endif

				#if defined(CONFIG_PERF_EVENTS) && defined(CONFIG_CPU_SUP_AMD)

				 extern void amd_pmu_enable_virt(void);

				 extern void amd_pmu_disable_virt(void);

				#else

				 static inline void amd_pmu_enable_virt(void) { }

				 static inline void amd_pmu_disable_virt(void) { }

				#endif

				#endif /* _ASM_X86_PERF_EVENT_H */

									
										1

arch/x86/include/asm/processor.h
									
												View File
												
				@ -456,6 +456,7 @@ struct thread_struct {

					unsigned long		trap_no;

					unsigned long		error_code;

					/* floating point and extended processor state */

					unsigned long		has_fpu;

					struct fpu		fpu;

				#ifdef CONFIG_X86_32

					/* Virtual 86 mode info */

									
										2

arch/x86/include/asm/thread_info.h
									
												View File
												
				@ -242,8 +242,6 @@ static inline struct thread_info *current_thread_info(void)

				 * ever touches our thread-synchronous status, so we don't

				 * have to worry about atomic accesses.

				 */

				#define TS_USEDFPU		0x0001	/* FPU was used by this task

									   this quantum (SMP) */

				#define TS_COMPAT		0x0002	/* 32bit syscall active (64BIT)*/

				#define TS_POLLING		0x0004	/* idle task polling need_resched,

									   skip sending interrupt */

									
										106

arch/x86/include/asm/uv/uv_bau.h
									
												View File
												
				@ -65,7 +65,7 @@

				 * UV2: Bit 19 selects between

				 *  (0): 10 microsecond timebase and

				 *  (1): 80 microseconds

				 *  we're using 655us, similar to UV1: 65 units of 10us

				 *  we're using 560us, similar to UV1: 65 units of 10us

				 */

				#define UV1_INTD_SOFT_ACK_TIMEOUT_PERIOD (9UL)

				#define UV2_INTD_SOFT_ACK_TIMEOUT_PERIOD (15UL)

				@ -167,6 +167,7 @@

				#define FLUSH_RETRY_TIMEOUT		2

				#define FLUSH_GIVEUP			3

				#define FLUSH_COMPLETE			4

				#define FLUSH_RETRY_BUSYBUG		5

				/*

				 * tuning the action when the numalink network is extremely delayed

				@ -235,10 +236,10 @@ struct bau_msg_payload {

				/*

				 * Message header:  16 bytes (128 bits) (bytes 0x30-0x3f of descriptor)

				 * UV1 Message header:  16 bytes (128 bits) (bytes 0x30-0x3f of descriptor)

				 * see table 4.2.3.0.1 in broacast_assist spec.

				 */

				struct bau_msg_header {

				struct uv1_bau_msg_header {

					unsigned int	dest_subnodeid:6;	/* must be 0x10, for the LB */

					/* bits 5:0 */

					unsigned int	base_dest_nasid:15;	/* nasid of the first bit */

				@ -317,20 +318,88 @@ struct bau_msg_header {

					/* bits 127:107 */

				};

				/*

				 * UV2 Message header:  16 bytes (128 bits) (bytes 0x30-0x3f of descriptor)

