* [000/289] 2.6.36.2-stable review
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [001/289] block: Ensure physical block size is unsigned int Greg KH
` (285 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan
This is the start of the stable review cycle for the 2.6.36.2 release.
There are 289 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let us know. If anyone is a maintainer of the proper subsystem, and
wants to add a Signed-off-by: line to the patch, please respond with it.
Responses should be made by Thursday, December 9, 2010, 20:00:00 UTC.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.36.2-rc1.gz
and the diffstat can be found below.
thanks,
greg k-h
Makefile | 2 +-
arch/arm/include/asm/assembler.h | 2 +-
arch/arm/lib/findbit.S | 6 +-
arch/arm/mach-cns3xxx/pcie.c | 2 +-
arch/arm/mm/fault-armv.c | 28 +++-
arch/arm/plat-omap/dma.c | 50 +++++-
arch/arm/plat-omap/include/plat/dma.h | 4 +
arch/microblaze/Makefile | 8 +-
arch/powerpc/mm/hash_utils_64.c | 2 +-
arch/s390/kernel/nmi.c | 10 +-
arch/s390/kernel/vtime.c | 19 ++
arch/s390/lib/delay.c | 14 +-
arch/sh/include/asm/syscalls_32.h | 7 +-
arch/um/drivers/line.c | 5 +-
arch/um/kernel/uml.lds.S | 2 +-
arch/um/os-Linux/time.c | 2 +-
arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c | 1 +
arch/x86/kernel/hw_breakpoint.c | 4 +
arch/x86/kvm/svm.c | 2 +-
arch/x86/kvm/vmx.c | 19 +-
arch/x86/kvm/x86.c | 14 +-
arch/x86/xen/enlighten.c | 4 -
block/blk-map.c | 2 +
block/blk-settings.c | 2 +-
block/genhd.c | 6 +-
block/scsi_ioctl.c | 34 +++-
drivers/acpi/battery.c | 38 ++++-
drivers/acpi/bus.c | 7 +-
drivers/acpi/debugfs.c | 2 +-
drivers/ata/libata-scsi.c | 5 +-
drivers/ata/sata_via.c | 9 +-
drivers/char/agp/intel-agp.c | 1 +
drivers/char/agp/intel-gtt.c | 63 +++----
drivers/char/hpet.c | 17 ++
drivers/char/ipmi/ipmi_si_intf.c | 30 ++-
drivers/char/tty_buffer.c | 14 ++-
drivers/char/tty_io.c | 13 +-
drivers/char/tty_ldisc.c | 51 +++++-
drivers/char/vt_ioctl.c | 11 +-
drivers/crypto/padlock-aes.c | 2 +-
drivers/firewire/ohci.c | 64 +++++--
drivers/gpio/cs5535-gpio.c | 16 ++-
drivers/gpu/drm/i915/i915_dma.c | 3 +
drivers/gpu/drm/i915/i915_irq.c | 21 ++-
drivers/gpu/drm/i915/i915_reg.h | 7 +
drivers/gpu/drm/i915/i915_suspend.c | 4 +-
drivers/gpu/drm/i915/intel_crt.c | 3 +-
drivers/gpu/drm/i915/intel_display.c | 7 +
drivers/gpu/drm/i915/intel_drv.h | 1 +
drivers/gpu/drm/i915/intel_overlay.c | 8 +
drivers/gpu/drm/i915/intel_sdvo.c | 8 +-
drivers/gpu/drm/radeon/atom.c | 1 +
drivers/gpu/drm/radeon/r100.c | 6 +
drivers/gpu/drm/radeon/r100_track.h | 1 +
drivers/gpu/drm/radeon/r200.c | 2 +
drivers/gpu/drm/radeon/r600.c | 15 +-
drivers/gpu/drm/radeon/r600_blit_kms.c | 8 +-
drivers/gpu/drm/radeon/r600_cs.c | 4 +-
drivers/gpu/drm/radeon/r600_reg.h | 1 +
drivers/gpu/drm/radeon/radeon_atombios.c | 16 ++
drivers/gpu/drm/radeon/radeon_bios.c | 13 +-
drivers/gpu/drm/radeon/radeon_combios.c | 15 ++-
drivers/gpu/drm/radeon/radeon_connectors.c | 34 ++++
drivers/gpu/drm/radeon/radeon_encoders.c | 36 +++-
drivers/gpu/drm/radeon/radeon_i2c.c | 1 +
drivers/gpu/drm/radeon/radeon_object.c | 4 +-
drivers/gpu/drm/radeon/radeon_reg.h | 1 +
drivers/gpu/drm/radeon/rv770.c | 9 +-
drivers/hid/hid-egalax.c | 16 +-
drivers/hid/usbhid/hid-quirks.c | 1 -
drivers/hwmon/lm85.c | 1 +
drivers/i2c/busses/i2c-pca-platform.c | 2 +-
drivers/input/serio/i8042-x86ia64io.h | 7 +
drivers/isdn/gigaset/bas-gigaset.c | 89 ++++-----
drivers/isdn/gigaset/isocdata.c | 8 +-
drivers/leds/leds-ss4200.c | 1 +
drivers/md/md.c | 6 +-
drivers/md/raid1.c | 1 +
drivers/media/video/cx23885/cx23885-core.c | 1 +
drivers/media/video/gspca/gspca.c | 4 +-
drivers/media/video/gspca/sonixj.c | 3 +-
drivers/media/video/hdpvr/hdpvr-video.c | 1 +
drivers/media/video/msp3400-driver.c | 7 +-
drivers/media/video/saa7134/saa7134-cards.c | 24 ++--
drivers/misc/ad525x_dpot-spi.c | 4 +-
drivers/misc/sgi-xp/xpc_partition.c | 25 ++-
drivers/mmc/core/core.c | 2 +-
drivers/net/e1000/e1000_main.c | 12 +-
drivers/net/jme.c | 22 ++-
drivers/net/pcmcia/pcnet_cs.c | 1 +
drivers/net/phy/marvell.c | 35 ++--
drivers/net/r6040.c | 22 ++-
drivers/net/r8169.c | 19 +-
drivers/net/usb/usbnet.c | 11 +
drivers/net/wireless/ath/ath.h | 1 +
drivers/net/wireless/ath/ath9k/ar9002_hw.c | 3 +
.../net/wireless/ath/ath9k/ar9003_2p2_initvals.h | 191 +++++++++++++------
drivers/net/wireless/ath/ath9k/ar9003_mac.c | 3 +-
drivers/net/wireless/ath/ath9k/ar9003_paprd.c | 14 +-
drivers/net/wireless/ath/ath9k/ath9k.h | 7 +-
drivers/net/wireless/ath/ath9k/beacon.c | 2 +-
drivers/net/wireless/ath/ath9k/common.c | 11 +
drivers/net/wireless/ath/ath9k/eeprom_9287.c | 2 +-
drivers/net/wireless/ath/ath9k/hif_usb.c | 20 ++-
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 2 +
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 2 +-
drivers/net/wireless/ath/ath9k/hw.c | 1 +
drivers/net/wireless/ath/ath9k/init.c | 40 +++-
drivers/net/wireless/ath/ath9k/mac.c | 5 +-
drivers/net/wireless/ath/ath9k/main.c | 61 +++++--
drivers/net/wireless/ath/ath9k/rc.c | 8 +-
drivers/net/wireless/ath/ath9k/recv.c | 45 +++--
drivers/net/wireless/ath/ath9k/reg.h | 9 +-
drivers/net/wireless/ath/ath9k/xmit.c | 112 ++++++------
drivers/net/wireless/b43/sdio.c | 3 +
drivers/oprofile/timer_int.c | 13 ++
drivers/pci/pci-sysfs.c | 22 ++-
drivers/pci/pci.h | 7 +-
drivers/pci/proc.c | 2 +-
drivers/pcmcia/soc_common.c | 1 +
drivers/platform/x86/wmi.c | 2 +-
drivers/pnp/pnpacpi/core.c | 29 +++-
drivers/power/olpc_battery.c | 8 +-
drivers/scsi/qla2xxx/qla_gbl.h | 1 +
drivers/scsi/qla2xxx/qla_init.c | 5 +-
drivers/scsi/qla2xxx/qla_os.c | 5 +
drivers/serial/mfd.c | 18 +-
drivers/ssb/b43_pci_bridge.c | 1 +
drivers/staging/asus_oled/asus_oled.c | 8 +-
drivers/staging/batman-adv/soft-interface.c | 4 +
drivers/staging/frontier/tranzport.c | 2 +-
drivers/staging/iio/accel/adis16220_core.c | 2 +-
drivers/staging/line6/control.c | 204 ++++++++++----------
drivers/staging/line6/midi.c | 4 +-
drivers/staging/line6/pod.c | 32 ++--
drivers/staging/line6/toneport.c | 4 +-
drivers/staging/line6/variax.c | 12 +-
drivers/staging/rt2860/usb_main_dev.c | 2 +
drivers/staging/rtl8187se/r8185b_init.c | 30 ++-
drivers/staging/samsung-laptop/samsung-laptop.c | 2 +-
drivers/staging/udlfb/udlfb.c | 2 +-
drivers/usb/atm/ueagle-atm.c | 7 +-
drivers/usb/core/devio.c | 7 +-
drivers/usb/gadget/atmel_usba_udc.c | 2 +-
drivers/usb/host/ehci-dbg.c | 2 +-
drivers/usb/host/ehci-hcd.c | 10 +-
drivers/usb/host/ehci-pci.c | 12 ++
drivers/usb/host/ohci-jz4740.c | 2 +-
drivers/usb/host/xhci-hub.c | 7 +
drivers/usb/host/xhci-mem.c | 168 ++++++++++++++++-
drivers/usb/host/xhci-ring.c | 1 -
drivers/usb/host/xhci.c | 18 ++
drivers/usb/host/xhci.h | 32 +++
drivers/usb/misc/cypress_cy7c63.c | 6 +-
drivers/usb/misc/iowarrior.c | 1 +
drivers/usb/misc/sisusbvga/sisusb.c | 1 +
drivers/usb/misc/trancevibrator.c | 2 +-
drivers/usb/misc/usbled.c | 2 +-
drivers/usb/misc/usbsevseg.c | 10 +-
drivers/usb/musb/musb_core.c | 1 -
drivers/usb/serial/ftdi_sio.c | 4 +
drivers/usb/serial/ftdi_sio_ids.h | 11 +
drivers/usb/serial/option.c | 2 +-
drivers/usb/serial/usb-serial.c | 3 +
drivers/usb/storage/sierra_ms.c | 2 +-
drivers/video/backlight/backlight.c | 12 +-
drivers/video/via/accel.c | 7 +-
drivers/video/via/via_i2c.c | 27 +++-
drivers/xen/events.c | 2 +-
fs/bio.c | 23 ++-
fs/cifs/dns_resolve.c | 2 +-
fs/cifs/inode.c | 12 +-
fs/compat.c | 28 ++--
fs/ecryptfs/inode.c | 11 +-
fs/exec.c | 36 +++-
fs/ext4/super.c | 1 +
fs/fuse/file.c | 10 +
fs/hostfs/hostfs.h | 3 +-
fs/hostfs/hostfs_kern.c | 2 +-
fs/hostfs/hostfs_user.c | 9 +-
fs/nfs/file.c | 17 +-
fs/nfs/nfs4proc.c | 9 +-
fs/nfs/nfs4state.c | 16 +-
fs/nfs/pagelist.c | 8 +-
fs/pipe.c | 14 ++-
fs/proc/base.c | 2 +-
fs/reiserfs/ioctl.c | 7 +-
fs/reiserfs/xattr_acl.c | 6 +-
fs/splice.c | 24 +--
include/linux/binfmts.h | 5 +
include/linux/blkdev.h | 4 +-
include/linux/gfp.h | 4 +-
include/linux/kfifo.h | 7 +-
include/linux/netfilter.h | 2 +-
include/linux/pci_ids.h | 1 +
include/linux/perf_event.h | 1 +
include/linux/pipe_fs_i.h | 1 +
include/linux/radix-tree.h | 36 ++--
include/linux/socket.h | 2 +-
include/linux/tty.h | 1 +
include/net/mac80211.h | 16 ++
ipc/compat.c | 6 +
ipc/compat_mq.c | 5 +
ipc/shm.c | 1 +
kernel/exit.c | 9 +
kernel/irq/proc.c | 2 +-
kernel/latencytop.c | 17 +-
kernel/perf_event.c | 22 ++-
kernel/pm_qos_params.c | 4 +-
kernel/power/hibernate.c | 22 ++-
kernel/power/suspend.c | 5 +-
kernel/power/user.c | 2 +
kernel/sched.c | 12 ++
lib/percpu_counter.c | 1 +
lib/radix-tree.c | 83 ++++++---
mm/filemap.c | 29 ++--
mm/hugetlb.c | 8 +-
mm/internal.h | 2 +-
mm/memcontrol.c | 43 +++--
mm/memory_hotplug.c | 2 +-
mm/mempolicy.c | 2 +-
mm/mprotect.c | 2 +-
mm/nommu.c | 1 +
mm/page_alloc.c | 21 ++-
net/8021q/vlan_core.c | 3 +
net/can/bcm.c | 2 +-
net/compat.c | 10 +-
net/core/dev.c | 19 ++-
net/core/filter.c | 64 ++++---
net/core/iovec.c | 20 +-
net/decnet/af_decnet.c | 2 +
net/econet/af_econet.c | 91 ++++-----
net/irda/iriap.c | 3 +-
net/irda/parameters.c | 4 +-
net/mac80211/agg-tx.c | 2 +
net/mac80211/cfg.c | 5 +-
net/mac80211/ibss.c | 1 +
net/mac80211/ieee80211_i.h | 2 +
net/mac80211/main.c | 3 +-
net/mac80211/mesh_plink.c | 17 ++-
net/mac80211/mlme.c | 48 +++--
net/mac80211/offchannel.c | 7 +
net/mac80211/rate.c | 3 +
net/mac80211/rc80211_minstrel_ht.c | 7 +-
net/mac80211/status.c | 1 +
net/netfilter/nf_conntrack_core.c | 3 +-
net/rds/rdma.c | 2 +-
net/socket.c | 4 +
net/sunrpc/clnt.c | 2 +-
net/wireless/chan.c | 51 +++++
net/wireless/nl80211.c | 11 +-
net/wireless/reg.c | 2 +-
net/wireless/scan.c | 12 +-
net/x25/x25_facilities.c | 20 ++-
net/x25/x25_in.c | 2 +
scripts/kconfig/conf.c | 2 +-
sound/core/oss/mixer_oss.c | 12 +-
sound/core/oss/pcm_oss.c | 19 +-
sound/pci/hda/hda_codec.c | 8 +-
sound/pci/hda/hda_codec.h | 1 +
sound/pci/hda/hda_intel.c | 25 ++-
sound/pci/hda/patch_analog.c | 7 +
sound/pci/hda/patch_ca0110.c | 2 +-
sound/pci/hda/patch_conexant.c | 1 +
sound/pci/hda/patch_realtek.c | 51 +++++-
sound/pci/hda/patch_sigmatel.c | 16 ++
sound/pci/intel8x0.c | 6 +
sound/soc/codecs/wm8900.c | 6 -
sound/soc/codecs/wm8961.c | 4 +-
269 files changed, 2563 insertions(+), 1114 deletions(-)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [001/289] block: Ensure physical block size is unsigned int
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
2010-12-08 0:56 ` Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [002/289] block: Fix race during disk initialization Greg KH
` (284 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Martin K. Petersen,
Mike Snitzer, Jens Axboe
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Martin K. Petersen <martin.petersen@oracle.com>
commit 892b6f90db81cccb723d5d92f4fddc2d68b206e1 upstream.
Physical block size was declared unsigned int to accomodate the maximum
size reported by READ CAPACITY(16). Make sure we use the right type in
the related functions.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
block/blk-settings.c | 2 +-
include/linux/blkdev.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -343,7 +343,7 @@ EXPORT_SYMBOL(blk_queue_logical_block_si
* hardware can operate on without reverting to read-modify-write
* operations.
*/
-void blk_queue_physical_block_size(struct request_queue *q, unsigned short size)
+void blk_queue_physical_block_size(struct request_queue *q, unsigned int size)
{
q->limits.physical_block_size = size;
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -851,7 +851,7 @@ extern void blk_queue_max_segment_size(s
extern void blk_queue_max_discard_sectors(struct request_queue *q,
unsigned int max_discard_sectors);
extern void blk_queue_logical_block_size(struct request_queue *, unsigned short);
-extern void blk_queue_physical_block_size(struct request_queue *, unsigned short);
+extern void blk_queue_physical_block_size(struct request_queue *, unsigned int);
extern void blk_queue_alignment_offset(struct request_queue *q,
unsigned int alignment);
extern void blk_limits_io_min(struct queue_limits *limits, unsigned int min);
@@ -1004,7 +1004,7 @@ static inline unsigned int queue_physica
return q->limits.physical_block_size;
}
-static inline int bdev_physical_block_size(struct block_device *bdev)
+static inline unsigned int bdev_physical_block_size(struct block_device *bdev)
{
return queue_physical_block_size(bdev_get_queue(bdev));
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [002/289] block: Fix race during disk initialization
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [001/289] block: Ensure physical block size is unsigned int Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [003/289] block: limit vec count in bio_kmalloc() and bio_alloc_map_data() Greg KH
` (283 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jan Kara, Jens Axboe
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jan Kara <jack@suse.cz>
commit 01ea50638bc04ca5259f5711fcdedefcdde1cf43 upstream.
When a new disk is being discovered, add_disk() first ties the bdev to gendisk
(via register_disk()->blkdev_get()) and only after that calls
bdi_register_bdev(). Because register_disk() also creates disk's kobject, it
can happen that userspace manages to open and modify the device's data (or
inode) before its BDI is properly initialized leading to a warning in
__mark_inode_dirty().
Fix the problem by registering BDI early enough.
This patch addresses https://bugzilla.kernel.org/show_bug.cgi?id=16312
Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
block/genhd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -541,13 +541,15 @@ void add_disk(struct gendisk *disk)
disk->major = MAJOR(devt);
disk->first_minor = MINOR(devt);
+ /* Register BDI before referencing it from bdev */
+ bdi = &disk->queue->backing_dev_info;
+ bdi_register_dev(bdi, disk_devt(disk));
+
blk_register_region(disk_devt(disk), disk->minors, NULL,
exact_match, exact_lock, disk);
register_disk(disk);
blk_register_queue(disk);
- bdi = &disk->queue->backing_dev_info;
- bdi_register_dev(bdi, disk_devt(disk));
retval = sysfs_create_link(&disk_to_dev(disk)->kobj, &bdi->dev->kobj,
"bdi");
WARN_ON(retval);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [003/289] block: limit vec count in bio_kmalloc() and bio_alloc_map_data()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (2 preceding siblings ...)
2010-12-08 0:56 ` [002/289] block: Fix race during disk initialization Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [004/289] block: take care not to overflow when calculating total iov length Greg KH
` (282 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jens Axboe
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jens Axboe <jaxboe@fusionio.com>
commit f3f63c1c28bc861a931fac283b5bc3585efb8967 upstream.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/bio.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -370,6 +370,9 @@ struct bio *bio_kmalloc(gfp_t gfp_mask,
{
struct bio *bio;
+ if (nr_iovecs > UIO_MAXIOV)
+ return NULL;
+
bio = kmalloc(sizeof(struct bio) + nr_iovecs * sizeof(struct bio_vec),
gfp_mask);
if (unlikely(!bio))
@@ -697,8 +700,12 @@ static void bio_free_map_data(struct bio
static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count,
gfp_t gfp_mask)
{
- struct bio_map_data *bmd = kmalloc(sizeof(*bmd), gfp_mask);
+ struct bio_map_data *bmd;
+
+ if (iov_count > UIO_MAXIOV)
+ return NULL;
+ bmd = kmalloc(sizeof(*bmd), gfp_mask);
if (!bmd)
return NULL;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [004/289] block: take care not to overflow when calculating total iov length
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (3 preceding siblings ...)
2010-12-08 0:56 ` [003/289] block: limit vec count in bio_kmalloc() and bio_alloc_map_data() Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [005/289] block: check for proper length of iov entries in blk_rq_map_user_iov() Greg KH
` (281 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jens Axboe
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jens Axboe <jaxboe@fusionio.com>
commit 9f864c80913467312c7b8690e41fb5ebd1b50e92 upstream.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
block/scsi_ioctl.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -321,33 +321,47 @@ static int sg_io(struct request_queue *q
if (hdr->iovec_count) {
const int size = sizeof(struct sg_iovec) * hdr->iovec_count;
size_t iov_data_len;
- struct sg_iovec *iov;
+ struct sg_iovec *sg_iov;
+ struct iovec *iov;
+ int i;
- iov = kmalloc(size, GFP_KERNEL);
- if (!iov) {
+ sg_iov = kmalloc(size, GFP_KERNEL);
+ if (!sg_iov) {
ret = -ENOMEM;
goto out;
}
- if (copy_from_user(iov, hdr->dxferp, size)) {
- kfree(iov);
+ if (copy_from_user(sg_iov, hdr->dxferp, size)) {
+ kfree(sg_iov);
ret = -EFAULT;
goto out;
}
+ /*
+ * Sum up the vecs, making sure they don't overflow
+ */
+ iov = (struct iovec *) sg_iov;
+ iov_data_len = 0;
+ for (i = 0; i < hdr->iovec_count; i++) {
+ if (iov_data_len + iov[i].iov_len < iov_data_len) {
+ kfree(sg_iov);
+ ret = -EINVAL;
+ goto out;
+ }
+ iov_data_len += iov[i].iov_len;
+ }
+
/* SG_IO howto says that the shorter of the two wins */
- iov_data_len = iov_length((struct iovec *)iov,
- hdr->iovec_count);
if (hdr->dxfer_len < iov_data_len) {
- hdr->iovec_count = iov_shorten((struct iovec *)iov,
+ hdr->iovec_count = iov_shorten(iov,
hdr->iovec_count,
hdr->dxfer_len);
iov_data_len = hdr->dxfer_len;
}
- ret = blk_rq_map_user_iov(q, rq, NULL, iov, hdr->iovec_count,
+ ret = blk_rq_map_user_iov(q, rq, NULL, sg_iov, hdr->iovec_count,
iov_data_len, GFP_KERNEL);
- kfree(iov);
+ kfree(sg_iov);
} else if (hdr->dxfer_len)
ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
GFP_KERNEL);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [005/289] block: check for proper length of iov entries in blk_rq_map_user_iov()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (4 preceding siblings ...)
2010-12-08 0:56 ` [004/289] block: take care not to overflow when calculating total iov length Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [006/289] drm/radeon/kms: dont disable shared encoders on pre-DCE3 display blocks Greg KH
` (280 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jens Axboe
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jens Axboe <jaxboe@fusionio.com>
commit 9284bcf4e335e5f18a8bc7b26461c33ab60d0689 upstream.
Ensure that we pass down properly validated iov segments before
calling into the mapping or copy functions.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
block/blk-map.c | 2 ++
1 file changed, 2 insertions(+)
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -205,6 +205,8 @@ int blk_rq_map_user_iov(struct request_q
unaligned = 1;
break;
}
+ if (!iov[i].iov_len)
+ return -EINVAL;
}
if (unaligned || (q->dma_pad_mask & len) || map_data)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [006/289] drm/radeon/kms: dont disable shared encoders on pre-DCE3 display blocks
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (5 preceding siblings ...)
2010-12-08 0:56 ` [005/289] block: check for proper length of iov entries in blk_rq_map_user_iov() Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [007/289] jme: Fix PHY power-off error Greg KH
` (279 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit a0ae5864d42b41c411368bd689462bf063c029c8 upstream.
The A/B links aren't independantly useable on these blocks so when
we disable the encoders, make sure to only disable the encoder when
there is no connector using it.
Should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=18564
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_encoders.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--- a/drivers/gpu/drm/radeon/radeon_encoders.c
+++ b/drivers/gpu/drm/radeon/radeon_encoders.c
@@ -1547,6 +1547,23 @@ static void radeon_atom_encoder_disable(
struct radeon_device *rdev = dev->dev_private;
struct radeon_encoder *radeon_encoder = to_radeon_encoder(encoder);
struct radeon_encoder_atom_dig *dig;
+
+ /* check for pre-DCE3 cards with shared encoders;
+ * can't really use the links individually, so don't disable
+ * the encoder if it's in use by another connector
+ */
+ if (!ASIC_IS_DCE3(rdev)) {
+ struct drm_encoder *other_encoder;
+ struct radeon_encoder *other_radeon_encoder;
+
+ list_for_each_entry(other_encoder, &dev->mode_config.encoder_list, head) {
+ other_radeon_encoder = to_radeon_encoder(other_encoder);
+ if ((radeon_encoder->encoder_id == other_radeon_encoder->encoder_id) &&
+ drm_helper_encoder_in_use(other_encoder))
+ goto disable_done;
+ }
+ }
+
radeon_atom_encoder_dpms(encoder, DRM_MODE_DPMS_OFF);
switch (radeon_encoder->encoder_id) {
@@ -1586,6 +1603,7 @@ static void radeon_atom_encoder_disable(
break;
}
+disable_done:
if (radeon_encoder_is_digital(encoder)) {
if (atombios_get_encoder_mode(encoder) == ATOM_ENCODER_MODE_HDMI)
r600_hdmi_disable(encoder);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [007/289] jme: Fix PHY power-off error
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (6 preceding siblings ...)
2010-12-08 0:56 ` [006/289] drm/radeon/kms: dont disable shared encoders on pre-DCE3 display blocks Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [008/289] irda: Fix parameter extraction stack overflow Greg KH
` (278 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Guo-Fu Tseng, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Guo-Fu Tseng <cooldavid@cooldavid.org>
commit c8a8684d5cfb0f110a962c93586630c0bf91ebc1 upstream.
Adding phy_on in opposition to phy_off.
Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/jme.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
--- a/drivers/net/jme.c
+++ b/drivers/net/jme.c
@@ -1575,6 +1575,16 @@ jme_free_irq(struct jme_adapter *jme)
}
}
+static inline void
+jme_phy_on(struct jme_adapter *jme)
+{
+ u32 bmcr;
+
+ bmcr = jme_mdio_read(jme->dev, jme->mii_if.phy_id, MII_BMCR);
+ bmcr &= ~BMCR_PDOWN;
+ jme_mdio_write(jme->dev, jme->mii_if.phy_id, MII_BMCR, bmcr);
+}
+
static int
jme_open(struct net_device *netdev)
{
@@ -1595,10 +1605,12 @@ jme_open(struct net_device *netdev)
jme_start_irq(jme);
- if (test_bit(JME_FLAG_SSET, &jme->flags))
+ if (test_bit(JME_FLAG_SSET, &jme->flags)) {
+ jme_phy_on(jme);
jme_set_settings(netdev, &jme->old_ecmd);
- else
+ } else {
jme_reset_phy_processor(jme);
+ }
jme_reset_link(jme);
@@ -3006,10 +3018,12 @@ jme_resume(struct pci_dev *pdev)
jme_clear_pm(jme);
pci_restore_state(pdev);
- if (test_bit(JME_FLAG_SSET, &jme->flags))
+ if (test_bit(JME_FLAG_SSET, &jme->flags)) {
+ jme_phy_on(jme);
jme_set_settings(netdev, &jme->old_ecmd);
- else
+ } else {
jme_reset_phy_processor(jme);
+ }
jme_start_irq(jme);
netif_device_attach(netdev);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [008/289] irda: Fix parameter extraction stack overflow
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (7 preceding siblings ...)
2010-12-08 0:56 ` [007/289] jme: Fix PHY power-off error Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [009/289] irda: Fix heap memory corruption in iriap.c Greg KH
` (277 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Samuel Ortiz
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Samuel Ortiz <samuel@sortiz.org>
commit efc463eb508798da4243625b08c7396462cabf9f upstream.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/irda/parameters.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/irda/parameters.c
+++ b/net/irda/parameters.c
@@ -298,6 +298,8 @@ static int irda_extract_string(void *sel
p.pi = pi; /* In case handler needs to know */
p.pl = buf[1]; /* Extract length of value */
+ if (p.pl > 32)
+ p.pl = 32;
IRDA_DEBUG(2, "%s(), pi=%#x, pl=%d\n", __func__,
p.pi, p.pl);
@@ -318,7 +320,7 @@ static int irda_extract_string(void *sel
(__u8) str[0], (__u8) str[1]);
/* Null terminate string */
- str[p.pl+1] = '\0';
+ str[p.pl] = '\0';
p.pv.c = str; /* Handler will need to take a copy */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [009/289] irda: Fix heap memory corruption in iriap.c
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (8 preceding siblings ...)
2010-12-08 0:56 ` [008/289] irda: Fix parameter extraction stack overflow Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [010/289] r6040: Fix multicast filter some more Greg KH
` (276 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Samuel Ortiz
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Samuel Ortiz <samuel@sortiz.org>
commit 37f9fc452d138dfc4da2ee1ce5ae85094efc3606 upstream.
While parsing the GetValuebyClass command frame, we could potentially write
passed the skb->data pointer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/irda/iriap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/irda/iriap.c
+++ b/net/irda/iriap.c
@@ -502,7 +502,8 @@ static void iriap_getvaluebyclass_confir
IRDA_DEBUG(4, "%s(), strlen=%d\n", __func__, value_len);
/* Make sure the string is null-terminated */
- fp[n+value_len] = 0x00;
+ if (n + value_len < skb->len)
+ fp[n + value_len] = 0x00;
IRDA_DEBUG(4, "Got string %s\n", fp+n);
/* Will truncate to IAS_MAX_STRING bytes */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [010/289] r6040: Fix multicast filter some more
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (9 preceding siblings ...)
2010-12-08 0:56 ` [009/289] irda: Fix heap memory corruption in iriap.c Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [011/289] drm/radeon/kms: fix 2D tile height alignment in the r600 CS checker Greg KH
` (275 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ben Hutchings, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit e2269308359d5863b6aa1fcb95a425a2ab255f1f upstream.
This code has been broken forever, but in several different and
creative ways.
So far as I can work out, the R6040 MAC filter has 4 exact-match
entries, the first of which the driver uses for its assigned unicast
address, plus a 64-entry hash-based filter for multicast addresses
(maybe unicast as well?).
The original version of this code would write the first 4 multicast
addresses as exact-match entries from offset 1 (bug #1: there is no
entry 4 so this could write to some PHY registers). It would fill the
remainder of the exact-match entries with the broadcast address (bug #2:
this would overwrite the last used entry). If more than 4 multicast
addresses were configured, it would set up the hash table, write some
random crap to the MAC control register (bug #3) and finally walk off
the end of the list when filling the exact-match entries (bug #4).
All of this seems to be pointless, since it sets the promiscuous bit
when the interface is made promiscuous or if >4 multicast addresses
are enabled, and never clears it (bug #5, masking bug #2).
The recent(ish) changes to the multicast list fixed bug #4, but
completely removed the limit on iteration over the exact-match entries
(bug #6).
Bug #4 was reported as
<https://bugzilla.kernel.org/show_bug.cgi?id=15355> and more recently
as <http://bugs.debian.org/600155>. Florian Fainelli attempted to fix
these in commit 3bcf8229a8c49769e48d3e0bd1e20d8e003f8106, but that
actually dealt with bugs #1-3, bug #4 having been fixed in mainline at
that point.
That commit fixes the most important current bug #6.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/r6040.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
--- a/drivers/net/r6040.c
+++ b/drivers/net/r6040.c
@@ -893,16 +893,18 @@ static void r6040_multicast_list(struct
/* Multicast Address 1~4 case */
i = 0;
netdev_for_each_mc_addr(ha, dev) {
- if (i < MCAST_MAX) {
- adrp = (u16 *) ha->addr;
- iowrite16(adrp[0], ioaddr + MID_1L + 8 * i);
- iowrite16(adrp[1], ioaddr + MID_1M + 8 * i);
- iowrite16(adrp[2], ioaddr + MID_1H + 8 * i);
- } else {
- iowrite16(0xffff, ioaddr + MID_1L + 8 * i);
- iowrite16(0xffff, ioaddr + MID_1M + 8 * i);
- iowrite16(0xffff, ioaddr + MID_1H + 8 * i);
- }
+ if (i >= MCAST_MAX)
+ break;
+ adrp = (u16 *) ha->addr;
+ iowrite16(adrp[0], ioaddr + MID_1L + 8 * i);
+ iowrite16(adrp[1], ioaddr + MID_1M + 8 * i);
+ iowrite16(adrp[2], ioaddr + MID_1H + 8 * i);
+ i++;
+ }
+ while (i < MCAST_MAX) {
+ iowrite16(0xffff, ioaddr + MID_1L + 8 * i);
+ iowrite16(0xffff, ioaddr + MID_1M + 8 * i);
+ iowrite16(0xffff, ioaddr + MID_1H + 8 * i);
i++;
}
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [011/289] drm/radeon/kms: fix 2D tile height alignment in the r600 CS checker
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (10 preceding siblings ...)
2010-12-08 0:56 ` [010/289] r6040: Fix multicast filter some more Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [012/289] ath9k: built-in rate control A-MPDU fix Greg KH
` (274 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit 354da653233898ed1e51f20cebac9705456bf9b1 upstream.
macro tile heights are aligned to num channels, not num banks.
Noticed by Dave Airlie.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/r600_cs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/radeon/r600_cs.c
+++ b/drivers/gpu/drm/radeon/r600_cs.c
@@ -228,7 +228,7 @@ static inline int r600_cs_track_validate
__func__, __LINE__, pitch);
return -EINVAL;
}
- if (!IS_ALIGNED((height / 8), track->nbanks)) {
+ if (!IS_ALIGNED((height / 8), track->npipes)) {
dev_warn(p->dev, "%s:%d cb height (%d) invalid\n",
__func__, __LINE__, height);
return -EINVAL;
@@ -367,7 +367,7 @@ static int r600_cs_track_check(struct ra
__func__, __LINE__, pitch);
return -EINVAL;
}
- if ((height / 8) & (track->nbanks - 1)) {
+ if (!IS_ALIGNED((height / 8), track->npipes)) {
dev_warn(p->dev, "%s:%d db height (%d) invalid\n",
__func__, __LINE__, height);
return -EINVAL;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [012/289] ath9k: built-in rate control A-MPDU fix
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (11 preceding siblings ...)
2010-12-08 0:56 ` [011/289] drm/radeon/kms: fix 2D tile height alignment in the r600 CS checker Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [013/289] ath9k: fix channel flag / regd issues with multiple cards Greg KH
` (273 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Björn Smedman,
Felix Fietkau, John W. Linville
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1310 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Bj=C3=B6rn=20Smedman?= <bjorn.smedman@venatech.se>
commit a8909cfb1832ac623142898df2a9374722cfe68f upstream.
This patch attempts to ensure that ath9k's built-in rate control algorithm
does not rely on the value of the ampdu_len and ampdu_ack_len tx status
fields unless the IEEE80211_TX_STAT_AMPDU flag is set.
This patch has not been tested.
Signed-off-by: Björn Smedman <bjorn.smedman@venatech.se>
Acked-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/rc.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/rc.c
+++ b/drivers/net/wireless/ath/ath9k/rc.c
@@ -1359,6 +1359,12 @@ static void ath_tx_status(void *priv, st
if (tx_info->flags & IEEE80211_TX_STAT_TX_FILTERED)
return;
+ if (!(tx_info->flags & IEEE80211_TX_STAT_AMPDU)) {
+ tx_info->status.ampdu_ack_len =
+ (tx_info->flags & IEEE80211_TX_STAT_ACK ? 1 : 0);
+ tx_info->status.ampdu_len = 1;
+ }
+
/*
* If an underrun error is seen assume it as an excessive retry only
* if max frame trigger level has been reached (2 KB for singel stream,
^ permalink raw reply [flat|nested] 288+ messages in thread
* [013/289] ath9k: fix channel flag / regd issues with multiple cards
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (12 preceding siblings ...)
2010-12-08 0:56 ` [012/289] ath9k: built-in rate control A-MPDU fix Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [014/289] ath9k: A-MPDU rate control info fix Greg KH
` (272 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit f209f5298217cf54cd5a9163e18b08d093faf8d9 upstream.
Since the regulatory code touches the channel array, it needs to be
copied for each device instance. That way the original channel array
can also be made const.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/init.c | 37 ++++++++++++++++++++++++++++------
1 file changed, 31 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/init.c
+++ b/drivers/net/wireless/ath/ath9k/init.c
@@ -56,7 +56,7 @@ MODULE_PARM_DESC(blink, "Enable LED blin
* on 5 MHz steps, we support the channels which we know
* we have calibration data for all cards though to make
* this static */
-static struct ieee80211_channel ath9k_2ghz_chantable[] = {
+static const struct ieee80211_channel ath9k_2ghz_chantable[] = {
CHAN2G(2412, 0), /* Channel 1 */
CHAN2G(2417, 1), /* Channel 2 */
CHAN2G(2422, 2), /* Channel 3 */
@@ -77,7 +77,7 @@ static struct ieee80211_channel ath9k_2g
* on 5 MHz steps, we support the channels which we know
* we have calibration data for all cards though to make
* this static */
-static struct ieee80211_channel ath9k_5ghz_chantable[] = {
+static const struct ieee80211_channel ath9k_5ghz_chantable[] = {
/* _We_ call this UNII 1 */
CHAN5G(5180, 14), /* Channel 36 */
CHAN5G(5200, 15), /* Channel 40 */
@@ -477,10 +477,17 @@ err:
return -EIO;
}
-static void ath9k_init_channels_rates(struct ath_softc *sc)
+static int ath9k_init_channels_rates(struct ath_softc *sc)
{
+ void *channels;
+
if (test_bit(ATH9K_MODE_11G, sc->sc_ah->caps.wireless_modes)) {
- sc->sbands[IEEE80211_BAND_2GHZ].channels = ath9k_2ghz_chantable;
+ channels = kmemdup(ath9k_2ghz_chantable,
+ sizeof(ath9k_2ghz_chantable), GFP_KERNEL);
+ if (!channels)
+ return -ENOMEM;
+
+ sc->sbands[IEEE80211_BAND_2GHZ].channels = channels;
sc->sbands[IEEE80211_BAND_2GHZ].band = IEEE80211_BAND_2GHZ;
sc->sbands[IEEE80211_BAND_2GHZ].n_channels =
ARRAY_SIZE(ath9k_2ghz_chantable);
@@ -490,7 +497,15 @@ static void ath9k_init_channels_rates(st
}
if (test_bit(ATH9K_MODE_11A, sc->sc_ah->caps.wireless_modes)) {
- sc->sbands[IEEE80211_BAND_5GHZ].channels = ath9k_5ghz_chantable;
+ channels = kmemdup(ath9k_5ghz_chantable,
+ sizeof(ath9k_5ghz_chantable), GFP_KERNEL);
+ if (!channels) {
+ if (sc->sbands[IEEE80211_BAND_2GHZ].channels)
+ kfree(sc->sbands[IEEE80211_BAND_2GHZ].channels);
+ return -ENOMEM;
+ }
+
+ sc->sbands[IEEE80211_BAND_5GHZ].channels = channels;
sc->sbands[IEEE80211_BAND_5GHZ].band = IEEE80211_BAND_5GHZ;
sc->sbands[IEEE80211_BAND_5GHZ].n_channels =
ARRAY_SIZE(ath9k_5ghz_chantable);
@@ -499,6 +514,7 @@ static void ath9k_init_channels_rates(st
sc->sbands[IEEE80211_BAND_5GHZ].n_bitrates =
ARRAY_SIZE(ath9k_legacy_rates) - 4;
}
+ return 0;
}
static void ath9k_init_misc(struct ath_softc *sc)
@@ -593,8 +609,11 @@ static int ath9k_init_softc(u16 devid, s
if (ret)
goto err_btcoex;
+ ret = ath9k_init_channels_rates(sc);
+ if (ret)
+ goto err_btcoex;
+
ath9k_init_crypto(sc);
- ath9k_init_channels_rates(sc);
ath9k_init_misc(sc);
return 0;
@@ -751,6 +770,12 @@ static void ath9k_deinit_softc(struct at
{
int i = 0;
+ if (sc->sbands[IEEE80211_BAND_2GHZ].channels)
+ kfree(sc->sbands[IEEE80211_BAND_2GHZ].channels);
+
+ if (sc->sbands[IEEE80211_BAND_5GHZ].channels)
+ kfree(sc->sbands[IEEE80211_BAND_5GHZ].channels);
+
if ((sc->btcoex.no_stomp_timer) &&
sc->sc_ah->btcoex_hw.scheme == ATH_BTCOEX_CFG_3WIRE)
ath_gen_timer_free(sc->sc_ah, sc->btcoex.no_stomp_timer);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [014/289] ath9k: A-MPDU rate control info fix
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (13 preceding siblings ...)
2010-12-08 0:56 ` [013/289] ath9k: fix channel flag / regd issues with multiple cards Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [015/289] ath9k: Fix tx struck state with paprd Greg KH
` (271 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Björn Smedman,
Felix Fietkau, John W. Linville
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 4354 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Bj=C3=B6rn=20Smedman?= <bjorn.smedman@venatech.se>
commit ebd022873aa61937603d2c4dfea19ce63ea1a3c8 upstream.
This patch fixes the following problems with the rate control feedback
generated by ath9k for A-MPDU frames:
1. Rate control feedback is carried on the first frame of an aggregate
that is either ACKed, or has execeeded the software retry count and is
considered failed. However, ath9k would incorrectly assume the aggregate
had the length 1 if one of these conditions did not apply to the first
frame of the aggregate, but instead a later frame. This fix therefor
copies the bf_nframes field of the buffer in the same manner as the rates
field of the tx status.
2. Sometimes the ampdu_len and ampdu_ack_len fields of the tx status was
left uninitialized eventhough the IEEE80211_TX_STAT_AMPDU flag was set.
This is now avoid by setting flag and fields in the same place.
3. Even if a frame has been selected for aggregation by mac80211 and
marked with the IEEE80211_TX_CTL_AMPDU flag it can sometimes happen that
ath9k transmits the frame without aggregation. In these cases the
ampdu_ack_len field could be incorrectly computed because the nbad
parameter to ath_tx_rc_status was incorrect.
Signed-off-by: Björn Smedman <bjorn.smedman@venatech.se>
Acked-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/xmit.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -312,6 +312,7 @@ static void ath_tx_complete_aggr(struct
int isaggr, txfail, txpending, sendbar = 0, needreset = 0, nbad = 0;
bool rc_update = true;
struct ieee80211_tx_rate rates[4];
+ int nframes;
skb = bf->bf_mpdu;
hdr = (struct ieee80211_hdr *)skb->data;
@@ -320,6 +321,7 @@ static void ath_tx_complete_aggr(struct
hw = bf->aphy->hw;
memcpy(rates, tx_info->control.rates, sizeof(rates));
+ nframes = bf->bf_nframes;
rcu_read_lock();
@@ -337,7 +339,7 @@ static void ath_tx_complete_aggr(struct
!bf->bf_stale || bf_next != NULL)
list_move_tail(&bf->list, &bf_head);
- ath_tx_rc_status(bf, ts, 0, 0, false);
+ ath_tx_rc_status(bf, ts, 1, 0, false);
ath_tx_complete_buf(sc, bf, txq, &bf_head, ts,
0, 0);
@@ -442,6 +444,7 @@ static void ath_tx_complete_aggr(struct
if (rc_update && (acked_cnt == 1 || txfail_cnt == 1)) {
memcpy(tx_info->control.rates, rates, sizeof(rates));
+ bf->bf_nframes = nframes;
ath_tx_rc_status(bf, ts, nbad, txok, true);
rc_update = false;
} else {
@@ -2024,9 +2027,15 @@ static void ath_tx_rc_status(struct ath_
if (ts->ts_status & ATH9K_TXERR_FILT)
tx_info->flags |= IEEE80211_TX_STAT_TX_FILTERED;
- if ((tx_info->flags & IEEE80211_TX_CTL_AMPDU) && update_rc)
+ if ((tx_info->flags & IEEE80211_TX_CTL_AMPDU) && update_rc) {
tx_info->flags |= IEEE80211_TX_STAT_AMPDU;
+ BUG_ON(nbad > bf->bf_nframes);
+
+ tx_info->status.ampdu_len = bf->bf_nframes;
+ tx_info->status.ampdu_ack_len = bf->bf_nframes - nbad;
+ }
+
if ((ts->ts_status & ATH9K_TXERR_FILT) == 0 &&
(bf->bf_flags & ATH9K_TXDESC_NOACK) == 0 && update_rc) {
if (ieee80211_is_data(hdr->frame_control)) {
@@ -2036,8 +2045,6 @@ static void ath_tx_rc_status(struct ath_
if ((ts->ts_status & ATH9K_TXERR_XRETRY) ||
(ts->ts_status & ATH9K_TXERR_FIFO))
tx_info->pad[0] |= ATH_TX_INFO_XRETRY;
- tx_info->status.ampdu_len = bf->bf_nframes;
- tx_info->status.ampdu_ack_len = bf->bf_nframes - nbad;
}
}
@@ -2159,7 +2166,7 @@ static void ath_tx_processq(struct ath_s
*/
if (ts.ts_status & ATH9K_TXERR_XRETRY)
bf->bf_state.bf_type |= BUF_XRETRY;
- ath_tx_rc_status(bf, &ts, 0, txok, true);
+ ath_tx_rc_status(bf, &ts, txok ? 0 : 1, txok, true);
}
if (bf_isampdu(bf))
@@ -2288,7 +2295,7 @@ void ath_tx_edma_tasklet(struct ath_soft
if (!bf_isampdu(bf)) {
if (txs.ts_status & ATH9K_TXERR_XRETRY)
bf->bf_state.bf_type |= BUF_XRETRY;
- ath_tx_rc_status(bf, &txs, 0, txok, true);
+ ath_tx_rc_status(bf, &txs, txok ? 0 : 1, txok, true);
}
if (bf_isampdu(bf))
^ permalink raw reply [flat|nested] 288+ messages in thread
* [015/289] ath9k: Fix tx struck state with paprd
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (14 preceding siblings ...)
2010-12-08 0:56 ` [014/289] ath9k: A-MPDU rate control info fix Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [016/289] ath9k: clean up / fix aggregation session flush Greg KH
` (270 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Vasanthakumar Thiagarajan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Vasanthakumar Thiagarajan <vasanth@atheros.com>
commit 9094537c3a9ef9e127e844254a74186735c9a90b upstream.
Paprd needs to be done only on active chains(not for all the chains
that hw can support). The paprd training frames which are sent
for inactive chains would be hanging on the hw queue without
getting transmitted and would make the connection so unstable.
This issue happens only with the hw which supports paprd cal(ar9003).
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -269,6 +269,7 @@ static void ath_paprd_activate(struct at
{
struct ath_hw *ah = sc->sc_ah;
struct ath9k_hw_cal_data *caldata = ah->caldata;
+ struct ath_common *common = ath9k_hw_common(ah);
int chain;
if (!caldata || !caldata->paprd_done)
@@ -277,7 +278,7 @@ static void ath_paprd_activate(struct at
ath9k_ps_wakeup(sc);
ar9003_paprd_enable(ah, false);
for (chain = 0; chain < AR9300_MAX_CHAINS; chain++) {
- if (!(ah->caps.tx_chainmask & BIT(chain)))
+ if (!(common->tx_chainmask & BIT(chain)))
continue;
ar9003_paprd_populate_single_table(ah, caldata, chain);
@@ -299,6 +300,7 @@ void ath_paprd_calibrate(struct work_str
struct ieee80211_supported_band *sband = &sc->sbands[band];
struct ath_tx_control txctl;
struct ath9k_hw_cal_data *caldata = ah->caldata;
+ struct ath_common *common = ath9k_hw_common(ah);
int qnum, ftype;
int chain_ok = 0;
int chain;
@@ -332,7 +334,7 @@ void ath_paprd_calibrate(struct work_str
ath9k_ps_wakeup(sc);
ar9003_paprd_init_table(ah);
for (chain = 0; chain < AR9300_MAX_CHAINS; chain++) {
- if (!(ah->caps.tx_chainmask & BIT(chain)))
+ if (!(common->tx_chainmask & BIT(chain)))
continue;
chain_ok = 0;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [016/289] ath9k: clean up / fix aggregation session flush
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (15 preceding siblings ...)
2010-12-08 0:56 ` [015/289] ath9k: Fix tx struck state with paprd Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [017/289] ath9k: fix power save race conditions Greg KH
` (269 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit 90fa539ca3f07323da5a90f5c8f4e5cd952875e7 upstream.
The tid aggregation cleanup is a bit fragile, as it discards failed
subframes in some places, and retransmits them in others. This could
block the cleanup of an existing aggregation session, if a retransmission
for a tid is issued, yet the tid is never scheduled again because of
the cleanup state.
Fix this by getting rid of as many subframes as possible, as early
as possible, and immediately transmitting pending subframes as regular
HT frames instead of waiting for the cleanup to complete.
Drop all pending subframes while keeping track of the Block ACK window
during aggregate tx completion to prevent sending out stale subframes,
which could confuse the receiver side.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/xmit.c | 63 ++++++++++++++--------------------
1 file changed, 26 insertions(+), 37 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -61,6 +61,8 @@ static int ath_tx_num_badfrms(struct ath
struct ath_tx_status *ts, int txok);
static void ath_tx_rc_status(struct ath_buf *bf, struct ath_tx_status *ts,
int nbad, int txok, bool update_rc);
+static void ath_tx_update_baw(struct ath_softc *sc, struct ath_atx_tid *tid,
+ int seqno);
enum {
MCS_HT20,
@@ -143,18 +145,23 @@ static void ath_tx_flush_tid(struct ath_
struct ath_txq *txq = &sc->tx.txq[tid->ac->qnum];
struct ath_buf *bf;
struct list_head bf_head;
- INIT_LIST_HEAD(&bf_head);
+ struct ath_tx_status ts;
- WARN_ON(!tid->paused);
+ INIT_LIST_HEAD(&bf_head);
+ memset(&ts, 0, sizeof(ts));
spin_lock_bh(&txq->axq_lock);
- tid->paused = false;
while (!list_empty(&tid->buf_q)) {
bf = list_first_entry(&tid->buf_q, struct ath_buf, list);
- BUG_ON(bf_isretried(bf));
list_move_tail(&bf->list, &bf_head);
- ath_tx_send_ht_normal(sc, txq, tid, &bf_head);
+
+ if (bf_isretried(bf)) {
+ ath_tx_update_baw(sc, tid, bf->bf_seqno);
+ ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0, 0);
+ } else {
+ ath_tx_send_ht_normal(sc, txq, tid, &bf_head);
+ }
}
spin_unlock_bh(&txq->axq_lock);
@@ -433,7 +440,7 @@ static void ath_tx_complete_aggr(struct
list_move_tail(&bf->list, &bf_head);
}
- if (!txpending) {
+ if (!txpending || (tid->state & AGGR_CLEANUP)) {
/*
* complete the acked-ones/xretried ones; update
* block-ack window
@@ -513,15 +520,12 @@ static void ath_tx_complete_aggr(struct
}
if (tid->state & AGGR_CLEANUP) {
+ ath_tx_flush_tid(sc, tid);
+
if (tid->baw_head == tid->baw_tail) {
tid->state &= ~AGGR_ADDBA_COMPLETE;
tid->state &= ~AGGR_CLEANUP;
-
- /* send buffered frames as singles */
- ath_tx_flush_tid(sc, tid);
}
- rcu_read_unlock();
- return;
}
rcu_read_unlock();
@@ -806,12 +810,6 @@ void ath_tx_aggr_stop(struct ath_softc *
struct ath_node *an = (struct ath_node *)sta->drv_priv;
struct ath_atx_tid *txtid = ATH_AN_2_TID(an, tid);
struct ath_txq *txq = &sc->tx.txq[txtid->ac->qnum];
- struct ath_tx_status ts;
- struct ath_buf *bf;
- struct list_head bf_head;
-
- memset(&ts, 0, sizeof(ts));
- INIT_LIST_HEAD(&bf_head);
if (txtid->state & AGGR_CLEANUP)
return;
@@ -821,31 +819,22 @@ void ath_tx_aggr_stop(struct ath_softc *
return;
}
- /* drop all software retried frames and mark this TID */
spin_lock_bh(&txq->axq_lock);
txtid->paused = true;
- while (!list_empty(&txtid->buf_q)) {
- bf = list_first_entry(&txtid->buf_q, struct ath_buf, list);
- if (!bf_isretried(bf)) {
- /*
- * NB: it's based on the assumption that
- * software retried frame will always stay
- * at the head of software queue.
- */
- break;
- }
- list_move_tail(&bf->list, &bf_head);
- ath_tx_update_baw(sc, txtid, bf->bf_seqno);
- ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0, 0);
- }
- spin_unlock_bh(&txq->axq_lock);
- if (txtid->baw_head != txtid->baw_tail) {
+ /*
+ * If frames are still being transmitted for this TID, they will be
+ * cleaned up during tx completion. To prevent race conditions, this
+ * TID can only be reused after all in-progress subframes have been
+ * completed.
+ */
+ if (txtid->baw_head != txtid->baw_tail)
txtid->state |= AGGR_CLEANUP;
- } else {
+ else
txtid->state &= ~AGGR_ADDBA_COMPLETE;
- ath_tx_flush_tid(sc, txtid);
- }
+ spin_unlock_bh(&txq->axq_lock);
+
+ ath_tx_flush_tid(sc, txtid);
}
void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [017/289] ath9k: fix power save race conditions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (16 preceding siblings ...)
2010-12-08 0:56 ` [016/289] ath9k: clean up / fix aggregation session flush Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [018/289] ath9k: fix an aggregation start related race condition Greg KH
` (268 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 8ab2cd09fecc8819bbaee2d0fd8f3a092d866ce3 upstream.
ath9k has a race on putting the chip into network sleep and
having registers read from hardware. The race occurs because
although ath9k_ps_restore() locks its own callers it makes use
of some variables which get altered in the driver at different
code paths. The variables are the ps_enabled and ps_flags.
This is easily reprodicible in large network environments when
roaming with the wpa_supplicant simple bgscan. You'd get some
0xdeadbeef read out on certain registers such as:
ath: timeout (100000 us) on reg 0x806c: 0xdeadbeef & 0x01f00000 != 0x00000000
ath: RX failed to go idle in 10 ms RXSM=0xdeadbeef
ath: timeout (100000 us) on reg 0x7000: 0xdeadbeef & 0x00000003 != 0x00000000
ath: Chip reset failed
The fix is to protect the ath9k_config(hw, IEEE80211_CONF_CHANGE_PS)
calls with a spin_lock_irqsave() which will disable contendors for
these variables from interrupt context, timers, re-entry from mac80211
on the same callback, and most importantly from ath9k_ps_restore()
which is the only call which will put the device into network sleep.
There are quite a few threads and bug reports on these a few of them are:
https://bugs.launchpad.net/ubuntu/karmic/+source/linux/+bug/407040
http://code.google.com/p/chromium-os/issues/detail?id=5709
http://code.google.com/p/chromium-os/issues/detail?id=5943
Stable fixes apply to [2.6.32+]
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/main.c | 5 ++++-
drivers/net/wireless/ath/ath9k/recv.c | 3 +++
2 files changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -1558,6 +1558,8 @@ static int ath9k_config(struct ieee80211
* IEEE80211_CONF_CHANGE_PS is only passed by mac80211 for STA mode.
*/
if (changed & IEEE80211_CONF_CHANGE_PS) {
+ unsigned long flags;
+ spin_lock_irqsave(&sc->sc_pm_lock, flags);
if (conf->flags & IEEE80211_CONF_PS) {
sc->ps_flags |= PS_ENABLED;
/*
@@ -1572,7 +1574,7 @@ static int ath9k_config(struct ieee80211
sc->ps_enabled = false;
sc->ps_flags &= ~(PS_ENABLED |
PS_NULLFUNC_COMPLETED);
- ath9k_setpower(sc, ATH9K_PM_AWAKE);
+ ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_AWAKE);
if (!(ah->caps.hw_caps &
ATH9K_HW_CAP_AUTOSLEEP)) {
ath9k_hw_setrxabort(sc->sc_ah, 0);
@@ -1587,6 +1589,7 @@ static int ath9k_config(struct ieee80211
}
}
}
+ spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
}
if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -1096,6 +1096,7 @@ int ath_rx_tasklet(struct ath_softc *sc,
u8 rx_status_len = ah->caps.rx_status_len;
u64 tsf = 0;
u32 tsf_lower = 0;
+ unsigned long flags;
if (edma)
dma_type = DMA_BIDIRECTIONAL;
@@ -1204,11 +1205,13 @@ int ath_rx_tasklet(struct ath_softc *sc,
sc->rx.rxotherant = 0;
}
+ spin_lock_irqsave(&sc->sc_pm_lock, flags);
if (unlikely(ath9k_check_auto_sleep(sc) ||
(sc->ps_flags & (PS_WAIT_FOR_BEACON |
PS_WAIT_FOR_CAB |
PS_WAIT_FOR_PSPOLL_DATA))))
ath_rx_ps(sc, skb);
+ spin_unlock_irqrestore(&sc->sc_pm_lock, flags);
ath_rx_send_to_mac80211(hw, sc, skb, rxs);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [018/289] ath9k: fix an aggregation start related race condition
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (17 preceding siblings ...)
2010-12-08 0:56 ` [017/289] ath9k: fix power save race conditions Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [019/289] ath9k: fix regression which prevents chip sleep after CAB data Greg KH
` (267 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit 231c3a1f0630c07a584905507a1cb7b705a56ab7 upstream.
A new aggregation session start can be issued by mac80211, even when the
cleanup of the previous session has not completed yet. Since the data structure
for the session is not recreated, this could corrupt the block ack window
and lock up the aggregation session. Fix this by delaying the new session
until the old one has been cleaned up.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/ath9k.h | 4 ++--
drivers/net/wireless/ath/ath9k/main.c | 5 +++--
drivers/net/wireless/ath/ath9k/xmit.c | 10 ++++++++--
3 files changed, 13 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
@@ -346,8 +346,8 @@ void ath_tx_tasklet(struct ath_softc *sc
void ath_tx_edma_tasklet(struct ath_softc *sc);
void ath_tx_cabq(struct ieee80211_hw *hw, struct sk_buff *skb);
bool ath_tx_aggr_check(struct ath_softc *sc, struct ath_node *an, u8 tidno);
-void ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,
- u16 tid, u16 *ssn);
+int ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,
+ u16 tid, u16 *ssn);
void ath_tx_aggr_stop(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid);
void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid);
void ath9k_enable_ps(struct ath_softc *sc);
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -1973,8 +1973,9 @@ static int ath9k_ampdu_action(struct iee
break;
case IEEE80211_AMPDU_TX_START:
ath9k_ps_wakeup(sc);
- ath_tx_aggr_start(sc, sta, tid, ssn);
- ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
+ ret = ath_tx_aggr_start(sc, sta, tid, ssn);
+ if (!ret)
+ ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
ath9k_ps_restore(sc);
break;
case IEEE80211_AMPDU_TX_STOP:
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -792,17 +792,23 @@ static void ath_tx_sched_aggr(struct ath
status != ATH_AGGR_BAW_CLOSED);
}
-void ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,
- u16 tid, u16 *ssn)
+int ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,
+ u16 tid, u16 *ssn)
{
struct ath_atx_tid *txtid;
struct ath_node *an;
an = (struct ath_node *)sta->drv_priv;
txtid = ATH_AN_2_TID(an, tid);
+
+ if (txtid->state & (AGGR_CLEANUP | AGGR_ADDBA_COMPLETE))
+ return -EAGAIN;
+
txtid->state |= AGGR_ADDBA_PROGRESS;
txtid->paused = true;
*ssn = txtid->seq_start;
+
+ return 0;
}
void ath_tx_aggr_stop(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [019/289] ath9k: fix regression which prevents chip sleep after CAB data
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (18 preceding siblings ...)
2010-12-08 0:56 ` [018/289] ath9k: fix an aggregation start related race condition Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [020/289] ath9k_hw: handle rx key miss Greg KH
` (266 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Sameer Nanda,
Gabor Juhos, Amod Bodas, Senthil Balasubramanian,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Senthil Balasubramanian <senthilkumar@atheros.com>
commit 3fac6dfdcd2b893c22b20a03dd1bf1af8b627c4b upstream.
The patch:
commit 293dc5dfdbcc16cde06e40a688394cc8ab083e48
Author: Gabor Juhos <juhosg@openwrt.org>
Date: Fri Jun 19 12:17:48 2009 +0200
ath9k: remove ath_rx_ps_back_to_sleep helper
This helper only clears the SC_OP_WAIT_FOR_{BEACON,CAB} flags.
Remove it and clear these flags directly in the approptiate
places instead.
Changes-licensed-under: ISC
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
introduced a regression which forgot to lift the beacon flag
after we received all broadcast and multicast data. This meant
we never went to sleep consuming about ~650mW on idle. This pretty
much broke power save completely.
This patch has fixes for stable kernels [2.6.32+].
Cc: Paul Stewart <pstew@google.com>
Cc: Sameer Nanda <snanda@google.com>
Cc: Gabor Juhos <juhosg@openwrt.org>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/recv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -631,7 +631,7 @@ static void ath_rx_ps(struct ath_softc *
* No more broadcast/multicast frames to be received at this
* point.
*/
- sc->ps_flags &= ~PS_WAIT_FOR_CAB;
+ sc->ps_flags &= ~(PS_WAIT_FOR_CAB | PS_WAIT_FOR_BEACON);
ath_print(common, ATH_DBG_PS,
"All PS CAB frames received, back to sleep\n");
} else if ((sc->ps_flags & PS_WAIT_FOR_PSPOLL_DATA) &&
^ permalink raw reply [flat|nested] 288+ messages in thread
* [020/289] ath9k_hw: handle rx key miss
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (19 preceding siblings ...)
2010-12-08 0:56 ` [019/289] ath9k: fix regression which prevents chip sleep after CAB data Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [021/289] ath9k: fix regression which disabled ps on ath9k Greg KH
` (265 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit 3ae74c33c4f799f6bf6d67240a94a0814a8f1944 upstream.
If AR_KeyMiss is set in the rx descriptor and AR_RxFrameOK is unset,
the hardware could not locate a valid key during a decryption attempt.
In this case, the frame must not be reported as decrypted, otherwise
mac80211 sees only random garbage.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/ar9003_mac.c | 3 ++-
drivers/net/wireless/ath/ath9k/mac.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
@@ -616,7 +616,8 @@ int ath9k_hw_process_rxdesc_edma(struct
rxs->rs_status |= ATH9K_RXERR_DECRYPT;
} else if (rxsp->status11 & AR_MichaelErr) {
rxs->rs_status |= ATH9K_RXERR_MIC;
- }
+ } else if (rxsp->status11 & AR_KeyMiss)
+ rxs->rs_status |= ATH9K_RXERR_DECRYPT;
}
return 0;
--- a/drivers/net/wireless/ath/ath9k/mac.c
+++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -713,6 +713,8 @@ int ath9k_hw_rxprocdesc(struct ath_hw *a
rs->rs_status |= ATH9K_RXERR_DECRYPT;
else if (ads.ds_rxstatus8 & AR_MichaelErr)
rs->rs_status |= ATH9K_RXERR_MIC;
+ else if (ads.ds_rxstatus8 & AR_KeyMiss)
+ rs->rs_status |= ATH9K_RXERR_DECRYPT;
}
return 0;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [021/289] ath9k: fix regression which disabled ps on ath9k
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (20 preceding siblings ...)
2010-12-08 0:56 ` [020/289] ath9k_hw: handle rx key miss Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [022/289] ath9k: fix regression on beacon loss after bgscan Greg KH
` (264 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 008443def34db1dcc8016763587a288254ea5735 upstream.
The patch titled "ath9k: Add new file init.c" shuffled some code
around but in dong so for some reason also removed the revision
check for disablign power save. Add this revision check again
so we can get power save re-enabled again by default on cards
newer than AR5416 and AR5418.
$ git describe --contains 556242049cc3992d0ee625e9f15c4b00ea4baac8
v2.6.34-rc1~233^2~49^2~343
This patch has fixes for stable kernels [2.6.34+].
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/init.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/init.c
+++ b/drivers/net/wireless/ath/ath9k/init.c
@@ -660,7 +660,8 @@ void ath9k_set_hw_capab(struct ath_softc
BIT(NL80211_IFTYPE_ADHOC) |
BIT(NL80211_IFTYPE_MESH_POINT);
- hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
+ if (AR_SREV_5416(sc->sc_ah))
+ hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;
hw->queues = 4;
hw->max_rates = 4;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [022/289] ath9k: fix regression on beacon loss after bgscan
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (21 preceding siblings ...)
2010-12-08 0:56 ` [021/289] ath9k: fix regression which disabled ps on ath9k Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [023/289] ath9k: fix spurious MIC failure reports Greg KH
` (263 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 52b8ac92496e03d6b5619204d7f3bae6ce6eae45 upstream.
When we return to the home channel we were never reseting our beacon
timers, this was casued by the fact that the scanning flag was still
on even after we returned to our home channel. There are also other
reasons why we would get a reset and if we are not off channel
we always need to resynch our beacon timers, because a reset will
clear them.
This bug is a regression introduced on 2.6.36. The order of the
changes are as follows:
5ee08656 - Sat Jul 31 - ath9k: prevent calibration during off-channel activity
a0daa0e7 - Tue Jul 27 - Revert "mac80211: fix sw scan bracketing"
543708be - Fri Jun 18 - mac80211: fix sw scan bracketing
mcgrof@tux ~/linux-2.6-allstable (git::master)$ git describe \
--contains 5ee0865615f65f84e6ee9174771a6716c29e08e1
v2.6.36-rc1~43^2~34^2~22
mcgrof@tux ~/linux-2.6-allstable (git::master)$ git describe \
--contains a0daa0e7592ada797d6835f11529097aabc27ad2
v2.6.36-rc1~571^2~64^2~13
mcgrof@tux ~/linux-2.6-allstable (git::master)$ git describe \
--contains 543708be320d7df692d24b349ca01a947b340764
v2.6.36-rc1~571^2~107^2~187
So 5ee08656 would have worked if a0daa0e7 was not committed but
it was so this means 5ee08656 was broken since it assumed that
when we were in the channel change routine the scan flag would
be lifted. As it turns out the scan flag will be set when we
are already on the home channel.
For more details refer to:
http://code.google.com/p/chromium-os/issues/detail?id=5715
These issues will need to be considered for our solution on
reshifting the scan complete callback location on mac80211 on
current development kernel work.
This patch has stable fixes which apply down to [2.6.36+]
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -257,9 +257,11 @@ int ath_set_channel(struct ath_softc *sc
if (!(sc->sc_flags & (SC_OP_OFFCHANNEL | SC_OP_SCANNING))) {
ath_start_ani(common);
ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work, 0);
- ath_beacon_config(sc, NULL);
}
+ if (!(sc->sc_flags & (SC_OP_OFFCHANNEL)))
+ ath_beacon_config(sc, NULL);
+
ps_restore:
ath9k_ps_restore(sc);
return r;
@@ -953,7 +955,7 @@ int ath_reset(struct ath_softc *sc, bool
ath_update_txpow(sc);
- if (sc->sc_flags & SC_OP_BEACONS)
+ if ((sc->sc_flags & SC_OP_BEACONS) || !(sc->sc_flags & (SC_OP_OFFCHANNEL)))
ath_beacon_config(sc, NULL); /* restart beacons */
ath9k_hw_set_interrupts(ah, ah->imask);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [023/289] ath9k: fix spurious MIC failure reports
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (22 preceding siblings ...)
2010-12-08 0:56 ` [022/289] ath9k: fix regression on beacon loss after bgscan Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [024/289] ath9k: resume aggregation immediately after a hardware reset Greg KH
` (262 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit 56363ddeeed3afc5277ca227209773bc1042cc7b upstream.
According to the hardware documentation, the MIC failure bit is only
valid if the frame was decrypted using a valid TKIP key and is not a
fragment.
In some setups I've seen hardware-reported MIC failures on an AP that
was configured for CCMP only, so it's clear that additional checks are
necessary.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath.h | 1 +
drivers/net/wireless/ath/ath9k/common.c | 11 +++++++++++
drivers/net/wireless/ath/ath9k/mac.c | 3 ++-
drivers/net/wireless/ath/ath9k/recv.c | 19 +++++++++++--------
4 files changed, 25 insertions(+), 9 deletions(-)
--- a/drivers/net/wireless/ath/ath.h
+++ b/drivers/net/wireless/ath/ath.h
@@ -119,6 +119,7 @@ struct ath_common {
u32 keymax;
DECLARE_BITMAP(keymap, ATH_KEYMAX);
+ DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX);
u8 splitmic;
struct ath_regulatory regulatory;
--- a/drivers/net/wireless/ath/ath9k/common.c
+++ b/drivers/net/wireless/ath/ath9k/common.c
@@ -366,9 +366,13 @@ int ath9k_cmn_key_config(struct ath_comm
set_bit(idx, common->keymap);
if (key->alg == ALG_TKIP) {
set_bit(idx + 64, common->keymap);
+ set_bit(idx, common->tkip_keymap);
+ set_bit(idx + 64, common->tkip_keymap);
if (common->splitmic) {
set_bit(idx + 32, common->keymap);
set_bit(idx + 64 + 32, common->keymap);
+ set_bit(idx + 32, common->tkip_keymap);
+ set_bit(idx + 64 + 32, common->tkip_keymap);
}
}
@@ -393,10 +397,17 @@ void ath9k_cmn_key_delete(struct ath_com
return;
clear_bit(key->hw_key_idx + 64, common->keymap);
+
+ clear_bit(key->hw_key_idx, common->tkip_keymap);
+ clear_bit(key->hw_key_idx + 64, common->tkip_keymap);
+
if (common->splitmic) {
ath9k_hw_keyreset(ah, key->hw_key_idx + 32);
clear_bit(key->hw_key_idx + 32, common->keymap);
clear_bit(key->hw_key_idx + 64 + 32, common->keymap);
+
+ clear_bit(key->hw_key_idx + 32, common->tkip_keymap);
+ clear_bit(key->hw_key_idx + 64 + 32, common->tkip_keymap);
}
}
EXPORT_SYMBOL(ath9k_cmn_key_delete);
--- a/drivers/net/wireless/ath/ath9k/mac.c
+++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -711,7 +711,8 @@ int ath9k_hw_rxprocdesc(struct ath_hw *a
rs->rs_phyerr = phyerr;
} else if (ads.ds_rxstatus8 & AR_DecryptCRCErr)
rs->rs_status |= ATH9K_RXERR_DECRYPT;
- else if (ads.ds_rxstatus8 & AR_MichaelErr)
+ else if ((ads.ds_rxstatus8 & AR_MichaelErr) &&
+ rs->rs_keyix != ATH9K_RXKEYIX_INVALID)
rs->rs_status |= ATH9K_RXERR_MIC;
else if (ads.ds_rxstatus8 & AR_KeyMiss)
rs->rs_status |= ATH9K_RXERR_DECRYPT;
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -870,15 +870,18 @@ static bool ath9k_rx_accept(struct ath_c
if (rx_stats->rs_status & ATH9K_RXERR_DECRYPT) {
*decrypt_error = true;
} else if (rx_stats->rs_status & ATH9K_RXERR_MIC) {
- if (ieee80211_is_ctl(fc))
- /*
- * Sometimes, we get invalid
- * MIC failures on valid control frames.
- * Remove these mic errors.
- */
- rx_stats->rs_status &= ~ATH9K_RXERR_MIC;
- else
+ /*
+ * The MIC error bit is only valid if the frame
+ * is not a control frame or fragment, and it was
+ * decrypted using a valid TKIP key.
+ */
+ if (!ieee80211_is_ctl(fc) &&
+ !ieee80211_has_morefrags(fc) &&
+ !(le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG) &&
+ test_bit(rx_stats->rs_keyix, common->tkip_keymap))
rxs->flag |= RX_FLAG_MMIC_ERROR;
+ else
+ rx_stats->rs_status &= ~ATH9K_RXERR_MIC;
}
/*
* Reject error frames with the exception of
^ permalink raw reply [flat|nested] 288+ messages in thread
* [024/289] ath9k: resume aggregation immediately after a hardware reset
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (23 preceding siblings ...)
2010-12-08 0:56 ` [023/289] ath9k: fix spurious MIC failure reports Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [025/289] ath9k_hw: Fix divide by zero cases in paprd Greg KH
` (261 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit fac6b6a065da42f826088c58bddad82e1b1ccb40 upstream.
Since aggregation is usually triggered by tx completion, a hardware
reset (because of beacon stuck, tx hang or baseband hang) can
significantly delay the transmission of the next AMPDU (until the next
tx completion event).
Fix this by rescheduling aggregation after such a reset.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/beacon.c | 2 +-
drivers/net/wireless/ath/ath9k/main.c | 4 ++--
drivers/net/wireless/ath/ath9k/xmit.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/beacon.c
+++ b/drivers/net/wireless/ath/ath9k/beacon.c
@@ -366,7 +366,7 @@ void ath_beacon_tasklet(unsigned long da
ath_print(common, ATH_DBG_BEACON,
"beacon is officially stuck\n");
sc->sc_flags |= SC_OP_TSF_RESET;
- ath_reset(sc, false);
+ ath_reset(sc, true);
}
return;
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -554,7 +554,7 @@ void ath_hw_check(struct work_struct *wo
msleep(1);
}
- ath_reset(sc, false);
+ ath_reset(sc, true);
out:
ath9k_ps_restore(sc);
@@ -572,7 +572,7 @@ void ath9k_tasklet(unsigned long data)
ath9k_ps_wakeup(sc);
if (status & ATH9K_INT_FATAL) {
- ath_reset(sc, false);
+ ath_reset(sc, true);
ath9k_ps_restore(sc);
return;
}
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -2206,7 +2206,7 @@ static void ath_tx_complete_poll_work(st
ath_print(ath9k_hw_common(sc->sc_ah), ATH_DBG_RESET,
"tx hung, resetting the chip\n");
ath9k_ps_wakeup(sc);
- ath_reset(sc, false);
+ ath_reset(sc, true);
ath9k_ps_restore(sc);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [025/289] ath9k_hw: Fix divide by zero cases in paprd.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (24 preceding siblings ...)
2010-12-08 0:56 ` [024/289] ath9k: resume aggregation immediately after a hardware reset Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [026/289] ath9k_hw: Fix TX carrier leakage for IEEE compliance on AR9003 2.2 Greg KH
` (260 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Senthil Balasubramanian,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Senthil Balasubramanian <senthilkumar@atheros.com>
commit 2d3fca180710c6832de22c44155ce6a3a4953c6b upstream.
We are not handling all divide by zero cases in paprd.
Add additional checks for divide by zero cases in papard.
This patch has fixes intended for kernel 2.6.36.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/ar9003_paprd.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/ar9003_paprd.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_paprd.c
@@ -347,6 +347,10 @@ static bool create_pa_curve(u32 *data_L,
(((Y[6] - Y[3]) * 1 << scale_factor) +
(x_est[6] - x_est[3])) / (x_est[6] - x_est[3]);
+ /* prevent division by zero */
+ if (G_fxp == 0)
+ return false;
+
Y_intercept =
(G_fxp * (x_est[0] - x_est[3]) +
(1 << scale_factor)) / (1 << scale_factor) + Y[3];
@@ -356,14 +360,12 @@ static bool create_pa_curve(u32 *data_L,
for (i = 0; i <= 3; i++) {
y_est[i] = i * 32;
-
- /* prevent division by zero */
- if (G_fxp == 0)
- return false;
-
x_est[i] = ((y_est[i] * 1 << scale_factor) + G_fxp) / G_fxp;
}
+ if (y_est[max_index] == 0)
+ return false;
+
x_est_fxp1_nonlin =
x_est[max_index] - ((1 << scale_factor) * y_est[max_index] +
G_fxp) / G_fxp;
@@ -457,6 +459,8 @@ static bool create_pa_curve(u32 *data_L,
Q_scale_B = find_proper_scale(find_expn(abs(scale_B)), 10);
scale_B = scale_B / (1 << Q_scale_B);
+ if (scale_B == 0)
+ return false;
Q_beta = find_proper_scale(find_expn(abs(beta_raw)), 10);
Q_alpha = find_proper_scale(find_expn(abs(alpha_raw)), 10);
beta_raw = beta_raw / (1 << Q_beta);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [026/289] ath9k_hw: Fix TX carrier leakage for IEEE compliance on AR9003 2.2
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (25 preceding siblings ...)
2010-12-08 0:56 ` [025/289] ath9k_hw: Fix divide by zero cases in paprd Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [027/289] ath9k_htc: Set proper firmware offset for Netgear WNDA3200 Greg KH
` (259 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Yixiang Li, Don Breslin,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 0dfa6dbb7372e581d3beb38b11772152114796b8 upstream.
This updates the initvals for the AR9003 2.2 chipsets. The initvals
are the initial register values we use for our registers upon hardware
reset. This synchs up the initvals to match what our latest recommendation
from our systems engineering team.
The description of changes in this update:
Improves ability to support very strong Rx conditions.
Enhances DFS support for AP-mode.
Improves performance of Tx carrier leak calibration.
Adds support for Japan channel 14 Tx filtering requirements.
Improves Tx power accuracy.
Impact:
Update required to address degraded throughput at very short range.
Update required for AP-mode DFS certification.
Update required to comply to IEEE Tx carrier leak specification.
May not meet expected +/- 2 dB Tx power accuracy without update.
The most important fix here would be the TX carrier leakage required
to comply with IEEE 802.11 specifications. The group of changes have
been tested all together in one release.
