aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-11-09KVM: ignore reads from AMDs C1E enabled MSRAndre Przywara
commit 1fdbd48c242db996107f72ae4140ffe8163e26a8 upstream. If the Linux kernel detects an C1E capable AMD processor (K8 RevF and higher), it will access a certain MSR on every attempt to go to halt. Explicitly handle this read and return 0 to let KVM run a Linux guest with the native AMD host CPU propagated to the guest. Signed-off-by: Andre Przywara <andre.przywara@amd.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-11-09KVM: use proper hrtimer function to retrieve expiration timeMarcelo Tosatti
commit ace1546487a0fe4634e3251067f8a32cb2cdc099 upstream. hrtimer->base can be temporarily NULL due to racing hrtimer_start. See switch_hrtimer_base/lock_hrtimer_base. Use hrtimer_get_remaining which is robust against it. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-11-09nfs: Fix nfs_parse_mount_options() kfree() leakYinghai Lu
commit 4223a4a155f245d41c350ed9eba4fc32e965c4da upstream. Fix a (small) memory leak in one of the error paths of the NFS mount options parsing code. Regression introduced in 2.6.30 by commit a67d18f (NFS: load the rpc/rdma transport module automatically). Reported-by: Yinghai Lu <yinghai@kernel.org> Reported-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-11-09sata_nv: make sure link is brough up online when skipping hardresetTejun Heo
commit 6489e3262e6b188a1a009b65e8a94b7aa17645b7 upstream. prereset doesn't bring link online if hardreset is about to happen and nv_hardreset() may skip if conditions are not right so softreset may be entered with non-working link status if the system firmware didn't bring it up before entering OS code which can happen during resume. This patch makes nv_hardreset() to bring up the link if it's skipping reset. This bug was reported by frodone@gmail.com in the following bug entry. http://bugzilla.kernel.org/show_bug.cgi?id=14329 Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: frodone@gmail.com Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-11-09libata: fix PMP initializationTejun Heo
commit 4f7c2874995ac48a4622755b8bd159eb2fb6d8f4 upstream. Commit 842faa6c1a1d6faddf3377948e5cf214812c6c90 fixed error handling during attach by not committing detected device class to dev->class while attaching a new device. However, this change missed the PMP class check in the configuration loop causing a new PMP device to go through ata_dev_configure() as if it were an ATA or ATAPI device. As PMP device doesn't have a regular IDENTIFY data, this makes ata_dev_configure() tries to configure a PMP device using an invalid data. For the most part, it wasn't too harmful and went unnoticed but this ends up clearing dev->flags which may have ATA_DFLAG_AN set by sata_pmp_attach(). This means that SATA_PMP_FEAT_NOTIFY ends up being disabled on PMPs and on PMPs which honor the flag breaks hotplug support. This problem was discovered and reported by Ethan Hsiao. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Ethan Hsiao <ethanhsiao@jmicron.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-11-09libata: fix internal command failure handlingTejun Heo
commit f4b31db92d163df8a639f5a8c8633bdeb6e8432d upstream. When an internal command fails, it should be failed directly without invoking EH. In the original implemetation, this was accomplished by letting internal command bypass failure handling in ata_qc_complete(). However, later changes added post-successful-completion handling to that code path and the success path is no longer adequate as internal command failure path. One of the visible problems is that internal command failure due to timeout or other freeze conditions would spuriously trigger WARN_ON_ONCE() in the success path. This patch updates failure path such that internal command failure handling is contained there. Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-11-09pci: increase alignment to make more space for hidden codeYinghai Lu
commit 15b812f1d0a5ca8f5efe7f5882f468af10682ca8 upstream. As reported in http://bugzilla.kernel.org/show_bug.cgi?id=13940 on some system when acpi are enabled, acpi clears some BAR for some devices without reason, and kernel will need to allocate devices for them. It then apparently hits some undocumented resource conflict, resulting in non-working devices. Try to increase alignment to get more safe range for unassigned devices. Signed-off-by: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-09fs: pipe.c null pointer dereferenceEarl Chew