				 * see figure 9-2 of harp_sys.pdf

				 */

				struct uv2_bau_msg_header {

					unsigned int	base_dest_nasid:15;	/* nasid of the first bit */

					/* bits 14:0 */				/* in uvhub map */

					unsigned int	dest_subnodeid:5;	/* must be 0x10, for the LB */

					/* bits 19:15 */

					unsigned int	rsvd_1:1;		/* must be zero */

					/* bit 20 */

					/* Address bits 59:21 */

					/* bits 25:2 of address (44:21) are payload */

					/* these next 24 bits become bytes 12-14 of msg */

					/* bits 28:21 land in byte 12 */

					unsigned int	replied_to:1;		/* sent as 0 by the source to

										   byte 12 */

					/* bit 21 */

					unsigned int	msg_type:3;		/* software type of the

										   message */

					/* bits 24:22 */

					unsigned int	canceled:1;		/* message canceled, resource

										   is to be freed*/

					/* bit 25 */

					unsigned int	payload_1:3;		/* not currently used */

					/* bits 28:26 */

					/* bits 36:29 land in byte 13 */

					unsigned int	payload_2a:3;		/* not currently used */

					unsigned int	payload_2b:5;		/* not currently used */

					/* bits 36:29 */

					/* bits 44:37 land in byte 14 */

					unsigned int	payload_3:8;		/* not currently used */

					/* bits 44:37 */

					unsigned int	rsvd_2:7;		/* reserved */

					/* bits 51:45 */

					unsigned int	swack_flag:1;		/* software acknowledge flag */

					/* bit 52 */

					unsigned int	rsvd_3a:3;		/* must be zero */

					unsigned int	rsvd_3b:8;		/* must be zero */

					unsigned int	rsvd_3c:8;		/* must be zero */

					unsigned int	rsvd_3d:3;		/* must be zero */

					/* bits 74:53 */

					unsigned int	fairness:3;		/* usually zero */

					/* bits 77:75 */

					unsigned int	sequence:16;		/* message sequence number */

					/* bits 93:78  Suppl_A  */

					unsigned int	chaining:1;		/* next descriptor is part of

										   this activation*/

					/* bit 94 */

					unsigned int	multilevel:1;		/* multi-level multicast

										   format */

					/* bit 95 */

					unsigned int	rsvd_4:24;		/* ordered / source node /

										   source subnode / aging

										   must be zero */

					/* bits 119:96 */

					unsigned int	command:8;		/* message type */

					/* bits 127:120 */

				};

				/*

				 * The activation descriptor:

				 * The format of the message to send, plus all accompanying control

				 * Should be 64 bytes

				 */

				struct bau_desc {

					struct pnmask			distribution;

					struct pnmask				distribution;

					/*

					 * message template, consisting of header and payload:

					 */

					struct bau_msg_header		header;

					struct bau_msg_payload		payload;

					union bau_msg_header {

						struct uv1_bau_msg_header	uv1_hdr;

						struct uv2_bau_msg_header	uv2_hdr;

					} header;

					struct bau_msg_payload			payload;

				};

				/*

				/* UV1:

				 *   -payload--    ---------header------

				 *   bytes 0-11    bits 41-56  bits 58-81

				 *       A           B  (2)      C (3)

				@ -340,6 +409,16 @@ struct bau_desc {

				 *   bytes 0-11  bytes 12-14  bytes 16-17  (byte 15 filled in by hw as vector)

				 *   ------------payload queue-----------

				 */

				/* UV2:

				 *   -payload--    ---------header------

				 *   bytes 0-11    bits 70-78  bits 21-44

				 *       A           B  (2)      C (3)

				 *

				 *            A/B/C are moved to:

				 *       A            C          B

				 *   bytes 0-11  bytes 12-14  bytes 16-17  (byte 15 filled in by hw as vector)

				 *   ------------payload queue-----------

				 */

				/*

				 * The payload queue on the destination side is an array of these.

				@ -385,7 +464,6 @@ struct bau_pq_entry {

				struct msg_desc {

					struct bau_pq_entry	*msg;

					int			msg_slot;

					int			swack_slot;

					struct bau_pq_entry	*queue_first;

					struct bau_pq_entry	*queue_last;

				};

				@ -439,6 +517,9 @@ struct ptc_stats {

					unsigned long	s_retry_messages;	/* retry broadcasts */

					unsigned long	s_bau_reenabled;	/* for bau enable/disable */

					unsigned long	s_bau_disabled;		/* for bau enable/disable */

					unsigned long	s_uv2_wars;		/* uv2 workaround, perm. busy */

					unsigned long	s_uv2_wars_hw;		/* uv2 workaround, hiwater */

					unsigned long	s_uv2_war_waits;	/* uv2 workaround, long waits */

					/* destination statistics */

					unsigned long	d_alltlb;		/* times all tlb's on this

										   cpu were flushed */

				@ -511,9 +592,12 @@ struct bau_control {

					short			osnode;

					short			uvhub_cpu;

					short			uvhub;

					short			uvhub_version;

					short			cpus_in_socket;

					short			cpus_in_uvhub;

					short			partition_base_pnode;

					short			using_desc; /* an index, like uvhub_cpu */

					unsigned int		inuse_map;

					unsigned short		message_number;

					unsigned short		uvhub_quiesce;

					short			socket_acknowledge_count[DEST_Q_SIZE];