References:
Osprey 2.2 header file ver #33
Checksums:
$ ./initvals -f ar9003-2p2
0x000000004a488fc7 ar9300_2p2_radio_postamble
0x0000000046cb1300 ar9300Modes_lowest_ob_db_tx_gain_table_2p2
0x00000000e912711f ar9300Modes_fast_clock_2p2
0x0000000037ac0ee8 ar9300_2p2_radio_core
0x00000000047a7700 ar9300Common_rx_gain_table_merlin_2p2
0x0000000003f783bb ar9300_2p2_mac_postamble
0x00000000301fc841 ar9300_2p2_soc_postamble
0x000000005ec8075f ar9200_merlin_2p2_radio_core
0x0000000083372ffa ar9300_2p2_baseband_postamble
0x00000000c4f59974 ar9300_2p2_baseband_core
0x00000000e20d2e72 ar9300Modes_high_power_tx_gain_table_2p2
0x000000007fd55c70 ar9300Modes_high_ob_db_tx_gain_table_2p2
0x0000000029495000 ar9300Common_rx_gain_table_2p2
0x0000000042cb1300 ar9300Modes_low_ob_db_tx_gain_table_2p2
0x00000000c4739cd6 ar9300_2p2_mac_core
0x000000003521a300 ar9300Common_wo_xlna_rx_gain_table_2p2
0x00000000a15ccf1b ar9300_2p2_soc_preamble
0x0000000029734396 ar9300PciePhy_pll_on_clkreq_disable_L1_2p2
0x000000002d834396 ar9300PciePhy_clkreq_enable_L1_2p2
0x0000000029834396 ar9300PciePhy_clkreq_disable_L1_2p2
$ ./initvals -f ar9003-2p2 | sha1sum
0ceddb5cf66737610fb51f04cf3e9ff71870c7b4 -
Cc: Yixiang Li <yixiang.li@atheros.com>
Cc: Don Breslin <don.breslin@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h | 191 +++++++++++++------
1 file changed, 135 insertions(+), 56 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h
+++ b/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h
@@ -34,6 +34,10 @@ static const u32 ar9300_2p2_radio_postam
static const u32 ar9300Modes_lowest_ob_db_tx_gain_table_2p2[][5] = {
/* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */
+ {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000a2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9},
{0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002},
@@ -99,6 +103,30 @@ static const u32 ar9300Modes_lowest_ob_d
{0x0000a5f4, 0x7782b08c, 0x7782b08c, 0x5d801eec, 0x5d801eec},
{0x0000a5f8, 0x7782b08c, 0x7782b08c, 0x5d801eec, 0x5d801eec},
{0x0000a5fc, 0x7782b08c, 0x7782b08c, 0x5d801eec, 0x5d801eec},
+ {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a614, 0x01404000, 0x01404000, 0x01404000, 0x01404000},
+ {0x0000a618, 0x01404501, 0x01404501, 0x01404501, 0x01404501},
+ {0x0000a61c, 0x02008802, 0x02008802, 0x02008501, 0x02008501},
+ {0x0000a620, 0x0300cc03, 0x0300cc03, 0x0280ca03, 0x0280ca03},
+ {0x0000a624, 0x0300cc03, 0x0300cc03, 0x03010c04, 0x03010c04},
+ {0x0000a628, 0x0300cc03, 0x0300cc03, 0x04014c04, 0x04014c04},
+ {0x0000a62c, 0x03810c03, 0x03810c03, 0x04015005, 0x04015005},
+ {0x0000a630, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000a634, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000a638, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000a63c, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000b2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000c2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000c2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000c2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000c2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x00016044, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4},
{0x00016048, 0x62480001, 0x62480001, 0x62480001, 0x62480001},
{0x00016068, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c},
@@ -118,7 +146,7 @@ static const u32 ar9300Modes_fast_clock_
{0x00008014, 0x044c044c, 0x08980898},
{0x0000801c, 0x148ec02b, 0x148ec057},
{0x00008318, 0x000044c0, 0x00008980},
- {0x00009e00, 0x03721821, 0x03721821},
+ {0x00009e00, 0x0372131c, 0x0372131c},
{0x0000a230, 0x0000000b, 0x00000016},
{0x0000a254, 0x00000898, 0x00001130},
};
@@ -595,15 +623,16 @@ static const u32 ar9300_2p2_baseband_pos
{0x0000982c, 0x05eea6d4, 0x05eea6d4, 0x05eea6d4, 0x05eea6d4},
{0x00009830, 0x0000059c, 0x0000059c, 0x0000119c, 0x0000119c},
{0x00009c00, 0x000000c4, 0x000000c4, 0x000000c4, 0x000000c4},
- {0x00009e00, 0x0372161e, 0x0372161e, 0x037216a0, 0x037216a0},
- {0x00009e04, 0x00802020, 0x00802020, 0x00802020, 0x00802020},
+ {0x00009e00, 0x0372111a, 0x0372111a, 0x037216a0, 0x037216a0},
+ {0x00009e04, 0x001c2020, 0x001c2020, 0x001c2020, 0x001c2020},
{0x00009e0c, 0x6c4000e2, 0x6d4000e2, 0x6d4000e2, 0x6c4000e2},
{0x00009e10, 0x7ec88d2e, 0x7ec88d2e, 0x7ec84d2e, 0x7ec84d2e},
- {0x00009e14, 0x31395d5e, 0x3139605e, 0x3139605e, 0x31395d5e},
+ {0x00009e14, 0x37b95d5e, 0x37b9605e, 0x3379605e, 0x33795d5e},
{0x00009e18, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x00009e1c, 0x0001cf9c, 0x0001cf9c, 0x00021f9c, 0x00021f9c},
{0x00009e20, 0x000003b5, 0x000003b5, 0x000003ce, 0x000003ce},
{0x00009e2c, 0x0000001c, 0x0000001c, 0x00000021, 0x00000021},
+ {0x00009e3c, 0xcf946220, 0xcf946220, 0xcf946222, 0xcf946222},
{0x00009e44, 0x02321e27, 0x02321e27, 0x02291e27, 0x02291e27},
{0x00009e48, 0x5030201a, 0x5030201a, 0x50302012, 0x50302012},
{0x00009fc8, 0x0003f000, 0x0003f000, 0x0001a000, 0x0001a000},
@@ -624,16 +653,16 @@ static const u32 ar9300_2p2_baseband_pos
{0x0000a28c, 0x00022222, 0x00022222, 0x00022222, 0x00022222},
{0x0000a2c4, 0x00158d18, 0x00158d18, 0x00158d18, 0x00158d18},
{0x0000a2d0, 0x00071981, 0x00071981, 0x00071981, 0x00071982},
- {0x0000a2d8, 0xf999a83a, 0xf999a83a, 0xf999a83a, 0xf999a83a},
+ {0x0000a2d8, 0x7999a83a, 0x7999a83a, 0x7999a83a, 0x7999a83a},
{0x0000a358, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000a830, 0x0000019c, 0x0000019c, 0x0000019c, 0x0000019c},
- {0x0000ae04, 0x00800000, 0x00800000, 0x00800000, 0x00800000},
+ {0x0000ae04, 0x001c0000, 0x001c0000, 0x001c0000, 0x001c0000},
{0x0000ae18, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000ae1c, 0x0000019c, 0x0000019c, 0x0000019c, 0x0000019c},
{0x0000ae20, 0x000001b5, 0x000001b5, 0x000001ce, 0x000001ce},
{0x0000b284, 0x00000000, 0x00000000, 0x00000150, 0x00000150},
{0x0000b830, 0x0000019c, 0x0000019c, 0x0000019c, 0x0000019c},
- {0x0000be04, 0x00800000, 0x00800000, 0x00800000, 0x00800000},
+ {0x0000be04, 0x001c0000, 0x001c0000, 0x001c0000, 0x001c0000},
{0x0000be18, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000be1c, 0x0000019c, 0x0000019c, 0x0000019c, 0x0000019c},
{0x0000be20, 0x000001b5, 0x000001b5, 0x000001ce, 0x000001ce},
@@ -649,13 +678,13 @@ static const u32 ar9300_2p2_baseband_cor
{0x00009814, 0x9280c00a},
{0x00009818, 0x00000000},
{0x0000981c, 0x00020028},
- {0x00009834, 0x5f3ca3de},
+ {0x00009834, 0x6400a290},
{0x00009838, 0x0108ecff},
{0x0000983c, 0x14750600},
{0x00009880, 0x201fff00},
{0x00009884, 0x00001042},
{0x000098a4, 0x00200400},
- {0x000098b0, 0x52440bbe},
+ {0x000098b0, 0x32840bbe},
{0x000098d0, 0x004b6a8e},
{0x000098d4, 0x00000820},
{0x000098dc, 0x00000000},
@@ -681,7 +710,6 @@ static const u32 ar9300_2p2_baseband_cor
{0x00009e30, 0x06336f77},
{0x00009e34, 0x6af6532f},
{0x00009e38, 0x0cc80c00},
- {0x00009e3c, 0xcf946222},
{0x00009e40, 0x0d261820},
{0x00009e4c, 0x00001004},
{0x00009e50, 0x00ff03f1},
@@ -694,7 +722,7 @@ static const u32 ar9300_2p2_baseband_cor
{0x0000a220, 0x00000000},
{0x0000a224, 0x00000000},
{0x0000a228, 0x10002310},
- {0x0000a22c, 0x01036a1e},
+ {0x0000a22c, 0x01036a27},
{0x0000a23c, 0x00000000},
{0x0000a244, 0x0c000000},
{0x0000a2a0, 0x00000001},
@@ -702,10 +730,6 @@ static const u32 ar9300_2p2_baseband_cor
{0x0000a2c8, 0x00000000},
{0x0000a2cc, 0x18c43433},
{0x0000a2d4, 0x00000000},
- {0x0000a2dc, 0x00000000},
- {0x0000a2e0, 0x00000000},
- {0x0000a2e4, 0x00000000},
- {0x0000a2e8, 0x00000000},
{0x0000a2ec, 0x00000000},
{0x0000a2f0, 0x00000000},
{0x0000a2f4, 0x00000000},
@@ -753,33 +777,17 @@ static const u32 ar9300_2p2_baseband_cor
{0x0000a430, 0x1ce739ce},
{0x0000a434, 0x00000000},
{0x0000a438, 0x00001801},
- {0x0000a43c, 0x00000000},
+ {0x0000a43c, 0x00100000},
{0x0000a440, 0x00000000},
{0x0000a444, 0x00000000},
{0x0000a448, 0x06000080},
{0x0000a44c, 0x00000001},
{0x0000a450, 0x00010000},
{0x0000a458, 0x00000000},
- {0x0000a600, 0x00000000},
- {0x0000a604, 0x00000000},
- {0x0000a608, 0x00000000},
- {0x0000a60c, 0x00000000},
- {0x0000a610, 0x00000000},
- {0x0000a614, 0x00000000},
- {0x0000a618, 0x00000000},
- {0x0000a61c, 0x00000000},
- {0x0000a620, 0x00000000},
- {0x0000a624, 0x00000000},
- {0x0000a628, 0x00000000},
- {0x0000a62c, 0x00000000},
- {0x0000a630, 0x00000000},
- {0x0000a634, 0x00000000},
- {0x0000a638, 0x00000000},
- {0x0000a63c, 0x00000000},
{0x0000a640, 0x00000000},
{0x0000a644, 0x3fad9d74},
{0x0000a648, 0x0048060a},
- {0x0000a64c, 0x00000637},
+ {0x0000a64c, 0x00003c37},
{0x0000a670, 0x03020100},
{0x0000a674, 0x09080504},
{0x0000a678, 0x0d0c0b0a},
@@ -802,10 +810,6 @@ static const u32 ar9300_2p2_baseband_cor
{0x0000a8f4, 0x00000000},
{0x0000b2d0, 0x00000080},
{0x0000b2d4, 0x00000000},
- {0x0000b2dc, 0x00000000},
- {0x0000b2e0, 0x00000000},
- {0x0000b2e4, 0x00000000},
- {0x0000b2e8, 0x00000000},
{0x0000b2ec, 0x00000000},
{0x0000b2f0, 0x00000000},
{0x0000b2f4, 0x00000000},
@@ -820,10 +824,6 @@ static const u32 ar9300_2p2_baseband_cor
{0x0000b8f4, 0x00000000},
{0x0000c2d0, 0x00000080},
{0x0000c2d4, 0x00000000},
- {0x0000c2dc, 0x00000000},
- {0x0000c2e0, 0x00000000},
- {0x0000c2e4, 0x00000000},
- {0x0000c2e8, 0x00000000},
{0x0000c2ec, 0x00000000},
{0x0000c2f0, 0x00000000},
{0x0000c2f4, 0x00000000},
@@ -835,6 +835,10 @@ static const u32 ar9300_2p2_baseband_cor
static const u32 ar9300Modes_high_power_tx_gain_table_2p2[][5] = {
/* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */
+ {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000a2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000a410, 0x000050d8, 0x000050d8, 0x000050d9, 0x000050d9},
{0x0000a500, 0x00002220, 0x00002220, 0x00000000, 0x00000000},
{0x0000a504, 0x04002222, 0x04002222, 0x04000002, 0x04000002},
@@ -855,7 +859,7 @@ static const u32 ar9300Modes_high_power_
{0x0000a540, 0x49005e72, 0x49005e72, 0x38001660, 0x38001660},
{0x0000a544, 0x4e005eb2, 0x4e005eb2, 0x3b001861, 0x3b001861},
{0x0000a548, 0x53005f12, 0x53005f12, 0x3e001a81, 0x3e001a81},
- {0x0000a54c, 0x59025eb5, 0x59025eb5, 0x42001a83, 0x42001a83},
+ {0x0000a54c, 0x59025eb2, 0x59025eb2, 0x42001a83, 0x42001a83},
{0x0000a550, 0x5e025f12, 0x5e025f12, 0x44001c84, 0x44001c84},
{0x0000a554, 0x61027f12, 0x61027f12, 0x48001ce3, 0x48001ce3},
{0x0000a558, 0x6702bf12, 0x6702bf12, 0x4c001ce5, 0x4c001ce5},
@@ -900,6 +904,30 @@ static const u32 ar9300Modes_high_power_
{0x0000a5f4, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec},
{0x0000a5f8, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec},
{0x0000a5fc, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec},
+ {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a610, 0x00804000, 0x00804000, 0x00000000, 0x00000000},
+ {0x0000a614, 0x00804201, 0x00804201, 0x01404000, 0x01404000},
+ {0x0000a618, 0x0280c802, 0x0280c802, 0x01404501, 0x01404501},
+ {0x0000a61c, 0x0280ca03, 0x0280ca03, 0x02008501, 0x02008501},
+ {0x0000a620, 0x04c15104, 0x04c15104, 0x0280ca03, 0x0280ca03},
+ {0x0000a624, 0x04c15305, 0x04c15305, 0x03010c04, 0x03010c04},
+ {0x0000a628, 0x04c15305, 0x04c15305, 0x04014c04, 0x04014c04},
+ {0x0000a62c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a630, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a634, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a638, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a63c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000b2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000c2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000c2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000c2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000c2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x00016044, 0x056db2e6, 0x056db2e6, 0x056db2e6, 0x056db2e6},
{0x00016048, 0xae480001, 0xae480001, 0xae480001, 0xae480001},
{0x00016068, 0x6eb6db6c, 0x6eb6db6c, 0x6eb6db6c, 0x6eb6db6c},
@@ -913,6 +941,10 @@ static const u32 ar9300Modes_high_power_
static const u32 ar9300Modes_high_ob_db_tx_gain_table_2p2[][5] = {
/* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */
+ {0x0000a2dc, 0x01feee00, 0x01feee00, 0x00637800, 0x00637800},
+ {0x0000a2e0, 0x0000f000, 0x0000f000, 0x03838000, 0x03838000},
+ {0x0000a2e4, 0x01ff0000, 0x01ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000a2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000a410, 0x000050d8, 0x000050d8, 0x000050d9, 0x000050d9},
{0x0000a500, 0x00002220, 0x00002220, 0x00000000, 0x00000000},
{0x0000a504, 0x04002222, 0x04002222, 0x04000002, 0x04000002},
@@ -933,7 +965,7 @@ static const u32 ar9300Modes_high_ob_db_
{0x0000a540, 0x49005e72, 0x49005e72, 0x38001660, 0x38001660},
{0x0000a544, 0x4e005eb2, 0x4e005eb2, 0x3b001861, 0x3b001861},
{0x0000a548, 0x53005f12, 0x53005f12, 0x3e001a81, 0x3e001a81},
- {0x0000a54c, 0x59025eb5, 0x59025eb5, 0x42001a83, 0x42001a83},
+ {0x0000a54c, 0x59025eb2, 0x59025eb2, 0x42001a83, 0x42001a83},
{0x0000a550, 0x5e025f12, 0x5e025f12, 0x44001c84, 0x44001c84},
{0x0000a554, 0x61027f12, 0x61027f12, 0x48001ce3, 0x48001ce3},
{0x0000a558, 0x6702bf12, 0x6702bf12, 0x4c001ce5, 0x4c001ce5},
@@ -978,6 +1010,30 @@ static const u32 ar9300Modes_high_ob_db_
{0x0000a5f4, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec},
{0x0000a5f8, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec},
{0x0000a5fc, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec},
+ {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a610, 0x00804000, 0x00804000, 0x00000000, 0x00000000},
+ {0x0000a614, 0x00804201, 0x00804201, 0x01404000, 0x01404000},
+ {0x0000a618, 0x0280c802, 0x0280c802, 0x01404501, 0x01404501},
+ {0x0000a61c, 0x0280ca03, 0x0280ca03, 0x02008501, 0x02008501},
+ {0x0000a620, 0x04c15104, 0x04c15104, 0x0280ca03, 0x0280ca03},
+ {0x0000a624, 0x04c15305, 0x04c15305, 0x03010c04, 0x03010c04},
+ {0x0000a628, 0x04c15305, 0x04c15305, 0x04014c04, 0x04014c04},
+ {0x0000a62c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a630, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a634, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a638, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000a63c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005},
+ {0x0000b2dc, 0x01feee00, 0x01feee00, 0x00637800, 0x00637800},
+ {0x0000b2e0, 0x0000f000, 0x0000f000, 0x03838000, 0x03838000},
+ {0x0000b2e4, 0x01ff0000, 0x01ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000b2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000c2dc, 0x01feee00, 0x01feee00, 0x00637800, 0x00637800},
+ {0x0000c2e0, 0x0000f000, 0x0000f000, 0x03838000, 0x03838000},
+ {0x0000c2e4, 0x01ff0000, 0x01ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000c2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x00016044, 0x056db2e4, 0x056db2e4, 0x056db2e4, 0x056db2e4},
{0x00016048, 0x8e480001, 0x8e480001, 0x8e480001, 0x8e480001},
{0x00016068, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c},
@@ -1151,14 +1207,14 @@ static const u32 ar9300Common_rx_gain_ta
{0x0000b074, 0x00000000},
{0x0000b078, 0x00000000},
{0x0000b07c, 0x00000000},
- {0x0000b080, 0x32323232},
- {0x0000b084, 0x2f2f3232},
- {0x0000b088, 0x23282a2d},
- {0x0000b08c, 0x1c1e2123},
- {0x0000b090, 0x14171919},
- {0x0000b094, 0x0e0e1214},
- {0x0000b098, 0x03050707},
- {0x0000b09c, 0x00030303},
+ {0x0000b080, 0x2a2d2f32},
+ {0x0000b084, 0x21232328},
+ {0x0000b088, 0x19191c1e},
+ {0x0000b08c, 0x12141417},
+ {0x0000b090, 0x07070e0e},
+ {0x0000b094, 0x03030305},
+ {0x0000b098, 0x00000003},
+ {0x0000b09c, 0x00000000},
{0x0000b0a0, 0x00000000},
{0x0000b0a4, 0x00000000},
{0x0000b0a8, 0x00000000},
@@ -1251,6 +1307,10 @@ static const u32 ar9300Common_rx_gain_ta
static const u32 ar9300Modes_low_ob_db_tx_gain_table_2p2[][5] = {
/* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */
+ {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000a2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9},
{0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002},
@@ -1316,6 +1376,30 @@ static const u32 ar9300Modes_low_ob_db_t
{0x0000a5f4, 0x7782b08c, 0x7782b08c, 0x5d801eec, 0x5d801eec},
{0x0000a5f8, 0x7782b08c, 0x7782b08c, 0x5d801eec, 0x5d801eec},
{0x0000a5fc, 0x7782b08c, 0x7782b08c, 0x5d801eec, 0x5d801eec},
+ {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000a614, 0x01404000, 0x01404000, 0x01404000, 0x01404000},
+ {0x0000a618, 0x01404501, 0x01404501, 0x01404501, 0x01404501},
+ {0x0000a61c, 0x02008802, 0x02008802, 0x02008501, 0x02008501},
+ {0x0000a620, 0x0300cc03, 0x0300cc03, 0x0280ca03, 0x0280ca03},
+ {0x0000a624, 0x0300cc03, 0x0300cc03, 0x03010c04, 0x03010c04},
+ {0x0000a628, 0x0300cc03, 0x0300cc03, 0x04014c04, 0x04014c04},
+ {0x0000a62c, 0x03810c03, 0x03810c03, 0x04015005, 0x04015005},
+ {0x0000a630, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000a634, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000a638, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000a63c, 0x03810e04, 0x03810e04, 0x04015005, 0x04015005},
+ {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000b2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
+ {0x0000c2dc, 0x0380c7fc, 0x0380c7fc, 0x00637800, 0x00637800},
+ {0x0000c2e0, 0x0000f800, 0x0000f800, 0x03838000, 0x03838000},
+ {0x0000c2e4, 0x03ff0000, 0x03ff0000, 0x03fc0000, 0x03fc0000},
+ {0x0000c2e8, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
{0x00016044, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4},
{0x00016048, 0x66480001, 0x66480001, 0x66480001, 0x66480001},
{0x00016068, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c, 0x6db6db6c},
@@ -1414,15 +1498,10 @@ static const u32 ar9300_2p2_mac_core[][2
{0x00008144, 0xffffffff},
{0x00008168, 0x00000000},
{0x0000816c, 0x00000000},
- {0x00008170, 0x18486200},
- {0x00008174, 0x33332210},
- {0x00008178, 0x00000000},
- {0x0000817c, 0x00020000},
{0x000081c0, 0x00000000},
{0x000081c4, 0x33332210},
{0x000081c8, 0x00000000},
{0x000081cc, 0x00000000},
- {0x000081d4, 0x00000000},
{0x000081ec, 0x00000000},
{0x000081f0, 0x00000000},
{0x000081f4, 0x00000000},
^ permalink raw reply [flat|nested] 288+ messages in thread
* [027/289] ath9k_htc: Set proper firmware offset for Netgear WNDA3200
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (26 preceding siblings ...)
2010-12-08 0:56 ` [026/289] ath9k_hw: Fix TX carrier leakage for IEEE compliance on AR9003 2.2 Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [028/289] ath9k: Fix incorrect access of rate flags in RC Greg KH
` (258 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rajkumar Manoharan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rajkumar Manoharan <rmanoharan@atheros.com>
commit d654567dec75782d6fd9add4b7b9c50e0926d369 upstream.
Netgear WNDA3200 device uses ar7010 firmware but it is failed to set
correct firmware offset on firmware download which causes device initialization
failure.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -799,10 +799,16 @@ static int ath9k_hif_usb_download_fw(str
}
kfree(buf);
- if ((hif_dev->device_id == 0x7010) || (hif_dev->device_id == 0x7015))
+ switch (hif_dev->device_id) {
+ case 0x7010:
+ case 0x7015:
+ case 0x9018:
firm_offset = AR7010_FIRMWARE_TEXT;
- else
+ break;
+ default:
firm_offset = AR9271_FIRMWARE_TEXT;
+ break;
+ }
/*
* Issue FW download complete command to firmware.
^ permalink raw reply [flat|nested] 288+ messages in thread
* [028/289] ath9k: Fix incorrect access of rate flags in RC
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (27 preceding siblings ...)
2010-12-08 0:56 ` [027/289] ath9k_htc: Set proper firmware offset for Netgear WNDA3200 Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [029/289] ath9k: rename rxflushlock to pcu_lock Greg KH
` (257 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Mohammed Shafi Shajakhan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
commit 4fc4fbd1d9a05fa4f348b499aca3a6f8d3c9bbe6 upstream.
The index variable to access the rate flags should be obtained from the
inner loop counter which corresponds to the rate table structure.This
fixes the invalid rate selection i.e when the supported basic rate is
invalid on a particular band and also the following warning message.
Thanks to Raj for finding this out.
Call Trace:
[<ffffffff8104ee4a>] warn_slowpath_common+0x7a/0xb0
[<ffffffff8104ee95>] warn_slowpath_null+0x15/0x20
[<ffffffffa0583c45>] ath_get_rate+0x595/0x5b0 [ath9k]
[<ffffffff811a0636>] ? cpumask_next_and+0x36/0x50
[<ffffffffa0405186>] rate_control_get_rate+0x86/0x160 [mac80211]
[<ffffffffa040dfac>] invoke_tx_handlers+0x81c/0x12d0 [mac80211]
[<ffffffffa040eae9>] ieee80211_tx+0x89/0x2b0 [mac80211]
[<ffffffff812891bc>] ? pskb_expand_head+0x1cc/0x1f0
[<ffffffffa040edc5>] ieee80211_xmit+0xb5/0x1c0 [mac80211]
[<ffffffffa041026f>] ieee80211_tx_skb+0x4f/0x60 [mac80211]
[<ffffffffa03fe016>] ieee80211_send_nullfunc+0x46/0x60 [mac80211]
[<ffffffffa03f91d7>] ieee80211_offchannel_stop_station+0x107/0x150
[mac80211]
[<ffffffff812891bc>] ? pskb_expand_head+0x1cc/0x1f0
[<ffffffffa040edc5>] ieee80211_xmit+0xb5/0x1c0 [mac80211]
[<ffffffffa041026f>] ieee80211_tx_skb+0x4f/0x60 [mac80211]
[<ffffffffa03fe016>] ieee80211_send_nullfunc+0x46/0x60 [mac80211]
[<ffffffffa03f91d7>] ieee80211_offchannel_stop_station+0x107/0x150
[mac80211]
[<ffffffffa03f8896>] ieee80211_scan_work+0x146/0x600 [mac80211]
[<ffffffff8133a375>] ? schedule+0x2f5/0x8e0
[<ffffffffa03f8750>] ? ieee80211_scan_work+0x0/0x600 [mac80211]
[<ffffffff81064fcf>] process_one_work+0x10f/0x380
[<ffffffff81066bc2>] worker_thread+0x162/0x340
[<ffffffff81066a60>] ? worker_thread+0x0/0x340
Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/rc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/rc.c
+++ b/drivers/net/wireless/ath/ath9k/rc.c
@@ -538,7 +538,7 @@ static u8 ath_rc_setvalid_rates(struct a
for (i = 0; i < rateset->rs_nrates; i++) {
for (j = 0; j < rate_table->rate_cnt; j++) {
u32 phy = rate_table->info[j].phy;
- u16 rate_flags = rate_table->info[i].rate_flags;
+ u16 rate_flags = rate_table->info[j].rate_flags;
u8 rate = rateset->rs_rates[i];
u8 dot11rate = rate_table->info[j].dot11rate;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [029/289] ath9k: rename rxflushlock to pcu_lock
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (28 preceding siblings ...)
2010-12-08 0:56 ` [028/289] ath9k: Fix incorrect access of rate flags in RC Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [030/289] ath9k: fix tx aggregation flush on AR9003 Greg KH
` (256 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ben Greear, Kyungwan Nam,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit b79b33c4baf2532aac2c0924dce5a738099b888c upstream.
The real way to lock RX is to contend on the PCU
and reset, this will be fixed in the next patch but for
now just do the renames so that the next patch which changes
the locking order is crystal clear.
This is part of a series that will help resolve the bug:
https://bugzilla.kernel.org/show_bug.cgi?id=14624
For more details about this issue refer to:
http://marc.info/?l=linux-wireless&m=128629803703756&w=2
Cc: Ben Greear <greearb@candelatech.com>
Cc: Kyungwan Nam <kyungwan.nam@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/ath9k.h | 2 +-
drivers/net/wireless/ath/ath9k/main.c | 4 ++--
drivers/net/wireless/ath/ath9k/recv.c | 6 +++---
3 files changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
@@ -312,7 +312,7 @@ struct ath_rx {
u8 rxotherant;
u32 *rxlink;
unsigned int rxfilter;
- spinlock_t rxflushlock;
+ spinlock_t pcu_lock;
spinlock_t rxbuflock;
struct list_head rxbuf;
struct ath_descdma rxdma;
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -587,7 +587,7 @@ void ath9k_tasklet(unsigned long data)
rxmask = (ATH9K_INT_RX | ATH9K_INT_RXEOL | ATH9K_INT_RXORN);
if (status & rxmask) {
- spin_lock_bh(&sc->rx.rxflushlock);
+ spin_lock_bh(&sc->rx.pcu_lock);
/* Check for high priority Rx first */
if ((ah->caps.hw_caps & ATH9K_HW_CAP_EDMA) &&
@@ -595,7 +595,7 @@ void ath9k_tasklet(unsigned long data)
ath_rx_tasklet(sc, 0, true);
ath_rx_tasklet(sc, 0, false);
- spin_unlock_bh(&sc->rx.rxflushlock);
+ spin_unlock_bh(&sc->rx.pcu_lock);
}
if (status & ATH9K_INT_TX) {
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -310,7 +310,7 @@ int ath_rx_init(struct ath_softc *sc, in
struct ath_buf *bf;
int error = 0;
- spin_lock_init(&sc->rx.rxflushlock);
+ spin_lock_init(&sc->rx.pcu_lock);
sc->sc_flags &= ~SC_OP_RXFLUSH;
spin_lock_init(&sc->rx.rxbuflock);
@@ -522,13 +522,13 @@ bool ath_stoprecv(struct ath_softc *sc)
void ath_flushrecv(struct ath_softc *sc)
{
- spin_lock_bh(&sc->rx.rxflushlock);
+ spin_lock_bh(&sc->rx.pcu_lock);
sc->sc_flags |= SC_OP_RXFLUSH;
if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA)
ath_rx_tasklet(sc, 1, true);
ath_rx_tasklet(sc, 1, false);
sc->sc_flags &= ~SC_OP_RXFLUSH;
- spin_unlock_bh(&sc->rx.rxflushlock);
+ spin_unlock_bh(&sc->rx.pcu_lock);
}
static bool ath_beacon_dtim_pending_cab(struct sk_buff *skb)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [030/289] ath9k: fix tx aggregation flush on AR9003
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (29 preceding siblings ...)
2010-12-08 0:56 ` [029/289] ath9k: rename rxflushlock to pcu_lock Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [031/289] ath9k: add locking for stopping RX Greg KH
` (255 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit e609e2ea2cdb3448e7849703179cd792a28dcc55 upstream.
Completing aggregate frames can lead to new buffers being pushed into
the tid queues due to software retransmission.
When the tx queues are being drained, all pending aggregates must be
completed before the tid queues get drained, otherwise buffers might be
leaked.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/xmit.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -1101,15 +1101,6 @@ void ath_draintxq(struct ath_softc *sc,
txq->axq_tx_inprogress = false;
spin_unlock_bh(&txq->axq_lock);
- /* flush any pending frames if aggregation is enabled */
- if (sc->sc_flags & SC_OP_TXAGGR) {
- if (!retry_tx) {
- spin_lock_bh(&txq->axq_lock);
- ath_txq_drain_pending_buffers(sc, txq);
- spin_unlock_bh(&txq->axq_lock);
- }
- }
-
if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA) {
spin_lock_bh(&txq->axq_lock);
while (!list_empty(&txq->txq_fifo_pending)) {
@@ -1130,6 +1121,15 @@ void ath_draintxq(struct ath_softc *sc,
}
spin_unlock_bh(&txq->axq_lock);
}
+
+ /* flush any pending frames if aggregation is enabled */
+ if (sc->sc_flags & SC_OP_TXAGGR) {
+ if (!retry_tx) {
+ spin_lock_bh(&txq->axq_lock);
+ ath_txq_drain_pending_buffers(sc, txq);
+ spin_unlock_bh(&txq->axq_lock);
+ }
+ }
}
void ath_drain_all_txq(struct ath_softc *sc, bool retry_tx)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [031/289] ath9k: add locking for stopping RX
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (30 preceding siblings ...)
2010-12-08 0:56 ` [030/289] ath9k: fix tx aggregation flush on AR9003 Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [032/289] ath9k: fix enabling ANI / tx monitor after bg scan Greg KH
` (254 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ben Greear, Kyungwan Nam,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 1e450285281bdf766272c181ecd43d4f2f0711ce upstream.
ath9k locks for starting RX but not for stopping RX. We could
potentially run into a situation where tried to stop RX
but immediately started RX. This allows for races on the
the RX engine deciding what buffer we last left off on
and could potentially cause ath9k to DMA into already
free'd memory or in the worst case at a later time to
already given memory to other drivers.
Fix this by locking stopping RX.
This is part of a series that will help resolve the bug:
https://bugzilla.kernel.org/show_bug.cgi?id=14624
For more details about this issue refer to:
http://marc.info/?l=linux-wireless&m=128629803703756&w=2
Cc: Ben Greear <greearb@candelatech.com>
Cc: Kyungwan Nam <kyungwan.nam@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/recv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -297,10 +297,8 @@ static void ath_edma_start_recv(struct a
static void ath_edma_stop_recv(struct ath_softc *sc)
{
- spin_lock_bh(&sc->rx.rxbuflock);
ath_rx_remove_buffer(sc, ATH9K_RX_QUEUE_HP);
ath_rx_remove_buffer(sc, ATH9K_RX_QUEUE_LP);
- spin_unlock_bh(&sc->rx.rxbuflock);
}
int ath_rx_init(struct ath_softc *sc, int nbufs)
@@ -508,6 +506,7 @@ bool ath_stoprecv(struct ath_softc *sc)
struct ath_hw *ah = sc->sc_ah;
bool stopped;
+ spin_lock_bh(&sc->rx.rxbuflock);
ath9k_hw_stoppcurecv(ah);
ath9k_hw_setrxfilter(ah, 0);
stopped = ath9k_hw_stopdmarecv(ah);
@@ -516,6 +515,7 @@ bool ath_stoprecv(struct ath_softc *sc)
ath_edma_stop_recv(sc);
else
sc->rx.rxlink = NULL;
+ spin_unlock_bh(&sc->rx.rxbuflock);
return stopped;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [032/289] ath9k: fix enabling ANI / tx monitor after bg scan
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (31 preceding siblings ...)
2010-12-08 0:56 ` [031/289] ath9k: add locking for stopping RX Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [033/289] ath9k_hw: Fix memory leak on ath9k_hw_rf_alloc_ext_banks failure Greg KH
` (253 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 48a6a468198aadb54bc5d3fdd065364d43ff5197 upstream.
ath9k's entire logic with SC_OP_SCANNING is incorrect due to the
way mac80211 currently implements the scan complete callback and
we handle it in ath9k. This patch removes the flag completely in
preference for the SC_OP_OFFCHANNEL which is really what we wanted.
The scanning flag was used to ensure we reset ANI to the old values
when we go back to the home channel, but if we are offchannel we
use some defaults. The flag was also used to re-enable the TX monitor.
Without this patch we simply never re-enabled ANI and the TX monitor
after going offchannel. This means that after one background
scan we are prone to noise issues and if we had a TX hang we would
not recover. To get this to work properly we must enable ANI after
we have configured the beacon timers, otherwise hardware acts really
oddly.
This patch has stable fixes which apply down to [2.6.36+], there
*may* be a to fix this on older kernels but requires a bit of
work since this patch relies on the new mac80211 flag
IEEE80211_CONF_OFFCHANNEL which was introduced as of 2.6.36.
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/ath9k.h | 1 -
drivers/net/wireless/ath/ath9k/main.c | 10 +++-------
drivers/net/wireless/ath/ath9k/recv.c | 4 ++--
3 files changed, 5 insertions(+), 10 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
@@ -516,7 +516,6 @@ void ath_deinit_leds(struct ath_softc *s
#define SC_OP_RXFLUSH BIT(7)
#define SC_OP_LED_ASSOCIATED BIT(8)
#define SC_OP_LED_ON BIT(9)
-#define SC_OP_SCANNING BIT(10)
#define SC_OP_TSF_RESET BIT(11)
#define SC_OP_BT_PRIORITY_DETECTED BIT(12)
#define SC_OP_BT_SCAN BIT(13)
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -254,14 +254,12 @@ int ath_set_channel(struct ath_softc *sc
ath_update_txpow(sc);
ath9k_hw_set_interrupts(ah, ah->imask);
- if (!(sc->sc_flags & (SC_OP_OFFCHANNEL | SC_OP_SCANNING))) {
- ath_start_ani(common);
+ if (!(sc->sc_flags & (SC_OP_OFFCHANNEL))) {
+ ath_beacon_config(sc, NULL);
ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work, 0);
+ ath_start_ani(common);
}
- if (!(sc->sc_flags & (SC_OP_OFFCHANNEL)))
- ath_beacon_config(sc, NULL);
-
ps_restore:
ath9k_ps_restore(sc);
return r;
@@ -2040,7 +2038,6 @@ static void ath9k_sw_scan_start(struct i
aphy->state = ATH_WIPHY_SCAN;
ath9k_wiphy_pause_all_forced(sc, aphy);
- sc->sc_flags |= SC_OP_SCANNING;
mutex_unlock(&sc->mutex);
}
@@ -2055,7 +2052,6 @@ static void ath9k_sw_scan_complete(struc
mutex_lock(&sc->mutex);
aphy->state = ATH_WIPHY_ACTIVE;
- sc->sc_flags &= ~SC_OP_SCANNING;
mutex_unlock(&sc->mutex);
}
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -292,7 +292,7 @@ static void ath_edma_start_recv(struct a
ath_opmode_init(sc);
- ath9k_hw_startpcureceive(sc->sc_ah, (sc->sc_flags & SC_OP_SCANNING));
+ ath9k_hw_startpcureceive(sc->sc_ah, (sc->sc_flags & SC_OP_OFFCHANNEL));
}
static void ath_edma_stop_recv(struct ath_softc *sc)
@@ -496,7 +496,7 @@ int ath_startrecv(struct ath_softc *sc)
start_recv:
spin_unlock_bh(&sc->rx.rxbuflock);
ath_opmode_init(sc);
- ath9k_hw_startpcureceive(ah, (sc->sc_flags & SC_OP_SCANNING));
+ ath9k_hw_startpcureceive(ah, (sc->sc_flags & SC_OP_OFFCHANNEL));
return 0;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [033/289] ath9k_hw: Fix memory leak on ath9k_hw_rf_alloc_ext_banks failure
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (32 preceding siblings ...)
2010-12-08 0:56 ` [032/289] ath9k: fix enabling ANI / tx monitor after bg scan Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [034/289] ath9k_hw: Fix AR9280 surprise removal during frequent idle on/off Greg KH
` (252 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rajkumar Manoharan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rajkumar Manoharan <rmanoharan@atheros.com>
commit 48a7c3df14d0cda850337a9b3f9e667a0b12a996 upstream.
The allocated externel radio banks have to be freed in
case of ath9k_hw_rf_alloc_ext_banks failure.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/hw.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -486,6 +486,7 @@ static int ath9k_hw_post_init(struct ath
ath_print(ath9k_hw_common(ah), ATH_DBG_FATAL,
"Failed allocating banks for "
"external radio\n");
+ ath9k_hw_rf_free_ext_banks(ah);
return ecode;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [034/289] ath9k_hw: Fix AR9280 surprise removal during frequent idle on/off
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (33 preceding siblings ...)
2010-12-08 0:56 ` [033/289] ath9k_hw: Fix memory leak on ath9k_hw_rf_alloc_ext_banks failure Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [035/289] ath9k_htc: Avoid setting QoS control for non-QoS frames Greg KH
` (251 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, kyungwan.nam, amod.bodas,
david.quan, Vasanthakumar Thiagarajan, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Vasanthakumar Thiagarajan <vasanth@atheros.com>
commit f119da3015712dc32bdf1c311652479e02dcb49a upstream.
Bit 22 of AR_WA should be set to fix the situation where chip reset
is asynchronous to clock of analog shift registers, such that when
reset is released, it could mess up the values of analog shift registers
and cause some hw issue on AR9280.
This bit is write only, but the driver does a read-modify-write
on AR_WA without setting bit 22 in ar9002_hw_configpcipowersave()
during radio disable. This causes surprise removal of hw. It can
never recover from this state and the hw will become usable only
after a power on/off cycle, and sometimes only during a cold reboot.
This issue can be triggered by doing frequent roaming with the
simple/test-roam script available from the wifi-test project [1]
when roaming between APs quickly. When roaming there is a is a high
possibility that the device being put into idle (radio disable) state
by mac80211 during AUTH->ASSOC. A device hardware reset would fail
and the kernel would output:
[40251.363799] ath: AWAKE -> FULL-SLEEP
[40251.363815] ieee80211 phy17: device no longer idle - working
[40251.363817] ath: Marking phy17 as not-idle
[40251.363819] ath: FULL-SLEEP -> AWAKE
[40251.415978] pciehp 0000:00:1c.3:pcie04: Card not present on Slot(3)
[40251.419896] ath: ah->misc_mode 0x4
[40251.428138] pciehp 0000:00:1c.3:pcie04: Card present on Slot(3)
[40251.532247] ath: timeout (100000 us) on reg 0x9860: 0xffffffff & 0x00000001 != 0x00000000
[40251.532250] ath: Unable to reset channel (2462 MHz), reset status -5
[40251.532422] ath: Set channel: 5745 MHz
[40251.540639] ath: Failed to stop TX DMA in 100 msec after killing last frame
[40251.548826] ath: Failed to stop TX DMA in 100 msec after killing last frame
[40251.557023] ath: Failed to stop TX DMA in 100 msec after killing last frame
[40251.565211] ath: Failed to stop TX DMA in 100 msec after killing last frame
[40251.573415] ath: Failed to stop TX DMA in 100 msec after killing last frame
[40251.581603] ath: Failed to stop TX DMA in 100 msec after killing last frame
[40251.581606] ath: Failed to stop TX DMA. Resetting hardware!
[40251.592679] ath: DMA failed to stop in 10 ms AR_CR=0xffffffff AR_DIAG_SW=0xffffffff
[40251.703330] ath: timeout (100000 us) on reg 0x7000: 0xffffffff & 0x00000003 != 0x00000000
[40251.703333] ath: RTC stuck in MAC reset
[40251.703334] ath: Chip reset failed
[40251.703335] ath: Unable to reset hardware; reset status -22
This is currently only reproducible with some HB92 (Half Mini-PCIE)
cards but the fix applies to all AR9280 cards. This patch fixes this
issue by setting bit 22 during radio disable.
This patch has fixes for all kernels that has ath9k.
[1] http://wireless.kernel.org/en/developers/Testing/wifi-test
Cc: kyungwan.nam@atheros.com
Cc: amod.bodas@atheros.com
Cc: david.quan@atheros.com
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/ar9002_hw.c | 3 +++
drivers/net/wireless/ath/ath9k/reg.h | 1 +
2 files changed, 4 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/ar9002_hw.c
+++ b/drivers/net/wireless/ath/ath9k/ar9002_hw.c
@@ -411,6 +411,9 @@ static void ar9002_hw_configpcipowersave
val &= ~(AR_WA_BIT6 | AR_WA_BIT7);
}
+ if (AR_SREV_9280(ah))
+ val |= AR_WA_BIT22;
+
if (AR_SREV_9285E_20(ah))
val |= AR_WA_BIT23;
--- a/drivers/net/wireless/ath/ath9k/reg.h
+++ b/drivers/net/wireless/ath/ath9k/reg.h
@@ -709,6 +709,7 @@
#define AR_WA_RESET_EN (1 << 18) /* Sw Control to enable PCI-Reset to POR (bit 15) */
#define AR_WA_ANALOG_SHIFT (1 << 20)
#define AR_WA_POR_SHORT (1 << 21) /* PCI-E Phy reset control */
+#define AR_WA_BIT22 (1 << 22)
#define AR9285_WA_DEFAULT 0x004a050b
#define AR9280_WA_DEFAULT 0x0040073b
#define AR_WA_DEFAULT 0x0000073f
^ permalink raw reply [flat|nested] 288+ messages in thread
* [035/289] ath9k_htc: Avoid setting QoS control for non-QoS frames
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (34 preceding siblings ...)
2010-12-08 0:56 ` [034/289] ath9k_hw: Fix AR9280 surprise removal during frequent idle on/off Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [036/289] ath9k: add locking for starting the PCU on RX Greg KH
` (250 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rajkumar Manoharan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rajkumar Manoharan <rmanoharan@atheros.com>
commit 3bf30b56c4f0a1c4fae34050b7db4527c92891e8 upstream.
Setting tid information in the TX header is required only for QoS
frames. Not handling this case causes severe data loss with some APs.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
@@ -121,7 +121,7 @@ int ath9k_htc_tx_start(struct ath9k_htc_
tx_hdr.data_type = ATH9K_HTC_NORMAL;
}
- if (ieee80211_is_data(fc)) {
+ if (ieee80211_is_data_qos(fc)) {
qc = ieee80211_get_qos_ctl(hdr);
tx_hdr.tidno = qc[0] & IEEE80211_QOS_CTL_TID_MASK;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [036/289] ath9k: add locking for starting the PCU on RX
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (35 preceding siblings ...)
2010-12-08 0:56 ` [035/289] ath9k_htc: Avoid setting QoS control for non-QoS frames Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [037/289] ath9k_hw: Set proper eeprom offset for AR9287 HTC devices Greg KH
` (249 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ben Greear, Kyungwan Nam,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 7583c550c3e635dcc61ab127c36ecefd59fb8dc8 upstream.
There was some locking for starting some parts of
RX but not for starting the PCU. Include this otherwise
we can content against stopping the PCU.
This can potentially lead to races against different
buffers on the PCU which can lead to to the DMA RX
engine writing to buffers which are already freed.
This is part of a series that will help resolve the bug:
https://bugzilla.kernel.org/show_bug.cgi?id=14624
For more details about this issue refer to:
http://marc.info/?l=linux-wireless&m=128629803703756&w=2
Cc: Ben Greear <greearb@candelatech.com>
Cc: Kyungwan Nam <kyungwan.nam@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
index e581b1f..b3c9baf 100644
---
drivers/net/wireless/ath/ath9k/recv.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -288,11 +288,11 @@ static void ath_edma_start_recv(struct a
ath_rx_addbuffer_edma(sc, ATH9K_RX_QUEUE_LP,
sc->rx.rx_edma[ATH9K_RX_QUEUE_LP].rx_fifo_hwsize);
- spin_unlock_bh(&sc->rx.rxbuflock);
-
ath_opmode_init(sc);
ath9k_hw_startpcureceive(sc->sc_ah, (sc->sc_flags & SC_OP_OFFCHANNEL));
+
+ spin_unlock_bh(&sc->rx.rxbuflock);
}
static void ath_edma_stop_recv(struct ath_softc *sc)
@@ -494,10 +494,11 @@ int ath_startrecv(struct ath_softc *sc)
ath9k_hw_rxena(ah);
start_recv:
- spin_unlock_bh(&sc->rx.rxbuflock);
ath_opmode_init(sc);
ath9k_hw_startpcureceive(ah, (sc->sc_flags & SC_OP_OFFCHANNEL));
+ spin_unlock_bh(&sc->rx.rxbuflock);
+
return 0;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [037/289] ath9k_hw: Set proper eeprom offset for AR9287 HTC devices
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (36 preceding siblings ...)
2010-12-08 0:56 ` [036/289] ath9k: add locking for starting the PCU on RX Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [038/289] ath9k_htc: Add new devices into AR7010 Greg KH
` (248 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rajkumar Manoharan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rajkumar Manoharan <rmanoharan@atheros.com>
commit b5261cf4f3860bd772346a3e692683b6144dd44c upstream.
AR9287 based PCI & USB devices are differed in eeprom start offset.
So set proper the offset for HTC devices to read nvram correctly.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/eeprom_9287.c | 2 +-
drivers/net/wireless/ath/ath9k/reg.h | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/eeprom_9287.c
+++ b/drivers/net/wireless/ath/ath9k/eeprom_9287.c
@@ -37,7 +37,7 @@ static bool ath9k_hw_ar9287_fill_eeprom(
int addr, eep_start_loc;
eep_data = (u16 *)eep;
- if (ah->hw_version.devid == 0x7015)
+ if (AR9287_HTC_DEVID(ah))
eep_start_loc = AR9287_HTC_EEP_START_LOC;
else
eep_start_loc = AR9287_EEP_START_LOC;
--- a/drivers/net/wireless/ath/ath9k/reg.h
+++ b/drivers/net/wireless/ath/ath9k/reg.h
@@ -903,6 +903,10 @@
((_ah)->hw_version.devid == 0x7015) || \
((_ah)->hw_version.devid == 0x9018))
+#define AR9287_HTC_DEVID(_ah) \
+ (((_ah)->hw_version.devid == 0x7015) || \
+ ((_ah)->hw_version.devid == 0x1200))
+
#define AR_RADIO_SREV_MAJOR 0xf0
#define AR_RAD5133_SREV_MAJOR 0xc0
#define AR_RAD2133_SREV_MAJOR 0xd0
^ permalink raw reply [flat|nested] 288+ messages in thread
* [038/289] ath9k_htc: Add new devices into AR7010
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (37 preceding siblings ...)
2010-12-08 0:56 ` [037/289] ath9k_hw: Set proper eeprom offset for AR9287 HTC devices Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [039/289] ath9k_htc: Add support for device ID 3346 Greg KH
` (247 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rajkumar Manoharan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rajkumar Manoharan <rmanoharan@atheros.com>
commit 7cbf2611dac8d5f76fe64795a9426b8c97e6c3f8 upstream.
Treat new PIDs (0xA704, 0x1200) as AR7010 devices.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 4 ++++
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 2 ++
drivers/net/wireless/ath/ath9k/reg.h | 4 +++-
3 files changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -803,6 +803,8 @@ static int ath9k_hif_usb_download_fw(str
case 0x7010:
case 0x7015:
case 0x9018:
+ case 0xA704:
+ case 0x1200:
firm_offset = AR7010_FIRMWARE_TEXT;
break;
default:
@@ -909,6 +911,8 @@ static int ath9k_hif_usb_probe(struct us
case 0x7010:
case 0x7015:
case 0x9018:
+ case 0xA704:
+ case 0x1200:
if (le16_to_cpu(udev->descriptor.bcdDevice) == 0x0202)
hif_dev->fw_name = FIRMWARE_AR7010_1_1;
else
--- a/drivers/net/wireless/ath/ath9k/htc_drv_init.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
@@ -247,6 +247,8 @@ static int ath9k_init_htc_services(struc
case 0x7010:
case 0x7015:
case 0x9018:
+ case 0xA704:
+ case 0x1200:
priv->htc->credits = 45;
break;
default:
--- a/drivers/net/wireless/ath/ath9k/reg.h
+++ b/drivers/net/wireless/ath/ath9k/reg.h
@@ -901,7 +901,9 @@
#define AR_DEVID_7010(_ah) \
(((_ah)->hw_version.devid == 0x7010) || \
((_ah)->hw_version.devid == 0x7015) || \
- ((_ah)->hw_version.devid == 0x9018))
+ ((_ah)->hw_version.devid == 0x9018) || \
+ ((_ah)->hw_version.devid == 0xA704) || \
+ ((_ah)->hw_version.devid == 0x1200))
#define AR9287_HTC_DEVID(_ah) \
(((_ah)->hw_version.devid == 0x7015) || \
^ permalink raw reply [flat|nested] 288+ messages in thread
* [039/289] ath9k_htc: Add support for device ID 3346
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (38 preceding siblings ...)
2010-12-08 0:56 ` [038/289] ath9k_htc: Add new devices into AR7010 Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [040/289] ath9k_htc: Update usb device ID list Greg KH
` (246 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Haitao Zhang, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Haitao Zhang <minipanda@linuxrobot.org>
commit ac618d70aeb681df7b77c1107fdf26f3249f855f upstream.
This patch adds support for USB dongle with device ID 3346 from IMC Networks.
Signed-off-by: Haitao Zhang <minipanda@linuxrobot.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -35,6 +35,7 @@ static struct usb_device_id ath9k_hif_us
{ USB_DEVICE(0x07D1, 0x3A10) }, /* Dlink Wireless 150 */
{ USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */
{ USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */
+ { USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */
{ USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */
{ USB_DEVICE(0x083A, 0xA704) }, /* SMC Networks */
{ },
^ permalink raw reply [flat|nested] 288+ messages in thread
* [040/289] ath9k_htc: Update usb device ID list
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (39 preceding siblings ...)
2010-12-08 0:56 ` [039/289] ath9k_htc: Add support for device ID 3346 Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [041/289] ath9k: lock reset and PCU start/stopping Greg KH
` (245 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rajkumar Manoharan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rajkumar Manoharan <rmanoharan@atheros.com>
commit 32b089558c54792028f14ae830ca7c0a8d9ac9a3 upstream.
Added new VID/PIDs into supported devices list
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -36,8 +36,13 @@ static struct usb_device_id ath9k_hif_us
{ USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */
{ USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */
{ USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */
+ { USB_DEVICE(0x13D3, 0x3348) }, /* Azurewave */
+ { USB_DEVICE(0x13D3, 0x3349) }, /* Azurewave */
+ { USB_DEVICE(0x13D3, 0x3350) }, /* Azurewave */
{ USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */
{ USB_DEVICE(0x083A, 0xA704) }, /* SMC Networks */
+ { USB_DEVICE(0x040D, 0x3801) }, /* VIA */
+ { USB_DEVICE(0x1668, 0x1200) }, /* Verizon */
{ },
};
^ permalink raw reply [flat|nested] 288+ messages in thread
* [041/289] ath9k: lock reset and PCU start/stopping
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (40 preceding siblings ...)
2010-12-08 0:56 ` [040/289] ath9k_htc: Update usb device ID list Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [042/289] cfg80211: fix BSS double-unlinking Greg KH
` (244 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ben Greear, Kyungwan Nam,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 5e848f789d60000d39d9a5f26ab02dbdd963f6cd upstream.
Apart from locking the start and stop PCU we need
to ensure we also content starting and stopping the PCU
between hardware resets.
This is part of a series that will help resolve the bug:
https://bugzilla.kernel.org/show_bug.cgi?id=14624
For more details about this issue refer to:
http://marc.info/?l=linux-wireless&m=128629803703756&w=2
Cc: Ben Greear <greearb@candelatech.com>
Cc: Kyungwan Nam <kyungwan.nam@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/main.c | 27 +++++++++++++++++++++++++++
drivers/net/wireless/ath/ath9k/recv.c | 2 --
2 files changed, 27 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -213,6 +213,9 @@ int ath_set_channel(struct ath_softc *sc
*/
ath9k_hw_set_interrupts(ah, 0);
ath_drain_all_txq(sc, false);
+
+ spin_lock_bh(&sc->rx.pcu_lock);
+
stopped = ath_stoprecv(sc);
/* XXX: do not flush receive queue here. We don't want
@@ -239,6 +242,7 @@ int ath_set_channel(struct ath_softc *sc
"reset status %d\n",
channel->center_freq, r);
spin_unlock_bh(&sc->sc_resetlock);
+ spin_unlock_bh(&sc->rx.pcu_lock);
goto ps_restore;
}
spin_unlock_bh(&sc->sc_resetlock);
@@ -247,9 +251,12 @@ int ath_set_channel(struct ath_softc *sc
ath_print(common, ATH_DBG_FATAL,
"Unable to restart recv logic\n");
r = -EIO;
+ spin_unlock_bh(&sc->rx.pcu_lock);
goto ps_restore;
}
+ spin_unlock_bh(&sc->rx.pcu_lock);
+
ath_cache_conf_rate(sc, &hw->conf);
ath_update_txpow(sc);
ath9k_hw_set_interrupts(ah, ah->imask);
@@ -840,6 +847,7 @@ void ath_radio_enable(struct ath_softc *
if (!ah->curchan)
ah->curchan = ath_get_curchannel(sc, sc->hw);
+ spin_lock_bh(&sc->rx.pcu_lock);
spin_lock_bh(&sc->sc_resetlock);
r = ath9k_hw_reset(ah, ah->curchan, ah->caldata, false);
if (r) {
@@ -854,8 +862,10 @@ void ath_radio_enable(struct ath_softc *
if (ath_startrecv(sc) != 0) {
ath_print(common, ATH_DBG_FATAL,
"Unable to restart recv logic\n");
+ spin_unlock_bh(&sc->rx.pcu_lock);
return;
}
+ spin_unlock_bh(&sc->rx.pcu_lock);
if (sc->sc_flags & SC_OP_BEACONS)
ath_beacon_config(sc, NULL); /* restart beacons */
@@ -894,6 +904,9 @@ void ath_radio_disable(struct ath_softc
ath9k_hw_set_interrupts(ah, 0);
ath_drain_all_txq(sc, false); /* clear pending tx frames */
+
+ spin_lock_bh(&sc->rx.pcu_lock);
+
ath_stoprecv(sc); /* turn off frame recv */
ath_flushrecv(sc); /* flush recv queue */
@@ -911,6 +924,9 @@ void ath_radio_disable(struct ath_softc
spin_unlock_bh(&sc->sc_resetlock);
ath9k_hw_phy_disable(ah);
+
+ spin_unlock_bh(&sc->rx.pcu_lock);
+
ath9k_hw_configpcipowersave(ah, 1, 1);
ath9k_ps_restore(sc);
ath9k_setpower(sc, ATH9K_PM_FULL_SLEEP);
@@ -930,6 +946,9 @@ int ath_reset(struct ath_softc *sc, bool
ath9k_hw_set_interrupts(ah, 0);
ath_drain_all_txq(sc, retry_tx);
+
+ spin_lock_bh(&sc->rx.pcu_lock);
+
ath_stoprecv(sc);
ath_flushrecv(sc);
@@ -944,6 +963,8 @@ int ath_reset(struct ath_softc *sc, bool
ath_print(common, ATH_DBG_FATAL,
"Unable to start recv logic\n");
+ spin_unlock_bh(&sc->rx.pcu_lock);
+
/*
* We may be doing a reset in response to a request
* that changes the channel so update any state that
@@ -1108,6 +1129,7 @@ static int ath9k_start(struct ieee80211_
* be followed by initialization of the appropriate bits
* and then setup of the interrupt mask.
*/
+ spin_lock_bh(&sc->rx.pcu_lock);
spin_lock_bh(&sc->sc_resetlock);
r = ath9k_hw_reset(ah, init_channel, ah->caldata, false);
if (r) {
@@ -1116,6 +1138,7 @@ static int ath9k_start(struct ieee80211_
"(freq %u MHz)\n", r,
curchan->center_freq);
spin_unlock_bh(&sc->sc_resetlock);
+ spin_unlock_bh(&sc->rx.pcu_lock);
goto mutex_unlock;
}
spin_unlock_bh(&sc->sc_resetlock);
@@ -1137,8 +1160,10 @@ static int ath9k_start(struct ieee80211_
ath_print(common, ATH_DBG_FATAL,
"Unable to start recv logic\n");
r = -EIO;
+ spin_unlock_bh(&sc->rx.pcu_lock);
goto mutex_unlock;
}
+ spin_unlock_bh(&sc->rx.pcu_lock);
/* Setup our intr mask. */
ah->imask = ATH9K_INT_TX | ATH9K_INT_RXEOL |
@@ -1340,12 +1365,14 @@ static void ath9k_stop(struct ieee80211_
* before setting the invalid flag. */
ath9k_hw_set_interrupts(ah, 0);
+ spin_lock_bh(&sc->rx.pcu_lock);
if (!(sc->sc_flags & SC_OP_INVALID)) {
ath_drain_all_txq(sc, false);
ath_stoprecv(sc);
ath9k_hw_phy_disable(ah);
} else
sc->rx.rxlink = NULL;
+ spin_unlock_bh(&sc->rx.pcu_lock);
/* disable HAL and put h/w to sleep */
ath9k_hw_disable(ah);
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -523,13 +523,11 @@ bool ath_stoprecv(struct ath_softc *sc)
void ath_flushrecv(struct ath_softc *sc)
{
- spin_lock_bh(&sc->rx.pcu_lock);
sc->sc_flags |= SC_OP_RXFLUSH;
if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA)
ath_rx_tasklet(sc, 1, true);
ath_rx_tasklet(sc, 1, false);
sc->sc_flags &= ~SC_OP_RXFLUSH;
- spin_unlock_bh(&sc->rx.pcu_lock);
}
static bool ath_beacon_dtim_pending_cab(struct sk_buff *skb)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [042/289] cfg80211: fix BSS double-unlinking
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (41 preceding siblings ...)
2010-12-08 0:56 ` [041/289] ath9k: lock reset and PCU start/stopping Greg KH
@ 2010-12-08 0:56 ` Greg KH
2010-12-08 0:57 ` [043/289] cfg80211: fix locking Greg KH
` (243 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Johannes Berg, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 3207390a8b58bfc1335750f91cf6783c48ca19ca upstream.
When multiple interfaces are actively trying
to associate with the same BSS, they may both
find that the BSS isn't there and then try to
unlink it. This can cause errors since the
unlinking code can't currently deal with items
that have already been unlinked.
Normally this doesn't happen as most people
don't try to use multiple station interfaces
that associate at the same time too.
Fix this by using the list entry as a flag to
see if the item is still on a list.
Reported-by: Ben Greear <greearb@candelatech.com>
Tested-by: Hun-Kyi Wynn <hkwynn@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/wireless/scan.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -650,14 +650,14 @@ void cfg80211_unlink_bss(struct wiphy *w
bss = container_of(pub, struct cfg80211_internal_bss, pub);
spin_lock_bh(&dev->bss_lock);
+ if (!list_empty(&bss->list)) {
+ list_del_init(&bss->list);
+ dev->bss_generation++;
+ rb_erase(&bss->rbn, &dev->bss_tree);
- list_del(&bss->list);
- dev->bss_generation++;
- rb_erase(&bss->rbn, &dev->bss_tree);
-
+ kref_put(&bss->ref, bss_release);
+ }
spin_unlock_bh(&dev->bss_lock);
-
- kref_put(&bss->ref, bss_release);
}
EXPORT_SYMBOL(cfg80211_unlink_bss);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [043/289] cfg80211: fix locking
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (42 preceding siblings ...)
2010-12-08 0:56 ` [042/289] cfg80211: fix BSS double-unlinking Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [044/289] cfg80211: fix regression on processing country IEs Greg KH
` (242 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Johannes Berg, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 2234362c427e2ef667595b9b81c0125003ac5607 upstream.
Add missing unlocking of the wiphy in set_channel,
and don't try to unlock a non-existing wiphy in
set_cqm.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/wireless/nl80211.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -761,11 +761,13 @@ static int nl80211_set_channel(struct sk
result = get_rdev_dev_by_info_ifindex(info, &rdev, &netdev);
if (result)
- goto unlock;
+ goto unlock_rtnl;
result = __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
- unlock:
+ dev_put(netdev);
+ cfg80211_unlock_rdev(rdev);
+ unlock_rtnl:
rtnl_unlock();
return result;
@@ -4996,7 +4998,7 @@ static int nl80211_set_cqm_rssi(struct g
err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
if (err)
- goto unlock_rdev;
+ goto unlock_rtnl;
wdev = dev->ieee80211_ptr;
@@ -5013,9 +5015,10 @@ static int nl80211_set_cqm_rssi(struct g
err = rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
threshold, hysteresis);
-unlock_rdev:
+ unlock_rdev:
cfg80211_unlock_rdev(rdev);
dev_put(dev);
+ unlock_rtnl:
rtnl_unlock();
return err;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [044/289] cfg80211: fix regression on processing country IEs
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (43 preceding siblings ...)
2010-12-08 0:57 ` [043/289] cfg80211: fix locking Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [045/289] mac80211: minstrel_ht A-MPDU fix Greg KH
` (241 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit a171fba491f54216e356efa46096171a7ed01d10 upstream.
The patch 4f366c5:
wireless: only use alpha2 regulatory information from country IE
removed some complex intersection we were always doing between the AP's
country IE info and what we got from CRDA. When CRDA sent us back a
regulatory domain we would do some sanity checks on that regulatory
domain response we just got. Part of these sanity checks included
checking that we already had performed an intersection for the
request of NL80211_REGDOM_SET_BY_COUNTRY_IE type.
This mean that cfg80211 was only processing country IEs for cases
where we already had an intersection, but since we removed enforcing
this this is no longer required, we should just apply the country
IE country hint with the data received from CRDA.
This patch has fixes intended for kernels >= 2.6.36.
Reported-by: Easwar Krishnan <easwar.krishnan@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/wireless/reg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1170,7 +1170,7 @@ static int ignore_request(struct wiphy *
return 0;
return -EALREADY;
}
- return REG_INTERSECT;
+ return 0;
case NL80211_REGDOM_SET_BY_DRIVER:
if (last_request->initiator == NL80211_REGDOM_SET_BY_CORE) {
if (regdom_changes(pending_request->alpha2))
^ permalink raw reply [flat|nested] 288+ messages in thread
* [045/289] mac80211: minstrel_ht A-MPDU fix
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (44 preceding siblings ...)
2010-12-08 0:57 ` [044/289] cfg80211: fix regression on processing country IEs Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [046/289] mac80211: fix possible null-pointer de-reference Greg KH
` (240 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Björn Smedman,
Felix Fietkau, John W. Linville
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2215 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Bj=C3=B6rn=20Smedman?= <bjorn.smedman@venatech.se>
commit 15d46f38df87f89242e470f5797120fa384c1fc3 upstream.
This patch fixes two problems with the minstrel_ht rate control
algorithms handling of A-MPDU frames:
1. The ampdu_len field of the tx status is not always initialized for
non-HT frames (and it would probably be unreasonable to require all
drivers to do so). This could cause rate control statistics to be
corrupted. We now trust the ampdu_len and ampdu_ack_len fields only when
the frame is marked with the IEEE80211_TX_STAT_AMPDU flag.
2. Successful transmission attempts where only recognized when the A-MPDU
subframe carrying the rate control status information was marked with the
IEEE80211_TX_STAT_ACK flag. If this information happed to be carried on a
frame that failed to be ACKed then the other subframes (which may have
succeeded) where not correctly registered. We now update rate control
statistics regardless of whether the subframe carrying the information was
ACKed or not.
Signed-off-by: Björn Smedman <bjorn.smedman@venatech.se>
Acked-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/rc80211_minstrel_ht.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -397,8 +397,9 @@ minstrel_ht_tx_status(void *priv, struct
!(info->flags & IEEE80211_TX_STAT_AMPDU))
return;
- if (!info->status.ampdu_len) {
- info->status.ampdu_ack_len = 1;
+ if (!(info->flags & IEEE80211_TX_STAT_AMPDU)) {
+ info->status.ampdu_ack_len =
+ (info->flags & IEEE80211_TX_STAT_ACK ? 1 : 0);
info->status.ampdu_len = 1;
}
@@ -426,7 +427,7 @@ minstrel_ht_tx_status(void *priv, struct
group = minstrel_ht_get_group_idx(&ar[i]);
rate = &mi->groups[group].rates[ar[i].idx % 8];
- if (last && (info->flags & IEEE80211_TX_STAT_ACK))
+ if (last)
rate->success += info->status.ampdu_ack_len;
rate->attempts += ar[i].count * info->status.ampdu_len;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [046/289] mac80211: fix possible null-pointer de-reference
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (45 preceding siblings ...)
2010-12-08 0:57 ` [045/289] mac80211: minstrel_ht A-MPDU fix Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [047/289] mac80211: fix channel assumption for association done work Greg KH
` (239 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Johannes Berg,
Christian Lamparter, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Christian Lamparter <chunkeey@googlemail.com>
commit d12c74528e3065c90df70fbc06ec6ffd6e804738 upstream.
This patch not only fixes a null-pointer de-reference
that would be triggered by a PLINK_OPEN frame with mis-
matching/incompatible mesh configuration, but also
responds correctly to non-compatible PLINK_OPEN frames
by generating a PLINK_CLOSE with the right reason code.
The original bug was detected by smatch.
( http://repo.or.cz/w/smatch.git )
net/mac80211/mesh_plink.c +574 mesh_rx_plink_frame(168)
error: we previously assumed 'sta' could be null.
Reviewed-and-Tested-by: Steve deRosier <steve@cozybit.com>
Reviewed-and-Tested-by: Javier Cardona <javier@cozybit.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/mesh_plink.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -412,7 +412,7 @@ void mesh_rx_plink_frame(struct ieee8021
enum plink_event event;
enum plink_frame_type ftype;
size_t baselen;
- bool deactivated;
+ bool deactivated, matches_local = true;
u8 ie_len;
u8 *baseaddr;
__le16 plid, llid, reason;
@@ -487,6 +487,7 @@ void mesh_rx_plink_frame(struct ieee8021
/* Now we will figure out the appropriate event... */
event = PLINK_UNDEFINED;
if (ftype != PLINK_CLOSE && (!mesh_matches_local(&elems, sdata))) {
+ matches_local = false;
switch (ftype) {
case PLINK_OPEN:
event = OPN_RJCT;
@@ -498,7 +499,15 @@ void mesh_rx_plink_frame(struct ieee8021
/* avoid warning */
break;
}
- spin_lock_bh(&sta->lock);
+ }
+
+ if (!sta && !matches_local) {
+ rcu_read_unlock();
+ reason = cpu_to_le16(MESH_CAPABILITY_POLICY_VIOLATION);
+ llid = 0;
+ mesh_plink_frame_tx(sdata, PLINK_CLOSE, mgmt->sa, llid,
+ plid, reason);
+ return;
} else if (!sta) {
/* ftype == PLINK_OPEN */
u32 rates;
@@ -522,7 +531,7 @@ void mesh_rx_plink_frame(struct ieee8021
}
event = OPN_ACPT;
spin_lock_bh(&sta->lock);
- } else {
+ } else if (matches_local) {
spin_lock_bh(&sta->lock);
switch (ftype) {
case PLINK_OPEN:
@@ -564,6 +573,8 @@ void mesh_rx_plink_frame(struct ieee8021
rcu_read_unlock();
return;
}
+ } else {
+ spin_lock_bh(&sta->lock);
}
mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n",
^ permalink raw reply [flat|nested] 288+ messages in thread
* [047/289] mac80211: fix channel assumption for association done work
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (46 preceding siblings ...)
2010-12-08 0:57 ` [046/289] mac80211: fix possible null-pointer de-reference Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [048/289] mac80211: fix offchannel assumption upon association Greg KH
` (238 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit e7480bbb926c5816e4fbfca70748096bbe0e4978 upstream.
Be consistent and use the wk->chan instead of the
local->hw.conf.channel for the association done work.
This prevents any possible races against channel changes
while we run this work.
In the case that the race did happen we would be initializing
the bit rates for the new AP under the assumption of a wrong
channel and in the worst case, wrong band. This could lead
to trying to assuming we could use CCK frames on 5 GHz, for
example.
This patch has a fix for kernels >= v2.6.34
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/mlme.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1262,7 +1262,7 @@ static bool ieee80211_assoc_success(stru
rates = 0;
basic_rates = 0;
- sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
+ sband = local->hw.wiphy->bands[wk->chan->band];
for (i = 0; i < elems.supp_rates_len; i++) {
int rate = (elems.supp_rates[i] & 0x7f) * 5;
@@ -1298,11 +1298,11 @@ static bool ieee80211_assoc_success(stru
}
}
- sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
+ sta->sta.supp_rates[wk->chan->band] = rates;
sdata->vif.bss_conf.basic_rates = basic_rates;
/* cf. IEEE 802.11 9.2.12 */
- if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
+ if (wk->chan->band == IEEE80211_BAND_2GHZ &&
have_higher_than_11mbit)
sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
else
^ permalink raw reply [flat|nested] 288+ messages in thread
* [048/289] mac80211: fix offchannel assumption upon association
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (47 preceding siblings ...)
2010-12-08 0:57 ` [047/289] mac80211: fix channel assumption for association done work Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [049/289] mac80211: Fix signal strength average initialization for CQM events Greg KH
` (237 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Amod Bodas,
Vasanth Thiagarajan, Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 8d4780eb1ece4e8109b4f6b2e5e61f7fc593c3f4 upstream.
Association is dealt with as an atomic offchannel operation,
we do this because we don't know we are associated until we
get the associatin response from the AP. When we do get the
associatin response though we were never clearing the offchannel
state. This has a few implications, we told drivers we were
still offchannel, and the first configured TX power for the
channel does not take into account any power constraints.
For ath9k this meant ANI calibration would not start upon
association, and we'd have to wait until the first bgscan
to be triggered. There may be other issues this resolves
but I'm too lazy to comb the code to check.
Cc: Amod Bodas <amod.bodas@atheros.com>
Cc: Vasanth Thiagarajan <vasanth.thiagarajan@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -108,7 +108,8 @@ int ieee80211_hw_config(struct ieee80211
chan = scan_chan;
channel_type = NL80211_CHAN_NO_HT;
local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
- } else if (local->tmp_channel) {
+ } else if (local->tmp_channel &&
+ local->oper_channel != local->tmp_channel) {
chan = scan_chan = local->tmp_channel;
channel_type = local->tmp_channel_type;
local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [049/289] mac80211: Fix signal strength average initialization for CQM events
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (48 preceding siblings ...)
2010-12-08 0:57 ` [048/289] mac80211: fix offchannel assumption upon association Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [050/289] mac80211: reset connection idle when going offchannel Greg KH
` (236 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jouni Malinen, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jouni Malinen <j@w1.fi>
commit 3ba06c6fbd651ed3377e584026d1c112b492cc8b upstream.
The ave_beacon_signal value uses 1/16 dB unit and as such, must be
initialized with the signal level of the first Beacon frame multiplied
by 16. This fixes an issue where the initial CQM events are reported
incorrectly with a burst of events while the running average
approaches the correct value after the incorrect initialization. This
could cause user space -based roaming decision process to get quite
confused at the moment when we would like to go through authentication
and DHCP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/mlme.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1540,7 +1540,7 @@ static void ieee80211_rx_mgmt_beacon(str
ifmgd->last_beacon_signal = rx_status->signal;
if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
- ifmgd->ave_beacon_signal = rx_status->signal;
+ ifmgd->ave_beacon_signal = rx_status->signal * 16;
ifmgd->last_cqm_event_signal = 0;
} else {
ifmgd->ave_beacon_signal =
^ permalink raw reply [flat|nested] 288+ messages in thread
* [050/289] mac80211: reset connection idle when going offchannel
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (49 preceding siblings ...)
2010-12-08 0:57 ` [049/289] mac80211: Fix signal strength average initialization for CQM events Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [051/289] mac80211: add helper for reseting the connection monitor Greg KH
` (235 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 4730d5977f3e12b828d354f7752cffd94bdf39e5 upstream.
When we go offchannel mac80211 currently leaves alive the
connection idle monitor. This should be instead postponed
until we come back to our home channel, otherwise by the
time we get back to the home channel we could be triggering
unecesary probe requests. For APs that do not respond to
unicast probe requests (Nexus One is a simple example) this
means we essentially get disconnected after the probes
fails.
This patch has stable fixes for kernels [2.6.35+]
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/offchannel.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -22,12 +22,15 @@
static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata)
{
struct ieee80211_local *local = sdata->local;
+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
local->offchannel_ps_enabled = false;
/* FIXME: what to do when local->pspolling is true? */
del_timer_sync(&local->dynamic_ps_timer);
+ del_timer_sync(&ifmgd->conn_mon_timer);
+
cancel_work_sync(&local->dynamic_ps_enable_work);
if (local->hw.conf.flags & IEEE80211_CONF_PS) {
@@ -85,6 +88,8 @@ static void ieee80211_offchannel_ps_disa
mod_timer(&local->dynamic_ps_timer, jiffies +
msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
}
+
+ ieee80211_sta_reset_conn_monitor(sdata);
}
void ieee80211_offchannel_stop_beaconing(struct ieee80211_local *local)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [051/289] mac80211: add helper for reseting the connection monitor
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (50 preceding siblings ...)
2010-12-08 0:57 ` [050/289] mac80211: reset connection idle when going offchannel Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [052/289] mac80211: make the beacon monitor available externally Greg KH
` (234 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit be099e82e9cf6d5d65d044e9ef6fc8bee3c7a113 upstream.
This will be used in another place later. The connection
monitor was added as of 2.6.35 so these fixes will be
applicable to >= 2.6.35.
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/ieee80211_i.h | 1 +
net/mac80211/mlme.c | 15 ++++++++++-----
2 files changed, 11 insertions(+), 5 deletions(-)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1003,6 +1003,7 @@ void ieee80211_sta_restart(struct ieee80
void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata);
void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
struct sk_buff *skb);
+void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata);
/* IBSS code */
void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local);
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -118,6 +118,15 @@ static void mod_beacon_timer(struct ieee
round_jiffies_up(jiffies + IEEE80211_BEACON_LOSS_TIME));
}
+void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
+{
+ if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
+ return;
+
+ mod_timer(&sdata->u.mgd.conn_mon_timer,
+ round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
+}
+
static int ecw2cw(int ecw)
{
return (1 << ecw) - 1;
@@ -1006,11 +1015,7 @@ void ieee80211_sta_rx_notify(struct ieee
if (is_multicast_ether_addr(hdr->addr1))
return;
- if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
- return;
-
- mod_timer(&sdata->u.mgd.conn_mon_timer,
- round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
+ ieee80211_sta_reset_conn_monitor(sdata);
}
static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [052/289] mac80211: make the beacon monitor available externally
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (51 preceding siblings ...)
2010-12-08 0:57 ` [051/289] mac80211: add helper for reseting the connection monitor Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [053/289] mac80211: send last 3/5 probe requests as unicast Greg KH
` (233 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit d3a910a8e4e846b9a767d35483f4dc7c6de7af82 upstream.
This will be used by other components next. The beacon
monitor was added as of 2.6.34 so these fixes are applicable
only to kernels >= 2.6.34.
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/ieee80211_i.h | 1 +
net/mac80211/mlme.c | 8 ++++----
2 files changed, 5 insertions(+), 4 deletions(-)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1003,6 +1003,7 @@ void ieee80211_sta_restart(struct ieee80
void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata);
void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
struct sk_buff *skb);
+void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata);
void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata);
/* IBSS code */
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -109,7 +109,7 @@ static void run_again(struct ieee80211_i
mod_timer(&ifmgd->timer, timeout);
}
-static void mod_beacon_timer(struct ieee80211_sub_if_data *sdata)
+void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
{
if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER)
return;
@@ -1367,7 +1367,7 @@ static bool ieee80211_assoc_success(stru
* Also start the timer that will detect beacon loss.
*/
ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
- mod_beacon_timer(sdata);
+ ieee80211_sta_reset_beacon_monitor(sdata);
return true;
}
@@ -1470,7 +1470,7 @@ static void ieee80211_rx_mgmt_probe_resp
* we have or will be receiving any beacons or data, so let's
* schedule the timers again, just in case.
*/
- mod_beacon_timer(sdata);
+ ieee80211_sta_reset_beacon_monitor(sdata);
mod_timer(&ifmgd->conn_mon_timer,
round_jiffies_up(jiffies +
@@ -1593,7 +1593,7 @@ static void ieee80211_rx_mgmt_beacon(str
* Push the beacon loss detection into the future since
* we are processing a beacon from the AP just now.
*/
- mod_beacon_timer(sdata);
+ ieee80211_sta_reset_beacon_monitor(sdata);
ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
^ permalink raw reply [flat|nested] 288+ messages in thread
* [053/289] mac80211: send last 3/5 probe requests as unicast
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (52 preceding siblings ...)
2010-12-08 0:57 ` [052/289] mac80211: make the beacon monitor available externally Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [054/289] mac80211: disable beacon monitor while going offchannel Greg KH
` (232 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit f01a067d9e4598c71e3c9ee3a84859d2e8af4f8e upstream.
Some buggy APs do not respond to unicast probe requests
or send unicast probe requests very delayed so in the
worst case we should try to send broadcast probe requests,
otherwise we can get disconnected from these APs.
Even if drivers do not have filters to disregard probe
responses from foreign APs mac80211 will only process
probe responses from our associated AP for re-arming
connection monitoring.
We need to do this since the beacon monitor does not
push back the connection monitor by design so even if we
are getting beacons from these type of APs our connection
monitor currently relies heavily on the way the probe
requests are received on the AP. An example of an AP
affected by this is the Nexus One, but this has also been
observed with random APs.
We can probably optimize this later by using null funcs
instead of probe requests.
For more details refer to:
http://code.google.com/p/chromium-os/issues/detail?id=5715
This patch has fixes for stable kernels [2.6.35+].
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/mlme.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1022,10 +1022,19 @@ static void ieee80211_mgd_probe_ap_send(
{
struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
const u8 *ssid;
+ u8 *dst = ifmgd->associated->bssid;
+ u8 unicast_limit = max(1, IEEE80211_MAX_PROBE_TRIES - 3);
+
+ /*
+ * Try sending broadcast probe requests for the last three
+ * probe requests after the first ones failed since some
+ * buggy APs only support broadcast probe requests.
+ */
+ if (ifmgd->probe_send_count >= unicast_limit)
+ dst = NULL;
ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
- ieee80211_send_probe_req(sdata, ifmgd->associated->bssid,
- ssid + 2, ssid[1], NULL, 0);
+ ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0);
ifmgd->probe_send_count++;
ifmgd->probe_timeout = jiffies + IEEE80211_PROBE_WAIT;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [054/289] mac80211: disable beacon monitor while going offchannel
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (53 preceding siblings ...)
2010-12-08 0:57 ` [053/289] mac80211: send last 3/5 probe requests as unicast Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [055/289] mac80211: use correct station flags lock Greg KH
` (231 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 3bc3c0d748402e8c1f31b8569f5924d25d7b8e30 upstream.
The beacon monitor should be disabled when going off channel
to prevent spurious warnings and triggering connection
deterioration work such as sending probe requests. Re-enable
the beacon monitor once we come back to the home channel.
This patch has fixes for stable kernels [2.6.34+].
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/offchannel.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -29,6 +29,7 @@ static void ieee80211_offchannel_ps_enab
/* FIXME: what to do when local->pspolling is true? */
del_timer_sync(&local->dynamic_ps_timer);
+ del_timer_sync(&ifmgd->bcn_mon_timer);
del_timer_sync(&ifmgd->conn_mon_timer);
cancel_work_sync(&local->dynamic_ps_enable_work);
@@ -89,6 +90,7 @@ static void ieee80211_offchannel_ps_disa
msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
}
+ ieee80211_sta_reset_beacon_monitor(sdata);
ieee80211_sta_reset_conn_monitor(sdata);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [055/289] mac80211: use correct station flags lock
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (54 preceding siblings ...)
2010-12-08 0:57 ` [054/289] mac80211: disable beacon monitor while going offchannel Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [056/289] mac80211: clear txflags for ps-filtered frames Greg KH
` (230 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Johannes Berg, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit f5521b13880f4f4f612e1d20dd4f565122d16e04 upstream.
This code is modifying the station flags, and
as such should hold the flags lock so it can
do so atomically vs. other flags modifications
and readers. This issue was introduced when
this code was added in eccb8e8f, as it used
the wrong lock (thus not fixing the race that
was previously documented in a comment.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/cfg.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -634,6 +634,7 @@ static void sta_apply_parameters(struct
struct sta_info *sta,
struct station_parameters *params)
{
+ unsigned long flags;
u32 rates;
int i, j;
struct ieee80211_supported_band *sband;
@@ -642,7 +643,7 @@ static void sta_apply_parameters(struct
sband = local->hw.wiphy->bands[local->oper_channel->band];
- spin_lock_bh(&sta->lock);
+ spin_lock_irqsave(&sta->flaglock, flags);
mask = params->sta_flags_mask;
set = params->sta_flags_set;
@@ -669,7 +670,7 @@ static void sta_apply_parameters(struct
if (set & BIT(NL80211_STA_FLAG_MFP))
sta->flags |= WLAN_STA_MFP;
}
- spin_unlock_bh(&sta->lock);
+ spin_unlock_irqrestore(&sta->flaglock, flags);
/*
* cfg80211 validates this (1-2007) and allows setting the AID
^ permalink raw reply [flat|nested] 288+ messages in thread
* [056/289] mac80211: clear txflags for ps-filtered frames
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (55 preceding siblings ...)
2010-12-08 0:57 ` [055/289] mac80211: use correct station flags lock Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [057/289] mac80211: reset probe send counter upon connection timer reset Greg KH
` (229 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Johannes Berg,
Christian Lamparter, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Christian Lamparter <chunkeey@googlemail.com>
commit eb7d3066cf864342e8ae6a5c1126a1602c4d06c0 upstream.
This patch fixes stale mac80211_tx_control_flags for
filtered / retried frames.
Because ieee80211_handle_filtered_frame feeds skbs back
into the tx path, they have to be stripped of some tx
flags so they won't confuse the stack, driver or device.
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/net/mac80211.h | 16 ++++++++++++++++
net/mac80211/status.c | 1 +
2 files changed, 17 insertions(+)
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -315,6 +315,9 @@ struct ieee80211_bss_conf {
* @IEEE80211_TX_CTL_LDPC: tells the driver to use LDPC for this frame
* @IEEE80211_TX_CTL_STBC: Enables Space-Time Block Coding (STBC) for this
* frame and selects the maximum number of streams that it can use.
+ *
+ * Note: If you have to add new flags to the enumeration, then don't
+ * forget to update %IEEE80211_TX_TEMPORARY_FLAGS when necessary.
*/
enum mac80211_tx_control_flags {
IEEE80211_TX_CTL_REQ_TX_STATUS = BIT(0),
@@ -344,6 +347,19 @@ enum mac80211_tx_control_flags {
#define IEEE80211_TX_CTL_STBC_SHIFT 23
+/*
+ * This definition is used as a mask to clear all temporary flags, which are
+ * set by the tx handlers for each transmission attempt by the mac80211 stack.
+ */
+#define IEEE80211_TX_TEMPORARY_FLAGS (IEEE80211_TX_CTL_NO_ACK | \
+ IEEE80211_TX_CTL_CLEAR_PS_FILT | IEEE80211_TX_CTL_FIRST_FRAGMENT | \
+ IEEE80211_TX_CTL_SEND_AFTER_DTIM | IEEE80211_TX_CTL_AMPDU | \
+ IEEE80211_TX_STAT_TX_FILTERED | IEEE80211_TX_STAT_ACK | \
+ IEEE80211_TX_STAT_AMPDU | IEEE80211_TX_STAT_AMPDU_NO_BACK | \
+ IEEE80211_TX_CTL_RATE_CTRL_PROBE | IEEE80211_TX_CTL_PSPOLL_RESPONSE | \
+ IEEE80211_TX_CTL_MORE_FRAMES | IEEE80211_TX_CTL_LDPC | \
+ IEEE80211_TX_CTL_STBC)
+
/**
* enum mac80211_rate_control_flags - per-rate flags set by the
* Rate Control algorithm.
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -58,6 +58,7 @@ static void ieee80211_handle_filtered_fr
info->control.vif = &sta->sdata->vif;
info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING |
IEEE80211_TX_INTFL_RETRANSMISSION;
+ info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
sta->tx_filtered_count++;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [057/289] mac80211: reset probe send counter upon connection timer reset
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (56 preceding siblings ...)
2010-12-08 0:57 ` [056/289] mac80211: clear txflags for ps-filtered frames Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [058/289] mac80211: Fix ibss station got expired immediately Greg KH
` (228 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Stewart, Amod Bodas,
Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 0c699c3a75d4e8d0d2c317f83048d8fd3ffe692a upstream.
Upon beacon loss we send probe requests after 30 seconds of idle
time and we wait for each probe response 1/2 second. We send a
total of 3 probe requests before giving up on the AP. In the case
that we reset the connection idle monitor we should reset the probe
requests count to 0. Right now this won't help in any way but
the next patch will.
This patch has fixes for stable kernel [2.6.35+].
Cc: Paul Stewart <pstew@google.com>
Cc: Amod Bodas <amod.bodas@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/mlme.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -120,11 +120,15 @@ void ieee80211_sta_reset_beacon_monitor(
void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
{
+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
+
if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
return;
mod_timer(&sdata->u.mgd.conn_mon_timer,
round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
+
+ ifmgd->probe_send_count = 0;
}
static int ecw2cw(int ecw)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [058/289] mac80211: Fix ibss station got expired immediately
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (57 preceding siblings ...)
2010-12-08 0:57 ` [057/289] mac80211: reset probe send counter upon connection timer reset Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [059/289] mac80211: dont sanitize invalid rates Greg KH
` (227 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rajkumar Manoharan,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rajkumar Manoharan <rmanoharan@atheros.com>
commit c8716d9dc13c7f6ee92f2bfc6cc3b723b417bff8 upstream.
Station addition in ieee80211_ibss_rx_queued_mgmt is not updating
sta->last_rx which is causing station expiry in ieee80211_ibss_work
path. So sta addition and deletion happens repeatedly.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/ibss.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -435,6 +435,7 @@ struct sta_info *ieee80211_ibss_add_sta(
if (!sta)
return NULL;
+ sta->last_rx = jiffies;
set_sta_flags(sta, WLAN_STA_AUTHORIZED);
/* make sure mandatory rates are always added */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [059/289] mac80211: dont sanitize invalid rates
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (58 preceding siblings ...)
2010-12-08 0:57 ` [058/289] mac80211: Fix ibss station got expired immediately Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [060/289] mac80211: delete AddBA response timer Greg KH
` (226 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Christian Lamparter,
John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Christian Lamparter <chunkeey@googlemail.com>
commit 5f4e6b2d3c74c1adda1cbfd9d9d30da22c7484fc upstream.
I found this bug while poking around with a pure-gn AP.
Commit:
cfg80211/mac80211: Use more generic bitrate mask for rate control
Added some sanity checks to ensure that each tx rate index
is included in the configured mask and it would change any
rate indexes if it wasn't.
But, the current implementation doesn't take into account
that the invalid rate index "-1" has a special meaning
(= no further attempts) and it should not be "changed".
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/rate.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -328,6 +328,9 @@ void rate_control_get_rate(struct ieee80
* if needed.
*/
for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
+ /* Skip invalid rates */
+ if (info->control.rates[i].idx < 0)
+ break;
/* Rate masking supports only legacy rates for now */
if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS)
continue;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [060/289] mac80211: delete AddBA response timer
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (59 preceding siblings ...)
2010-12-08 0:57 ` [059/289] mac80211: dont sanitize invalid rates Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [061/289] isdn/gigaset: fix bas_gigaset AT read error handling Greg KH
` (225 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Johannes Berg, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 44271488b91c9eecf249e075a1805dd887e222d2 upstream.
We never delete the addBA response timer, which
is typically fine, but if the station it belongs
to is deleted very quickly after starting the BA
session, before the peer had a chance to reply,
the timer may fire after the station struct has
been freed already. Therefore, we need to delete
the timer in a suitable spot -- best when the
session is being stopped (which will happen even
then) in which case the delete will be a no-op
most of the time.
I've reproduced the scenario and tested the fix.