commit ad3960243e55320d74195fb85c975e0a8cc4466c upstream. This patch fixes a null pointer exception in pipe_rdwr_open() which generates the stack trace: > Unable to handle kernel NULL pointer dereference at 0000000000000028 RIP: > [<ffffffff802899a5>] pipe_rdwr_open+0x35/0x70 > [<ffffffff8028125c>] __dentry_open+0x13c/0x230 > [<ffffffff8028143d>] do_filp_open+0x2d/0x40 > [<ffffffff802814aa>] do_sys_open+0x5a/0x100 > [<ffffffff8021faf3>] sysenter_do_call+0x1b/0x67 The failure mode is triggered by an attempt to open an anonymous pipe via /proc/pid/fd/* as exemplified by this script: ============================================================= while : ; do { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } & PID=$! OUT=$(ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; } ) OUT="${OUT%% *}" DELAY=$((RANDOM * 1000 / 32768)) usleep $((DELAY * 1000 + RANDOM % 1000 )) echo n > /proc/$OUT/fd/1 # Trigger defect done ============================================================= Note that the failure window is quite small and I could only reliably reproduce the defect by inserting a small delay in pipe_rdwr_open(). For example: static int pipe_rdwr_open(struct inode *inode, struct file *filp) { msleep(100); mutex_lock(&inode->i_mutex); Although the defect was observed in pipe_rdwr_open(), I think it makes sense to replicate the change through all the pipe_*_open() functions. The core of the change is to verify that inode->i_pipe has not been released before attempting to manipulate it. If inode->i_pipe is no longer present, return ENOENT to indicate so. The comment about potentially using atomic_t for i_pipe->readers and i_pipe->writers has also been removed because it is no longer relevant in this context. The inode->i_mutex lock must be used so that inode->i_pipe can be dealt with correctly. Signed-off-by: Earl Chew <earl_chew@agilent.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22Linux 2.6.31.5v2.6.31.5Greg Kroah-Hartman
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22tty: Make flush_to_ldisc() locking more robustLinus Torvalds
commit c8e33141911bf8fe87dc6c92793b9a59b2be0130 upstream. The locking logic in this function is extremely subtle, and it broke when we started doing potentially concurrent 'flush_to_ldisc()' calls in commit e043e42bdb66885b3ac10d27a01ccb9972e2b0a3 ("pty: avoid forcing 'low_latency' tty flag"). The code in flush_to_ldisc() used to set 'tty->buf.head' to NULL, with the intention that this would then cause any other concurrent calls to not do anything (locking note: we have to drop the buf.lock over the call to ->receive_buf that can block, which is why we can have concurrency here at all in the first place). It also used to set the TTY_FLUSHING bit, which would then cause any concurrent 'tty_buffer_flush()' to not free all the tty buffers and clear 'tty->buf.tail'. And with 'buf.head' being NULL, and 'buf.tail' being non-NULL, new data would never touch 'buf.head'. Does that sound a bit too subtle? It was. If another concurrent call to 'flush_to_ldisc()' were to come in, the NULL buf.head would indeed cause it to not process the buffer list, but it would still clear TTY_FLUSHING afterwards, making the buffer protection against 'tty_buffer_flush()' no longer work. So this clears it all up. We depend purely on TTY_FLUSHING for handling re-entrancy, and stop playing games with the buffer list entirely. In fact, the buffer list handling is now robust enough that we could probably stop doing the whole "protect against 'tty_buffer_flush()'" thing entirely. However, Alan also points out that we would probably be better off simplifying the locking even further, and just take the tty ldisc_mutex around all the buffer flushing calls. That seems like a good idea, but in the meantime this is a conceptually minimal fix (with the patch itself being bigger than required just to clean the code up and make it readable). This fixes keyboard trouble under X: http://bugzilla.kernel.org/show_bug.cgi?id=14388 Reported-and-tested-by: Frédéric Meunier <fredlwm@gmail.com> Reported-and-tested-by: Boyan <btanastasov@yahoo.co.uk> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Paul Fulghum <paulkf@microgate.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22mac80211: fix vlan and optimise RXJohannes Berg