				@ -531,6 +615,7 @@ struct bau_control {

					int			cong_response_us;

					int			cong_reps;

					int			cong_period;

					unsigned long		clocks_per_100_usec;

					cycles_t		period_time;

					long			period_requests;

					struct hub_and_pnode	*thp;

				@ -591,6 +676,11 @@ static inline void write_mmr_sw_ack(unsigned long mr)

					uv_write_local_mmr(UVH_LB_BAU_INTD_SOFTWARE_ACKNOWLEDGE_ALIAS, mr);

				}

				static inline void write_gmmr_sw_ack(int pnode, unsigned long mr)

				{

					write_gmmr(pnode, UVH_LB_BAU_INTD_SOFTWARE_ACKNOWLEDGE_ALIAS, mr);

				}

				static inline unsigned long read_mmr_sw_ack(void)

				{

					return read_lmmr(UVH_LB_BAU_INTD_SOFTWARE_ACKNOWLEDGE);

									
										4

arch/x86/include/asm/uv/uv_hub.h
									
												View File
												
				@ -318,13 +318,13 @@ uv_gpa_in_mmr_space(unsigned long gpa)

				/* UV global physical address --> socket phys RAM */

				static inline unsigned long uv_gpa_to_soc_phys_ram(unsigned long gpa)

				{

					unsigned long paddr = gpa & uv_hub_info->gpa_mask;

					unsigned long paddr;

					unsigned long remap_base = uv_hub_info->lowmem_remap_base;

					unsigned long remap_top =  uv_hub_info->lowmem_remap_top;

					gpa = ((gpa << uv_hub_info->m_shift) >> uv_hub_info->m_shift) |

						((gpa >> uv_hub_info->n_lshift) << uv_hub_info->m_val);

					gpa = gpa & uv_hub_info->gpa_mask;

					paddr = gpa & uv_hub_info->gpa_mask;

					if (paddr >= remap_base && paddr < remap_base + remap_top)

						paddr -= remap_base;

					return paddr;