This fixes the crash reported at
http://mid.gmane.org/4CAB6F96.6090701@candelatech.com
Reported-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/mac80211/agg-tx.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -177,6 +177,8 @@ int ___ieee80211_stop_tx_ba_session(stru
del_timer_sync(&tid_tx->addba_resp_timer);
+ del_timer_sync(&tid_tx->addba_resp_timer);
+
/*
* After this packets are no longer handed right through
* to the driver but are put onto tid_tx->pending instead,
^ permalink raw reply [flat|nested] 288+ messages in thread
* [061/289] isdn/gigaset: fix bas_gigaset AT read error handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (60 preceding siblings ...)
2010-12-08 0:57 ` [060/289] mac80211: delete AddBA response timer Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [062/289] isdn/gigaset: correct bas_gigaset rx buffer handling Greg KH
` (224 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Tilman Schmidt, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tilman Schmidt <tilman@imap.cc>
commit c8701a08d6a4efeae45d84d0aa87172f23b14e3c upstream.
Rework the handling of USB errors in AT response reads
to fix a possible infinite retry loop and a memory leak,
and silence a few overly verbose kernel messages.
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/isdn/gigaset/bas-gigaset.c | 83 ++++++++++++++-----------------------
1 file changed, 33 insertions(+), 50 deletions(-)
--- a/drivers/isdn/gigaset/bas-gigaset.c
+++ b/drivers/isdn/gigaset/bas-gigaset.c
@@ -438,23 +438,27 @@ static void cmd_in_timeout(unsigned long
return;
}
- if (ucs->retry_cmd_in++ < BAS_RETRY) {
- dev_notice(cs->dev, "control read: timeout, retry %d\n",
- ucs->retry_cmd_in);
- rc = atread_submit(cs, BAS_TIMEOUT);
- if (rc >= 0 || rc == -ENODEV)
- /* resubmitted or disconnected */
- /* - bypass regular exit block */
- return;
- } else {
+ if (ucs->retry_cmd_in++ >= BAS_RETRY) {
dev_err(cs->dev,
"control read: timeout, giving up after %d tries\n",
ucs->retry_cmd_in);
+ kfree(ucs->rcvbuf);
+ ucs->rcvbuf = NULL;
+ ucs->rcvbuf_size = 0;
+ error_reset(cs);
+ return;
+ }
+
+ gig_dbg(DEBUG_USBREQ, "%s: timeout, retry %d",
+ __func__, ucs->retry_cmd_in);
+ rc = atread_submit(cs, BAS_TIMEOUT);
+ if (rc < 0) {
+ kfree(ucs->rcvbuf);
+ ucs->rcvbuf = NULL;
+ ucs->rcvbuf_size = 0;
+ if (rc != -ENODEV)
+ error_reset(cs);
}
- kfree(ucs->rcvbuf);
- ucs->rcvbuf = NULL;
- ucs->rcvbuf_size = 0;
- error_reset(cs);
}
/* read_ctrl_callback
@@ -470,18 +474,11 @@ static void read_ctrl_callback(struct ur
struct cardstate *cs = inbuf->cs;
struct bas_cardstate *ucs = cs->hw.bas;
int status = urb->status;
- int have_data = 0;
unsigned numbytes;
int rc;
update_basstate(ucs, 0, BS_ATRDPEND);
wake_up(&ucs->waitqueue);
-
- if (!ucs->rcvbuf_size) {
- dev_warn(cs->dev, "%s: no receive in progress\n", __func__);
- return;
- }
-
del_timer(&ucs->timer_cmd_in);
switch (status) {
@@ -495,19 +492,10 @@ static void read_ctrl_callback(struct ur
numbytes = ucs->rcvbuf_size;
}
- /* copy received bytes to inbuf */
- have_data = gigaset_fill_inbuf(inbuf, ucs->rcvbuf, numbytes);
-
- if (unlikely(numbytes < ucs->rcvbuf_size)) {
- /* incomplete - resubmit for remaining bytes */
- ucs->rcvbuf_size -= numbytes;
- ucs->retry_cmd_in = 0;
- rc = atread_submit(cs, BAS_TIMEOUT);
- if (rc >= 0 || rc == -ENODEV)
- /* resubmitted or disconnected */
- /* - bypass regular exit block */
- return;
- error_reset(cs);
+ /* copy received bytes to inbuf, notify event layer */
+ if (gigaset_fill_inbuf(inbuf, ucs->rcvbuf, numbytes)) {
+ gig_dbg(DEBUG_INTR, "%s-->BH", __func__);
+ gigaset_schedule_event(cs);
}
break;
@@ -516,37 +504,32 @@ static void read_ctrl_callback(struct ur
case -EINPROGRESS: /* pending */
case -ENODEV: /* device removed */
case -ESHUTDOWN: /* device shut down */
- /* no action necessary */
+ /* no further action necessary */
gig_dbg(DEBUG_USBREQ, "%s: %s",
__func__, get_usb_statmsg(status));
break;
- default: /* severe trouble */
- dev_warn(cs->dev, "control read: %s\n",
- get_usb_statmsg(status));
+ default: /* other errors: retry */
if (ucs->retry_cmd_in++ < BAS_RETRY) {
- dev_notice(cs->dev, "control read: retry %d\n",
- ucs->retry_cmd_in);
+ gig_dbg(DEBUG_USBREQ, "%s: %s, retry %d", __func__,
+ get_usb_statmsg(status), ucs->retry_cmd_in);
rc = atread_submit(cs, BAS_TIMEOUT);
- if (rc >= 0 || rc == -ENODEV)
- /* resubmitted or disconnected */
- /* - bypass regular exit block */
+ if (rc >= 0)
+ /* successfully resubmitted, skip freeing */
return;
- } else {
- dev_err(cs->dev,
- "control read: giving up after %d tries\n",
- ucs->retry_cmd_in);
+ if (rc == -ENODEV)
+ /* disconnect, no further action necessary */
+ break;
}
+ dev_err(cs->dev, "control read: %s, giving up after %d tries\n",
+ get_usb_statmsg(status), ucs->retry_cmd_in);
error_reset(cs);
}
+ /* read finished, free buffer */
kfree(ucs->rcvbuf);
ucs->rcvbuf = NULL;
ucs->rcvbuf_size = 0;
- if (have_data) {
- gig_dbg(DEBUG_INTR, "%s-->BH", __func__);
- gigaset_schedule_event(cs);
- }
}
/* atread_submit
^ permalink raw reply [flat|nested] 288+ messages in thread
* [062/289] isdn/gigaset: correct bas_gigaset rx buffer handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (61 preceding siblings ...)
2010-12-08 0:57 ` [061/289] isdn/gigaset: fix bas_gigaset AT read error handling Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [063/289] isdn/gigaset: bas_gigaset locking fix Greg KH
` (223 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Tilman Schmidt, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tilman Schmidt <tilman@imap.cc>
commit f3d531b99fb30945b4a64d6e2e86e1e62605aca5 upstream.
In transparent data reception, avoid a NULL pointer dereference
in case an skbuff cannot be allocated, remove an inappropriate
call to the HDLC flush routine, and correct the accounting of
received bytes for continued buffers.
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/isdn/gigaset/isocdata.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/isdn/gigaset/isocdata.c
+++ b/drivers/isdn/gigaset/isocdata.c
@@ -842,13 +842,14 @@ static inline void trans_receive(unsigne
if (unlikely(bcs->ignore)) {
bcs->ignore--;
- hdlc_flush(bcs);
return;
}
skb = bcs->rx_skb;
- if (skb == NULL)
+ if (skb == NULL) {
skb = gigaset_new_rx_skb(bcs);
- bcs->hw.bas->goodbytes += skb->len;
+ if (skb == NULL)
+ return;
+ }
dobytes = bcs->rx_bufsize - skb->len;
while (count > 0) {
dst = skb_put(skb, count < dobytes ? count : dobytes);
@@ -860,6 +861,7 @@ static inline void trans_receive(unsigne
if (dobytes == 0) {
dump_bytes(DEBUG_STREAM_DUMP,
"rcv data", skb->data, skb->len);
+ bcs->hw.bas->goodbytes += skb->len;
gigaset_skb_rcvd(bcs, skb);
skb = gigaset_new_rx_skb(bcs);
if (skb == NULL)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [063/289] isdn/gigaset: bas_gigaset locking fix
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (62 preceding siblings ...)
2010-12-08 0:57 ` [062/289] isdn/gigaset: correct bas_gigaset rx buffer handling Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [064/289] i2c-pca-platform: Change device name of request_irq Greg KH
` (222 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Tilman Schmidt, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tilman Schmidt <tilman@imap.cc>
commit b33ffa5cbf52ee751bb8068218ebb3c742c5a515 upstream.
Unlock cs->lock before calling error_hangup() which is marked
"cs->lock must not be held".
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/isdn/gigaset/bas-gigaset.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/isdn/gigaset/bas-gigaset.c
+++ b/drivers/isdn/gigaset/bas-gigaset.c
@@ -1581,13 +1581,13 @@ static int gigaset_init_bchannel(struct
ret = starturbs(bcs);
if (ret < 0) {
+ spin_unlock_irqrestore(&cs->lock, flags);
dev_err(cs->dev,
"could not start isochronous I/O for channel B%d: %s\n",
bcs->channel + 1,
ret == -EFAULT ? "null URB" : get_usb_rcmsg(ret));
if (ret != -ENODEV)
error_hangup(bcs);
- spin_unlock_irqrestore(&cs->lock, flags);
return ret;
}
@@ -1597,11 +1597,11 @@ static int gigaset_init_bchannel(struct
dev_err(cs->dev, "could not open channel B%d\n",
bcs->channel + 1);
stopurbs(bcs->hw.bas);
- if (ret != -ENODEV)
- error_hangup(bcs);
}
spin_unlock_irqrestore(&cs->lock, flags);
+ if (ret < 0 && ret != -ENODEV)
+ error_hangup(bcs);
return ret;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [064/289] i2c-pca-platform: Change device name of request_irq
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (63 preceding siblings ...)
2010-12-08 0:57 ` [063/289] isdn/gigaset: bas_gigaset locking fix Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [065/289] viafb: fix i2c_transfer error handling Greg KH
` (221 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Nobuhiro Iwamatsu,
Wolfram Sang, Jean Delvare
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
commit 323584436db0cb05286425d4dfd9516fce88487f upstream.
i2c->adap.name shouldn't be used in request_irq.
Instead the driver name "i2c-pca-platform" should be used.
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/i2c/busses/i2c-pca-platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/i2c/busses/i2c-pca-platform.c
+++ b/drivers/i2c/busses/i2c-pca-platform.c
@@ -224,7 +224,7 @@ static int __devinit i2c_pca_pf_probe(st
if (irq) {
ret = request_irq(irq, i2c_pca_pf_handler,
- IRQF_TRIGGER_FALLING, i2c->adap.name, i2c);
+ IRQF_TRIGGER_FALLING, pdev->name, i2c);
if (ret)
goto e_reqirq;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [065/289] viafb: fix i2c_transfer error handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (64 preceding siblings ...)
2010-12-08 0:57 ` [064/289] i2c-pca-platform: Change device name of request_irq Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [066/289] drm/radeon/kms: register an i2c adapter name for the dp aux bus Greg KH
` (220 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Florian Tobias Schandinat,
Jonathan Corbet, Joseph Chan
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
commit 85c5702ac046b14713f776d59768252d8ed8018f upstream.
i2c_transfer returns negative errno on error and number of messages
processed on success. Just returning this value would give a poor
interface as it is not obvious that you must compare with 2 after reading
1 or n bytes and with 1 after writing 1 byte to determine if it was
successful. To avoid this error prone interface convert the error code
of a successful read/write to zero and all other non-negative values to
an negative error code.
This fixes a regression introduced by
via: Rationalize vt1636 detection
which resulted in no longer detecting a VT1636 chip and therefore has
broken the output in configurations which contain this chip.
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Acked-by: Jonathan Corbet <corbet@lwn.net>
Cc: Joseph Chan <JosephChan@via.com.tw>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/video/via/via_i2c.c | 27 ++++++++++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
--- a/drivers/video/via/via_i2c.c
+++ b/drivers/video/via/via_i2c.c
@@ -114,6 +114,7 @@ static void via_i2c_setsda(void *data, i
int viafb_i2c_readbyte(u8 adap, u8 slave_addr, u8 index, u8 *pdata)
{
+ int ret;
u8 mm1[] = {0x00};
struct i2c_msg msgs[2];
@@ -126,11 +127,18 @@ int viafb_i2c_readbyte(u8 adap, u8 slave
mm1[0] = index;
msgs[0].len = 1; msgs[1].len = 1;
msgs[0].buf = mm1; msgs[1].buf = pdata;
- return i2c_transfer(&via_i2c_par[adap].adapter, msgs, 2);
+ ret = i2c_transfer(&via_i2c_par[adap].adapter, msgs, 2);
+ if (ret == 2)
+ ret = 0;
+ else if (ret >= 0)
+ ret = -EIO;
+
+ return ret;
}
int viafb_i2c_writebyte(u8 adap, u8 slave_addr, u8 index, u8 data)
{
+ int ret;
u8 msg[2] = { index, data };
struct i2c_msg msgs;
@@ -140,11 +148,18 @@ int viafb_i2c_writebyte(u8 adap, u8 slav
msgs.addr = slave_addr / 2;
msgs.len = 2;
msgs.buf = msg;
- return i2c_transfer(&via_i2c_par[adap].adapter, &msgs, 1);
+ ret = i2c_transfer(&via_i2c_par[adap].adapter, &msgs, 1);
+ if (ret == 1)
+ ret = 0;
+ else if (ret >= 0)
+ ret = -EIO;
+
+ return ret;
}
int viafb_i2c_readbytes(u8 adap, u8 slave_addr, u8 index, u8 *buff, int buff_len)
{
+ int ret;
u8 mm1[] = {0x00};
struct i2c_msg msgs[2];
@@ -156,7 +171,13 @@ int viafb_i2c_readbytes(u8 adap, u8 slav
mm1[0] = index;
msgs[0].len = 1; msgs[1].len = buff_len;
msgs[0].buf = mm1; msgs[1].buf = buff;
- return i2c_transfer(&via_i2c_par[adap].adapter, msgs, 2);
+ ret = i2c_transfer(&via_i2c_par[adap].adapter, msgs, 2);
+ if (ret == 2)
+ ret = 0;
+ else if (ret >= 0)
+ ret = -EIO;
+
+ return ret;
}
/*
^ permalink raw reply [flat|nested] 288+ messages in thread
* [066/289] drm/radeon/kms: register an i2c adapter name for the dp aux bus
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (65 preceding siblings ...)
2010-12-08 0:57 ` [065/289] viafb: fix i2c_transfer error handling Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [067/289] ALSA: hda - Disable sticky PCM stream assignment for AD codecs Greg KH
` (219 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher,
Ari Savolainen, Jean Delvare, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit a5193fe50e7f21c26d22c17c8196420fac1a3ca7 upstream.
This causes the connector to not be added since i2c init fails
for the adapter. Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=31688
Noticed by Ari Savolainen.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: Ari Savolainen <ari.m.savolainen@gmail.com>
Cc: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_i2c.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/radeon/radeon_i2c.c
+++ b/drivers/gpu/drm/radeon/radeon_i2c.c
@@ -946,6 +946,7 @@ struct radeon_i2c_chan *radeon_i2c_creat
i2c->rec = *rec;
i2c->adapter.owner = THIS_MODULE;
i2c->dev = dev;
+ sprintf(i2c->adapter.name, "Radeon aux bus %s", name);
i2c_set_adapdata(&i2c->adapter, i2c);
i2c->adapter.algo_data = &i2c->algo.dp;
i2c->algo.dp.aux_ch = radeon_dp_i2c_aux_ch;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [067/289] ALSA: hda - Disable sticky PCM stream assignment for AD codecs
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (66 preceding siblings ...)
2010-12-08 0:57 ` [066/289] drm/radeon/kms: register an i2c adapter name for the dp aux bus Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [068/289] ALSA: hda - Add workarounds for CT-IBG controllers Greg KH
` (218 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 0e7adbe263f89ea2ef15b5af5e80a812b2a85025 upstream.
The sticky PCM stream assignment introduced in 2.6.36 kernel seems
causing problems on AD codecs. At some time later, the streaming no
longer works by unknown reason. A simple workaround is to disable
sticky-assignment for these codecs.
Tested-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/hda_codec.c | 3 +++
sound/pci/hda/hda_codec.h | 1 +
sound/pci/hda/patch_analog.c | 7 +++++++
3 files changed, 11 insertions(+)
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -1281,6 +1281,9 @@ void __snd_hda_codec_cleanup_stream(stru
if (!nid)
return;
+ if (codec->no_sticky_stream)
+ do_now = 1;
+
snd_printdd("hda_codec_cleanup_stream: NID=0x%x\n", nid);
p = get_hda_cvt_setup(codec, nid);
if (p) {
--- a/sound/pci/hda/hda_codec.h
+++ b/sound/pci/hda/hda_codec.h
@@ -850,6 +850,7 @@ struct hda_codec {
unsigned int pin_amp_workaround:1; /* pin out-amp takes index
* (e.g. Conexant codecs)
*/
+ unsigned int no_sticky_stream:1; /* no sticky-PCM stream assignment */
unsigned int pins_shutup:1; /* pins are shut up */
unsigned int no_trigger_sense:1; /* don't trigger at pin-sensing */
#ifdef CONFIG_SND_HDA_POWER_SAVE
--- a/sound/pci/hda/patch_analog.c
+++ b/sound/pci/hda/patch_analog.c
@@ -1276,6 +1276,7 @@ static int patch_ad1986a(struct hda_code
spec->multiout.no_share_stream = 1;
codec->no_trigger_sense = 1;
+ codec->no_sticky_stream = 1;
return 0;
}
@@ -1463,6 +1464,7 @@ static int patch_ad1983(struct hda_codec
codec->patch_ops = ad198x_patch_ops;
codec->no_trigger_sense = 1;
+ codec->no_sticky_stream = 1;
return 0;
}
@@ -1917,6 +1919,7 @@ static int patch_ad1981(struct hda_codec
}
codec->no_trigger_sense = 1;
+ codec->no_sticky_stream = 1;
return 0;
}
@@ -3235,6 +3238,7 @@ static int patch_ad1988(struct hda_codec
spec->vmaster_nid = 0x04;
codec->no_trigger_sense = 1;
+ codec->no_sticky_stream = 1;
return 0;
}
@@ -3449,6 +3453,7 @@ static int patch_ad1884(struct hda_codec
codec->patch_ops = ad198x_patch_ops;
codec->no_trigger_sense = 1;
+ codec->no_sticky_stream = 1;
return 0;
}
@@ -4422,6 +4427,7 @@ static int patch_ad1884a(struct hda_code
}
codec->no_trigger_sense = 1;
+ codec->no_sticky_stream = 1;
return 0;
}
@@ -4761,6 +4767,7 @@ static int patch_ad1882(struct hda_codec
}
codec->no_trigger_sense = 1;
+ codec->no_sticky_stream = 1;
return 0;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [068/289] ALSA: hda - Add workarounds for CT-IBG controllers
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (67 preceding siblings ...)
2010-12-08 0:57 ` [067/289] ALSA: hda - Disable sticky PCM stream assignment for AD codecs Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [069/289] ALSA: hda - Fix wrong SPDIF NID assignment for CA0110 Greg KH
` (217 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 62b7e5e09bcb854ff05e6ee1aa161f8283dc36ee upstream.
Creative IBG controllers require the playback stream-tags to be started
from 1, instead of capture+1. Otherwise the stream stalls.
Reported-by: Wai Yew CHAY <wychay@ctl.creative.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/hda_codec.c | 5 ++++-
sound/pci/hda/hda_intel.c | 9 +++++++--
2 files changed, 11 insertions(+), 3 deletions(-)
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -1216,6 +1216,7 @@ void snd_hda_codec_setup_stream(struct h
struct hda_codec *c;
struct hda_cvt_setup *p;
unsigned int oldval, newval;
+ int type;
int i;
if (!nid)
@@ -1254,10 +1255,12 @@ void snd_hda_codec_setup_stream(struct h
p->dirty = 0;
/* make other inactive cvts with the same stream-tag dirty */
+ type = get_wcaps_type(get_wcaps(codec, nid));
list_for_each_entry(c, &codec->bus->codec_list, list) {
for (i = 0; i < c->cvt_setups.used; i++) {
p = snd_array_elem(&c->cvt_setups, i);
- if (!p->active && p->stream_tag == stream_tag)
+ if (!p->active && p->stream_tag == stream_tag &&
+ get_wcaps_type(get_wcaps(codec, p->nid)) == type)
p->dirty = 1;
}
}
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1647,7 +1647,7 @@ static int azx_pcm_prepare(struct snd_pc
struct azx_dev *azx_dev = get_azx_dev(substream);
struct hda_pcm_stream *hinfo = apcm->hinfo[substream->stream];
struct snd_pcm_runtime *runtime = substream->runtime;
- unsigned int bufsize, period_bytes, format_val;
+ unsigned int bufsize, period_bytes, format_val, stream_tag;
int err;
azx_stream_reset(chip, azx_dev);
@@ -1689,7 +1689,12 @@ static int azx_pcm_prepare(struct snd_pc
else
azx_dev->fifo_size = 0;
- return snd_hda_codec_prepare(apcm->codec, hinfo, azx_dev->stream_tag,
+ stream_tag = azx_dev->stream_tag;
+ /* CA-IBG chips need the playback stream starting from 1 */
+ if (chip->driver_type == AZX_DRIVER_CTX &&
+ stream_tag > chip->capture_streams)
+ stream_tag -= chip->capture_streams;
+ return snd_hda_codec_prepare(apcm->codec, hinfo, stream_tag,
azx_dev->format_val, substream);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [069/289] ALSA: hda - Fix wrong SPDIF NID assignment for CA0110
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (68 preceding siblings ...)
2010-12-08 0:57 ` [068/289] ALSA: hda - Add workarounds for CT-IBG controllers Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [070/289] ALSA: hda - Add some workarounds for Creative IBG Greg KH
` (216 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 24b55c69b66eb2a122842820ec14ab215fc8572f upstream.
The dig_out_nid field must take a digital-converter widget, but the current
ca0110 parser passed the pin wrongly instead.
Reported-by: Wai Yew CHAY <wychay@ctl.creative.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_ca0110.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/pci/hda/patch_ca0110.c
+++ b/sound/pci/hda/patch_ca0110.c
@@ -489,7 +489,7 @@ static void parse_digital(struct hda_cod
if (cfg->dig_outs &&
snd_hda_get_connections(codec, cfg->dig_out_pins[0],
&spec->dig_out, 1) == 1)
- spec->multiout.dig_out_nid = cfg->dig_out_pins[0];
+ spec->multiout.dig_out_nid = spec->dig_out;
}
static int ca0110_parse_auto_config(struct hda_codec *codec)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [070/289] ALSA: hda - Add some workarounds for Creative IBG
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (69 preceding siblings ...)
2010-12-08 0:57 ` [069/289] ALSA: hda - Fix wrong SPDIF NID assignment for CA0110 Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [071/289] ALSA: OSS mixer emulation - fix locking Greg KH
` (215 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 14d34f166c57e77e3d7f9bc8b43d349186d922c1 upstream.
Creative HD-audio controller chips require some workarounds:
- Additional delay before RIRB response
- Set the initial RIRB counter to 0xc0
The latter seems to be done in general in Windows driver, so we may
use this value later for all types if it's confirmed to work better.
Reported-by: Wai Yew CHAY <wychay@ctl.creative.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/hda_intel.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -458,6 +458,7 @@ enum {
AZX_DRIVER_ULI,
AZX_DRIVER_NVIDIA,
AZX_DRIVER_TERA,
+ AZX_DRIVER_CTX,
AZX_DRIVER_GENERIC,
AZX_NUM_DRIVERS, /* keep this as last entry */
};
@@ -473,6 +474,7 @@ static char *driver_short_names[] __devi
[AZX_DRIVER_ULI] = "HDA ULI M5461",
[AZX_DRIVER_NVIDIA] = "HDA NVidia",
[AZX_DRIVER_TERA] = "HDA Teradici",
+ [AZX_DRIVER_CTX] = "HDA Creative",
[AZX_DRIVER_GENERIC] = "HD-Audio Generic",
};
@@ -563,7 +565,10 @@ static void azx_init_cmd_io(struct azx *
/* reset the rirb hw write pointer */
azx_writew(chip, RIRBWP, ICH6_RIRBWP_RST);
/* set N=1, get RIRB response interrupt for new entry */
- azx_writew(chip, RINTCNT, 1);
+ if (chip->driver_type == AZX_DRIVER_CTX)
+ azx_writew(chip, RINTCNT, 0xc0);
+ else
+ azx_writew(chip, RINTCNT, 1);
/* enable rirb dma and response irq */
azx_writeb(chip, RIRBCTL, ICH6_RBCTL_DMA_EN | ICH6_RBCTL_IRQ_EN);
spin_unlock_irq(&chip->reg_lock);
@@ -1136,8 +1141,11 @@ static irqreturn_t azx_interrupt(int irq
/* clear rirb int */
status = azx_readb(chip, RIRBSTS);
if (status & RIRB_INT_MASK) {
- if (status & RIRB_INT_RESPONSE)
+ if (status & RIRB_INT_RESPONSE) {
+ if (chip->driver_type == AZX_DRIVER_CTX)
+ udelay(80);
azx_update_rirb(chip);
+ }
azx_writeb(chip, RIRBSTS, RIRB_INT_MASK);
}
@@ -2799,10 +2807,10 @@ static DEFINE_PCI_DEVICE_TABLE(azx_ids)
{ PCI_DEVICE(PCI_VENDOR_ID_CREATIVE, PCI_ANY_ID),
.class = PCI_CLASS_MULTIMEDIA_HD_AUDIO << 8,
.class_mask = 0xffffff,
- .driver_data = AZX_DRIVER_GENERIC },
+ .driver_data = AZX_DRIVER_CTX },
#else
/* this entry seems still valid -- i.e. without emu20kx chip */
- { PCI_DEVICE(0x1102, 0x0009), .driver_data = AZX_DRIVER_GENERIC },
+ { PCI_DEVICE(0x1102, 0x0009), .driver_data = AZX_DRIVER_CTX },
#endif
/* AMD/ATI Generic, PCI class code and Vendor ID for HD Audio */
{ PCI_DEVICE(PCI_VENDOR_ID_ATI, PCI_ANY_ID),
^ permalink raw reply [flat|nested] 288+ messages in thread
* [071/289] ALSA: OSS mixer emulation - fix locking
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (70 preceding siblings ...)
2010-12-08 0:57 ` [070/289] ALSA: hda - Add some workarounds for Creative IBG Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [072/289] ALSA: HDA: Enable internal mic on Dell E6410 and Dell E6510 Greg KH
` (214 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jaroslav Kysela
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jaroslav Kysela <perex@perex.cz>
commit 838c364ff05c143fd1810e8ad1469935d6c23a7a upstream.
Fix mutex release and cleanup some locking code.
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/core/oss/mixer_oss.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/sound/core/oss/mixer_oss.c
+++ b/sound/core/oss/mixer_oss.c
@@ -618,8 +618,10 @@ static void snd_mixer_oss_put_volume1_vo
if (numid == ID_UNKNOWN)
return;
down_read(&card->controls_rwsem);
- if ((kctl = snd_ctl_find_numid(card, numid)) == NULL)
+ if ((kctl = snd_ctl_find_numid(card, numid)) == NULL) {
+ up_read(&card->controls_rwsem);
return;
+ }
uinfo = kzalloc(sizeof(*uinfo), GFP_KERNEL);
uctl = kzalloc(sizeof(*uctl), GFP_KERNEL);
if (uinfo == NULL || uctl == NULL)
@@ -658,7 +660,7 @@ static void snd_mixer_oss_put_volume1_sw
return;
down_read(&card->controls_rwsem);
if ((kctl = snd_ctl_find_numid(card, numid)) == NULL) {
- up_read(&fmixer->card->controls_rwsem);
+ up_read(&card->controls_rwsem);
return;
}
uinfo = kzalloc(sizeof(*uinfo), GFP_KERNEL);
@@ -797,7 +799,7 @@ static int snd_mixer_oss_get_recsrc2(str
uctl = kzalloc(sizeof(*uctl), GFP_KERNEL);
if (uinfo == NULL || uctl == NULL) {
err = -ENOMEM;
- goto __unlock;
+ goto __free_only;
}
down_read(&card->controls_rwsem);
kctl = snd_mixer_oss_test_id(mixer, "Capture Source", 0);
@@ -826,6 +828,7 @@ static int snd_mixer_oss_get_recsrc2(str
err = 0;
__unlock:
up_read(&card->controls_rwsem);
+ __free_only:
kfree(uctl);
kfree(uinfo);
return err;
@@ -847,7 +850,7 @@ static int snd_mixer_oss_put_recsrc2(str
uctl = kzalloc(sizeof(*uctl), GFP_KERNEL);
if (uinfo == NULL || uctl == NULL) {
err = -ENOMEM;
- goto __unlock;
+ goto __free_only;
}
down_read(&card->controls_rwsem);
kctl = snd_mixer_oss_test_id(mixer, "Capture Source", 0);
@@ -880,6 +883,7 @@ static int snd_mixer_oss_put_recsrc2(str
err = 0;
__unlock:
up_read(&card->controls_rwsem);
+ __free_only:
kfree(uctl);
kfree(uinfo);
return err;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [072/289] ALSA: HDA: Enable internal mic on Dell E6410 and Dell E6510
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (71 preceding siblings ...)
2010-12-08 0:57 ` [071/289] ALSA: OSS mixer emulation - fix locking Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [073/289] powerpc: Fix call to subpage_protection() Greg KH
` (213 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Takashi Iwai,
David Henningsson, Diego Elio Pettenò
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2519 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: David Henningsson <david.henningsson@canonical.com>
[Not upstream as .37 fixes this differently in a much more complete way
that is not able to be backported easily.]
(Ported on top of 2.6.36)
BugLink: http://launchpad.net/bugs/628961
BugLink: http://launchpad.net/bugs/605047
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Acked-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_sigmatel.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -93,6 +93,7 @@ enum {
STAC_92HD83XXX_REF,
STAC_92HD83XXX_PWR_REF,
STAC_DELL_S14,
+ STAC_DELL_E6410,
STAC_92HD83XXX_HP,
STAC_HP_DV7_4000,
STAC_92HD83XXX_MODELS
@@ -1633,6 +1634,13 @@ static unsigned int dell_s14_pin_configs
0x40f000f0, 0x40f000f0,
};
+/* Deliberately turn off 0x0f (Dock Mic) to make it choose Int Mic instead */
+static unsigned int dell_e6410_pin_configs[10] = {
+ 0x04a11020, 0x0421101f, 0x400000f0, 0x90170110,
+ 0x23011050, 0x40f000f0, 0x400000f0, 0x90a60130,
+ 0x40f000f0, 0x40f000f0,
+};
+
static unsigned int hp_dv7_4000_pin_configs[10] = {
0x03a12050, 0x0321201f, 0x40f000f0, 0x90170110,
0x40f000f0, 0x40f000f0, 0x90170110, 0xd5a30140,
@@ -1643,6 +1651,7 @@ static unsigned int *stac92hd83xxx_brd_t
[STAC_92HD83XXX_REF] = ref92hd83xxx_pin_configs,
[STAC_92HD83XXX_PWR_REF] = ref92hd83xxx_pin_configs,
[STAC_DELL_S14] = dell_s14_pin_configs,
+ [STAC_DELL_E6410] = dell_e6410_pin_configs,
[STAC_HP_DV7_4000] = hp_dv7_4000_pin_configs,
};
@@ -1651,6 +1660,7 @@ static const char *stac92hd83xxx_models[
[STAC_92HD83XXX_REF] = "ref",
[STAC_92HD83XXX_PWR_REF] = "mic-ref",
[STAC_DELL_S14] = "dell-s14",
+ [STAC_DELL_E6410] = "dell-e6410",
[STAC_92HD83XXX_HP] = "hp",
[STAC_HP_DV7_4000] = "hp-dv7-4000",
};
@@ -1663,6 +1673,10 @@ static struct snd_pci_quirk stac92hd83xx
"DFI LanParty", STAC_92HD83XXX_REF),
SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x02ba,
"unknown Dell", STAC_DELL_S14),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x040a,
+ "Dell E6410", STAC_DELL_E6410),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x040b,
+ "Dell E6510", STAC_DELL_E6410),
SND_PCI_QUIRK_MASK(PCI_VENDOR_ID_HP, 0xff00, 0x3600,
"HP", STAC_92HD83XXX_HP),
{} /* terminator */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [073/289] powerpc: Fix call to subpage_protection()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (72 preceding siblings ...)
2010-12-08 0:57 ` [072/289] ALSA: HDA: Enable internal mic on Dell E6410 and Dell E6510 Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [074/289] SUNRPC: After calling xprt_release(), we must restart from call_reserve Greg KH
` (212 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Benjamin Herrenschmidt,
Michael Neuling, David Gibson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Michael Neuling <mikey@neuling.org>
commit 1c2c25c78740b2796c7c06640784cb6732fa4907 upstream.
In:
powerpc/mm: Fix pgtable cache cleanup with CONFIG_PPC_SUBPAGE_PROT
commit d28513bc7f675d28b479db666d572e078ecf182d
Author: David Gibson <david@gibson.dropbear.id.au>
subpage_protection() was changed to to take an mm rather a pgdir but it
didn't change calling site in hashpage_preload(). The change wasn't
noticed at compile time since hashpage_preload() used a void* as the
parameter to subpage_protection().
This is obviously wrong and can trigger the following crash when
CONFIG_SLAB, CONFIG_DEBUG_SLAB, CONFIG_PPC_64K_PAGES
CONFIG_PPC_SUBPAGE_PROT are enabled.
Freeing unused kernel memory: 704k freed
Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6c49b7
Faulting instruction address: 0xc0000000000410f4
cpu 0x2: Vector: 300 (Data Access) at [c00000004233f590]
pc: c0000000000410f4: .hash_preload+0x258/0x338
lr: c000000000041054: .hash_preload+0x1b8/0x338
sp: c00000004233f810
msr: 8000000000009032
dar: 6b6b6b6b6b6c49b7
dsisr: 40000000
current = 0xc00000007e2c0070
paca = 0xc000000007fe0500
pid = 1, comm = init
enter ? for help
[c00000004233f810] c000000000041020 .hash_preload+0x184/0x338 (unreliable)
[c00000004233f8f0] c00000000003ed98 .update_mmu_cache+0xb0/0xd0
[c00000004233f990] c000000000157754 .__do_fault+0x48c/0x5dc
[c00000004233faa0] c000000000158fd0 .handle_mm_fault+0x508/0xa8c
[c00000004233fb90] c0000000006acdd4 .do_page_fault+0x428/0x6ac
[c00000004233fe30] c000000000005260 handle_page_fault+0x20/0x74
Reported-by: Jim Keniston <jkenisto@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/powerpc/mm/hash_utils_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/mm/hash_utils_64.c
+++ b/arch/powerpc/mm/hash_utils_64.c
@@ -1122,7 +1122,7 @@ void hash_preload(struct mm_struct *mm,
else
#endif /* CONFIG_PPC_HAS_HASH_64K */
rc = __hash_page_4K(ea, access, vsid, ptep, trap, local, ssize,
- subpage_protection(pgdir, ea));
+ subpage_protection(mm, ea));
/* Dump some info in case of hash insertion failure, they should
* never happen so it is really useful to know if/when they do
^ permalink raw reply [flat|nested] 288+ messages in thread
* [074/289] SUNRPC: After calling xprt_release(), we must restart from call_reserve
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (73 preceding siblings ...)
2010-12-08 0:57 ` [073/289] powerpc: Fix call to subpage_protection() Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [075/289] microblaze: Fix build with make 3.82 Greg KH
` (211 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Trond Myklebust
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit 118df3d17f11733b294ea2cd988d56ee376ef9fd upstream.
Rob Leslie reports seeing the following Oops after his Kerberos session
expired.
BUG: unable to handle kernel NULL pointer dereference at 00000058
IP: [<e186ed94>] rpcauth_refreshcred+0x11/0x12c [sunrpc]
*pde = 00000000
Oops: 0000 [#1]
last sysfs file: /sys/devices/platform/pc87360.26144/temp3_input
Modules linked in: autofs4 authenc esp4 xfrm4_mode_transport ipt_LOG ipt_REJECT xt_limit xt_state ipt_REDIRECT xt_owner xt_HL xt_hl xt_tcpudp xt_mark cls_u32 cls_tcindex sch_sfq sch_htb sch_dsmark geodewdt deflate ctr twofish_generic twofish_i586 twofish_common camellia serpent blowfish cast5 cbc xcbc rmd160 sha512_generic sha1_generic hmac crypto_null af_key rpcsec_gss_krb5 nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc ip_gre sit tunnel4 dummy ext3 jbd nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables x_tables pc8736x_gpio nsc_gpio pc87360 hwmon_vid loop aes_i586 aes_generic sha256_generic dm_crypt cs5535_gpio serio_raw cs5535_mfgpt hifn_795x des_generic geode_rng rng_core led_class ext4 mbcache jbd2 crc16 dm_mirror dm_region_hash dm_log dm_snapshot dm_mod sd_mod crc_t10dif ide_pci_generic cs5536 amd74xx ide_core pata_cs5536 ata_generic libata usb_stora
ge via_rhine mii scsi_mod btrfs zlib_deflate crc32c libcrc32c [last unloaded: scsi_wait_scan]
Pid: 12875, comm: sudo Not tainted 2.6.36-net5501 #1 /
EIP: 0060:[<e186ed94>] EFLAGS: 00010292 CPU: 0
EIP is at rpcauth_refreshcred+0x11/0x12c [sunrpc]
EAX: 00000000 EBX: defb13a0 ECX: 00000006 EDX: e18683b8
ESI: defb13a0 EDI: 00000000 EBP: 00000000 ESP: de571d58
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process sudo (pid: 12875, ti=de570000 task=decd1430 task.ti=de570000)
Stack:
e186e008 00000000 defb13a0 0000000d deda6000 e1868f22 e196f12b defb13a0
<0> defb13d8 00000000 00000000 e186e0aa 00000000 defb13a0 de571dac 00000000
<0> e186956c de571e34 debea5c0 de571dc8 e186967a 00000000 debea5c0 de571e34
Call Trace:
[<e186e008>] ? rpc_wake_up_next+0x114/0x11b [sunrpc]
[<e1868f22>] ? call_decode+0x24a/0x5af [sunrpc]
[<e196f12b>] ? nfs4_xdr_dec_access+0x0/0xa2 [nfs]
[<e186e0aa>] ? __rpc_execute+0x62/0x17b [sunrpc]
[<e186956c>] ? rpc_run_task+0x91/0x97 [sunrpc]
[<e186967a>] ? rpc_call_sync+0x40/0x5b [sunrpc]
[<e1969ca2>] ? nfs4_proc_access+0x10a/0x176 [nfs]
[<e19572fa>] ? nfs_do_access+0x2b1/0x2c0 [nfs]
[<e186ed61>] ? rpcauth_lookupcred+0x62/0x84 [sunrpc]
[<e19573b6>] ? nfs_permission+0xad/0x13b [nfs]
[<c0177824>] ? exec_permission+0x15/0x4b
[<c0177fbd>] ? link_path_walk+0x4f/0x456
[<c017867d>] ? path_walk+0x4c/0xa8
[<c0179678>] ? do_path_lookup+0x1f/0x68
[<c017a3fb>] ? user_path_at+0x37/0x5f
[<c016359c>] ? handle_mm_fault+0x229/0x55b
[<c0170a2d>] ? sys_faccessat+0x93/0x146
[<c0170aef>] ? sys_access+0xf/0x13
[<c02cf615>] ? syscall_call+0x7/0xb
Code: 0f 94 c2 84 d2 74 09 8b 44 24 0c e8 6a e9 8b de 83 c4 14 89 d8 5b 5e 5f 5d c3 55 57 56 53 83 ec 1c fc 89 c6 8b 40 10 89 44 24 04 <8b> 58 58 85 db 0f 85 d4 00 00 00 0f b7 46 70 8b 56 20 89 c5 83
EIP: [<e186ed94>] rpcauth_refreshcred+0x11/0x12c [sunrpc] SS:ESP 0068:de571d58
CR2: 0000000000000058
This appears to be caused by the function rpc_verify_header() first
calling xprt_release(), then doing a call_refresh. If we release the
transport slot, we should _always_ jump back to call_reserve before
calling anything else.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/sunrpc/clnt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1675,7 +1675,7 @@ rpc_verify_header(struct rpc_task *task)
rpcauth_invalcred(task);
/* Ensure we obtain a new XID! */
xprt_release(task);
- task->tk_action = call_refresh;
+ task->tk_action = call_reserve;
goto out_retry;
case RPC_AUTH_BADCRED:
case RPC_AUTH_BADVERF:
^ permalink raw reply [flat|nested] 288+ messages in thread
* [075/289] microblaze: Fix build with make 3.82
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (74 preceding siblings ...)
2010-12-08 0:57 ` [074/289] SUNRPC: After calling xprt_release(), we must restart from call_reserve Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [076/289] phy/marvell: fix 88e1121 support Greg KH
` (210 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Thomas Backlund, Michal Simek
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Thomas Backlund <tmb@mandriva.org>
commit b843e4ec01991a386a9e0e9030703524446e03da upstream.
When running make headers_install_all on x86_64 and make 3.82 I hit this:
arch/microblaze/Makefile:80: *** mixed implicit and normal rules. Stop.
make: *** [headers_install_all] Error 2
So split the rules to satisfy make 3.82.
Signed-off-by: Thomas Backlund <tmb@mandriva.org>
Signed-off-by: Michal Simek <monstr@monstr.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/microblaze/Makefile | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/arch/microblaze/Makefile
+++ b/arch/microblaze/Makefile
@@ -72,12 +72,16 @@ export MMU DTB
all: linux.bin
-BOOT_TARGETS = linux.bin linux.bin.gz simpleImage.%
+# With make 3.82 we cannot mix normal and wildcard targets
+BOOT_TARGETS1 = linux.bin linux.bin.gz
+BOOT_TARGETS2 = simpleImage.%
archclean:
$(Q)$(MAKE) $(clean)=$(boot)
-$(BOOT_TARGETS): vmlinux
+$(BOOT_TARGETS1): vmlinux
+ $(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
+$(BOOT_TARGETS2): vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
define archhelp
^ permalink raw reply [flat|nested] 288+ messages in thread
* [076/289] phy/marvell: fix 88e1121 support
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (75 preceding siblings ...)
2010-12-08 0:57 ` [075/289] microblaze: Fix build with make 3.82 Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [077/289] NFSv4: Dont call nfs4_reclaim_complete() on receiving NFS4ERR_STALE_CLIENTID Greg KH
` (209 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Arnaud Patard, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Arnaud Patard <arnaud.patard@rtp-net.org>
commit be8c648051048bc66fbca590d00f3e8543ec32af upstream.
Commit c477d0447db08068a497e7beb892b2b2a7bff64b added support for RGMII
rx/tx delays except that it ends up clearing rx/tx delays bit for modes
differents that RGMII*ID. Due to this, ethernet is not working anymore
on my guruplug server +. This patch is fixing that.
Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/phy/marvell.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
--- a/drivers/net/phy/marvell.c
+++ b/drivers/net/phy/marvell.c
@@ -196,20 +196,27 @@ static int m88e1121_config_aneg(struct p
MII_88E1121_PHY_MSCR_PAGE);
if (err < 0)
return err;
- mscr = phy_read(phydev, MII_88E1121_PHY_MSCR_REG) &
- MII_88E1121_PHY_MSCR_DELAY_MASK;
- if (phydev->interface == PHY_INTERFACE_MODE_RGMII_ID)
- mscr |= (MII_88E1121_PHY_MSCR_RX_DELAY |
- MII_88E1121_PHY_MSCR_TX_DELAY);
- else if (phydev->interface == PHY_INTERFACE_MODE_RGMII_RXID)
- mscr |= MII_88E1121_PHY_MSCR_RX_DELAY;
- else if (phydev->interface == PHY_INTERFACE_MODE_RGMII_TXID)
- mscr |= MII_88E1121_PHY_MSCR_TX_DELAY;
+ if ((phydev->interface == PHY_INTERFACE_MODE_RGMII) ||
+ (phydev->interface == PHY_INTERFACE_MODE_RGMII_ID) ||
+ (phydev->interface == PHY_INTERFACE_MODE_RGMII_RXID) ||
+ (phydev->interface == PHY_INTERFACE_MODE_RGMII_TXID)) {
- err = phy_write(phydev, MII_88E1121_PHY_MSCR_REG, mscr);
- if (err < 0)
- return err;
+ mscr = phy_read(phydev, MII_88E1121_PHY_MSCR_REG) &
+ MII_88E1121_PHY_MSCR_DELAY_MASK;
+
+ if (phydev->interface == PHY_INTERFACE_MODE_RGMII_ID)
+ mscr |= (MII_88E1121_PHY_MSCR_RX_DELAY |
+ MII_88E1121_PHY_MSCR_TX_DELAY);
+ else if (phydev->interface == PHY_INTERFACE_MODE_RGMII_RXID)
+ mscr |= MII_88E1121_PHY_MSCR_RX_DELAY;
+ else if (phydev->interface == PHY_INTERFACE_MODE_RGMII_TXID)
+ mscr |= MII_88E1121_PHY_MSCR_TX_DELAY;
+
+ err = phy_write(phydev, MII_88E1121_PHY_MSCR_REG, mscr);
+ if (err < 0)
+ return err;
+ }
phy_write(phydev, MII_88E1121_PHY_PAGE, oldpage);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [077/289] NFSv4: Dont call nfs4_reclaim_complete() on receiving NFS4ERR_STALE_CLIENTID
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (76 preceding siblings ...)
2010-12-08 0:57 ` [076/289] phy/marvell: fix 88e1121 support Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [078/289] NFSv4: Dont call nfs4_state_mark_reclaim_reboot() from error handlers Greg KH
` (208 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Trond Myklebust
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit 6eaa61496fb3b93cceface7a296415fc4c030bce upstream.
If the server sends us an NFS4ERR_STALE_CLIENTID while the state management
thread is busy reclaiming state, we do want to treat all state that wasn't
reclaimed before the STALE_CLIENTID as if a network partition occurred (see
the edge conditions described in RFC3530 and RFC5661).
What we do not want to do is to send an nfs4_reclaim_complete(), since we
haven't yet even started reclaiming state after the server rebooted.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/nfs/nfs4state.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1138,16 +1138,14 @@ static void nfs4_reclaim_complete(struct
(void)ops->reclaim_complete(clp);
}
-static void nfs4_state_end_reclaim_reboot(struct nfs_client *clp)
+static int nfs4_state_clear_reclaim_reboot(struct nfs_client *clp)
{
struct nfs4_state_owner *sp;
struct rb_node *pos;
struct nfs4_state *state;
if (!test_and_clear_bit(NFS4CLNT_RECLAIM_REBOOT, &clp->cl_state))
- return;
-
- nfs4_reclaim_complete(clp, clp->cl_mvops->reboot_recovery_ops);
+ return 0;
for (pos = rb_first(&clp->cl_state_owners); pos != NULL; pos = rb_next(pos)) {
sp = rb_entry(pos, struct nfs4_state_owner, so_client_node);
@@ -1161,6 +1159,14 @@ static void nfs4_state_end_reclaim_reboo
}
nfs_delegation_reap_unclaimed(clp);
+ return 1;
+}
+
+static void nfs4_state_end_reclaim_reboot(struct nfs_client *clp)
+{
+ if (!nfs4_state_clear_reclaim_reboot(clp))
+ return;
+ nfs4_reclaim_complete(clp, clp->cl_mvops->reboot_recovery_ops);
}
static void nfs_delegation_clear_all(struct nfs_client *clp)
@@ -1187,7 +1193,7 @@ static int nfs4_recovery_handle_error(st
case -NFS4ERR_STALE_CLIENTID:
case -NFS4ERR_LEASE_MOVED:
set_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state);
- nfs4_state_end_reclaim_reboot(clp);
+ nfs4_state_clear_reclaim_reboot(clp);
nfs4_state_start_reclaim_reboot(clp);
break;
case -NFS4ERR_EXPIRED:
^ permalink raw reply [flat|nested] 288+ messages in thread
* [078/289] NFSv4: Dont call nfs4_state_mark_reclaim_reboot() from error handlers
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (77 preceding siblings ...)
2010-12-08 0:57 ` [077/289] NFSv4: Dont call nfs4_reclaim_complete() on receiving NFS4ERR_STALE_CLIENTID Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [079/289] NFSv4: Fix open recovery Greg KH
` (207 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Trond Myklebust
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit ae1007d37e00144b72906a4bdc47d517ae91bcc1 upstream.
In the case of a server reboot, the state recovery thread starts by calling
nfs4_state_end_reclaim_reboot() in order to avoid edge conditions when
the server reboots while the client is in the middle of recovery.
However, if the client has already marked the nfs4_state as requiring
reboot recovery, then the above behaviour will cause the recovery thread to
treat the open as if it was part of such an edge condition: the open will
be recovered as if it was part of a lease expiration (and all the locks
will be lost).
Fix is to remove the call to nfs4_state_mark_reclaim_reboot from
nfs4_async_handle_error(), and nfs4_handle_exception(). Instead we leave it
to the recovery thread to do this for us.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/nfs/nfs4proc.c | 6 ------
1 file changed, 6 deletions(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -255,9 +255,6 @@ static int nfs4_handle_exception(const s
nfs4_state_mark_reclaim_nograce(clp, state);
goto do_state_recovery;
case -NFS4ERR_STALE_STATEID:
- if (state == NULL)
- break;
- nfs4_state_mark_reclaim_reboot(clp, state);
case -NFS4ERR_STALE_CLIENTID:
case -NFS4ERR_EXPIRED:
goto do_state_recovery;
@@ -3490,9 +3487,6 @@ nfs4_async_handle_error(struct rpc_task
nfs4_state_mark_reclaim_nograce(clp, state);
goto do_state_recovery;
case -NFS4ERR_STALE_STATEID:
- if (state == NULL)
- break;
- nfs4_state_mark_reclaim_reboot(clp, state);
case -NFS4ERR_STALE_CLIENTID:
case -NFS4ERR_EXPIRED:
goto do_state_recovery;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [079/289] NFSv4: Fix open recovery
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (78 preceding siblings ...)
2010-12-08 0:57 ` [078/289] NFSv4: Dont call nfs4_state_mark_reclaim_reboot() from error handlers Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [080/289] NFS: Dont SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation Greg KH
` (206 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Trond Myklebust
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit b0ed9dbc24f1fd912b2dd08b995153cafc1d5b1c upstream.
NFSv4 open recovery is currently broken: since we do not clear the
state->flags states before attempting recovery, we end up with the
'can_open_cached()' function triggering. This again leads to no OPEN call
being put on the wire.
Reported-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/nfs/nfs4proc.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -1117,6 +1117,7 @@ static int nfs4_open_recover(struct nfs4
clear_bit(NFS_DELEGATED_STATE, &state->flags);
smp_rmb();
if (state->n_rdwr != 0) {
+ clear_bit(NFS_O_RDWR_STATE, &state->flags);
ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE, &newstate);
if (ret != 0)
return ret;
@@ -1124,6 +1125,7 @@ static int nfs4_open_recover(struct nfs4
return -ESTALE;
}
if (state->n_wronly != 0) {
+ clear_bit(NFS_O_WRONLY_STATE, &state->flags);
ret = nfs4_open_recover_helper(opendata, FMODE_WRITE, &newstate);
if (ret != 0)
return ret;
@@ -1131,6 +1133,7 @@ static int nfs4_open_recover(struct nfs4
return -ESTALE;
}
if (state->n_rdonly != 0) {
+ clear_bit(NFS_O_RDONLY_STATE, &state->flags);
ret = nfs4_open_recover_helper(opendata, FMODE_READ, &newstate);
if (ret != 0)
return ret;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [080/289] NFS: Dont SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (79 preceding siblings ...)
2010-12-08 0:57 ` [079/289] NFSv4: Fix open recovery Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [081/289] drm/radeon/kms: MC vram map needs to be >= pci aperture size Greg KH
` (205 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Trond Myklebust
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit bc4866b6e0b44f8ea0df22a16e5927714beb4983 upstream.
In the case where we lock the page, and then find out that the page has
been thrown out of the page cache, we should just return VM_FAULT_NOPAGE.
This is what block_page_mkwrite() does in these situations.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/nfs/file.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -551,7 +551,7 @@ static int nfs_vm_page_mkwrite(struct vm
struct file *filp = vma->vm_file;
struct dentry *dentry = filp->f_path.dentry;
unsigned pagelen;
- int ret = -EINVAL;
+ int ret = VM_FAULT_NOPAGE;
struct address_space *mapping;
dfprintk(PAGECACHE, "NFS: vm_page_mkwrite(%s/%s(%ld), offset %lld)\n",
@@ -567,21 +567,20 @@ static int nfs_vm_page_mkwrite(struct vm
if (mapping != dentry->d_inode->i_mapping)
goto out_unlock;
- ret = 0;
pagelen = nfs_page_length(page);
if (pagelen == 0)
goto out_unlock;
- ret = nfs_flush_incompatible(filp, page);
- if (ret != 0)
- goto out_unlock;
+ ret = VM_FAULT_LOCKED;
+ if (nfs_flush_incompatible(filp, page) == 0 &&
+ nfs_updatepage(filp, page, 0, pagelen) == 0)
+ goto out;
- ret = nfs_updatepage(filp, page, 0, pagelen);
+ ret = VM_FAULT_SIGBUS;
out_unlock:
- if (!ret)
- return VM_FAULT_LOCKED;
unlock_page(page);
- return VM_FAULT_SIGBUS;
+out:
+ return ret;
}
static const struct vm_operations_struct nfs_file_vm_ops = {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [081/289] drm/radeon/kms: MC vram map needs to be >= pci aperture size
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (80 preceding siblings ...)
2010-12-08 0:57 ` [080/289] NFS: Dont SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [082/289] drm/radeon/kms: properly compute group_size on 6xx/7xx Greg KH
` (204 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit b7d8cce5b558e0c0aa6898c9865356481598b46d upstream.
The vram map in the radeon memory controller needs to be
>= the pci aperture size. Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=28402
The problematic cards in the above bug have 64 MB of vram,
but the pci aperture is 128 MB and the MC vram map was only
64 MB. This can lead to hangs.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/r100.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/radeon/r100.c
+++ b/drivers/gpu/drm/radeon/r100.c
@@ -2318,6 +2318,9 @@ void r100_vram_init_sizes(struct radeon_
/* Fix for RN50, M6, M7 with 8/16/32(??) MBs of VRAM -
* Novell bug 204882 + along with lots of ubuntu ones
*/
+ if (rdev->mc.aper_size > config_aper_size)
+ config_aper_size = rdev->mc.aper_size;
+
if (config_aper_size > rdev->mc.real_vram_size)
rdev->mc.mc_vram_size = config_aper_size;
else
^ permalink raw reply [flat|nested] 288+ messages in thread
* [082/289] drm/radeon/kms: properly compute group_size on 6xx/7xx
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (81 preceding siblings ...)
2010-12-08 0:57 ` [081/289] drm/radeon/kms: MC vram map needs to be >= pci aperture size Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [083/289] drm/i915: Update hotplug interrupts register definitions for Sandybridge Greg KH
` (203 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit 881fe6c1d06bf49f4ab7aef212cdaf66bd059614 upstream.
Needed for tiled surfaces.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/r600.c | 7 +++++--
drivers/gpu/drm/radeon/rv770.c | 9 +++++----
2 files changed, 10 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/radeon/r600.c
+++ b/drivers/gpu/drm/radeon/r600.c
@@ -1608,8 +1608,11 @@ void r600_gpu_init(struct radeon_device
rdev->config.r600.tiling_npipes = rdev->config.r600.max_tile_pipes;
rdev->config.r600.tiling_nbanks = 4 << ((ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT);
tiling_config |= BANK_TILING((ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT);
- tiling_config |= GROUP_SIZE(0);
- rdev->config.r600.tiling_group_size = 256;
+ tiling_config |= GROUP_SIZE((ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT);
+ if ((ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT)
+ rdev->config.r600.tiling_group_size = 512;
+ else
+ rdev->config.r600.tiling_group_size = 256;
tmp = (ramcfg & NOOFROWS_MASK) >> NOOFROWS_SHIFT;
if (tmp > 3) {
tiling_config |= ROW_TILING(3);
--- a/drivers/gpu/drm/radeon/rv770.c
+++ b/drivers/gpu/drm/radeon/rv770.c
@@ -643,10 +643,11 @@ static void rv770_gpu_init(struct radeon
else
gb_tiling_config |= BANK_TILING((mc_arb_ramcfg & NOOFBANK_MASK) >> NOOFBANK_SHIFT);
rdev->config.rv770.tiling_nbanks = 4 << ((gb_tiling_config >> 4) & 0x3);
-
- gb_tiling_config |= GROUP_SIZE(0);
- rdev->config.rv770.tiling_group_size = 256;
-
+ gb_tiling_config |= GROUP_SIZE((mc_arb_ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT);
+ if ((mc_arb_ramcfg & BURSTLENGTH_MASK) >> BURSTLENGTH_SHIFT)
+ rdev->config.rv770.tiling_group_size = 512;
+ else
+ rdev->config.rv770.tiling_group_size = 256;
if (((mc_arb_ramcfg & NOOFROWS_MASK) >> NOOFROWS_SHIFT) > 3) {
gb_tiling_config |= ROW_TILING(3);
gb_tiling_config |= SAMPLE_SPLIT(3);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [083/289] drm/i915: Update hotplug interrupts register definitions for Sandybridge
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (82 preceding siblings ...)
2010-12-08 0:57 ` [082/289] drm/radeon/kms: properly compute group_size on 6xx/7xx Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [084/289] drm/radeon/kms: make sure blit addr masks are 64 bit Greg KH
` (202 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Yuanhan Liu, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Yuanhan Liu <yuanhan.liu@intel.com>
commit 2d7b8366ae4a9ec2183c30e432a4a9a495c82bcd upstream.
On Sandybridge, the bit definition for hotplug on SDE has changed, so
update the code to new definition.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=30378
Signed-off-by: Yuanhan Liu <yuanhan.liu@intel.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/i915/i915_irq.c | 21 ++++++++++++++++-----
drivers/gpu/drm/i915/i915_reg.h | 4 ++++
2 files changed, 20 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -310,6 +310,7 @@ irqreturn_t ironlake_irq_handler(struct
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int ret = IRQ_NONE;
u32 de_iir, gt_iir, de_ier, pch_iir;
+ u32 hotplug_mask;
struct drm_i915_master_private *master_priv;
struct intel_ring_buffer *render_ring = &dev_priv->render_ring;
@@ -325,6 +326,11 @@ irqreturn_t ironlake_irq_handler(struct
if (de_iir == 0 && gt_iir == 0 && pch_iir == 0)
goto done;
+ if (HAS_PCH_CPT(dev))
+ hotplug_mask = SDE_HOTPLUG_MASK_CPT;
+ else
+ hotplug_mask = SDE_HOTPLUG_MASK;
+
ret = IRQ_HANDLED;
if (dev->primary->master) {
@@ -366,10 +372,8 @@ irqreturn_t ironlake_irq_handler(struct
drm_handle_vblank(dev, 1);
/* check event from PCH */
- if ((de_iir & DE_PCH_EVENT) &&
- (pch_iir & SDE_HOTPLUG_MASK)) {
+ if ((de_iir & DE_PCH_EVENT) && (pch_iir & hotplug_mask))
queue_work(dev_priv->wq, &dev_priv->hotplug_work);
- }
if (de_iir & DE_PCU_EVENT) {
I915_WRITE16(MEMINTRSTS, I915_READ(MEMINTRSTS));
@@ -1424,8 +1428,7 @@ static int ironlake_irq_postinstall(stru
u32 display_mask = DE_MASTER_IRQ_CONTROL | DE_GSE | DE_PCH_EVENT |
DE_PLANEA_FLIP_DONE | DE_PLANEB_FLIP_DONE;
u32 render_mask = GT_PIPE_NOTIFY | GT_BSD_USER_INTERRUPT;
- u32 hotplug_mask = SDE_CRT_HOTPLUG | SDE_PORTB_HOTPLUG |
- SDE_PORTC_HOTPLUG | SDE_PORTD_HOTPLUG;
+ u32 hotplug_mask;
dev_priv->irq_mask_reg = ~display_mask;
dev_priv->de_irq_enable_reg = display_mask | DE_PIPEA_VBLANK | DE_PIPEB_VBLANK;
@@ -1450,6 +1453,14 @@ static int ironlake_irq_postinstall(stru
I915_WRITE(GTIER, dev_priv->gt_irq_enable_reg);
(void) I915_READ(GTIER);
+ if (HAS_PCH_CPT(dev)) {
+ hotplug_mask = SDE_CRT_HOTPLUG_CPT | SDE_PORTB_HOTPLUG_CPT |
+ SDE_PORTC_HOTPLUG_CPT | SDE_PORTD_HOTPLUG_CPT ;
+ } else {
+ hotplug_mask = SDE_CRT_HOTPLUG | SDE_PORTB_HOTPLUG |
+ SDE_PORTC_HOTPLUG | SDE_PORTD_HOTPLUG;
+ }
+
dev_priv->pch_irq_mask_reg = ~hotplug_mask;
dev_priv->pch_irq_enable_reg = hotplug_mask;
--- a/drivers/gpu/drm/i915/i915_reg.h
+++ b/drivers/gpu/drm/i915/i915_reg.h
@@ -2551,6 +2551,10 @@
#define SDE_PORTD_HOTPLUG_CPT (1 << 23)
#define SDE_PORTC_HOTPLUG_CPT (1 << 22)
#define SDE_PORTB_HOTPLUG_CPT (1 << 21)
+#define SDE_HOTPLUG_MASK_CPT (SDE_CRT_HOTPLUG_CPT | \
+ SDE_PORTD_HOTPLUG_CPT | \
+ SDE_PORTC_HOTPLUG_CPT | \
+ SDE_PORTB_HOTPLUG_CPT)
#define SDEISR 0xc4000
#define SDEIMR 0xc4004
^ permalink raw reply [flat|nested] 288+ messages in thread
* [084/289] drm/radeon/kms: make sure blit addr masks are 64 bit
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (83 preceding siblings ...)
2010-12-08 0:57 ` [083/289] drm/i915: Update hotplug interrupts register definitions for Sandybridge Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [085/289] drm/radeon/kms: fix handling of tex lookup disable in cs checker on r2xx Greg KH
` (201 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit 2126d0a4a205e2d6b763434f892524cd60f74228 upstream.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/r600_blit_kms.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/radeon/r600_blit_kms.c
+++ b/drivers/gpu/drm/radeon/r600_blit_kms.c
@@ -650,8 +650,8 @@ void r600_kms_blit_copy(struct radeon_de
int src_x = src_gpu_addr & 255;
int dst_x = dst_gpu_addr & 255;
int h = 1;
- src_gpu_addr = src_gpu_addr & ~255;
- dst_gpu_addr = dst_gpu_addr & ~255;
+ src_gpu_addr = src_gpu_addr & ~255ULL;
+ dst_gpu_addr = dst_gpu_addr & ~255ULL;
if (!src_x && !dst_x) {
h = (cur_size / max_bytes);
@@ -744,8 +744,8 @@ void r600_kms_blit_copy(struct radeon_de
int src_x = (src_gpu_addr & 255);
int dst_x = (dst_gpu_addr & 255);
int h = 1;
- src_gpu_addr = src_gpu_addr & ~255;
- dst_gpu_addr = dst_gpu_addr & ~255;
+ src_gpu_addr = src_gpu_addr & ~255ULL;
+ dst_gpu_addr = dst_gpu_addr & ~255ULL;
if (!src_x && !dst_x) {
h = (cur_size / max_bytes);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [085/289] drm/radeon/kms: fix handling of tex lookup disable in cs checker on r2xx
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (84 preceding siblings ...)
2010-12-08 0:57 ` [084/289] drm/radeon/kms: make sure blit addr masks are 64 bit Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [086/289] drm/i915/crt: Make sure the hotplug interrupt is enabled Greg KH
` (200 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit 43b93fbffc2c080dba2e84df6fce8d7e6c0a2581 upstream.
There are cases when multiple texture units have to be enabled,
but not actually used to sample. This patch checks to see if
the lookup_disable bit is set and if so, skips the texture check.
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=25544
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/r100.c | 3 +++
drivers/gpu/drm/radeon/r100_track.h | 1 +
drivers/gpu/drm/radeon/r200.c | 2 ++
drivers/gpu/drm/radeon/radeon_reg.h | 1 +
4 files changed, 7 insertions(+)
--- a/drivers/gpu/drm/radeon/r100.c
+++ b/drivers/gpu/drm/radeon/r100.c
@@ -3228,6 +3228,8 @@ static int r100_cs_track_texture_check(s
for (u = 0; u < track->num_texture; u++) {
if (!track->textures[u].enabled)
continue;
+ if (track->textures[u].lookup_disable)
+ continue;
robj = track->textures[u].robj;
if (robj == NULL) {
DRM_ERROR("No texture bound to unit %u\n", u);
@@ -3462,6 +3464,7 @@ void r100_cs_track_clear(struct radeon_d
track->textures[i].robj = NULL;
/* CS IB emission code makes sure texture unit are disabled */
track->textures[i].enabled = false;
+ track->textures[i].lookup_disable = false;
track->textures[i].roundup_w = true;
track->textures[i].roundup_h = true;
if (track->separate_cube)
--- a/drivers/gpu/drm/radeon/r100_track.h
+++ b/drivers/gpu/drm/radeon/r100_track.h
@@ -46,6 +46,7 @@ struct r100_cs_track_texture {
unsigned height_11;
bool use_pitch;
bool enabled;
+ bool lookup_disable;
bool roundup_w;
bool roundup_h;
unsigned compress_format;
--- a/drivers/gpu/drm/radeon/r200.c
+++ b/drivers/gpu/drm/radeon/r200.c
@@ -447,6 +447,8 @@ int r200_packet0_check(struct radeon_cs_
track->textures[i].width = 1 << ((idx_value >> RADEON_TXFORMAT_WIDTH_SHIFT) & RADEON_TXFORMAT_WIDTH_MASK);
track->textures[i].height = 1 << ((idx_value >> RADEON_TXFORMAT_HEIGHT_SHIFT) & RADEON_TXFORMAT_HEIGHT_MASK);
}
+ if (idx_value & R200_TXFORMAT_LOOKUP_DISABLE)
+ track->textures[i].lookup_disable = true;
switch ((idx_value & RADEON_TXFORMAT_FORMAT_MASK)) {
case R200_TXFORMAT_I8:
case R200_TXFORMAT_RGB332:
--- a/drivers/gpu/drm/radeon/radeon_reg.h
+++ b/drivers/gpu/drm/radeon/radeon_reg.h
@@ -2836,6 +2836,7 @@
# define R200_TXFORMAT_ST_ROUTE_STQ5 (5 << 24)
# define R200_TXFORMAT_ST_ROUTE_MASK (7 << 24)
# define R200_TXFORMAT_ST_ROUTE_SHIFT 24
+# define R200_TXFORMAT_LOOKUP_DISABLE (1 << 27)
# define R200_TXFORMAT_ALPHA_MASK_ENABLE (1 << 28)
# define R200_TXFORMAT_CHROMA_KEY_ENABLE (1 << 29)
# define R200_TXFORMAT_CUBIC_MAP_ENABLE (1 << 30)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [086/289] drm/i915/crt: Make sure the hotplug interrupt is enabled
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (85 preceding siblings ...)
2010-12-08 0:57 ` [085/289] drm/radeon/kms: fix handling of tex lookup disable in cs checker on r2xx Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [087/289] drm/i915: Free hardware status page on unload when physically mapped Greg KH
` (199 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Yuanhan Liu, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Yuanhan Liu <yuanhan.liu@intel.com>
commit 1510a97182b4ddb5fe3c4e8d05240f7cd6fd13e7 upstream.
After disabling the hotplug interrupts for VGA detection on Ironlake, be
sure to re-enable them again afterwards.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=30378
Signed-off-by: Yuanhan Liu <yuanhan.liu@intel.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/i915/intel_crt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/i915/intel_crt.c
+++ b/drivers/gpu/drm/i915/intel_crt.c
@@ -191,7 +191,8 @@ static bool intel_ironlake_crt_detect_ho
DRM_DEBUG_KMS("timed out waiting for FORCE_TRIGGER");
if (turn_off_dac) {
- I915_WRITE(PCH_ADPA, temp);
+ /* Make sure hotplug is enabled */
+ I915_WRITE(PCH_ADPA, temp | ADPA_CRT_HOTPLUG_ENABLE);
(void)I915_READ(PCH_ADPA);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [087/289] drm/i915: Free hardware status page on unload when physically mapped
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (86 preceding siblings ...)
2010-12-08 0:57 ` [086/289] drm/i915/crt: Make sure the hotplug interrupt is enabled Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [088/289] drm/i915: diasable clock gating for the panel power sequencer Greg KH
` (198 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Keith Packard, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Keith Packard <keithp@keithp.com>
commit c2873e9633fe908dccd36dbb1d370e9c59a1ca62 upstream.
A physically mapped hardware status page is allocated at driver load
time but was never freed. Call the existing code to free this page at
driver unload time on hardware which uses this kind.
Signed-off-by: Keith Packard <keithp@keithp.com>
[ickle: call before tearing down registers on KMS-only path, as pointed
out by Dave Airlie]
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/i915/i915_dma.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
@@ -2306,6 +2306,9 @@ int i915_driver_unload(struct drm_device
i915_gem_lastclose(dev);
intel_cleanup_overlay(dev);
+
+ if (!I915_NEED_GFX_HWS(dev))
+ i915_free_hws(dev);
}
intel_teardown_mchbar(dev);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [088/289] drm/i915: diasable clock gating for the panel power sequencer
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (87 preceding siblings ...)
2010-12-08 0:57 ` [087/289] drm/i915: Free hardware status page on unload when physically mapped Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [089/289] drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing Greg KH
` (197 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jesse Barnes, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jesse Barnes <jbarnes@virtuousgeek.org>
commit 382b09362711d7d03272230a33767015a277926e upstream.
Needed on Ibex Peak and Cougar Point or the panel won't always come on.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/i915/i915_reg.h | 3 +++
drivers/gpu/drm/i915/intel_display.c | 7 +++++++
2 files changed, 10 insertions(+)
--- a/drivers/gpu/drm/i915/i915_reg.h
+++ b/drivers/gpu/drm/i915/i915_reg.h
@@ -2726,6 +2726,9 @@
#define FDI_RXB_CHICKEN 0xc2010
#define FDI_RX_PHASE_SYNC_POINTER_ENABLE (1)
+#define SOUTH_DSPCLK_GATE_D 0xc2020
+#define PCH_DPLSUNIT_CLOCK_GATE_DISABLE (1<<29)
+
/* CPU: FDI_TX */
#define FDI_TXA_CTL 0x60100
#define FDI_TXB_CTL 0x61100
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -5674,6 +5674,13 @@ void intel_init_clock_gating(struct drm_
I915_WRITE(PCH_DSPCLK_GATE_D, dspclk_gate);
/*
+ * On Ibex Peak and Cougar Point, we need to disable clock
+ * gating for the panel power sequencer or it will fail to
+ * start up when no ports are active.
+ */
+ I915_WRITE(SOUTH_DSPCLK_GATE_D, PCH_DPLSUNIT_CLOCK_GATE_DISABLE);
+
+ /*
* According to the spec the following bits should be set in
* order to enable memory self-refresh
* The bit 22/21 of 0x42004
^ permalink raw reply [flat|nested] 288+ messages in thread
* [089/289] drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (88 preceding siblings ...)
2010-12-08 0:57 ` [088/289] drm/i915: diasable clock gating for the panel power sequencer Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [090/289] pcnet_cs: add new_id Greg KH
` (196 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit 0ddc1289f3ffd779779ddd3922f26ae7d0a21604 upstream.
Just makes sure that writes are not being aliased by the CPU cache and
do make it out to main memory.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=24977
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/i915/intel_overlay.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/gpu/drm/i915/intel_overlay.c
+++ b/drivers/gpu/drm/i915/intel_overlay.c
@@ -1367,6 +1367,12 @@ void intel_setup_overlay(struct drm_devi
goto out_free_bo;
}
overlay->flip_addr = overlay->reg_bo->gtt_offset;
+
+ ret = i915_gem_object_set_to_gtt_domain(reg_bo, true);
+ if (ret) {
+ DRM_ERROR("failed to move overlay register bo into the GTT\n");
+ goto out_unpin_bo;
+ }
} else {
ret = i915_gem_attach_phys_object(dev, reg_bo,
I915_GEM_PHYS_OVERLAY_REGS,
@@ -1399,6 +1405,8 @@ void intel_setup_overlay(struct drm_devi
DRM_INFO("initialized overlay support\n");
return;
+out_unpin_bo:
+ i915_gem_object_unpin(reg_bo);
out_free_bo:
drm_gem_object_unreference(reg_bo);
out_free:
^ permalink raw reply [flat|nested] 288+ messages in thread
* [090/289] pcnet_cs: add new_id
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (89 preceding siblings ...)
2010-12-08 0:57 ` [089/289] drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [091/289] SH: Add missing consts to sys_execve() declaration Greg KH
` (195 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ken Kawasaki, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ken Kawasaki <ken_kawasaki@spring.nifty.jp>
commit 62391f97babb7fe0c769830b6f0e0bd184bd0704 upstream.
pcnet_cs:
add new_id: "corega Ether CF-TD" 10Base-T PCMCIA card.
Signed-off-by: Ken Kawasaki <ken_kawasaki@spring.nifty.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/pcmcia/pcnet_cs.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/pcmcia/pcnet_cs.c
+++ b/drivers/net/pcmcia/pcnet_cs.c
@@ -1622,6 +1622,7 @@ static struct pcmcia_device_id pcnet_ids
PCMCIA_DEVICE_PROD_ID12("COMPU-SHACK", "FASTline PCMCIA 10/100 Fast-Ethernet", 0xfa2e424d, 0x3953d9b9),
PCMCIA_DEVICE_PROD_ID12("CONTEC", "C-NET(PC)C-10L", 0x21cab552, 0xf6f90722),
PCMCIA_DEVICE_PROD_ID12("corega", "FEther PCC-TXF", 0x0a21501a, 0xa51564a2),
+ PCMCIA_DEVICE_PROD_ID12("corega", "Ether CF-TD", 0x0a21501a, 0x6589340a),
PCMCIA_DEVICE_PROD_ID12("corega K.K.", "corega EtherII PCC-T", 0x5261440f, 0xfa9d85bd),
PCMCIA_DEVICE_PROD_ID12("corega K.K.", "corega EtherII PCC-TD", 0x5261440f, 0xc49bd73d),
PCMCIA_DEVICE_PROD_ID12("Corega K.K.", "corega EtherII PCC-TD", 0xd4fdcbd8, 0xc49bd73d),
^ permalink raw reply [flat|nested] 288+ messages in thread
* [091/289] SH: Add missing consts to sys_execve() declaration
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (90 preceding siblings ...)
2010-12-08 0:57 ` [090/289] pcnet_cs: add new_id Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [092/289] reiserfs: fix inode mutex - reiserfs lock misordering Greg KH
` (194 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, David Howells, Nobuhiro Iwamatsu
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: David Howells <dhowells@redhat.com>
commit d8b5fc01683c66060edc202d6bb5635365822181 upstream.
Add missing consts to the sys_execve() declaration which result in the
following error:
arch/sh/kernel/process_32.c:303: error: conflicting types for 'sys_execve'
/warthog/nfs/linux-2.6-fscache/arch/sh/include/asm/syscalls_32.h:24: error: previous declaration of 'sys_execve' was here
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/sh/include/asm/syscalls_32.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/arch/sh/include/asm/syscalls_32.h
+++ b/arch/sh/include/asm/syscalls_32.h
@@ -19,9 +19,10 @@ asmlinkage int sys_clone(unsigned long c
asmlinkage int sys_vfork(unsigned long r4, unsigned long r5,
unsigned long r6, unsigned long r7,
struct pt_regs __regs);
-asmlinkage int sys_execve(const char __user *ufilename, char __user * __user *uargv,
- char __user * __user *uenvp, unsigned long r7,
- struct pt_regs __regs);
+asmlinkage int sys_execve(const char __user *ufilename,
+ const char __user *const __user *uargv,
+ const char __user *const __user *uenvp,
+ unsigned long r7, struct pt_regs __regs);
asmlinkage int sys_sigsuspend(old_sigset_t mask, unsigned long r5,
unsigned long r6, unsigned long r7,
struct pt_regs __regs);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [092/289] reiserfs: fix inode mutex - reiserfs lock misordering
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (91 preceding siblings ...)
2010-12-08 0:57 ` [091/289] SH: Add missing consts to sys_execve() declaration Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [093/289] reiserfs: dont acquire lock recursively in reiserfs_acl_chmod Greg KH
` (193 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Frederic Weisbecker, Jeff Mahoney
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Frederic Weisbecker <fweisbec@gmail.com>
commit da905873effecd1c0166e578bc4b5006f041b18b upstream.
reiserfs_unpack() locks the inode mutex with reiserfs_mutex_lock_safe()
to protect against reiserfs lock dependency. However this protection
requires to have the reiserfs lock to be locked.
This is the case if reiserfs_unpack() is called by reiserfs_ioctl but
not from reiserfs_quota_on() when it tries to unpack tails of quota
files.
Fix the ordering of the two locks in reiserfs_unpack() to fix this
issue.
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Reported-by: Markus Gapp <markus.gapp@gmx.net>
Reported-by: Jan Kara <jack@suse.cz>
Cc: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/reiserfs/ioctl.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/fs/reiserfs/ioctl.c
+++ b/fs/reiserfs/ioctl.c
@@ -186,12 +186,11 @@ int reiserfs_unpack(struct inode *inode,
return 0;
}
- /* we need to make sure nobody is changing the file size beneath
- ** us
- */
- reiserfs_mutex_lock_safe(&inode->i_mutex, inode->i_sb);
depth = reiserfs_write_lock_once(inode->i_sb);
+ /* we need to make sure nobody is changing the file size beneath us */
+ reiserfs_mutex_lock_safe(&inode->i_mutex, inode->i_sb);
+
write_from = inode->i_size & (blocksize - 1);
/* if we are on a block boundary, we are already unpacked. */
if (write_from == 0) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [093/289] reiserfs: dont acquire lock recursively in reiserfs_acl_chmod
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (92 preceding siblings ...)
2010-12-08 0:57 ` [092/289] reiserfs: fix inode mutex - reiserfs lock misordering Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [094/289] staging: rt2870: Add new USB ID for Belkin F6D4050 v1 Greg KH
` (192 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Frederic Weisbecker, Jeff Mahoney
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Frederic Weisbecker <fweisbec@gmail.com>
commit 238af8751f64a75f8b638193353b1c31ea32e738 upstream.
reiserfs_acl_chmod() can be called by reiserfs_set_attr() and then take
the reiserfs lock a second time. Thereafter it may call journal_begin()
that definitely requires the lock not to be nested in order to release
it before taking the journal mutex because the reiserfs lock depends on
the journal mutex already.
So, aviod nesting the lock in reiserfs_acl_chmod().
Reported-by: Pawel Zawora <pzawora@gmail.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Tested-by: Pawel Zawora <pzawora@gmail.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/reiserfs/xattr_acl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -472,7 +472,9 @@ int reiserfs_acl_chmod(struct inode *ino
struct reiserfs_transaction_handle th;
size_t size = reiserfs_xattr_nblocks(inode,
reiserfs_acl_size(clone->a_count));
- reiserfs_write_lock(inode->i_sb);
+ int depth;
+
+ depth = reiserfs_write_lock_once(inode->i_sb);
error = journal_begin(&th, inode->i_sb, size * 2);
if (!error) {
int error2;
@@ -482,7 +484,7 @@ int reiserfs_acl_chmod(struct inode *ino
if (error2)
error = error2;
}
- reiserfs_write_unlock(inode->i_sb);
+ reiserfs_write_unlock_once(inode->i_sb, depth);
}
posix_acl_release(clone);
return error;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [094/289] staging: rt2870: Add new USB ID for Belkin F6D4050 v1
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (93 preceding siblings ...)
2010-12-08 0:57 ` [093/289] reiserfs: dont acquire lock recursively in reiserfs_acl_chmod Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [095/289] Staging: asus_oled: fix up some sysfs attribute permissions Greg KH
` (191 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Larry Finger
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Larry Finger <Larry.Finger@lwfinger.net>
commit 705059a670f3af2b37695e82de0ee58e75e656ed upstream.
Add new USB ID for FT2870 for Belkin F6D4050 v1
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported- and Tested-by: James Long <crogonint@yahoo.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/rt2860/usb_main_dev.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/staging/rt2860/usb_main_dev.c
+++ b/drivers/staging/rt2860/usb_main_dev.c
@@ -65,6 +65,7 @@ struct usb_device_id rtusb_usb_id[] = {
{USB_DEVICE(0x14B2, 0x3C07)}, /* AL */
{USB_DEVICE(0x050D, 0x8053)}, /* Belkin */
{USB_DEVICE(0x050D, 0x825B)}, /* Belkin */
+ {USB_DEVICE(0x050D, 0x935A)}, /* Belkin F6D4050 v1 */
{USB_DEVICE(0x050D, 0x935B)}, /* Belkin F6D4050 v2 */
{USB_DEVICE(0x14B2, 0x3C23)}, /* Airlink */
{USB_DEVICE(0x14B2, 0x3C27)}, /* Airlink */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [095/289] Staging: asus_oled: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (94 preceding siblings ...)
2010-12-08 0:57 ` [094/289] staging: rt2870: Add new USB ID for Belkin F6D4050 v1 Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [096/289] Staging: asus_oled: fix up my fixup for " Greg KH
` (190 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jakub Schmidtke
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 590b0b9754bd8928926bae7194b6da7ead9bda3b upstream.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jakub Schmidtke <sjakub@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/asus_oled/asus_oled.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/staging/asus_oled/asus_oled.c
+++ b/drivers/staging/asus_oled/asus_oled.c
@@ -620,13 +620,13 @@ static ssize_t class_set_picture(struct
#define ASUS_OLED_DEVICE_ATTR(_file) dev_attr_asus_oled_##_file
-static DEVICE_ATTR(asus_oled_enabled, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(asus_oled_enabled, S_IRUSR | S_IRUGO,
get_enabled, set_enabled);
-static DEVICE_ATTR(asus_oled_picture, S_IWUGO , NULL, set_picture);
+static DEVICE_ATTR(asus_oled_picture, S_IRUSR , NULL, set_picture);
-static DEVICE_ATTR(enabled, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(enabled, S_IRUSR | S_IRUGO,
class_get_enabled, class_set_enabled);
-static DEVICE_ATTR(picture, S_IWUGO, NULL, class_set_picture);
+static DEVICE_ATTR(picture, S_IRUSR, NULL, class_set_picture);
static int asus_oled_probe(struct usb_interface *interface,
const struct usb_device_id *id)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [096/289] Staging: asus_oled: fix up my fixup for some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (95 preceding siblings ...)
2010-12-08 0:57 ` [095/289] Staging: asus_oled: fix up some sysfs attribute permissions Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [097/289] ALSA: hda: Use hp-laptop quirk to enable headphones automute for Asus A52J Greg KH
` (189 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jakub Schmidtke
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 515b4987ccd097cdf5416530b05fdf9e01afe95a upstream.
They should be writable by root, not readable.
Doh, stupid me with the wrong flags.
Reported-by: Jonathan Cameron <jic23@cam.ac.uk>
Cc: Jakub Schmidtke <sjakub@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/asus_oled/asus_oled.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/staging/asus_oled/asus_oled.c
+++ b/drivers/staging/asus_oled/asus_oled.c
@@ -620,13 +620,13 @@ static ssize_t class_set_picture(struct
#define ASUS_OLED_DEVICE_ATTR(_file) dev_attr_asus_oled_##_file
-static DEVICE_ATTR(asus_oled_enabled, S_IRUSR | S_IRUGO,
+static DEVICE_ATTR(asus_oled_enabled, S_IWUSR | S_IRUGO,
get_enabled, set_enabled);
-static DEVICE_ATTR(asus_oled_picture, S_IRUSR , NULL, set_picture);
+static DEVICE_ATTR(asus_oled_picture, S_IWUSR , NULL, set_picture);
-static DEVICE_ATTR(enabled, S_IRUSR | S_IRUGO,
+static DEVICE_ATTR(enabled, S_IWUSR | S_IRUGO,
class_get_enabled, class_set_enabled);
-static DEVICE_ATTR(picture, S_IRUSR, NULL, class_set_picture);
+static DEVICE_ATTR(picture, S_IWUSR, NULL, class_set_picture);
static int asus_oled_probe(struct usb_interface *interface,
const struct usb_device_id *id)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [097/289] ALSA: hda: Use hp-laptop quirk to enable headphones automute for Asus A52J
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (96 preceding siblings ...)