commit fbc44bf7177dfd61381da55405550b693943a432 upstream. When receiving data frames, we can send them only to the interface they belong to based on transmitting station (this doesn't work for probe requests). Also, don't try to handle other frames for AP_VLAN at all since those interface should only receive data. Additionally, the transmit side must check that the station we're sending a frame to is actually on the interface we're transmitting on, and not transmit packets to functions that live on other interfaces, so validate that as well. Another bug fix is needed in sta_info.c where in the VLAN case when adding/removing stations we overwrite the sdata variable we still need. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22iwlwifi: incorrect method used for finding valid OTP blocksJay Sternberg
commit 2facba769d7f9e563cf706de709074a2d20f1bba upstream. The address stored in the next link address is a word address but when reading the OTP blocks, a byte address is used. Also if the blocks are full and the last link pointer is not zero, then none of the blocks are valid so return an error. The algorithm is simply valid blocks have a next address and that address's contents is zero. Using the wrong address for the next link address gets arbitrary data, obviously. In cases seen, the first block is considered valid when it is not. If the block has in fact been invalidated there may be old data or there may be no data, bad data, or partial data, there is no way of telling. Without this patch it is possible that a device with valid OTP data is unable to work. Signed-off-by: Jay Sternberg <jay.e.sternberg@intel.com> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22usb-storage: Workaround devices with bogus sense sizeBenjamin Herrenschmidt
commit b8430e1b82b7e514d76a88eb70a7d8831d50df1e upstream. usb-storage: Workaround devices with bogus sense size Some devices, such as Huawei E169, advertise more than the standard amount of sense data, causing us to set US_FL_SANE_SENSE, assuming they support it. However, they subsequently fail the request sense with that size. This works around it generically. When a sense request fails due to a device returning an error, US_FL_SANE_SENSE was set, and that sense request used a larger sense size, we retry with a smaller size before giving up. Based on an original patch by Ben Efros <ben@pc-doctor.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22Staging: rt2860sta: prevent a panic when disabling when associatedDarren Salt
commit 0af49167b1e5ba154e90d2c454bf4624ee47df80 upstream. This fixes a panic which is triggered when the hardware "disappears" from beneath the driver, i.e. when wireless is toggled off via Fn-F2 on various EeePC models. Ref. bug report http://bugzilla.kernel.org/show_bug.cgi?id=13390 panic http://bugzilla.kernel.org/attachment.cgi?id=21928 Signed-off-by: Darren Salt <linux@youmustbejoking.demon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22sysfs: Allow sysfs_notify_dirent to be called from interrupt context.Neil Brown
commit 83db93f4de2d9ae441a491d1dc61c2204f0195de upstream. sysfs_notify_dirent is a simple atomic operation that can be used to alert user-space that new data can be read from a sysfs attribute. Unfortunately it cannot currently be called from non-process context because of its use of spin_lock which is sometimes taken with interrupts enabled. So change all lockers of sysfs_open_dirent_lock to disable interrupts, thus making sysfs_notify_dirent safe to be called from non-process context (as drivers/md does in md_safemode_timeout). sysfs_get_open_dirent is (documented as being) only called from process context, so it uses spin_lock_irq. Other places use spin_lock_irqsave. The usage for sysfs_notify_dirent in md_safemode_timeout was introduced in 2.6.28, so this patch is suitable for that and more recent kernels. Reported-by: Joel Andres Granados <jgranado@redhat.com> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22bsdacct: switch credentials for writing to the accounting fileMichal Schmidt
commit d8e180dcd5bbbab9cd3ff2e779efcf70692ef541 upstream. When process accounting is enabled, every exiting process writes a log to the account file. In addition, every once in a while one of the exiting processes checks whether there's enough free space for the log. SELinux policy may or may not allow the exiting process to stat the fs. So unsuspecting processes start generating AVC denials just because someone enabled process accounting. For these filesystem operations, the exiting process's credentials should be temporarily switched to that of the process which enabled accounting, because it's really that process which wanted to have the accounting information logged. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22ALSA: Don't assume i2c device probing always succeedsTakashi Iwai