Compare commits

723 Commits v3.2-rc7 ... v3.2.12

4 Documentation/HOWTO Unescape Escape View File

8 Documentation/development-process/5.Posting Unescape Escape View File

26 Documentation/hwmon/jc42 Unescape Escape View File

2 Documentation/hwmon/w83627ehf Unescape Escape View File

14 Documentation/hwmon/zl6100 Unescape Escape View File

14 Documentation/usb/usbmon.txt Unescape Escape View File

16 Documentation/virtual/kvm/api.txt Unescape Escape View File

15 MAINTAINERS Unescape Escape View File

4 Makefile Unescape Escape View File

2 arch/alpha/include/asm/futex.h Unescape Escape View File

6 arch/arm/Kconfig Unescape Escape View File

115 arch/arm/common/pl330.c Unescape Escape View File

12 arch/arm/configs/imx_v4_v5_defconfig Unescape Escape View File

5 arch/arm/include/asm/assembler.h Unescape Escape View File

2 arch/arm/include/asm/pmu.h Unescape Escape View File

22 arch/arm/kernel/perf_event.c Unescape Escape View File

22 arch/arm/kernel/perf_event_v6.c Unescape Escape View File

11 arch/arm/kernel/perf_event_v7.c Unescape Escape View File

20 arch/arm/kernel/perf_event_xscale.c Unescape Escape View File

8 arch/arm/kernel/ptrace.c Unescape Escape View File

5 arch/arm/kernel/signal.c Unescape Escape View File

2 arch/arm/mach-at91/at91rm9200_devices.c Unescape Escape View File

2 arch/arm/mach-at91/at91sam9260_devices.c Unescape Escape View File

2 arch/arm/mach-at91/at91sam9261_devices.c Unescape Escape View File

2 arch/arm/mach-at91/at91sam9263_devices.c Unescape Escape View File

7 arch/arm/mach-at91/setup.c Unescape Escape View File

3 arch/arm/mach-dove/common.c Unescape Escape View File

5 arch/arm/mach-exynos/cpu.c Unescape Escape View File

8 arch/arm/mach-imx/Kconfig Unescape Escape View File

4 arch/arm/mach-imx/Makefile Unescape Escape View File

20 arch/arm/mach-imx/clock-imx35.c Unescape Escape View File

8 arch/arm/mach-imx/mach-cpuimx35.c Unescape Escape View File

3 arch/arm/mach-kirkwood/common.c Unescape Escape View File

320 arch/arm/mach-kirkwood/mpp.h Unescape Escape View File

2 arch/arm/mach-lpc32xx/include/mach/irqs.h Unescape Escape View File

25 arch/arm/mach-lpc32xx/irq.c Unescape Escape View File

20 arch/arm/mach-lpc32xx/serial.c Unescape Escape View File

3 arch/arm/mach-mv78xx0/common.c Unescape Escape View File

226 arch/arm/mach-mv78xx0/mpp.h Unescape Escape View File

22 arch/arm/mach-omap2/board-4430sdp.c Unescape Escape View File

22 arch/arm/mach-omap2/board-omap4panda.c Unescape Escape View File

6 arch/arm/mach-omap2/gpmc.c Unescape Escape View File

3 arch/arm/mach-omap2/omap-iommu.c Unescape Escape View File

4 arch/arm/mach-omap2/omap_hwmod_3xxx_data.c Unescape Escape View File

5 arch/arm/mach-omap2/vp.c Unescape Escape View File

4 arch/arm/mach-orion5x/common.c Unescape Escape View File

1 arch/arm/mach-ux500/Kconfig Unescape Escape View File

2 arch/arm/mach-ux500/board-mop500-sdi.c Unescape Escape View File

6 arch/arm/mm/cache-v7.S Unescape Escape View File

16 arch/arm/mm/proc-v7.S Unescape Escape View File

2 arch/arm/oprofile/common.c Unescape Escape View File

2 arch/arm/plat-mxc/cpufreq.c Unescape Escape View File

1 arch/arm/plat-mxc/include/mach/uncompress.h Unescape Escape View File

9 arch/arm/plat-mxc/pwm.c Unescape Escape View File

9 arch/arm/plat-orion/common.c Unescape Escape View File

6 arch/arm/plat-orion/gpio.c Unescape Escape View File

3 arch/arm/plat-orion/include/plat/common.h Unescape Escape View File

3 arch/arm/plat-orion/mpp.c Unescape Escape View File

2 arch/arm/plat-s3c24xx/dma.c Unescape Escape View File

25 arch/arm/plat-samsung/include/plat/cpu-freq-core.h Unescape Escape View File

1 arch/avr32/Kconfig Unescape Escape View File

1 arch/ia64/include/asm/cputime.h Unescape Escape View File

10 arch/ia64/kernel/acpi.c Unescape Escape View File

8 arch/m68k/atari/config.c Unescape Escape View File

4 arch/m68k/kernel/process_mm.c Unescape Escape View File

4 arch/m68k/kernel/process_no.c Unescape Escape View File

36 arch/m68k/kernel/traps.c Unescape Escape View File

6 arch/m68k/mm/cache.c Unescape Escape View File

2 arch/powerpc/include/asm/cputime.h Unescape Escape View File