2010-12-08 0:57 ` [096/289] Staging: asus_oled: fix up my fixup for " Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [098/289] Staging: line6: fix up some sysfs attribute permissions Greg KH
` (188 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daniel T Chen, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel T Chen <crimsun@ubuntu.com>
commit 673f7a8984c3a9e2cb1108ce221da1ebbd9e5d09 upstream.
BugLink: https://launchpad.net/bugs/677652
The original reporter states that, in 2.6.35, headphones do not appear
to work, nor does inserting them mute the A52J's onboard speakers. Upon
inspecting the codec dump, it appears that the newly committed hp-laptop
quirk will suffice to enable this basic functionality. Testing was done
with an alsa-driver build from 2010-11-21.
Reported-and-tested-by: Joan Creus
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_conexant.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -3092,6 +3092,7 @@ static struct snd_pci_quirk cxt5066_cfg_
SND_PCI_QUIRK(0x1028, 0x0402, "Dell Vostro", CXT5066_DELL_VOSTO),
SND_PCI_QUIRK(0x1028, 0x0408, "Dell Inspiron One 19T", CXT5066_IDEAPAD),
SND_PCI_QUIRK(0x103c, 0x360b, "HP G60", CXT5066_HP_LAPTOP),
+ SND_PCI_QUIRK(0x1043, 0x13f3, "Asus A52J", CXT5066_HP_LAPTOP),
SND_PCI_QUIRK(0x1179, 0xff1e, "Toshiba Satellite C650D", CXT5066_IDEAPAD),
SND_PCI_QUIRK(0x1179, 0xff50, "Toshiba Satellite P500-PSPGSC-01800T", CXT5066_OLPC_XO_1_5),
SND_PCI_QUIRK(0x1179, 0xffe0, "Toshiba Satellite Pro T130-15F", CXT5066_OLPC_XO_1_5),
^ permalink raw reply [flat|nested] 288+ messages in thread
* [098/289] Staging: line6: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (97 preceding siblings ...)
2010-12-08 0:57 ` [097/289] ALSA: hda: Use hp-laptop quirk to enable headphones automute for Asus A52J Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [099/289] kfifo: disable __kfifo_must_check_helper() Greg KH
` (187 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Markus Grabner, Mariusz Kozlowski
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 2018845b6a169f75341f8e68ad1089cb6697cf24 and
2018845b6a169f75341f8e68ad1089cb6697cf24 upstream merged together as it
had to be backported by hand.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Markus Grabner <grabner@icg.tugraz.at>
Cc: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/line6/control.c | 204 +++++++++++++++++++--------------------
drivers/staging/line6/midi.c | 4
drivers/staging/line6/pod.c | 32 +++---
drivers/staging/line6/toneport.c | 4
drivers/staging/line6/variax.c | 12 +-
5 files changed, 128 insertions(+), 128 deletions(-)
--- a/drivers/staging/line6/control.c
+++ b/drivers/staging/line6/control.c
@@ -268,210 +268,210 @@ VARIAX_PARAM_R(float, mix2);
VARIAX_PARAM_R(float, mix1);
VARIAX_PARAM_R(int, pickup_wiring);
-static DEVICE_ATTR(tweak, S_IWUGO | S_IRUGO, pod_get_tweak, pod_set_tweak);
-static DEVICE_ATTR(wah_position, S_IWUGO | S_IRUGO, pod_get_wah_position,
+static DEVICE_ATTR(tweak, S_IWUSR | S_IRUGO, pod_get_tweak, pod_set_tweak);
+static DEVICE_ATTR(wah_position, S_IWUSR | S_IRUGO, pod_get_wah_position,
pod_set_wah_position);
-static DEVICE_ATTR(compression_gain, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(compression_gain, S_IWUSR | S_IRUGO,
pod_get_compression_gain, pod_set_compression_gain);
-static DEVICE_ATTR(vol_pedal_position, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(vol_pedal_position, S_IWUSR | S_IRUGO,
pod_get_vol_pedal_position, pod_set_vol_pedal_position);
-static DEVICE_ATTR(compression_threshold, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(compression_threshold, S_IWUSR | S_IRUGO,
pod_get_compression_threshold,
pod_set_compression_threshold);
-static DEVICE_ATTR(pan, S_IWUGO | S_IRUGO, pod_get_pan, pod_set_pan);
-static DEVICE_ATTR(amp_model_setup, S_IWUGO | S_IRUGO, pod_get_amp_model_setup,
+static DEVICE_ATTR(pan, S_IWUSR | S_IRUGO, pod_get_pan, pod_set_pan);
+static DEVICE_ATTR(amp_model_setup, S_IWUSR | S_IRUGO, pod_get_amp_model_setup,
pod_set_amp_model_setup);
-static DEVICE_ATTR(amp_model, S_IWUGO | S_IRUGO, pod_get_amp_model,
+static DEVICE_ATTR(amp_model, S_IWUSR | S_IRUGO, pod_get_amp_model,
pod_set_amp_model);
-static DEVICE_ATTR(drive, S_IWUGO | S_IRUGO, pod_get_drive, pod_set_drive);
-static DEVICE_ATTR(bass, S_IWUGO | S_IRUGO, pod_get_bass, pod_set_bass);
-static DEVICE_ATTR(mid, S_IWUGO | S_IRUGO, pod_get_mid, pod_set_mid);
-static DEVICE_ATTR(lowmid, S_IWUGO | S_IRUGO, pod_get_lowmid, pod_set_lowmid);
-static DEVICE_ATTR(treble, S_IWUGO | S_IRUGO, pod_get_treble, pod_set_treble);
-static DEVICE_ATTR(highmid, S_IWUGO | S_IRUGO, pod_get_highmid,
+static DEVICE_ATTR(drive, S_IWUSR | S_IRUGO, pod_get_drive, pod_set_drive);
+static DEVICE_ATTR(bass, S_IWUSR | S_IRUGO, pod_get_bass, pod_set_bass);
+static DEVICE_ATTR(mid, S_IWUSR | S_IRUGO, pod_get_mid, pod_set_mid);
+static DEVICE_ATTR(lowmid, S_IWUSR | S_IRUGO, pod_get_lowmid, pod_set_lowmid);
+static DEVICE_ATTR(treble, S_IWUSR | S_IRUGO, pod_get_treble, pod_set_treble);
+static DEVICE_ATTR(highmid, S_IWUSR | S_IRUGO, pod_get_highmid,
pod_set_highmid);
-static DEVICE_ATTR(chan_vol, S_IWUGO | S_IRUGO, pod_get_chan_vol,
+static DEVICE_ATTR(chan_vol, S_IWUSR | S_IRUGO, pod_get_chan_vol,
pod_set_chan_vol);
-static DEVICE_ATTR(reverb_mix, S_IWUGO | S_IRUGO, pod_get_reverb_mix,
+static DEVICE_ATTR(reverb_mix, S_IWUSR | S_IRUGO, pod_get_reverb_mix,
pod_set_reverb_mix);
-static DEVICE_ATTR(effect_setup, S_IWUGO | S_IRUGO, pod_get_effect_setup,
+static DEVICE_ATTR(effect_setup, S_IWUSR | S_IRUGO, pod_get_effect_setup,
pod_set_effect_setup);
-static DEVICE_ATTR(band_1_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(band_1_frequency, S_IWUSR | S_IRUGO,
pod_get_band_1_frequency, pod_set_band_1_frequency);
-static DEVICE_ATTR(presence, S_IWUGO | S_IRUGO, pod_get_presence,
+static DEVICE_ATTR(presence, S_IWUSR | S_IRUGO, pod_get_presence,
pod_set_presence);
-static DEVICE_ATTR2(treble__bass, treble, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(treble__bass, treble, S_IWUSR | S_IRUGO,
pod_get_treble__bass, pod_set_treble__bass);
-static DEVICE_ATTR(noise_gate_enable, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(noise_gate_enable, S_IWUSR | S_IRUGO,
pod_get_noise_gate_enable, pod_set_noise_gate_enable);
-static DEVICE_ATTR(gate_threshold, S_IWUGO | S_IRUGO, pod_get_gate_threshold,
+static DEVICE_ATTR(gate_threshold, S_IWUSR | S_IRUGO, pod_get_gate_threshold,
pod_set_gate_threshold);
-static DEVICE_ATTR(gate_decay_time, S_IWUGO | S_IRUGO, pod_get_gate_decay_time,
+static DEVICE_ATTR(gate_decay_time, S_IWUSR | S_IRUGO, pod_get_gate_decay_time,
pod_set_gate_decay_time);
-static DEVICE_ATTR(stomp_enable, S_IWUGO | S_IRUGO, pod_get_stomp_enable,
+static DEVICE_ATTR(stomp_enable, S_IWUSR | S_IRUGO, pod_get_stomp_enable,
pod_set_stomp_enable);
-static DEVICE_ATTR(comp_enable, S_IWUGO | S_IRUGO, pod_get_comp_enable,
+static DEVICE_ATTR(comp_enable, S_IWUSR | S_IRUGO, pod_get_comp_enable,
pod_set_comp_enable);
-static DEVICE_ATTR(stomp_time, S_IWUGO | S_IRUGO, pod_get_stomp_time,
+static DEVICE_ATTR(stomp_time, S_IWUSR | S_IRUGO, pod_get_stomp_time,
pod_set_stomp_time);
-static DEVICE_ATTR(delay_enable, S_IWUGO | S_IRUGO, pod_get_delay_enable,
+static DEVICE_ATTR(delay_enable, S_IWUSR | S_IRUGO, pod_get_delay_enable,
pod_set_delay_enable);
-static DEVICE_ATTR(mod_param_1, S_IWUGO | S_IRUGO, pod_get_mod_param_1,
+static DEVICE_ATTR(mod_param_1, S_IWUSR | S_IRUGO, pod_get_mod_param_1,
pod_set_mod_param_1);
-static DEVICE_ATTR(delay_param_1, S_IWUGO | S_IRUGO, pod_get_delay_param_1,
+static DEVICE_ATTR(delay_param_1, S_IWUSR | S_IRUGO, pod_get_delay_param_1,
pod_set_delay_param_1);
-static DEVICE_ATTR(delay_param_1_note_value, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(delay_param_1_note_value, S_IWUSR | S_IRUGO,
pod_get_delay_param_1_note_value,
pod_set_delay_param_1_note_value);
-static DEVICE_ATTR2(band_2_frequency__bass, band_2_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_2_frequency__bass, band_2_frequency, S_IWUSR | S_IRUGO,
pod_get_band_2_frequency__bass,
pod_set_band_2_frequency__bass);
-static DEVICE_ATTR(delay_param_2, S_IWUGO | S_IRUGO, pod_get_delay_param_2,
+static DEVICE_ATTR(delay_param_2, S_IWUSR | S_IRUGO, pod_get_delay_param_2,
pod_set_delay_param_2);
-static DEVICE_ATTR(delay_volume_mix, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(delay_volume_mix, S_IWUSR | S_IRUGO,
pod_get_delay_volume_mix, pod_set_delay_volume_mix);
-static DEVICE_ATTR(delay_param_3, S_IWUGO | S_IRUGO, pod_get_delay_param_3,
+static DEVICE_ATTR(delay_param_3, S_IWUSR | S_IRUGO, pod_get_delay_param_3,
pod_set_delay_param_3);
-static DEVICE_ATTR(reverb_enable, S_IWUGO | S_IRUGO, pod_get_reverb_enable,
+static DEVICE_ATTR(reverb_enable, S_IWUSR | S_IRUGO, pod_get_reverb_enable,
pod_set_reverb_enable);
-static DEVICE_ATTR(reverb_type, S_IWUGO | S_IRUGO, pod_get_reverb_type,
+static DEVICE_ATTR(reverb_type, S_IWUSR | S_IRUGO, pod_get_reverb_type,
pod_set_reverb_type);
-static DEVICE_ATTR(reverb_decay, S_IWUGO | S_IRUGO, pod_get_reverb_decay,
+static DEVICE_ATTR(reverb_decay, S_IWUSR | S_IRUGO, pod_get_reverb_decay,
pod_set_reverb_decay);
-static DEVICE_ATTR(reverb_tone, S_IWUGO | S_IRUGO, pod_get_reverb_tone,
+static DEVICE_ATTR(reverb_tone, S_IWUSR | S_IRUGO, pod_get_reverb_tone,
pod_set_reverb_tone);
-static DEVICE_ATTR(reverb_pre_delay, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(reverb_pre_delay, S_IWUSR | S_IRUGO,
pod_get_reverb_pre_delay, pod_set_reverb_pre_delay);
-static DEVICE_ATTR(reverb_pre_post, S_IWUGO | S_IRUGO, pod_get_reverb_pre_post,
+static DEVICE_ATTR(reverb_pre_post, S_IWUSR | S_IRUGO, pod_get_reverb_pre_post,
pod_set_reverb_pre_post);
-static DEVICE_ATTR(band_2_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(band_2_frequency, S_IWUSR | S_IRUGO,
pod_get_band_2_frequency, pod_set_band_2_frequency);
-static DEVICE_ATTR2(band_3_frequency__bass, band_3_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_3_frequency__bass, band_3_frequency, S_IWUSR | S_IRUGO,
pod_get_band_3_frequency__bass,
pod_set_band_3_frequency__bass);
-static DEVICE_ATTR(wah_enable, S_IWUGO | S_IRUGO, pod_get_wah_enable,
+static DEVICE_ATTR(wah_enable, S_IWUSR | S_IRUGO, pod_get_wah_enable,
pod_set_wah_enable);
-static DEVICE_ATTR(modulation_lo_cut, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(modulation_lo_cut, S_IWUSR | S_IRUGO,
pod_get_modulation_lo_cut, pod_set_modulation_lo_cut);
-static DEVICE_ATTR(delay_reverb_lo_cut, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(delay_reverb_lo_cut, S_IWUSR | S_IRUGO,
pod_get_delay_reverb_lo_cut, pod_set_delay_reverb_lo_cut);
-static DEVICE_ATTR(volume_pedal_minimum, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(volume_pedal_minimum, S_IWUSR | S_IRUGO,
pod_get_volume_pedal_minimum, pod_set_volume_pedal_minimum);
-static DEVICE_ATTR(eq_pre_post, S_IWUGO | S_IRUGO, pod_get_eq_pre_post,
+static DEVICE_ATTR(eq_pre_post, S_IWUSR | S_IRUGO, pod_get_eq_pre_post,
pod_set_eq_pre_post);
-static DEVICE_ATTR(volume_pre_post, S_IWUGO | S_IRUGO, pod_get_volume_pre_post,
+static DEVICE_ATTR(volume_pre_post, S_IWUSR | S_IRUGO, pod_get_volume_pre_post,
pod_set_volume_pre_post);
-static DEVICE_ATTR(di_model, S_IWUGO | S_IRUGO, pod_get_di_model,
+static DEVICE_ATTR(di_model, S_IWUSR | S_IRUGO, pod_get_di_model,
pod_set_di_model);
-static DEVICE_ATTR(di_delay, S_IWUGO | S_IRUGO, pod_get_di_delay,
+static DEVICE_ATTR(di_delay, S_IWUSR | S_IRUGO, pod_get_di_delay,
pod_set_di_delay);
-static DEVICE_ATTR(mod_enable, S_IWUGO | S_IRUGO, pod_get_mod_enable,
+static DEVICE_ATTR(mod_enable, S_IWUSR | S_IRUGO, pod_get_mod_enable,
pod_set_mod_enable);
-static DEVICE_ATTR(mod_param_1_note_value, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(mod_param_1_note_value, S_IWUSR | S_IRUGO,
pod_get_mod_param_1_note_value,
pod_set_mod_param_1_note_value);
-static DEVICE_ATTR(mod_param_2, S_IWUGO | S_IRUGO, pod_get_mod_param_2,
+static DEVICE_ATTR(mod_param_2, S_IWUSR | S_IRUGO, pod_get_mod_param_2,
pod_set_mod_param_2);
-static DEVICE_ATTR(mod_param_3, S_IWUGO | S_IRUGO, pod_get_mod_param_3,
+static DEVICE_ATTR(mod_param_3, S_IWUSR | S_IRUGO, pod_get_mod_param_3,
pod_set_mod_param_3);
-static DEVICE_ATTR(mod_param_4, S_IWUGO | S_IRUGO, pod_get_mod_param_4,
+static DEVICE_ATTR(mod_param_4, S_IWUSR | S_IRUGO, pod_get_mod_param_4,
pod_set_mod_param_4);
-static DEVICE_ATTR(mod_param_5, S_IWUGO | S_IRUGO, pod_get_mod_param_5,
+static DEVICE_ATTR(mod_param_5, S_IWUSR | S_IRUGO, pod_get_mod_param_5,
pod_set_mod_param_5);
-static DEVICE_ATTR(mod_volume_mix, S_IWUGO | S_IRUGO, pod_get_mod_volume_mix,
+static DEVICE_ATTR(mod_volume_mix, S_IWUSR | S_IRUGO, pod_get_mod_volume_mix,
pod_set_mod_volume_mix);
-static DEVICE_ATTR(mod_pre_post, S_IWUGO | S_IRUGO, pod_get_mod_pre_post,
+static DEVICE_ATTR(mod_pre_post, S_IWUSR | S_IRUGO, pod_get_mod_pre_post,
pod_set_mod_pre_post);
-static DEVICE_ATTR(modulation_model, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(modulation_model, S_IWUSR | S_IRUGO,
pod_get_modulation_model, pod_set_modulation_model);
-static DEVICE_ATTR(band_3_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(band_3_frequency, S_IWUSR | S_IRUGO,
pod_get_band_3_frequency, pod_set_band_3_frequency);
-static DEVICE_ATTR2(band_4_frequency__bass, band_4_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_4_frequency__bass, band_4_frequency, S_IWUSR | S_IRUGO,
pod_get_band_4_frequency__bass,
pod_set_band_4_frequency__bass);
-static DEVICE_ATTR(mod_param_1_double_precision, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(mod_param_1_double_precision, S_IWUSR | S_IRUGO,
pod_get_mod_param_1_double_precision,
pod_set_mod_param_1_double_precision);
-static DEVICE_ATTR(delay_param_1_double_precision, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(delay_param_1_double_precision, S_IWUSR | S_IRUGO,
pod_get_delay_param_1_double_precision,
pod_set_delay_param_1_double_precision);
-static DEVICE_ATTR(eq_enable, S_IWUGO | S_IRUGO, pod_get_eq_enable,
+static DEVICE_ATTR(eq_enable, S_IWUSR | S_IRUGO, pod_get_eq_enable,
pod_set_eq_enable);
-static DEVICE_ATTR(tap, S_IWUGO | S_IRUGO, pod_get_tap, pod_set_tap);
-static DEVICE_ATTR(volume_tweak_pedal_assign, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(tap, S_IWUSR | S_IRUGO, pod_get_tap, pod_set_tap);
+static DEVICE_ATTR(volume_tweak_pedal_assign, S_IWUSR | S_IRUGO,
pod_get_volume_tweak_pedal_assign,
pod_set_volume_tweak_pedal_assign);
-static DEVICE_ATTR(band_5_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(band_5_frequency, S_IWUSR | S_IRUGO,
pod_get_band_5_frequency, pod_set_band_5_frequency);
-static DEVICE_ATTR(tuner, S_IWUGO | S_IRUGO, pod_get_tuner, pod_set_tuner);
-static DEVICE_ATTR(mic_selection, S_IWUGO | S_IRUGO, pod_get_mic_selection,
+static DEVICE_ATTR(tuner, S_IWUSR | S_IRUGO, pod_get_tuner, pod_set_tuner);
+static DEVICE_ATTR(mic_selection, S_IWUSR | S_IRUGO, pod_get_mic_selection,
pod_set_mic_selection);
-static DEVICE_ATTR(cabinet_model, S_IWUGO | S_IRUGO, pod_get_cabinet_model,
+static DEVICE_ATTR(cabinet_model, S_IWUSR | S_IRUGO, pod_get_cabinet_model,
pod_set_cabinet_model);
-static DEVICE_ATTR(stomp_model, S_IWUGO | S_IRUGO, pod_get_stomp_model,
+static DEVICE_ATTR(stomp_model, S_IWUSR | S_IRUGO, pod_get_stomp_model,
pod_set_stomp_model);
-static DEVICE_ATTR(roomlevel, S_IWUGO | S_IRUGO, pod_get_roomlevel,
+static DEVICE_ATTR(roomlevel, S_IWUSR | S_IRUGO, pod_get_roomlevel,
pod_set_roomlevel);
-static DEVICE_ATTR(band_4_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(band_4_frequency, S_IWUSR | S_IRUGO,
pod_get_band_4_frequency, pod_set_band_4_frequency);
-static DEVICE_ATTR(band_6_frequency, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(band_6_frequency, S_IWUSR | S_IRUGO,
pod_get_band_6_frequency, pod_set_band_6_frequency);
-static DEVICE_ATTR(stomp_param_1_note_value, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(stomp_param_1_note_value, S_IWUSR | S_IRUGO,
pod_get_stomp_param_1_note_value,
pod_set_stomp_param_1_note_value);
-static DEVICE_ATTR(stomp_param_2, S_IWUGO | S_IRUGO, pod_get_stomp_param_2,
+static DEVICE_ATTR(stomp_param_2, S_IWUSR | S_IRUGO, pod_get_stomp_param_2,
pod_set_stomp_param_2);
-static DEVICE_ATTR(stomp_param_3, S_IWUGO | S_IRUGO, pod_get_stomp_param_3,
+static DEVICE_ATTR(stomp_param_3, S_IWUSR | S_IRUGO, pod_get_stomp_param_3,
pod_set_stomp_param_3);
-static DEVICE_ATTR(stomp_param_4, S_IWUGO | S_IRUGO, pod_get_stomp_param_4,
+static DEVICE_ATTR(stomp_param_4, S_IWUSR | S_IRUGO, pod_get_stomp_param_4,
pod_set_stomp_param_4);
-static DEVICE_ATTR(stomp_param_5, S_IWUGO | S_IRUGO, pod_get_stomp_param_5,
+static DEVICE_ATTR(stomp_param_5, S_IWUSR | S_IRUGO, pod_get_stomp_param_5,
pod_set_stomp_param_5);
-static DEVICE_ATTR(stomp_param_6, S_IWUGO | S_IRUGO, pod_get_stomp_param_6,
+static DEVICE_ATTR(stomp_param_6, S_IWUSR | S_IRUGO, pod_get_stomp_param_6,
pod_set_stomp_param_6);
-static DEVICE_ATTR(amp_switch_select, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(amp_switch_select, S_IWUSR | S_IRUGO,
pod_get_amp_switch_select, pod_set_amp_switch_select);
-static DEVICE_ATTR(delay_param_4, S_IWUGO | S_IRUGO, pod_get_delay_param_4,
+static DEVICE_ATTR(delay_param_4, S_IWUSR | S_IRUGO, pod_get_delay_param_4,
pod_set_delay_param_4);
-static DEVICE_ATTR(delay_param_5, S_IWUGO | S_IRUGO, pod_get_delay_param_5,
+static DEVICE_ATTR(delay_param_5, S_IWUSR | S_IRUGO, pod_get_delay_param_5,
pod_set_delay_param_5);
-static DEVICE_ATTR(delay_pre_post, S_IWUGO | S_IRUGO, pod_get_delay_pre_post,
+static DEVICE_ATTR(delay_pre_post, S_IWUSR | S_IRUGO, pod_get_delay_pre_post,
pod_set_delay_pre_post);
-static DEVICE_ATTR(delay_model, S_IWUGO | S_IRUGO, pod_get_delay_model,
+static DEVICE_ATTR(delay_model, S_IWUSR | S_IRUGO, pod_get_delay_model,
pod_set_delay_model);
-static DEVICE_ATTR(delay_verb_model, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(delay_verb_model, S_IWUSR | S_IRUGO,
pod_get_delay_verb_model, pod_set_delay_verb_model);
-static DEVICE_ATTR(tempo_msb, S_IWUGO | S_IRUGO, pod_get_tempo_msb,
+static DEVICE_ATTR(tempo_msb, S_IWUSR | S_IRUGO, pod_get_tempo_msb,
pod_set_tempo_msb);
-static DEVICE_ATTR(tempo_lsb, S_IWUGO | S_IRUGO, pod_get_tempo_lsb,
+static DEVICE_ATTR(tempo_lsb, S_IWUSR | S_IRUGO, pod_get_tempo_lsb,
pod_set_tempo_lsb);
-static DEVICE_ATTR(wah_model, S_IWUGO | S_IRUGO, pod_get_wah_model,
+static DEVICE_ATTR(wah_model, S_IWUSR | S_IRUGO, pod_get_wah_model,
pod_set_wah_model);
-static DEVICE_ATTR(bypass_volume, S_IWUGO | S_IRUGO, pod_get_bypass_volume,
+static DEVICE_ATTR(bypass_volume, S_IWUSR | S_IRUGO, pod_get_bypass_volume,
pod_set_bypass_volume);
-static DEVICE_ATTR(fx_loop_on_off, S_IWUGO | S_IRUGO, pod_get_fx_loop_on_off,
+static DEVICE_ATTR(fx_loop_on_off, S_IWUSR | S_IRUGO, pod_get_fx_loop_on_off,
pod_set_fx_loop_on_off);
-static DEVICE_ATTR(tweak_param_select, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(tweak_param_select, S_IWUSR | S_IRUGO,
pod_get_tweak_param_select, pod_set_tweak_param_select);
-static DEVICE_ATTR(amp1_engage, S_IWUGO | S_IRUGO, pod_get_amp1_engage,
+static DEVICE_ATTR(amp1_engage, S_IWUSR | S_IRUGO, pod_get_amp1_engage,
pod_set_amp1_engage);
-static DEVICE_ATTR(band_1_gain, S_IWUGO | S_IRUGO, pod_get_band_1_gain,
+static DEVICE_ATTR(band_1_gain, S_IWUSR | S_IRUGO, pod_get_band_1_gain,
pod_set_band_1_gain);
-static DEVICE_ATTR2(band_2_gain__bass, band_2_gain, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_2_gain__bass, band_2_gain, S_IWUSR | S_IRUGO,
pod_get_band_2_gain__bass, pod_set_band_2_gain__bass);
-static DEVICE_ATTR(band_2_gain, S_IWUGO | S_IRUGO, pod_get_band_2_gain,
+static DEVICE_ATTR(band_2_gain, S_IWUSR | S_IRUGO, pod_get_band_2_gain,
pod_set_band_2_gain);
-static DEVICE_ATTR2(band_3_gain__bass, band_3_gain, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_3_gain__bass, band_3_gain, S_IWUSR | S_IRUGO,
pod_get_band_3_gain__bass, pod_set_band_3_gain__bass);
-static DEVICE_ATTR(band_3_gain, S_IWUGO | S_IRUGO, pod_get_band_3_gain,
+static DEVICE_ATTR(band_3_gain, S_IWUSR | S_IRUGO, pod_get_band_3_gain,
pod_set_band_3_gain);
-static DEVICE_ATTR2(band_4_gain__bass, band_4_gain, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_4_gain__bass, band_4_gain, S_IWUSR | S_IRUGO,
pod_get_band_4_gain__bass, pod_set_band_4_gain__bass);
-static DEVICE_ATTR2(band_5_gain__bass, band_5_gain, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_5_gain__bass, band_5_gain, S_IWUSR | S_IRUGO,
pod_get_band_5_gain__bass, pod_set_band_5_gain__bass);
-static DEVICE_ATTR(band_4_gain, S_IWUGO | S_IRUGO, pod_get_band_4_gain,
+static DEVICE_ATTR(band_4_gain, S_IWUSR | S_IRUGO, pod_get_band_4_gain,
pod_set_band_4_gain);
-static DEVICE_ATTR2(band_6_gain__bass, band_6_gain, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR2(band_6_gain__bass, band_6_gain, S_IWUSR | S_IRUGO,
pod_get_band_6_gain__bass, pod_set_band_6_gain__bass);
static DEVICE_ATTR(body, S_IRUGO, variax_get_body, line6_nop_write);
static DEVICE_ATTR(pickup1_enable, S_IRUGO, variax_get_pickup1_enable,
--- a/drivers/staging/line6/midi.c
+++ b/drivers/staging/line6/midi.c
@@ -362,8 +362,8 @@ static ssize_t midi_set_midi_mask_receiv
return count;
}
-static DEVICE_ATTR(midi_mask_transmit, S_IWUGO | S_IRUGO, midi_get_midi_mask_transmit, midi_set_midi_mask_transmit);
-static DEVICE_ATTR(midi_mask_receive, S_IWUGO | S_IRUGO, midi_get_midi_mask_receive, midi_set_midi_mask_receive);
+static DEVICE_ATTR(midi_mask_transmit, S_IWUSR | S_IRUGO, midi_get_midi_mask_transmit, midi_set_midi_mask_transmit);
+static DEVICE_ATTR(midi_mask_receive, S_IWUSR | S_IRUGO, midi_get_midi_mask_receive, midi_set_midi_mask_receive);
/* MIDI device destructor */
static int snd_line6_midi_free(struct snd_device *device)
--- a/drivers/staging/line6/pod.c
+++ b/drivers/staging/line6/pod.c
@@ -952,33 +952,33 @@ POD_GET_SYSTEM_PARAM(tuner_pitch, 1, 1);
#undef GET_SYSTEM_PARAM
/* POD special files: */
-static DEVICE_ATTR(channel, S_IWUGO | S_IRUGO, pod_get_channel, pod_set_channel);
+static DEVICE_ATTR(channel, S_IWUSR | S_IRUGO, pod_get_channel, pod_set_channel);
static DEVICE_ATTR(clip, S_IRUGO, pod_wait_for_clip, line6_nop_write);
static DEVICE_ATTR(device_id, S_IRUGO, pod_get_device_id, line6_nop_write);
static DEVICE_ATTR(dirty, S_IRUGO, pod_get_dirty, line6_nop_write);
-static DEVICE_ATTR(dump, S_IWUGO | S_IRUGO, pod_get_dump, pod_set_dump);
-static DEVICE_ATTR(dump_buf, S_IWUGO | S_IRUGO, pod_get_dump_buf, pod_set_dump_buf);
-static DEVICE_ATTR(finish, S_IWUGO, line6_nop_read, pod_set_finish);
+static DEVICE_ATTR(dump, S_IWUSR | S_IRUGO, pod_get_dump, pod_set_dump);
+static DEVICE_ATTR(dump_buf, S_IWUSR | S_IRUGO, pod_get_dump_buf, pod_set_dump_buf);
+static DEVICE_ATTR(finish, S_IWUSR, line6_nop_read, pod_set_finish);
static DEVICE_ATTR(firmware_version, S_IRUGO, pod_get_firmware_version, line6_nop_write);
-static DEVICE_ATTR(midi_postprocess, S_IWUGO | S_IRUGO, pod_get_midi_postprocess, pod_set_midi_postprocess);
-static DEVICE_ATTR(monitor_level, S_IWUGO | S_IRUGO, pod_get_monitor_level, pod_set_monitor_level);
+static DEVICE_ATTR(midi_postprocess, S_IWUSR | S_IRUGO, pod_get_midi_postprocess, pod_set_midi_postprocess);
+static DEVICE_ATTR(monitor_level, S_IWUSR | S_IRUGO, pod_get_monitor_level, pod_set_monitor_level);
static DEVICE_ATTR(name, S_IRUGO, pod_get_name, line6_nop_write);
static DEVICE_ATTR(name_buf, S_IRUGO, pod_get_name_buf, line6_nop_write);
-static DEVICE_ATTR(retrieve_amp_setup, S_IWUGO, line6_nop_read, pod_set_retrieve_amp_setup);
-static DEVICE_ATTR(retrieve_channel, S_IWUGO, line6_nop_read, pod_set_retrieve_channel);
-static DEVICE_ATTR(retrieve_effects_setup, S_IWUGO, line6_nop_read, pod_set_retrieve_effects_setup);
-static DEVICE_ATTR(routing, S_IWUGO | S_IRUGO, pod_get_routing, pod_set_routing);
+static DEVICE_ATTR(retrieve_amp_setup, S_IWUSR, line6_nop_read, pod_set_retrieve_amp_setup);
+static DEVICE_ATTR(retrieve_channel, S_IWUSR, line6_nop_read, pod_set_retrieve_channel);
+static DEVICE_ATTR(retrieve_effects_setup, S_IWUSR, line6_nop_read, pod_set_retrieve_effects_setup);
+static DEVICE_ATTR(routing, S_IWUSR | S_IRUGO, pod_get_routing, pod_set_routing);
static DEVICE_ATTR(serial_number, S_IRUGO, pod_get_serial_number, line6_nop_write);
-static DEVICE_ATTR(store_amp_setup, S_IWUGO, line6_nop_read, pod_set_store_amp_setup);
-static DEVICE_ATTR(store_channel, S_IWUGO, line6_nop_read, pod_set_store_channel);
-static DEVICE_ATTR(store_effects_setup, S_IWUGO, line6_nop_read, pod_set_store_effects_setup);
-static DEVICE_ATTR(tuner_freq, S_IWUGO | S_IRUGO, pod_get_tuner_freq, pod_set_tuner_freq);
-static DEVICE_ATTR(tuner_mute, S_IWUGO | S_IRUGO, pod_get_tuner_mute, pod_set_tuner_mute);
+static DEVICE_ATTR(store_amp_setup, S_IWUSR, line6_nop_read, pod_set_store_amp_setup);
+static DEVICE_ATTR(store_channel, S_IWUSR, line6_nop_read, pod_set_store_channel);
+static DEVICE_ATTR(store_effects_setup, S_IWUSR, line6_nop_read, pod_set_store_effects_setup);
+static DEVICE_ATTR(tuner_freq, S_IWUSR | S_IRUGO, pod_get_tuner_freq, pod_set_tuner_freq);
+static DEVICE_ATTR(tuner_mute, S_IWUSR | S_IRUGO, pod_get_tuner_mute, pod_set_tuner_mute);
static DEVICE_ATTR(tuner_note, S_IRUGO, pod_get_tuner_note, line6_nop_write);
static DEVICE_ATTR(tuner_pitch, S_IRUGO, pod_get_tuner_pitch, line6_nop_write);
#if CREATE_RAW_FILE
-static DEVICE_ATTR(raw, S_IWUGO, line6_nop_read, line6_set_raw);
+static DEVICE_ATTR(raw, S_IWUSR, line6_nop_read, line6_set_raw);
#endif
/*
--- a/drivers/staging/line6/toneport.c
+++ b/drivers/staging/line6/toneport.c
@@ -124,9 +124,9 @@ static ssize_t toneport_set_led_green(st
return count;
}
-static DEVICE_ATTR(led_red, S_IWUGO | S_IRUGO, line6_nop_read,
+static DEVICE_ATTR(led_red, S_IWUSR | S_IRUGO, line6_nop_read,
toneport_set_led_red);
-static DEVICE_ATTR(led_green, S_IWUGO | S_IRUGO, line6_nop_read,
+static DEVICE_ATTR(led_green, S_IWUSR | S_IRUGO, line6_nop_read,
toneport_set_led_green);
static int toneport_send_cmd(struct usb_device *usbdev, int cmd1, int cmd2)
--- a/drivers/staging/line6/variax.c
+++ b/drivers/staging/line6/variax.c
@@ -389,17 +389,17 @@ static ssize_t variax_set_raw2(struct de
#endif
/* Variax workbench special files: */
-static DEVICE_ATTR(model, S_IWUGO | S_IRUGO, variax_get_model, variax_set_model);
-static DEVICE_ATTR(volume, S_IWUGO | S_IRUGO, variax_get_volume, variax_set_volume);
-static DEVICE_ATTR(tone, S_IWUGO | S_IRUGO, variax_get_tone, variax_set_tone);
+static DEVICE_ATTR(model, S_IWUSR | S_IRUGO, variax_get_model, variax_set_model);
+static DEVICE_ATTR(volume, S_IWUSR | S_IRUGO, variax_get_volume, variax_set_volume);
+static DEVICE_ATTR(tone, S_IWUSR | S_IRUGO, variax_get_tone, variax_set_tone);
static DEVICE_ATTR(name, S_IRUGO, variax_get_name, line6_nop_write);
static DEVICE_ATTR(bank, S_IRUGO, variax_get_bank, line6_nop_write);
static DEVICE_ATTR(dump, S_IRUGO, variax_get_dump, line6_nop_write);
-static DEVICE_ATTR(active, S_IWUGO | S_IRUGO, variax_get_active, variax_set_active);
+static DEVICE_ATTR(active, S_IWUSR | S_IRUGO, variax_get_active, variax_set_active);
#if CREATE_RAW_FILE
-static DEVICE_ATTR(raw, S_IWUGO, line6_nop_read, line6_set_raw);
-static DEVICE_ATTR(raw2, S_IWUGO, line6_nop_read, variax_set_raw2);
+static DEVICE_ATTR(raw, S_IWUSR, line6_nop_read, line6_set_raw);
+static DEVICE_ATTR(raw2, S_IWUSR, line6_nop_read, variax_set_raw2);
#endif
^ permalink raw reply [flat|nested] 288+ messages in thread
* [099/289] kfifo: disable __kfifo_must_check_helper()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (98 preceding siblings ...)
2010-12-08 0:57 ` [098/289] Staging: line6: fix up some sysfs attribute permissions Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [100/289] hpet: fix unwanted interrupt due to stale irq status bit Greg KH
` (186 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Randy Dunlap, Stefani Seibold
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Andrew Morton <akpm@linux-foundation.org>
commit 52c5171214ff3327961d0ce0db7e8d2ce55004fd upstream.
This helper is wrong: it coerces signed values into unsigned ones, so code
such as
if (kfifo_alloc(...) < 0) {
error
}
will fail to detect the error.
So let's disable __kfifo_must_check_helper() for 2.6.36.
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Stefani Seibold <stefani@seibold.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/kfifo.h | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/include/linux/kfifo.h
+++ b/include/linux/kfifo.h
@@ -171,11 +171,8 @@ struct kfifo_rec_ptr_2 __STRUCT_KFIFO_PT
}
-static inline unsigned int __must_check
-__kfifo_must_check_helper(unsigned int val)
-{
- return val;
-}
+/* __kfifo_must_check_helper() is temporarily disabled because it was faulty */
+#define __kfifo_must_check_helper(x) (x)
/**
* kfifo_initialized - Check if the fifo is initialized
^ permalink raw reply [flat|nested] 288+ messages in thread
* [100/289] hpet: fix unwanted interrupt due to stale irq status bit
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (99 preceding siblings ...)
2010-12-08 0:57 ` [099/289] kfifo: disable __kfifo_must_check_helper() Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [101/289] hpet: unmap unused I/O space Greg KH
` (185 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Clemens Ladisch,
Ingo Molnar, Thomas Gleixner, john stultz, Bob Picco
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Clemens Ladisch <clemens@ladisch.de>
commit 96e9694df446d1154ec2f4fdba8908588b9cba38 upstream.
Jaswinder Singh Rajput wrote:
> By executing Documentation/timers/hpet_example.c
>
> for polling, I requested for 3 iterations but it seems iteration work
> for only 2 as first expired time is always very small.
>
> # ./hpet_example poll /dev/hpet 10 3
> -hpet: executing poll
> hpet_poll: info.hi_flags 0x0
> hpet_poll: expired time = 0x13
> hpet_poll: revents = 0x1
> hpet_poll: data 0x1
> hpet_poll: expired time = 0x1868c
> hpet_poll: revents = 0x1
> hpet_poll: data 0x1
> hpet_poll: expired time = 0x18645
> hpet_poll: revents = 0x1
> hpet_poll: data 0x1
Clearing the HPET interrupt enable bit disables interrupt generation
but does not disable the timer, so the interrupt status bit will still
be set when the timer elapses. If another interrupt arrives before
the timer has been correctly programmed (due to some other device on
the same interrupt line, or CONFIG_DEBUG_SHIRQ), this results in an
extra unwanted interrupt event because the status bit is likely to be
set from comparator matches that happened before the device was opened.
Therefore, we have to ensure that the interrupt status bit is and
stays cleared until we actually program the timer.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-by: Jaswinder Singh Rajput <jaswinderlinux@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: john stultz <johnstul@us.ibm.com>
Cc: Bob Picco <bpicco@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/hpet.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -479,6 +479,21 @@ static int hpet_ioctl_ieon(struct hpet_d
if (irq) {
unsigned long irq_flags;
+ if (devp->hd_flags & HPET_SHARED_IRQ) {
+ /*
+ * To prevent the interrupt handler from seeing an
+ * unwanted interrupt status bit, program the timer
+ * so that it will not fire in the near future ...
+ */
+ writel(readl(&timer->hpet_config) & ~Tn_TYPE_CNF_MASK,
+ &timer->hpet_config);
+ write_counter(read_counter(&hpet->hpet_mc),
+ &timer->hpet_compare);
+ /* ... and clear any left-over status. */
+ isr = 1 << (devp - devp->hd_hpets->hp_dev);
+ writel(isr, &hpet->hpet_isr);
+ }
+
sprintf(devp->hd_name, "hpet%d", (int)(devp - hpetp->hp_dev));
irq_flags = devp->hd_flags & HPET_SHARED_IRQ
? IRQF_SHARED : IRQF_DISABLED;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [101/289] hpet: unmap unused I/O space
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (100 preceding siblings ...)
2010-12-08 0:57 ` [100/289] hpet: fix unwanted interrupt due to stale irq status bit Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:57 ` [102/289] olpc_battery: Fix endian neutral breakage for s16 values Greg KH
` (184 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jiri Slaby, Clemens Ladisch
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
commit a56d5318716d120e040294bb258901ba89fb9c90 upstream.
When the initialization code in hpet finds a memory resource and does not
find an IRQ, it does not unmap the memory resource previously mapped.
There are buggy BIOSes which report resources exactly like this and what
is worse the memory region bases point to normal RAM. This normally would
not matter since the space is not touched. But when PAT is turned on,
ioremap causes the page to be uncached and sets this bit in page->flags.
Then when the page is about to be used by the allocator, it is reported
as:
BUG: Bad page state in process md5sum pfn:3ed00
page:ffffea0000dbd800 count:0 mapcount:0 mapping:(null) index:0x0
page flags: 0x20000001000000(uncached)
Pid: 7956, comm: md5sum Not tainted 2.6.34-12-desktop #1
Call Trace:
[<ffffffff810df851>] bad_page+0xb1/0x100
[<ffffffff810dfa45>] prep_new_page+0x1a5/0x1c0
[<ffffffff810dfe01>] get_page_from_freelist+0x3a1/0x640
[<ffffffff810e01af>] __alloc_pages_nodemask+0x10f/0x6b0
...
In this particular case:
1) HPET returns 3ed00000 as memory region base, but it is not in
reserved ranges reported by the BIOS (excerpt):
BIOS-e820: 0000000000100000 - 00000000af6cf000 (usable)
BIOS-e820: 00000000af6cf000 - 00000000afdcf000 (reserved)
2) there is no IRQ resource reported by HPET method. On the other
hand, the Intel HPET specs (1.0a) says (3.2.5.1):
_CRS (
// Report 1K of memory consumed by this Timer Block
memory range consumed
// Optional: only used if BIOS allocates Interrupts [1]
IRQs consumed
)
[1] For case where Timer Block is configured to consume IRQ0/IRQ8 AND
Legacy 8254/Legacy RTC hardware still exists, the device objects
associated with 8254 & RTC devices should not report IRQ0/IRQ8 as
"consumed resources".
So in theory we should check whether if it is the case and use those
interrupts instead.
Anyway the address reported by the BIOS here is bogus, so non-presence
of IRQ doesn't mean the "optional" part in point 2).
Since I got no reply previously, fix this by simply unmapping the space
when IRQ is not found and memory region was mapped previously. It would
be probably more safe to walk the resources again and unmap appropriately
depending on type. But as we now use only ioremap for both 2 memory
resource types, it is not necessarily needed right now.
Addresses https://bugzilla.novell.com/show_bug.cgi?id=629908
Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/hpet.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -985,6 +985,8 @@ static int hpet_acpi_add(struct acpi_dev
return -ENODEV;
if (!data.hd_address || !data.hd_nirqs) {
+ if (data.hd_address)
+ iounmap(data.hd_address);
printk("%s: no address or irqs in _CRS\n", __func__);
return -ENODEV;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [102/289] olpc_battery: Fix endian neutral breakage for s16 values
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (101 preceding siblings ...)
2010-12-08 0:57 ` [101/289] hpet: unmap unused I/O space Greg KH
@ 2010-12-08 0:57 ` Greg KH
2010-12-08 0:58 ` [103/289] percpu: fix list_head init bug in __percpu_counter_init() Greg KH
` (183 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Richard A. Smith,
Daniel Drake, Anton Vorontsov
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Richard A. Smith <richard@laptop.org>
commit 7cfbb29466633e6ecdc14f76a693c8478c2b22af upstream.
When the driver was updated to be endian neutral (8e9c7716c)
the signed part of the s16 values was lost. This is because be16_to_cpu()
returns an unsigned value. This patch casts the values back to a s16
number prior to the the implicit cast up to an int.
Signed-off-by: Richard A. Smith <richard@laptop.org>
Signed-off-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/power/olpc_battery.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/power/olpc_battery.c
+++ b/drivers/power/olpc_battery.c
@@ -271,14 +271,14 @@ static int olpc_bat_get_property(struct
if (ret)
return ret;
- val->intval = (int)be16_to_cpu(ec_word) * 9760L / 32;
+ val->intval = (s16)be16_to_cpu(ec_word) * 9760L / 32;
break;
case POWER_SUPPLY_PROP_CURRENT_AVG:
ret = olpc_ec_cmd(EC_BAT_CURRENT, NULL, 0, (void *)&ec_word, 2);
if (ret)
return ret;
- val->intval = (int)be16_to_cpu(ec_word) * 15625L / 120;
+ val->intval = (s16)be16_to_cpu(ec_word) * 15625L / 120;
break;
case POWER_SUPPLY_PROP_CAPACITY:
ret = olpc_ec_cmd(EC_BAT_SOC, NULL, 0, &ec_byte, 1);
@@ -299,7 +299,7 @@ static int olpc_bat_get_property(struct
if (ret)
return ret;
- val->intval = (int)be16_to_cpu(ec_word) * 100 / 256;
+ val->intval = (s16)be16_to_cpu(ec_word) * 100 / 256;
break;
case POWER_SUPPLY_PROP_TEMP_AMBIENT:
ret = olpc_ec_cmd(EC_AMB_TEMP, NULL, 0, (void *)&ec_word, 2);
@@ -313,7 +313,7 @@ static int olpc_bat_get_property(struct
if (ret)
return ret;
- val->intval = (int)be16_to_cpu(ec_word) * 6250 / 15;
+ val->intval = (s16)be16_to_cpu(ec_word) * 6250 / 15;
break;
case POWER_SUPPLY_PROP_SERIAL_NUMBER:
ret = olpc_ec_cmd(EC_BAT_SERIAL, NULL, 0, (void *)&ser_buf, 8);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [103/289] percpu: fix list_head init bug in __percpu_counter_init()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (102 preceding siblings ...)
2010-12-08 0:57 ` [102/289] olpc_battery: Fix endian neutral breakage for s16 values Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [104/289] hostfs: fix UML crash: remove f_spare from hostfs Greg KH
` (182 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Masanori Itoh, Tejun Heo
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Masanori ITOH <itoumsn@nttdata.co.jp>
commit 8474b591faf3bb0a1e08a60d21d6baac498f15e4 upstream.
WARNING: at lib/list_debug.c:26 __list_add+0x3f/0x81()
Hardware name: Express5800/B120a [N8400-085]
list_add corruption. next->prev should be prev (ffffffff81a7ea00), but was dead000000200200. (next=ffff88080b872d58).
Modules linked in: aoe ipt_MASQUERADE iptable_nat nf_nat autofs4 sunrpc bridge 8021q garp stp llc ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_round_robin dm_multipath kvm_intel kvm uinput lpfc scsi_transport_fc igb ioatdma scsi_tgt i2c_i801 i2c_core dca iTCO_wdt iTCO_vendor_support pcspkr shpchp megaraid_sas [last unloaded: aoe]
Pid: 54, comm: events/3 Tainted: G W 2.6.34-vanilla1 #1
Call Trace:
[<ffffffff8104bd77>] warn_slowpath_common+0x7c/0x94
[<ffffffff8104bde6>] warn_slowpath_fmt+0x41/0x43
[<ffffffff8120fd2e>] __list_add+0x3f/0x81
[<ffffffff81212a12>] __percpu_counter_init+0x59/0x6b
[<ffffffff810d8499>] bdi_init+0x118/0x17e
[<ffffffff811f2c50>] blk_alloc_queue_node+0x79/0x143
[<ffffffff811f2d2b>] blk_alloc_queue+0x11/0x13
[<ffffffffa02a931d>] aoeblk_gdalloc+0x8e/0x1c9 [aoe]
[<ffffffffa02aa655>] aoecmd_sleepwork+0x25/0xa8 [aoe]
[<ffffffff8106186c>] worker_thread+0x1a9/0x237
[<ffffffffa02aa630>] ? aoecmd_sleepwork+0x0/0xa8 [aoe]
[<ffffffff81065827>] ? autoremove_wake_function+0x0/0x39
[<ffffffff810616c3>] ? worker_thread+0x0/0x237
[<ffffffff810653ad>] kthread+0x7f/0x87
[<ffffffff8100aa24>] kernel_thread_helper+0x4/0x10
[<ffffffff8106532e>] ? kthread+0x0/0x87
[<ffffffff8100aa20>] ? kernel_thread_helper+0x0/0x10
It's because there is no initialization code for a list_head contained in
the struct backing_dev_info under CONFIG_HOTPLUG_CPU, and the bug comes up
when block device drivers calling blk_alloc_queue() are used. In case of
me, I got them by using aoe.
Signed-off-by: Masanori Itoh <itoumsn@nttdata.co.jp>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
lib/percpu_counter.c | 1 +
1 file changed, 1 insertion(+)
--- a/lib/percpu_counter.c
+++ b/lib/percpu_counter.c
@@ -76,6 +76,7 @@ int __percpu_counter_init(struct percpu_
if (!fbc->counters)
return -ENOMEM;
#ifdef CONFIG_HOTPLUG_CPU
+ INIT_LIST_HEAD(&fbc->list);
mutex_lock(&percpu_counters_lock);
list_add(&fbc->list, &percpu_counters);
mutex_unlock(&percpu_counters_lock);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [104/289] hostfs: fix UML crash: remove f_spare from hostfs
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (103 preceding siblings ...)
2010-12-08 0:58 ` [103/289] percpu: fix list_head init bug in __percpu_counter_init() Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [105/289] ipmi: proper spinlock initialization Greg KH
` (181 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Richard Weinberger,
Christoph Hellwig, Al Viro, Jeff Dike
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2600 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Richard Weinberger <richard@nod.at>
commit 1b627d5771312c92404b66f0a0b16f66036dd2e1 upstream.
365b1818 ("add f_flags to struct statfs(64)") resized f_spare within
struct statfs which caused a UML crash. There is no need to copy f_spare.
Signed-off-by: Richard Weinberger <richard@nod.at>
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Tested-by: Toralf Förster <toralf.foerster@gmx.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/hostfs/hostfs.h | 3 +--
fs/hostfs/hostfs_kern.c | 2 +-
fs/hostfs/hostfs_user.c | 9 ++-------
3 files changed, 4 insertions(+), 10 deletions(-)
--- a/fs/hostfs/hostfs.h
+++ b/fs/hostfs/hostfs.h
@@ -96,7 +96,6 @@ extern int rename_file(char *from, char
extern int do_statfs(char *root, long *bsize_out, long long *blocks_out,
long long *bfree_out, long long *bavail_out,
long long *files_out, long long *ffree_out,
- void *fsid_out, int fsid_size, long *namelen_out,
- long *spare_out);
+ void *fsid_out, int fsid_size, long *namelen_out);
#endif
--- a/fs/hostfs/hostfs_kern.c
+++ b/fs/hostfs/hostfs_kern.c
@@ -217,7 +217,7 @@ int hostfs_statfs(struct dentry *dentry,
err = do_statfs(dentry->d_sb->s_fs_info,
&sf->f_bsize, &f_blocks, &f_bfree, &f_bavail, &f_files,
&f_ffree, &sf->f_fsid, sizeof(sf->f_fsid),
- &sf->f_namelen, sf->f_spare);
+ &sf->f_namelen);
if (err)
return err;
sf->f_blocks = f_blocks;
--- a/fs/hostfs/hostfs_user.c
+++ b/fs/hostfs/hostfs_user.c
@@ -364,8 +364,7 @@ int rename_file(char *from, char *to)
int do_statfs(char *root, long *bsize_out, long long *blocks_out,
long long *bfree_out, long long *bavail_out,
long long *files_out, long long *ffree_out,
- void *fsid_out, int fsid_size, long *namelen_out,
- long *spare_out)
+ void *fsid_out, int fsid_size, long *namelen_out)
{
struct statfs64 buf;
int err;
@@ -384,10 +383,6 @@ int do_statfs(char *root, long *bsize_ou
sizeof(buf.f_fsid) > fsid_size ? fsid_size :
sizeof(buf.f_fsid));
*namelen_out = buf.f_namelen;
- spare_out[0] = buf.f_spare[0];
- spare_out[1] = buf.f_spare[1];
- spare_out[2] = buf.f_spare[2];
- spare_out[3] = buf.f_spare[3];
- spare_out[4] = buf.f_spare[4];
+
return 0;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [105/289] ipmi: proper spinlock initialization
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (104 preceding siblings ...)
2010-12-08 0:58 ` [104/289] hostfs: fix UML crash: remove f_spare from hostfs Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [106/289] um: remove PAGE_SIZE alignment in linker script causing kernel segfault Greg KH
` (180 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric Dumazet, David Miller,
Yinghai Lu, Corey Minyard
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Eric Dumazet <eric.dumazet@gmail.com>
commit de5e2ddf9bb3ce7b643223b9b0718062254f302f upstream.
Unloading ipmi module can trigger following error. (if
CONFIG_DEBUG_SPINLOCK=y)
[ 9633.779590] BUG: spinlock bad magic on CPU#1, rmmod/7170
[ 9633.779606] lock: f41f5414, .magic: 00000000, .owner:
<none>/-1, .owner_cpu: 0
[ 9633.779626] Pid: 7170, comm: rmmod Not tainted
2.6.36-rc7-11474-gb71eb1e-dirty #328
[ 9633.779644] Call Trace:
[ 9633.779657] [<c13921cc>] ? printk+0x18/0x1c
[ 9633.779672] [<c11a1f33>] spin_bug+0xa3/0xf0
[ 9633.779685] [<c11a1ffd>] do_raw_spin_lock+0x7d/0x160
[ 9633.779702] [<c1131537>] ? release_sysfs_dirent+0x47/0xb0
[ 9633.779718] [<c1131b78>] ? sysfs_addrm_finish+0xa8/0xd0
[ 9633.779734] [<c1394bac>] _raw_spin_lock_irqsave+0xc/0x20
[ 9633.779752] [<f99d93da>] cleanup_one_si+0x6a/0x200 [ipmi_si]
[ 9633.779768] [<c11305b2>] ? sysfs_hash_and_remove+0x72/0x80
[ 9633.779786] [<f99dcf26>] ipmi_pnp_remove+0xd/0xf [ipmi_si]
[ 9633.779802] [<c11f622b>] pnp_device_remove+0x1b/0x40
Fix this by initializing spinlocks in a smi_info_alloc() helper function,
right after memory allocation and clearing.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: David Miller <davem@davemloft.net>
Cc: Yinghai Lu <yinghai@kernel.org>
Acked-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/ipmi/ipmi_si_intf.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -1665,6 +1665,17 @@ static int check_hotmod_int_op(const cha
return 0;
}
+static struct smi_info *smi_info_alloc(void)
+{
+ struct smi_info *info = kzalloc(sizeof(*info), GFP_KERNEL);
+
+ if (info) {
+ spin_lock_init(&info->si_lock);
+ spin_lock_init(&info->msg_lock);
+ }
+ return info;
+}
+
static int hotmod_handler(const char *val, struct kernel_param *kp)
{
char *str = kstrdup(val, GFP_KERNEL);
@@ -1779,7 +1790,7 @@ static int hotmod_handler(const char *va
}
if (op == HM_ADD) {
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info) {
rv = -ENOMEM;
goto out;
@@ -1844,7 +1855,7 @@ static __devinit void hardcode_find_bmc(
if (!ports[i] && !addrs[i])
continue;
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info)
return;
@@ -2028,7 +2039,7 @@ static __devinit int try_init_spmi(struc
return -ENODEV;
}
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info) {
printk(KERN_ERR PFX "Could not allocate SI data (3)\n");
return -ENOMEM;
@@ -2138,7 +2149,7 @@ static int __devinit ipmi_pnp_probe(stru
if (!acpi_dev)
return -ENODEV;
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info)
return -ENOMEM;
@@ -2319,7 +2330,7 @@ static __devinit void try_init_dmi(struc
{
struct smi_info *info;
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info) {
printk(KERN_ERR PFX "Could not allocate SI data\n");
return;
@@ -2426,7 +2437,7 @@ static int __devinit ipmi_pci_probe(stru
int class_type = pdev->class & PCI_ERMC_CLASSCODE_TYPE_MASK;
struct smi_info *info;
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info)
return -ENOMEM;
@@ -2567,7 +2578,7 @@ static int __devinit ipmi_of_probe(struc
return -EINVAL;
}
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info) {
dev_err(&dev->dev,
@@ -3014,7 +3025,7 @@ static __devinit void default_find_bmc(v
if (check_legacy_ioport(ipmi_defaults[i].port))
continue;
#endif
- info = kzalloc(sizeof(*info), GFP_KERNEL);
+ info = smi_info_alloc();
if (!info)
return;
@@ -3139,9 +3150,6 @@ static int try_smi_init(struct smi_info
goto out_err;
}
- spin_lock_init(&(new_smi->si_lock));
- spin_lock_init(&(new_smi->msg_lock));
-
/* Do low-level detection first. */
if (new_smi->handlers->detect(new_smi->si_sm)) {
if (new_smi->addr_source)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [106/289] um: remove PAGE_SIZE alignment in linker script causing kernel segfault.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (105 preceding siblings ...)
2010-12-08 0:58 ` [105/289] ipmi: proper spinlock initialization Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [107/289] um: fix global timer issue when using CONFIG_NO_HZ Greg KH
` (179 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Tim Abbott, Jeff Dike
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Richard Weinberger <richard@nod.at>
commit 6915e04f8847bea16d0890f559694ad8eedd026c upstream.
The linker script cleanup that I did in commit 5d150a97f93 ("um: Clean up
linker script using standard macros.") (2.6.32) accidentally introduced an
ALIGN(PAGE_SIZE) when converting to use INIT_TEXT_SECTION; Richard
Weinberger reported that this causes the kernel to segfault with
CONFIG_STATIC_LINK=y.
I'm not certain why this extra alignment is a problem, but it seems likely
it is because previously
__init_begin = _stext = _text = _sinittext
and with the extra ALIGN(PAGE_SIZE), _sinittext becomes different from the
rest. So there is likely a bug here where something is assuming that
_sinittext is the same as one of those other symbols. But reverting the
accidental change fixes the regression, so it seems worth committing that
now.
Signed-off-by: Tim Abbott <tabbott@ksplice.com>
Reported-by: Richard Weinberger <richard@nod.at>
Cc: Jeff Dike <jdike@addtoit.com>
Tested by: Antoine Martin <antoine@nagafix.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/um/kernel/uml.lds.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/um/kernel/uml.lds.S
+++ b/arch/um/kernel/uml.lds.S
@@ -22,7 +22,7 @@ SECTIONS
_text = .;
_stext = .;
__init_begin = .;
- INIT_TEXT_SECTION(PAGE_SIZE)
+ INIT_TEXT_SECTION(0)
. = ALIGN(PAGE_SIZE);
.text :
^ permalink raw reply [flat|nested] 288+ messages in thread
* [107/289] um: fix global timer issue when using CONFIG_NO_HZ
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (106 preceding siblings ...)
2010-12-08 0:58 ` [106/289] um: remove PAGE_SIZE alignment in linker script causing kernel segfault Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [108/289] numa: fix slab_node(MPOL_BIND) Greg KH
` (178 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Richard Weinberger,
Pekka Enberg, Jeff Dike
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Richard Weinberger <richard@nod.at>
commit 482db6df1746c4fa7d64a2441d4cb2610249c679 upstream.
This fixes a issue which was introduced by fe2cc53e ("uml: track and make
up lost ticks").
timeval_to_ns() returns long long and not int. Due to that UML's timer
did not work properlt and caused timer freezes.
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Pekka Enberg <penberg@kernel.org>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/um/os-Linux/time.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/um/os-Linux/time.c
+++ b/arch/um/os-Linux/time.c
@@ -60,7 +60,7 @@ static inline long long timeval_to_ns(co
long long disable_timer(void)
{
struct itimerval time = ((struct itimerval) { { 0, 0 }, { 0, 0 } });
- int remain, max = UM_NSEC_PER_SEC / UM_HZ;
+ long long remain, max = UM_NSEC_PER_SEC / UM_HZ;
if (setitimer(ITIMER_VIRTUAL, &time, &time) < 0)
printk(UM_KERN_ERR "disable_timer - setitimer failed, "
^ permalink raw reply [flat|nested] 288+ messages in thread
* [108/289] numa: fix slab_node(MPOL_BIND)
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (107 preceding siblings ...)
2010-12-08 0:58 ` [107/289] um: fix global timer issue when using CONFIG_NO_HZ Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [109/289] hwmon: (lm85) Fix ADT7468 frequency table Greg KH
` (177 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric Dumazet, Mel Gorman,
Christoph Lameter, Lee Schermerhorn
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Eric Dumazet <eric.dumazet@gmail.com>
commit 800416f799e0723635ac2d720ad4449917a1481c upstream.
When a node contains only HighMem memory, slab_node(MPOL_BIND)
dereferences a NULL pointer.
[ This code seems to go back all the way to commit 19770b32609b: "mm:
filter based on a nodemask as well as a gfp_mask". Which was back in
April 2008, and it got merged into 2.6.26. - Linus ]
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Christoph Lameter <cl@linux.com>
Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/mempolicy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1588,7 +1588,7 @@ unsigned slab_node(struct mempolicy *pol
(void)first_zones_zonelist(zonelist, highest_zoneidx,
&policy->v.nodes,
&zone);
- return zone->node;
+ return zone ? zone->node : numa_node_id();
}
default:
^ permalink raw reply [flat|nested] 288+ messages in thread
* [109/289] hwmon: (lm85) Fix ADT7468 frequency table
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (108 preceding siblings ...)
2010-12-08 0:58 ` [108/289] numa: fix slab_node(MPOL_BIND) Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [110/289] oprofile: Fix the hang while taking the cpu offline Greg KH
` (176 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jean Delvare,
Darrick J. Wong, Guenter Roeck
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jean Delvare <khali@linux-fr.org>
commit fa7a5797e57d2ed71f9a6fb44f0ae42c2d7b74b7 upstream.
The ADT7468 uses the same frequency table as the ADT7463.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Darrick J. Wong <djwong@us.ibm.com>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/hwmon/lm85.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/hwmon/lm85.c
+++ b/drivers/hwmon/lm85.c
@@ -1259,6 +1259,7 @@ static int lm85_probe(struct i2c_client
switch (data->type) {
case adm1027:
case adt7463:
+ case adt7468:
case emc6d100:
case emc6d102:
data->freq_map = adm1027_freq_map;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [110/289] oprofile: Fix the hang while taking the cpu offline
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (109 preceding siblings ...)
2010-12-08 0:58 ` [109/289] hwmon: (lm85) Fix ADT7468 frequency table Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [111/289] mm: fix return value of scan_lru_pages in memory unplug Greg KH
` (175 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Santosh Shilimkar, Robert Richter
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Santosh Shilimkar <santosh.shilimkar@ti.com>
commit 4ac3dbec800d93485a5c84e37af676278eea657c upstream.
The kernel build with CONFIG_OPROFILE and CPU_HOTPLUG enabled.
The oprofile is initialised using system timer in absence of hardware
counters supports. Oprofile isn't started from userland.
In this setup while doing a CPU offline the kernel hangs in infinite
for loop inside lock_hrtimer_base() function
This happens because as part of oprofile_cpu_notify(, it tries to
stop an hrtimer which was never started. These per-cpu hrtimers
are started when the oprfile is started.
echo 1 > /dev/oprofile/enable
This problem also existwhen the cpu is booted with maxcpus parameter
set. When bringing the remaining cpus online the timers are started
even if oprofile is not yet enabled.
This patch fix this issue by adding a state variable so that
these hrtimer start/stop is only attempted when oprofile is
started
For stable kernels v2.6.35.y and v2.6.36.y.
Reported-by: Jan Sebastien <s-jan@ti.com>
Tested-by: sricharan <r.sricharan@ti.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@ti.com>
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/oprofile/timer_int.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/oprofile/timer_int.c
+++ b/drivers/oprofile/timer_int.c
@@ -21,6 +21,7 @@
#include "oprof.h"
static DEFINE_PER_CPU(struct hrtimer, oprofile_hrtimer);
+static int ctr_running;
static enum hrtimer_restart oprofile_hrtimer_notify(struct hrtimer *hrtimer)
{
@@ -33,6 +34,9 @@ static void __oprofile_hrtimer_start(voi
{
struct hrtimer *hrtimer = &__get_cpu_var(oprofile_hrtimer);
+ if (!ctr_running)
+ return;
+
hrtimer_init(hrtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
hrtimer->function = oprofile_hrtimer_notify;
@@ -42,7 +46,10 @@ static void __oprofile_hrtimer_start(voi
static int oprofile_hrtimer_start(void)
{
+ get_online_cpus();
+ ctr_running = 1;
on_each_cpu(__oprofile_hrtimer_start, NULL, 1);
+ put_online_cpus();
return 0;
}
@@ -50,6 +57,9 @@ static void __oprofile_hrtimer_stop(int
{
struct hrtimer *hrtimer = &per_cpu(oprofile_hrtimer, cpu);
+ if (!ctr_running)
+ return;
+
hrtimer_cancel(hrtimer);
}
@@ -57,8 +67,11 @@ static void oprofile_hrtimer_stop(void)
{
int cpu;
+ get_online_cpus();
for_each_online_cpu(cpu)
__oprofile_hrtimer_stop(cpu);
+ ctr_running = 0;
+ put_online_cpus();
}
static int __cpuinit oprofile_cpu_notify(struct notifier_block *self,
^ permalink raw reply [flat|nested] 288+ messages in thread
* [111/289] mm: fix return value of scan_lru_pages in memory unplug
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (110 preceding siblings ...)
2010-12-08 0:58 ` [110/289] oprofile: Fix the hang while taking the cpu offline Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [112/289] mm, page-allocator: do not check the state of a non-existant buddy during free Greg KH
` (174 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, KAMEZAWA Hiroyuki
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
commit f8f72ad5396987e05a42cf7eff826fb2a15ff148 upstream.
scan_lru_pages returns pfn. So, it's type should be "unsigned long"
not "int".
Note: I guess this has been work until now because memory hotplug tester's
machine has not very big memory....
physical address < 32bit << PAGE_SHIFT.
Reported-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/memory_hotplug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -659,7 +659,7 @@ static int test_pages_in_a_zone(unsigned
* Scanning pfn is much easier than scanning lru list.
* Scan pfn from start to end and Find LRU page.
*/
-int scan_lru_pages(unsigned long start, unsigned long end)
+unsigned long scan_lru_pages(unsigned long start, unsigned long end)
{
unsigned long pfn;
struct page *page;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [112/289] mm, page-allocator: do not check the state of a non-existant buddy during free
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (111 preceding siblings ...)
2010-12-08 0:58 ` [111/289] mm: fix return value of scan_lru_pages in memory unplug Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [113/289] mm: fix is_mem_section_removable() page_order BUG_ON check Greg KH
` (173 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Mel Gorman, Corrado Zoccolo,
KOSAKI Motohiro, Christoph Lameter, Rik van Riel
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Mel Gorman <mel@csn.ul.ie>
commit b7f50cfa3630b6e079929ffccfd442d65064ee1f upstream.
There is a bug in commit 6dda9d55 ("page allocator: reduce fragmentation
in buddy allocator by adding buddies that are merging to the tail of the
free lists") that means a buddy at order MAX_ORDER is checked for merging.
A page of this order never exists so at times, an effectively random
piece of memory is being checked.
Alan Curry has reported that this is causing memory corruption in
userspace data on a PPC32 platform (http://lkml.org/lkml/2010/10/9/32).
It is not clear why this is happening. It could be a cache coherency
problem where pages mapped in both user and kernel space are getting
different cache lines due to the bad read from kernel space
(http://lkml.org/lkml/2010/10/13/179). It could also be that there are
some special registers being io-remapped at the end of the memmap array
and that a read has special meaning on them. Compiler bugs have been
ruled out because the assembly before and after the patch looks relatively
harmless.
This patch fixes the problem by ensuring we are not reading a possibly
invalid location of memory. It's not clear why the read causes corruption
but one way or the other it is a buggy read.
Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Cc: Corrado Zoccolo <czoccolo@gmail.com>
Reported-by: Alan Curry <pacman@kosh.dhis.org>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/page_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -530,7 +530,7 @@ static inline void __free_one_page(struc
* so it's less likely to be used soon and more likely to be merged
* as a higher order page
*/
- if ((order < MAX_ORDER-1) && pfn_valid_within(page_to_pfn(buddy))) {
+ if ((order < MAX_ORDER-2) && pfn_valid_within(page_to_pfn(buddy))) {
struct page *higher_page, *higher_buddy;
combined_idx = __find_combined_index(page_idx, order);
higher_page = page + combined_idx - page_idx;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [113/289] mm: fix is_mem_section_removable() page_order BUG_ON check
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (112 preceding siblings ...)
2010-12-08 0:58 ` [112/289] mm, page-allocator: do not check the state of a non-existant buddy during free Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [114/289] mm/hugetlb.c: add missing spin_lock() to hugetlb_cow() Greg KH
` (172 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, KAMEZAWA Hiroyuki,
Wu Fengguang, Michal Hocko, Mel Gorman
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
commit 572438f9b52236bd8938b1647cc15e027d27ef55 upstream.
page_order() is called by memory hotplug's user interface to check the
section is removable or not. (is_mem_section_removable())
It calls page_order() withoug holding zone->lock.
So, even if the caller does
if (PageBuddy(page))
ret = page_order(page) ...
The caller may hit BUG_ON().
For fixing this, there are 2 choices.
1. add zone->lock.
2. remove BUG_ON().
is_mem_section_removable() is used for some "advice" and doesn't need to
be 100% accurate. This is_removable() can be called via user program..
We don't want to take this important lock for long by user's request. So,
this patch removes BUG_ON().
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Acked-by: Wu Fengguang <fengguang.wu@intel.com>
Acked-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -62,7 +62,7 @@ extern bool is_free_buddy_page(struct pa
*/
static inline unsigned long page_order(struct page *page)
{
- VM_BUG_ON(!PageBuddy(page));
+ /* PageBuddy() must be checked by the caller */
return page_private(page);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [114/289] mm/hugetlb.c: add missing spin_lock() to hugetlb_cow()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (113 preceding siblings ...)
2010-12-08 0:58 ` [113/289] mm: fix is_mem_section_removable() page_order BUG_ON check Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [115/289] agp/intel: Also add B43.1 to list of supported devices Greg KH
` (171 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dean Nelson, Mel Gorman
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dean Nelson <dnelson@redhat.com>
commit 44e2aa937e698ea95dd86b2a4fabd734ef2c76db upstream.
Add missing spin_lock() of the page_table_lock before an error return in
hugetlb_cow(). Callers of hugtelb_cow() expect it to be held upon return.
Signed-off-by: Dean Nelson <dnelson@redhat.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/hugetlb.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2380,8 +2380,11 @@ retry_avoidcopy:
* When the original hugepage is shared one, it does not have
* anon_vma prepared.
*/
- if (unlikely(anon_vma_prepare(vma)))
+ if (unlikely(anon_vma_prepare(vma))) {
+ /* Caller expects lock to be held */
+ spin_lock(&mm->page_table_lock);
return VM_FAULT_OOM;
+ }
copy_huge_page(new_page, old_page, address, vma);
__SetPageUptodate(new_page);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [115/289] agp/intel: Also add B43.1 to list of supported devices
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (114 preceding siblings ...)
2010-12-08 0:58 ` [114/289] mm/hugetlb.c: add missing spin_lock() to hugetlb_cow() Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [116/289] b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd Greg KH
` (170 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit 3dde04b0152634d42994b34b86bbf3c70fbc6b19 upstream.
This was a missing piece from 41a5142 that dropped recognition of the
AGP module for the second B43 variant.
Reported-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/agp/intel-agp.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/char/agp/intel-agp.c
+++ b/drivers/char/agp/intel-agp.c
@@ -1049,6 +1049,7 @@ static struct pci_device_id agp_intel_pc
ID(PCI_DEVICE_ID_INTEL_G45_HB),
ID(PCI_DEVICE_ID_INTEL_G41_HB),
ID(PCI_DEVICE_ID_INTEL_B43_HB),
+ ID(PCI_DEVICE_ID_INTEL_B43_1_HB),
ID(PCI_DEVICE_ID_INTEL_IRONLAKE_D_HB),
ID(PCI_DEVICE_ID_INTEL_IRONLAKE_M_HB),
ID(PCI_DEVICE_ID_INTEL_IRONLAKE_MA_HB),
^ permalink raw reply [flat|nested] 288+ messages in thread
* [116/289] b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (115 preceding siblings ...)
2010-12-08 0:58 ` [115/289] agp/intel: Also add B43.1 to list of supported devices Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [117/289] wireless: b43: fix error path in SDIO Greg KH
` (169 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Larry Finger, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Larry Finger <Larry.Finger@lwfinger.net>
commit 9f2a0fac625bcef9c579bcf0b0c904ab1a56e7c4 upstream.
On module removal, the sdio version of b43 generates the following warning:
[ 851.560519] ------------[ cut here ]------------
[ 851.560531] WARNING: at drivers/mmc/core/core.c:237 mmc_wait_for_cmd+0x88/0x90()
[ 851.560534] Hardware name: 20552PG
[ 851.560536] Modules linked in: b43(-) ssb mmc_block binfmt_misc rfcomm sco bnep ppdev l2cap ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp kvm_intel kvm arc4 iwlagn snd_hda_codec_conexant snd_hda_intel snd_hda_codec iwlcore snd_hwdep snd_pcm thinkpad_acpi mac80211 snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq r852 joydev snd_timer sm_common pcmcia nand snd_seq_device cfg80211 sdhci_pci btusb psmouse tpm_tis yenta_socket nand_ids lp snd pcmcia_rsrc nand_ecc bluetooth sdhci tpm pcmcia_core parport mtd snd_page_alloc serio_raw tpm_bios soundcore nvram led_class sha256_generic aes_i586 aes_generic dm_crypt i915 drm_kms_helper drm ahci intel_agp i2c_algo_bit intel_gtt e1000e libahci video agpgart output
[ 851.560620] Pid: 2504, comm: rmmod Not tainted 2.6.36-titan0+ #1
[ 851.560622] Call Trace:
[ 851.560631] [<c014a102>] warn_slowpath_common+0x72/0xa0
[ 851.560636] [<c04d94c8>] ? mmc_wait_for_cmd+0x88/0x90
[ 851.560641] [<c04d94c8>] ? mmc_wait_for_cmd+0x88/0x90
[ 851.560645] [<c014a152>] warn_slowpath_null+0x22/0x30
[ 851.560649] [<c04d94c8>] mmc_wait_for_cmd+0x88/0x90
[ 851.560655] [<c0401585>] ? device_release+0x25/0x80
[ 851.560660] [<c04df210>] mmc_io_rw_direct_host+0xa0/0x150
[ 851.560665] [<c04df370>] mmc_io_rw_direct+0x30/0x40
[ 851.560669] [<c04e06e7>] sdio_disable_func+0x37/0xa0
[ 851.560683] [<f8dfcb80>] b43_sdio_remove+0x30/0x50 [b43]
[ 851.560687] [<c04df8cc>] sdio_bus_remove+0x1c/0x60
[ 851.560692] [<c016d39f>] ? blocking_notifier_call_chain+0x1f/0x30
[ 851.560697] [<c0404991>] __device_release_driver+0x51/0xb0
[ 851.560701] [<c0404a7f>] driver_detach+0x8f/0xa0
[ 851.560705] [<c0403c83>] bus_remove_driver+0x63/0xa0
[ 851.560709] [<c0405039>] driver_unregister+0x49/0x80
[ 851.560713] [<c0405039>] ? driver_unregister+0x49/0x80
[ 851.560718] [<c04dfad7>] sdio_unregister_driver+0x17/0x20
[ 851.560727] [<f8dfcb42>] b43_sdio_exit+0x12/0x20 [b43]
[ 851.560734] [<f8dfe76f>] b43_exit+0x17/0x3c [b43]
[ 851.560740] [<c017fb8d>] sys_delete_module+0x13d/0x200
[ 851.560747] [<c01fd7d2>] ? do_munmap+0x212/0x300
[ 851.560752] [<c010311f>] sysenter_do_call+0x12/0x28
[ 851.560757] ---[ end trace 31e14488072d2f7d ]---
[ 851.560759] ------------[ cut here ]------------
The warning is caused by b43 not claiming the device before calling
sdio_disable_func().
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Arnd Hannemann <arnd@arndnet.de>
Tested-by: Arnd Hannemann <arnd@arndnet.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/b43/sdio.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/wireless/b43/sdio.c
+++ b/drivers/net/wireless/b43/sdio.c
@@ -175,7 +175,9 @@ static void b43_sdio_remove(struct sdio_
struct b43_sdio *sdio = sdio_get_drvdata(func);
ssb_bus_unregister(&sdio->ssb);
+ sdio_claim_host(func);
sdio_disable_func(func);
+ sdio_release_host(func);
kfree(sdio);
sdio_set_drvdata(func, NULL);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [117/289] wireless: b43: fix error path in SDIO
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (116 preceding siblings ...)
2010-12-08 0:58 ` [116/289] b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [118/289] ssb: b43-pci-bridge: Add new vendor for BCM4318 Greg KH
` (168 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Guennadi Liakhovetski,
Larry Finger, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
commit e476a5a41ad67d0e2b4a652820c49a3923eb936b upstream.
Fix unbalanced call to sdio_release_host() on the error path.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/b43/sdio.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/b43/sdio.c
+++ b/drivers/net/wireless/b43/sdio.c
@@ -163,6 +163,7 @@ static int b43_sdio_probe(struct sdio_fu
err_free_ssb:
kfree(sdio);
err_disable_func:
+ sdio_claim_host(func);
sdio_disable_func(func);
err_release_host:
sdio_release_host(func);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [118/289] ssb: b43-pci-bridge: Add new vendor for BCM4318
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (117 preceding siblings ...)
2010-12-08 0:58 ` [117/289] wireless: b43: fix error path in SDIO Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [119/289] drivers/misc/ad525x_dpot.c: fix typo in spi write16 and write24 transfer counts Greg KH
` (167 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daniel Klaffenbach,
Larry Finger, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel Klaffenbach <danielklaffenbach@gmail.com>
commit 1d8638d4038eb8709edc80e37a0bbb77253d86e9 upstream.
Add new vendor for Broadcom 4318.
Signed-off-by: Daniel Klaffenbach <danielklaffenbach@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/ssb/b43_pci_bridge.c | 1 +
include/linux/pci_ids.h | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/ssb/b43_pci_bridge.c
+++ b/drivers/ssb/b43_pci_bridge.c
@@ -24,6 +24,7 @@ static const struct pci_device_id b43_pc
{ PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4312) },
{ PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4315) },
{ PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4318) },
+ { PCI_DEVICE(PCI_VENDOR_ID_BCM_GVC, 0x4318) },
{ PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4319) },
{ PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4320) },
{ PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4321) },
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2041,6 +2041,7 @@
#define PCI_DEVICE_ID_AFAVLAB_P030 0x2182
#define PCI_SUBDEVICE_ID_AFAVLAB_P061 0x2150
+#define PCI_VENDOR_ID_BCM_GVC 0x14a4
#define PCI_VENDOR_ID_BROADCOM 0x14e4
#define PCI_DEVICE_ID_TIGON3_5752 0x1600
#define PCI_DEVICE_ID_TIGON3_5752M 0x1601
^ permalink raw reply [flat|nested] 288+ messages in thread
* [119/289] drivers/misc/ad525x_dpot.c: fix typo in spi write16 and write24 transfer counts
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (118 preceding siblings ...)
2010-12-08 0:58 ` [118/289] ssb: b43-pci-bridge: Add new vendor for BCM4318 Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [120/289] sgi-xpc: XPC fails to discover partitions with all nasids above 128 Greg KH
` (166 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Michael Hennerich,
Mike Frysinger, Chris Verges
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Michael Hennerich <michael.hennerich@analog.com>
commit 1f9fa5216eacf4fdf9d3e4ab57feb8b642f0e78b upstream.
This is a bug fix. Some SPI connected devices using 16/24 bit accesses,
previously failed, now work.
This typo slipped in after testing, during some restructuring.
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: Chris Verges <chrisv@cyberswitching.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/misc/ad525x_dpot-spi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/misc/ad525x_dpot-spi.c
+++ b/drivers/misc/ad525x_dpot-spi.c
@@ -53,13 +53,13 @@ static int write8(void *client, u8 val)
static int write16(void *client, u8 reg, u8 val)
{
u8 data[2] = {reg, val};
- return spi_write(client, data, 1);
+ return spi_write(client, data, 2);
}
static int write24(void *client, u8 reg, u16 val)
{
u8 data[3] = {reg, val >> 8, val};
- return spi_write(client, data, 1);
+ return spi_write(client, data, 3);
}
static int read8(void *client)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [120/289] sgi-xpc: XPC fails to discover partitions with all nasids above 128
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (119 preceding siblings ...)
2010-12-08 0:58 ` [119/289] drivers/misc/ad525x_dpot.c: fix typo in spi write16 and write24 transfer counts Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [121/289] xen: ensure that all event channels start off bound to VCPU 0 Greg KH
` (165 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Robin Holt
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Robin@sgi.com <Robin@sgi.com>
commit c22c7aeff69796f46ae0fcec141538e28f50b24e upstream.
UV hardware defines 256 memory protection regions versus the baseline 64
with increasing size for the SN2 ia64. This was overlooked when XPC was
modified to accomodate both UV and SN2.
Without this patch, a user could reconfigure their existing system and
suddenly disable cross-partition communications with no indication of what
has gone wrong. It also prevents larger configurations from using
cross-partition communication.
Signed-off-by: Robin Holt <holt@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/misc/sgi-xp/xpc_partition.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
--- a/drivers/misc/sgi-xp/xpc_partition.c
+++ b/drivers/misc/sgi-xp/xpc_partition.c
@@ -439,18 +439,23 @@ xpc_discovery(void)
* nodes that can comprise an access protection grouping. The access
* protection is in regards to memory, IOI and IPI.
*/
- max_regions = 64;
region_size = xp_region_size;
- switch (region_size) {
- case 128:
- max_regions *= 2;
- case 64:
- max_regions *= 2;
- case 32:
- max_regions *= 2;
- region_size = 16;
- DBUG_ON(!is_shub2());
+ if (is_uv())
+ max_regions = 256;
+ else {
+ max_regions = 64;
+
+ switch (region_size) {
+ case 128:
+ max_regions *= 2;
+ case 64:
+ max_regions *= 2;
+ case 32:
+ max_regions *= 2;
+ region_size = 16;
+ DBUG_ON(!is_shub2());
+ }
}
for (region = 0; region < max_regions; region++) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [121/289] xen: ensure that all event channels start off bound to VCPU 0
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (120 preceding siblings ...)