commit 18c4078489fe064cc0ed08be3381cf2f26657f5f upstream. The client->driver pointer can be NULL when i2c-device probing fails in i2c_new_device(). This patch adds the NULL checks for client->driver and return the error instead of blind assumption of driver availability. Reported-by: Tim Shepard <shep@alum.mit.edu> Cc: Jean Delvare <khali@linux-fr.org> Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22i2c: Hide probe errors caused by ACPI resource conflictsJean Delvare
commit 18669eabde2ff5fc446e72e043f0539059763438 upstream. When an ACPI resource conflict is detected, error messages are already printed by ACPI. There's no point in causing the driver core to print more error messages, so return one of the error codes for which no message is printed. This fixes bug #14293: http://bugzilla.kernel.org/show_bug.cgi?id=14293 Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22macintosh: Don't assume i2c device probing always succeedsJean Delvare
commit 6f6b35e133fe4313277b30fc1a7ea313875ea6c9 upstream. If i2c device probing fails, then there is no driver to dereference after calling i2c_new_device(). Stop assuming that probing will always succeed, to avoid NULL pointer dereferences. We have an easier access to the driver anyway. Signed-off-by: Jean Delvare <khali@linux-fr.org> Tested-by: Tim Shepard <shep@alum.mit.edu> Cc: Colin Leroy <colin@colino.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22MAINTAINERS: Fix Riku Voipio's addressJean Delvare
commit 05576a1e38e2d06dece32974c5218528d3fbc6e2 upstream. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Riku Voipio <riku.voipio@iki.fi> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22e1000e: swap max hw supported frame size between 82574 and 82583Alexander Duyck
commit a825e00c98a2ee37eb2a0ad93b352e79d2bc1593 upstream. There appears to have been a mixup in the max supported jumbo frame size between 82574 and 82583 which ended up disabling jumbo frames on the 82574 as a result. This patch swaps the two so that this issue is resolved. This patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=14261 Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22uvesafb/connector: Disallow unpliviged users to send netlink packetsPhilipp Reisner
(cherry picked from commit 30efa3f76813b17445bc5a2e443ae9731518566b) Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22pohmelfs/connector: Disallow unpliviged users to configure pohmelfsPhilipp Reisner
(cherry picked from commit 0179065b13b354cc0b940e7a632a65ec0448beff) Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22dst/connector: Disallow unpliviged users to configure dstPhilipp Reisner
(cherry picked from commit dbbb3431228784612848a1ec6061c78b4b708b5c) Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22dm/connector: Only process connector packages from privileged processesPhilipp Reisner
(cherry picked from commit 93136335f9ad7a98b92eacda1b43dccbf063cd07) Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22connector: Removed the destruct_data callback since it is always kfree_skb()Philipp Reisner
(cherry picked from commit f4b5129f5e838942f759c2637967441cf4a98c20) Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Acked-by: Lars Ellenberg <lars.ellenberg@linbit.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22connector: Provide the sender's credentials to the callbackPhilipp Reisner
commit 7069331dbe7155f23966f5944109f909fea0c7e4 upstream Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22connector: Keep the skb in cn_callback_dataPhilipp Reisner
(cherry picked from commit 5491c43845dae6c68cb4edbcf2e2dde9a32a863d) Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22Bluetooth: Let HIDP grab the device reference for connectionsMarcel Holtmann
commit edad63886993d18ab800c49f6587a93432ef8b35 upstream. The core exports the hci_conn_hold_device() and hci_conn_put_device() functions for device reference of connections. Use this to ensure that the uevents from the parent are send after the child ones. Based on a report by Brian Rogers <brian@xyzw.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22Bluetooth: Add extra device reference counting for connectionsMarcel Holtmann