33 arch/powerpc/include/asm/kvm_book3s.h Unescape Escape View File

33 arch/powerpc/include/asm/kvm_book3s_64.h Unescape Escape View File

2 arch/powerpc/include/asm/time.h Unescape Escape View File

15 arch/powerpc/kernel/irq.c Unescape Escape View File

8 arch/powerpc/kernel/perf_event.c Unescape Escape View File

9 arch/powerpc/kernel/time.c Unescape Escape View File

2 arch/powerpc/kvm/book3s_hv.c Unescape Escape View File

2 arch/powerpc/kvm/book3s_pr.c Unescape Escape View File

1 arch/powerpc/kvm/e500.c Unescape Escape View File

723 Commits

v3.2-rc7 ... v3.2.12

4

Documentation/HOWTO

View File

8

Documentation/development-process/5.Posting

View File

26

Documentation/hwmon/jc42

View File

2

Documentation/hwmon/w83627ehf

View File

14

Documentation/hwmon/zl6100

View File

14

Documentation/usb/usbmon.txt

View File

16

Documentation/virtual/kvm/api.txt

View File

15

MAINTAINERS

View File

4

Makefile

View File

2

arch/alpha/include/asm/futex.h

View File

6

arch/arm/Kconfig

View File

115

arch/arm/common/pl330.c

View File

12

arch/arm/configs/imx_v4_v5_defconfig

View File

5

arch/arm/include/asm/assembler.h

View File

2

arch/arm/include/asm/pmu.h

View File

22

arch/arm/kernel/perf_event.c

View File

22

arch/arm/kernel/perf_event_v6.c

View File

11

arch/arm/kernel/perf_event_v7.c

View File

20

arch/arm/kernel/perf_event_xscale.c

View File

8

arch/arm/kernel/ptrace.c

View File

5

arch/arm/kernel/signal.c

View File

2

arch/arm/mach-at91/at91rm9200_devices.c

View File

2

arch/arm/mach-at91/at91sam9260_devices.c

View File

2

arch/arm/mach-at91/at91sam9261_devices.c

View File

2

arch/arm/mach-at91/at91sam9263_devices.c

View File

7

arch/arm/mach-at91/setup.c

View File

3

arch/arm/mach-dove/common.c

View File

5

arch/arm/mach-exynos/cpu.c

View File

8

arch/arm/mach-imx/Kconfig

View File

4

arch/arm/mach-imx/Makefile

View File

20

arch/arm/mach-imx/clock-imx35.c

View File

8

arch/arm/mach-imx/mach-cpuimx35.c

View File

3

arch/arm/mach-kirkwood/common.c

View File

320

arch/arm/mach-kirkwood/mpp.h

View File

2

arch/arm/mach-lpc32xx/include/mach/irqs.h

View File

25

arch/arm/mach-lpc32xx/irq.c

View File

20

arch/arm/mach-lpc32xx/serial.c

View File

3

arch/arm/mach-mv78xx0/common.c

View File

226

arch/arm/mach-mv78xx0/mpp.h

View File

22

arch/arm/mach-omap2/board-4430sdp.c

View File

22

arch/arm/mach-omap2/board-omap4panda.c

View File

6

arch/arm/mach-omap2/gpmc.c

View File

3

arch/arm/mach-omap2/omap-iommu.c

View File

4

arch/arm/mach-omap2/omap_hwmod_3xxx_data.c

View File

5

arch/arm/mach-omap2/vp.c

View File

4

arch/arm/mach-orion5x/common.c

View File

1

arch/arm/mach-ux500/Kconfig

View File

2

arch/arm/mach-ux500/board-mop500-sdi.c

View File

6

arch/arm/mm/cache-v7.S

View File

16

arch/arm/mm/proc-v7.S

View File

2

arch/arm/oprofile/common.c

View File

2

arch/arm/plat-mxc/cpufreq.c

View File

1

arch/arm/plat-mxc/include/mach/uncompress.h

View File

9

arch/arm/plat-mxc/pwm.c

View File

9

arch/arm/plat-orion/common.c

View File

6

arch/arm/plat-orion/gpio.c

View File

3

arch/arm/plat-orion/include/plat/common.h

View File

3

arch/arm/plat-orion/mpp.c

View File

2

arch/arm/plat-s3c24xx/dma.c

View File

25

arch/arm/plat-samsung/include/plat/cpu-freq-core.h

View File

1

arch/avr32/Kconfig

View File

1

arch/ia64/include/asm/cputime.h

View File

10

arch/ia64/kernel/acpi.c

View File

8

arch/m68k/atari/config.c

View File

4

arch/m68k/kernel/process_mm.c

View File

4

arch/m68k/kernel/process_no.c

View File

36

arch/m68k/kernel/traps.c

View File

6

arch/m68k/mm/cache.c

View File

2

arch/powerpc/include/asm/cputime.h

View File

33

arch/powerpc/include/asm/kvm_book3s.h

View File

33

arch/powerpc/include/asm/kvm_book3s_64.h

View File

2

arch/powerpc/include/asm/time.h

View File

15

arch/powerpc/kernel/irq.c

View File

8

arch/powerpc/kernel/perf_event.c

View File

9

arch/powerpc/kernel/time.c

View File

2

arch/powerpc/kvm/book3s_hv.c

View File

2

arch/powerpc/kvm/book3s_pr.c

View File

1

arch/powerpc/kvm/e500.c

View File

4

arch/powerpc/platforms/pseries/hvCall_inst.c

View File