2010-12-08 0:58 ` [120/289] sgi-xpc: XPC fails to discover partitions with all nasids above 128 Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [122/289] xen: dont bother to stop other cpus on shutdown/reboot Greg KH
` (164 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ian Campbell, Jeremy Fitzhardinge
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ian Campbell <ian.campbell@citrix.com>
commit b0097adeec27e30223c989561ab0f7aa60d1fe93 upstream.
All event channels startbound to VCPU 0 so ensure that cpu_evtchn_mask
is initialised to reflect this. Otherwise there is a race after registering an
event channel but before the affinity is explicitly set where the event channel
can be delivered. If this happens then the event channel remains pending in the
L1 (evtchn_pending) array but is cleared in L2 (evtchn_pending_sel), this means
the event channel cannot be reraised until another event channel happens to
trigger the same L2 entry on that VCPU.
sizeof(cpu_evtchn_mask(0))==sizeof(unsigned long*) which is not correct, and
causes only the first 32 or 64 event channels (depending on architecture) to be
initially bound to VCPU0. Use sizeof(struct cpu_evtchn_s) instead.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/xen/events.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/xen/events.c
+++ b/drivers/xen/events.c
@@ -261,7 +261,7 @@ static void init_evtchn_cpu_bindings(voi
}
#endif
- memset(cpu_evtchn_mask(0), ~0, sizeof(cpu_evtchn_mask(0)));
+ memset(cpu_evtchn_mask(0), ~0, sizeof(struct cpu_evtchn_s));
}
static inline void clear_evtchn(int port)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [122/289] xen: dont bother to stop other cpus on shutdown/reboot
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (121 preceding siblings ...)
2010-12-08 0:58 ` [121/289] xen: ensure that all event channels start off bound to VCPU 0 Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [123/289] ipc: initialize structure memory to zero for compat functions Greg KH
` (163 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jeremy Fitzhardinge, Alok Kataria
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
commit 31e323cca9d5c8afd372976c35a5d46192f540d1 upstream.
Xen will shoot all the VCPUs when we do a shutdown hypercall, so there's
no need to do it manually.
In any case it will fail because all the IPI irqs have been pulled
down by this point, so the cross-CPU calls will simply hang forever.
Until change 76fac077db6b34e2c6383a7b4f3f4f7b7d06d8ce the function calls
were not synchronously waited for, so this wasn't apparent. However after
that change the calls became synchronous leading to a hang on shutdown
on multi-VCPU guests.
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Cc: Alok Kataria <akataria@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/xen/enlighten.c | 4 ----
1 file changed, 4 deletions(-)
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1017,10 +1017,6 @@ static void xen_reboot(int reason)
{
struct sched_shutdown r = { .reason = reason };
-#ifdef CONFIG_SMP
- stop_other_cpus();
-#endif
-
if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
BUG();
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [123/289] ipc: initialize structure memory to zero for compat functions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (122 preceding siblings ...)
2010-12-08 0:58 ` [122/289] xen: dont bother to stop other cpus on shutdown/reboot Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [124/289] ipc: shm: fix information leak to userland Greg KH
` (162 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dan Rosenberg,
Manfred Spraul, Arnd Bergmann
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dan Rosenberg <drosenberg@vsecurity.com>
commit 03145beb455cf5c20a761e8451e30b8a74ba58d9 upstream.
This takes care of leaking uninitialized kernel stack memory to
userspace from non-zeroed fields in structs in compat ipc functions.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
ipc/compat.c | 6 ++++++
ipc/compat_mq.c | 5 +++++
2 files changed, 11 insertions(+)
--- a/ipc/compat.c
+++ b/ipc/compat.c
@@ -241,6 +241,8 @@ long compat_sys_semctl(int first, int se
struct semid64_ds __user *up64;
int version = compat_ipc_parse_version(&third);
+ memset(&s64, 0, sizeof(s64));
+
if (!uptr)
return -EINVAL;
if (get_user(pad, (u32 __user *) uptr))
@@ -421,6 +423,8 @@ long compat_sys_msgctl(int first, int se
int version = compat_ipc_parse_version(&second);
void __user *p;
+ memset(&m64, 0, sizeof(m64));
+
switch (second & (~IPC_64)) {
case IPC_INFO:
case IPC_RMID:
@@ -594,6 +598,8 @@ long compat_sys_shmctl(int first, int se
int err, err2;
int version = compat_ipc_parse_version(&second);
+ memset(&s64, 0, sizeof(s64));
+
switch (second & (~IPC_64)) {
case IPC_RMID:
case SHM_LOCK:
--- a/ipc/compat_mq.c
+++ b/ipc/compat_mq.c
@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const
void __user *p = NULL;
if (u_attr && oflag & O_CREAT) {
struct mq_attr attr;
+
+ memset(&attr, 0, sizeof(attr));
+
p = compat_alloc_user_space(sizeof(attr));
if (get_compat_mq_attr(&attr, u_attr) ||
copy_to_user(p, &attr, sizeof(attr)))
@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr
struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p));
long ret;
+ memset(&mqstat, 0, sizeof(mqstat));
+
if (u_mqstat) {
if (get_compat_mq_attr(&mqstat, u_mqstat) ||
copy_to_user(p, &mqstat, sizeof(mqstat)))
^ permalink raw reply [flat|nested] 288+ messages in thread
* [124/289] ipc: shm: fix information leak to userland
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (123 preceding siblings ...)
2010-12-08 0:58 ` [123/289] ipc: initialize structure memory to zero for compat functions Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [125/289] net: NETIF_F_HW_CSUM does not imply FCoE CRC offload Greg KH
` (161 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Vasiliy Kulikov, Al Viro
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Vasiliy Kulikov <segooon@gmail.com>
commit 3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 upstream.
The shmid_ds structure is copied to userland with shm_unused{,2,3}
fields unitialized. It leads to leaking of contents of kernel stack
memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
ipc/shm.c | 1 +
1 file changed, 1 insertion(+)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -473,6 +473,7 @@ static inline unsigned long copy_shmid_t
{
struct shmid_ds out;
+ memset(&out, 0, sizeof(out));
ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
out.shm_segsz = in->shm_segsz;
out.shm_atime = in->shm_atime;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [000/289] 2.6.36.2-stable review
@ 2010-12-08 0:58 Greg KH
2010-12-08 0:56 ` Greg KH
` (286 more replies)
0 siblings, 287 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan
This is the start of the stable review cycle for the 2.6.36.2 release.
There are 289 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let us know. If anyone is a maintainer of the proper subsystem, and
wants to add a Signed-off-by: line to the patch, please respond with it.
Responses should be made by Thursday, December 9, 2010, 20:00:00 UTC.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.36.2-rc1.gz
and the diffstat can be found below.
thanks,
greg k-h
Makefile | 2 +-
arch/arm/include/asm/assembler.h | 2 +-
arch/arm/lib/findbit.S | 6 +-
arch/arm/mach-cns3xxx/pcie.c | 2 +-
arch/arm/mm/fault-armv.c | 28 +++-
arch/arm/plat-omap/dma.c | 50 +++++-
arch/arm/plat-omap/include/plat/dma.h | 4 +
arch/microblaze/Makefile | 8 +-
arch/powerpc/mm/hash_utils_64.c | 2 +-
arch/s390/kernel/nmi.c | 10 +-
arch/s390/kernel/vtime.c | 19 ++
arch/s390/lib/delay.c | 14 +-
arch/sh/include/asm/syscalls_32.h | 7 +-
arch/um/drivers/line.c | 5 +-
arch/um/kernel/uml.lds.S | 2 +-
arch/um/os-Linux/time.c | 2 +-
arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c | 1 +
arch/x86/kernel/hw_breakpoint.c | 4 +
arch/x86/kvm/svm.c | 2 +-
arch/x86/kvm/vmx.c | 19 +-
arch/x86/kvm/x86.c | 14 +-
arch/x86/xen/enlighten.c | 4 -
block/blk-map.c | 2 +
block/blk-settings.c | 2 +-
block/genhd.c | 6 +-
block/scsi_ioctl.c | 34 +++-
drivers/acpi/battery.c | 38 ++++-
drivers/acpi/bus.c | 7 +-
drivers/acpi/debugfs.c | 2 +-
drivers/ata/libata-scsi.c | 5 +-
drivers/ata/sata_via.c | 9 +-
drivers/char/agp/intel-agp.c | 1 +
drivers/char/agp/intel-gtt.c | 63 +++----
drivers/char/hpet.c | 17 ++
drivers/char/ipmi/ipmi_si_intf.c | 30 ++-
drivers/char/tty_buffer.c | 14 ++-
drivers/char/tty_io.c | 13 +-
drivers/char/tty_ldisc.c | 51 +++++-
drivers/char/vt_ioctl.c | 11 +-
drivers/crypto/padlock-aes.c | 2 +-
drivers/firewire/ohci.c | 64 +++++--
drivers/gpio/cs5535-gpio.c | 16 ++-
drivers/gpu/drm/i915/i915_dma.c | 3 +
drivers/gpu/drm/i915/i915_irq.c | 21 ++-
drivers/gpu/drm/i915/i915_reg.h | 7 +
drivers/gpu/drm/i915/i915_suspend.c | 4 +-
drivers/gpu/drm/i915/intel_crt.c | 3 +-
drivers/gpu/drm/i915/intel_display.c | 7 +
drivers/gpu/drm/i915/intel_drv.h | 1 +
drivers/gpu/drm/i915/intel_overlay.c | 8 +
drivers/gpu/drm/i915/intel_sdvo.c | 8 +-
drivers/gpu/drm/radeon/atom.c | 1 +
drivers/gpu/drm/radeon/r100.c | 6 +
drivers/gpu/drm/radeon/r100_track.h | 1 +
drivers/gpu/drm/radeon/r200.c | 2 +
drivers/gpu/drm/radeon/r600.c | 15 +-
drivers/gpu/drm/radeon/r600_blit_kms.c | 8 +-
drivers/gpu/drm/radeon/r600_cs.c | 4 +-
drivers/gpu/drm/radeon/r600_reg.h | 1 +
drivers/gpu/drm/radeon/radeon_atombios.c | 16 ++
drivers/gpu/drm/radeon/radeon_bios.c | 13 +-
drivers/gpu/drm/radeon/radeon_combios.c | 15 ++-
drivers/gpu/drm/radeon/radeon_connectors.c | 34 ++++
drivers/gpu/drm/radeon/radeon_encoders.c | 36 +++-
drivers/gpu/drm/radeon/radeon_i2c.c | 1 +
drivers/gpu/drm/radeon/radeon_object.c | 4 +-
drivers/gpu/drm/radeon/radeon_reg.h | 1 +
drivers/gpu/drm/radeon/rv770.c | 9 +-
drivers/hid/hid-egalax.c | 16 +-
drivers/hid/usbhid/hid-quirks.c | 1 -
drivers/hwmon/lm85.c | 1 +
drivers/i2c/busses/i2c-pca-platform.c | 2 +-
drivers/input/serio/i8042-x86ia64io.h | 7 +
drivers/isdn/gigaset/bas-gigaset.c | 89 ++++-----
drivers/isdn/gigaset/isocdata.c | 8 +-
drivers/leds/leds-ss4200.c | 1 +
drivers/md/md.c | 6 +-
drivers/md/raid1.c | 1 +
drivers/media/video/cx23885/cx23885-core.c | 1 +
drivers/media/video/gspca/gspca.c | 4 +-
drivers/media/video/gspca/sonixj.c | 3 +-
drivers/media/video/hdpvr/hdpvr-video.c | 1 +
drivers/media/video/msp3400-driver.c | 7 +-
drivers/media/video/saa7134/saa7134-cards.c | 24 ++--
drivers/misc/ad525x_dpot-spi.c | 4 +-
drivers/misc/sgi-xp/xpc_partition.c | 25 ++-
drivers/mmc/core/core.c | 2 +-
drivers/net/e1000/e1000_main.c | 12 +-
drivers/net/jme.c | 22 ++-
drivers/net/pcmcia/pcnet_cs.c | 1 +
drivers/net/phy/marvell.c | 35 ++--
drivers/net/r6040.c | 22 ++-
drivers/net/r8169.c | 19 +-
drivers/net/usb/usbnet.c | 11 +
drivers/net/wireless/ath/ath.h | 1 +
drivers/net/wireless/ath/ath9k/ar9002_hw.c | 3 +
.../net/wireless/ath/ath9k/ar9003_2p2_initvals.h | 191 +++++++++++++------
drivers/net/wireless/ath/ath9k/ar9003_mac.c | 3 +-
drivers/net/wireless/ath/ath9k/ar9003_paprd.c | 14 +-
drivers/net/wireless/ath/ath9k/ath9k.h | 7 +-
drivers/net/wireless/ath/ath9k/beacon.c | 2 +-
drivers/net/wireless/ath/ath9k/common.c | 11 +
drivers/net/wireless/ath/ath9k/eeprom_9287.c | 2 +-
drivers/net/wireless/ath/ath9k/hif_usb.c | 20 ++-
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 2 +
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 2 +-
drivers/net/wireless/ath/ath9k/hw.c | 1 +
drivers/net/wireless/ath/ath9k/init.c | 40 +++-
drivers/net/wireless/ath/ath9k/mac.c | 5 +-
drivers/net/wireless/ath/ath9k/main.c | 61 +++++--
drivers/net/wireless/ath/ath9k/rc.c | 8 +-
drivers/net/wireless/ath/ath9k/recv.c | 45 +++--
drivers/net/wireless/ath/ath9k/reg.h | 9 +-
drivers/net/wireless/ath/ath9k/xmit.c | 112 ++++++------
drivers/net/wireless/b43/sdio.c | 3 +
drivers/oprofile/timer_int.c | 13 ++
drivers/pci/pci-sysfs.c | 22 ++-
drivers/pci/pci.h | 7 +-
drivers/pci/proc.c | 2 +-
drivers/pcmcia/soc_common.c | 1 +
drivers/platform/x86/wmi.c | 2 +-
drivers/pnp/pnpacpi/core.c | 29 +++-
drivers/power/olpc_battery.c | 8 +-
drivers/scsi/qla2xxx/qla_gbl.h | 1 +
drivers/scsi/qla2xxx/qla_init.c | 5 +-
drivers/scsi/qla2xxx/qla_os.c | 5 +
drivers/serial/mfd.c | 18 +-
drivers/ssb/b43_pci_bridge.c | 1 +
drivers/staging/asus_oled/asus_oled.c | 8 +-
drivers/staging/batman-adv/soft-interface.c | 4 +
drivers/staging/frontier/tranzport.c | 2 +-
drivers/staging/iio/accel/adis16220_core.c | 2 +-
drivers/staging/line6/control.c | 204 ++++++++++----------
drivers/staging/line6/midi.c | 4 +-
drivers/staging/line6/pod.c | 32 ++--
drivers/staging/line6/toneport.c | 4 +-
drivers/staging/line6/variax.c | 12 +-
drivers/staging/rt2860/usb_main_dev.c | 2 +
drivers/staging/rtl8187se/r8185b_init.c | 30 ++-
drivers/staging/samsung-laptop/samsung-laptop.c | 2 +-
drivers/staging/udlfb/udlfb.c | 2 +-
drivers/usb/atm/ueagle-atm.c | 7 +-
drivers/usb/core/devio.c | 7 +-
drivers/usb/gadget/atmel_usba_udc.c | 2 +-
drivers/usb/host/ehci-dbg.c | 2 +-
drivers/usb/host/ehci-hcd.c | 10 +-
drivers/usb/host/ehci-pci.c | 12 ++
drivers/usb/host/ohci-jz4740.c | 2 +-
drivers/usb/host/xhci-hub.c | 7 +
drivers/usb/host/xhci-mem.c | 168 ++++++++++++++++-
drivers/usb/host/xhci-ring.c | 1 -
drivers/usb/host/xhci.c | 18 ++
drivers/usb/host/xhci.h | 32 +++
drivers/usb/misc/cypress_cy7c63.c | 6 +-
drivers/usb/misc/iowarrior.c | 1 +
drivers/usb/misc/sisusbvga/sisusb.c | 1 +
drivers/usb/misc/trancevibrator.c | 2 +-
drivers/usb/misc/usbled.c | 2 +-
drivers/usb/misc/usbsevseg.c | 10 +-
drivers/usb/musb/musb_core.c | 1 -
drivers/usb/serial/ftdi_sio.c | 4 +
drivers/usb/serial/ftdi_sio_ids.h | 11 +
drivers/usb/serial/option.c | 2 +-
drivers/usb/serial/usb-serial.c | 3 +
drivers/usb/storage/sierra_ms.c | 2 +-
drivers/video/backlight/backlight.c | 12 +-
drivers/video/via/accel.c | 7 +-
drivers/video/via/via_i2c.c | 27 +++-
drivers/xen/events.c | 2 +-
fs/bio.c | 23 ++-
fs/cifs/dns_resolve.c | 2 +-
fs/cifs/inode.c | 12 +-
fs/compat.c | 28 ++--
fs/ecryptfs/inode.c | 11 +-
fs/exec.c | 36 +++-
fs/ext4/super.c | 1 +
fs/fuse/file.c | 10 +
fs/hostfs/hostfs.h | 3 +-
fs/hostfs/hostfs_kern.c | 2 +-
fs/hostfs/hostfs_user.c | 9 +-
fs/nfs/file.c | 17 +-
fs/nfs/nfs4proc.c | 9 +-
fs/nfs/nfs4state.c | 16 +-
fs/nfs/pagelist.c | 8 +-
fs/pipe.c | 14 ++-
fs/proc/base.c | 2 +-
fs/reiserfs/ioctl.c | 7 +-
fs/reiserfs/xattr_acl.c | 6 +-
fs/splice.c | 24 +--
include/linux/binfmts.h | 5 +
include/linux/blkdev.h | 4 +-
include/linux/gfp.h | 4 +-
include/linux/kfifo.h | 7 +-
include/linux/netfilter.h | 2 +-
include/linux/pci_ids.h | 1 +
include/linux/perf_event.h | 1 +
include/linux/pipe_fs_i.h | 1 +
include/linux/radix-tree.h | 36 ++--
include/linux/socket.h | 2 +-
include/linux/tty.h | 1 +
include/net/mac80211.h | 16 ++
ipc/compat.c | 6 +
ipc/compat_mq.c | 5 +
ipc/shm.c | 1 +
kernel/exit.c | 9 +
kernel/irq/proc.c | 2 +-
kernel/latencytop.c | 17 +-
kernel/perf_event.c | 22 ++-
kernel/pm_qos_params.c | 4 +-
kernel/power/hibernate.c | 22 ++-
kernel/power/suspend.c | 5 +-
kernel/power/user.c | 2 +
kernel/sched.c | 12 ++
lib/percpu_counter.c | 1 +
lib/radix-tree.c | 83 ++++++---
mm/filemap.c | 29 ++--
mm/hugetlb.c | 8 +-
mm/internal.h | 2 +-
mm/memcontrol.c | 43 +++--
mm/memory_hotplug.c | 2 +-
mm/mempolicy.c | 2 +-
mm/mprotect.c | 2 +-
mm/nommu.c | 1 +
mm/page_alloc.c | 21 ++-
net/8021q/vlan_core.c | 3 +
net/can/bcm.c | 2 +-
net/compat.c | 10 +-
net/core/dev.c | 19 ++-
net/core/filter.c | 64 ++++---
net/core/iovec.c | 20 +-
net/decnet/af_decnet.c | 2 +
net/econet/af_econet.c | 91 ++++-----
net/irda/iriap.c | 3 +-
net/irda/parameters.c | 4 +-
net/mac80211/agg-tx.c | 2 +
net/mac80211/cfg.c | 5 +-
net/mac80211/ibss.c | 1 +
net/mac80211/ieee80211_i.h | 2 +
net/mac80211/main.c | 3 +-
net/mac80211/mesh_plink.c | 17 ++-
net/mac80211/mlme.c | 48 +++--
net/mac80211/offchannel.c | 7 +
net/mac80211/rate.c | 3 +
net/mac80211/rc80211_minstrel_ht.c | 7 +-
net/mac80211/status.c | 1 +
net/netfilter/nf_conntrack_core.c | 3 +-
net/rds/rdma.c | 2 +-
net/socket.c | 4 +
net/sunrpc/clnt.c | 2 +-
net/wireless/chan.c | 51 +++++
net/wireless/nl80211.c | 11 +-
net/wireless/reg.c | 2 +-
net/wireless/scan.c | 12 +-
net/x25/x25_facilities.c | 20 ++-
net/x25/x25_in.c | 2 +
scripts/kconfig/conf.c | 2 +-
sound/core/oss/mixer_oss.c | 12 +-
sound/core/oss/pcm_oss.c | 19 +-
sound/pci/hda/hda_codec.c | 8 +-
sound/pci/hda/hda_codec.h | 1 +
sound/pci/hda/hda_intel.c | 25 ++-
sound/pci/hda/patch_analog.c | 7 +
sound/pci/hda/patch_ca0110.c | 2 +-
sound/pci/hda/patch_conexant.c | 1 +
sound/pci/hda/patch_realtek.c | 51 +++++-
sound/pci/hda/patch_sigmatel.c | 16 ++
sound/pci/intel8x0.c | 6 +
sound/soc/codecs/wm8900.c | 6 -
sound/soc/codecs/wm8961.c | 4 +-
269 files changed, 2563 insertions(+), 1114 deletions(-)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [125/289] net: NETIF_F_HW_CSUM does not imply FCoE CRC offload
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (124 preceding siblings ...)
2010-12-08 0:58 ` [124/289] ipc: shm: fix information leak to userland Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [126/289] drivers/char/vt_ioctl.c: fix VT_OPENQRY error value Greg KH
` (160 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ben Hutchings, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ben Hutchings <bhutchings@solarflare.com>
commit 66c68bcc489fadd4f5e8839e966e3a366e50d1d5 upstream.
NETIF_F_HW_CSUM indicates the ability to update an TCP/IP-style 16-bit
checksum with the checksum of an arbitrary part of the packet data,
whereas the FCoE CRC is something entirely different.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/core/dev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1648,10 +1648,10 @@ EXPORT_SYMBOL(netif_device_attach);
static bool can_checksum_protocol(unsigned long features, __be16 protocol)
{
- return ((features & NETIF_F_GEN_CSUM) ||
- ((features & NETIF_F_IP_CSUM) &&
+ return ((features & NETIF_F_NO_CSUM) ||
+ ((features & NETIF_F_V4_CSUM) &&
protocol == htons(ETH_P_IP)) ||
- ((features & NETIF_F_IPV6_CSUM) &&
+ ((features & NETIF_F_V6_CSUM) &&
protocol == htons(ETH_P_IPV6)) ||
((features & NETIF_F_FCOE_CRC) &&
protocol == htons(ETH_P_FCOE)));
^ permalink raw reply [flat|nested] 288+ messages in thread
* [126/289] drivers/char/vt_ioctl.c: fix VT_OPENQRY error value
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (125 preceding siblings ...)
2010-12-08 0:58 ` [125/289] net: NETIF_F_HW_CSUM does not imply FCoE CRC offload Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [127/289] viafb: use proper register for colour when doing fill ops Greg KH
` (159 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Graham Gower, Greg KH
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Graham Gower <graham.gower@gmail.com>
commit 1e0ad2881d50becaeea70ec696a80afeadf944d2 upstream.
When all VT's are in use, VT_OPENQRY casts -1 to unsigned char before
returning it to userspace as an int. VT255 is not the next available
console.
Signed-off-by: Graham Gower <graham.gower@gmail.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/vt_ioctl.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/drivers/char/vt_ioctl.c
+++ b/drivers/char/vt_ioctl.c
@@ -503,6 +503,7 @@ int vt_ioctl(struct tty_struct *tty, str
struct kbd_struct * kbd;
unsigned int console;
unsigned char ucval;
+ unsigned int uival;
void __user *up = (void __user *)arg;
int i, perm;
int ret = 0;
@@ -657,7 +658,7 @@ int vt_ioctl(struct tty_struct *tty, str
break;
case KDGETMODE:
- ucval = vc->vc_mode;
+ uival = vc->vc_mode;
goto setint;
case KDMAPDISP:
@@ -695,7 +696,7 @@ int vt_ioctl(struct tty_struct *tty, str
break;
case KDGKBMODE:
- ucval = ((kbd->kbdmode == VC_RAW) ? K_RAW :
+ uival = ((kbd->kbdmode == VC_RAW) ? K_RAW :
(kbd->kbdmode == VC_MEDIUMRAW) ? K_MEDIUMRAW :
(kbd->kbdmode == VC_UNICODE) ? K_UNICODE :
K_XLATE);
@@ -717,9 +718,9 @@ int vt_ioctl(struct tty_struct *tty, str
break;
case KDGKBMETA:
- ucval = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT);
+ uival = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT);
setint:
- ret = put_user(ucval, (int __user *)arg);
+ ret = put_user(uival, (int __user *)arg);
break;
case KDGETKEYCODE:
@@ -949,7 +950,7 @@ int vt_ioctl(struct tty_struct *tty, str
for (i = 0; i < MAX_NR_CONSOLES; ++i)
if (! VT_IS_IN_USE(i))
break;
- ucval = i < MAX_NR_CONSOLES ? (i+1) : -1;
+ uival = i < MAX_NR_CONSOLES ? (i+1) : -1;
goto setint;
/*
^ permalink raw reply [flat|nested] 288+ messages in thread
* [127/289] viafb: use proper register for colour when doing fill ops
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (126 preceding siblings ...)
2010-12-08 0:58 ` [126/289] drivers/char/vt_ioctl.c: fix VT_OPENQRY error value Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [128/289] sata_via: apply magic FIFO fix to vt6420 too Greg KH
` (158 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Florian Tobias Schandinat,
Joseph Chan, Daniel Drake, Jon Nettleton
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
commit efd4f6398dc92b5bf392670df862f42a19f34cf2 upstream.
The colour was written to a wrong register for fillrect operations.
This sometimes caused empty console space (for example after 'clear')
to have a different colour than desired. Fix this by writing to the
correct register.
Many thanks to Daniel Drake and Jon Nettleton for pointing out this
issue and pointing me in the right direction for the fix.
Fixes http://dev.laptop.org/ticket/9323
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Cc: Joseph Chan <JosephChan@via.com.tw>
Cc: Daniel Drake <dsd@laptop.org>
Cc: Jon Nettleton <jon.nettleton@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/video/via/accel.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/video/via/accel.c
+++ b/drivers/video/via/accel.c
@@ -283,11 +283,12 @@ static int hw_bitblt_2(void __iomem *eng
writel(tmp, engine + 0x1C);
}
- if (op != VIA_BITBLT_COLOR)
+ if (op == VIA_BITBLT_FILL) {
+ writel(fg_color, engine + 0x58);
+ } else if (op == VIA_BITBLT_MONO) {
writel(fg_color, engine + 0x4C);
-
- if (op == VIA_BITBLT_MONO)
writel(bg_color, engine + 0x50);
+ }
if (op == VIA_BITBLT_FILL)
ge_cmd |= fill_rop << 24 | 0x00002000 | 0x00000001;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [128/289] sata_via: apply magic FIFO fix to vt6420 too
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (127 preceding siblings ...)
2010-12-08 0:58 ` [127/289] viafb: use proper register for colour when doing fill ops Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [129/289] eCryptfs: Clear LOOKUP_OPEN flag when creating lower file Greg KH
` (157 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Tejun Heo, Joseph Chan, Jeff Garzik
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tejun Heo <tj@kernel.org>
commit b1353e4f40f6179ab26a3bb1b2e1fe29ffe534f5 upstream.
vt6420 has the same FIFO overflow problem as vt6421 when combined with
certain devices. This patch applies the magic fix to vt6420 too.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Martin Qvist <q@maq.dk>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Cc: Joseph Chan <JosephChan@via.com.tw>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/ata/sata_via.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/drivers/ata/sata_via.c
+++ b/drivers/ata/sata_via.c
@@ -538,7 +538,7 @@ static int vt8251_prepare_host(struct pc
return 0;
}
-static void svia_configure(struct pci_dev *pdev)
+static void svia_configure(struct pci_dev *pdev, int board_id)
{
u8 tmp8;
@@ -577,7 +577,7 @@ static void svia_configure(struct pci_de
}
/*
- * vt6421 has problems talking to some drives. The following
+ * vt6420/1 has problems talking to some drives. The following
* is the fix from Joseph Chan <JosephChan@via.com.tw>.
*
* When host issues HOLD, device may send up to 20DW of data
@@ -596,8 +596,9 @@ static void svia_configure(struct pci_de
*
* https://bugzilla.kernel.org/show_bug.cgi?id=15173
* http://article.gmane.org/gmane.linux.ide/46352
+ * http://thread.gmane.org/gmane.linux.kernel/1062139
*/
- if (pdev->device == 0x3249) {
+ if (board_id == vt6420 || board_id == vt6421) {
pci_read_config_byte(pdev, 0x52, &tmp8);
tmp8 |= 1 << 2;
pci_write_config_byte(pdev, 0x52, tmp8);
@@ -652,7 +653,7 @@ static int svia_init_one(struct pci_dev
if (rc)
return rc;
- svia_configure(pdev);
+ svia_configure(pdev, board_id);
pci_set_master(pdev);
return ata_host_activate(host, pdev->irq, ata_bmdma_interrupt,
^ permalink raw reply [flat|nested] 288+ messages in thread
* [129/289] eCryptfs: Clear LOOKUP_OPEN flag when creating lower file
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (128 preceding siblings ...)
2010-12-08 0:58 ` [128/289] sata_via: apply magic FIFO fix to vt6420 too Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [130/289] ecryptfs: call vfs_setxattr() in ecryptfs_setxattr() Greg KH
` (156 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Tyler Hicks
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
commit 2e21b3f124eceb6ab5a07c8a061adce14ac94e14 upstream.
eCryptfs was passing the LOOKUP_OPEN flag through to the lower file
system, even though ecryptfs_create() doesn't support the flag. A valid
filp for the lower filesystem could be returned in the nameidata if the
lower file system's create() function supported LOOKUP_OPEN, possibly
resulting in unencrypted writes to the lower file.
However, this is only a potential problem in filesystems (FUSE, NFS,
CIFS, CEPH, 9p) that eCryptfs isn't known to support today.
https://bugs.launchpad.net/ecryptfs/+bug/641703
Reported-by: Kevin Buhr
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/ecryptfs/inode.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -70,15 +70,19 @@ ecryptfs_create_underlying_file(struct i
struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
struct dentry *dentry_save;
struct vfsmount *vfsmount_save;
+ unsigned int flags_save;
int rc;
dentry_save = nd->path.dentry;
vfsmount_save = nd->path.mnt;
+ flags_save = nd->flags;
nd->path.dentry = lower_dentry;
nd->path.mnt = lower_mnt;
+ nd->flags &= ~LOOKUP_OPEN;
rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
nd->path.dentry = dentry_save;
nd->path.mnt = vfsmount_save;
+ nd->flags = flags_save;
return rc;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [130/289] ecryptfs: call vfs_setxattr() in ecryptfs_setxattr()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (129 preceding siblings ...)
2010-12-08 0:58 ` [129/289] eCryptfs: Clear LOOKUP_OPEN flag when creating lower file Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [131/289] md: Fix regression with raid1 arrays without persistent metadata Greg KH
` (155 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Roberto Sassu,
Dustin Kirkland, James Morris, Tyler Hicks
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Roberto Sassu <roberto.sassu@polito.it>
commit 48b512e6857139393cdfce26348c362b87537018 upstream.
Ecryptfs is a stackable filesystem which relies on lower filesystems the
ability of setting/getting extended attributes.
If there is a security module enabled on the system it updates the
'security' field of inodes according to the owned extended attribute set
with the function vfs_setxattr(). When this function is performed on a
ecryptfs filesystem the 'security' field is not updated for the lower
filesystem since the call security_inode_post_setxattr() is missing for
the lower inode.
Further, the call security_inode_setxattr() is missing for the lower inode,
leading to policy violations in the security module because specific
checks for this hook are not performed (i. e. filesystem
'associate' permission on SELinux is not checked for the lower filesystem).
This patch replaces the call of the setxattr() method of the lower inode
in the function ecryptfs_setxattr() with vfs_setxattr().
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Cc: Dustin Kirkland <kirkland@canonical.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/ecryptfs/inode.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -32,6 +32,7 @@
#include <linux/crypto.h>
#include <linux/fs_stack.h>
#include <linux/slab.h>
+#include <linux/xattr.h>
#include <asm/unaligned.h>
#include "ecryptfs_kernel.h"
@@ -1112,10 +1113,8 @@ ecryptfs_setxattr(struct dentry *dentry,
rc = -EOPNOTSUPP;
goto out;
}
- mutex_lock(&lower_dentry->d_inode->i_mutex);
- rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value,
- size, flags);
- mutex_unlock(&lower_dentry->d_inode->i_mutex);
+
+ rc = vfs_setxattr(lower_dentry, name, value, size, flags);
out:
return rc;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [131/289] md: Fix regression with raid1 arrays without persistent metadata.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (130 preceding siblings ...)
2010-12-08 0:58 ` [130/289] ecryptfs: call vfs_setxattr() in ecryptfs_setxattr() Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [132/289] md/raid1: really fix recovery looping when single good device fails Greg KH
` (154 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, NeilBrown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: NeilBrown <neilb@suse.de>
commit d97a41dc9c44f5829b7af7aa69fda10fd82b6b4e upstream.
A RAID1 which has no persistent metadata, whether internal or
external, will hang on the first write.
This is caused by commit 070dc6dd7103b6b3f7e4d46e754354a5c15f366e
In that case, MD_CHANGE_PENDING never gets cleared.
So during md_update_sb, is neither persistent or external,
clear MD_CHANGE_PENDING.
This is suitable for 2.6.36-stable.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/md/md.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -2172,6 +2172,8 @@ repeat:
if (!mddev->persistent) {
clear_bit(MD_CHANGE_CLEAN, &mddev->flags);
clear_bit(MD_CHANGE_DEVS, &mddev->flags);
+ if (!mddev->external)
+ clear_bit(MD_CHANGE_PENDING, &mddev->flags);
wake_up(&mddev->sb_wait);
return;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [132/289] md/raid1: really fix recovery looping when single good device fails.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (131 preceding siblings ...)
2010-12-08 0:58 ` [131/289] md: Fix regression with raid1 arrays without persistent metadata Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [133/289] md: fix return value of rdev_size_change() Greg KH
` (153 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, NeilBrown
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1227 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: NeilBrown <neilb@suse.de>
commit 8f9e0ee38f75d4740daa9e42c8af628d33d19a02 upstream.
Commit 4044ba58dd15cb01797c4fd034f39ef4a75f7cc3 supposedly fixed a
problem where if a raid1 with just one good device gets a read-error
during recovery, the recovery would abort and immediately restart in
an infinite loop.
However it depended on raid1_remove_disk removing the spare device
from the array. But that does not happen in this case. So add a test
so that in the 'recovery_disabled' case, the device will be removed.
This suitable for any kernel since 2.6.29 which is when
recovery_disabled was introduced.
Reported-by: Sebastian Färber <faerber@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/md/raid1.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1210,6 +1210,7 @@ static int raid1_remove_disk(mddev_t *md
* is not possible.
*/
if (!test_bit(Faulty, &rdev->flags) &&
+ !mddev->recovery_disabled &&
mddev->degraded < conf->raid_disks) {
err = -EBUSY;
goto abort;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [133/289] md: fix return value of rdev_size_change()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (132 preceding siblings ...)
2010-12-08 0:58 ` [132/289] md/raid1: really fix recovery looping when single good device fails Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [134/289] ALSA: hda: Use BIOS auto-parsing instead of existing model quirk for MEDION MD2 Greg KH
` (152 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Justin Maggard, NeilBrown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Justin Maggard <jmaggard10@gmail.com>
commit c26a44ed1e552aaa1d4ceb71842002d235fe98d7 upstream.
When trying to grow an array by enlarging component devices,
rdev_size_store() expects the return value of rdev_size_change() to be
in sectors, but the actual value is returned in KBs.
This functionality was broken by commit
dd8ac336c13fd8afdb082ebacb1cddd5cf727889
so this patch is suitable for any kernel since 2.6.30.
Signed-off-by: Justin Maggard <jmaggard10@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/md/md.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -1329,7 +1329,7 @@ super_90_rdev_size_change(mdk_rdev_t *rd
md_super_write(rdev->mddev, rdev, rdev->sb_start, rdev->sb_size,
rdev->sb_page);
md_super_wait(rdev->mddev);
- return num_sectors / 2; /* kB for sysfs */
+ return num_sectors;
}
@@ -1697,7 +1697,7 @@ super_1_rdev_size_change(mdk_rdev_t *rde
md_super_write(rdev->mddev, rdev, rdev->sb_start, rdev->sb_size,
rdev->sb_page);
md_super_wait(rdev->mddev);
- return num_sectors / 2; /* kB for sysfs */
+ return num_sectors;
}
static struct super_type super_types[] = {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [134/289] ALSA: hda: Use BIOS auto-parsing instead of existing model quirk for MEDION MD2
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (133 preceding siblings ...)
2010-12-08 0:58 ` [133/289] md: fix return value of rdev_size_change() Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [135/289] tty: prevent DOS in the flush_to_ldisc Greg KH
` (151 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daniel T Chen, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel T Chen <crimsun@ubuntu.com>
commit ac70eb1305d5a81efd1e32327d7e79be15a63a5a upstream.
BugLink: https://launchpad.net/bugs/682199
A 2.6.35 (Ubuntu Maverick) user, burningphantom1, reported a regression
in audio: playback was inaudible through both speakers and headphones.
In commit 272a527c04 of sound-2.6.git, a new model was added with this
machine's PCI SSID. Fortunately, it is now sufficient to use the auto
model for BIOS auto-parsing instead of the existing quirk.
Playback, capture, and jack sense were verified working for both
2.6.35 and the alsa-driver snapshot from 2010-11-27 when model=auto is
used.
Reported-and-tested-by: burningphantom1
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 1 -
1 file changed, 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9664,7 +9664,6 @@ static struct snd_pci_quirk alc882_cfg_t
SND_PCI_QUIRK(0x17aa, 0x3bfc, "Lenovo NB0763", ALC883_LENOVO_NB0763),
SND_PCI_QUIRK(0x17aa, 0x3bfd, "Lenovo NB0763", ALC883_LENOVO_NB0763),
SND_PCI_QUIRK(0x17aa, 0x101d, "Lenovo Sky", ALC888_LENOVO_SKY),
- SND_PCI_QUIRK(0x17c0, 0x4071, "MEDION MD2", ALC883_MEDION_MD2),
SND_PCI_QUIRK(0x17c0, 0x4085, "MEDION MD96630", ALC888_LENOVO_MS7195_DIG),
SND_PCI_QUIRK(0x17f2, 0x5000, "Albatron KI690-AM2", ALC883_6ST_DIG),
SND_PCI_QUIRK(0x1991, 0x5625, "Haier W66", ALC883_HAIER_W66),
^ permalink raw reply [flat|nested] 288+ messages in thread
* [135/289] tty: prevent DOS in the flush_to_ldisc
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (134 preceding siblings ...)
2010-12-08 0:58 ` [134/289] ALSA: hda: Use BIOS auto-parsing instead of existing model quirk for MEDION MD2 Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [136/289] TTY: restore tty_ldisc_wait_idle Greg KH
` (150 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jiri Olsa
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jiri Olsa <jolsa@redhat.com>
commit e045fec48970df84647a47930fcf7a22ff7229c0 upstream.
There's a small window inside the flush_to_ldisc function,
where the tty is unlocked and calling ldisc's receive_buf
function. If in this window new buffer is added to the tty,
the processing might never leave the flush_to_ldisc function.
This scenario will hog the cpu, causing other tty processing
starving, and making it impossible to interface the computer
via tty.
I was able to exploit this via pty interface by sending only
control characters to the master input, causing the flush_to_ldisc
to be scheduled, but never actually generate any output.
To reproduce, please run multiple instances of following code.
- SNIP
#define _XOPEN_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main(int argc, char **argv)
{
int i, slave, master = getpt();
char buf[8192];
sprintf(buf, "%s", ptsname(master));
grantpt(master);
unlockpt(master);
slave = open(buf, O_RDWR);
if (slave < 0) {
perror("open slave failed");
return 1;
}
for(i = 0; i < sizeof(buf); i++)
buf[i] = rand() % 32;
while(1) {
write(master, buf, sizeof(buf));
}
return 0;
}
- SNIP
The attached patch (based on -next tree) fixes this by checking on the
tty buffer tail. Once it's reached, the current work is rescheduled
and another could run.
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/tty_buffer.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/char/tty_buffer.c
+++ b/drivers/char/tty_buffer.c
@@ -413,7 +413,8 @@ static void flush_to_ldisc(struct work_s
spin_lock_irqsave(&tty->buf.lock, flags);
if (!test_and_set_bit(TTY_FLUSHING, &tty->flags)) {
- struct tty_buffer *head;
+ struct tty_buffer *head, *tail = tty->buf.tail;
+ int seen_tail = 0;
while ((head = tty->buf.head) != NULL) {
int count;
char *char_buf;
@@ -423,6 +424,15 @@ static void flush_to_ldisc(struct work_s
if (!count) {
if (head->next == NULL)
break;
+ /*
+ There's a possibility tty might get new buffer
+ added during the unlock window below. We could
+ end up spinning in here forever hogging the CPU
+ completely. To avoid this let's have a rest each
+ time we processed the tail buffer.
+ */
+ if (tail == head)
+ seen_tail = 1;
tty->buf.head = head->next;
tty_buffer_free(tty, head);
continue;
@@ -432,7 +442,7 @@ static void flush_to_ldisc(struct work_s
line discipline as we want to empty the queue */
if (test_bit(TTY_FLUSHPENDING, &tty->flags))
break;
- if (!tty->receive_room) {
+ if (!tty->receive_room || seen_tail) {
schedule_delayed_work(&tty->buf.work, 1);
break;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [136/289] TTY: restore tty_ldisc_wait_idle
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (135 preceding siblings ...)
2010-12-08 0:58 ` [135/289] tty: prevent DOS in the flush_to_ldisc Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [137/289] tty_ldisc: Fix BUG() on hangup Greg KH
` (149 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jiri Slaby, Alan Cox
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
commit 100eeae2c5ce23b4db93ff320ee330ef1d740151 upstream.
It was removed in 65b770468e98 (tty-ldisc: turn ldisc user count into
a proper refcount), but we need to wait for last user to quit the
ldisc before we close it in tty_set_ldisc.
Otherwise weird things start to happen. There might be processes
waiting in tty_read->n_tty_read on tty->read_wait for input to appear
and at that moment, a change of ldisc is fatal. n_tty_close is called,
it frees read_buf and the waiting process is still in the middle of
reading and goes nuts after it is woken.
Previously we prevented close to happen when others are in ldisc ops
by tty_ldisc_wait_idle in tty_set_ldisc. But the commit above removed
that. So revoke the change and test whether there is 1 user (=we), and
allow the close then.
We can do that without ldisc/tty locks, because nobody else can open
the device due to TTY_LDISC_CHANGING bit set, so we in fact wait for
everybody to leave.
I don't understand why tty_ldisc_lock would be needed either when the
counter is an atomic variable, so this is a lockless
tty_ldisc_wait_idle.
On the other hand, if we fail to wait (timeout or signal), we have to
reenable the halted ldiscs, so we take ldisc lock and reuse the setup
path at the end of tty_set_ldisc.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Sebastian Andrzej Siewior <bigeasy@breakpoint.cc>
LKML-Reference: <20101031104136.GA511@Chamillionaire.breakpoint.cc>
LKML-Reference: <1287669539-22644-1-git-send-email-jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/tty_ldisc.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
--- a/drivers/char/tty_ldisc.c
+++ b/drivers/char/tty_ldisc.c
@@ -47,6 +47,7 @@
static DEFINE_SPINLOCK(tty_ldisc_lock);
static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
+static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_idle);
/* Line disc dispatch table */
static struct tty_ldisc_ops *tty_ldiscs[NR_LDISCS];
@@ -83,6 +84,7 @@ static void put_ldisc(struct tty_ldisc *
return;
}
local_irq_restore(flags);
+ wake_up(&tty_ldisc_idle);
}
/**
@@ -531,6 +533,23 @@ static int tty_ldisc_halt(struct tty_str
}
/**
+ * tty_ldisc_wait_idle - wait for the ldisc to become idle
+ * @tty: tty to wait for
+ *
+ * Wait for the line discipline to become idle. The discipline must
+ * have been halted for this to guarantee it remains idle.
+ */
+static int tty_ldisc_wait_idle(struct tty_struct *tty)
+{
+ int ret;
+ ret = wait_event_interruptible_timeout(tty_ldisc_idle,
+ atomic_read(&tty->ldisc->users) == 1, 5 * HZ);
+ if (ret < 0)
+ return ret;
+ return ret > 0 ? 0 : -EBUSY;
+}
+
+/**
* tty_set_ldisc - set line discipline
* @tty: the terminal to set
* @ldisc: the line discipline
@@ -634,8 +653,17 @@ int tty_set_ldisc(struct tty_struct *tty
flush_scheduled_work();
+ retval = tty_ldisc_wait_idle(tty);
+
tty_lock();
mutex_lock(&tty->ldisc_mutex);
+
+ /* handle wait idle failure locked */
+ if (retval) {
+ tty_ldisc_put(new_ldisc);
+ goto enable;
+ }
+
if (test_bit(TTY_HUPPED, &tty->flags)) {
/* We were raced by the hangup method. It will have stomped
the ldisc data and closed the ldisc down */
@@ -669,6 +697,7 @@ int tty_set_ldisc(struct tty_struct *tty
tty_ldisc_put(o_ldisc);
+enable:
/*
* Allow ldisc referencing to occur again
*/
^ permalink raw reply [flat|nested] 288+ messages in thread
* [137/289] tty_ldisc: Fix BUG() on hangup
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (136 preceding siblings ...)
2010-12-08 0:58 ` [136/289] TTY: restore tty_ldisc_wait_idle Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [138/289] TTY: ldisc, fix open flag handling Greg KH
` (148 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Philippe Retornaz, Alan Cox
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Philippe=20R=C3=A9tornaz?= <philippe.retornaz@epfl.ch>
commit 1c95ba1e1de7edffc0c4e275e147f1a9eb1f81ae upstream.
A kernel BUG when bluetooth rfcomm connection drop while the associated
serial port is open is sometime triggered.
It seems that the line discipline can disappear between the
tty_ldisc_put and tty_ldisc_get. This patch fall back to the N_TTY line
discipline if the previous discipline is not available anymore.
Signed-off-by: Philippe Retornaz <philippe.retornaz@epfl.ch>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/tty_ldisc.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
--- a/drivers/char/tty_ldisc.c
+++ b/drivers/char/tty_ldisc.c
@@ -743,9 +743,12 @@ static void tty_reset_termios(struct tty
* state closed
*/
-static void tty_ldisc_reinit(struct tty_struct *tty, int ldisc)
+static int tty_ldisc_reinit(struct tty_struct *tty, int ldisc)
{
- struct tty_ldisc *ld;
+ struct tty_ldisc *ld = tty_ldisc_get(ldisc);
+
+ if (IS_ERR(ld))
+ return -1;
tty_ldisc_close(tty, tty->ldisc);
tty_ldisc_put(tty->ldisc);
@@ -753,10 +756,10 @@ static void tty_ldisc_reinit(struct tty_
/*
* Switch the line discipline back
*/
- ld = tty_ldisc_get(ldisc);
- BUG_ON(IS_ERR(ld));
tty_ldisc_assign(tty, ld);
tty_set_termios_ldisc(tty, ldisc);
+
+ return 0;
}
/**
@@ -831,13 +834,16 @@ void tty_ldisc_hangup(struct tty_struct
a FIXME */
if (tty->ldisc) { /* Not yet closed */
if (reset == 0) {
- tty_ldisc_reinit(tty, tty->termios->c_line);
- err = tty_ldisc_open(tty, tty->ldisc);
+
+ if (!tty_ldisc_reinit(tty, tty->termios->c_line))
+ err = tty_ldisc_open(tty, tty->ldisc);
+ else
+ err = 1;
}
/* If the re-open fails or we reset then go to N_TTY. The
N_TTY open cannot fail */
if (reset || err) {
- tty_ldisc_reinit(tty, N_TTY);
+ BUG_ON(tty_ldisc_reinit(tty, N_TTY));
WARN_ON(tty_ldisc_open(tty, tty->ldisc));
}
tty_ldisc_enable(tty);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [138/289] TTY: ldisc, fix open flag handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (137 preceding siblings ...)
2010-12-08 0:58 ` [137/289] tty_ldisc: Fix BUG() on hangup Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [139/289] TTY: dont allow reopen when ldisc is changing Greg KH
` (147 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jiri Slaby, Alan Cox
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
commit 7f90cfc505d613f4faf096e0d84ffe99208057d9 upstream.
When a concrete ldisc open fails in tty_ldisc_open, we forget to clear
TTY_LDISC_OPEN. This causes a false warning on the next ldisc open:
WARNING: at drivers/char/tty_ldisc.c:445 tty_ldisc_open+0x26/0x38()
Hardware name: System Product Name
Modules linked in: ...
Pid: 5251, comm: a.out Tainted: G W 2.6.32-5-686 #1
Call Trace:
[<c1030321>] ? warn_slowpath_common+0x5e/0x8a
[<c1030357>] ? warn_slowpath_null+0xa/0xc
[<c119311c>] ? tty_ldisc_open+0x26/0x38
[<c11936c5>] ? tty_set_ldisc+0x218/0x304
...
So clear the bit when failing...
Introduced in c65c9bc3efa (tty: rewrite the ldisc locking) back in
2.6.31-rc1.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Reported-by: Sergey Lapin <slapin@ossfans.org>
Tested-by: Sergey Lapin <slapin@ossfans.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/tty_ldisc.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/char/tty_ldisc.c
+++ b/drivers/char/tty_ldisc.c
@@ -454,6 +454,8 @@ static int tty_ldisc_open(struct tty_str
/* BTM here locks versus a hangup event */
WARN_ON(!tty_locked());
ret = ld->ops->open(tty);
+ if (ret)
+ clear_bit(TTY_LDISC_OPEN, &tty->flags);
return ret;
}
return 0;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [139/289] TTY: dont allow reopen when ldisc is changing
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (138 preceding siblings ...)
2010-12-08 0:58 ` [138/289] TTY: ldisc, fix open flag handling Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [140/289] TTY: open/hangup race fixup Greg KH
` (146 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jiri Slaby, Kyle McMartin
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
commit e2efafbf139d2bfdfe96f2901f03189fecd172e4 upstream.
There are many WARNINGs like the following reported nowadays:
WARNING: at drivers/tty/tty_io.c:1331 tty_open+0x2a2/0x49a()
Hardware name: Latitude E6500
Modules linked in:
Pid: 1207, comm: plymouthd Not tainted 2.6.37-rc3-mmotm1123 #3
Call Trace:
[<ffffffff8103b189>] warn_slowpath_common+0x80/0x98
[<ffffffff8103b1b6>] warn_slowpath_null+0x15/0x17
[<ffffffff8128a3ab>] tty_open+0x2a2/0x49a
[<ffffffff810fd53f>] chrdev_open+0x11d/0x146
...
This means tty_reopen is called without TTY_LDISC set. For further
considerations, note tty_lock is held in tty_open. TTY_LDISC is cleared in:
1) __tty_hangup from tty_ldisc_hangup to tty_ldisc_enable. During this
section tty_lock is held. However tty_lock is temporarily dropped in
the middle of the function by tty_ldisc_hangup.
2) tty_release via tty_ldisc_release till the end of tty existence. If
tty->count <= 1, tty_lock is taken, TTY_CLOSING bit set and then
tty_ldisc_release called. tty_reopen checks TTY_CLOSING before checking
TTY_LDISC.
3) tty_set_ldisc from tty_ldisc_halt to tty_ldisc_enable. We:
* take tty_lock, set TTY_LDISC_CHANGING, put tty_lock
* call tty_ldisc_halt (clear TTY_LDISC), tty_lock is _not_ held
* do some other work
* take tty_lock, call tty_ldisc_enable (set TTY_LDISC), put
tty_lock
I cannot see how 2) can be a problem, as there I see no race. OTOH, 1)
and 3) can happen without problems. This patch the case 3) by checking
TTY_LDISC_CHANGING along with TTY_CLOSING in tty_reopen. 1) will be
fixed in the following patch.
Nicely reproducible with two processes:
while (1) {
fd = open("/dev/ttyS1", O_RDWR);
if (fd < 0) {
warn("open");
continue;
}
close(fd);
}
--------
while (1) {
fd = open("/dev/ttyS1", O_RDWR);
ld1 = 0; ld2 = 2;
while (1) {
ioctl(fd, TIOCSETD, &ld1);
ioctl(fd, TIOCSETD, &ld2);
}
close(fd);
}
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-by: <Valdis.Kletnieks@vt.edu>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/tty_io.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1304,7 +1304,8 @@ static int tty_reopen(struct tty_struct
{
struct tty_driver *driver = tty->driver;
- if (test_bit(TTY_CLOSING, &tty->flags))
+ if (test_bit(TTY_CLOSING, &tty->flags) ||
+ test_bit(TTY_LDISC_CHANGING, &tty->flags))
return -EIO;
if (driver->type == TTY_DRIVER_TYPE_PTY &&
^ permalink raw reply [flat|nested] 288+ messages in thread
* [140/289] TTY: open/hangup race fixup
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (139 preceding siblings ...)
2010-12-08 0:58 ` [139/289] TTY: dont allow reopen when ldisc is changing Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [141/289] usbnet: fix usb_autopm_get_interface failure(v1) Greg KH
` (145 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jiri Slaby
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
commit acfa747baf73922021a047f2d87a2d866f5dbab5 upstream.
Like in the "TTY: don't allow reopen when ldisc is changing" patch,
this one fixes a TTY WARNING as described in the option 1) there:
1) __tty_hangup from tty_ldisc_hangup to tty_ldisc_enable. During this
section tty_lock is held. However tty_lock is temporarily dropped in
the middle of the function by tty_ldisc_hangup.
The fix is to introduce a new flag which we set during the unlocked
window and check it in tty_reopen too. The flag is TTY_HUPPING and is
cleared after TTY_HUPPED is set.
While at it, remove duplicate TTY_HUPPED set_bit. The one after
calling ops->hangup seems to be more correct. But anyway, we hold
tty_lock, so there should be no difference.
Also document the function it does that kind of crap.
Nicely reproducible with two forked children:
static void do_work(const char *tty)
{
if (signal(SIGHUP, SIG_IGN) == SIG_ERR) exit(1);
setsid();
while (1) {
int fd = open(tty, O_RDWR|O_NOCTTY);
if (fd < 0) continue;
if (ioctl(fd, TIOCSCTTY)) continue;
if (vhangup()) continue;
close(fd);
}
exit(0);
}
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-by: <Valdis.Kletnieks@vt.edu>
Reported-by: Kyle McMartin <kyle@mcmartin.ca>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/tty_io.c | 10 +++++++++-
include/linux/tty.h | 1 +
2 files changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -553,6 +553,9 @@ void __tty_hangup(struct tty_struct *tty
tty_lock();
+ /* some functions below drop BTM, so we need this bit */
+ set_bit(TTY_HUPPING, &tty->flags);
+
/* inuse_filps is protected by the single tty lock,
this really needs to change if we want to flush the
workqueue with the lock held */
@@ -572,6 +575,10 @@ void __tty_hangup(struct tty_struct *tty
}
spin_unlock(&tty_files_lock);
+ /*
+ * it drops BTM and thus races with reopen
+ * we protect the race by TTY_HUPPING
+ */
tty_ldisc_hangup(tty);
read_lock(&tasklist_lock);
@@ -609,7 +616,6 @@ void __tty_hangup(struct tty_struct *tty
tty->session = NULL;
tty->pgrp = NULL;
tty->ctrl_status = 0;
- set_bit(TTY_HUPPED, &tty->flags);
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
/* Account for the p->signal references we killed */
@@ -635,6 +641,7 @@ void __tty_hangup(struct tty_struct *tty
* can't yet guarantee all that.
*/
set_bit(TTY_HUPPED, &tty->flags);
+ clear_bit(TTY_HUPPING, &tty->flags);
tty_ldisc_enable(tty);
tty_unlock();
@@ -1305,6 +1312,7 @@ static int tty_reopen(struct tty_struct
struct tty_driver *driver = tty->driver;
if (test_bit(TTY_CLOSING, &tty->flags) ||
+ test_bit(TTY_HUPPING, &tty->flags) ||
test_bit(TTY_LDISC_CHANGING, &tty->flags))
return -EIO;
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -365,6 +365,7 @@ struct tty_file_private {
#define TTY_HUPPED 18 /* Post driver->hangup() */
#define TTY_FLUSHING 19 /* Flushing to ldisc in progress */
#define TTY_FLUSHPENDING 20 /* Queued buffer flush pending */
+#define TTY_HUPPING 21 /* ->hangup() in progress */
#define TTY_WRITE_FLUSH(tty) tty_write_flush((tty))
^ permalink raw reply [flat|nested] 288+ messages in thread
* [141/289] usbnet: fix usb_autopm_get_interface failure(v1)
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (140 preceding siblings ...)
2010-12-08 0:58 ` [140/289] TTY: open/hangup race fixup Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [142/289] HID: Fix for problems with eGalax/DWAV multi-touch-screen Greg KH
` (144 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, David Brownell,
David S. Miller, Ben Hutchings, Joe Perches, Oliver Neukum,
Andy Shevchenko, Ming Lei
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ming Lei <tom.leiming@gmail.com>
commit b0786b430c982dffbb44d8030e6b6088671ce745 upstream.
Since usbnet already took usb runtime pm, we have to
enable runtime pm for usb interface of usbnet, otherwise
usb_autopm_get_interface may return failure and cause
'ifconfig usb0 up' failed if USB_SUSPEND(RUNTIME_PM) is
enabled.
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Joe Perches <joe@perches.com>
Cc: Oliver Neukum <oliver@neukum.org>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/usb/usbnet.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -45,6 +45,7 @@
#include <linux/usb/usbnet.h>
#include <linux/slab.h>
#include <linux/kernel.h>
+#include <linux/pm_runtime.h>
#define DRIVER_VERSION "22-Aug-2005"
@@ -1273,6 +1274,16 @@ usbnet_probe (struct usb_interface *udev
struct usb_device *xdev;
int status;
const char *name;
+ struct usb_driver *driver = to_usb_driver(udev->dev.driver);
+
+ /* usbnet already took usb runtime pm, so have to enable the feature
+ * for usb interface, otherwise usb_autopm_get_interface may return
+ * failure if USB_SUSPEND(RUNTIME_PM) is enabled.
+ */
+ if (!driver->supports_autosuspend) {
+ driver->supports_autosuspend = 1;
+ pm_runtime_enable(&udev->dev);
+ }
name = udev->dev.driver->name;
info = (struct driver_info *) prod->driver_info;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [142/289] HID: Fix for problems with eGalax/DWAV multi-touch-screen
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (141 preceding siblings ...)
2010-12-08 0:58 ` [141/289] usbnet: fix usb_autopm_get_interface failure(v1) Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [143/289] [media] gspca - main: Fix a regression with the PS3 Eye webcam Greg KH
` (143 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Philipp Merkel,
Stéphane Chatty, Jiri Kosina
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 4195 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Philipp Merkel <mail@philmerk.de>
commit f51661105c3c8a0afcd69f995a4f4a10e53da153 upstream.
This patch fixes three problems with the eGalax/DWAV multi-touch
screen found in the Eee PC T101MT:
1) While there is a dedicated multitouch driver for the screen
(hid-egalax.c), the MULTI_INPUT quirk is also applied, preventing
the hid-egalax driver from working. This patch removes the quirk
so the hid-egalax driver can handle the device correctly.
2) The x and y coordinates sent by the screen in multi-touch mode are
shifted by three bits from the events sent in single-touch mode, thus
the coordinates are out of range, leading to the pointer being stuck
in the bottom-right corner if no additional calibration is applied
(e.g. in the X evdev driver). This patch shifts the coordinates back.
This does not decrease accuracy as the last three bits of the "wrong"
coordinates are always 0.
3) Only multi-touch pressure events are sent, single touch emulation is
missing pressure information. This patch adds single-touch
ABS_PRESSURE events.
Signed-off-by: Philipp Merkel <mail@philmerk.de>
Acked-by: Stéphane Chatty <chatty@enac.fr>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/hid/hid-egalax.c | 16 +++++++++++-----
drivers/hid/usbhid/hid-quirks.c | 1 -
2 files changed, 11 insertions(+), 6 deletions(-)
--- a/drivers/hid/hid-egalax.c
+++ b/drivers/hid/hid-egalax.c
@@ -31,7 +31,7 @@ struct egalax_data {
bool first; /* is this the first finger in the frame? */
bool valid; /* valid finger data, or just placeholder? */
bool activity; /* at least one active finger previously? */
- __u16 lastx, lasty; /* latest valid (x, y) in the frame */
+ __u16 lastx, lasty, lastz; /* latest valid (x, y, z) in the frame */
};
static int egalax_input_mapping(struct hid_device *hdev, struct hid_input *hi,
@@ -79,6 +79,10 @@ static int egalax_input_mapping(struct h
case HID_DG_TIPPRESSURE:
hid_map_usage(hi, usage, bit, max,
EV_ABS, ABS_MT_PRESSURE);
+ /* touchscreen emulation */
+ input_set_abs_params(hi->input, ABS_PRESSURE,
+ field->logical_minimum,
+ field->logical_maximum, 0, 0);
return 1;
}
return 0;
@@ -109,8 +113,8 @@ static void egalax_filter_event(struct e
if (td->valid) {
/* emit multitouch events */
input_event(input, EV_ABS, ABS_MT_TRACKING_ID, td->id);
- input_event(input, EV_ABS, ABS_MT_POSITION_X, td->x);
- input_event(input, EV_ABS, ABS_MT_POSITION_Y, td->y);
+ input_event(input, EV_ABS, ABS_MT_POSITION_X, td->x >> 3);
+ input_event(input, EV_ABS, ABS_MT_POSITION_Y, td->y >> 3);
input_event(input, EV_ABS, ABS_MT_PRESSURE, td->z);
input_mt_sync(input);
@@ -121,6 +125,7 @@ static void egalax_filter_event(struct e
*/
td->lastx = td->x;
td->lasty = td->y;
+ td->lastz = td->z;
}
/*
@@ -129,8 +134,9 @@ static void egalax_filter_event(struct e
* the oldest on the panel, the one we want for single touch
*/
if (!td->first && td->activity) {
- input_event(input, EV_ABS, ABS_X, td->lastx);
- input_event(input, EV_ABS, ABS_Y, td->lasty);
+ input_event(input, EV_ABS, ABS_X, td->lastx >> 3);
+ input_event(input, EV_ABS, ABS_Y, td->lasty >> 3);
+ input_event(input, EV_ABS, ABS_PRESSURE, td->lastz);
}
if (!td->valid) {
--- a/drivers/hid/usbhid/hid-quirks.c
+++ b/drivers/hid/usbhid/hid-quirks.c
@@ -34,7 +34,6 @@ static const struct hid_blacklist {
{ USB_VENDOR_ID_ALPS, USB_DEVICE_ID_IBM_GAMEPAD, HID_QUIRK_BADPAD },
{ USB_VENDOR_ID_CHIC, USB_DEVICE_ID_CHIC_GAMEPAD, HID_QUIRK_BADPAD },
{ USB_VENDOR_ID_DWAV, USB_DEVICE_ID_EGALAX_TOUCHCONTROLLER, HID_QUIRK_MULTI_INPUT | HID_QUIRK_NOGET },
- { USB_VENDOR_ID_DWAV, USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH, HID_QUIRK_MULTI_INPUT },
{ USB_VENDOR_ID_MOJO, USB_DEVICE_ID_RETRO_ADAPTER, HID_QUIRK_MULTI_INPUT },
{ USB_VENDOR_ID_TURBOX, USB_DEVICE_ID_TURBOX_TOUCHSCREEN_MOSART, HID_QUIRK_MULTI_INPUT },
{ USB_VENDOR_ID_HAPP, USB_DEVICE_ID_UGCI_DRIVING, HID_QUIRK_BADPAD | HID_QUIRK_MULTI_INPUT },
^ permalink raw reply [flat|nested] 288+ messages in thread
* [143/289] [media] gspca - main: Fix a regression with the PS3 Eye webcam
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (142 preceding siblings ...)
2010-12-08 0:58 ` [142/289] HID: Fix for problems with eGalax/DWAV multi-touch-screen Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [144/289] [media] gspca - sonixj: Fix a regression of sensors hv7131r and mi0360 Greg KH
` (142 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan,
Jean-François Moine, Mauro Carvalho Chehab
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1458 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Moine?= <moinejf@free.fr>
commit f43402fa55bf5e7e190c176343015122f694857c upstream.
When audio is present, some alternate settings were skipped.
This prevented some webcams to work, especially when bulk transfer was used.
This patch permits to use the last or only alternate setting.
Reported-by: Antonio Ospite <ospite@studenti.unina.it>
Tested-by: Antonio Ospite <ospite@studenti.unina.it>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/media/video/gspca/gspca.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/video/gspca/gspca.c
+++ b/drivers/media/video/gspca/gspca.c
@@ -652,7 +652,7 @@ static struct usb_host_endpoint *get_ep(
: USB_ENDPOINT_XFER_ISOC;
i = gspca_dev->alt; /* previous alt setting */
if (gspca_dev->cam.reverse_alts) {
- if (gspca_dev->audio)
+ if (gspca_dev->audio && i < gspca_dev->nbalt - 2)
i++;
while (++i < gspca_dev->nbalt) {
ep = alt_xfer(&intf->altsetting[i], xfer);
@@ -660,7 +660,7 @@ static struct usb_host_endpoint *get_ep(
break;
}
} else {
- if (gspca_dev->audio)
+ if (gspca_dev->audio && i > 1)
i--;
while (--i >= 0) {
ep = alt_xfer(&intf->altsetting[i], xfer);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [144/289] [media] gspca - sonixj: Fix a regression of sensors hv7131r and mi0360
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (143 preceding siblings ...)
2010-12-08 0:58 ` [143/289] [media] gspca - main: Fix a regression with the PS3 Eye webcam Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [145/289] [media] hdpvr: Add missing URB_NO_TRANSFER_DMA_MAP flag Greg KH
` (141 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan,
Jean-François Moine, Mauro Carvalho Chehab
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 968 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Moine?= <moinejf@free.fr>
commit 0303a90a744662e934877a5d637a43197229274b upstream.
The bug was introduced by commit 23a98274cc348880ecb6803307c254448084953a
applying values of sensor sp80708 to sensors hv7131r and mi0360.
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/media/video/gspca/sonixj.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/media/video/gspca/sonixj.c
+++ b/drivers/media/video/gspca/sonixj.c
@@ -2474,8 +2474,7 @@ static int sd_start(struct gspca_dev *gs
reg1 = 0x44;
reg17 = 0xa2;
break;
- default:
-/* case SENSOR_SP80708: */
+ case SENSOR_SP80708:
init = sp80708_sensor_param1;
if (mode) {
/*?? reg1 = 0x04; * 320 clk 48Mhz */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [145/289] [media] hdpvr: Add missing URB_NO_TRANSFER_DMA_MAP flag
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (144 preceding siblings ...)
2010-12-08 0:58 ` [144/289] [media] gspca - sonixj: Fix a regression of sensors hv7131r and mi0360 Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [146/289] [media] drivers/media/video/cx23885/cx23885-core.c: fix cx23885_dev_checkrevision() Greg KH
` (140 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Janne Grunau, Mauro Carvalho Chehab
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: James M McLaren <mclaren@tulane.edu>
commit 4f5c933abb34532dc962185c999509b97a97fa1b upstream.
Necessary on arm.
Signed-off-by: Janne Grunau <j@jannau.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/media/video/hdpvr/hdpvr-video.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/video/hdpvr/hdpvr-video.c
+++ b/drivers/media/video/hdpvr/hdpvr-video.c
@@ -157,6 +157,7 @@ int hdpvr_alloc_buffers(struct hdpvr_dev
mem, dev->bulk_in_size,
hdpvr_read_bulk_callback, buf);
+ buf->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
buf->status = BUFSTAT_AVAILABLE;
list_add_tail(&buf->buff_list, &dev->free_buff_list);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [146/289] [media] drivers/media/video/cx23885/cx23885-core.c: fix cx23885_dev_checkrevision()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (145 preceding siblings ...)
2010-12-08 0:58 ` [145/289] [media] hdpvr: Add missing URB_NO_TRANSFER_DMA_MAP flag Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [147/289] nfs: handle lock context allocation failures in nfs_create_request Greg KH
` (139 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Mauro Carvalho Chehab
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Andrew Morton <akpm@linux-foundation.org>
commit abe1def46d84aa27d3f84d729204b162e8c64d76 upstream.
It was missing the `break'.
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=18672
Reported-by: Igor <i2g2r2@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/media/video/cx23885/cx23885-core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/video/cx23885/cx23885-core.c
+++ b/drivers/media/video/cx23885/cx23885-core.c
@@ -815,6 +815,7 @@ static void cx23885_dev_checkrevision(st
case 0x0e:
/* CX23887-15Z */
dev->hwrevision = 0xc0;
+ break;
case 0x0f:
/* CX23887-14Z */
dev->hwrevision = 0xb1;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [147/289] nfs: handle lock context allocation failures in nfs_create_request
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (146 preceding siblings ...)
2010-12-08 0:58 ` [146/289] [media] drivers/media/video/cx23885/cx23885-core.c: fix cx23885_dev_checkrevision() Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [148/289] KVM: Write protect memory after slot swap Greg KH
` (138 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jeff Layton, Trond Myklebust
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jeff Layton <jlayton@redhat.com>
commit 015f0212d51d85bd281a831639a769b4a1a3307a upstream.
nfs_get_lock_context can return NULL on an allocation failure.
Regression introduced by commit f11ac8db.
Reported-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/nfs/pagelist.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -65,6 +65,13 @@ nfs_create_request(struct nfs_open_conte
if (req == NULL)
return ERR_PTR(-ENOMEM);
+ /* get lock context early so we can deal with alloc failures */
+ req->wb_lock_context = nfs_get_lock_context(ctx);
+ if (req->wb_lock_context == NULL) {
+ nfs_page_free(req);
+ return ERR_PTR(-ENOMEM);
+ }
+
/* Initialize the request struct. Initially, we assume a
* long write-back delay. This will be adjusted in
* update_nfs_request below if the region is not locked. */
@@ -79,7 +86,6 @@ nfs_create_request(struct nfs_open_conte
req->wb_pgbase = offset;
req->wb_bytes = count;
req->wb_context = get_nfs_open_context(ctx);
- req->wb_lock_context = nfs_get_lock_context(ctx);
kref_init(&req->wb_kref);
return req;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [148/289] KVM: Write protect memory after slot swap
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (147 preceding siblings ...)
2010-12-08 0:58 ` [147/289] nfs: handle lock context allocation failures in nfs_create_request Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [149/289] KVM: x86: fix information leak to userland Greg KH
` (137 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Michael S. Tsirkin, Avi Kivity
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Michael S. Tsirkin <mst@redhat.com>
commit edde99ce05290e50ce0b3495d209e54e6349ab47 upstream.
I have observed the following bug trigger:
1. userspace calls GET_DIRTY_LOG
2. kvm_mmu_slot_remove_write_access is called and makes a page ro
3. page fault happens and makes the page writeable
fault is logged in the bitmap appropriately
4. kvm_vm_ioctl_get_dirty_log swaps slot pointers
a lot of time passes
5. guest writes into the page
6. userspace calls GET_DIRTY_LOG
At point (5), bitmap is clean and page is writeable,
thus, guest modification of memory is not logged
and GET_DIRTY_LOG returns an empty bitmap.
The rule is that all pages are either dirty in the current bitmap,
or write-protected, which is violated here.
It seems that just moving kvm_mmu_slot_remove_write_access down
to after the slot pointer swap should fix this bug.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kvm/x86.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2912,10 +2912,6 @@ int kvm_vm_ioctl_get_dirty_log(struct kv
struct kvm_memslots *slots, *old_slots;
unsigned long *dirty_bitmap;
- spin_lock(&kvm->mmu_lock);
- kvm_mmu_slot_remove_write_access(kvm, log->slot);
- spin_unlock(&kvm->mmu_lock);
-
r = -ENOMEM;
dirty_bitmap = vmalloc(n);
if (!dirty_bitmap)
@@ -2937,6 +2933,10 @@ int kvm_vm_ioctl_get_dirty_log(struct kv
dirty_bitmap = old_slots->memslots[log->slot].dirty_bitmap;
kfree(old_slots);
+ spin_lock(&kvm->mmu_lock);
+ kvm_mmu_slot_remove_write_access(kvm, log->slot);
+ spin_unlock(&kvm->mmu_lock);
+
r = -EFAULT;
if (copy_to_user(log->dirty_bitmap, dirty_bitmap, n)) {
vfree(dirty_bitmap);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [149/289] KVM: x86: fix information leak to userland
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (148 preceding siblings ...)
2010-12-08 0:58 ` [148/289] KVM: Write protect memory after slot swap Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [150/289] KVM: Correct ordering of ldt reload wrt fs/gs reload Greg KH
` (136 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Vasiliy Kulikov, Marcelo Tosatti
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Vasiliy Kulikov <segooon@gmail.com>
commit 97e69aa62f8b5d338d6cff49be09e37cc1262838 upstream.
Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and
kvm_clock_data are copied to userland with some padding and reserved
fields unitialized. It leads to leaking of contents of kernel stack
memory. We have to initialize them to zero.
In patch v1 Jan Kiszka suggested to fill reserved fields with zeros
instead of memset'ting the whole struct. It makes sense as these
fields are explicitly marked as padding. No more fields need zeroing.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kvm/x86.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2305,6 +2305,7 @@ static void kvm_vcpu_ioctl_x86_get_vcpu_
!kvm_exception_is_soft(vcpu->arch.exception.nr);
events->exception.nr = vcpu->arch.exception.nr;
events->exception.has_error_code = vcpu->arch.exception.has_error_code;
+ events->exception.pad = 0;
events->exception.error_code = vcpu->arch.exception.error_code;
events->interrupt.injected =
@@ -2318,12 +2319,14 @@ static void kvm_vcpu_ioctl_x86_get_vcpu_
events->nmi.injected = vcpu->arch.nmi_injected;
events->nmi.pending = vcpu->arch.nmi_pending;
events->nmi.masked = kvm_x86_ops->get_nmi_mask(vcpu);
+ events->nmi.pad = 0;
events->sipi_vector = vcpu->arch.sipi_vector;
events->flags = (KVM_VCPUEVENT_VALID_NMI_PENDING
| KVM_VCPUEVENT_VALID_SIPI_VECTOR
| KVM_VCPUEVENT_VALID_SHADOW);
+ memset(&events->reserved, 0, sizeof(events->reserved));
}
static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
@@ -2366,6 +2369,7 @@ static void kvm_vcpu_ioctl_x86_get_debug
dbgregs->dr6 = vcpu->arch.dr6;
dbgregs->dr7 = vcpu->arch.dr7;
dbgregs->flags = 0;
+ memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
}
static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
@@ -2849,6 +2853,7 @@ static int kvm_vm_ioctl_get_pit2(struct
sizeof(ps->channels));
ps->flags = kvm->arch.vpit->pit_state.flags;
mutex_unlock(&kvm->arch.vpit->pit_state.lock);
+ memset(&ps->reserved, 0, sizeof(ps->reserved));
return r;
}
@@ -3229,6 +3234,7 @@ long kvm_arch_vm_ioctl(struct file *filp
now_ns = timespec_to_ns(&now);
user_ns.clock = kvm->arch.kvmclock_offset + now_ns;
user_ns.flags = 0;
+ memset(&user_ns.pad, 0, sizeof(user_ns.pad));
r = -EFAULT;
if (copy_to_user(argp, &user_ns, sizeof(user_ns)))
^ permalink raw reply [flat|nested] 288+ messages in thread
* [150/289] KVM: Correct ordering of ldt reload wrt fs/gs reload
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (149 preceding siblings ...)
2010-12-08 0:58 ` [149/289] KVM: x86: fix information leak to userland Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [151/289] KVM: VMX: Fix host userspace gsbase corruption Greg KH
` (135 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Avi Kivity, Marcelo Tosatti
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Avi Kivity <avi@redhat.com>
commit 0a77fe4c188e25917799f2356d4aa5e6d80c39a2 upstream.
If fs or gs refer to the ldt, they must be reloaded after the ldt. Reorder
the code to that effect.
Userspace code that uses the ldt with kvm is nonexistent, so this doesn't fix
a user-visible bug.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kvm/svm.c | 2 +-
arch/x86/kvm/vmx.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3281,6 +3281,7 @@ static void svm_vcpu_run(struct kvm_vcpu
vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
load_host_msrs(vcpu);
+ kvm_load_ldt(ldt_selector);
loadsegment(fs, fs_selector);
#ifdef CONFIG_X86_64
load_gs_index(gs_selector);
@@ -3288,7 +3289,6 @@ static void svm_vcpu_run(struct kvm_vcpu
#else
loadsegment(gs, gs_selector);
#endif
- kvm_load_ldt(ldt_selector);
reload_tss(vcpu);
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -846,8 +846,6 @@ static void __vmx_load_host_state(struct
++vmx->vcpu.stat.host_state_reload;
vmx->host_state.loaded = 0;
- if (vmx->host_state.fs_reload_needed)
- loadsegment(fs, vmx->host_state.fs_sel);
if (vmx->host_state.gs_ldt_reload_needed) {
kvm_load_ldt(vmx->host_state.ldt_sel);
#ifdef CONFIG_X86_64
@@ -857,6 +855,8 @@ static void __vmx_load_host_state(struct
loadsegment(gs, vmx->host_state.gs_sel);
#endif
}
+ if (vmx->host_state.fs_reload_needed)
+ loadsegment(fs, vmx->host_state.fs_sel);
reload_tss();
#ifdef CONFIG_X86_64
if (is_long_mode(&vmx->vcpu)) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [151/289] KVM: VMX: Fix host userspace gsbase corruption
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (150 preceding siblings ...)
2010-12-08 0:58 ` [150/289] KVM: Correct ordering of ldt reload wrt fs/gs reload Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [152/289] ASoC: Remove volatility from WM8900 POWER1 register Greg KH
` (134 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Avi Kivity, Marcelo Tosatti
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Avi Kivity <avi@redhat.com>
commit c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78 upstream.
We now use load_gs_index() to load gs safely; unfortunately this also
changes MSR_KERNEL_GS_BASE, which we managed separately. This resulted
in confusion and breakage running 32-bit host userspace on a 64-bit kernel.
Fix by
- saving guest MSR_KERNEL_GS_BASE before we we reload the host's gs
- doing the host save/load unconditionally, instead of only when in guest
long mode
Things can be cleaned up further, but this is the minmal fix for now.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kvm/vmx.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -828,10 +828,9 @@ static void vmx_save_host_state(struct k
#endif
#ifdef CONFIG_X86_64
- if (is_long_mode(&vmx->vcpu)) {
- rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+ rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+ if (is_long_mode(&vmx->vcpu))
wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
- }
#endif
for (i = 0; i < vmx->save_nmsrs; ++i)
kvm_set_shared_msr(vmx->guest_msrs[i].index,
@@ -846,11 +845,14 @@ static void __vmx_load_host_state(struct
++vmx->vcpu.stat.host_state_reload;
vmx->host_state.loaded = 0;
+#ifdef CONFIG_X86_64
+ if (is_long_mode(&vmx->vcpu))
+ rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
+#endif
if (vmx->host_state.gs_ldt_reload_needed) {
kvm_load_ldt(vmx->host_state.ldt_sel);
#ifdef CONFIG_X86_64
load_gs_index(vmx->host_state.gs_sel);
- wrmsrl(MSR_KERNEL_GS_BASE, current->thread.gs);
#else
loadsegment(gs, vmx->host_state.gs_sel);
#endif
@@ -859,10 +861,7 @@ static void __vmx_load_host_state(struct
loadsegment(fs, vmx->host_state.fs_sel);
reload_tss();
#ifdef CONFIG_X86_64
- if (is_long_mode(&vmx->vcpu)) {
- rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
- wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
- }
+ wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
#endif
if (current_thread_info()->status & TS_USEDFPU)
clts();
^ permalink raw reply [flat|nested] 288+ messages in thread
* [152/289] ASoC: Remove volatility from WM8900 POWER1 register
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (151 preceding siblings ...)
2010-12-08 0:58 ` [151/289] KVM: VMX: Fix host userspace gsbase corruption Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [153/289] ASoC: wm8961 - clear WM8961_DACSLOPE bit for normal mode Greg KH
` (133 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Mark Brown, Liam Girdwood
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Mark Brown <broonie@opensource.wolfsonmicro.com>
commit 6d212d8e86fb4221bd91b9266b7567ee2b83bd01 upstream.
Not all bits can be read back from POWER1 so avoid corruption when using
a read/modify/write cycle by marking it non-volatile - the only thing we
read back from it is the chip revision which has diagnostic value only.
We can re-add later but that's a more invasive change than is suitable
for a bugfix.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/soc/codecs/wm8900.c | 6 ------
1 file changed, 6 deletions(-)
--- a/sound/soc/codecs/wm8900.c
+++ b/sound/soc/codecs/wm8900.c
@@ -188,7 +188,6 @@ static int wm8900_volatile_register(unsi
{
switch (reg) {
case WM8900_REG_ID:
- case WM8900_REG_POWER1:
return 1;
default:
return 0;
@@ -1236,11 +1235,6 @@ static __devinit int wm8900_i2c_probe(st
goto err;
}
- /* Read back from the chip */
- reg = snd_soc_read(codec, WM8900_REG_POWER1);
- reg = (reg >> 12) & 0xf;
- dev_info(&i2c->dev, "WM8900 revision %d\n", reg);
-
wm8900_reset(codec);
/* Turn the chip on */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [153/289] ASoC: wm8961 - clear WM8961_DACSLOPE bit for normal mode
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (152 preceding siblings ...)
2010-12-08 0:58 ` [152/289] ASoC: Remove volatility from WM8900 POWER1 register Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [154/289] ASoC: wm8961 - clear WM8961_MCLKDIV bit for freq <= 16500000 Greg KH
` (132 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Axel Lin, Liam Girdwood, Mark Brown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Axel Lin <axel.lin@gmail.com>
commit 08b1a38465cab8c2224a5202c7a3b5e5f5630894 upstream.
DACSLOPE bit of Register 06h ADC and DAC Control 2:
0: Normal mode
1: Sloping stop-band mode
Thus in the case of normal mode, we should clear DACSLOPE bit.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/soc/codecs/wm8961.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/wm8961.c
+++ b/sound/soc/codecs/wm8961.c
@@ -711,7 +711,7 @@ static int wm8961_hw_params(struct snd_p
if (fs <= 24000)
reg |= WM8961_DACSLOPE;
else
- reg &= WM8961_DACSLOPE;
+ reg &= ~WM8961_DACSLOPE;
snd_soc_write(codec, WM8961_ADC_DAC_CONTROL_2, reg);
return 0;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [154/289] ASoC: wm8961 - clear WM8961_MCLKDIV bit for freq <= 16500000
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (153 preceding siblings ...)
2010-12-08 0:58 ` [153/289] ASoC: wm8961 - clear WM8961_DACSLOPE bit for normal mode Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [155/289] firewire: ohci: fix buffer overflow in AR split packet handling Greg KH
` (131 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Axel Lin, Liam Girdwood, Mark Brown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Axel Lin <axel.lin@gmail.com>
commit 2f7dceeda4708f470fd927adb3861bd8ebbe2310 upstream.
MCLKDIV bit of Register 04h Clocking1:
0 : Divide by 1
1 : Divide by 2
Thus in the case of freq <= 16500000, we should clear MCLKDIV bit.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/soc/codecs/wm8961.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/wm8961.c
+++ b/sound/soc/codecs/wm8961.c
@@ -736,7 +736,7 @@ static int wm8961_set_sysclk(struct snd_
freq /= 2;
} else {
dev_dbg(codec->dev, "Using MCLK/1 for %dHz MCLK\n", freq);
- reg &= WM8961_MCLKDIV;
+ reg &= ~WM8961_MCLKDIV;
}
snd_soc_write(codec, WM8961_CLOCKING1, reg);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [155/289] firewire: ohci: fix buffer overflow in AR split packet handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (154 preceding siblings ...)