commit 9eba32b86d17ef87131fa0bce43c614904ab5781 upstream. The device model itself has no real usable reference counting at the moment and this causes problems if parents are deleted before their children. The device model itself handles the memory details of this correctly, but the uevent order is not consistent. This causes various problems for systems like HAL or even X. So until device_put() does a proper cleanup, the device for Bluetooth connection will be protected with an extra reference counting to ensure the correct order of uevents when connections are terminated. This is not an automatic feature. Higher Bluetooth layers like HIDP or BNEP should grab this new reference to ensure that their uevents are send before the ones from the parent device. Based on a report by Brian Rogers <brian@xyzw.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22Bluetooth: Disconnect HIDRAW devices on disconnectMarcel Holtmann
commit 364f63519d94442ed373ac7da79033c8282df46a upstream. Currently the HID subsystem will create HIDRAW devices for the transport driver, but it will not disconnect them. Until the HID subsytem gets fixed, ensure that HIDRAW and HIDDEV devices are disconnected when the Bluetooth HID device gets removed. Based on a patch from Brian Rogers <brian@xyzw.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22TPM: fix pcrreadRajiv Andrade
commit 15d031c394e7bef9da4ec764e6b0330d701a0126 upstream. The previously sent patch: http://marc.info/?l=tpmdd-devel&m=125208945007834&w=2 Had its first hunk cropped when merged, submitting only this first hunk again. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Cc: Debora Velarde <debora@linux.vnet.ibm.com> Cc: Marcel Selhorst <m.selhorst@sirrix.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Tested-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22tpm-fixup-pcrs-sysfs-file-updateJason Gunthorpe
commit 0afd9056f1b43c9fcbfdf933b263d72023d382fe upstream. Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Cc: Debora Velarde <debora@linux.vnet.ibm.com> Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com> Cc: Marcel Selhorst <m.selhorst@sirrix.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22futex: Fix wakeup race by setting TASK_INTERRUPTIBLE before queue_me()Darren Hart
commit 0729e196147692d84d4c099fcff056eba2ed61d8 upstream. PI futexes do not use the same plist_node_empty() test for wakeup. It was possible for the waiter (in futex_wait_requeue_pi()) to set TASK_INTERRUPTIBLE after the waker assigned the rtmutex to the waiter. The waiter would then note the plist was not empty and call schedule(). The task would not be found by any subsequeuent futex wakeups, resulting in a userspace hang. By moving the setting of TASK_INTERRUPTIBLE to before the call to queue_me(), the race with the waker is eliminated. Since we no longer call get_user() from within queue_me(), there is no need to delay the setting of TASK_INTERRUPTIBLE until after the call to queue_me(). The FUTEX_LOCK_PI operation is not affected as futex_lock_pi() relies entirely on the rtmutex code to handle schedule() and wakeup. The requeue PI code is affected because the waiter starts as a non-PI waiter and is woken on a PI futex. Remove the crusty old comment about holding spinlocks() across get_user() as we no longer do that. Correct the locking statement with a description of why the test is performed. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Dinakar Guniguntala <dino@in.ibm.com> Cc: John Stultz <johnstul@us.ibm.com> LKML-Reference: <20090922053038.8717.97838.stgit@Aeon> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22futex: Detect mismatched requeue targetsDarren Hart
commit 84bc4af59081ee974dd80210e694ab59ebe51ce8 upstream. There is currently no check to ensure that userspace uses the same futex requeue target (uaddr2) in futex_requeue() that the waiter used in futex_wait_requeue_pi(). A mismatch here could very unexpected results as the waiter assumes it either wakes on uaddr1 or uaddr2. We could detect this on wakeup in the waiter, but the cleanup is more intense after the improper requeue has occured. This patch stores the waiter's expected requeue target in a new requeue_pi_key pointer in the futex_q which futex_requeue() checks prior to attempting to do a proxy lock acquistion or a requeue when requeue_pi=1. If they don't match, return -EINVAL from futex_requeue, aborting the requeue of any remaining waiters. Signed-off-by: Darren Hart <dvhltc@us.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: John Kacur <jkacur@redhat.com> Cc: Dinakar Guniguntala <dino@in.ibm.com> Cc: John Stultz <johnstul@us.ibm.com> LKML-Reference: <20090814003650.14634.63916.stgit@Aeon> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22intel-iommu: Cope with broken HP DC7900 BIOSDavid Woodhouse
commit 0815565adfe3f4c369110c57d8ffe83caefeed68 upstream. Yet another reason why trusting this stuff to the BIOS was a bad idea. The HP DC7900 BIOS reports an iommu at an address which just returns all ones, when VT-d is disabled in the BIOS. Fix up the missing iounmap in the error paths while we're at it. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Cc: Arto Jantunen <viiru@debian.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22arm, cris, mips, sparc, powerpc, um, xtensa: fix build with bash 4.0Sam Ravnborg
commit 51b563fc93c8cb5bff1d67a0a71c374e4a4ea049 upstream. Albin Tonnerre <albin.tonnerre@free-electrons.com> reported: Bash 4 filters out variables which contain a dot in them. This happends to be the case of CPPFLAGS_vmlinux.lds. This is rather unfortunate, as it now causes build failures when using SHELL=/bin/bash to compile, or when bash happens to be used by make (eg when it's /bin/sh) Remove the common definition of CPPFLAGS_vmlinux.lds by pushing relevant stuff to either Makefile.build or the arch specific kernel/Makefile where we build the linker script. This is also nice cleanup as we move the information out where it is used. Notes for the different architectures touched: arm - we use an already exported symbol cris - we use a config symbol aleady available [Not build tested] mips - the jiffies complexity has moved to vmlinux.lds.S where we need it. Added a few variables to CPPFLAGS - they are only used by the linker script. [Not build tested] powerpc - removed assignment that is not needed [not build tested] sparc - simplified it using $(BITS) um - introduced a few new exported variables to deal with this xtensa - added options to CPP invocation [not build tested] Cc: Albin Tonnerre <albin.tonnerre@free-electrons.com> Cc: Russell King <linux@arm.linux.org.uk> Cc: Mikael Starvik <starvik@axis.com> Cc: Jesper Nilsson <jesper.nilsson@axis.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jeff Dike <jdike@addtoit.com> Cc: Chris Zankel <chris@zankel.net> Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: storage: When a device returns no sense data, call it a Hardware ErrorAlan Stern
commit f1a0743bc0e7a30c032b1eb78f6a2b0f805b4597 upstream. This patch (as1294) fixes a problem that has plagued users for several kernel releases. Some USB mass-storage devices don't return any sense data when they encounter certain kinds of errors. The SCSI layer interprets this to mean that the operation should be retried, and the same thing happens -- over and over again with no limit. In some circumstances (such as when a bus reset occurs) that is the right thing to do, but not here. The patch checks for this condition (a transport failure with no sense data) and changes the result code to DID_ERROR and the sense code to Hardware Error. This does get only a limited number of retries, and so the command will fail relatively quickly instead of getting stuck in an infinite loop. This fixes a large part of Bugzilla #14118. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Mantas Mikulenas <grawity@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: Fix throttling in generic usbserial driverJoris van Rantwijk
commit 63a9609513007537a0b23ac511fd73f9bd609ea0 upstream. The generic usbserial driver in Linux 2.6.31 halts its receiving channel in response to throttle requests from the line discipline. Unfortunately it drops the contents of the first URB received after throttling takes effect. This patch corrects that problem. Signed-off-by: Joris van Rantwijk <jorispubl@xs4all.nl> Acked-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: cp210x: Add support for the DW700 UARTÉric Piel
commit 6f88139eb9eae8003683689f93402264a73fb754 upstream. In the Dell inspiron mini 10, the GPS is connected via a cp2102. This patch adds detection of this USB device. (I haven't managed to use the GPS under Linux yet, though) Signed-off-by: Éric Piel <eric.piel@tremplin-utc.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: ipaq: fix oops when device is plugged inAlan Stern