2010-12-08 0:58 ` [154/289] ASoC: wm8961 - clear WM8961_MCLKDIV bit for freq <= 16500000 Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [156/289] firewire: ohci: fix race " Greg KH
` (130 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Clemens Ladisch, Stefan Richter
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Clemens Ladisch <clemens@ladisch.de>
commit 85f7ffd5d2b320f73912b15fe8cef34bae297daf upstream.
When the controller had to split a received asynchronous packet into two
buffers, the driver tries to reassemble it by copying both parts into
the first page. However, if size + rest > PAGE_SIZE, i.e., if the yet
unhandled packets before the split packet, the split packet itself, and
any received packets after the split packet are together larger than one
page, then the memory after the first page would get overwritten.
To fix this, do not try to copy the data of all unhandled packets at
once, but copy the possibly needed data every time when handling
a packet.
This gets rid of most of the infamous crashes and data corruptions when
using firewire-net.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/firewire/ohci.c | 35 ++++++++++++++++++++++++++++++++---
1 file changed, 32 insertions(+), 3 deletions(-)
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -739,7 +739,7 @@ static void ar_context_tasklet(unsigned
d = &ab->descriptor;
if (d->res_count == 0) {
- size_t size, rest, offset;
+ size_t size, size2, rest, pktsize, size3, offset;
dma_addr_t start_bus;
void *start;
@@ -756,12 +756,41 @@ static void ar_context_tasklet(unsigned
ab = ab->next;
d = &ab->descriptor;
size = buffer + PAGE_SIZE - ctx->pointer;
+ /* valid buffer data in the next page */
rest = le16_to_cpu(d->req_count) - le16_to_cpu(d->res_count);
+ /* what actually fits in this page */
+ size2 = min(rest, (size_t)PAGE_SIZE - size);
memmove(buffer, ctx->pointer, size);
- memcpy(buffer + size, ab->data, rest);
+ memcpy(buffer + size, ab->data, size2);
ctx->current_buffer = ab;
ctx->pointer = (void *) ab->data + rest;
- end = buffer + size + rest;
+
+ while (size > 0) {
+ void *next = handle_ar_packet(ctx, buffer);
+ pktsize = next - buffer;
+ if (pktsize >= size) {
+ /*
+ * We have handled all the data that was
+ * originally in this page, so we can now
+ * continue in the next page.
+ */
+ buffer = next;
+ break;
+ }
+ /* move the next packet to the start of the buffer */
+ memmove(buffer, next, size + size2 - pktsize);
+ size -= pktsize;
+ /* fill up this page again */
+ size3 = min(rest - size2,
+ (size_t)PAGE_SIZE - size - size2);
+ memcpy(buffer + size + size2,
+ (void *) ab->data + size2, size3);
+ size2 += size3;
+ }
+
+ /* handle the packets that are fully in the next page */
+ buffer = (void *) ab->data + (buffer - (start + size));
+ end = (void *) ab->data + rest;
while (buffer < end)
buffer = handle_ar_packet(ctx, buffer);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [156/289] firewire: ohci: fix race in AR split packet handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (155 preceding siblings ...)
2010-12-08 0:58 ` [155/289] firewire: ohci: fix buffer overflow in AR split packet handling Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [157/289] ALSA: hda - Fixed ALC887-VD initial error Greg KH
` (129 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Clemens Ladisch, Stefan Richter
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Clemens Ladisch <clemens@ladisch.de>
commit a1f805e5e73a8fe166b71c6592d3837df0cd5e2e upstream.
When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten. However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later. If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.
To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet. Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.
This should eliminate the remaining firewire-net problems.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/firewire/ohci.c | 39 +++++++++++++++++++++++----------------
1 file changed, 23 insertions(+), 16 deletions(-)
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -750,20 +750,19 @@ static void ar_context_tasklet(unsigned
*/
offset = offsetof(struct ar_buffer, data);
- start = buffer = ab;
+ start = ab;
start_bus = le32_to_cpu(ab->descriptor.data_address) - offset;
+ buffer = ab->data;
ab = ab->next;
d = &ab->descriptor;
- size = buffer + PAGE_SIZE - ctx->pointer;
+ size = start + PAGE_SIZE - ctx->pointer;
/* valid buffer data in the next page */
rest = le16_to_cpu(d->req_count) - le16_to_cpu(d->res_count);
/* what actually fits in this page */
- size2 = min(rest, (size_t)PAGE_SIZE - size);
+ size2 = min(rest, (size_t)PAGE_SIZE - offset - size);
memmove(buffer, ctx->pointer, size);
memcpy(buffer + size, ab->data, size2);
- ctx->current_buffer = ab;
- ctx->pointer = (void *) ab->data + rest;
while (size > 0) {
void *next = handle_ar_packet(ctx, buffer);
@@ -782,22 +781,30 @@ static void ar_context_tasklet(unsigned
size -= pktsize;
/* fill up this page again */
size3 = min(rest - size2,
- (size_t)PAGE_SIZE - size - size2);
+ (size_t)PAGE_SIZE - offset - size - size2);
memcpy(buffer + size + size2,
(void *) ab->data + size2, size3);
size2 += size3;
}
- /* handle the packets that are fully in the next page */
- buffer = (void *) ab->data + (buffer - (start + size));
- end = (void *) ab->data + rest;
-
- while (buffer < end)
- buffer = handle_ar_packet(ctx, buffer);
-
- dma_free_coherent(ohci->card.device, PAGE_SIZE,
- start, start_bus);
- ar_context_add_page(ctx);
+ if (rest > 0) {
+ /* handle the packets that are fully in the next page */
+ buffer = (void *) ab->data +
+ (buffer - (start + offset + size));
+ end = (void *) ab->data + rest;
+
+ while (buffer < end)
+ buffer = handle_ar_packet(ctx, buffer);
+
+ ctx->current_buffer = ab;
+ ctx->pointer = end;
+
+ dma_free_coherent(ohci->card.device, PAGE_SIZE,
+ start, start_bus);
+ ar_context_add_page(ctx);
+ } else {
+ ctx->pointer = start + PAGE_SIZE;
+ }
} else {
buffer = ctx->pointer;
ctx->pointer = end =
^ permalink raw reply [flat|nested] 288+ messages in thread
* [157/289] ALSA: hda - Fixed ALC887-VD initial error
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (156 preceding siblings ...)
2010-12-08 0:58 ` [156/289] firewire: ohci: fix race " Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [158/289] ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls Greg KH
` (128 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Kailang Yang, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Kailang Yang <kailang@realtek.com>
commit 01e0f1378c47947b825eac05c98697ab1be1c86f upstream.
ALC887-VD is like ALC888-VD. It can not be initialized as ALC882.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -19038,7 +19038,10 @@ static int patch_alc888(struct hda_codec
{
if ((alc_read_coef_idx(codec, 0) & 0x00f0)==0x0030){
kfree(codec->chip_name);
- codec->chip_name = kstrdup("ALC888-VD", GFP_KERNEL);
+ if (codec->vendor_id == 0x10ec0887)
+ codec->chip_name = kstrdup("ALC887-VD", GFP_KERNEL);
+ else
+ codec->chip_name = kstrdup("ALC888-VD", GFP_KERNEL);
if (!codec->chip_name) {
alc_free(codec);
return -ENOMEM;
@@ -19520,7 +19523,7 @@ static struct hda_codec_preset snd_hda_p
{ .id = 0x10ec0885, .rev = 0x100103, .name = "ALC889A",
.patch = patch_alc882 },
{ .id = 0x10ec0885, .name = "ALC885", .patch = patch_alc882 },
- { .id = 0x10ec0887, .name = "ALC887", .patch = patch_alc882 },
+ { .id = 0x10ec0887, .name = "ALC887", .patch = patch_alc888 },
{ .id = 0x10ec0888, .rev = 0x100101, .name = "ALC1200",
.patch = patch_alc882 },
{ .id = 0x10ec0888, .name = "ALC888", .patch = patch_alc888 },
^ permalink raw reply [flat|nested] 288+ messages in thread
* [158/289] ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (157 preceding siblings ...)
2010-12-08 0:58 ` [157/289] ALSA: hda - Fixed ALC887-VD initial error Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [159/289] ALSA: HDA: Add fixup pins for Ideapad Y550 Greg KH
` (127 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daniel T Chen, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel T Chen <crimsun@ubuntu.com>
commit 0613a59456980161d0cd468bae6c63d772743102 upstream.
BugLink: https://launchpad.net/bugs/669279
The original reporter states: "The Master mixer does not change the
volume from the headphone output (which is affected by the headphone
mixer). Instead it only seems to control the on-board speaker volume.
This confuses PulseAudio greatly as the Master channel is merged into
the volume mix."
Fix this symptom by applying the hp_only quirk for the reporter's SSID.
The fix is applicable to all stable kernels.
Reported-and-tested-by: Ben Gamari <bgamari@gmail.com>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/intel8x0.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sound/pci/intel8x0.c
+++ b/sound/pci/intel8x0.c
@@ -1866,6 +1866,12 @@ static struct ac97_quirk ac97_quirks[] _
},
{
.subvendor = 0x1028,
+ .subdevice = 0x0182,
+ .name = "Dell Latitude D610", /* STAC9750/51 */
+ .type = AC97_TUNE_HP_ONLY
+ },
+ {
+ .subvendor = 0x1028,
.subdevice = 0x0186,
.name = "Dell Latitude D810", /* cf. Malone #41015 */
.type = AC97_TUNE_HP_MUTE_LED
^ permalink raw reply [flat|nested] 288+ messages in thread
* [159/289] ALSA: HDA: Add fixup pins for Ideapad Y550
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (158 preceding siblings ...)
2010-12-08 0:58 ` [158/289] ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [160/289] ALSA: hda - Added fixup for Lenovo Y550P Greg KH
` (126 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, David Henningsson, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: David Henningsson <david.henningsson@canonical.com>
commit 6cb3b707f95954ac18f19b4b3919af235738371a upstream.
By adding the subwoofer as a speaker pin, it is treated correctly when auto-muting.
BugLink: https://launchpad.net/bugs/611803
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -18934,6 +18934,26 @@ static void alc662_auto_init(struct hda_
alc_inithook(codec);
}
+enum {
+ ALC662_FIXUP_IDEAPAD,
+};
+
+static const struct alc_fixup alc662_fixups[] = {
+ [ALC662_FIXUP_IDEAPAD] = {
+ .pins = (const struct alc_pincfg[]) {
+ { 0x17, 0x99130112 }, /* subwoofer */
+ { }
+ }
+ },
+};
+
+static struct snd_pci_quirk alc662_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD),
+ {}
+};
+
+
+
static int patch_alc662(struct hda_codec *codec)
{
struct alc_spec *spec;
@@ -18966,6 +18986,7 @@ static int patch_alc662(struct hda_codec
}
if (board_config == ALC662_AUTO) {
+ alc_pick_fixup(codec, alc662_fixup_tbl, alc662_fixups, 1);
/* automatic parse from the BIOS config */
err = alc662_parse_auto_config(codec);
if (err < 0) {
@@ -19024,8 +19045,11 @@ static int patch_alc662(struct hda_codec
spec->vmaster_nid = 0x02;
codec->patch_ops = alc_patch_ops;
- if (board_config == ALC662_AUTO)
+ if (board_config == ALC662_AUTO) {
spec->init_hook = alc662_auto_init;
+ alc_pick_fixup(codec, alc662_fixup_tbl, alc662_fixups, 0);
+ }
+
#ifdef CONFIG_SND_HDA_POWER_SAVE
if (!spec->loopback.amplist)
spec->loopback.amplist = alc662_loopbacks;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [160/289] ALSA: hda - Added fixup for Lenovo Y550P
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (159 preceding siblings ...)
2010-12-08 0:58 ` [159/289] ALSA: HDA: Add fixup pins for Ideapad Y550 Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [161/289] ALSA: hda: Add speaker pin to automute Acer Aspire 8943G Greg KH
` (125 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Valentine Sinitsyn, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Valentine Sinitsyn <valentine.sinitsyn@gmail.com>
commit d41185882b828896ccecac319c9f65f708baaf0d upstream.
Signed-off-by: Valentine Sinitsyn <valentine.sinitsyn@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -18948,6 +18948,7 @@ static const struct alc_fixup alc662_fix
};
static struct snd_pci_quirk alc662_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD),
{}
};
^ permalink raw reply [flat|nested] 288+ messages in thread
* [161/289] ALSA: hda: Add speaker pin to automute Acer Aspire 8943G
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (160 preceding siblings ...)
2010-12-08 0:58 ` [160/289] ALSA: hda - Added fixup for Lenovo Y550P Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:58 ` [162/289] ALSA: hda: Add Samsung R720 SSID for subwoofer pin fixup Greg KH
` (124 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daniel T Chen,
David Henningsson, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel T Chen <crimsun@ubuntu.com>
commit 2df03514de41f3bbb5623f2e7f2bf594e49cb2ec upstream.
BugLink: https://bugs.launchpad.net/bugs/656625
Add clause for handling Acer Aspire 8943G's subwoofer as additional
speaker pin for automuting.
Reported-by: RussianNeuroMancer
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -18935,10 +18935,17 @@ static void alc662_auto_init(struct hda_
}
enum {
+ ALC662_FIXUP_ASPIRE,
ALC662_FIXUP_IDEAPAD,
};
static const struct alc_fixup alc662_fixups[] = {
+ [ALC662_FIXUP_ASPIRE] = {
+ .pins = (const struct alc_pincfg[]) {
+ { 0x15, 0x99130112 }, /* subwoofer */
+ { }
+ }
+ },
[ALC662_FIXUP_IDEAPAD] = {
.pins = (const struct alc_pincfg[]) {
{ 0x17, 0x99130112 }, /* subwoofer */
@@ -18948,6 +18955,7 @@ static const struct alc_fixup alc662_fix
};
static struct snd_pci_quirk alc662_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE),
SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD),
{}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [162/289] ALSA: hda: Add Samsung R720 SSID for subwoofer pin fixup
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (161 preceding siblings ...)
2010-12-08 0:58 ` [161/289] ALSA: hda: Add speaker pin to automute Acer Aspire 8943G Greg KH
@ 2010-12-08 0:58 ` Greg KH
2010-12-08 0:59 ` [163/289] ALSA: hda - Use ALC_INIT_DEFAULT for really default initialization Greg KH
` (123 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:58 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daniel T Chen, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel T Chen <crimsun@ubuntu.com>
commit a0e90acc657990511c83bc69965bfd3c63386d45 upstream.
BugLink: https://launchpad.net/bugs/677830
The original reporter states that the subwoofer does not mute when
inserting headphones. We need an entry for his machine's SSID in the
subwoofer pin fixup list, so add it there (verified using hda_analyzer).
Reported-and-tested-by: i-NoD
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -18956,6 +18956,7 @@ static const struct alc_fixup alc662_fix
static struct snd_pci_quirk alc662_fixup_tbl[] = {
SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE),
+ SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD),
SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD),
{}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [163/289] ALSA: hda - Use ALC_INIT_DEFAULT for really default initialization
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (162 preceding siblings ...)
2010-12-08 0:58 ` [162/289] ALSA: hda: Add Samsung R720 SSID for subwoofer pin fixup Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [164/289] ALSA: hda - Fix ALC660-VD/ALC861-VD capture/playback mixers Greg KH
` (122 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 5a8cfb4e8ae317d283f84122ed20faa069c5e0c4 upstream.
When SKU assid gives no valid bits for 0x38, the driver didn't take
any action, so far. This resulted in the missing initialization for
external amps, etc, thus the silent output in the end.
Especially users hit this problem on ALC888 newly since 2.6.35,
where the driver doesn't force to use ALC_INIT_DEFAULT any more.
This patch sets the default initialization scheme to use
ALC_INIT_DEFAULT when no valid bits are set for SKU assid.
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=657388
Reported-and-tested-by: Kyle McMartin <kyle@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1438,6 +1438,7 @@ do_sku:
spec->init_amp = ALC_INIT_GPIO3;
break;
case 5:
+ default:
spec->init_amp = ALC_INIT_DEFAULT;
break;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [164/289] ALSA: hda - Fix ALC660-VD/ALC861-VD capture/playback mixers
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (163 preceding siblings ...)
2010-12-08 0:59 ` [163/289] ALSA: hda - Use ALC_INIT_DEFAULT for really default initialization Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [165/289] ALSA: HDA: Add an extra DAC for Realtek ALC887-VD Greg KH
` (121 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Herton Ronaldo Krzesinski,
Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
commit 7167594a3da7dcc33203b85d62e519594baee390 upstream.
The mixer nids passed to alc_auto_create_input_ctls are wrong: 0x15 is
a pin, and 0x09 is the ADC on both ALC660-VD/ALC861-VD. Thus with
current code, input playback volume/switches and input source mixer
controls are not created, and recording doesn't work. Select correct
mixers, 0x0b (input playback mixer) and 0x22 (capture source mixer).
Reference: https://qa.mandriva.com/show_bug.cgi?id=61159
Signed-off-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -16557,7 +16557,7 @@ static struct alc_config_preset alc861vd
static int alc861vd_auto_create_input_ctls(struct hda_codec *codec,
const struct auto_pin_cfg *cfg)
{
- return alc_auto_create_input_ctls(codec, cfg, 0x15, 0x09, 0);
+ return alc_auto_create_input_ctls(codec, cfg, 0x0b, 0x22, 0);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [165/289] ALSA: HDA: Add an extra DAC for Realtek ALC887-VD
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (164 preceding siblings ...)
2010-12-08 0:59 ` [164/289] ALSA: hda - Fix ALC660-VD/ALC861-VD capture/playback mixers Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [166/289] ALSA: Fix SNDCTL_DSP_RESET ioctl for OSS emulation Greg KH
` (120 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, David Henningsson, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: David Henningsson <david.henningsson@canonical.com>
commit cc1c452e509aefc28f7ad2deed75bc69d4f915f7 upstream.
The patch enables ALC887-VD to use the DAC at nid 0x26,
which makes it possible to use this DAC for e g Headphone
volume.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_realtek.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -18612,6 +18612,8 @@ static inline hda_nid_t alc662_mix_to_da
return 0x02;
else if (nid >= 0x0c && nid <= 0x0e)
return nid - 0x0c + 0x02;
+ else if (nid == 0x26) /* ALC887-VD has this DAC too */
+ return 0x25;
else
return 0;
}
@@ -18620,7 +18622,7 @@ static inline hda_nid_t alc662_mix_to_da
static hda_nid_t alc662_dac_to_mix(struct hda_codec *codec, hda_nid_t pin,
hda_nid_t dac)
{
- hda_nid_t mix[4];
+ hda_nid_t mix[5];
int i, num;
num = snd_hda_get_connections(codec, pin, mix, ARRAY_SIZE(mix));
^ permalink raw reply [flat|nested] 288+ messages in thread
* [166/289] ALSA: Fix SNDCTL_DSP_RESET ioctl for OSS emulation
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (165 preceding siblings ...)
2010-12-08 0:59 ` [165/289] ALSA: HDA: Add an extra DAC for Realtek ALC887-VD Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [167/289] ALSA: hda: Use "alienware" model quirk for another SSID Greg KH
` (119 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 60686aa0086a14f8b15c83a09f3df1eebe3aab3c upstream.
In OSS emulation, SNDCTL_DSP_RESET ioctl needs the reset of the internal
buffer state in addition to drop of the running streams. Otherwise the
succeeding access becomes inconsistent.
Tested-by: Amit Nagal <helloin.amit@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/core/oss/pcm_oss.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1510,16 +1510,19 @@ static ssize_t snd_pcm_oss_read1(struct
static int snd_pcm_oss_reset(struct snd_pcm_oss_file *pcm_oss_file)
{
struct snd_pcm_substream *substream;
+ struct snd_pcm_runtime *runtime;
+ int i;
- substream = pcm_oss_file->streams[SNDRV_PCM_STREAM_PLAYBACK];
- if (substream != NULL) {
+ for (i = 0; i < 2; i++) {
+ substream = pcm_oss_file->streams[i];
+ if (!substream)
+ continue;
+ runtime = substream->runtime;
snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_DROP, NULL);
- substream->runtime->oss.prepare = 1;
- }
- substream = pcm_oss_file->streams[SNDRV_PCM_STREAM_CAPTURE];
- if (substream != NULL) {
- snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_DROP, NULL);
- substream->runtime->oss.prepare = 1;
+ runtime->oss.prepare = 1;
+ runtime->oss.buffer_used = 0;
+ runtime->oss.prev_hw_ptr_period = 0;
+ runtime->oss.period_ptr = 0;
}
return 0;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [167/289] ALSA: hda: Use "alienware" model quirk for another SSID
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (166 preceding siblings ...)
2010-12-08 0:59 ` [166/289] ALSA: Fix SNDCTL_DSP_RESET ioctl for OSS emulation Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [168/289] netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages Greg KH
` (118 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daniel T Chen, Takashi Iwai
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel T Chen <crimsun@ubuntu.com>
commit 0defe09ca70daccdc83abd9c3c24cd89ae6a1141 upstream.
BugLink: https://launchpad.net/bugs/683695
The original reporter states that headphone jacks do not appear to
work. Upon inspecting his codec dump, and upon further testing, it is
confirmed that the "alienware" model quirk is correct.
Reported-and-tested-by: Cody Thierauf
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
sound/pci/hda/patch_sigmatel.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -1619,6 +1619,8 @@ static struct snd_pci_quirk stac92hd73xx
static struct snd_pci_quirk stac92hd73xx_codec_id_cfg_tbl[] = {
SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x02a1,
"Alienware M17x", STAC_ALIENWARE_M17X),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x043a,
+ "Alienware M17x", STAC_ALIENWARE_M17X),
{} /* terminator */
};
^ permalink raw reply [flat|nested] 288+ messages in thread
* [168/289] netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (167 preceding siblings ...)
2010-12-08 0:59 ` [167/289] ALSA: hda: Use "alienware" model quirk for another SSID Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [169/289] netfilter: NF_HOOK_COND has wrong conditional Greg KH
` (117 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric Dumazet, Patrick McHardy
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Eric Dumazet <eric.dumazet@gmail.com>
commit 6b1686a71e3158d3c5f125260effce171cc7852b upstream.
commit ea781f197d6a8 (use SLAB_DESTROY_BY_RCU and get rid of call_rcu())
did a mistake in __vmalloc() call in nf_ct_alloc_hashtable().
I forgot to add __GFP_HIGHMEM, so pages were taken from LOWMEM only.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/netfilter/nf_conntrack_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1260,7 +1260,8 @@ void *nf_ct_alloc_hashtable(unsigned int
if (!hash) {
*vmalloced = 1;
printk(KERN_WARNING "nf_conntrack: falling back to vmalloc.\n");
- hash = __vmalloc(sz, GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL);
+ hash = __vmalloc(sz, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO,
+ PAGE_KERNEL);
}
if (hash && nulls)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [169/289] netfilter: NF_HOOK_COND has wrong conditional
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (168 preceding siblings ...)
2010-12-08 0:59 ` [168/289] netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [170/289] radix-tree: fix RCU bug Greg KH
` (116 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric Paris, Patrick McHardy
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Eric Paris <eparis@redhat.com>
commit ac5aa2e3332ec04889074afdbd1479424d0227a5 upstream.
The NF_HOOK_COND returns 0 when it shouldn't due to what I believe to be an
error in the code as the order of operations is not what was intended. C will
evalutate == before =. Which means ret is getting set to the bool result,
rather than the return value of the function call. The code says
if (ret = function() == 1)
when it meant to say:
if ((ret = function()) == 1)
Normally the compiler would warn, but it doesn't notice it because its
a actually complex conditional and so the wrong code is wrapped in an explict
set of () [exactly what the compiler wants you to do if this was intentional].
Fixing this means that errors when netfilter denies a packet get propagated
back up the stack rather than lost.
Problem introduced by commit 2249065f (netfilter: get rid of the grossness
in netfilter.h).
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/netfilter.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -215,7 +215,7 @@ NF_HOOK_COND(uint8_t pf, unsigned int ho
int ret;
if (!cond ||
- (ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1))
+ ((ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN)) == 1))
ret = okfn(skb);
return ret;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [170/289] radix-tree: fix RCU bug
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (169 preceding siblings ...)
2010-12-08 0:59 ` [169/289] netfilter: NF_HOOK_COND has wrong conditional Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [171/289] latencytop: fix per task accumulator Greg KH
` (115 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Nick Piggin
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Nick Piggin <npiggin@kernel.dk>
commit 27d20fddc8af539464fc3ba499d6a830054c3bd6 upstream.
Salman Qazi describes the following radix-tree bug:
In the following case, we get can get a deadlock:
0. The radix tree contains two items, one has the index 0.
1. The reader (in this case find_get_pages) takes the rcu_read_lock.
2. The reader acquires slot(s) for item(s) including the index 0 item.
3. The non-zero index item is deleted, and as a consequence the other item is
moved to the root of the tree. The place where it used to be is queued for
deletion after the readers finish.
3b. The zero item is deleted, removing it from the direct slot, it remains in
the rcu-delayed indirect node.
4. The reader looks at the index 0 slot, and finds that the page has 0 ref
count
5. The reader looks at it again, hoping that the item will either be freed or
the ref count will increase. This never happens, as the slot it is looking
at will never be updated. Also, this slot can never be reclaimed because
the reader is holding rcu_read_lock and is in an infinite loop.
The fix is to re-use the same "indirect" pointer case that requires a slot
lookup retry into a general "retry the lookup" bit.
Signed-off-by: Nick Piggin <npiggin@kernel.dk>
Reported-by: Salman Qazi <sqazi@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/radix-tree.h | 36 ++++++++++---------
lib/radix-tree.c | 83 +++++++++++++++++++++++++++++++--------------
mm/filemap.c | 26 +++++---------
3 files changed, 87 insertions(+), 58 deletions(-)
--- a/include/linux/radix-tree.h
+++ b/include/linux/radix-tree.h
@@ -36,17 +36,6 @@
* RCU.
*/
#define RADIX_TREE_INDIRECT_PTR 1
-#define RADIX_TREE_RETRY ((void *)-1UL)
-
-static inline void *radix_tree_ptr_to_indirect(void *ptr)
-{
- return (void *)((unsigned long)ptr | RADIX_TREE_INDIRECT_PTR);
-}
-
-static inline void *radix_tree_indirect_to_ptr(void *ptr)
-{
- return (void *)((unsigned long)ptr & ~RADIX_TREE_INDIRECT_PTR);
-}
static inline int radix_tree_is_indirect_ptr(void *ptr)
{
@@ -138,16 +127,29 @@ do { \
* removed.
*
* For use with radix_tree_lookup_slot(). Caller must hold tree at least read
- * locked across slot lookup and dereference. More likely, will be used with
- * radix_tree_replace_slot(), as well, so caller will hold tree write locked.
+ * locked across slot lookup and dereference. Not required if write lock is
+ * held (ie. items cannot be concurrently inserted).
+ *
+ * radix_tree_deref_retry must be used to confirm validity of the pointer if
+ * only the read lock is held.
*/
static inline void *radix_tree_deref_slot(void **pslot)
{
- void *ret = rcu_dereference(*pslot);
- if (unlikely(radix_tree_is_indirect_ptr(ret)))
- ret = RADIX_TREE_RETRY;
- return ret;
+ return rcu_dereference(*pslot);
}
+
+/**
+ * radix_tree_deref_retry - check radix_tree_deref_slot
+ * @arg: pointer returned by radix_tree_deref_slot
+ * Returns: 0 if retry is not required, otherwise retry is required
+ *
+ * radix_tree_deref_retry must be used with radix_tree_deref_slot.
+ */
+static inline int radix_tree_deref_retry(void *arg)
+{
+ return unlikely((unsigned long)arg & RADIX_TREE_INDIRECT_PTR);
+}
+
/**
* radix_tree_replace_slot - replace item in a slot
* @pslot: pointer to slot, returned by radix_tree_lookup_slot
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -82,6 +82,16 @@ struct radix_tree_preload {
};
static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, };
+static inline void *ptr_to_indirect(void *ptr)
+{
+ return (void *)((unsigned long)ptr | RADIX_TREE_INDIRECT_PTR);
+}
+
+static inline void *indirect_to_ptr(void *ptr)
+{
+ return (void *)((unsigned long)ptr & ~RADIX_TREE_INDIRECT_PTR);
+}
+
static inline gfp_t root_gfp_mask(struct radix_tree_root *root)
{
return root->gfp_mask & __GFP_BITS_MASK;
@@ -265,7 +275,7 @@ static int radix_tree_extend(struct radi
return -ENOMEM;
/* Increase the height. */
- node->slots[0] = radix_tree_indirect_to_ptr(root->rnode);
+ node->slots[0] = indirect_to_ptr(root->rnode);
/* Propagate the aggregated tag info into the new root */
for (tag = 0; tag < RADIX_TREE_MAX_TAGS; tag++) {
@@ -276,7 +286,7 @@ static int radix_tree_extend(struct radi
newheight = root->height+1;
node->height = newheight;
node->count = 1;
- node = radix_tree_ptr_to_indirect(node);
+ node = ptr_to_indirect(node);
rcu_assign_pointer(root->rnode, node);
root->height = newheight;
} while (height > root->height);
@@ -309,7 +319,7 @@ int radix_tree_insert(struct radix_tree_
return error;
}
- slot = radix_tree_indirect_to_ptr(root->rnode);
+ slot = indirect_to_ptr(root->rnode);
height = root->height;
shift = (height-1) * RADIX_TREE_MAP_SHIFT;
@@ -325,8 +335,7 @@ int radix_tree_insert(struct radix_tree_
rcu_assign_pointer(node->slots[offset], slot);
node->count++;
} else
- rcu_assign_pointer(root->rnode,
- radix_tree_ptr_to_indirect(slot));
+ rcu_assign_pointer(root->rnode, ptr_to_indirect(slot));
}
/* Go a level down */
@@ -374,7 +383,7 @@ static void *radix_tree_lookup_element(s
return NULL;
return is_slot ? (void *)&root->rnode : node;
}
- node = radix_tree_indirect_to_ptr(node);
+ node = indirect_to_ptr(node);
height = node->height;
if (index > radix_tree_maxindex(height))
@@ -393,7 +402,7 @@ static void *radix_tree_lookup_element(s
height--;
} while (height > 0);
- return is_slot ? (void *)slot:node;
+ return is_slot ? (void *)slot : indirect_to_ptr(node);
}
/**
@@ -455,7 +464,7 @@ void *radix_tree_tag_set(struct radix_tr
height = root->height;
BUG_ON(index > radix_tree_maxindex(height));
- slot = radix_tree_indirect_to_ptr(root->rnode);
+ slot = indirect_to_ptr(root->rnode);
shift = (height - 1) * RADIX_TREE_MAP_SHIFT;
while (height > 0) {
@@ -509,7 +518,7 @@ void *radix_tree_tag_clear(struct radix_
shift = (height - 1) * RADIX_TREE_MAP_SHIFT;
pathp->node = NULL;
- slot = radix_tree_indirect_to_ptr(root->rnode);
+ slot = indirect_to_ptr(root->rnode);
while (height > 0) {
int offset;
@@ -579,7 +588,7 @@ int radix_tree_tag_get(struct radix_tree
if (!radix_tree_is_indirect_ptr(node))
return (index == 0);
- node = radix_tree_indirect_to_ptr(node);
+ node = indirect_to_ptr(node);
height = node->height;
if (index > radix_tree_maxindex(height))
@@ -666,7 +675,7 @@ unsigned long radix_tree_range_tag_if_ta
}
shift = (height - 1) * RADIX_TREE_MAP_SHIFT;
- slot = radix_tree_indirect_to_ptr(root->rnode);
+ slot = indirect_to_ptr(root->rnode);
/*
* we fill the path from (root->height - 2) to 0, leaving the index at
@@ -897,7 +906,7 @@ radix_tree_gang_lookup(struct radix_tree
results[0] = node;
return 1;
}
- node = radix_tree_indirect_to_ptr(node);
+ node = indirect_to_ptr(node);
max_index = radix_tree_maxindex(node->height);
@@ -916,7 +925,8 @@ radix_tree_gang_lookup(struct radix_tree
slot = *(((void ***)results)[ret + i]);
if (!slot)
continue;
- results[ret + nr_found] = rcu_dereference_raw(slot);
+ results[ret + nr_found] =
+ indirect_to_ptr(rcu_dereference_raw(slot));
nr_found++;
}
ret += nr_found;
@@ -965,7 +975,7 @@ radix_tree_gang_lookup_slot(struct radix
results[0] = (void **)&root->rnode;
return 1;
}
- node = radix_tree_indirect_to_ptr(node);
+ node = indirect_to_ptr(node);
max_index = radix_tree_maxindex(node->height);
@@ -1090,7 +1100,7 @@ radix_tree_gang_lookup_tag(struct radix_
results[0] = node;
return 1;
}
- node = radix_tree_indirect_to_ptr(node);
+ node = indirect_to_ptr(node);
max_index = radix_tree_maxindex(node->height);
@@ -1109,7 +1119,8 @@ radix_tree_gang_lookup_tag(struct radix_
slot = *(((void ***)results)[ret + i]);
if (!slot)
continue;
- results[ret + nr_found] = rcu_dereference_raw(slot);
+ results[ret + nr_found] =
+ indirect_to_ptr(rcu_dereference_raw(slot));
nr_found++;
}
ret += nr_found;
@@ -1159,7 +1170,7 @@ radix_tree_gang_lookup_tag_slot(struct r
results[0] = (void **)&root->rnode;
return 1;
}
- node = radix_tree_indirect_to_ptr(node);
+ node = indirect_to_ptr(node);
max_index = radix_tree_maxindex(node->height);
@@ -1195,7 +1206,7 @@ static inline void radix_tree_shrink(str
void *newptr;
BUG_ON(!radix_tree_is_indirect_ptr(to_free));
- to_free = radix_tree_indirect_to_ptr(to_free);
+ to_free = indirect_to_ptr(to_free);
/*
* The candidate node has more than one child, or its child
@@ -1208,16 +1219,39 @@ static inline void radix_tree_shrink(str
/*
* We don't need rcu_assign_pointer(), since we are simply
- * moving the node from one part of the tree to another. If
- * it was safe to dereference the old pointer to it
+ * moving the node from one part of the tree to another: if it
+ * was safe to dereference the old pointer to it
* (to_free->slots[0]), it will be safe to dereference the new
- * one (root->rnode).
+ * one (root->rnode) as far as dependent read barriers go.
*/
newptr = to_free->slots[0];
if (root->height > 1)
- newptr = radix_tree_ptr_to_indirect(newptr);
+ newptr = ptr_to_indirect(newptr);
root->rnode = newptr;
root->height--;
+
+ /*
+ * We have a dilemma here. The node's slot[0] must not be
+ * NULLed in case there are concurrent lookups expecting to
+ * find the item. However if this was a bottom-level node,
+ * then it may be subject to the slot pointer being visible
+ * to callers dereferencing it. If item corresponding to
+ * slot[0] is subsequently deleted, these callers would expect
+ * their slot to become empty sooner or later.
+ *
+ * For example, lockless pagecache will look up a slot, deref
+ * the page pointer, and if the page is 0 refcount it means it
+ * was concurrently deleted from pagecache so try the deref
+ * again. Fortunately there is already a requirement for logic
+ * to retry the entire slot lookup -- the indirect pointer
+ * problem (replacing direct root node with an indirect pointer
+ * also results in a stale slot). So tag the slot as indirect
+ * to force callers to retry.
+ */
+ if (root->height == 0)
+ *((unsigned long *)&to_free->slots[0]) |=
+ RADIX_TREE_INDIRECT_PTR;
+
radix_tree_node_free(to_free);
}
}
@@ -1254,7 +1288,7 @@ void *radix_tree_delete(struct radix_tre
root->rnode = NULL;
goto out;
}
- slot = radix_tree_indirect_to_ptr(slot);
+ slot = indirect_to_ptr(slot);
shift = (height - 1) * RADIX_TREE_MAP_SHIFT;
pathp->node = NULL;
@@ -1296,8 +1330,7 @@ void *radix_tree_delete(struct radix_tre
radix_tree_node_free(to_free);
if (pathp->node->count) {
- if (pathp->node ==
- radix_tree_indirect_to_ptr(root->rnode))
+ if (pathp->node == indirect_to_ptr(root->rnode))
radix_tree_shrink(root);
goto out;
}
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -631,7 +631,9 @@ repeat:
pagep = radix_tree_lookup_slot(&mapping->page_tree, offset);
if (pagep) {
page = radix_tree_deref_slot(pagep);
- if (unlikely(!page || page == RADIX_TREE_RETRY))
+ if (unlikely(!page))
+ goto out;
+ if (radix_tree_deref_retry(page))
goto repeat;
if (!page_cache_get_speculative(page))
@@ -647,6 +649,7 @@ repeat:
goto repeat;
}
}
+out:
rcu_read_unlock();
return page;
@@ -764,12 +767,11 @@ repeat:
page = radix_tree_deref_slot((void **)pages[i]);
if (unlikely(!page))
continue;
- /*
- * this can only trigger if nr_found == 1, making livelock
- * a non issue.
- */
- if (unlikely(page == RADIX_TREE_RETRY))
+ if (radix_tree_deref_retry(page)) {
+ if (ret)
+ start = pages[ret-1]->index;
goto restart;
+ }
if (!page_cache_get_speculative(page))
goto repeat;
@@ -817,11 +819,7 @@ repeat:
page = radix_tree_deref_slot((void **)pages[i]);
if (unlikely(!page))
continue;
- /*
- * this can only trigger if nr_found == 1, making livelock
- * a non issue.
- */
- if (unlikely(page == RADIX_TREE_RETRY))
+ if (radix_tree_deref_retry(page))
goto restart;
if (page->mapping == NULL || page->index != index)
@@ -874,11 +872,7 @@ repeat:
page = radix_tree_deref_slot((void **)pages[i]);
if (unlikely(!page))
continue;
- /*
- * this can only trigger if nr_found == 1, making livelock
- * a non issue.
- */
- if (unlikely(page == RADIX_TREE_RETRY))
+ if (radix_tree_deref_retry(page))
goto restart;
if (!page_cache_get_speculative(page))
^ permalink raw reply [flat|nested] 288+ messages in thread
* [171/289] latencytop: fix per task accumulator
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (170 preceding siblings ...)
2010-12-08 0:59 ` [170/289] radix-tree: fix RCU bug Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [172/289] mm/vfs: revalidate page->mapping in do_generic_file_read() Greg KH
` (114 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Ken Chen
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ken Chen <kenchen@google.com>
commit 38715258aa2e8cd94bd4aafadc544e5104efd551 upstream.
Per task latencytop accumulator prematurely terminates due to erroneous
placement of latency_record_count. It should be incremented whenever a
new record is allocated instead of increment on every latencytop event.
Also fix search iterator to only search known record events instead of
blindly searching all pre-allocated space.
Signed-off-by: Ken Chen <kenchen@google.com>
Reviewed-by: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
kernel/latencytop.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
--- a/kernel/latencytop.c
+++ b/kernel/latencytop.c
@@ -194,14 +194,7 @@ __account_scheduler_latency(struct task_
account_global_scheduler_latency(tsk, &lat);
- /*
- * short term hack; if we're > 32 we stop; future we recycle:
- */
- tsk->latency_record_count++;
- if (tsk->latency_record_count >= LT_SAVECOUNT)
- goto out_unlock;
-
- for (i = 0; i < LT_SAVECOUNT; i++) {
+ for (i = 0; i < tsk->latency_record_count; i++) {
struct latency_record *mylat;
int same = 1;
@@ -227,8 +220,14 @@ __account_scheduler_latency(struct task_
}
}
+ /*
+ * short term hack; if we're > 32 we stop; future we recycle:
+ */
+ if (tsk->latency_record_count >= LT_SAVECOUNT)
+ goto out_unlock;
+
/* Allocated a new one: */
- i = tsk->latency_record_count;
+ i = tsk->latency_record_count++;
memcpy(&tsk->latency_record[i], &lat, sizeof(struct latency_record));
out_unlock:
^ permalink raw reply [flat|nested] 288+ messages in thread
* [172/289] mm/vfs: revalidate page->mapping in do_generic_file_read()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (171 preceding siblings ...)
2010-12-08 0:59 ` [171/289] latencytop: fix per task accumulator Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [173/289] bio: take care not overflow page count when mapping/copying user data Greg KH
` (113 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dave Hansen, Rik van Riel,
arunabal, sbest, Christoph Hellwig, Al Viro, Minchan Kim
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dave Hansen <dave@linux.vnet.ibm.com>
commit 8d056cb965b8fb7c53c564abf28b1962d1061cd3 upstream.
70 hours into some stress tests of a 2.6.32-based enterprise kernel, we
ran into a NULL dereference in here:
int block_is_partially_uptodate(struct page *page, read_descriptor_t *desc,
unsigned long from)
{
----> struct inode *inode = page->mapping->host;
It looks like page->mapping was the culprit. (xmon trace is below).
After closer examination, I realized that do_generic_file_read() does a
find_get_page(), and eventually locks the page before calling
block_is_partially_uptodate(). However, it doesn't revalidate the
page->mapping after the page is locked. So, there's a small window
between the find_get_page() and ->is_partially_uptodate() where the page
could get truncated and page->mapping cleared.
We _have_ a reference, so it can't get reclaimed, but it certainly
can be truncated.
I think the correct thing is to check page->mapping after the
trylock_page(), and jump out if it got truncated. This patch has been
running in the test environment for a month or so now, and we have not
seen this bug pop up again.
xmon info:
1f:mon> e
cpu 0x1f: Vector: 300 (Data Access) at [c0000002ae36f770]
pc: c0000000001e7a6c: .block_is_partially_uptodate+0xc/0x100
lr: c000000000142944: .generic_file_aio_read+0x1e4/0x770
sp: c0000002ae36f9f0
msr: 8000000000009032
dar: 0
dsisr: 40000000
current = 0xc000000378f99e30
paca = 0xc000000000f66300
pid = 21946, comm = bash
1f:mon> r
R00 = 0025c0500000006d R16 = 0000000000000000
R01 = c0000002ae36f9f0 R17 = c000000362cd3af0
R02 = c000000000e8cd80 R18 = ffffffffffffffff
R03 = c0000000031d0f88 R19 = 0000000000000001
R04 = c0000002ae36fa68 R20 = c0000003bb97b8a0
R05 = 0000000000000000 R21 = c0000002ae36fa68
R06 = 0000000000000000 R22 = 0000000000000000
R07 = 0000000000000001 R23 = c0000002ae36fbb0
R08 = 0000000000000002 R24 = 0000000000000000
R09 = 0000000000000000 R25 = c000000362cd3a80
R10 = 0000000000000000 R26 = 0000000000000002
R11 = c0000000001e7b60 R27 = 0000000000000000
R12 = 0000000042000484 R28 = 0000000000000001
R13 = c000000000f66300 R29 = c0000003bb97b9b8
R14 = 0000000000000001 R30 = c000000000e28a08
R15 = 000000000000ffff R31 = c0000000031d0f88
pc = c0000000001e7a6c .block_is_partially_uptodate+0xc/0x100
lr = c000000000142944 .generic_file_aio_read+0x1e4/0x770
msr = 8000000000009032 cr = 22000488
ctr = c0000000001e7a60 xer = 0000000020000000 trap = 300
dar = 0000000000000000 dsisr = 40000000
1f:mon> t
[link register ] c000000000142944 .generic_file_aio_read+0x1e4/0x770
[c0000002ae36f9f0] c000000000142a14 .generic_file_aio_read+0x2b4/0x770 (unreliable)
[c0000002ae36fb40] c0000000001b03e4 .do_sync_read+0xd4/0x160
[c0000002ae36fce0] c0000000001b153c .vfs_read+0xec/0x1f0
[c0000002ae36fd80] c0000000001b1768 .SyS_read+0x58/0xb0
[c0000002ae36fe30] c00000000000852c syscall_exit+0x0/0x40
--- Exception: c00 (System Call) at 00000080a840bc54
SP (fffca15df30) is in userspace
1f:mon> di c0000000001e7a6c
c0000000001e7a6c e9290000 ld r9,0(r9)
c0000000001e7a70 418200c0 beq c0000000001e7b30 # .block_is_partially_uptodate+0xd0/0x100
c0000000001e7a74 e9440008 ld r10,8(r4)
c0000000001e7a78 78a80020 clrldi r8,r5,32
c0000000001e7a7c 3c000001 lis r0,1
c0000000001e7a80 812900a8 lwz r9,168(r9)
c0000000001e7a84 39600001 li r11,1
c0000000001e7a88 7c080050 subf r0,r8,r0
c0000000001e7a8c 7f805040 cmplw cr7,r0,r10
c0000000001e7a90 7d6b4830 slw r11,r11,r9
c0000000001e7a94 796b0020 clrldi r11,r11,32
c0000000001e7a98 419d00a8 bgt cr7,c0000000001e7b40 # .block_is_partially_uptodate+0xe0/0x100
c0000000001e7a9c 7fa55840 cmpld cr7,r5,r11
c0000000001e7aa0 7d004214 add r8,r0,r8
c0000000001e7aa4 79080020 clrldi r8,r8,32
c0000000001e7aa8 419c0078 blt cr7,c0000000001e7b20 # .block_is_partially_uptodate+0xc0/0x100
Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
Reviewed-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Rik van Riel <riel@redhat.com>
Cc: <arunabal@in.ibm.com>
Cc: <sbest@us.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Minchan Kim <minchan.kim@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/filemap.c | 3 +++
1 file changed, 3 insertions(+)
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1010,6 +1010,9 @@ find_page:
goto page_not_up_to_date;
if (!trylock_page(page))
goto page_not_up_to_date;
+ /* Did it get truncated before we got the lock? */
+ if (!page->mapping)
+ goto page_not_up_to_date_locked;
if (!mapping->a_ops->is_partially_uptodate(page,
desc, offset))
goto page_not_up_to_date_locked;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [173/289] bio: take care not overflow page count when mapping/copying user data
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (172 preceding siblings ...)
2010-12-08 0:59 ` [172/289] mm/vfs: revalidate page->mapping in do_generic_file_read() Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [174/289] drm/radeon/kms/atom: set sane defaults in atombios_get_encoder_mode() Greg KH
` (112 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jens Axboe
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jens Axboe <jaxboe@fusionio.com>
commit cb4644cac4a2797afc847e6c92736664d4b0ea34 upstream.
If the iovec is being set up in a way that causes uaddr + PAGE_SIZE
to overflow, we could end up attempting to map a huge number of
pages. Check for this invalid input type.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/bio.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -834,6 +834,12 @@ struct bio *bio_copy_user_iov(struct req
end = (uaddr + iov[i].iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT;
start = uaddr >> PAGE_SHIFT;
+ /*
+ * Overflow, abort
+ */
+ if (end < start)
+ return ERR_PTR(-EINVAL);
+
nr_pages += end - start;
len += iov[i].iov_len;
}
@@ -962,6 +968,12 @@ static struct bio *__bio_map_user_iov(st
unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
unsigned long start = uaddr >> PAGE_SHIFT;
+ /*
+ * Overflow, abort
+ */
+ if (end < start)
+ return ERR_PTR(-EINVAL);
+
nr_pages += end - start;
/*
* buffer must be aligned to at least hardsector size for now
@@ -989,7 +1001,7 @@ static struct bio *__bio_map_user_iov(st
unsigned long start = uaddr >> PAGE_SHIFT;
const int local_nr_pages = end - start;
const int page_limit = cur_page + local_nr_pages;
-
+
ret = get_user_pages_fast(uaddr, local_nr_pages,
write_to_vm, &pages[cur_page]);
if (ret < local_nr_pages) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [174/289] drm/radeon/kms/atom: set sane defaults in atombios_get_encoder_mode()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (173 preceding siblings ...)
2010-12-08 0:59 ` [173/289] bio: take care not overflow page count when mapping/copying user data Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [175/289] drm/radeon/kms: fix typos in disabled vbios code Greg KH
` (111 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit c7a71fc761551dc8be8543f14a90d08cda4e77f9 upstream.
If there was no connector mapped to the encoder, atombios_get_encoder_mode()
returned 0 which is the id for DP. Return something sane instead based on
the encoder id. This avoids hitting the DP paths on non-DP encoders.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_encoders.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/radeon/radeon_encoders.c
+++ b/drivers/gpu/drm/radeon/radeon_encoders.c
@@ -595,6 +595,7 @@ atombios_digital_setup(struct drm_encode
int
atombios_get_encoder_mode(struct drm_encoder *encoder)
{
+ struct radeon_encoder *radeon_encoder = to_radeon_encoder(encoder);
struct drm_device *dev = encoder->dev;
struct radeon_device *rdev = dev->dev_private;
struct drm_connector *connector;
@@ -602,9 +603,20 @@ atombios_get_encoder_mode(struct drm_enc
struct radeon_connector_atom_dig *dig_connector;
connector = radeon_get_connector_for_encoder(encoder);
- if (!connector)
- return 0;
-
+ if (!connector) {
+ switch (radeon_encoder->encoder_id) {
+ case ENCODER_OBJECT_ID_INTERNAL_UNIPHY:
+ case ENCODER_OBJECT_ID_INTERNAL_UNIPHY1:
+ case ENCODER_OBJECT_ID_INTERNAL_UNIPHY2:
+ case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_LVTMA:
+ case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_DVO1:
+ return ATOM_ENCODER_MODE_DVI;
+ case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_DAC1:
+ case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_DAC2:
+ default:
+ return ATOM_ENCODER_MODE_CRT;
+ }
+ }
radeon_connector = to_radeon_connector(connector);
switch (connector->connector_type) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [175/289] drm/radeon/kms: fix typos in disabled vbios code
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (174 preceding siblings ...)
2010-12-08 0:59 ` [174/289] drm/radeon/kms/atom: set sane defaults in atombios_get_encoder_mode() Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [176/289] drm/radeon/kms: add workaround for dce3 ddc line vbios bug Greg KH
` (110 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit 0ec80d645661dda50acd417bdfcb33df2e5dd31e upstream.
6xx/7xx was hitting the wrong BUS_CNTL reg and bits.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/r600_reg.h | 1 +
drivers/gpu/drm/radeon/radeon_bios.c | 13 +++++++------
2 files changed, 8 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/radeon/r600_reg.h
+++ b/drivers/gpu/drm/radeon/r600_reg.h
@@ -86,6 +86,7 @@
#define R600_HDP_NONSURFACE_BASE 0x2c04
#define R600_BUS_CNTL 0x5420
+# define R600_BIOS_ROM_DIS (1 << 1)
#define R600_CONFIG_CNTL 0x5424
#define R600_CONFIG_MEMSIZE 0x5428
#define R600_CONFIG_F0_BASE 0x542C
--- a/drivers/gpu/drm/radeon/radeon_bios.c
+++ b/drivers/gpu/drm/radeon/radeon_bios.c
@@ -130,6 +130,7 @@ static bool radeon_atrm_get_bios(struct
}
return true;
}
+
static bool r700_read_disabled_bios(struct radeon_device *rdev)
{
uint32_t viph_control;
@@ -143,7 +144,7 @@ static bool r700_read_disabled_bios(stru
bool r;
viph_control = RREG32(RADEON_VIPH_CONTROL);
- bus_cntl = RREG32(RADEON_BUS_CNTL);
+ bus_cntl = RREG32(R600_BUS_CNTL);
d1vga_control = RREG32(AVIVO_D1VGA_CONTROL);
d2vga_control = RREG32(AVIVO_D2VGA_CONTROL);
vga_render_control = RREG32(AVIVO_VGA_RENDER_CONTROL);
@@ -152,7 +153,7 @@ static bool r700_read_disabled_bios(stru
/* disable VIP */
WREG32(RADEON_VIPH_CONTROL, (viph_control & ~RADEON_VIPH_EN));
/* enable the rom */
- WREG32(RADEON_BUS_CNTL, (bus_cntl & ~RADEON_BUS_BIOS_DIS_ROM));
+ WREG32(R600_BUS_CNTL, (bus_cntl & ~R600_BIOS_ROM_DIS));
/* Disable VGA mode */
WREG32(AVIVO_D1VGA_CONTROL,
(d1vga_control & ~(AVIVO_DVGA_CONTROL_MODE_ENABLE |
@@ -191,7 +192,7 @@ static bool r700_read_disabled_bios(stru
cg_spll_status = RREG32(R600_CG_SPLL_STATUS);
}
WREG32(RADEON_VIPH_CONTROL, viph_control);
- WREG32(RADEON_BUS_CNTL, bus_cntl);
+ WREG32(R600_BUS_CNTL, bus_cntl);
WREG32(AVIVO_D1VGA_CONTROL, d1vga_control);
WREG32(AVIVO_D2VGA_CONTROL, d2vga_control);
WREG32(AVIVO_VGA_RENDER_CONTROL, vga_render_control);
@@ -216,7 +217,7 @@ static bool r600_read_disabled_bios(stru
bool r;
viph_control = RREG32(RADEON_VIPH_CONTROL);
- bus_cntl = RREG32(RADEON_BUS_CNTL);
+ bus_cntl = RREG32(R600_BUS_CNTL);
d1vga_control = RREG32(AVIVO_D1VGA_CONTROL);
d2vga_control = RREG32(AVIVO_D2VGA_CONTROL);
vga_render_control = RREG32(AVIVO_VGA_RENDER_CONTROL);
@@ -231,7 +232,7 @@ static bool r600_read_disabled_bios(stru
/* disable VIP */
WREG32(RADEON_VIPH_CONTROL, (viph_control & ~RADEON_VIPH_EN));
/* enable the rom */
- WREG32(RADEON_BUS_CNTL, (bus_cntl & ~RADEON_BUS_BIOS_DIS_ROM));
+ WREG32(R600_BUS_CNTL, (bus_cntl & ~R600_BIOS_ROM_DIS));
/* Disable VGA mode */
WREG32(AVIVO_D1VGA_CONTROL,
(d1vga_control & ~(AVIVO_DVGA_CONTROL_MODE_ENABLE |
@@ -262,7 +263,7 @@ static bool r600_read_disabled_bios(stru
/* restore regs */
WREG32(RADEON_VIPH_CONTROL, viph_control);
- WREG32(RADEON_BUS_CNTL, bus_cntl);
+ WREG32(R600_BUS_CNTL, bus_cntl);
WREG32(AVIVO_D1VGA_CONTROL, d1vga_control);
WREG32(AVIVO_D2VGA_CONTROL, d2vga_control);
WREG32(AVIVO_VGA_RENDER_CONTROL, vga_render_control);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [176/289] drm/radeon/kms: add workaround for dce3 ddc line vbios bug
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (175 preceding siblings ...)
2010-12-08 0:59 ` [175/289] drm/radeon/kms: fix typos in disabled vbios code Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [177/289] drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once Greg KH
` (109 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit 3074adc8b6d9bf28b574a58241b958057a69a7a0 upstream.
fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=23752
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_atombios.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -98,6 +98,14 @@ static inline struct radeon_i2c_bus_rec
}
}
+ /* some DCE3 boards have bad data for this entry */
+ if (ASIC_IS_DCE3(rdev)) {
+ if ((i == 4) &&
+ (gpio->usClkMaskRegisterIndex == 0x1fda) &&
+ (gpio->sucI2cId.ucAccess == 0x94))
+ gpio->sucI2cId.ucAccess = 0x14;
+ }
+
if (gpio->sucI2cId.ucAccess == id) {
i2c.mask_clk_reg = le16_to_cpu(gpio->usClkMaskRegisterIndex) * 4;
i2c.mask_data_reg = le16_to_cpu(gpio->usDataMaskRegisterIndex) * 4;
@@ -174,6 +182,14 @@ void radeon_atombios_i2c_init(struct rad
}
}
+ /* some DCE3 boards have bad data for this entry */
+ if (ASIC_IS_DCE3(rdev)) {
+ if ((i == 4) &&
+ (gpio->usClkMaskRegisterIndex == 0x1fda) &&
+ (gpio->sucI2cId.ucAccess == 0x94))
+ gpio->sucI2cId.ucAccess = 0x14;
+ }
+
i2c.mask_clk_reg = le16_to_cpu(gpio->usClkMaskRegisterIndex) * 4;
i2c.mask_data_reg = le16_to_cpu(gpio->usDataMaskRegisterIndex) * 4;
i2c.en_clk_reg = le16_to_cpu(gpio->usClkEnRegisterIndex) * 4;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [177/289] drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (176 preceding siblings ...)
2010-12-08 0:59 ` [176/289] drm/radeon/kms: add workaround for dce3 ddc line vbios bug Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [178/289] drm/radeon/kms: fix thermal sensor reporting on rv6xx Greg KH
` (108 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Michel DÀnzer,
Dave Airlie
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1207 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <daenzer@vmware.com>
commit 2b66b50b12cabc05f05543e792d4c9c2465d5702 upstream.
If ttm_bo_init() returns failure, it already destroyed the BO, so we need to
retry from scratch.
Signed-off-by: Michel Dänzer <daenzer@vmware.com>
Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_object.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/radeon/radeon_object.c
+++ b/drivers/gpu/drm/radeon/radeon_object.c
@@ -102,6 +102,8 @@ int radeon_bo_create(struct radeon_devic
type = ttm_bo_type_device;
}
*bo_ptr = NULL;
+
+retry:
bo = kzalloc(sizeof(struct radeon_bo), GFP_KERNEL);
if (bo == NULL)
return -ENOMEM;
@@ -109,8 +111,6 @@ int radeon_bo_create(struct radeon_devic
bo->gobj = gobj;
bo->surface_reg = -1;
INIT_LIST_HEAD(&bo->list);
-
-retry:
radeon_ttm_placement_from_domain(bo, domain);
/* Kernel allocation are uninterruptible */
mutex_lock(&rdev->vram_mutex);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [178/289] drm/radeon/kms: fix thermal sensor reporting on rv6xx
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (177 preceding siblings ...)
2010-12-08 0:59 ` [177/289] drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [179/289] drm/radeon/kms: fix i2c pad masks on rs4xx Greg KH
` (107 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit b2298fd27127f872881048fd37cb9217a648ae06 upstream.
Temperature is not shifted as on newer asics.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/r600.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
--- a/drivers/gpu/drm/radeon/r600.c
+++ b/drivers/gpu/drm/radeon/r600.c
@@ -97,14 +97,8 @@ u32 rv6xx_get_temp(struct radeon_device
{
u32 temp = (RREG32(CG_THERMAL_STATUS) & ASIC_T_MASK) >>
ASIC_T_SHIFT;
- u32 actual_temp = 0;
- if ((temp >> 7) & 1)
- actual_temp = 0;
- else
- actual_temp = (temp >> 1) & 0xff;
-
- return actual_temp * 1000;
+ return temp * 1000;
}
void r600_pm_get_dynpm_state(struct radeon_device *rdev)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [179/289] drm/radeon/kms: fix i2c pad masks on rs4xx
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (178 preceding siblings ...)
2010-12-08 0:59 ` [178/289] drm/radeon/kms: fix thermal sensor reporting on rv6xx Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [180/289] drm/radeon/kms: fix resume regression for some r5xx laptops Greg KH
` (106 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit be66305718bee9927e6acc6b75618ce3cd745718 upstream.
These got lost in the last i2c cleanup. Fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=23222
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_combios.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/gpu/drm/radeon/radeon_combios.c
+++ b/drivers/gpu/drm/radeon/radeon_combios.c
@@ -571,6 +571,7 @@ static struct radeon_i2c_bus_rec combios
}
if (clk_mask && data_mask) {
+ /* system specific masks */
i2c.mask_clk_mask = clk_mask;
i2c.mask_data_mask = data_mask;
i2c.a_clk_mask = clk_mask;
@@ -579,7 +580,19 @@ static struct radeon_i2c_bus_rec combios
i2c.en_data_mask = data_mask;
i2c.y_clk_mask = clk_mask;
i2c.y_data_mask = data_mask;
+ } else if ((ddc_line == RADEON_GPIOPAD_MASK) ||
+ (ddc_line == RADEON_MDGPIO_MASK)) {
+ /* default gpiopad masks */
+ i2c.mask_clk_mask = (0x20 << 8);
+ i2c.mask_data_mask = 0x80;
+ i2c.a_clk_mask = (0x20 << 8);
+ i2c.a_data_mask = 0x80;
+ i2c.en_clk_mask = (0x20 << 8);
+ i2c.en_data_mask = 0x80;
+ i2c.y_clk_mask = (0x20 << 8);
+ i2c.y_data_mask = 0x80;
} else {
+ /* default masks for ddc pads */
i2c.mask_clk_mask = RADEON_GPIO_EN_1;
i2c.mask_data_mask = RADEON_GPIO_EN_0;
i2c.a_clk_mask = RADEON_GPIO_A_1;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [180/289] drm/radeon/kms: fix resume regression for some r5xx laptops
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (179 preceding siblings ...)
2010-12-08 0:59 ` [179/289] drm/radeon/kms: fix i2c pad masks on rs4xx Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [181/289] drm/radeon/kms: fix regression in rs4xx i2c setup Greg KH
` (105 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit f24d86f1a49505cdea56728b853a5d0a3f8e3d11 upstream.
I had removed this when I switched the atom indirect io methods
to use the io bar rather than the mmio bar, but it appears it's
still needed.
Reported-by: Mark Lord <kernel@teksavvy.com>
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/atom.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/radeon/atom.c
+++ b/drivers/gpu/drm/radeon/atom.c
@@ -112,6 +112,7 @@ static uint32_t atom_iio_execute(struct
base += 3;
break;
case ATOM_IIO_WRITE:
+ (void)ctx->card->ioreg_read(ctx->card, CU16(base + 1));
ctx->card->ioreg_write(ctx->card, CU16(base + 1), temp);
base += 3;
break;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [181/289] drm/radeon/kms: fix regression in rs4xx i2c setup
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (180 preceding siblings ...)
2010-12-08 0:59 ` [180/289] drm/radeon/kms: fix resume regression for some r5xx laptops Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [182/289] drm/radeon/kms: fix interlaced and doublescan handling Greg KH
` (104 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit 791cfe2684a74ed7155254816ff9e89e6064277c upstream.
typo in my last i2c rework.
Fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=23222
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_combios.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/radeon/radeon_combios.c
+++ b/drivers/gpu/drm/radeon/radeon_combios.c
@@ -729,7 +729,7 @@ void radeon_combios_i2c_init(struct rade
clk = RBIOS8(offset + 3 + (i * 5) + 3);
data = RBIOS8(offset + 3 + (i * 5) + 4);
i2c = combios_setup_i2c_bus(rdev, DDC_MONID,
- clk, data);
+ (1 << clk), (1 << data));
rdev->i2c_bus[4] = radeon_i2c_create(dev, &i2c, "GPIOPAD_MASK");
break;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [182/289] drm/radeon/kms: fix interlaced and doublescan handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (181 preceding siblings ...)
2010-12-08 0:59 ` [181/289] drm/radeon/kms: fix regression in rs4xx i2c setup Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [183/289] exec: make argv/envp memory visible to oom-killer Greg KH
` (103 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alex Deucher, Dave Airlie
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alex Deucher <alexdeucher@gmail.com>
commit c49948f4bd39e27dd06a1cdb0c3743ca2a734f5e upstream.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/radeon/radeon_connectors.c | 34 +++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
--- a/drivers/gpu/drm/radeon/radeon_connectors.c
+++ b/drivers/gpu/drm/radeon/radeon_connectors.c
@@ -1119,6 +1119,8 @@ radeon_add_atom_connector(struct drm_dev
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
connector->polled = DRM_CONNECTOR_POLL_CONNECT;
+ connector->interlace_allowed = true;
+ connector->doublescan_allowed = true;
break;
case DRM_MODE_CONNECTOR_DVIA:
drm_connector_init(dev, &radeon_connector->base, &radeon_vga_connector_funcs, connector_type);
@@ -1134,6 +1136,8 @@ radeon_add_atom_connector(struct drm_dev
1);
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
+ connector->interlace_allowed = true;
+ connector->doublescan_allowed = true;
break;
case DRM_MODE_CONNECTOR_DVII:
case DRM_MODE_CONNECTOR_DVID:
@@ -1163,6 +1167,11 @@ radeon_add_atom_connector(struct drm_dev
rdev->mode_info.load_detect_property,
1);
}
+ connector->interlace_allowed = true;
+ if (connector_type == DRM_MODE_CONNECTOR_DVII)
+ connector->doublescan_allowed = true;
+ else
+ connector->doublescan_allowed = false;
break;
case DRM_MODE_CONNECTOR_HDMIA:
case DRM_MODE_CONNECTOR_HDMIB:
@@ -1186,6 +1195,11 @@ radeon_add_atom_connector(struct drm_dev
rdev->mode_info.underscan_property,
UNDERSCAN_AUTO);
subpixel_order = SubPixelHorizontalRGB;
+ connector->interlace_allowed = true;
+ if (connector_type == DRM_MODE_CONNECTOR_HDMIB)
+ connector->doublescan_allowed = true;
+ else
+ connector->doublescan_allowed = false;
break;
case DRM_MODE_CONNECTOR_DisplayPort:
case DRM_MODE_CONNECTOR_eDP:
@@ -1216,6 +1230,9 @@ radeon_add_atom_connector(struct drm_dev
drm_connector_attach_property(&radeon_connector->base,
rdev->mode_info.underscan_property,
UNDERSCAN_AUTO);
+ connector->interlace_allowed = true;
+ /* in theory with a DP to VGA converter... */
+ connector->doublescan_allowed = false;
break;
case DRM_MODE_CONNECTOR_SVIDEO:
case DRM_MODE_CONNECTOR_Composite:
@@ -1231,6 +1248,8 @@ radeon_add_atom_connector(struct drm_dev
radeon_atombios_get_tv_info(rdev));
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
+ connector->interlace_allowed = false;
+ connector->doublescan_allowed = false;
break;
case DRM_MODE_CONNECTOR_LVDS:
radeon_dig_connector = kzalloc(sizeof(struct radeon_connector_atom_dig), GFP_KERNEL);
@@ -1249,6 +1268,8 @@ radeon_add_atom_connector(struct drm_dev
dev->mode_config.scaling_mode_property,
DRM_MODE_SCALE_FULLSCREEN);
subpixel_order = SubPixelHorizontalRGB;
+ connector->interlace_allowed = false;
+ connector->doublescan_allowed = false;
break;
}
@@ -1326,6 +1347,8 @@ radeon_add_legacy_connector(struct drm_d
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
connector->polled = DRM_CONNECTOR_POLL_CONNECT;
+ connector->interlace_allowed = true;
+ connector->doublescan_allowed = true;
break;
case DRM_MODE_CONNECTOR_DVIA:
drm_connector_init(dev, &radeon_connector->base, &radeon_vga_connector_funcs, connector_type);
@@ -1341,6 +1364,8 @@ radeon_add_legacy_connector(struct drm_d
1);
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
+ connector->interlace_allowed = true;
+ connector->doublescan_allowed = true;
break;
case DRM_MODE_CONNECTOR_DVII:
case DRM_MODE_CONNECTOR_DVID:
@@ -1358,6 +1383,11 @@ radeon_add_legacy_connector(struct drm_d
1);
}
subpixel_order = SubPixelHorizontalRGB;
+ connector->interlace_allowed = true;
+ if (connector_type == DRM_MODE_CONNECTOR_DVII)
+ connector->doublescan_allowed = true;
+ else
+ connector->doublescan_allowed = false;
break;
case DRM_MODE_CONNECTOR_SVIDEO:
case DRM_MODE_CONNECTOR_Composite:
@@ -1380,6 +1410,8 @@ radeon_add_legacy_connector(struct drm_d
radeon_combios_get_tv_info(rdev));
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
+ connector->interlace_allowed = false;
+ connector->doublescan_allowed = false;
break;
case DRM_MODE_CONNECTOR_LVDS:
drm_connector_init(dev, &radeon_connector->base, &radeon_lvds_connector_funcs, connector_type);
@@ -1393,6 +1425,8 @@ radeon_add_legacy_connector(struct drm_d
dev->mode_config.scaling_mode_property,
DRM_MODE_SCALE_FULLSCREEN);
subpixel_order = SubPixelHorizontalRGB;
+ connector->interlace_allowed = false;
+ connector->doublescan_allowed = false;
break;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [183/289] exec: make argv/envp memory visible to oom-killer
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (182 preceding siblings ...)
2010-12-08 0:59 ` [182/289] drm/radeon/kms: fix interlaced and doublescan handling Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [184/289] exec: copy-and-paste the fixes into compat_do_execve() paths Greg KH
` (102 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Oleg Nesterov
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 3c77f845722158206a7209c45ccddc264d19319c upstream.
Brad Spengler published a local memory-allocation DoS that
evades the OOM-killer (though not the virtual memory RLIMIT):
http://www.grsecurity.net/~spender/64bit_dos.c
execve()->copy_strings() can allocate a lot of memory, but
this is not visible to oom-killer, nobody can see the nascent
bprm->mm and take it into account.
With this patch get_arg_page() increments current's MM_ANONPAGES
counter every time we allocate the new page for argv/envp. When
do_execve() succeds or fails, we change this counter back.
Technically this is not 100% correct, we can't know if the new
page is swapped out and turn MM_ANONPAGES into MM_SWAPENTS, but
I don't think this really matters and everything becomes correct
once exec changes ->mm or fails.
Reported-by: Brad Spengler <spender@grsecurity.net>
Reviewed-and-discussed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/exec.c | 32 ++++++++++++++++++++++++++++++--
include/linux/binfmts.h | 1 +
2 files changed, 31 insertions(+), 2 deletions(-)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -157,6 +157,25 @@ out:
#ifdef CONFIG_MMU
+static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
+{
+ struct mm_struct *mm = current->mm;
+ long diff = (long)(pages - bprm->vma_pages);
+
+ if (!mm || !diff)
+ return;
+
+ bprm->vma_pages = pages;
+
+#ifdef SPLIT_RSS_COUNTING
+ add_mm_counter(mm, MM_ANONPAGES, diff);
+#else
+ spin_lock(&mm->page_table_lock);
+ add_mm_counter(mm, MM_ANONPAGES, diff);
+ spin_unlock(&mm->page_table_lock);
+#endif
+}
+
static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
int write)
{
@@ -179,6 +198,8 @@ static struct page *get_arg_page(struct
unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
struct rlimit *rlim;
+ acct_arg_size(bprm, size / PAGE_SIZE);
+
/*
* We've historically supported up to 32 pages (ARG_MAX)
* of argument strings even with small stacks
@@ -269,6 +290,10 @@ static bool valid_arg_len(struct linux_b
#else
+static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
+{
+}
+
static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
int write)
{
@@ -992,6 +1017,7 @@ int flush_old_exec(struct linux_binprm *
/*
* Release all of the old mmap stuff
*/
+ acct_arg_size(bprm, 0);
retval = exec_mmap(bprm->mm);
if (retval)
goto out;
@@ -1416,8 +1442,10 @@ int do_execve(const char * filename,
return retval;
out:
- if (bprm->mm)
- mmput (bprm->mm);
+ if (bprm->mm) {
+ acct_arg_size(bprm, 0);
+ mmput(bprm->mm);
+ }
out_file:
if (bprm->file) {
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -29,6 +29,7 @@ struct linux_binprm{
char buf[BINPRM_BUF_SIZE];
#ifdef CONFIG_MMU
struct vm_area_struct *vma;
+ unsigned long vma_pages;
#else
# define MAX_ARG_PAGES 32
struct page *page[MAX_ARG_PAGES];
^ permalink raw reply [flat|nested] 288+ messages in thread
* [184/289] exec: copy-and-paste the fixes into compat_do_execve() paths
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (183 preceding siblings ...)
2010-12-08 0:59 ` [183/289] exec: make argv/envp memory visible to oom-killer Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [185/289] drm/i915/sdvo: Always add a 30ms delay to make SDVO TV detection reliable Greg KH
` (101 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Oleg Nesterov, KOSAKI Motohiro
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 114279be2120a916e8a04feeb2ac976a10016f2f upstream.
Note: this patch targets 2.6.37 and tries to be as simple as possible.
That is why it adds more copy-and-paste horror into fs/compat.c and
uglifies fs/exec.c, this will be cleanuped later.
compat_copy_strings() plays with bprm->vma/mm directly and thus has
two problems: it lacks the RLIMIT_STACK check and argv/envp memory
is not visible to oom killer.
Export acct_arg_size() and get_arg_page(), change compat_copy_strings()
to use get_arg_page(), change compat_do_execve() to do acct_arg_size(0)
as do_execve() does.
Add the fatal_signal_pending/cond_resched checks into compat_count() and
compat_copy_strings(), this matches the code in fs/exec.c and certainly
makes sense.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/compat.c | 28 +++++++++++++++-------------
fs/exec.c | 8 ++++----
include/linux/binfmts.h | 4 ++++
3 files changed, 23 insertions(+), 17 deletions(-)
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1378,6 +1378,10 @@ static int compat_count(compat_uptr_t __
argv++;
if (i++ >= max)
return -E2BIG;
+
+ if (fatal_signal_pending(current))
+ return -ERESTARTNOHAND;
+ cond_resched();
}
}
return i;
@@ -1419,6 +1423,12 @@ static int compat_copy_strings(int argc,
while (len > 0) {
int offset, bytes_to_copy;
+ if (fatal_signal_pending(current)) {
+ ret = -ERESTARTNOHAND;
+ goto out;
+ }
+ cond_resched();
+
offset = pos % PAGE_SIZE;
if (offset == 0)
offset = PAGE_SIZE;
@@ -1435,18 +1445,8 @@ static int compat_copy_strings(int argc,
if (!kmapped_page || kpos != (pos & PAGE_MASK)) {
struct page *page;
-#ifdef CONFIG_STACK_GROWSUP
- ret = expand_stack_downwards(bprm->vma, pos);
- if (ret < 0) {
- /* We've exceed the stack rlimit. */
- ret = -E2BIG;
- goto out;
- }
-#endif
- ret = get_user_pages(current, bprm->mm, pos,
- 1, 1, 1, &page, NULL);
- if (ret <= 0) {
- /* We've exceed the stack rlimit. */
+ page = get_arg_page(bprm, pos, 1);
+ if (!page) {
ret = -E2BIG;
goto out;
}
@@ -1567,8 +1567,10 @@ int compat_do_execve(char * filename,
return retval;
out:
- if (bprm->mm)
+ if (bprm->mm) {
+ acct_arg_size(bprm, 0);
mmput(bprm->mm);
+ }
out_file:
if (bprm->file) {
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -157,7 +157,7 @@ out:
#ifdef CONFIG_MMU
-static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
+void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
{
struct mm_struct *mm = current->mm;
long diff = (long)(pages - bprm->vma_pages);
@@ -176,7 +176,7 @@ static void acct_arg_size(struct linux_b
#endif
}
-static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
int write)
{
struct page *page;
@@ -290,11 +290,11 @@ static bool valid_arg_len(struct linux_b
#else
-static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
+void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
{
}
-static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
int write)
{
struct page *page;
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -60,6 +60,10 @@ struct linux_binprm{
unsigned long loader, exec;
};
+extern void acct_arg_size(struct linux_binprm *bprm, unsigned long pages);
+extern struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+ int write);
+
#define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
#define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [185/289] drm/i915/sdvo: Always add a 30ms delay to make SDVO TV detection reliable
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (184 preceding siblings ...)
2010-12-08 0:59 ` [184/289] exec: copy-and-paste the fixes into compat_do_execve() paths Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [186/289] i915: reprogram power monitoring registers on resume Greg KH
` (100 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit ba84cd1f2b5dd49bda9300c5a11373f7e14c3c66 upstream.
Commit d09c23de intended to add a 30ms delay to give the ADD time to
detect any TVs connected. However, it used the sdvo->is_tv flag to do so
which is dependent upon the previous detection result and not whether the
output supports TVs.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/i915/intel_sdvo.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/i915/intel_sdvo.c
+++ b/drivers/gpu/drm/i915/intel_sdvo.c
@@ -1498,10 +1498,12 @@ intel_sdvo_detect(struct drm_connector *
if (!intel_sdvo_write_cmd(intel_sdvo,
SDVO_CMD_GET_ATTACHED_DISPLAYS, NULL, 0))
return connector_status_unknown;
- if (intel_sdvo->is_tv) {
- /* add 30ms delay when the output type is SDVO-TV */
+
+ /* add 30ms delay when the output type might be TV */
+ if (intel_sdvo->caps.output_flags &
+ (SDVO_OUTPUT_SVID0 | SDVO_OUTPUT_CVBS0))
mdelay(30);
- }
+
if (!intel_sdvo_read_response(intel_sdvo, &response, 2))
return connector_status_unknown;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [186/289] i915: reprogram power monitoring registers on resume
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (185 preceding siblings ...)
2010-12-08 0:59 ` [185/289] drm/i915/sdvo: Always add a 30ms delay to make SDVO TV detection reliable Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [187/289] intel-gtt: fix gtt_total_entries detection Greg KH
` (99 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Kyle McMartin, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Kyle McMartin <kyle@redhat.com>
commit 48fcfc888b48ad49dd83faa107264bbfb0089cad upstream.
Fixes issue where i915_gfx_val was reporting values several
orders of magnitude higher than physically possible (without
leaving scorch marks on my thighs at least.)
Signed-off-by: Kyle McMartin <kyle@redhat.com>
Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpu/drm/i915/i915_suspend.c | 4 +++-
drivers/gpu/drm/i915/intel_drv.h | 1 +
2 files changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/i915/i915_suspend.c
+++ b/drivers/gpu/drm/i915/i915_suspend.c
@@ -862,8 +862,10 @@ int i915_restore_state(struct drm_device
/* Clock gating state */
intel_init_clock_gating(dev);
- if (HAS_PCH_SPLIT(dev))
+ if (HAS_PCH_SPLIT(dev)) {
ironlake_enable_drps(dev);
+ intel_init_emon(dev);
+ }
/* Cache mode state */
I915_WRITE (CACHE_MODE_0, dev_priv->saveCACHE_MODE_0 | 0xffff0000);
--- a/drivers/gpu/drm/i915/intel_drv.h
+++ b/drivers/gpu/drm/i915/intel_drv.h
@@ -250,6 +250,7 @@ extern void intel_crtc_fb_gamma_get(stru
extern void intel_init_clock_gating(struct drm_device *dev);
extern void ironlake_enable_drps(struct drm_device *dev);
extern void ironlake_disable_drps(struct drm_device *dev);
+extern void intel_init_emon(struct drm_device *dev);
extern int intel_pin_and_fence_fb_obj(struct drm_device *dev,
struct drm_gem_object *obj);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [187/289] intel-gtt: fix gtt_total_entries detection
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (186 preceding siblings ...)
2010-12-08 0:59 ` [186/289] i915: reprogram power monitoring registers on resume Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [188/289] sched: fix RCU lockdep splat from task_group() Greg KH
` (98 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Anisse Astier,
Daniel Vetter, Chris Wilson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daniel Vetter <daniel.vetter@ffwll.ch>
commit e5e408fc94595aab897f613b6f4e2f5b36870a6f upstream.
In commit f1befe71 Chris Wilson added some code to clear the full gtt
on g33/pineview instead of just the mappable part. The code looks like
it was copy-pasted from agp/intel-gtt.c, at least an identical piece
of code is still there (in intel_i830_init_gtt_entries). This lead to
a regression in 2.6.35 which was supposedly fixed in commit e7b96f28
Now this commit makes absolutely no sense to me. It seems to be
slightly confused about chipset generations - it references docs for
4th gen but the regression concerns 3rd gen g33. Luckily the the g33
gmch docs are available with the GMCH Graphics Control pci config
register definitions. The other (bigger problem) is that the new
check in there uses the i830 stolen mem bits (.5M, 1M or 8M of stolen
mem). They are different since the i855GM.
The most likely case is that it hits the 512M fallback, which was
probably the right thing for the boxes this was tested on.
So the original approach by Chris Wilson seems to be wrong and the
current code is definitely wrong. There is a third approach by Jesse
Barnes from his RFC patch "Who wants a bigger GTT mapping range?"
where he simply shoves g33 in the same clause like later chipset
generations.
I've asked him and Jesse confirmed that this should work. So implement
it.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=16891$
Tested-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/agp/intel-gtt.c | 63 ++++++++++++++++++-------------------------
1 file changed, 27 insertions(+), 36 deletions(-)
--- a/drivers/char/agp/intel-gtt.c
+++ b/drivers/char/agp/intel-gtt.c
@@ -534,7 +534,7 @@ static void intel_i830_init_gtt_entries(
pci_read_config_word(agp_bridge->dev, I830_GMCH_CTRL, &gmch_ctrl);
- if (IS_I965) {
+ if (IS_G33 || IS_I965) {
u32 pgetbl_ctl;
pgetbl_ctl = readl(intel_private.registers+I810_PGETBL_CTL);
@@ -567,22 +567,6 @@ static void intel_i830_init_gtt_entries(
size = 512;
}
size += 4; /* add in BIOS popup space */
- } else if (IS_G33 && !IS_PINEVIEW) {
- /* G33's GTT size defined in gmch_ctrl */
- switch (gmch_ctrl & G33_PGETBL_SIZE_MASK) {
- case G33_PGETBL_SIZE_1M:
- size = 1024;
- break;
- case G33_PGETBL_SIZE_2M:
- size = 2048;
- break;
- default:
- dev_info(&agp_bridge->dev->dev,
- "unknown page table size 0x%x, assuming 512KB\n",
- (gmch_ctrl & G33_PGETBL_SIZE_MASK));
- size = 512;
- }
- size += 4;
} else if (IS_G4X || IS_PINEVIEW) {
/* On 4 series hardware, GTT stolen is separate from graphics
* stolen, ignore it in stolen gtt entries counting. However,
@@ -1257,24 +1241,31 @@ static int intel_i915_get_gtt_size(void)
int size;
if (IS_G33) {
- u16 gmch_ctrl;
+ u32 pgetbl_ctl;
+ pgetbl_ctl = readl(intel_private.registers+I810_PGETBL_CTL);
- /* G33's GTT size defined in gmch_ctrl */
- pci_read_config_word(agp_bridge->dev, I830_GMCH_CTRL, &gmch_ctrl);
- switch (gmch_ctrl & I830_GMCH_GMS_MASK) {
- case I830_GMCH_GMS_STOLEN_512:
+ switch (pgetbl_ctl & I965_PGETBL_SIZE_MASK) {
+ case I965_PGETBL_SIZE_128KB:
+ size = 128;
+ break;
+ case I965_PGETBL_SIZE_256KB:
+ size = 256;
+ break;
+ case I965_PGETBL_SIZE_512KB:
size = 512;
break;
- case I830_GMCH_GMS_STOLEN_1024:
+ case I965_PGETBL_SIZE_1MB:
size = 1024;
break;
- case I830_GMCH_GMS_STOLEN_8192:
- size = 8*1024;
+ case I965_PGETBL_SIZE_2MB:
+ size = 2048;
+ break;
+ case I965_PGETBL_SIZE_1_5MB:
+ size = 1024 + 512;
break;
default:
- dev_info(&agp_bridge->dev->dev,
- "unknown page table size 0x%x, assuming 512KB\n",
- (gmch_ctrl & I830_GMCH_GMS_MASK));
+ dev_info(&intel_private.pcidev->dev,
+ "unknown page table size, assuming 512KB\n");
size = 512;
}
} else {
@@ -1306,14 +1297,6 @@ static int intel_i915_create_gatt_table(
pci_read_config_dword(intel_private.pcidev, I915_MMADDR, &temp);
pci_read_config_dword(intel_private.pcidev, I915_PTEADDR, &temp2);
- gtt_map_size = intel_i915_get_gtt_size();
-
- intel_private.gtt = ioremap(temp2, gtt_map_size);
- if (!intel_private.gtt)
- return -ENOMEM;
-
- intel_private.gtt_total_size = gtt_map_size / 4;
-
temp &= 0xfff80000;
intel_private.registers = ioremap(temp, 128 * 4096);
@@ -1322,6 +1305,14 @@ static int intel_i915_create_gatt_table(
return -ENOMEM;
}
+ gtt_map_size = intel_i915_get_gtt_size();
+
+ intel_private.gtt = ioremap(temp2, gtt_map_size);
+ if (!intel_private.gtt)
+ return -ENOMEM;
+
+ intel_private.gtt_total_size = gtt_map_size / 4;
+
temp = readl(intel_private.registers+I810_PGETBL_CTL) & 0xfffff000;
global_cache_flush(); /* FIXME: ? */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [188/289] sched: fix RCU lockdep splat from task_group()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (187 preceding siblings ...)