commit 06bad89da686f6323e95cf925105e8cf88d87caf upstream. This patch (as1293) fixes a problem with the ipaq serial driver. It tries to bind to all the interfaces, even those that don't have enough endpoints. The symptom is an invalid memory reference and oops when the device is plugged in. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Matthias Geissert <geissert@mathematik.tu-darmstadt.de> Tested-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: option: Toshiba G450 device idPeter Magdina
commit 75f47214f90e996eb184eb6e6b0e8b817999c8f7 upstream. Signed-off-by: Peter Magdina <peter@magdina.sk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: serial: don't call release without attachAlan Stern
commit a4720c650b68a5fe7faed2edeb0ad12645f7ae63 upstream. This patch (as1295) fixes a recently-added bug in the USB serial core. If certain kinds of errors occur during probing, the core may call a serial driver's release method without previously calling the attach method. This causes some drivers (io_ti in particular) to perform an invalid memory access. The patch adds a new flag to keep track of whether or not attach has been called. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Jean-Denis Girard <jd.girard@sysnux.pf> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: digi_acceleport: Fix broken unthrottle.Johan Hovold
commit ba6b702f85a61561d329c4c11d3ed95604924f9a upstream. This patch fixes a regression introduced in 39892da44b21b5362eb848ca424d73a25ccc488f. Signed-off-by: Johan Hovold <jhovold@gmail.com> Acked-by: Oliver Neukum <oliver@neukum.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: pl2303: fix error characters not being reported to ldiscJohan Hovold
commit 9388e2e71a51fab0aa2309bbb45e8a23d89a95a9 upstream. Fix regression introduced by commit d4fc4a7bfc2dee626f4fec1e209e58eaa4312de6 (tty: Fix the PL2303 private methods for sysrq). Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: ftdi_sio: re-implement read processingJohan Hovold
commit cc01f17d5cb8ac604108515735aeca72e17944c1 upstream. - Re-structure read processing. - Kill obsolete work queue and always push to tty in completion handler. - Use tty_insert_flip_string instead of per character push when possible. - Fix stalled-read regression in 2.6.31 by using urb status to determine when port is closed rather than port count. - Fix race with open/close by checking ASYNCB_INITIALIZED in unthrottle. - Kill private rx_flag and lock and use throttle flags in usb_serial_port instead. Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: ftdi_sio: clean up read completion handlerJohan Hovold
commit e63e278b4d2d867893962d3c7cd13a3a24ceb3f1 upstream. Remove superfluous error checks in completion handler: - No need to check private data and urb pointers as we check urb-status before dereferencing priv (which is not freed until urb has been killed on close). - No need to check tty as it is checked again when processing. - No need to check urb->number_of_packets on bulk urb. Note that both private data and tty are checked again before processing (possibly from work queue which also is cancelled on close). Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: ftdi_sio: remove unused rx_byte counterJohan Hovold
commit 63b0061246b54b849da8f189ae048e8110d8ce7d upstream. Remove unused rx_byte counter which is never exposed as noted by Alan Cox. Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22USB: ftdi_sio: remove tty->low_latencyJohan Hovold
commit 0cbd81a9f6bac734ac3266687bf027af1e395270 upstream. Fixes tty_flip_buffer_push being called from hard interrupt context with low_latency set. Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-10-22x86/paravirt: Use normal calling sequences for irq enable/disableJeremy Fitzhardinge
commit 71999d9862e667f1fd14f8fbfa0cce6d855bad3f upstream. Bastian Blank reported a boot crash with stackprotector enabled, and debugged it back to edx register corruption. For historical reasons irq enable/disable/save/restore had special calling sequences to make them more efficient. With the more recent introduction of higher-level and more general optimisations this is no longer necessary so we can just use the normal PVOP_ macros. This fixes some residual bugs in the old implementations which left edx liable to inadvertent clobbering. Also, fix some bugs in __PVOP_VCALLEESAVE which were revealed by actual use. Reported-by: Bastian Blank <bastian@waldi.eu.org> Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Cc: Xen-devel <xen-devel@lists.xensource.com> LKML-Reference: <4AD3BC9B.7040501@goop.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>