2010-12-08 0:59 ` [187/289] intel-gtt: fix gtt_total_entries detection Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [189/289] libata: fix NULL sdev dereference race in atapi_qc_complete() Greg KH
` (97 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Peter Zijlstra, Paul E. McKenney
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
commit 6506cf6ce68d78a5470a8360c965dafe8e4b78e3 upstream.
This addresses the following RCU lockdep splat:
[0.051203] CPU0: AMD QEMU Virtual CPU version 0.12.4 stepping 03
[0.052999] lockdep: fixing up alternatives.
[0.054105]
[0.054106] ===================================================
[0.054999] [ INFO: suspicious rcu_dereference_check() usage. ]
[0.054999] ---------------------------------------------------
[0.054999] kernel/sched.c:616 invoked rcu_dereference_check() without protection!
[0.054999]
[0.054999] other info that might help us debug this:
[0.054999]
[0.054999]
[0.054999] rcu_scheduler_active = 1, debug_locks = 1
[0.054999] 3 locks held by swapper/1:
[0.054999] #0: (cpu_add_remove_lock){+.+.+.}, at: [<ffffffff814be933>] cpu_up+0x42/0x6a
[0.054999] #1: (cpu_hotplug.lock){+.+.+.}, at: [<ffffffff810400d8>] cpu_hotplug_begin+0x2a/0x51
[0.054999] #2: (&rq->lock){-.-...}, at: [<ffffffff814be2f7>] init_idle+0x2f/0x113
[0.054999]
[0.054999] stack backtrace:
[0.054999] Pid: 1, comm: swapper Not tainted 2.6.35 #1
[0.054999] Call Trace:
[0.054999] [<ffffffff81068054>] lockdep_rcu_dereference+0x9b/0xa3
[0.054999] [<ffffffff810325c3>] task_group+0x7b/0x8a
[0.054999] [<ffffffff810325e5>] set_task_rq+0x13/0x40
[0.054999] [<ffffffff814be39a>] init_idle+0xd2/0x113
[0.054999] [<ffffffff814be78a>] fork_idle+0xb8/0xc7
[0.054999] [<ffffffff81068717>] ? mark_held_locks+0x4d/0x6b
[0.054999] [<ffffffff814bcebd>] do_fork_idle+0x17/0x2b
[0.054999] [<ffffffff814bc89b>] native_cpu_up+0x1c1/0x724
[0.054999] [<ffffffff814bcea6>] ? do_fork_idle+0x0/0x2b
[0.054999] [<ffffffff814be876>] _cpu_up+0xac/0x127
[0.054999] [<ffffffff814be946>] cpu_up+0x55/0x6a
[0.054999] [<ffffffff81ab562a>] kernel_init+0xe1/0x1ff
[0.054999] [<ffffffff81003854>] kernel_thread_helper+0x4/0x10
[0.054999] [<ffffffff814c353c>] ? restore_args+0x0/0x30
[0.054999] [<ffffffff81ab5549>] ? kernel_init+0x0/0x1ff
[0.054999] [<ffffffff81003850>] ? kernel_thread_helper+0x0/0x10
[0.056074] Booting Node 0, Processors #1lockdep: fixing up alternatives.
[0.130045] #2lockdep: fixing up alternatives.
[0.203089] #3 Ok.
[0.275286] Brought up 4 CPUs
[0.276005] Total of 4 processors activated (16017.17 BogoMIPS).
The cgroup_subsys_state structures referenced by idle tasks are never
freed, because the idle tasks should be part of the root cgroup,
which is not removable.
The problem is that while we do in-fact hold rq->lock, the newly spawned
idle thread's cpu is not yet set to the correct cpu so the lockdep check
in task_group():
lockdep_is_held(&task_rq(p)->lock)
will fail.
But this is a chicken and egg problem. Setting the CPU's runqueue requires
that the CPU's runqueue already be set. ;-)
So insert an RCU read-side critical section to avoid the complaint.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
kernel/sched.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -5330,7 +5330,19 @@ void __cpuinit init_idle(struct task_str
idle->se.exec_start = sched_clock();
cpumask_copy(&idle->cpus_allowed, cpumask_of(cpu));
+ /*
+ * We're having a chicken and egg problem, even though we are
+ * holding rq->lock, the cpu isn't yet set to this cpu so the
+ * lockdep check in task_group() will fail.
+ *
+ * Similar case to sched_fork(). / Alternatively we could
+ * use task_rq_lock() here and obtain the other rq->lock.
+ *
+ * Silence PROVE_RCU
+ */
+ rcu_read_lock();
__set_task_cpu(idle, cpu);
+ rcu_read_unlock();
rq->curr = rq->idle = idle;
#if defined(CONFIG_SMP) && defined(__ARCH_WANT_UNLOCKED_CTXSW)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [189/289] libata: fix NULL sdev dereference race in atapi_qc_complete()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (188 preceding siblings ...)
2010-12-08 0:59 ` [188/289] sched: fix RCU lockdep splat from task_group() Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [190/289] PCI: fix size checks for mmap() on /proc/bus/pci files Greg KH
` (96 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Tejun Heo, Jeff Garzik
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 2a5f07b5ec098edc69e05fdd2f35d3fbb1235723 upstream.
SCSI commands may be issued between __scsi_add_device() and dev->sdev
assignment, so it's unsafe for ata_qc_complete() to dereference
dev->sdev->locked without checking whether it's NULL or not. Fix it.
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/ata/libata-scsi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -2577,8 +2577,11 @@ static void atapi_qc_complete(struct ata
*
* If door lock fails, always clear sdev->locked to
* avoid this infinite loop.
+ *
+ * This may happen before SCSI scan is complete. Make
+ * sure qc->dev->sdev isn't NULL before dereferencing.
*/
- if (qc->cdb[0] == ALLOW_MEDIUM_REMOVAL)
+ if (qc->cdb[0] == ALLOW_MEDIUM_REMOVAL && qc->dev->sdev)
qc->dev->sdev->locked = 0;
qc->scsicmd->result = SAM_STAT_CHECK_CONDITION;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [190/289] PCI: fix size checks for mmap() on /proc/bus/pci files
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (189 preceding siblings ...)
2010-12-08 0:59 ` [189/289] libata: fix NULL sdev dereference race in atapi_qc_complete() Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [191/289] PCI: fix offset check for sysfs mmapped files Greg KH
` (95 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Martin Wilck, Jesse Barnes
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Martin Wilck <martin.wilck@ts.fujitsu.com>
commit 3b519e4ea618b6943a82931630872907f9ac2c2b upstream.
The checks for valid mmaps of PCI resources made through /proc/bus/pci files
that were introduced in 9eff02e2042f96fb2aedd02e032eca1c5333d767 have several
problems:
1. mmap() calls on /proc/bus/pci files are made with real file offsets > 0,
whereas under /sys/bus/pci/devices, the start of the resource corresponds
to offset 0. This may lead to false negatives in pci_mmap_fits(), which
implicitly assumes the /sys/bus/pci/devices layout.
2. The loop in proc_bus_pci_mmap doesn't skip empty resouces. This leads
to false positives, because pci_mmap_fits() doesn't treat empty resources
correctly (the calculated size is 1 << (8*sizeof(resource_size_t)-PAGE_SHIFT)
in this case!).
3. If a user maps resources with BAR > 0, pci_mmap_fits will emit bogus
WARNINGS for the first resources that don't fit until the correct one is found.
On many controllers the first 2-4 BARs are used, and the others are empty.
In this case, an mmap attempt will first fail on the non-empty BARs
(including the "right" BAR because of 1.) and emit bogus WARNINGS because
of 3., and finally succeed on the first empty BAR because of 2.
This is certainly not the intended behaviour.
This patch addresses all 3 issues.
Updated with an enum type for the additional parameter for pci_mmap_fits().
Signed-off-by: Martin Wilck <martin.wilck@ts.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/pci/pci-sysfs.c | 22 ++++++++++++++++------
drivers/pci/pci.h | 7 ++++++-
drivers/pci/proc.c | 2 +-
3 files changed, 23 insertions(+), 8 deletions(-)
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -705,17 +705,21 @@ void pci_remove_legacy_files(struct pci_
#ifdef HAVE_PCI_MMAP
-int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma)
+int pci_mmap_fits(struct pci_dev *pdev, int resno, struct vm_area_struct *vma,
+ enum pci_mmap_api mmap_api)
{
- unsigned long nr, start, size;
+ unsigned long nr, start, size, pci_start;
+ if (pci_resource_len(pdev, resno) == 0)
+ return 0;
nr = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
start = vma->vm_pgoff;
size = ((pci_resource_len(pdev, resno) - 1) >> PAGE_SHIFT) + 1;
- if (start < size && size - start >= nr)
+ pci_start = (mmap_api == PCI_MMAP_SYSFS) ?
+ pci_resource_start(pdev, resno) >> PAGE_SHIFT : 0;
+ if (start >= pci_start && start < pci_start + size &&
+ start + nr <= pci_start + size)
return 1;
- WARN(1, "process \"%s\" tried to map 0x%08lx-0x%08lx on %s BAR %d (size 0x%08lx)\n",
- current->comm, start, start+nr, pci_name(pdev), resno, size);
return 0;
}
@@ -745,8 +749,14 @@ pci_mmap_resource(struct kobject *kobj,
if (i >= PCI_ROM_RESOURCE)
return -ENODEV;
- if (!pci_mmap_fits(pdev, i, vma))
+ if (!pci_mmap_fits(pdev, i, vma, PCI_MMAP_SYSFS)) {
+ WARN(1, "process \"%s\" tried to map 0x%08lx bytes "
+ "at page 0x%08lx on %s BAR %d (start 0x%16Lx, size 0x%16Lx)\n",
+ current->comm, vma->vm_end-vma->vm_start, vma->vm_pgoff,
+ pci_name(pdev), i,
+ pci_resource_start(pdev, i), pci_resource_len(pdev, i));
return -EINVAL;
+ }
/* pci_mmap_page_range() expects the same kind of entry as coming
* from /proc/bus/pci/ which is a "user visible" value. If this is
--- a/drivers/pci/pci.h
+++ b/drivers/pci/pci.h
@@ -22,8 +22,13 @@ extern void pci_remove_firmware_label_fi
#endif
extern void pci_cleanup_rom(struct pci_dev *dev);
#ifdef HAVE_PCI_MMAP
+enum pci_mmap_api {
+ PCI_MMAP_SYSFS, /* mmap on /sys/bus/pci/devices/<BDF>/resource<N> */
+ PCI_MMAP_PROCFS /* mmap on /proc/bus/pci/<BDF> */
+};
extern int pci_mmap_fits(struct pci_dev *pdev, int resno,
- struct vm_area_struct *vma);
+ struct vm_area_struct *vmai,
+ enum pci_mmap_api mmap_api);
#endif
int pci_probe_reset_function(struct pci_dev *dev);
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -260,7 +260,7 @@ static int proc_bus_pci_mmap(struct file
/* Make sure the caller is mapping a real resource for this device */
for (i = 0; i < PCI_ROM_RESOURCE; i++) {
- if (pci_mmap_fits(dev, i, vma))
+ if (pci_mmap_fits(dev, i, vma, PCI_MMAP_PROCFS))
break;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [191/289] PCI: fix offset check for sysfs mmapped files
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (190 preceding siblings ...)
2010-12-08 0:59 ` [190/289] PCI: fix size checks for mmap() on /proc/bus/pci files Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [192/289] xhci: Remove excessive printks with shared IRQs Greg KH
` (94 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Martin Wilck,
Darrick J. Wong, Jesse Barnes
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Darrick J. Wong <djwong@us.ibm.com>
commit 8c05cd08a7504b855c265263e84af61aabafa329 upstream.
I just loaded 2.6.37-rc2 on my machines, and I noticed that X no longer starts.
Running an strace of the X server shows that it's doing this:
open("/sys/bus/pci/devices/0000:07:00.0/resource0", O_RDWR) = 10
mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 10, 0) = -1 EINVAL (Invalid argument)
This code seems to be asking for a shared read/write mapping of 16MB worth of
BAR0 starting at file offset 0, and letting the kernel assign a starting
address. Unfortunately, this -EINVAL causes X not to start. Looking into
dmesg, there's a complaint like so:
process "Xorg" tried to map 0x01000000 bytes at page 0x00000000 on 0000:07:00.0 BAR 0 (start 0x 96000000, size 0x 1000000)
...with the following code in pci_mmap_fits:
pci_start = (mmap_api == PCI_MMAP_SYSFS) ?
pci_resource_start(pdev, resno) >> PAGE_SHIFT : 0;
if (start >= pci_start && start < pci_start + size &&
start + nr <= pci_start + size)
It looks like the logic here is set up such that when the mmap call comes via
sysfs, the check in pci_mmap_fits wants vma->vm_pgoff to be between the
resource's start and end address, and the end of the vma to be no farther than
the end. However, the sysfs PCI resource files always start at offset zero,
which means that this test always fails for programs that mmap the sysfs files.
Given the comment in the original commit
3b519e4ea618b6943a82931630872907f9ac2c2b, I _think_ the old procfs files
require that the file offset be equal to the resource's base address when
mmapping.
I think what we want here is for pci_start to be 0 when mmap_api ==
PCI_MMAP_PROCFS. The following patch makes that change, after which the Matrox
and Mach64 X drivers work again.
Acked-by: Martin Wilck <martin.wilck@ts.fujitsu.com>
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/pci/pci-sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -715,7 +715,7 @@ int pci_mmap_fits(struct pci_dev *pdev,
nr = (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
start = vma->vm_pgoff;
size = ((pci_resource_len(pdev, resno) - 1) >> PAGE_SHIFT) + 1;
- pci_start = (mmap_api == PCI_MMAP_SYSFS) ?
+ pci_start = (mmap_api == PCI_MMAP_PROCFS) ?
pci_resource_start(pdev, resno) >> PAGE_SHIFT : 0;
if (start >= pci_start && start < pci_start + size &&
start + nr <= pci_start + size)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [192/289] xhci: Remove excessive printks with shared IRQs.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (191 preceding siblings ...)
2010-12-08 0:59 ` [191/289] PCI: fix offset check for sysfs mmapped files Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [193/289] xHCI: fix wMaxPacketSize mask Greg KH
` (93 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Sarah Sharp
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Sarah Sharp <sarah.a.sharp@linux.intel.com>
commit 241b652f1995de138106afd2f2e4eda9f8a3c240 upstream.
If the xHCI host controller shares an interrupt line with another device,
the xHCI driver needs to check if the interrupt was generated by its
hardware. Unfortunately, the user will see a ton of "Spurious interrupt."
lines if the other hardware interrupts often. Lawrence found his dmesg
output cluttered with this output when the xHCI host shared an interrupt
with his i915 hardware.
Remove the warning, as sharing an interrupt is a normal thing.
This should be applied to the 2.6.36 stable tree.
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Reported-by: Lawrence Rust <lvr@softsystem.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/xhci-ring.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -2028,7 +2028,6 @@ irqreturn_t xhci_irq(struct usb_hcd *hcd
if (!(status & STS_EINT)) {
spin_unlock(&xhci->lock);
- xhci_warn(xhci, "Spurious interrupt.\n");
return IRQ_NONE;
}
xhci_dbg(xhci, "op reg status = %08x\n", status);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [193/289] xHCI: fix wMaxPacketSize mask
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (192 preceding siblings ...)
2010-12-08 0:59 ` [192/289] xhci: Remove excessive printks with shared IRQs Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [194/289] xhci: Fix reset-device and configure-endpoint commands Greg KH
` (92 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Andiry Xu, Sarah Sharp
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Andiry Xu <andiry.xu@amd.com>
commit dc07c91b9b4067022210e68d914a6890a4d70622 upstream.
USB2.0 spec 9.6.6 says: For all endpoints, bit 10..0 specify the maximum
packet size(in bytes).
So the wMaxPacketSize mask should be 0x7ff rather than 0x3ff.
This patch should be queued for the stable tree. The bug in
xhci_endpoint_init() was present as far back as 2.6.31, and the bug in
xhci_get_max_esit_payload() was present when the function was introduced
in 2.6.34.
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Andiry Xu <andiry.xu@amd.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/xhci-mem.c | 4 ++--
drivers/usb/host/xhci.h | 5 +++++
2 files changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -1043,7 +1043,7 @@ static inline u32 xhci_get_max_esit_payl
if (udev->speed == USB_SPEED_SUPER)
return ep->ss_ep_comp.wBytesPerInterval;
- max_packet = ep->desc.wMaxPacketSize & 0x3ff;
+ max_packet = GET_MAX_PACKET(ep->desc.wMaxPacketSize);
max_burst = (ep->desc.wMaxPacketSize & 0x1800) >> 11;
/* A 0 in max burst means 1 transfer per ESIT */
return max_packet * (max_burst + 1);
@@ -1133,7 +1133,7 @@ int xhci_endpoint_init(struct xhci_hcd *
/* Fall through */
case USB_SPEED_FULL:
case USB_SPEED_LOW:
- max_packet = ep->desc.wMaxPacketSize & 0x3ff;
+ max_packet = GET_MAX_PACKET(ep->desc.wMaxPacketSize);
ep_ctx->ep_info2 |= MAX_PACKET(max_packet);
break;
default:
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -614,6 +614,11 @@ struct xhci_ep_ctx {
#define MAX_PACKET_MASK (0xffff << 16)
#define MAX_PACKET_DECODED(p) (((p) >> 16) & 0xffff)
+/* Get max packet size from ep desc. Bit 10..0 specify the max packet size.
+ * USB2.0 spec 9.6.6.
+ */
+#define GET_MAX_PACKET(p) ((p) & 0x7ff)
+
/* tx_info bitmasks */
#define AVG_TRB_LENGTH_FOR_EP(p) ((p) & 0xffff)
#define MAX_ESIT_PAYLOAD_FOR_EP(p) (((p) & 0xffff) << 16)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [194/289] xhci: Fix reset-device and configure-endpoint commands
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (193 preceding siblings ...)
2010-12-08 0:59 ` [193/289] xHCI: fix wMaxPacketSize mask Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [195/289] xhci: Setup array of USB 2.0 and USB 3.0 ports Greg KH
` (91 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Paul Zimmerman, Sarah Sharp
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Paul Zimmerman <Paul.Zimmerman@synopsys.com>
commit 7a3783efffc7bc2e702d774e47fad5b8e37e9ad1 upstream.
We have been having problems with the USB-IF Gold Tree tests when plugging
and unplugging devices from the tree. I have seen that the reset-device
and configure-endpoint commands, which are invoked from
xhci_discover_or_reset_device() and xhci_configure_endpoint(), will sometimes
time out.
After much debugging, I determined that the commands themselves do not actually
time out, but rather their completion events do not get delivered to the right
place.
This happens when the command ring has just wrapped around, and it's enqueue
pointer is left pointing to the link TRB. xhci_discover_or_reset_device() and
xhci_configure_endpoint() use the enqueue pointer directly as their command
TRB pointer, without checking whether it's pointing to the link TRB.
When the completion event arrives, if the command TRB is pointing to the link
TRB, the check against the command ring dequeue pointer in
handle_cmd_in_cmd_wait_list() fails, so the completion inside the command does
not get signaled.
The patch below fixes the timeout problem for me.
This should be queued for the 2.6.35 and 2.6.36 stable trees.
Signed-off-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/xhci.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1284,6 +1284,15 @@ static int xhci_configure_endpoint(struc
cmd_completion = command->completion;
cmd_status = &command->status;
command->command_trb = xhci->cmd_ring->enqueue;
+
+ /* Enqueue pointer can be left pointing to the link TRB,
+ * we must handle that
+ */
+ if ((command->command_trb->link.control & TRB_TYPE_BITMASK)
+ == TRB_TYPE(TRB_LINK))
+ command->command_trb =
+ xhci->cmd_ring->enq_seg->next->trbs;
+
list_add_tail(&command->cmd_list, &virt_dev->cmd_list);
} else {
in_ctx = virt_dev->in_ctx;
@@ -1993,6 +2002,15 @@ int xhci_reset_device(struct usb_hcd *hc
/* Attempt to submit the Reset Device command to the command ring */
spin_lock_irqsave(&xhci->lock, flags);
reset_device_cmd->command_trb = xhci->cmd_ring->enqueue;
+
+ /* Enqueue pointer can be left pointing to the link TRB,
+ * we must handle that
+ */
+ if ((reset_device_cmd->command_trb->link.control & TRB_TYPE_BITMASK)
+ == TRB_TYPE(TRB_LINK))
+ reset_device_cmd->command_trb =
+ xhci->cmd_ring->enq_seg->next->trbs;
+
list_add_tail(&reset_device_cmd->cmd_list, &virt_dev->cmd_list);
ret = xhci_queue_reset_device(xhci, slot_id);
if (ret) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [195/289] xhci: Setup array of USB 2.0 and USB 3.0 ports.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (194 preceding siblings ...)
2010-12-08 0:59 ` [194/289] xhci: Fix reset-device and configure-endpoint commands Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [196/289] xhci: Dont let the USB core disable SuperSpeed ports Greg KH
` (90 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Sarah Sharp
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 8556 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Sarah Sharp <sarah.a.sharp@linux.intel.com>
commit da6699ce4a889c3795624ccdcfe7181cc89f18e8 upstream.
An xHCI host controller contains USB 2.0 and USB 3.0 ports, which can
occur in any order in the PORTSC registers. We cannot read the port speed
bits in the PORTSC registers at init time to determine the port speed,
since those bits are only valid when a USB device is plugged into the
port.
Instead, we read the "Supported Protocol Capability" registers in the xHC
Extended Capabilities space. Those describe the protocol, port offset in
the PORTSC registers, and port count. We use those registers to create
two arrays of pointers to the PORTSC registers, one for USB 3.0 ports, and
another for USB 2.0 ports. A third array keeps track of the port protocol
major revision, and is indexed with the internal xHCI port number.
This commit is a bit big, but it should be queued for stable because the "Don't
let the USB core disable SuperSpeed ports" patch depends on it. There is no
other way to determine which ports are SuperSpeed ports without this patch.
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Tested-by: Don Zickus <dzickus@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/xhci-mem.c | 164 ++++++++++++++++++++++++++++++++++++++++++++
drivers/usb/host/xhci.h | 27 +++++++
2 files changed, 191 insertions(+)
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -1441,6 +1441,13 @@ void xhci_mem_cleanup(struct xhci_hcd *x
xhci->dcbaa = NULL;
scratchpad_free(xhci);
+
+ xhci->num_usb2_ports = 0;
+ xhci->num_usb3_ports = 0;
+ kfree(xhci->usb2_ports);
+ kfree(xhci->usb3_ports);
+ kfree(xhci->port_array);
+
xhci->page_size = 0;
xhci->page_shift = 0;
}
@@ -1624,6 +1631,161 @@ static void xhci_set_hc_event_deq(struct
&xhci->ir_set->erst_dequeue);
}
+static void xhci_add_in_port(struct xhci_hcd *xhci, unsigned int num_ports,
+ u32 __iomem *addr, u8 major_revision)
+{
+ u32 temp, port_offset, port_count;
+ int i;
+
+ if (major_revision > 0x03) {
+ xhci_warn(xhci, "Ignoring unknown port speed, "
+ "Ext Cap %p, revision = 0x%x\n",
+ addr, major_revision);
+ /* Ignoring port protocol we can't understand. FIXME */
+ return;
+ }
+
+ /* Port offset and count in the third dword, see section 7.2 */
+ temp = xhci_readl(xhci, addr + 2);
+ port_offset = XHCI_EXT_PORT_OFF(temp);
+ port_count = XHCI_EXT_PORT_COUNT(temp);
+ xhci_dbg(xhci, "Ext Cap %p, port offset = %u, "
+ "count = %u, revision = 0x%x\n",
+ addr, port_offset, port_count, major_revision);
+ /* Port count includes the current port offset */
+ if (port_offset == 0 || (port_offset + port_count - 1) > num_ports)
+ /* WTF? "Valid values are ‘1’ to MaxPorts" */
+ return;
+ port_offset--;
+ for (i = port_offset; i < (port_offset + port_count); i++) {
+ /* Duplicate entry. Ignore the port if the revisions differ. */
+ if (xhci->port_array[i] != 0) {
+ xhci_warn(xhci, "Duplicate port entry, Ext Cap %p,"
+ " port %u\n", addr, i);
+ xhci_warn(xhci, "Port was marked as USB %u, "
+ "duplicated as USB %u\n",
+ xhci->port_array[i], major_revision);
+ /* Only adjust the roothub port counts if we haven't
+ * found a similar duplicate.
+ */
+ if (xhci->port_array[i] != major_revision &&
+ xhci->port_array[i] != (u8) -1) {
+ if (xhci->port_array[i] == 0x03)
+ xhci->num_usb3_ports--;
+ else
+ xhci->num_usb2_ports--;
+ xhci->port_array[i] = (u8) -1;
+ }
+ /* FIXME: Should we disable the port? */
+ }
+ xhci->port_array[i] = major_revision;
+ if (major_revision == 0x03)
+ xhci->num_usb3_ports++;
+ else
+ xhci->num_usb2_ports++;
+ }
+ /* FIXME: Should we disable ports not in the Extended Capabilities? */
+}
+
+/*
+ * Scan the Extended Capabilities for the "Supported Protocol Capabilities" that
+ * specify what speeds each port is supposed to be. We can't count on the port
+ * speed bits in the PORTSC register being correct until a device is connected,
+ * but we need to set up the two fake roothubs with the correct number of USB
+ * 3.0 and USB 2.0 ports at host controller initialization time.
+ */
+static int xhci_setup_port_arrays(struct xhci_hcd *xhci, gfp_t flags)
+{
+ u32 __iomem *addr;
+ u32 offset;
+ unsigned int num_ports;
+ int i, port_index;
+
+ addr = &xhci->cap_regs->hcc_params;
+ offset = XHCI_HCC_EXT_CAPS(xhci_readl(xhci, addr));
+ if (offset == 0) {
+ xhci_err(xhci, "No Extended Capability registers, "
+ "unable to set up roothub.\n");
+ return -ENODEV;
+ }
+
+ num_ports = HCS_MAX_PORTS(xhci->hcs_params1);
+ xhci->port_array = kzalloc(sizeof(*xhci->port_array)*num_ports, flags);
+ if (!xhci->port_array)
+ return -ENOMEM;
+
+ /*
+ * For whatever reason, the first capability offset is from the
+ * capability register base, not from the HCCPARAMS register.
+ * See section 5.3.6 for offset calculation.
+ */
+ addr = &xhci->cap_regs->hc_capbase + offset;
+ while (1) {
+ u32 cap_id;
+
+ cap_id = xhci_readl(xhci, addr);
+ if (XHCI_EXT_CAPS_ID(cap_id) == XHCI_EXT_CAPS_PROTOCOL)
+ xhci_add_in_port(xhci, num_ports, addr,
+ (u8) XHCI_EXT_PORT_MAJOR(cap_id));
+ offset = XHCI_EXT_CAPS_NEXT(cap_id);
+ if (!offset || (xhci->num_usb2_ports + xhci->num_usb3_ports)
+ == num_ports)
+ break;
+ /*
+ * Once you're into the Extended Capabilities, the offset is
+ * always relative to the register holding the offset.
+ */
+ addr += offset;
+ }
+
+ if (xhci->num_usb2_ports == 0 && xhci->num_usb3_ports == 0) {
+ xhci_warn(xhci, "No ports on the roothubs?\n");
+ return -ENODEV;
+ }
+ xhci_dbg(xhci, "Found %u USB 2.0 ports and %u USB 3.0 ports.\n",
+ xhci->num_usb2_ports, xhci->num_usb3_ports);
+ /*
+ * Note we could have all USB 3.0 ports, or all USB 2.0 ports.
+ * Not sure how the USB core will handle a hub with no ports...
+ */
+ if (xhci->num_usb2_ports) {
+ xhci->usb2_ports = kmalloc(sizeof(*xhci->usb2_ports)*
+ xhci->num_usb2_ports, flags);
+ if (!xhci->usb2_ports)
+ return -ENOMEM;
+
+ port_index = 0;
+ for (i = 0; i < num_ports; i++)
+ if (xhci->port_array[i] != 0x03) {
+ xhci->usb2_ports[port_index] =
+ &xhci->op_regs->port_status_base +
+ NUM_PORT_REGS*i;
+ xhci_dbg(xhci, "USB 2.0 port at index %u, "
+ "addr = %p\n", i,
+ xhci->usb2_ports[port_index]);
+ port_index++;
+ }
+ }
+ if (xhci->num_usb3_ports) {
+ xhci->usb3_ports = kmalloc(sizeof(*xhci->usb3_ports)*
+ xhci->num_usb3_ports, flags);
+ if (!xhci->usb3_ports)
+ return -ENOMEM;
+
+ port_index = 0;
+ for (i = 0; i < num_ports; i++)
+ if (xhci->port_array[i] == 0x03) {
+ xhci->usb3_ports[port_index] =
+ &xhci->op_regs->port_status_base +
+ NUM_PORT_REGS*i;
+ xhci_dbg(xhci, "USB 3.0 port at index %u, "
+ "addr = %p\n", i,
+ xhci->usb3_ports[port_index]);
+ port_index++;
+ }
+ }
+ return 0;
+}
int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags)
{
@@ -1804,6 +1966,8 @@ int xhci_mem_init(struct xhci_hcd *xhci,
if (scratchpad_alloc(xhci, flags))
goto fail;
+ if (xhci_setup_port_arrays(xhci, flags))
+ goto fail;
return 0;
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -448,6 +448,24 @@ struct xhci_doorbell_array {
/**
+ * struct xhci_protocol_caps
+ * @revision: major revision, minor revision, capability ID,
+ * and next capability pointer.
+ * @name_string: Four ASCII characters to say which spec this xHC
+ * follows, typically "USB ".
+ * @port_info: Port offset, count, and protocol-defined information.
+ */
+struct xhci_protocol_caps {
+ u32 revision;
+ u32 name_string;
+ u32 port_info;
+};
+
+#define XHCI_EXT_PORT_MAJOR(x) (((x) >> 24) & 0xff)
+#define XHCI_EXT_PORT_OFF(x) ((x) & 0xff)
+#define XHCI_EXT_PORT_COUNT(x) (((x) >> 8) & 0xff)
+
+/**
* struct xhci_container_ctx
* @type: Type of context. Used to calculated offsets to contained contexts.
* @size: Size of the context data
@@ -1204,6 +1222,15 @@ struct xhci_hcd {
#define XHCI_LINK_TRB_QUIRK (1 << 0)
#define XHCI_RESET_EP_QUIRK (1 << 1)
#define XHCI_NEC_HOST (1 << 2)
+
+ /* Is each xHCI roothub port a USB 3.0, USB 2.0, or USB 1.1 port? */
+ u8 *port_array;
+ /* Array of pointers to USB 3.0 PORTSC registers */
+ u32 __iomem **usb3_ports;
+ unsigned int num_usb3_ports;
+ /* Array of pointers to USB 2.0 PORTSC registers */
+ u32 __iomem **usb2_ports;
+ unsigned int num_usb2_ports;
};
/* For testing purposes */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [196/289] xhci: Dont let the USB core disable SuperSpeed ports.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (195 preceding siblings ...)
2010-12-08 0:59 ` [195/289] xhci: Setup array of USB 2.0 and USB 3.0 ports Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [197/289] USB: gadget: AT91: fix typo in atmel_usba_udc driver Greg KH
` (89 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Sarah Sharp
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Sarah Sharp <sarah.a.sharp@linux.intel.com>
commit 6dd0a3a7e0793dbeae1b951f091025d8cf896cb4 upstream.
Disabling SuperSpeed ports is a Very Bad Thing (TM). It disables
SuperSpeed terminations, which means that devices will never connect at
SuperSpeed on that port. For USB 2.0/1.1 ports, disabling the port meant
that the USB core could always get a connect status change later. That's
not true with USB 3.0 ports.
Do not let the USB core disable SuperSpeed ports. We can't rely on the
device speed in the port status registers, since that isn't valid until
there's a USB device connected to the port. Instead, we use the port
speed array that's created from the Extended Capabilities registers.
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Tested-by: Don Zickus <dzickus@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/xhci-hub.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -132,6 +132,13 @@ static u32 xhci_port_state_to_neutral(u3
static void xhci_disable_port(struct xhci_hcd *xhci, u16 wIndex,
u32 __iomem *addr, u32 port_status)
{
+ /* Don't allow the USB core to disable SuperSpeed ports. */
+ if (xhci->port_array[wIndex] == 0x03) {
+ xhci_dbg(xhci, "Ignoring request to disable "
+ "SuperSpeed port.\n");
+ return;
+ }
+
/* Write 1 to disable the port */
xhci_writel(xhci, port_status | PORT_PE, addr);
port_status = xhci_readl(xhci, addr);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [197/289] USB: gadget: AT91: fix typo in atmel_usba_udc driver
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (196 preceding siblings ...)
2010-12-08 0:59 ` [196/289] xhci: Dont let the USB core disable SuperSpeed ports Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [198/289] usb: musb: fix kernel oops when loading musb_hdrc module for the 2nd time Greg KH
` (88 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Josh Wu, Jiri Kosina
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Josh Wu <josh.wu@atmel.com>
commit b48809518631880207796b4aab0fc39c2f036754 upstream.
compile fix for bug introduced by 969affff547027)
Signed-off-by: Josh Wu <josh.wu@atmel.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/gadget/atmel_usba_udc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/gadget/atmel_usba_udc.c
+++ b/drivers/usb/gadget/atmel_usba_udc.c
@@ -2016,7 +2016,7 @@ static int __init usba_udc_probe(struct
}
} else {
/* gpio_request fail so use -EINVAL for gpio_is_valid */
- ubc->vbus_pin = -EINVAL;
+ udc->vbus_pin = -EINVAL;
}
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [198/289] usb: musb: fix kernel oops when loading musb_hdrc module for the 2nd time
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (197 preceding siblings ...)
2010-12-08 0:59 ` [197/289] USB: gadget: AT91: fix typo in atmel_usba_udc driver Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [199/289] USB: ftdi_sio: add device IDs for Milkymist One JTAG/serial Greg KH
` (87 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ajay Kumar Gupta,
Sergei Shtylyov, Anand Gadiyar, Ming Lei, Felipe Balbi
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ming Lei <tom.leiming@gmail.com>
commit b212091474a5f967979e62c5c24687ee4d0342d9 upstream.
musb driver still may write MUSB_DEVCTL register after clock is disabled
in musb_platform_exit, which may cause the kernel oops[1] when musb_hdrc
module is loaded for the 2nd time.
The patch fixes the kernel oops in this case.
[1] kernel oops when loading musb_hdrc module for the 2nd time
[ 93.380279] musb_hdrc: version 6.0, musb-dma, otg (peripheral+host), debug=5
[ 93.387847] bus: 'platform': add driver musb_hdrc
[ 93.388153] bus: 'platform': driver_probe_device: matched device musb_hdrc with driver musb_hdrc
[ 93.388183] bus: 'platform': really_probe: probing driver musb_hdrc with device musb_hdrc
[ 93.405090] HS USB OTG: revision 0x33, sysconfig 0x2010, sysstatus 0x1, intrfsel 0x1, simenable 0x0
[ 93.405364] musb_hdrc: ConfigData=0xde (UTMI-8, dyn FIFOs, bulk combine, bulk split, HB-ISO Rx, HB-ISO Tx, SoftConn)
[ 93.405395] musb_hdrc: MHDRC RTL version 1.400
[ 93.405426] musb_hdrc: setup fifo_mode 3
[ 93.405456] musb_hdrc: 7/31 max ep, 3648/16384 memory
[ 93.405487] musb_core_init 1524: musb_hdrc: hw_ep 0shared, max 64
[ 93.405487] musb_core_init 1524: musb_hdrc: hw_ep 1tx, doublebuffer, max 512
[ 93.405517] musb_core_init 1533: musb_hdrc: hw_ep 1rx, doublebuffer, max 512
[ 93.405548] musb_core_init 1524: musb_hdrc: hw_ep 2tx, max 512
[ 93.405578] musb_core_init 1533: musb_hdrc: hw_ep 2rx, max 512
[ 93.405578] musb_core_init 1524: musb_hdrc: hw_ep 3shared, max 256
[ 93.405609] musb_core_init 1524: musb_hdrc: hw_ep 4shared, max 256
[ 93.405853] musb_platform_try_idle 133: b_idle inactive, for idle timer for 7 ms
[ 93.405944] device: 'gadget': device_add
[ 93.406921] PM: Adding info for No Bus:gadget
[ 93.406951] musb_init_controller 2136: OTG mode, status 0, dev80
[ 93.407379] musb_do_idle 51: musb_do_idle: state=1
[ 93.408233] musb_hdrc musb_hdrc: USB OTG mode controller at fa0ab000 using DMA, IRQ 92
[ 93.416656] driver: 'musb_hdrc': driver_bound: bound to device 'musb_hdrc'
[ 93.416687] bus: 'platform': really_probe: bound device musb_hdrc to driver musb_hdrc
[ 124.486938] bus: 'platform': remove driver musb_hdrc
[ 124.490509] twl4030_usb twl4030_usb: twl4030_phy_suspend
[ 124.491424] device: 'gadget': device_unregister
[ 124.491424] PM: Removing info for No Bus:gadget
[ 124.495269] gadget: musb_gadget_release
[ 124.498992] driver: 'musb_hdrc': driver_release
[ 129.569366] musb_hdrc: version 6.0, musb-dma, otg (peripheral+host), debug=5
[ 129.576934] bus: 'platform': add driver musb_hdrc
[ 129.577209] bus: 'platform': driver_probe_device: matched device musb_hdrc with driver musb_hdrc
[ 129.577239] bus: 'platform': really_probe: probing driver musb_hdrc with device musb_hdrc
[ 129.592651] twl4030_usb twl4030_usb: twl4030_phy_resume
[ 129.592681] Unhandled fault: external abort on non-linefetch (0x1028) at 0xfa0ab404
[ 129.600830] Internal error: : 1028 [#1]
[ 129.604858] last sysfs file: /sys/devices/platform/i2c_omap.3/i2c-3/i2c-dev/i2c-3/dev
[ 129.613067] Modules linked in: musb_hdrc(+) [last unloaded: musb_hdrc]
[ 129.619964] CPU: 0 Not tainted (2.6.36-next-20101021+ #372)
[ 129.626281] PC is at musb_platform_init+0xb0/0x1c8 [musb_hdrc]
[ 129.632415] LR is at mark_held_locks+0x64/0x94
[ 129.637084] pc : [<bf032198>] lr : [<c00ad7c4>] psr: 20000013
[ 129.637084] sp : c6d5fcb0 ip : c6d5fc38 fp : c6d5fcd4
[ 129.649139] r10: c6e72180 r9 : fa0ab000 r8 : c05612e8
[ 129.654602] r7 : 0000005c r6 : c0559cc8 r5 : c6e72180 r4 : c0561548
[ 129.661468] r3 : 04d60047 r2 : fa0ab000 r1 : c07169d8 r0 : 00000000
[ 129.668304] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 129.675811] Control: 10c5387d Table: 86e4c019 DAC: 00000015
[ 129.681823] Process insmod (pid: 554, stack limit = 0xc6d5e2f0)
[ 129.688049] Stack: (0xc6d5fcb0 to 0xc6d60000)
[ 129.692626] fca0: fa0ab000 c0555c54 c6d5fcd4 c0561548
[ 129.701202] fcc0: 00000003 c05612e0 c6d5fe04 c6d5fcd8 bf03140c bf0320f4 c6d5fd9c c6d5fce8
[ 129.709808] fce0: c015cb94 c041448c c06d9d10 ffffffff c6d5fd14 c6d5fd00 c00adbec c6d5fd40
[ 129.718383] fd00: c015d478 c6d5fdb0 c6d5fd24 c00a9d18 c6d5e000 60000013 bf02a4ac c05612bc
[ 129.726989] fd20: c0414fb4 c00a9cf0 c6d5fd54 c6d5fd38 c015bbdc c0244280 c6e8b7b0 c7929330
[ 129.735565] fd40: c6d5fdb0 c6d5fdb0 c6d5fd7c c6e7227c c015c010 c015bb90 c015c2ac c6d5fdb0
[ 129.744171] fd60: c7929330 c6d5fdb0 c7929330 c6e8b7b0 c6d5fd9c 00000000 c7929330 c6e8b7b0
[ 129.752746] fd80: c6d5fdb0 00000000 00000001 00000000 c6d5fde4 c6d5fda0 c015d478 c015cb74
[ 129.761322] fda0: c056138c 00000000 c6d5fdcc c6d5fdb8 c7929330 00000000 c056138c c05612e8
[ 129.769927] fdc0: 00000000 c05612f0 c0c5d62c c06f6e00 c73217c0 00000000 c6d5fdf4 c05612e8
[ 129.778503] fde0: c05612e8 bf02a2e4 c0c5d62c c06f6e00 c73217c0 00000000 c6d5fe14 c6d5fe08
[ 129.787109] fe00: c029a398 bf0311c8 c6d5fe4c c6d5fe18 c0299120 c029a384 c7919140 22222222
[ 129.795684] fe20: c6d5fe4c c05612e8 c056131c bf02a2e4 c0299278 c06f6e00 c73217c0 00000000
[ 129.804290] fe40: c6d5fe6c c6d5fe50 c0299314 c0299020 00000000 c6d5fe70 bf02a2e4 c0299278
[ 129.812866] fe60: c6d5fe94 c6d5fe70 c02987d4 c0299284 c7825060 c78c6618 00000000 bf02a2e4
[ 129.821441] fe80: c06e4c98 00000000 c6d5fea4 c6d5fe98 c0298ea4 c0298778 c6d5fedc c6d5fea8
[ 129.830047] fea0: c0297f84 c0298e8c bf02716c 000b9008 bf02a2e4 bf02a2d0 000b9008 bf02a2e4
[ 129.838623] fec0: 00000000 c06f6e00 bf031000 00000000 c6d5fefc c6d5fee0 c0299614 c0297ec0
[ 129.847229] fee0: bf02a2d0 000b9008 bf02a388 00000000 c6d5ff0c c6d5ff00 c029a868 c02995a8
[ 129.855804] ff00: c6d5ff24 c6d5ff10 c029a88c c029a818 0010281c 000b9008 c6d5ff34 c6d5ff28
[ 129.864410] ff20: bf03104c c029a878 c6d5ff7c c6d5ff38 c00463dc bf03100c 00000000 00000000
[ 129.872985] ff40: 00000000 0010281c 000b9008 bf02a388 00000000 0010281c 000b9008 bf02a388
[ 129.881591] ff60: 00000000 c00521c8 c6d5e000 00000000 c6d5ffa4 c6d5ff80 c00bb9b8 c00463ac
[ 129.890167] ff80: c00adc88 c00ada68 00097e8e bebbfcf4 0010281c 00000080 00000000 c6d5ffa8
[ 129.898742] ffa0: c0052000 c00bb908 00097e8e bebbfcf4 402c9008 0010281c 000b9008 bebbfe5a
[ 129.907348] ffc0: 00097e8e bebbfcf4 0010281c 00000080 00000014 bebbfcf4 bebbfe06 0000005b
[ 129.915924] ffe0: bebbf9a0 bebbf990 0001a108 40263ec0 60000010 402c9008 011b0000 0000007c
[ 129.924499] Backtrace:
[ 129.927185] [<bf0320e8>] (musb_platform_init+0x0/0x1c8 [musb_hdrc]) from [<bf03140c>] (musb_probe+0x250/0xf2c [musb_hdrc])
[ 129.938781] r6:c05612e0 r5:00000003 r4:c0561548
[ 129.943695] [<bf0311bc>] (musb_probe+0x0/0xf2c [musb_hdrc]) from [<c029a398>] (platform_drv_probe+0x20/0x24)
[ 129.954040] [<c029a378>] (platform_drv_probe+0x0/0x24) from [<c0299120>] (driver_probe_device+0x10c/0x264)
[ 129.964172] [<c0299014>] (driver_probe_device+0x0/0x264) from [<c0299314>] (__driver_attach+0x9c/0xa0)
[ 129.973968] [<c0299278>] (__driver_attach+0x0/0xa0) from [<c02987d4>] (bus_for_each_dev+0x68/0x94)
[ 129.983367] r7:c0299278 r6:bf02a2e4 r5:c6d5fe70 r4:00000000
[ 129.989349] [<c029876c>] (bus_for_each_dev+0x0/0x94) from [<c0298ea4>] (driver_attach+0x24/0x28)
[ 129.998565] r7:00000000 r6:c06e4c98 r5:bf02a2e4 r4:00000000
[ 130.004547] [<c0298e80>] (driver_attach+0x0/0x28) from [<c0297f84>] (bus_add_driver+0xd0/0x274)
[ 130.013671] [<c0297eb4>] (bus_add_driver+0x0/0x274) from [<c0299614>] (driver_register+0x78/0x158)
[ 130.023101] [<c029959c>] (driver_register+0x0/0x158) from [<c029a868>] (platform_driver_register+0x5c/0x60)
[ 130.033325] r7:00000000 r6:bf02a388 r5:000b9008 r4:bf02a2d0
[ 130.039276] [<c029a80c>] (platform_driver_register+0x0/0x60) from [<c029a88c>] (platform_driver_probe+0x20/0xa8)
[ 130.050018] [<c029a86c>] (platform_driver_probe+0x0/0xa8) from [<bf03104c>] (musb_init+0x4c/0x54 [musb_hdrc])
[ 130.060424] r5:000b9008 r4:0010281c
[ 130.064239] [<bf031000>] (musb_init+0x0/0x54 [musb_hdrc]) from [<c00463dc>] (do_one_initcall+0x3c/0x1c0)
[ 130.074218] [<c00463a0>] (do_one_initcall+0x0/0x1c0) from [<c00bb9b8>] (sys_init_module+0xbc/0x1d0)
[ 130.083709] [<c00bb8fc>] (sys_init_module+0x0/0x1d0) from [<c0052000>] (ret_fast_syscall+0x0/0x3c)
[ 130.093109] r7:00000080 r6:0010281c r5:bebbfcf4 r4:00097e8e
[ 130.099090] Code: 0a000046 e3a01001 e12fff33 e59520e4 (e5923404)
[ 130.105621] ---[ end trace 1d0bd69deb79164d ]---
Cc: Ajay Kumar Gupta <ajay.gupta@ti.com>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Cc: Anand Gadiyar <gadiyar@ti.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/musb/musb_core.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/usb/musb/musb_core.c
+++ b/drivers/usb/musb/musb_core.c
@@ -2243,7 +2243,6 @@ static int __exit musb_remove(struct pla
#endif
musb_writeb(musb->mregs, MUSB_DEVCTL, 0);
musb_platform_exit(musb);
- musb_writeb(musb->mregs, MUSB_DEVCTL, 0);
musb_free(musb);
iounmap(ctrl_base);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [199/289] USB: ftdi_sio: add device IDs for Milkymist One JTAG/serial
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (198 preceding siblings ...)
2010-12-08 0:59 ` [198/289] usb: musb: fix kernel oops when loading musb_hdrc module for the 2nd time Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [200/289] USB: option: fix when the driver is loaded incorrectly for some Huawei devices Greg KH
` (86 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Sebastien Bourdeauducq
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Sebastien Bourdeauducq <sebastien@milkymist.org>
commit 7fea0f714ffb3f303d4b66933af2df2f5584c9bf upstream.
Add the USB IDs for the Milkymist One FTDI-based JTAG/serial adapter
(http://projects.qi-hardware.com/index.php/p/mmone-jtag-serial-cable/)
to the ftdi_sio driver and disable the first serial channel (used as
JTAG from userspace).
Signed-off-by: Sebastien Bourdeauducq <sebastien@milkymist.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/serial/ftdi_sio.c | 2 ++
drivers/usb/serial/ftdi_sio_ids.h | 7 +++++++
2 files changed, 9 insertions(+)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -794,6 +794,8 @@ static struct usb_device_id id_table_com
{ USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LOGBOOKML_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) },
+ { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID),
+ .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
{ }, /* Optional parameter entry */
{ } /* Terminating entry */
};
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -1100,3 +1100,10 @@
#define FTDI_SCIENCESCOPE_LOGBOOKML_PID 0xFF18
#define FTDI_SCIENCESCOPE_LS_LOGBOOK_PID 0xFF1C
#define FTDI_SCIENCESCOPE_HS_LOGBOOK_PID 0xFF1D
+
+/*
+ * Milkymist One JTAG/Serial
+ */
+#define QIHARDWARE_VID 0x20B7
+#define MILKYMISTONE_JTAGSERIAL_PID 0x0713
+
^ permalink raw reply [flat|nested] 288+ messages in thread
* [200/289] USB: option: fix when the driver is loaded incorrectly for some Huawei devices.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (199 preceding siblings ...)
2010-12-08 0:59 ` [199/289] USB: ftdi_sio: add device IDs for Milkymist One JTAG/serial Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [201/289] usb: misc: sisusbvga: fix information leak to userland Greg KH
` (85 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, ma rui
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: ma rui <m00150988@huawei.com>
commit 58c0d9d70109bd7e82bdb9517007311a48499960 upstream.
When huawei datacard with PID 0x14AC is insterted into Linux system, the
present kernel will load the "option" driver to all the interfaces. But
actually, some interfaces run as other function and do not need "option"
driver.
In this path, we modify the id_tables, when the PID is 0x14ac ,VID is
0x12d1, Only when the interface's Class is 0xff,Subclass is 0xff, Pro is
0xff, it does need "option" driver.
Signed-off-by: ma rui <m00150988@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/serial/option.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -512,7 +512,7 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_K4505, 0xff, 0xff, 0xff) },
{ USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_K3765, 0xff, 0xff, 0xff) },
{ USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_ETS1220, 0xff, 0xff, 0xff) },
- { USB_DEVICE(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E14AC) },
+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E14AC, 0xff, 0xff, 0xff) },
{ USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V640) },
{ USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V620) },
{ USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V740) },
^ permalink raw reply [flat|nested] 288+ messages in thread
* [201/289] usb: misc: sisusbvga: fix information leak to userland
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (200 preceding siblings ...)
2010-12-08 0:59 ` [200/289] USB: option: fix when the driver is loaded incorrectly for some Huawei devices Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [202/289] usb: misc: iowarrior: " Greg KH
` (84 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Vasiliy Kulikov
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Vasiliy Kulikov <segooon@gmail.com>
commit 5dc92cf1d0b4b0debbd2e333b83f9746c103533d upstream.
Structure sisusb_info is copied to userland with "sisusb_reserved" field
uninitialized. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/misc/sisusbvga/sisusb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/misc/sisusbvga/sisusb.c
+++ b/drivers/usb/misc/sisusbvga/sisusb.c
@@ -3008,6 +3008,7 @@ sisusb_ioctl(struct file *file, unsigned
#else
x.sisusb_conactive = 0;
#endif
+ memset(x.sisusb_reserved, 0, sizeof(x.sisusb_reserved));
if (copy_to_user((void __user *)arg, &x, sizeof(x)))
retval = -EFAULT;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [202/289] usb: misc: iowarrior: fix information leak to userland
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (201 preceding siblings ...)
2010-12-08 0:59 ` [201/289] usb: misc: sisusbvga: fix information leak to userland Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [203/289] usb: core: " Greg KH
` (83 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Vasiliy Kulikov, Kees Cook
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Vasiliy Kulikov <segooon@gmail.com>
commit eca67aaeebd6e5d22b0d991af1dd0424dc703bfb upstream.
Structure iowarrior_info is copied to userland with padding byted
between "serial" and "revision" fields uninitialized. It leads to
leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/misc/iowarrior.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -553,6 +553,7 @@ static long iowarrior_ioctl(struct file
/* needed for power consumption */
struct usb_config_descriptor *cfg_descriptor = &dev->udev->actconfig->desc;
+ memset(&info, 0, sizeof(info));
/* directly from the descriptor */
info.vendor = le16_to_cpu(dev->udev->descriptor.idVendor);
info.product = dev->product_id;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [203/289] usb: core: fix information leak to userland
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (202 preceding siblings ...)
2010-12-08 0:59 ` [202/289] usb: misc: iowarrior: " Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [204/289] USB: ohci-jz4740: Fix spelling in MODULE_ALIAS Greg KH
` (82 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Vasiliy Kulikov
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Vasiliy Kulikov <segooon@gmail.com>
commit 886ccd4520064408ce5876cfe00554ce52ecf4a7 upstream.
Structure usbdevfs_connectinfo is copied to userland with padding byted
after "slow" field uninitialized. It leads to leaking of contents of
kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/core/devio.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -965,10 +965,11 @@ static int proc_getdriver(struct dev_sta
static int proc_connectinfo(struct dev_state *ps, void __user *arg)
{
- struct usbdevfs_connectinfo ci;
+ struct usbdevfs_connectinfo ci = {
+ .devnum = ps->dev->devnum,
+ .slow = ps->dev->speed == USB_SPEED_LOW
+ };
- ci.devnum = ps->dev->devnum;
- ci.slow = ps->dev->speed == USB_SPEED_LOW;
if (copy_to_user(arg, &ci, sizeof(ci)))
return -EFAULT;
return 0;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [204/289] USB: ohci-jz4740: Fix spelling in MODULE_ALIAS
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (203 preceding siblings ...)
2010-12-08 0:59 ` [203/289] usb: core: " Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [205/289] Staging: rt2870: Add USB ID for Buffalo Airstation WLI-UC-GN Greg KH
` (81 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, David Brownell, Stefan Weil
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Stefan Weil <weil@mail.berlios.de>
commit 1c0a38038e8fcfaa6b5a81d53a4898f3f939f582 upstream.
platfrom -> platform
Cc: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/ohci-jz4740.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/host/ohci-jz4740.c
+++ b/drivers/usb/host/ohci-jz4740.c
@@ -273,4 +273,4 @@ static struct platform_driver ohci_hcd_j
},
};
-MODULE_ALIAS("platfrom:jz4740-ohci");
+MODULE_ALIAS("platform:jz4740-ohci");
^ permalink raw reply [flat|nested] 288+ messages in thread
* [205/289] Staging: rt2870: Add USB ID for Buffalo Airstation WLI-UC-GN
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (204 preceding siblings ...)
2010-12-08 0:59 ` [204/289] USB: ohci-jz4740: Fix spelling in MODULE_ALIAS Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [206/289] USB: ehci: fix debugfs lpm permissions Greg KH
` (80 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, John Tapsell, Stefan Bader
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: John Tapsell <johnflux@gmail.com>
commit 251d380034c6c34efe75ffb89d863558ba68ec6a upstream.
BugLink: http://bugs.launchpad.net/bugs/441990
This was tested to successfully enable the hardware.
Signed-off-by: John Tapsell <johnflux@gmail.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/rt2860/usb_main_dev.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/staging/rt2860/usb_main_dev.c
+++ b/drivers/staging/rt2860/usb_main_dev.c
@@ -182,6 +182,7 @@ struct usb_device_id rtusb_usb_id[] = {
{USB_DEVICE(0x2001, 0x3C09)}, /* D-Link */
{USB_DEVICE(0x2001, 0x3C0A)}, /* D-Link 3072 */
{USB_DEVICE(0x2019, 0xED14)}, /* Planex Communications, Inc. */
+ {USB_DEVICE(0x0411, 0x015D)}, /* Buffalo Airstation WLI-UC-GN */
{} /* Terminating entry */
};
^ permalink raw reply [flat|nested] 288+ messages in thread
* [206/289] USB: ehci: fix debugfs lpm permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (205 preceding siblings ...)
2010-12-08 0:59 ` [205/289] Staging: rt2870: Add USB ID for Buffalo Airstation WLI-UC-GN Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [207/289] USB: EHCI: fix obscure race in ehci_endpoint_disable Greg KH
` (79 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alek Du, Jacob Pan,
David Brownell, Alan Stern
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 723b991a62d94f74c9f19abd3da6e937288eb969 upstream.
The permissions for the lpm debugfs file is incorrect, this fixes it.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alek Du <alek.du@intel.com>
Cc: Jacob Pan <jacob.jun.pan@intel.com>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/ehci-dbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/host/ehci-dbg.c
+++ b/drivers/usb/host/ehci-dbg.c
@@ -1063,7 +1063,7 @@ static inline void create_debug_files (s
&debug_registers_fops))
goto file_error;
- if (!debugfs_create_file("lpm", S_IRUGO|S_IWUGO, ehci->debug_dir, bus,
+ if (!debugfs_create_file("lpm", S_IRUGO|S_IWUSR, ehci->debug_dir, bus,
&debug_lpm_fops))
goto file_error;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [207/289] USB: EHCI: fix obscure race in ehci_endpoint_disable
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (206 preceding siblings ...)
2010-12-08 0:59 ` [206/289] USB: ehci: fix debugfs lpm permissions Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [208/289] USB: ehci: disable LPM and PPCD for nVidia MCP89 chips Greg KH
` (78 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Alan Stern, David Brownell
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 02e2c51ba3e80acde600721ea784c3ef84da5ea1 upstream.
This patch (as1435) fixes an obscure and unlikely race in ehci-hcd.
When an async URB is unlinked, the corresponding QH is removed from
the async list. If the QH's endpoint is then disabled while the URB
is being given back, ehci_endpoint_disable() won't find the QH on the
async list, causing it to believe that the QH has been lost. This
will lead to a memory leak at best and quite possibly to an oops.
The solution is to trust usbcore not to lose track of endpoints. If
the QH isn't on the async list then it doesn't need to be taken off
the list, but the driver should still wait for the QH to become IDLE
before disabling it.
In theory this fixes Bugzilla #20182. In fact the race is so rare
that it's not possible to tell whether the bug is still present.
However, adding delays and making other changes to force the race
seems to show that the patch works.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
CC: David Brownell <david-b@pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/ehci-hcd.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/usb/host/ehci-hcd.c
+++ b/drivers/usb/host/ehci-hcd.c
@@ -1048,10 +1048,11 @@ rescan:
tmp && tmp != qh;
tmp = tmp->qh_next.qh)
continue;
- /* periodic qh self-unlinks on empty */
- if (!tmp)
- goto nogood;
- unlink_async (ehci, qh);
+ /* periodic qh self-unlinks on empty, and a COMPLETING qh
+ * may already be unlinked.
+ */
+ if (tmp)
+ unlink_async(ehci, qh);
/* FALL THROUGH */
case QH_STATE_UNLINK: /* wait for hw to finish? */
case QH_STATE_UNLINK_WAIT:
@@ -1068,7 +1069,6 @@ idle_timeout:
}
/* else FALL THROUGH */
default:
-nogood:
/* caller was supposed to have unlinked any requests;
* that's not our job. just leak this memory.
*/
^ permalink raw reply [flat|nested] 288+ messages in thread
* [208/289] USB: ehci: disable LPM and PPCD for nVidia MCP89 chips
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (207 preceding siblings ...)
2010-12-08 0:59 ` [207/289] USB: EHCI: fix obscure race in ehci_endpoint_disable Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [209/289] USB: storage: sierra_ms: fix sysfs file attribute Greg KH
` (77 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Brian Tarricone
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Brian J. Tarricone <brian@tarricone.org>
commit a85b4e7f4481c5a1ca89fa63c9c871151965075e upstream.
Tested on MacBookAir3,1. Without this, we get EPROTO errors when
fetching device config descriptors.
Signed-off-by: Brian Tarricone <brian@tarricone.org>
Reported-by: Benoit Gschwind <gschwind@gnu-log.net>
Tested-by: Edgar Hucek <gimli@dark-green.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/host/ehci-pci.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/usb/host/ehci-pci.c
+++ b/drivers/usb/host/ehci-pci.c
@@ -148,6 +148,18 @@ static int ehci_pci_setup(struct usb_hcd
if (pdev->revision < 0xa4)
ehci->no_selective_suspend = 1;
break;
+
+ /* MCP89 chips on the MacBookAir3,1 give EPROTO when
+ * fetching device descriptors unless LPM is disabled.
+ * There are also intermittent problems enumerating
+ * devices with PPCD enabled.
+ */
+ case 0x0d9d:
+ ehci_info(ehci, "disable lpm/ppcd for nvidia mcp89");
+ ehci->has_lpm = 0;
+ ehci->has_ppcd = 0;
+ ehci->command &= ~CMD_PPCEE;
+ break;
}
break;
case PCI_VENDOR_ID_VIA:
^ permalink raw reply [flat|nested] 288+ messages in thread
* [209/289] USB: storage: sierra_ms: fix sysfs file attribute
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (208 preceding siblings ...)
2010-12-08 0:59 ` [208/289] USB: ehci: disable LPM and PPCD for nVidia MCP89 chips Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [210/289] USB: atm: ueagle-atm: fix up some permissions on the sysfs files Greg KH
` (76 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Kevin Lloyd, Matthew Dharm
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit d9624e75f6ad94d8a0718c1fafa89186d271a78c upstream.
A non-writable sysfs file shouldn't have writable attributes.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kevin Lloyd <klloyd@sierrawireless.com>
Cc: Matthew Dharm <mdharm-usb@one-eyed-alien.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/storage/sierra_ms.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/storage/sierra_ms.c
+++ b/drivers/usb/storage/sierra_ms.c
@@ -121,7 +121,7 @@ static ssize_t show_truinst(struct devic
}
return result;
}
-static DEVICE_ATTR(truinst, S_IWUGO | S_IRUGO, show_truinst, NULL);
+static DEVICE_ATTR(truinst, S_IRUGO, show_truinst, NULL);
int sierra_ms_init(struct us_data *us)
{
^ permalink raw reply [flat|nested] 288+ messages in thread
* [210/289] USB: atm: ueagle-atm: fix up some permissions on the sysfs files
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (209 preceding siblings ...)
2010-12-08 0:59 ` [209/289] USB: storage: sierra_ms: fix sysfs file attribute Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [211/289] USB: misc: cypress_cy7c63: fix up some sysfs attribute permissions Greg KH
` (75 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Matthieu Castet,
Stanislaw Gruszka, Damien Bergamini
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit e502ac5e1eca99d7dc3f12b2a6780ccbca674858 upstream.
Some of the sysfs files had the incorrect permissions. Some didn't make
sense at all (writable for a file that you could not write to?)
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthieu Castet <castet.matthieu@free.fr>
Cc: Stanislaw Gruszka <stf_xl@wp.pl>
Cc: Damien Bergamini <damien.bergamini@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/atm/ueagle-atm.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/usb/atm/ueagle-atm.c
+++ b/drivers/usb/atm/ueagle-atm.c
@@ -2301,7 +2301,7 @@ out:
return ret;
}
-static DEVICE_ATTR(stat_status, S_IWUGO | S_IRUGO, read_status, reboot);
+static DEVICE_ATTR(stat_status, S_IWUSR | S_IRUGO, read_status, reboot);
static ssize_t read_human_status(struct device *dev,
struct device_attribute *attr, char *buf)
@@ -2364,8 +2364,7 @@ out:
return ret;
}
-static DEVICE_ATTR(stat_human_status, S_IWUGO | S_IRUGO,
- read_human_status, NULL);
+static DEVICE_ATTR(stat_human_status, S_IRUGO, read_human_status, NULL);
static ssize_t read_delin(struct device *dev, struct device_attribute *attr,
char *buf)
@@ -2397,7 +2396,7 @@ out:
return ret;
}
-static DEVICE_ATTR(stat_delin, S_IWUGO | S_IRUGO, read_delin, NULL);
+static DEVICE_ATTR(stat_delin, S_IRUGO, read_delin, NULL);
#define UEA_ATTR(name, reset) \
\
^ permalink raw reply [flat|nested] 288+ messages in thread
* [211/289] USB: misc: cypress_cy7c63: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (210 preceding siblings ...)
2010-12-08 0:59 ` [210/289] USB: atm: ueagle-atm: fix up some permissions on the sysfs files Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [212/289] USB: misc: usbled: " Greg KH
` (74 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Oliver Bock
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit c990600d340641150f7270470a64bd99a5c0b225 upstream.
They should not be writable by any user.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oliver Bock <bock@tfh-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/misc/cypress_cy7c63.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/usb/misc/cypress_cy7c63.c
+++ b/drivers/usb/misc/cypress_cy7c63.c
@@ -196,11 +196,9 @@ static ssize_t get_port1_handler(struct
return read_port(dev, attr, buf, 1, CYPRESS_READ_PORT_ID1);
}
-static DEVICE_ATTR(port0, S_IWUGO | S_IRUGO,
- get_port0_handler, set_port0_handler);
+static DEVICE_ATTR(port0, S_IRUGO | S_IWUSR, get_port0_handler, set_port0_handler);
-static DEVICE_ATTR(port1, S_IWUGO | S_IRUGO,
- get_port1_handler, set_port1_handler);
+static DEVICE_ATTR(port1, S_IRUGO | S_IWUSR, get_port1_handler, set_port1_handler);
static int cypress_probe(struct usb_interface *interface,
^ permalink raw reply [flat|nested] 288+ messages in thread
* [212/289] USB: misc: usbled: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (211 preceding siblings ...)
2010-12-08 0:59 ` [211/289] USB: misc: cypress_cy7c63: fix up some sysfs attribute permissions Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [213/289] USB: misc: trancevibrator: fix up a sysfs attribute permission Greg KH
` (73 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 48f115470e68d443436b76b22dad63ffbffd6b97 upstream.
They should not be writable by any user.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/misc/usbled.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/misc/usbled.c
+++ b/drivers/usb/misc/usbled.c
@@ -94,7 +94,7 @@ static ssize_t set_##value(struct device
change_color(led); \
return count; \
} \
-static DEVICE_ATTR(value, S_IWUGO | S_IRUGO, show_##value, set_##value);
+static DEVICE_ATTR(value, S_IRUGO | S_IWUSR, show_##value, set_##value);
show_set(blue);
show_set(red);
show_set(green);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [213/289] USB: misc: trancevibrator: fix up a sysfs attribute permission
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (212 preceding siblings ...)
2010-12-08 0:59 ` [212/289] USB: misc: usbled: " Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [214/289] USB: misc: usbsevseg: fix up some sysfs attribute permissions Greg KH
` (72 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Sam Hocevar
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit d489a4b3926bad571d404ca6508f6744b9602776 upstream.
It should not be writable by any user.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Sam Hocevar <sam@zoy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/misc/trancevibrator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/misc/trancevibrator.c
+++ b/drivers/usb/misc/trancevibrator.c
@@ -86,7 +86,7 @@ static ssize_t set_speed(struct device *
return count;
}
-static DEVICE_ATTR(speed, S_IWUGO | S_IRUGO, show_speed, set_speed);
+static DEVICE_ATTR(speed, S_IRUGO | S_IWUSR, show_speed, set_speed);
static int tv_probe(struct usb_interface *interface,
const struct usb_device_id *id)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [214/289] USB: misc: usbsevseg: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (213 preceding siblings ...)
2010-12-08 0:59 ` [213/289] USB: misc: trancevibrator: fix up a sysfs attribute permission Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [215/289] USB: ftdi_sio: Add ID for RT Systems USB-29B radio cable Greg KH
` (71 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Harrison Metzger
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit e24d7ace4e822debcb78386bf279c9aba4d7fbd1 upstream.
They should not be writable by any user.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Harrison Metzger <harrisonmetz@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/misc/usbsevseg.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/drivers/usb/misc/usbsevseg.c
+++ b/drivers/usb/misc/usbsevseg.c
@@ -192,7 +192,7 @@ static ssize_t set_attr_##name(struct de
\
return count; \
} \
-static DEVICE_ATTR(name, S_IWUGO | S_IRUGO, show_attr_##name, set_attr_##name);
+static DEVICE_ATTR(name, S_IRUGO | S_IWUSR, show_attr_##name, set_attr_##name);
static ssize_t show_attr_text(struct device *dev,
struct device_attribute *attr, char *buf)
@@ -223,7 +223,7 @@ static ssize_t set_attr_text(struct devi
return count;
}
-static DEVICE_ATTR(text, S_IWUGO | S_IRUGO, show_attr_text, set_attr_text);
+static DEVICE_ATTR(text, S_IRUGO | S_IWUSR, show_attr_text, set_attr_text);
static ssize_t show_attr_decimals(struct device *dev,
struct device_attribute *attr, char *buf)
@@ -272,8 +272,7 @@ static ssize_t set_attr_decimals(struct
return count;
}
-static DEVICE_ATTR(decimals, S_IWUGO | S_IRUGO,
- show_attr_decimals, set_attr_decimals);
+static DEVICE_ATTR(decimals, S_IRUGO | S_IWUSR, show_attr_decimals, set_attr_decimals);
static ssize_t show_attr_textmode(struct device *dev,
struct device_attribute *attr, char *buf)
@@ -319,8 +318,7 @@ static ssize_t set_attr_textmode(struct
return -EINVAL;
}
-static DEVICE_ATTR(textmode, S_IWUGO | S_IRUGO,
- show_attr_textmode, set_attr_textmode);
+static DEVICE_ATTR(textmode, S_IRUGO | S_IWUSR, show_attr_textmode, set_attr_textmode);
MYDEV_ATTR_SIMPLE_UNSIGNED(powered, update_display_powered);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [215/289] USB: ftdi_sio: Add ID for RT Systems USB-29B radio cable
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (214 preceding siblings ...)
2010-12-08 0:59 ` [214/289] USB: misc: usbsevseg: fix up some sysfs attribute permissions Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [216/289] USB: serial: ftdi_sio: Vardaan USB RS422/485 converter PID added Greg KH
` (70 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Michael Stuermer
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Michael Stuermer <ms@mallorn.de>
commit 28942bb6a9dd4e2ed793675e515cfb8297ed355b upstream.
Another variant of the RT Systems programming cable for ham radios.
Signed-off-by: Michael Stuermer <ms@mallorn.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -696,6 +696,7 @@ static struct usb_device_id id_table_com
.driver_info = (kernel_ulong_t)&ftdi_NDI_device_quirk },
{ USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) },
{ USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_SERIAL_VX7_PID) },
+ { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_CT29B_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_MAXSTREAM_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_PHI_FISCO_PID) },
{ USB_DEVICE(TML_VID, TML_USB_SERIAL_PID) },
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -721,6 +721,7 @@
*/
#define RTSYSTEMS_VID 0x2100 /* Vendor ID */
#define RTSYSTEMS_SERIAL_VX7_PID 0x9e52 /* Serial converter for VX-7 Radios using FT232RL */
+#define RTSYSTEMS_CT29B_PID 0x9e54 /* CT29B Radio Cable */
/*
* Bayer Ascensia Contour blood glucose meter USB-converter cable.
^ permalink raw reply [flat|nested] 288+ messages in thread
* [216/289] USB: serial: ftdi_sio: Vardaan USB RS422/485 converter PID added
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (215 preceding siblings ...)
2010-12-08 0:59 ` [215/289] USB: ftdi_sio: Add ID for RT Systems USB-29B radio cable Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [217/289] USB: fix autosuspend bug in usb-serial Greg KH
` (69 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Jacques Viviers
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jacques Viviers <jacques.viviers@gmail.com>
commit 6fdbad8021151a9e93af8159a6232c8f26415c09 upstream.
Add the PID for the Vardaan Enterprises VEUSB422R3 USB to RS422/485
converter. It uses the same chip as the FTDI_8U232AM_PID 0x6001.
This should also work with the stable branches for:
2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36
Signed-off-by: Jacques Viviers <jacques.viviers@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 3 +++
2 files changed, 4 insertions(+)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -201,6 +201,7 @@ static struct usb_device_id id_table_com
{ USB_DEVICE(FTDI_VID, FTDI_MTXORB_5_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_MTXORB_6_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_R2000KU_TRUE_RNG) },
+ { USB_DEVICE(FTDI_VID, FTDI_VARDAAN_PID) },
{ USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0100_PID) },
{ USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0101_PID) },
{ USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_0102_PID) },
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -114,6 +114,9 @@
/* Lenz LI-USB Computer Interface. */
#define FTDI_LENZ_LIUSB_PID 0xD780
+/* Vardaan Enterprises Serial Interface VEUSB422R3 */
+#define FTDI_VARDAAN_PID 0xF070
+
/*
* Xsens Technologies BV products (http://www.xsens.com).
*/
^ permalink raw reply [flat|nested] 288+ messages in thread
* [217/289] USB: fix autosuspend bug in usb-serial
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (216 preceding siblings ...)
2010-12-08 0:59 ` [216/289] USB: serial: ftdi_sio: Vardaan USB RS422/485 converter PID added Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [218/289] e1000: fix screaming IRQ Greg KH
` (68 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Alan Stern
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit abf03184a31a3286fc0ab30f838ddee8ba9f9b7b upstream.
This patch (as1437) fixes a bug in the usb-serial autosuspend
handling. Since the usb-serial core now has autosuspend support, it
must set the .supports_autosuspend member in every serial driver it
registers. Otherwise the usb_autopm_get_interface() call won't work.
This fixes Bugzilla #23012.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Kevin Smith <thirdwiggin@gmail.com>
Reported-and-tested-by: Simon Gerber <gesimu@gmail.com>
Reported-and-tested-by: Matteo Croce <matteo@openwrt.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/usb/serial/usb-serial.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/serial/usb-serial.c
+++ b/drivers/usb/serial/usb-serial.c
@@ -52,6 +52,7 @@ static struct usb_driver usb_serial_driv
.suspend = usb_serial_suspend,
.resume = usb_serial_resume,
.no_dynamic_id = 1,
+ .supports_autosuspend = 1,
};
/* There is no MODULE_DEVICE_TABLE for usbserial.c. Instead
@@ -1331,6 +1332,8 @@ int usb_serial_register(struct usb_seria
return -ENODEV;
fixup_generic(driver);
+ if (driver->usb_driver)
+ driver->usb_driver->supports_autosuspend = 1;
if (!driver->description)
driver->description = driver->driver.name;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [218/289] e1000: fix screaming IRQ
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (217 preceding siblings ...)
2010-12-08 0:59 ` [217/289] USB: fix autosuspend bug in usb-serial Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [219/289] ACPI: install ACPI table handler before any dynamic tables being loaded Greg KH
` (67 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Anupam Chanda,
Jesse Brandeburg, Jeff Kirsher, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Anupam Chanda <anupamc@vmware.com>
commit ab08853fab2093e5c6f5de56827a4c93dce4b055 upstream.
VMWare reports that the e1000 driver has a bug when bringing down the
interface, such that interrupts are not disabled in the hardware but the
driver stops reporting that it consumed the interrupt.
The fix is to set the driver's "down" flag later in the routine,
after all the timers and such have exited, preventing the interrupt
handler from being called and exiting early without handling the
interrupt.
CC: Anupam Chanda <anupamc@vmware.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/e1000/e1000_main.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/drivers/net/e1000/e1000_main.c
+++ b/drivers/net/e1000/e1000_main.c
@@ -31,7 +31,7 @@
char e1000_driver_name[] = "e1000";
static char e1000_driver_string[] = "Intel(R) PRO/1000 Network Driver";
-#define DRV_VERSION "7.3.21-k6-NAPI"
+#define DRV_VERSION "7.3.21-k8-NAPI"
const char e1000_driver_version[] = DRV_VERSION;
static const char e1000_copyright[] = "Copyright (c) 1999-2006 Intel Corporation.";
@@ -483,9 +483,6 @@ void e1000_down(struct e1000_adapter *ad
struct net_device *netdev = adapter->netdev;
u32 rctl, tctl;
- /* signal that we're down so the interrupt handler does not
- * reschedule our watchdog timer */
- set_bit(__E1000_DOWN, &adapter->flags);
/* disable receives in the hardware */
rctl = er32(RCTL);
@@ -506,6 +503,13 @@ void e1000_down(struct e1000_adapter *ad
e1000_irq_disable(adapter);
+ /*
+ * Setting DOWN must be after irq_disable to prevent
+ * a screaming interrupt. Setting DOWN also prevents
+ * timers and tasks from rescheduling.
+ */
+ set_bit(__E1000_DOWN, &adapter->flags);
+
del_timer_sync(&adapter->tx_fifo_stall_timer);
del_timer_sync(&adapter->watchdog_timer);
del_timer_sync(&adapter->phy_info_timer);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [219/289] ACPI: install ACPI table handler before any dynamic tables being loaded
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (218 preceding siblings ...)
2010-12-08 0:59 ` [218/289] e1000: fix screaming IRQ Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [220/289] ACPI battery: support percentage battery remaining capacity Greg KH
` (66 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dennis Jansen, Alex Chiang,
Zhang Rui, Len Brown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
commit b1d248d96c71665c79befb81207f38f894c7c082 upstream.
ACPI table sysfs I/F is broken by commit
78f1699659963fff97975df44db6d5dbe7218e55
Author: Alex Chiang <achiang@hp.com>
Date: Sun Dec 20 12:19:09 2009 -0700
ACPI: processor: call _PDC early
because dynamic SSDT tables may be loaded in _PDC,
before installing the ACPI table handler.
As a result, the sysfs I/F of these dynamic tables are
located at /sys/firmware/acpi/tables instead of
/sys/firmware/acpi/tables/dynamic, which is not true.
Invoke acpi_sysfs_init() before acpi_early_processor_set_pdc(),
so that the table handler is installed before any dynamic tables loaded.
https://bugzilla.kernel.org/show_bug.cgi?id=21142
CC: Dennis Jansen <dennis.jansen@web.de>
CC: Alex Chiang <achiang@hp.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/acpi/bus.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -935,6 +935,12 @@ static int __init acpi_bus_init(void)
goto error1;
}
+ /*
+ * _PDC control method may load dynamic SSDT tables,
+ * and we need to install the table handler before that.
+ */
+ acpi_sysfs_init();
+
acpi_early_processor_set_pdc();
/*
@@ -1026,7 +1032,6 @@ static int __init acpi_init(void)
acpi_scan_init();
acpi_ec_init();
acpi_power_init();
- acpi_sysfs_init();
acpi_debugfs_init();
acpi_sleep_proc_init();
acpi_wakeup_device_init();
^ permalink raw reply [flat|nested] 288+ messages in thread
* [220/289] ACPI battery: support percentage battery remaining capacity
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (219 preceding siblings ...)
2010-12-08 0:59 ` [219/289] ACPI: install ACPI table handler before any dynamic tables being loaded Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [221/289] acpi-cpufreq: fix a memleak when unloading driver Greg KH
` (65 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Zhang Rui, Len Brown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
commit 557d58687dcdee6bc00c1a8f1fd4e0eac8fefce9 upstream.
According to the ACPI spec, some kinds of primary battery can
report percentage battery remaining capacity directly to OS.
In this case, it reports the LastFullChargedCapacity == 100,
BatteryPresentRate = 0xFFFFFFFF, and BatteryRemaingCapacity a
percentage value, which actually means RemainingBatteryPercentage.
Now we found some battery follows this rule even if it's a rechargeable.
https://bugzilla.kernel.org/show_bug.cgi?id=15979
Handle these batteries correctly in ACPI battery driver
so that they won't break userspace.
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Sitsofe Wheeler <sitsofe@yahoo.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/acpi/battery.c | 38 +++++++++++++++++++++++++++++++++++++-
1 file changed, 37 insertions(+), 1 deletion(-)
--- a/drivers/acpi/battery.c
+++ b/drivers/acpi/battery.c
@@ -98,6 +98,7 @@ enum {
* due to bad math.
*/
ACPI_BATTERY_QUIRK_SIGNED16_CURRENT,
+ ACPI_BATTERY_QUIRK_PERCENTAGE_CAPACITY,
};
struct acpi_battery {
@@ -412,6 +413,8 @@ static int acpi_battery_get_info(struct
result = extract_package(battery, buffer.pointer,
info_offsets, ARRAY_SIZE(info_offsets));
kfree(buffer.pointer);
+ if (test_bit(ACPI_BATTERY_QUIRK_PERCENTAGE_CAPACITY, &battery->flags))
+ battery->full_charge_capacity = battery->design_capacity;
return result;
}
@@ -448,6 +451,10 @@ static int acpi_battery_get_state(struct
battery->rate_now != -1)
battery->rate_now = abs((s16)battery->rate_now);
+ if (test_bit(ACPI_BATTERY_QUIRK_PERCENTAGE_CAPACITY, &battery->flags)
+ && battery->capacity_now >= 0 && battery->capacity_now <= 100)
+ battery->capacity_now = (battery->capacity_now *
+ battery->full_charge_capacity) / 100;
return result;
}
@@ -561,6 +568,33 @@ static void acpi_battery_quirks(struct a
}
}
+/*
+ * According to the ACPI spec, some kinds of primary batteries can
+ * report percentage battery remaining capacity directly to OS.
+ * In this case, it reports the Last Full Charged Capacity == 100
+ * and BatteryPresentRate == 0xFFFFFFFF.
+ *
+ * Now we found some battery reports percentage remaining capacity
+ * even if it's rechargeable.
+ * https://bugzilla.kernel.org/show_bug.cgi?id=15979
+ *
+ * Handle this correctly so that they won't break userspace.
+ */
+static void acpi_battery_quirks2(struct acpi_battery *battery)
+{
+ if (test_bit(ACPI_BATTERY_QUIRK_PERCENTAGE_CAPACITY, &battery->flags))
+ return ;
+
+ if (battery->full_charge_capacity == 100 &&
+ battery->rate_now == ACPI_BATTERY_VALUE_UNKNOWN &&
+ battery->capacity_now >=0 && battery->capacity_now <= 100) {
+ set_bit(ACPI_BATTERY_QUIRK_PERCENTAGE_CAPACITY, &battery->flags);
+ battery->full_charge_capacity = battery->design_capacity;
+ battery->capacity_now = (battery->capacity_now *
+ battery->full_charge_capacity) / 100;
+ }
+}
+
static int acpi_battery_update(struct acpi_battery *battery)
{
int result, old_present = acpi_battery_present(battery);
@@ -586,7 +620,9 @@ static int acpi_battery_update(struct ac
if (!battery->bat.dev)
sysfs_add_battery(battery);
#endif
- return acpi_battery_get_state(battery);
+ result = acpi_battery_get_state(battery);
+ acpi_battery_quirks2(battery);
+ return result;
}
/* --------------------------------------------------------------------------
^ permalink raw reply [flat|nested] 288+ messages in thread
* [221/289] acpi-cpufreq: fix a memleak when unloading driver
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (220 preceding siblings ...)
2010-12-08 0:59 ` [220/289] ACPI battery: support percentage battery remaining capacity Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 0:59 ` [222/289] ACPI: debugfs custom_method open to non-root Greg KH
` (64 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Zhang Rui, Len Brown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
commit dab5fff14df2cd16eb1ad4c02e83915e1063fece upstream.
We didn't free per_cpu(acfreq_data, cpu)->freq_table
when acpi_freq driver is unloaded.
Resulting in the following messages in /sys/kernel/debug/kmemleak:
unreferenced object 0xf6450e80 (size 64):
comm "modprobe", pid 1066, jiffies 4294677317 (age 19290.453s)
hex dump (first 32 bytes):
00 00 00 00 e8 a2 24 00 01 00 00 00 00 9f 24 00 ......$.......$.
02 00 00 00 00 6a 18 00 03 00 00 00 00 35 0c 00 .....j.......5..
backtrace:
[<c123ba97>] kmemleak_alloc+0x27/0x50
[<c109f96f>] __kmalloc+0xcf/0x110
[<f9da97ee>] acpi_cpufreq_cpu_init+0x1ee/0x4e4 [acpi_cpufreq]
[<c11cd8d2>] cpufreq_add_dev+0x142/0x3a0
[<c11920b7>] sysdev_driver_register+0x97/0x110
[<c11cce56>] cpufreq_register_driver+0x86/0x140
[<f9dad080>] 0xf9dad080
[<c1001130>] do_one_initcall+0x30/0x160
[<c10626e9>] sys_init_module+0x99/0x1e0
[<c1002d97>] sysenter_do_call+0x12/0x26
[<ffffffff>] 0xffffffff
https://bugzilla.kernel.org/show_bug.cgi?id=15807#c21
Tested-by: Toralf Forster <toralf.foerster@gmx.de>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
+++ b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
@@ -701,6 +701,7 @@ static int acpi_cpufreq_cpu_exit(struct
per_cpu(acfreq_data, policy->cpu) = NULL;
acpi_processor_unregister_performance(data->acpi_data,
policy->cpu);
+ kfree(data->freq_table);
kfree(data);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [222/289] ACPI: debugfs custom_method open to non-root
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (221 preceding siblings ...)
2010-12-08 0:59 ` [221/289] acpi-cpufreq: fix a memleak when unloading driver Greg KH
@ 2010-12-08 0:59 ` Greg KH
2010-12-08 1:00 ` [223/289] PNPACPI: cope with invalid device IDs Greg KH
` (63 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 0:59 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dave Jones, Len Brown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dave Jones <davej@redhat.com>
commit ed3aada1bf34c5a9e98af167f125f8a740fc726a upstream.
Currently we have:
--w--w--w-. 1 root root 0 2010-11-11 14:56 /sys/kernel/debug/acpi/custom_method
which is just crazy. Change this to --w-------.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/acpi/debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/acpi/debugfs.c
+++ b/drivers/acpi/debugfs.c
@@ -79,7 +79,7 @@ int __init acpi_debugfs_init(void)
if (!acpi_dir)
goto err;
- cm_dentry = debugfs_create_file("custom_method", S_IWUGO,
+ cm_dentry = debugfs_create_file("custom_method", S_IWUSR,
acpi_dir, NULL, &cm_fops);
if (!cm_dentry)
goto err;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [223/289] PNPACPI: cope with invalid device IDs
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (222 preceding siblings ...)
2010-12-08 0:59 ` [222/289] ACPI: debugfs custom_method open to non-root Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [224/289] [media] saa7134: Fix autodetect for Behold A7 and H7 TV cards Greg KH
` (62 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dmitry Torokhov, Len Brown
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
commit 420a0f66378c84b00b0e603e4d38210102dbe367 upstream.
If primary ID (HID) is invalid try locating first valid ID on compatible
ID list before giving up.
This helps, for example, to recognize i8042 AUX port on Sony Vaio VPCZ1
which uses SNYSYN0003 as HID. Without the patch users are forced to
boot with i8042.nopnp to make use of their touchpads.
Tested-by: Jan-Hendrik Zab <jan@jhz.name>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/pnp/pnpacpi/core.c | 29 ++++++++++++++++++++++++-----
1 file changed, 24 insertions(+), 5 deletions(-)
--- a/drivers/pnp/pnpacpi/core.c
+++ b/drivers/pnp/pnpacpi/core.c
@@ -28,7 +28,7 @@
#include "../base.h"
#include "pnpacpi.h"
-static int num = 0;
+static int num;
/* We need only to blacklist devices that have already an acpi driver that
* can't use pnp layer. We don't need to blacklist device that are directly
@@ -180,11 +180,24 @@ struct pnp_protocol pnpacpi_protocol = {
};
EXPORT_SYMBOL(pnpacpi_protocol);
+static char *pnpacpi_get_id(struct acpi_device *device)
+{
+ struct acpi_hardware_id *id;
+
+ list_for_each_entry(id, &device->pnp.ids, list) {
+ if (ispnpidacpi(id->id))
+ return id->id;
+ }
+
+ return NULL;
+}
+
static int __init pnpacpi_add_device(struct acpi_device *device)
{
acpi_handle temp = NULL;
acpi_status status;
struct pnp_dev *dev;
+ char *pnpid;
struct acpi_hardware_id *id;
/*
@@ -192,11 +205,17 @@ static int __init pnpacpi_add_device(str
* driver should not be loaded.
*/
status = acpi_get_handle(device->handle, "_CRS", &temp);
- if (ACPI_FAILURE(status) || !ispnpidacpi(acpi_device_hid(device)) ||
- is_exclusive_device(device) || (!device->status.present))
+ if (ACPI_FAILURE(status))
+ return 0;
+
+ pnpid = pnpacpi_get_id(device);
+ if (!pnpid)
+ return 0;
+
+ if (is_exclusive_device(device) || !device->status.present)
return 0;
- dev = pnp_alloc_dev(&pnpacpi_protocol, num, acpi_device_hid(device));
+ dev = pnp_alloc_dev(&pnpacpi_protocol, num, pnpid);
if (!dev)
return -ENOMEM;
@@ -227,7 +246,7 @@ static int __init pnpacpi_add_device(str
pnpacpi_parse_resource_option_data(dev);
list_for_each_entry(id, &device->pnp.ids, list) {
- if (!strcmp(id->id, acpi_device_hid(device)))
+ if (!strcmp(id->id, pnpid))
continue;
if (!ispnpidacpi(id->id))
continue;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [224/289] [media] saa7134: Fix autodetect for Behold A7 and H7 TV cards
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (223 preceding siblings ...)
2010-12-08 1:00 ` [223/289] PNPACPI: cope with invalid device IDs Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [225/289] fuse: fix attributes after open(O_TRUNC) Greg KH
` (61 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan,
Beholder Intl. Ltd. Dmitry Belimov, Mauro Carvalho Chehab
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dmitri Belimov <d.belimov@gmail.com>
commit 35bbe587d0959712b69540077c9e0fd27d3e6baf upstream.
The entries for those cards are after the generic entries,
so they don't work, in practice. Moving them to happen before the
generic entres fix the issue.
Signed-off-by: Beholder Intl. Ltd. Dmitry Belimov <d.belimov@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/media/video/saa7134/saa7134-cards.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/drivers/media/video/saa7134/saa7134-cards.c
+++ b/drivers/media/video/saa7134/saa7134-cards.c
@@ -6661,6 +6661,18 @@ struct pci_device_id saa7134_pci_tbl[] =
.subdevice = 0x2804,
.driver_data = SAA7134_BOARD_TECHNOTREND_BUDGET_T3000,
}, {
+ .vendor = PCI_VENDOR_ID_PHILIPS,
+ .device = PCI_DEVICE_ID_PHILIPS_SAA7133,
+ .subvendor = 0x5ace, /* Beholder Intl. Ltd. */
+ .subdevice = 0x7190,
+ .driver_data = SAA7134_BOARD_BEHOLD_H7,
+ }, {
+ .vendor = PCI_VENDOR_ID_PHILIPS,
+ .device = PCI_DEVICE_ID_PHILIPS_SAA7133,
+ .subvendor = 0x5ace, /* Beholder Intl. Ltd. */
+ .subdevice = 0x7090,
+ .driver_data = SAA7134_BOARD_BEHOLD_A7,
+ }, {
/* --- boards without eeprom + subsystem ID --- */
.vendor = PCI_VENDOR_ID_PHILIPS,
.device = PCI_DEVICE_ID_PHILIPS_SAA7134,
@@ -6698,18 +6710,6 @@ struct pci_device_id saa7134_pci_tbl[] =
.subvendor = PCI_ANY_ID,
.subdevice = PCI_ANY_ID,
.driver_data = SAA7134_BOARD_UNKNOWN,
- }, {
- .vendor = PCI_VENDOR_ID_PHILIPS,
- .device = PCI_DEVICE_ID_PHILIPS_SAA7133,
- .subvendor = 0x5ace, /* Beholder Intl. Ltd. */
- .subdevice = 0x7190,
- .driver_data = SAA7134_BOARD_BEHOLD_H7,
- }, {
- .vendor = PCI_VENDOR_ID_PHILIPS,
- .device = PCI_DEVICE_ID_PHILIPS_SAA7133,
- .subvendor = 0x5ace, /* Beholder Intl. Ltd. */
- .subdevice = 0x7090,
- .driver_data = SAA7134_BOARD_BEHOLD_A7,
},{
/* --- end of list --- */
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [225/289] fuse: fix attributes after open(O_TRUNC)
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (224 preceding siblings ...)
2010-12-08 1:00 ` [224/289] [media] saa7134: Fix autodetect for Behold A7 and H7 TV cards Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [226/289] cs5535-gpio: apply CS5536 errata workaround for GPIOs Greg KH
` (60 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ken Sumrall, Anfei,
Anand V. Avati, Miklos Szeredi
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Ken Sumrall <ksumrall@android.com>
commit a0822c55779d9319939eac69f00bb729ea9d23da upstream.
The attribute cache for a file was not being cleared when a file is opened
with O_TRUNC.
If the filesystem's open operation truncates the file ("atomic_o_trunc"
feature flag is set) then the kernel should invalidate the cached st_mtime
and st_ctime attributes.
Also i_size should be explicitly be set to zero as it is used sometimes
without refreshing the cache.
Signed-off-by: Ken Sumrall <ksumrall@android.com>
Cc: Anfei <anfei.zhou@gmail.com>
Cc: "Anand V. Avati" <avati@gluster.com>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/fuse/file.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -134,6 +134,7 @@ EXPORT_SYMBOL_GPL(fuse_do_open);
void fuse_finish_open(struct inode *inode, struct file *file)
{
struct fuse_file *ff = file->private_data;
+ struct fuse_conn *fc = get_fuse_conn(inode);
if (ff->open_flags & FOPEN_DIRECT_IO)
file->f_op = &fuse_direct_io_file_operations;
@@ -141,6 +142,15 @@ void fuse_finish_open(struct inode *inod
invalidate_inode_pages2(inode->i_mapping);
if (ff->open_flags & FOPEN_NONSEEKABLE)
nonseekable_open(inode, file);
+ if (fc->atomic_o_trunc && (file->f_flags & O_TRUNC)) {
+ struct fuse_inode *fi = get_fuse_inode(inode);
+
+ spin_lock(&fc->lock);
+ fi->attr_version = ++fc->attr_version;
+ i_size_write(inode, 0);
+ spin_unlock(&fc->lock);
+ fuse_invalidate_attr(inode);
+ }
}
int fuse_open_common(struct inode *inode, struct file *file, bool isdir)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [226/289] cs5535-gpio: apply CS5536 errata workaround for GPIOs
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (225 preceding siblings ...)
2010-12-08 1:00 ` [225/289] fuse: fix attributes after open(O_TRUNC) Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [227/289] do_exit(): make sure that we run with get_fs() == USER_DS Greg KH
` (59 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Andres Salomon
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Andres Salomon <dilinger@queued.net>
commit 853ff88324a248a9f5da6e110850223db353ec07 upstream.
The AMD Geode CS5536 Companion Device Silicon Revision B1 Specification
Update mentions the follow as issue #36:
"Atomic write transactions to the atomic GPIO High Bank Feature Bit
registers should only affect the bits selected [...]"
"after Suspend, an atomic write transaction [...] will clear all
non-selected bits of the accessed register."
In other words, writing to the high bank for a single GPIO bit will
clear every other GPIO bit (but only sometimes after a suspend).
The workaround described is obvious and simple; do a read-modify-write.
This patch does that, and documents why we're doing it.
Signed-off-by: Andres Salomon <dilinger@queued.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/gpio/cs5535-gpio.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
--- a/drivers/gpio/cs5535-gpio.c
+++ b/drivers/gpio/cs5535-gpio.c
@@ -56,6 +56,18 @@ static struct cs5535_gpio_chip {
* registers, see include/linux/cs5535.h.
*/
+static void errata_outl(u32 val, unsigned long addr)
+{
+ /*
+ * According to the CS5536 errata (#36), after suspend
+ * a write to the high bank GPIO register will clear all
+ * non-selected bits; the recommended workaround is a
+ * read-modify-write operation.
+ */
+ val |= inl(addr);
+ outl(val, addr);
+}
+
static void __cs5535_gpio_set(struct cs5535_gpio_chip *chip, unsigned offset,
unsigned int reg)
{
@@ -64,7 +76,7 @@ static void __cs5535_gpio_set(struct cs5
outl(1 << offset, chip->base + reg);
else
/* high bank register */
- outl(1 << (offset - 16), chip->base + 0x80 + reg);
+ errata_outl(1 << (offset - 16), chip->base + 0x80 + reg);
}
void cs5535_gpio_set(unsigned offset, unsigned int reg)
@@ -86,7 +98,7 @@ static void __cs5535_gpio_clear(struct c
outl(1 << (offset + 16), chip->base + reg);
else
/* high bank register */
- outl(1 << offset, chip->base + 0x80 + reg);
+ errata_outl(1 << offset, chip->base + 0x80 + reg);
}
void cs5535_gpio_clear(unsigned offset, unsigned int reg)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [227/289] do_exit(): make sure that we run with get_fs() == USER_DS
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (226 preceding siblings ...)
2010-12-08 1:00 ` [226/289] cs5535-gpio: apply CS5536 errata workaround for GPIOs Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [228/289] mm/hugetlb.c: avoid double unlock_page() in hugetlb_fault() Greg KH
` (58 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Nelson Elhage, KOSAKI Motohiro
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Nelson Elhage <nelhage@ksplice.com>
commit 33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 upstream.
If a user manages to trigger an oops with fs set to KERNEL_DS, fs is not
otherwise reset before do_exit(). do_exit may later (via mm_release in
fork.c) do a put_user to a user-controlled address, potentially allowing
a user to leverage an oops into a controlled write into kernel memory.
This is only triggerable in the presence of another bug, but this
potentially turns a lot of DoS bugs into privilege escalations, so it's
worth fixing. I have proof-of-concept code which uses this bug along
with CVE-2010-3849 to write a zero to an arbitrary kernel address, so
I've tested that this is not theoretical.
A more logical place to put this fix might be when we know an oops has
occurred, before we call do_exit(), but that would involve changing
every architecture, in multiple places.
Let's just stick it in do_exit instead.
[akpm@linux-foundation.org: update code comment]
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
kernel/exit.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -903,6 +903,15 @@ NORET_TYPE void do_exit(long code)
if (unlikely(!tsk->pid))
panic("Attempted to kill the idle task!");
+ /*
+ * If do_exit is called because this processes oopsed, it's possible
+ * that get_fs() was left as KERNEL_DS, so reset it to USER_DS before
+ * continuing. Amongst other possible reasons, this is to prevent
+ * mm_release()->clear_child_tid() from writing to a user-controlled
+ * kernel address.
+ */
+ set_fs(USER_DS);
+
tracehook_report_exit(&code);
validate_creds_for_do_exit(tsk);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [228/289] mm/hugetlb.c: avoid double unlock_page() in hugetlb_fault()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (227 preceding siblings ...)
2010-12-08 1:00 ` [227/289] do_exit(): make sure that we run with get_fs() == USER_DS Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [229/289] cifs: fix another memleak, in cifs_root_iget Greg KH
` (57 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Dean Nelson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dean Nelson <dnelson@redhat.com>
commit 1f64d69c7ad2e48e697493e45590679f7a69b7b2 upstream.
Have hugetlb_fault() call unlock_page(page) only if it had previously
called lock_page(page).
Setting CONFIG_DEBUG_VM=y and then running the libhugetlbfs test suite,
resulted in the tripping of VM_BUG_ON(!PageLocked(page)) in
unlock_page() having been called by hugetlb_fault() when page ==
pagecache_page. This patch remedied the problem.
Signed-off-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/hugetlb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2668,7 +2668,8 @@ out_page_table_lock:
unlock_page(pagecache_page);
put_page(pagecache_page);
}
- unlock_page(page);
+ if (page != pagecache_page)
+ unlock_page(page);
out_mutex:
mutex_unlock(&hugetlb_instantiation_mutex);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [229/289] cifs: fix another memleak, in cifs_root_iget
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (228 preceding siblings ...)
2010-12-08 1:00 ` [228/289] mm/hugetlb.c: avoid double unlock_page() in hugetlb_fault() Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [230/289] cifs: fix parsing of hostname in dfs referrals Greg KH
` (56 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Oskar Schirmer, Steve French
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Oskar Schirmer <oskar@scara.com>
commit a7851ce73b9fdef53f251420e6883cf4f3766534 upstream.
cifs_root_iget allocates full_path through
cifs_build_path_to_root, but fails to kfree it upon
cifs_get_inode_info* failure.
Make all failure exit paths traverse clean up
handling at the end of the function.
Signed-off-by: Oskar Schirmer <oskar@scara.com>
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/cifs/inode.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -835,8 +835,10 @@ struct inode *cifs_root_iget(struct supe
rc = cifs_get_inode_info(&inode, full_path, NULL, sb,
xid, NULL);
- if (!inode)
- return ERR_PTR(rc);
+ if (!inode) {
+ inode = ERR_PTR(rc);
+ goto out;
+ }
#ifdef CONFIG_CIFS_FSCACHE
/* populate tcon->resource_id */
@@ -852,13 +854,11 @@ struct inode *cifs_root_iget(struct supe
inode->i_uid = cifs_sb->mnt_uid;
inode->i_gid = cifs_sb->mnt_gid;
} else if (rc) {
- kfree(full_path);
- _FreeXid(xid);
iget_failed(inode);
- return ERR_PTR(rc);
+ inode = ERR_PTR(rc);
}
-
+out:
kfree(full_path);
/* can not call macro FreeXid here since in a void func
* TODO: This is no longer true
^ permalink raw reply [flat|nested] 288+ messages in thread
* [230/289] cifs: fix parsing of hostname in dfs referrals
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (229 preceding siblings ...)
2010-12-08 1:00 ` [229/289] cifs: fix another memleak, in cifs_root_iget Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [231/289] ath9k: fix timeout on stopping rx dma Greg KH
` (55 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jeff Layton, Wang Lei,
David Howells, Steve French
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jeff Layton <jlayton@redhat.com>
commit ba03864872691c0bb580a7fb47388da337ef4aa2 upstream.
The DFS referral parsing code does a memchr() call to find the '\\'
delimiter that separates the hostname in the referral UNC from the
sharename. It then uses that value to set the length of the hostname via
pointer subtraction. Instead of subtracting the start of the hostname
however, it subtracts the start of the UNC, which causes the code to
pass in a hostname length that is 2 bytes too long.
Regression introduced in commit 1a4240f4.
Reported-and-Tested-by: Robbert Kouprie <robbert@exx.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Cc: Wang Lei <wang840925@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/cifs/dns_resolve.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cifs/dns_resolve.c
+++ b/fs/cifs/dns_resolve.c
@@ -66,7 +66,7 @@ dns_resolve_server_name_to_ip(const char
/* Search for server name delimiter */
sep = memchr(hostname, '\\', len);
if (sep)
- len = sep - unc;
+ len = sep - hostname;
else
cFYI(1, "%s: probably server name is whole unc: %s",
__func__, unc);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [231/289] ath9k: fix timeout on stopping rx dma
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (230 preceding siblings ...)
2010-12-08 1:00 ` [230/289] cifs: fix parsing of hostname in dfs referrals Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [232/289] uml: disable winch irq before freeing handler data Greg KH
` (54 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Felix Fietkau, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Felix Fietkau <nbd@openwrt.org>
commit d47844a014fada1a788719f6426bc7044f2a0fd8 upstream.
It seems that using ath9k_hw_stoppcurecv to stop rx dma is not enough.
When it's time to stop DMA, the PCU is still busy, so the rx enable
bit never clears.
Using ath9k_hw_abortpcurecv helps with getting rx stopped much faster,
with this change, I cannot reproduce the rx stop related WARN_ON anymore.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/wireless/ath/ath9k/recv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -508,7 +508,7 @@ bool ath_stoprecv(struct ath_softc *sc)
bool stopped;
spin_lock_bh(&sc->rx.rxbuflock);
- ath9k_hw_stoppcurecv(ah);
+ ath9k_hw_abortpcurecv(ah);
ath9k_hw_setrxfilter(ah, 0);
stopped = ath9k_hw_stopdmarecv(ah);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [232/289] uml: disable winch irq before freeing handler data
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (231 preceding siblings ...)
2010-12-08 1:00 ` [231/289] ath9k: fix timeout on stopping rx dma Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [233/289] backlight: grab ops_lock before testing bd->ops Greg KH
` (53 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Will Newton, WANG Cong, Jeff Dike
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Will Newton <will.newton@gmail.com>
commit 69e83dad5207f8f03c9699e57e1febb114383cb8 upstream.
Disable the winch irq early to make sure we don't take an interrupt part
way through the freeing of the handler data, resulting in a crash on
shutdown:
winch_interrupt : read failed, errno = 9
fd 13 is losing SIGWINCH support
------------[ cut here ]------------
WARNING: at lib/list_debug.c:48 list_del+0xc6/0x100()
list_del corruption, next is LIST_POISON1 (00100100)
082578c8: [<081fd77f>] dump_stack+0x22/0x24
082578e0: [<0807a18a>] warn_slowpath_common+0x5a/0x80
08257908: [<0807a23e>] warn_slowpath_fmt+0x2e/0x30
08257920: [<08172196>] list_del+0xc6/0x100
08257940: [<08060244>] free_winch+0x14/0x80
08257958: [<080606fb>] winch_interrupt+0xdb/0xe0
08257978: [<080a65b5>] handle_IRQ_event+0x35/0xe0
08257998: [<080a8717>] handle_edge_irq+0xb7/0x170
082579bc: [<08059bc4>] do_IRQ+0x34/0x50
082579d4: [<08059e1b>] sigio_handler+0x5b/0x80
082579ec: [<0806a374>] sig_handler_common+0x44/0xb0
08257a68: [<0806a538>] sig_handler+0x38/0x50
08257a78: [<0806a77c>] handle_signal+0x5c/0xa0
08257a9c: [<0806be28>] hard_handler+0x18/0x20
08257aac: [<00c14400>] 0xc14400
Signed-off-by: Will Newton <will.newton@gmail.com>
Acked-by: WANG Cong <xiyou.wangcong@gmail.com>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/um/drivers/line.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/um/drivers/line.c
+++ b/arch/um/drivers/line.c
@@ -727,6 +727,9 @@ struct winch {
static void free_winch(struct winch *winch, int free_irq_ok)
{
+ if (free_irq_ok)
+ free_irq(WINCH_IRQ, winch);
+
list_del(&winch->list);
if (winch->pid != -1)
@@ -735,8 +738,6 @@ static void free_winch(struct winch *win
os_close_file(winch->fd);
if (winch->stack != 0)
free_stack(winch->stack, 0);
- if (free_irq_ok)
- free_irq(WINCH_IRQ, winch);
kfree(winch);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [233/289] backlight: grab ops_lock before testing bd->ops
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (232 preceding siblings ...)
2010-12-08 1:00 ` [232/289] uml: disable winch irq before freeing handler data Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [234/289] nommu: yield CPU while disposing VM Greg KH
` (52 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Uwe Kleine-König,
Richard Purdie
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1951 bytes --]
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig@pengutronix.de>
commit d1d73578e053b981c3611e5a211534290d24a5eb upstream.
According to the comment describing ops_lock in the definition of struct
backlight_device and when comparing with other functions in backlight.c
the mutex must be hold when checking ops to be non-NULL.
Fixes a problem added by c835ee7f4154992e6 ("backlight: Add suspend/resume
support to the backlight core") in Jan 2009.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Richard Purdie <rpurdie@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/video/backlight/backlight.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/video/backlight/backlight.c
+++ b/drivers/video/backlight/backlight.c
@@ -197,12 +197,12 @@ static int backlight_suspend(struct devi
{
struct backlight_device *bd = to_backlight_device(dev);
- if (bd->ops->options & BL_CORE_SUSPENDRESUME) {
- mutex_lock(&bd->ops_lock);
+ mutex_lock(&bd->ops_lock);
+ if (bd->ops && bd->ops->options & BL_CORE_SUSPENDRESUME) {
bd->props.state |= BL_CORE_SUSPENDED;
backlight_update_status(bd);
- mutex_unlock(&bd->ops_lock);
}
+ mutex_unlock(&bd->ops_lock);
return 0;
}
@@ -211,12 +211,12 @@ static int backlight_resume(struct devic
{
struct backlight_device *bd = to_backlight_device(dev);
- if (bd->ops->options & BL_CORE_SUSPENDRESUME) {
- mutex_lock(&bd->ops_lock);
+ mutex_lock(&bd->ops_lock);
+ if (bd->ops && bd->ops->options & BL_CORE_SUSPENDRESUME) {
bd->props.state &= ~BL_CORE_SUSPENDED;
backlight_update_status(bd);
- mutex_unlock(&bd->ops_lock);
}
+ mutex_unlock(&bd->ops_lock);
return 0;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [234/289] nommu: yield CPU while disposing VM
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (233 preceding siblings ...)
2010-12-08 1:00 ` [233/289] backlight: grab ops_lock before testing bd->ops Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [235/289] PM / PM QoS: Fix reversed min and max Greg KH
` (51 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Steven J. Magnani, Greg Ungerer
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Steven J. Magnani <steve@digidescorp.com>
commit 04c3496152394d17e3bc2316f9731ee3e8a026bc upstream.
Depending on processor speed, page size, and the amount of memory a
process is allowed to amass, cleanup of a large VM may freeze the system
for many seconds. This can result in a watchdog timeout.
Make sure other tasks receive some service when cleaning up large VMs.
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Cc: Greg Ungerer <gerg@snapgear.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/nommu.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -1668,6 +1668,7 @@ void exit_mmap(struct mm_struct *mm)
mm->mmap = vma->vm_next;
delete_vma_from_mm(vma);
delete_vma(mm, vma);
+ cond_resched();
}
kleave("");
^ permalink raw reply [flat|nested] 288+ messages in thread
* [235/289] PM / PM QoS: Fix reversed min and max
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (234 preceding siblings ...)
2010-12-08 1:00 ` [234/289] nommu: yield CPU while disposing VM Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [236/289] x86: Ignore trap bits on single step exceptions Greg KH
` (50 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Colin Cross, mark,
Rafael J. Wysocki
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Colin Cross <ccross@android.com>
commit 00fafcda1773245a5292f953321ec3f0668c8c28 upstream.
pm_qos_get_value had min and max reversed, causing all pm_qos
requests to have no effect.
Signed-off-by: Colin Cross <ccross@android.com>
Acked-by: mark <markgross@thegnar.org>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
kernel/pm_qos_params.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/pm_qos_params.c
+++ b/kernel/pm_qos_params.c
@@ -120,10 +120,10 @@ static inline int pm_qos_get_value(struc
switch (o->type) {
case PM_QOS_MIN:
- return plist_last(&o->requests)->prio;
+ return plist_first(&o->requests)->prio;
case PM_QOS_MAX:
- return plist_first(&o->requests)->prio;
+ return plist_last(&o->requests)->prio;
default:
/* runtime check for not using enum */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [236/289] x86: Ignore trap bits on single step exceptions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (235 preceding siblings ...)
2010-12-08 1:00 ` [235/289] PM / PM QoS: Fix reversed min and max Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [237/289] mmc: fix rmmod race for hosts using card-detection polling Greg KH
` (49 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Frederic Weisbecker,
Rafael J. Wysocki, Maciej Rutecki, Alexandre Julliard,
Jason Wessel
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Frederic Weisbecker <fweisbec@gmail.com>
commit 6c0aca288e726405b01dacb12cac556454d34b2a upstream.
When a single step exception fires, the trap bits, used to
signal hardware breakpoints, are in a random state.
These trap bits might be set if another exception will follow,
like a breakpoint in the next instruction, or a watchpoint in the
previous one. Or there can be any junk there.
So if we handle these trap bits during the single step exception,
we are going to handle an exception twice, or we are going to
handle junk.
Just ignore them in this case.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=21332
Reported-by: Michael Stefaniuc <mstefani@redhat.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Maciej Rutecki <maciej.rutecki@gmail.com>
Cc: Alexandre Julliard <julliard@winehq.org>
Cc: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kernel/hw_breakpoint.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/x86/kernel/hw_breakpoint.c
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -433,6 +433,10 @@ static int __kprobes hw_breakpoint_handl
dr6_p = (unsigned long *)ERR_PTR(args->err);
dr6 = *dr6_p;
+ /* If it's a single step, TRAP bits are random */
+ if (dr6 & DR_STEP)
+ return NOTIFY_DONE;
+
/* Do an early return if no trap bits are set in DR6 */
if ((dr6 & DR_TRAP_BITS) == 0)
return NOTIFY_DONE;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [237/289] mmc: fix rmmod race for hosts using card-detection polling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (236 preceding siblings ...)
2010-12-08 1:00 ` [236/289] x86: Ignore trap bits on single step exceptions Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [238/289] DECnet: dont leak uninitialized stack byte Greg KH
` (48 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Guennadi Liakhovetski, Chris Ball
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
commit d9bcbf343ec63e1104b5276195888ee06b4d086f upstream.
MMC hosts that poll for card detection by defining the MMC_CAP_NEEDS_POLL
flag have a race on rmmod, where the delayed work is cancelled without
waiting for completed polling. To prevent this a _sync version of the work
cancellation has to be used.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Chris Ball <cjb@laptop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/mmc/core/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1514,7 +1514,7 @@ void mmc_stop_host(struct mmc_host *host
if (host->caps & MMC_CAP_DISABLE)
cancel_delayed_work(&host->disable);
- cancel_delayed_work(&host->detect);
+ cancel_delayed_work_sync(&host->detect);
mmc_flush_scheduled_work();
/* clear pm flags now and let card drivers set them as needed */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [238/289] DECnet: dont leak uninitialized stack byte
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (237 preceding siblings ...)
2010-12-08 1:00 ` [237/289] mmc: fix rmmod race for hosts using card-detection polling Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [239/289] perf_events: Fix perf_counter_mmap() hook in mprotect() Greg KH
` (47 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dan Rosenberg, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dan Rosenberg <drosenberg@vsecurity.com>
commit 3c6f27bf33052ea6ba9d82369fb460726fb779c0 upstream.
A single uninitialized padding byte is leaked to userspace.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/decnet/af_decnet.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -1556,6 +1556,8 @@ static int __dn_getsockopt(struct socket
if (r_len > sizeof(struct linkinfo_dn))
r_len = sizeof(struct linkinfo_dn);
+ memset(&link, 0, sizeof(link));
+
switch(sock->state) {
case SS_CONNECTING:
link.idn_linkstate = LL_CONNECTING;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [239/289] perf_events: Fix perf_counter_mmap() hook in mprotect()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (238 preceding siblings ...)
2010-12-08 1:00 ` [238/289] DECnet: dont leak uninitialized stack byte Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [240/289] ARM: 6464/2: fix spinlock recursion in adjust_pte() Greg KH
` (46 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Ingo Molnar, Pekka Enberg
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Pekka Enberg <penberg@kernel.org>
commit 63bfd7384b119409685a17d5c58f0b56e5dc03da upstream.
As pointed out by Linus, commit dab5855 ("perf_counter: Add mmap event hooks to
mprotect()") is fundamentally wrong as mprotect_fixup() can free 'vma' due to
merging. Fix the problem by moving perf_event_mmap() hook to
mprotect_fixup().
Note: there's another successful return path from mprotect_fixup() if old
flags equal to new flags. We don't, however, need to call
perf_event_mmap() there because 'perf' already knows the VMA is
executable.
Reported-by: Dave Jones <davej@redhat.com>
Analyzed-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@elte.hu>
Reviewed-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/mprotect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -211,6 +211,7 @@ success:
mmu_notifier_invalidate_range_end(mm, start, end);
vm_stat_account(mm, oldflags, vma->vm_file, -nrpages);
vm_stat_account(mm, newflags, vma->vm_file, nrpages);
+ perf_event_mmap(vma);
return 0;
fail:
@@ -299,7 +300,6 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
if (error)
goto out;
- perf_event_mmap(vma);
nstart = tmp;
if (nstart < prev->vm_end)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [240/289] ARM: 6464/2: fix spinlock recursion in adjust_pte()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (239 preceding siblings ...)
2010-12-08 1:00 ` [239/289] perf_events: Fix perf_counter_mmap() hook in mprotect() Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [241/289] ARM: 6489/1: thumb2: fix incorrect optimisation in usracc Greg KH
` (45 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Mika Westerberg, Russell King
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Mika Westerberg <mika.westerberg@iki.fi>
commit 4e54d93d3c9846ba1c2644ad06463dafa690d1b7 upstream.
When running following code in a machine which has VIVT caches and
USE_SPLIT_PTLOCKS is not defined:
fd = open("/etc/passwd", O_RDONLY);
addr = mmap(NULL, 4096, PROT_READ, MAP_SHARED, fd, 0);
addr2 = mmap(NULL, 4096, PROT_READ, MAP_SHARED, fd, 0);
v = *((int *)addr);
we will hang in spinlock recursion in the page fault handler:
BUG: spinlock recursion on CPU#0, mmap_test/717
lock: c5e295d8, .magic: dead4ead, .owner: mmap_test/717,
.owner_cpu: 0
[<c0026604>] (unwind_backtrace+0x0/0xec)
[<c014ee48>] (do_raw_spin_lock+0x40/0x140)
[<c0027f68>] (update_mmu_cache+0x208/0x250)
[<c0079db4>] (__do_fault+0x320/0x3ec)
[<c007af7c>] (handle_mm_fault+0x2f0/0x6d8)
[<c0027834>] (do_page_fault+0xdc/0x1cc)
[<c00202d0>] (do_DataAbort+0x34/0x94)
This comes from the fact that when USE_SPLIT_PTLOCKS is not defined,
the only lock protecting the page tables is mm->page_table_lock
which is already locked before update_mmu_cache() is called.
Signed-off-by: Mika Westerberg <mika.westerberg@iki.fi>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/arm/mm/fault-armv.c | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
--- a/arch/arm/mm/fault-armv.c
+++ b/arch/arm/mm/fault-armv.c
@@ -65,6 +65,30 @@ static int do_adjust_pte(struct vm_area_
return ret;
}
+#if USE_SPLIT_PTLOCKS
+/*
+ * If we are using split PTE locks, then we need to take the page
+ * lock here. Otherwise we are using shared mm->page_table_lock
+ * which is already locked, thus cannot take it.
+ */
+static inline void do_pte_lock(spinlock_t *ptl)
+{
+ /*
+ * Use nested version here to indicate that we are already
+ * holding one similar spinlock.
+ */
+ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING);
+}
+
+static inline void do_pte_unlock(spinlock_t *ptl)
+{
+ spin_unlock(ptl);
+}
+#else /* !USE_SPLIT_PTLOCKS */
+static inline void do_pte_lock(spinlock_t *ptl) {}
+static inline void do_pte_unlock(spinlock_t *ptl) {}
+#endif /* USE_SPLIT_PTLOCKS */
+
static int adjust_pte(struct vm_area_struct *vma, unsigned long address,
unsigned long pfn)
{
@@ -89,11 +113,11 @@ static int adjust_pte(struct vm_area_str
*/
ptl = pte_lockptr(vma->vm_mm, pmd);
pte = pte_offset_map_nested(pmd, address);
- spin_lock(ptl);
+ do_pte_lock(ptl);
ret = do_adjust_pte(vma, address, pfn, pte);
- spin_unlock(ptl);
+ do_pte_unlock(ptl);
pte_unmap_nested(pte);
return ret;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [241/289] ARM: 6489/1: thumb2: fix incorrect optimisation in usracc
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (240 preceding siblings ...)
2010-12-08 1:00 ` [240/289] ARM: 6464/2: fix spinlock recursion in adjust_pte() Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [242/289] ARM: 6482/2: Fix find_next_zero_bit and related assembly Greg KH
` (44 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Catalin Marinas,
Will Deacon, Russell King
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Will Deacon <will.deacon@arm.com>
commit 1142b71d85894dcff1466dd6c871ea3c89e0352c upstream.
Commit 8b592783 added a Thumb-2 variant of usracc which, when it is
called with \rept=2, calls usraccoff once with an offset of 0 and
secondly with a hard-coded offset of 4 in order to avoid incrementing
the pointer again. If \inc != 4 then we will store the data to the wrong
offset from \ptr. Luckily, the only caller that passes \rept=2 to this
function is __clear_user so we haven't been actively corrupting user data.
This patch fixes usracc to pass \inc instead of #4 to usraccoff
when it is called a second time.
Reported-by: Tony Thompson <tony.thompson@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/arm/include/asm/assembler.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/include/asm/assembler.h
+++ b/arch/arm/include/asm/assembler.h
@@ -215,7 +215,7 @@
@ Slightly optimised to avoid incrementing the pointer twice
usraccoff \instr, \reg, \ptr, \inc, 0, \cond, \abort
.if \rept == 2
- usraccoff \instr, \reg, \ptr, \inc, 4, \cond, \abort
+ usraccoff \instr, \reg, \ptr, \inc, \inc, \cond, \abort
.endif
add\cond \ptr, #\rept * \inc
^ permalink raw reply [flat|nested] 288+ messages in thread
* [242/289] ARM: 6482/2: Fix find_next_zero_bit and related assembly
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (241 preceding siblings ...)
2010-12-08 1:00 ` [241/289] ARM: 6489/1: thumb2: fix incorrect optimisation in usracc Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [243/289] leds: fix bug with reading NAS SS4200 dmi code Greg KH
` (43 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, James Jones, Russell King
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: James Jones <jajones@nvidia.com>
commit 0e91ec0c06d2cd15071a6021c94840a50e6671aa upstream.
The find_next_bit, find_first_bit, find_next_zero_bit
and find_first_zero_bit functions were not properly
clamping to the maxbit argument at the bit level. They
were instead only checking maxbit at the byte level.
To fix this, add a compare and a conditional move
instruction to the end of the common bit-within-the-
byte code used by all the functions and be sure not to
clobber the maxbit argument before it is used.
Reviewed-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: James Jones <jajones@nvidia.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/arm/lib/findbit.S | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/arm/lib/findbit.S
+++ b/arch/arm/lib/findbit.S
@@ -174,8 +174,8 @@ ENDPROC(_find_next_bit_be)
*/
.L_found:
#if __LINUX_ARM_ARCH__ >= 5
- rsb r1, r3, #0
- and r3, r3, r1
+ rsb r0, r3, #0
+ and r3, r3, r0
clz r3, r3
rsb r3, r3, #31
add r0, r2, r3
@@ -190,5 +190,7 @@ ENDPROC(_find_next_bit_be)
addeq r2, r2, #1
mov r0, r2
#endif
+ cmp r1, r0 @ Clamp to maxbit
+ movlo r0, r1
mov pc, lr
^ permalink raw reply [flat|nested] 288+ messages in thread
* [243/289] leds: fix bug with reading NAS SS4200 dmi code
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (242 preceding siblings ...)
2010-12-08 1:00 ` [242/289] ARM: 6482/2: Fix find_next_zero_bit and related assembly Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [244/289] serial: mfd: adjust the baud rate setting Greg KH
` (42 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Steven Rostedt, Dave Hansen,
Richard Purdie, Arjan van de Ven
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Steven Rostedt <rostedt@goodmis.org>
commit 50d431e8a15701b599c98afe2b464eb33c952477 upstream.
While running randconfg with ktest.pl I stumbled upon this bug:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000003
IP: [<ffffffff815fe44f>] strstr+0x39/0x86
PGD 0
Oops: 0000 [#1] SMP
last sysfs file:
CPU 0
Modules linked in:
Pid: 1, comm: swapper Not tainted 2.6.37-rc1-test+ #6 DG965MQ/
RIP: 0010:[<ffffffff815fe44f>] [<ffffffff815fe44f>] strstr+0x39/0x86
RSP: 0018:ffff8800797cbd80 EFLAGS: 00010213
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffffffffffff
RDX: 0000000000000000 RSI: ffffffff82eb7ac9 RDI: 0000000000000003
RBP: ffff8800797cbda0 R08: ffff880000000003 R09: 0000000000030725
R10: ffff88007d294c00 R11: 0000000000014c00 R12: 0000000000000020
R13: ffffffff82eb7ac9 R14: ffffffffffffffff R15: ffffffff82eb7b08
FS: 0000000000000000(0000) GS:ffff88007d200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000003 CR3: 0000000002a1d000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 1, threadinfo ffff8800797ca000, task ffff8800797d0000)
Stack:
00000000000000ba ffffffff82eb7ac9 ffffffff82eb7ab8 00000000000000ba
ffff8800797cbdf0 ffffffff81e2050f ffff8800797cbdc0 00000000815f913b
ffff8800797cbe00 ffffffff82eb7ab8 0000000000000000 0000000000000000
Call Trace:
[<ffffffff81e2050f>] dmi_matches+0x117/0x154
[<ffffffff81e205d7>] dmi_check_system+0x3d/0x8d
[<ffffffff82e1ad25>] ? nas_gpio_init+0x0/0x2c8
[<ffffffff82e1ad49>] nas_gpio_init+0x24/0x2c8
[<ffffffff820d750d>] ? wm8350_led_init+0x0/0x20
[<ffffffff82e1ad25>] ? nas_gpio_init+0x0/0x2c8
[<ffffffff810022f7>] do_one_initcall+0xab/0x1b2
[<ffffffff82da749c>] kernel_init+0x248/0x331
[<ffffffff8100e624>] kernel_thread_helper+0x4/0x10
[<ffffffff82da7254>] ? kernel_init+0x0/0x331
Found that the nas_led_whitelist dmi_system_id structure array had no
NULL end delimiter, causing the dmi_check_system() loop to read an
undefined entry.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Dave Hansen <dave@sr71.net>
Acked-by: Richard Purdie <rpurdie@linux.intel.com>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/leds/leds-ss4200.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/leds/leds-ss4200.c
+++ b/drivers/leds/leds-ss4200.c
@@ -102,6 +102,7 @@ static struct dmi_system_id __initdata n
DMI_MATCH(DMI_PRODUCT_VERSION, "1.00.00")
}
},
+ {}
};
/*
^ permalink raw reply [flat|nested] 288+ messages in thread
* [244/289] serial: mfd: adjust the baud rate setting
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (243 preceding siblings ...)
2010-12-08 1:00 ` [243/289] leds: fix bug with reading NAS SS4200 dmi code Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [245/289] memcg: avoid deadlock between move charge and try_charge() Greg KH
` (41 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Feng Tang
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Feng Tang <feng.tang@intel.com>
commit a5880a9e5bb40fbae55de60051d69a29091053c3 upstream.
Previous baud rate setting code only has been tested with 3.5M/9600/
115200/230400/460800 bps, and recently we got a 3M bps device to test,
which needs to modify current MUL register setting, and with this
patch 2.5M/2M/1.5M/1M/0.5M should also work as they just use a MUL
value scale down from 3M's.
Also got some reference register setting from silicon guys for
different baud rates, which tries to keep the pre-scalar register value
to 16.
Signed-off-by: Feng Tang <feng.tang@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/serial/mfd.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
--- a/drivers/serial/mfd.c
+++ b/drivers/serial/mfd.c
@@ -892,8 +892,7 @@ serial_hsu_set_termios(struct uart_port
unsigned char cval, fcr = 0;
unsigned long flags;
unsigned int baud, quot;
- u32 mul = 0x3600;
- u32 ps = 0x10;
+ u32 ps, mul;
switch (termios->c_cflag & CSIZE) {
case CS5:
@@ -937,20 +936,19 @@ serial_hsu_set_termios(struct uart_port
ps = 0xC;
quot = 1;
break;
- case 2500000:
- mul = 0x2710;
- ps = 0x10;
- quot = 1;
- break;
case 18432000:
mul = 0x2400;
ps = 0x10;
quot = 1;
break;
+ case 3000000:
+ case 2500000:
+ case 2000000:
case 1500000:
- mul = 0x1D4C;
- ps = 0xc;
- quot = 1;
+ case 1000000:
+ case 500000:
+ /* mul/ps/quot = 0x9C4/0x10/0x1 will make a 500000 bps */
+ mul = baud / 500000 * 0x9C4;
break;
default:
;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [245/289] memcg: avoid deadlock between move charge and try_charge()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (244 preceding siblings ...)
2010-12-08 1:00 ` [244/289] serial: mfd: adjust the baud rate setting Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [246/289] Revert "vfs: show unreachable paths in getcwd and proc" Greg KH
` (40 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Daisuke Nishimura,
Balbir Singh, KAMEZAWA Hiroyuki
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
commit b1dd693e5b9348bd68a80e679e03cf9c0973b01b upstream.
__mem_cgroup_try_charge() can be called under down_write(&mmap_sem)(e.g.
mlock does it). This means it can cause deadlock if it races with move charge:
Ex.1)
move charge | try charge
--------------------------------------+------------------------------
mem_cgroup_can_attach() | down_write(&mmap_sem)
mc.moving_task = current | ..
mem_cgroup_precharge_mc() | __mem_cgroup_try_charge()
mem_cgroup_count_precharge() | prepare_to_wait()
down_read(&mmap_sem) | if (mc.moving_task)
-> cannot aquire the lock | -> true
| schedule()
Ex.2)
move charge | try charge
--------------------------------------+------------------------------
mem_cgroup_can_attach() |
mc.moving_task = current |
mem_cgroup_precharge_mc() |
mem_cgroup_count_precharge() |
down_read(&mmap_sem) |
.. |
up_read(&mmap_sem) |
| down_write(&mmap_sem)
mem_cgroup_move_task() | ..
mem_cgroup_move_charge() | __mem_cgroup_try_charge()
down_read(&mmap_sem) | prepare_to_wait()
-> cannot aquire the lock | if (mc.moving_task)
| -> true
| schedule()
To avoid this deadlock, we do all the move charge works (both can_attach() and
attach()) under one mmap_sem section.
And after this patch, we set/clear mc.moving_task outside mc.lock, because we
use the lock only to check mc.from/to.
Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
mm/memcontrol.c | 43 ++++++++++++++++++++++++++-----------------
1 file changed, 26 insertions(+), 17 deletions(-)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -269,13 +269,14 @@ enum move_type {
/* "mc" and its members are protected by cgroup_mutex */
static struct move_charge_struct {
- spinlock_t lock; /* for from, to, moving_task */
+ spinlock_t lock; /* for from, to */
struct mem_cgroup *from;
struct mem_cgroup *to;
unsigned long precharge;
unsigned long moved_charge;
unsigned long moved_swap;
struct task_struct *moving_task; /* a task moving charges */
+ struct mm_struct *mm;
wait_queue_head_t waitq; /* a waitq for other context */
} mc = {
.lock = __SPIN_LOCK_UNLOCKED(mc.lock),
@@ -4445,7 +4446,7 @@ static unsigned long mem_cgroup_count_pr
unsigned long precharge;
struct vm_area_struct *vma;
- down_read(&mm->mmap_sem);
+ /* We've already held the mmap_sem */
for (vma = mm->mmap; vma; vma = vma->vm_next) {
struct mm_walk mem_cgroup_count_precharge_walk = {
.pmd_entry = mem_cgroup_count_precharge_pte_range,
@@ -4457,7 +4458,6 @@ static unsigned long mem_cgroup_count_pr
walk_page_range(vma->vm_start, vma->vm_end,
&mem_cgroup_count_precharge_walk);
}
- up_read(&mm->mmap_sem);
precharge = mc.precharge;
mc.precharge = 0;
@@ -4508,11 +4508,16 @@ static void mem_cgroup_clear_mc(void)
mc.moved_swap = 0;
}
+ if (mc.mm) {
+ up_read(&mc.mm->mmap_sem);
+ mmput(mc.mm);
+ }
spin_lock(&mc.lock);
mc.from = NULL;
mc.to = NULL;
- mc.moving_task = NULL;
spin_unlock(&mc.lock);
+ mc.moving_task = NULL;
+ mc.mm = NULL;
memcg_oom_recover(from);
memcg_oom_recover(to);
wake_up_all(&mc.waitq);
@@ -4537,26 +4542,37 @@ static int mem_cgroup_can_attach(struct
return 0;
/* We move charges only when we move a owner of the mm */
if (mm->owner == p) {
+ /*
+ * We do all the move charge works under one mmap_sem to
+ * avoid deadlock with down_write(&mmap_sem)
+ * -> try_charge() -> if (mc.moving_task) -> sleep.
+ */
+ down_read(&mm->mmap_sem);
+
VM_BUG_ON(mc.from);
VM_BUG_ON(mc.to);
VM_BUG_ON(mc.precharge);
VM_BUG_ON(mc.moved_charge);
VM_BUG_ON(mc.moved_swap);
VM_BUG_ON(mc.moving_task);
+ VM_BUG_ON(mc.mm);
+
spin_lock(&mc.lock);
mc.from = from;
mc.to = mem;
mc.precharge = 0;
mc.moved_charge = 0;
mc.moved_swap = 0;
- mc.moving_task = current;
spin_unlock(&mc.lock);
+ mc.moving_task = current;
+ mc.mm = mm;
ret = mem_cgroup_precharge_mc(mm);
if (ret)
mem_cgroup_clear_mc();
- }
- mmput(mm);
+ /* We call up_read() and mmput() in clear_mc(). */
+ } else
+ mmput(mm);
}
return ret;
}
@@ -4644,7 +4660,7 @@ static void mem_cgroup_move_charge(struc
struct vm_area_struct *vma;
lru_add_drain_all();
- down_read(&mm->mmap_sem);
+ /* We've already held the mmap_sem */
for (vma = mm->mmap; vma; vma = vma->vm_next) {
int ret;
struct mm_walk mem_cgroup_move_charge_walk = {
@@ -4663,7 +4679,6 @@ static void mem_cgroup_move_charge(struc
*/
break;
}
- up_read(&mm->mmap_sem);
}
static void mem_cgroup_move_task(struct cgroup_subsys *ss,
@@ -4672,17 +4687,11 @@ static void mem_cgroup_move_task(struct
struct task_struct *p,
bool threadgroup)
{
- struct mm_struct *mm;
-
- if (!mc.to)
+ if (!mc.mm)
/* no need to move charge */
return;
- mm = get_task_mm(p);
- if (mm) {
- mem_cgroup_move_charge(mm);
- mmput(mm);
- }
+ mem_cgroup_move_charge(mc.mm);
mem_cgroup_clear_mc();
}
#else /* !CONFIG_MMU */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [246/289] Revert "vfs: show unreachable paths in getcwd and proc"
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (245 preceding siblings ...)
2010-12-08 1:00 ` [245/289] memcg: avoid deadlock between move charge and try_charge() Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [247/289] Staging: udlfb: fix up some sysfs attribute permissions Greg KH
` (39 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric W. Biederman
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Eric W. Biederman <ebiederm@xmission.com>
commit 7b2a69ba7055da9a04eb96aa7b38c8e3280aaaa5 upstream.
Because it caused a chroot ttyname regression in 2.6.36.
As of 2.6.36 ttyname does not work in a chroot. It has already been
reported that screen breaks, and for me this breaks an automated
distribution testsuite, that I need to preserve the ability to run the
existing binaries on for several more years. glibc 2.11.3 which has a
fix for this is not an option.
The root cause of this breakage is:
commit 8df9d1a4142311c084ffeeacb67cd34d190eff74
Author: Miklos Szeredi <mszeredi@suse.cz>
Date: Tue Aug 10 11:41:41 2010 +0200
vfs: show unreachable paths in getcwd and proc
Prepend "(unreachable)" to path strings if the path is not reachable
from the current root.
Two places updated are
- the return string from getcwd()
- and symlinks under /proc/$PID.
Other uses of d_path() are left unchanged (we know that some old
software crashes if /proc/mounts is changed).
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
So remove the nice sounding, but ultimately ill advised change to how
/proc/fd symlinks work.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/proc/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1526,7 +1526,7 @@ static int do_proc_readlink(struct path
if (!tmp)
return -ENOMEM;
- pathname = d_path_with_unreachable(path, tmp, PAGE_SIZE);
+ pathname = d_path(path, tmp, PAGE_SIZE);
len = PTR_ERR(pathname);
if (IS_ERR(pathname))
goto out;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [247/289] Staging: udlfb: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (246 preceding siblings ...)
2010-12-08 1:00 ` [246/289] Revert "vfs: show unreachable paths in getcwd and proc" Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [248/289] Staging: iio: adis16220: " Greg KH
` (38 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Bernie Thompson
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit cc9ca9dfddda46b1802d325891a69d7efdbe1f1e and
cc9ca9dfddda46b1802d325891a69d7efdbe1f1e upstream merged together.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Bernie Thompson <bernie@plugable.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/udlfb/udlfb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/udlfb/udlfb.c
+++ b/drivers/staging/udlfb/udlfb.c
@@ -1143,7 +1143,7 @@ static struct device_attribute fb_device
__ATTR_RO(metrics_bytes_sent),
__ATTR_RO(metrics_cpu_kcycles_used),
__ATTR_RO(metrics_misc),
- __ATTR(metrics_reset, S_IWUGO, NULL, metrics_reset_store),
+ __ATTR(metrics_reset, S_IWUSR, NULL, metrics_reset_store),
__ATTR_RW(use_defio),
};
^ permalink raw reply [flat|nested] 288+ messages in thread
* [248/289] Staging: iio: adis16220: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (247 preceding siblings ...)
2010-12-08 1:00 ` [247/289] Staging: udlfb: fix up some sysfs attribute permissions Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [249/289] Staging: iio: adis16220: fix up my fixup for " Greg KH
` (37 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jonathan Cameron, Barry Song
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 1d904e8950c86e670ace237eaea1d48cd81e94df upstream.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jonathan Cameron <jic23@cam.ac.uk>
Cc: Barry Song <Barry.Song@analog.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/iio/accel/adis16220_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/iio/accel/adis16220_core.c
+++ b/drivers/staging/iio/accel/adis16220_core.c
@@ -506,7 +506,7 @@ static IIO_DEVICE_ATTR(reset, S_IWUSR, N
adis16220_write_reset, 0);
#define IIO_DEV_ATTR_CAPTURE(_store) \
- IIO_DEVICE_ATTR(capture, S_IWUGO, NULL, _store, 0)
+ IIO_DEVICE_ATTR(capture, S_IRUSR, NULL, _store, 0)
static IIO_DEV_ATTR_CAPTURE(adis16220_write_capture);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [249/289] Staging: iio: adis16220: fix up my fixup for some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (248 preceding siblings ...)
2010-12-08 1:00 ` [248/289] Staging: iio: adis16220: " Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [250/289] Staging: samsung-laptop: fix up " Greg KH
` (36 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jonathan Cameron, Barry Song
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit c9e51d9e4bee3da47623622884f4828e079a0581 upstream.
They should be writable by root, not readable.
Doh, stupid me with the wrong flags.
Reported-by: Jonathan Cameron <jic23@cam.ac.uk>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Cc: Barry Song <Barry.Song@analog.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/iio/accel/adis16220_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/iio/accel/adis16220_core.c
+++ b/drivers/staging/iio/accel/adis16220_core.c
@@ -506,7 +506,7 @@ static IIO_DEVICE_ATTR(reset, S_IWUSR, N
adis16220_write_reset, 0);
#define IIO_DEV_ATTR_CAPTURE(_store) \
- IIO_DEVICE_ATTR(capture, S_IRUSR, NULL, _store, 0)
+ IIO_DEVICE_ATTR(capture, S_IWUSR, NULL, _store, 0)
static IIO_DEV_ATTR_CAPTURE(adis16220_write_capture);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [250/289] Staging: samsung-laptop: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (249 preceding siblings ...)
2010-12-08 1:00 ` [249/289] Staging: iio: adis16220: fix up my fixup for " Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [251/289] Staging: samsung-laptop: fix up my fixup for " Greg KH
` (35 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 90c05b97fdec8d2196e420d98f774bab731af7aa upstream.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/samsung-laptop/samsung-laptop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/samsung-laptop/samsung-laptop.c
+++ b/drivers/staging/samsung-laptop/samsung-laptop.c
@@ -356,7 +356,7 @@ static ssize_t set_silent_state(struct d
}
return count;
}
-static DEVICE_ATTR(silent, S_IWUGO | S_IRUGO,
+static DEVICE_ATTR(silent, S_IRUSR | S_IRUGO,
get_silent_state, set_silent_state);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [251/289] Staging: samsung-laptop: fix up my fixup for some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (250 preceding siblings ...)
2010-12-08 1:00 ` [250/289] Staging: samsung-laptop: fix up " Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [252/289] Staging: frontier: fix up " Greg KH
` (34 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 4d7bc388b44e42a1feafa35e50eef4f24d6ca59d upstream.
They should be writable by root, not readable.
Doh, stupid me with the wrong flags.
Reported-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/samsung-laptop/samsung-laptop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/samsung-laptop/samsung-laptop.c
+++ b/drivers/staging/samsung-laptop/samsung-laptop.c
@@ -356,7 +356,7 @@ static ssize_t set_silent_state(struct d
}
return count;
}
-static DEVICE_ATTR(silent, S_IRUSR | S_IRUGO,
+static DEVICE_ATTR(silent, S_IWUSR | S_IRUGO,
get_silent_state, set_silent_state);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [252/289] Staging: frontier: fix up some sysfs attribute permissions
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (251 preceding siblings ...)
2010-12-08 1:00 ` [251/289] Staging: samsung-laptop: fix up my fixup for " Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [253/289] staging: rtl8187se: Change panic to warn when RF switch turned off Greg KH
` (33 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, David Taht
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Greg Kroah-Hartman <gregkh@suse.de>
commit 3bad28ec006ad6ab2bca4e5103860b75391e3c9d and
2a767fda5d0d8dcff465724dfad6ee131489b3f2 upstream merged together.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: David Taht <d@teklibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/frontier/tranzport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/frontier/tranzport.c
+++ b/drivers/staging/frontier/tranzport.c
@@ -204,7 +204,7 @@ static void usb_tranzport_abort_transfer
t->value = temp; \
return count; \
} \
- static DEVICE_ATTR(value, S_IWUGO | S_IRUGO, show_##value, set_##value);
+ static DEVICE_ATTR(value, S_IWUSR | S_IRUGO, show_##value, set_##value);
show_int(enable);
show_int(offline);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [253/289] staging: rtl8187se: Change panic to warn when RF switch turned off
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (252 preceding siblings ...)
2010-12-08 1:00 ` [252/289] Staging: frontier: fix up " Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [254/289] Staging: batman-adv: ensure that eth_type_trans gets linear memory Greg KH
` (32 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Larry Finger
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Larry Finger <Larry.Finger@lwfinger.net>
commit f36d83a8cb7224f45fdfa1129a616dff56479a09 upstream.
This driver issues a kernel panic over conditions that do not
justify such drastic action. Change these to log entries with
a stack dump.
This patch fixes the system crash reported in
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/674285.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-and-Tested-by: Robie Basik <rb-oss-3@justgohome.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/rtl8187se/r8185b_init.c | 32 +++++++++++++++++++++++---------
1 file changed, 23 insertions(+), 9 deletions(-)
--- a/drivers/staging/rtl8187se/r8185b_init.c
+++ b/drivers/staging/rtl8187se/r8185b_init.c
@@ -268,8 +268,12 @@ HwHSSIThreeWire(
}
udelay(10);
}
- if (TryCnt == TC_3W_POLL_MAX_TRY_CNT)
- panic("HwThreeWire(): CmdReg: %#X RE|WE bits are not clear!!\n", u1bTmp);
+ if (TryCnt == TC_3W_POLL_MAX_TRY_CNT) {
+ printk(KERN_ERR "rtl8187se: HwThreeWire(): CmdReg:"
+ " %#X RE|WE bits are not clear!!\n", u1bTmp);
+ dump_stack();
+ return 0;
+ }
// RTL8187S HSSI Read/Write Function
u1bTmp = read_nic_byte(dev, RF_SW_CONFIG);
@@ -309,13 +313,23 @@ HwHSSIThreeWire(
int idx;
int ByteCnt = nDataBufBitCnt / 8;
//printk("%d\n",nDataBufBitCnt);
- if ((nDataBufBitCnt % 8) != 0)
- panic("HwThreeWire(): nDataBufBitCnt(%d) should be multiple of 8!!!\n",
- nDataBufBitCnt);
-
- if (nDataBufBitCnt > 64)
- panic("HwThreeWire(): nDataBufBitCnt(%d) should <= 64!!!\n",
- nDataBufBitCnt);
+ if ((nDataBufBitCnt % 8) != 0) {
+ printk(KERN_ERR "rtl8187se: "
+ "HwThreeWire(): nDataBufBitCnt(%d)"
+ " should be multiple of 8!!!\n",
+ nDataBufBitCnt);
+ dump_stack();
+ nDataBufBitCnt += 8;
+ nDataBufBitCnt &= ~7;
+ }
+
+ if (nDataBufBitCnt > 64) {
+ printk(KERN_ERR "rtl8187se: HwThreeWire():"
+ " nDataBufBitCnt(%d) should <= 64!!!\n",
+ nDataBufBitCnt);
+ dump_stack();
+ nDataBufBitCnt = 64;
+ }
for(idx = 0; idx < ByteCnt; idx++)
{
^ permalink raw reply [flat|nested] 288+ messages in thread
* [254/289] Staging: batman-adv: ensure that eth_type_trans gets linear memory
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (253 preceding siblings ...)
2010-12-08 1:00 ` [253/289] staging: rtl8187se: Change panic to warn when RF switch turned off Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [255/289] perf: Fix inherit vs. context rotation bug Greg KH
` (31 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Marek Lindner, Sven Eckelmann
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Marek Lindner <lindner_marek@yahoo.de>
commit b6faaae1a15a352d68b3e3cd8b840e56709820bf upstream.
eth_type_trans tries to pull data with the length of the ethernet header
from the skb. We only ensured that enough data for the first ethernet
header and the batman header is available in non-paged memory of the skb
and not for the ethernet after the batman header.
eth_type_trans would fail sometimes with drivers which don't ensure that
all there data is perfectly linearised.
The failure was noticed through a kernel bug Oops generated by the
skb_pull inside eth_type_trans.
Reported-by: Rafal Lesniak <lesniak@eresi-project.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/staging/batman-adv/soft-interface.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/staging/batman-adv/soft-interface.c
+++ b/drivers/staging/batman-adv/soft-interface.c
@@ -246,6 +246,10 @@ void interface_rx(struct sk_buff *skb, i
skb_pull_rcsum(skb, hdr_size);
/* skb_set_mac_header(skb, -sizeof(struct ethhdr));*/
+ if (unlikely(!pskb_may_pull(skb, ETH_HLEN))) {
+ kfree_skb(skb);
+ return;
+ }
skb->dev = dev;
skb->protocol = eth_type_trans(skb, dev);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [255/289] perf: Fix inherit vs. context rotation bug
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (254 preceding siblings ...)
2010-12-08 1:00 ` [254/289] Staging: batman-adv: ensure that eth_type_trans gets linear memory Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [256/289] ARM: 6456/1: Fix for building DEBUG with sa11xx_base.c as a module Greg KH
` (30 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Thomas Gleixner,
Peter Zijlstra, Ingo Molnar
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit dddd3379a619a4cb8247bfd3c94ca9ae3797aa2e upstream.
It was found that sometimes children of tasks with inherited events had
one extra event. Eventually it turned out to be due to the list rotation
no being exclusive with the list iteration in the inheritance code.
Cure this by temporarily disabling the rotation while we inherit the events.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <new-submission>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/perf_event.h | 1 +
kernel/perf_event.c | 22 ++++++++++++++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -788,6 +788,7 @@ struct perf_event_context {
int nr_active;
int is_active;
int nr_stat;
+ int rotate_disable;
atomic_t refcount;
struct task_struct *task;
--- a/kernel/perf_event.c
+++ b/kernel/perf_event.c
@@ -1620,8 +1620,12 @@ static void rotate_ctx(struct perf_event
{
raw_spin_lock(&ctx->lock);
- /* Rotate the first entry last of non-pinned groups */
- list_rotate_left(&ctx->flexible_groups);
+ /*
+ * Rotate the first entry last of non-pinned groups. Rotation might be
+ * disabled by the inheritance code.
+ */
+ if (!ctx->rotate_disable)
+ list_rotate_left(&ctx->flexible_groups);
raw_spin_unlock(&ctx->lock);
}
@@ -5622,6 +5626,7 @@ int perf_event_init_task(struct task_str
struct perf_event *event;
struct task_struct *parent = current;
int inherited_all = 1;
+ unsigned long flags;
int ret = 0;
child->perf_event_ctxp = NULL;
@@ -5662,6 +5667,15 @@ int perf_event_init_task(struct task_str
break;
}
+ /*
+ * We can't hold ctx->lock when iterating the ->flexible_group list due
+ * to allocations, but we need to prevent rotation because
+ * rotate_ctx() will change the list from interrupt context.
+ */
+ raw_spin_lock_irqsave(&parent_ctx->lock, flags);
+ parent_ctx->rotate_disable = 1;
+ raw_spin_unlock_irqrestore(&parent_ctx->lock, flags);
+
list_for_each_entry(event, &parent_ctx->flexible_groups, group_entry) {
ret = inherit_task_group(event, parent, parent_ctx, child,
&inherited_all);
@@ -5669,6 +5683,10 @@ int perf_event_init_task(struct task_str
break;
}
+ raw_spin_lock_irqsave(&parent_ctx->lock, flags);
+ parent_ctx->rotate_disable = 0;
+ raw_spin_unlock_irqrestore(&parent_ctx->lock, flags);
+
child_ctx = child->perf_event_ctxp;
if (child_ctx && inherited_all) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [256/289] ARM: 6456/1: Fix for building DEBUG with sa11xx_base.c as a module.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (255 preceding siblings ...)
2010-12-08 1:00 ` [255/289] perf: Fix inherit vs. context rotation bug Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [257/289] ARM: cns3xxx: Fix build with CONFIG_PCI=y Greg KH
` (29 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Marcelo Roberto Jimenez,
Russell King
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Marcelo Roberto Jimenez <mroberto@cpti.cetuc.puc-rio.br>
commit b9f515e3e3861abbaa093359f7c6f31283695228 upstream.
This patch fixes a compilation issue when compiling PCMCIA SA1100
support as a module with PCMCIA_DEBUG enabled. The symbol
soc_pcmcia_debug was not beeing exported.
ARM: pcmcia: Fix for building DEBUG with sa11xx_base.c as a module.
This patch fixes a compilation issue when compiling PCMCIA SA1100
support as a module with PCMCIA_DEBUG enabled. The symbol
soc_pcmcia_debug was not beeing exported.
Signed-off-by: Marcelo Roberto Jimenez <mroberto@cpti.cetuc.puc-rio.br>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/pcmcia/soc_common.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/pcmcia/soc_common.c
+++ b/drivers/pcmcia/soc_common.c
@@ -65,6 +65,7 @@ void soc_pcmcia_debug(struct soc_pcmcia_
va_end(args);
}
}
+EXPORT_SYMBOL(soc_pcmcia_debug);
#endif
^ permalink raw reply [flat|nested] 288+ messages in thread
* [257/289] ARM: cns3xxx: Fix build with CONFIG_PCI=y
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (256 preceding siblings ...)
2010-12-08 1:00 ` [256/289] ARM: 6456/1: Fix for building DEBUG with sa11xx_base.c as a module Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [258/289] PM / Hibernate: Fix memory corruption related to swap Greg KH
` (28 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Anton Vorontsov
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Anton Vorontsov <cbouatmailru@gmail.com>
commit 44266416f786514ec43a0d15ad951c34566b99c9 upstream.
commit 6338a6aa7c082f11d55712251e14178c68bf5869 ("ARM: 6269/1: Add 'code'
parameter for hook_fault_code()") breaks CNS3xxx build:
CC arch/arm/mach-cns3xxx/pcie.o
pcie.c: In function 'cns3xxx_pcie_init':
pcie.c:373: warning: passing argument 4 of 'hook_fault_code' makes integer from pointer without a cast
pcie.c:373: error: too few arguments to function 'hook_fault_code'
This commit fixes the small issue.
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/arm/mach-cns3xxx/pcie.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/mach-cns3xxx/pcie.c
+++ b/arch/arm/mach-cns3xxx/pcie.c
@@ -369,7 +369,7 @@ static int __init cns3xxx_pcie_init(void
{
int i;
- hook_fault_code(16 + 6, cns3xxx_pcie_abort_handler, SIGBUS,
+ hook_fault_code(16 + 6, cns3xxx_pcie_abort_handler, SIGBUS, 0,
"imprecise external abort");
for (i = 0; i < ARRAY_SIZE(cns3xxx_pcie); i++) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [258/289] PM / Hibernate: Fix memory corruption related to swap
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (257 preceding siblings ...)
2010-12-08 1:00 ` [257/289] ARM: cns3xxx: Fix build with CONFIG_PCI=y Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [259/289] wmi: use memcmp instead of strncmp to compare GUIDs Greg KH
` (27 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Rafael J. Wysocki, Hugh Dickins
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Rafael J. Wysocki <rjw@sisk.pl>
commit c9e664f1fdf34aa8cede047b206deaa8f1945af0 upstream.
There is a problem that swap pages allocated before the creation of
a hibernation image can be released and used for storing the contents
of different memory pages while the image is being saved. Since the
kernel stored in the image doesn't know of that, it causes memory
corruption to occur after resume from hibernation, especially on
systems with relatively small RAM that need to swap often.
This issue can be addressed by keeping the GFP_IOFS bits clear
in gfp_allowed_mask during the entire hibernation, including the
saving of the image, until the system is finally turned off or
the hibernation is aborted. Unfortunately, for this purpose
it's necessary to rework the way in which the hibernate and
suspend code manipulates gfp_allowed_mask.
This change is based on an earlier patch from Hugh Dickins.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Reported-by: Ondrej Zary <linux@rainbow-software.org>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/gfp.h | 4 ++--
kernel/power/hibernate.c | 22 ++++++++++++----------
kernel/power/suspend.c | 5 ++---
kernel/power/user.c | 2 ++
mm/page_alloc.c | 19 ++++++++++++-------
5 files changed, 30 insertions(+), 22 deletions(-)
--- a/include/linux/gfp.h
+++ b/include/linux/gfp.h
@@ -339,7 +339,7 @@ void drain_local_pages(void *dummy);
extern gfp_t gfp_allowed_mask;
-extern void set_gfp_allowed_mask(gfp_t mask);
-extern gfp_t clear_gfp_allowed_mask(gfp_t mask);
+extern void pm_restrict_gfp_mask(void);
+extern void pm_restore_gfp_mask(void);
#endif /* __LINUX_GFP_H */
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -326,7 +326,6 @@ static int create_image(int platform_mod
int hibernation_snapshot(int platform_mode)
{
int error;
- gfp_t saved_mask;
error = platform_begin(platform_mode);
if (error)
@@ -338,7 +337,7 @@ int hibernation_snapshot(int platform_mo
goto Close;
suspend_console();
- saved_mask = clear_gfp_allowed_mask(GFP_IOFS);
+ pm_restrict_gfp_mask();
error = dpm_suspend_start(PMSG_FREEZE);
if (error)
goto Recover_platform;
@@ -347,7 +346,10 @@ int hibernation_snapshot(int platform_mo
goto Recover_platform;
error = create_image(platform_mode);
- /* Control returns here after successful restore */
+ /*
+ * Control returns here (1) after the image has been created or the
+ * image creation has failed and (2) after a successful restore.
+ */
Resume_devices:
/* We may need to release the preallocated image pages here. */
@@ -356,7 +358,10 @@ int hibernation_snapshot(int platform_mo
dpm_resume_end(in_suspend ?
(error ? PMSG_RECOVER : PMSG_THAW) : PMSG_RESTORE);
- set_gfp_allowed_mask(saved_mask);
+
+ if (error || !in_suspend)
+ pm_restore_gfp_mask();
+
resume_console();
Close:
platform_end(platform_mode);
@@ -451,17 +456,16 @@ static int resume_target_kernel(bool pla
int hibernation_restore(int platform_mode)
{
int error;
- gfp_t saved_mask;
pm_prepare_console();
suspend_console();
- saved_mask = clear_gfp_allowed_mask(GFP_IOFS);
+ pm_restrict_gfp_mask();
error = dpm_suspend_start(PMSG_QUIESCE);
if (!error) {
error = resume_target_kernel(platform_mode);
dpm_resume_end(PMSG_RECOVER);
}
- set_gfp_allowed_mask(saved_mask);
+ pm_restore_gfp_mask();
resume_console();
pm_restore_console();
return error;
@@ -475,7 +479,6 @@ int hibernation_restore(int platform_mod
int hibernation_platform_enter(void)
{
int error;
- gfp_t saved_mask;
if (!hibernation_ops)
return -ENOSYS;
@@ -491,7 +494,6 @@ int hibernation_platform_enter(void)
entering_platform_hibernation = true;
suspend_console();
- saved_mask = clear_gfp_allowed_mask(GFP_IOFS);
error = dpm_suspend_start(PMSG_HIBERNATE);
if (error) {
if (hibernation_ops->recover)
@@ -535,7 +537,6 @@ int hibernation_platform_enter(void)
Resume_devices:
entering_platform_hibernation = false;
dpm_resume_end(PMSG_RESTORE);
- set_gfp_allowed_mask(saved_mask);
resume_console();
Close:
@@ -643,6 +644,7 @@ int hibernate(void)
swsusp_free();
if (!error)
power_down();
+ pm_restore_gfp_mask();
} else {
pr_debug("PM: Image restored successfully.\n");
}
--- a/kernel/power/suspend.c
+++ b/kernel/power/suspend.c
@@ -197,7 +197,6 @@ static int suspend_enter(suspend_state_t
int suspend_devices_and_enter(suspend_state_t state)
{
int error;
- gfp_t saved_mask;
if (!suspend_ops)
return -ENOSYS;
@@ -208,7 +207,7 @@ int suspend_devices_and_enter(suspend_st
goto Close;
}
suspend_console();
- saved_mask = clear_gfp_allowed_mask(GFP_IOFS);
+ pm_restrict_gfp_mask();
suspend_test_start();
error = dpm_suspend_start(PMSG_SUSPEND);
if (error) {
@@ -225,7 +224,7 @@ int suspend_devices_and_enter(suspend_st
suspend_test_start();
dpm_resume_end(PMSG_RESUME);
suspend_test_finish("resume devices");
- set_gfp_allowed_mask(saved_mask);
+ pm_restore_gfp_mask();
resume_console();
Close:
if (suspend_ops->end)
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -263,6 +263,7 @@ static long snapshot_ioctl(struct file *
case SNAPSHOT_UNFREEZE:
if (!data->frozen || data->ready)
break;
+ pm_restore_gfp_mask();
thaw_processes();
usermodehelper_enable();
data->frozen = 0;
@@ -275,6 +276,7 @@ static long snapshot_ioctl(struct file *
error = -EPERM;
break;
}
+ pm_restore_gfp_mask();
error = hibernation_snapshot(data->platform_support);
if (!error)
error = put_user(in_suspend, (int __user *)arg);
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -103,19 +103,24 @@ gfp_t gfp_allowed_mask __read_mostly = G
* only be modified with pm_mutex held, unless the suspend/hibernate code is
* guaranteed not to run in parallel with that modification).
*/
-void set_gfp_allowed_mask(gfp_t mask)
+
+static gfp_t saved_gfp_mask;
+
+void pm_restore_gfp_mask(void)
{
WARN_ON(!mutex_is_locked(&pm_mutex));
- gfp_allowed_mask = mask;
+ if (saved_gfp_mask) {
+ gfp_allowed_mask = saved_gfp_mask;
+ saved_gfp_mask = 0;
+ }
}
-gfp_t clear_gfp_allowed_mask(gfp_t mask)
+void pm_restrict_gfp_mask(void)
{
- gfp_t ret = gfp_allowed_mask;
-
WARN_ON(!mutex_is_locked(&pm_mutex));
- gfp_allowed_mask &= ~mask;
- return ret;
+ WARN_ON(saved_gfp_mask);
+ saved_gfp_mask = gfp_allowed_mask;
+ gfp_allowed_mask &= ~GFP_IOFS;
}
#endif /* CONFIG_PM_SLEEP */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [259/289] wmi: use memcmp instead of strncmp to compare GUIDs
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (258 preceding siblings ...)
2010-12-08 1:00 ` [258/289] PM / Hibernate: Fix memory corruption related to swap Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [260/289] [S390] nohz/s390: fix arch_needs_cpu() return value on offline cpus Greg KH
` (26 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan,
Thadeu Lima de Souza Cascardo, Matthew Garrett
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
commit 8b14d7b22c61f17ccb869e0047d9df6dd9f50a9f upstream.
While looking for the duplicates in /sys/class/wmi/, I couldn't find
them. The code that looks for duplicates uses strncmp in a binary GUID,
which may contain zero bytes. The right function is memcmp, which is
also used in another section of wmi code.
It was finding 49142400-C6A3-40FA-BADB-8A2652834100 as a duplicate of
39142400-C6A3-40FA-BADB-8A2652834100. Since the first byte is the fourth
printed, they were found as equal by strncmp.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/platform/x86/wmi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/platform/x86/wmi.c
+++ b/drivers/platform/x86/wmi.c
@@ -801,7 +801,7 @@ static bool guid_already_parsed(const ch
wblock = list_entry(p, struct wmi_block, list);
gblock = &wblock->gblock;
- if (strncmp(gblock->guid, guid_string, 16) == 0)
+ if (memcmp(gblock->guid, guid_string, 16) == 0)
return true;
}
return false;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [260/289] [S390] nohz/s390: fix arch_needs_cpu() return value on offline cpus
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (259 preceding siblings ...)
2010-12-08 1:00 ` [259/289] wmi: use memcmp instead of strncmp to compare GUIDs Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [261/289] genirq: Fix incorrect proc spurious output Greg KH
` (25 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Peter Zijlstra,
Heiko Carstens, Martin Schwidefsky
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Heiko Carstens <heiko.carstens@de.ibm.com>
commit 398812159e328478ae49b4bd01f0d71efea96c39 upstream.
This fixes the same problem as described in the patch "nohz: fix
printk_needs_cpu() return value on offline cpus" for the arch_needs_cpu()
primitive:
arch_needs_cpu() may return 1 if called on offline cpus. When a cpu gets
offlined it schedules the idle process which, before killing its own cpu,
will call tick_nohz_stop_sched_tick().
That function in turn will call arch_needs_cpu() in order to check if the
local tick can be disabled. On offline cpus this function should naturally
return 0 since regardless if the tick gets disabled or not the cpu will be
dead short after. That is besides the fact that __cpu_disable() should already
have made sure that no interrupts on the offlined cpu will be delivered anyway.
In this case it prevents tick_nohz_stop_sched_tick() to call
select_nohz_load_balancer(). No idea if that really is a problem. However what
made me debug this is that on 2.6.32 the function get_nohz_load_balancer() is
used within __mod_timer() to select a cpu on which a timer gets enqueued.
If arch_needs_cpu() returns 1 then the nohz_load_balancer cpu doesn't get
updated when a cpu gets offlined. It may contain the cpu number of an offline
cpu. In turn timers get enqueued on an offline cpu and not very surprisingly
they never expire and cause system hangs.
This has been observed 2.6.32 kernels. On current kernels __mod_timer() uses
get_nohz_timer_target() which doesn't have that problem. However there might
be other problems because of the too early exit tick_nohz_stop_sched_tick()
in case a cpu goes offline.
This specific bug was indrocuded with 3c5d92a0 "nohz: Introduce
arch_needs_cpu".
In this case a cpu hotplug notifier is used to fix the issue in order to keep
the normal/fast path small. All we need to do is to clear the condition that
makes arch_needs_cpu() return 1 since it is just a performance improvement
which is supposed to keep the local tick running for a short period if a cpu
goes idle. Nothing special needs to be done except for clearing the condition.
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/s390/kernel/vtime.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/arch/s390/kernel/vtime.c
+++ b/arch/s390/kernel/vtime.c
@@ -19,6 +19,7 @@
#include <linux/kernel_stat.h>
#include <linux/rcupdate.h>
#include <linux/posix-timers.h>
+#include <linux/cpu.h>
#include <asm/s390_ext.h>
#include <asm/timer.h>
@@ -565,6 +566,23 @@ void init_cpu_vtimer(void)
__ctl_set_bit(0,10);
}
+static int __cpuinit s390_nohz_notify(struct notifier_block *self,
+ unsigned long action, void *hcpu)
+{
+ struct s390_idle_data *idle;
+ long cpu = (long) hcpu;
+
+ idle = &per_cpu(s390_idle, cpu);
+ switch (action) {
+ case CPU_DYING:
+ case CPU_DYING_FROZEN:
+ idle->nohz_delay = 0;
+ default:
+ break;
+ }
+ return NOTIFY_OK;
+}
+
void __init vtime_init(void)
{
/* request the cpu timer external interrupt */
@@ -573,5 +591,6 @@ void __init vtime_init(void)
/* Enable cpu timer interrupts on the boot cpu. */
init_cpu_vtimer();
+ cpu_notifier(s390_nohz_notify, 0);
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [261/289] genirq: Fix incorrect proc spurious output
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (260 preceding siblings ...)
2010-12-08 1:00 ` [260/289] [S390] nohz/s390: fix arch_needs_cpu() return value on offline cpus Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [262/289] net: Truncate recvfrom and sendto length to INT_MAX Greg KH
` (24 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Kenji Kaneshige, Thomas Gleixner
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
commit 25c9170ed64a6551beefe9315882f754e14486f4 upstream.
Since commit a1afb637(switch /proc/irq/*/spurious to seq_file) all
/proc/irq/XX/spurious files show the information of irq 0.
Current irq_spurious_proc_open() passes on NULL as the 3rd argument,
which is used as an IRQ number in irq_spurious_proc_show(), to the
single_open(). Because of this, all the /proc/irq/XX/spurious file
shows IRQ 0 information regardless of the IRQ number.
To fix the problem, irq_spurious_proc_open() must pass on the
appropreate data (IRQ number) to single_open().
Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Reviewed-by: Yong Zhang <yong.zhang0@gmail.com>
LKML-Reference: <4CF4B778.90604@jp.fujitsu.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
kernel/irq/proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/irq/proc.c
+++ b/kernel/irq/proc.c
@@ -214,7 +214,7 @@ static int irq_spurious_proc_show(struct
static int irq_spurious_proc_open(struct inode *inode, struct file *file)
{
- return single_open(file, irq_spurious_proc_show, NULL);
+ return single_open(file, irq_spurious_proc_show, PDE(inode)->data);
}
static const struct file_operations irq_spurious_proc_fops = {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [262/289] net: Truncate recvfrom and sendto length to INT_MAX.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (261 preceding siblings ...)
2010-12-08 1:00 ` [261/289] genirq: Fix incorrect proc spurious output Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [263/289] net: Limit socket I/O iovec total " Greg KH
` (23 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Linus Torvalds <torvalds@linux-foundation.org>
commit 253eacc070b114c2ec1f81b067d2fed7305467b0 upstream.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/socket.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/socket.c
+++ b/net/socket.c
@@ -1651,6 +1651,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __
struct iovec iov;
int fput_needed;
+ if (len > INT_MAX)
+ len = INT_MAX;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
@@ -1708,6 +1710,8 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void
int err, err2;
int fput_needed;
+ if (size > INT_MAX)
+ size = INT_MAX;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [263/289] net: Limit socket I/O iovec total length to INT_MAX.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (262 preceding siblings ...)
2010-12-08 1:00 ` [262/289] net: Truncate recvfrom and sendto length to INT_MAX Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [264/289] Input: i8042 - add Sony VAIO VPCZ122GX to nomux list Greg KH
` (22 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: David S. Miller <davem@davemloft.net>
commit 8acfe468b0384e834a303f08ebc4953d72fb690a upstream.
This helps protect us from overflow issues down in the
individual protocol sendmsg/recvmsg handlers. Once
we hit INT_MAX we truncate out the rest of the iovec
by setting the iov_len members to zero.
This works because:
1) For SOCK_STREAM and SOCK_SEQPACKET sockets, partial
writes are allowed and the application will just continue
with another write to send the rest of the data.
2) For datagram oriented sockets, where there must be a
one-to-one correspondance between write() calls and
packets on the wire, INT_MAX is going to be far larger
than the packet size limit the protocol is going to
check for and signal with -EMSGSIZE.
Based upon a patch by Linus Torvalds.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/socket.h | 2 +-
net/compat.c | 10 ++++++----
net/core/iovec.c | 20 +++++++++-----------
3 files changed, 16 insertions(+), 16 deletions(-)
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -322,7 +322,7 @@ extern int csum_partial_copy_fromiovecen
int offset,
unsigned int len, __wsum *csump);
-extern long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode);
+extern int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode);
extern int memcpy_toiovec(struct iovec *v, unsigned char *kdata, int len);
extern int memcpy_toiovecend(const struct iovec *v, unsigned char *kdata,
int offset, int len);
--- a/net/compat.c
+++ b/net/compat.c
@@ -41,10 +41,12 @@ static inline int iov_from_user_compat_t
compat_size_t len;
if (get_user(len, &uiov32->iov_len) ||
- get_user(buf, &uiov32->iov_base)) {
- tot_len = -EFAULT;
- break;
- }
+ get_user(buf, &uiov32->iov_base))
+ return -EFAULT;
+
+ if (len > INT_MAX - tot_len)
+ len = INT_MAX - tot_len;
+
tot_len += len;
kiov->iov_base = compat_ptr(buf);
kiov->iov_len = (__kernel_size_t) len;
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -35,10 +35,9 @@
* in any case.
*/
-long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
+int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
{
- int size, ct;
- long err;
+ int size, ct, err;
if (m->msg_namelen) {
if (mode == VERIFY_READ) {
@@ -60,14 +59,13 @@ long verify_iovec(struct msghdr *m, stru
err = 0;
for (ct = 0; ct < m->msg_iovlen; ct++) {
- err += iov[ct].iov_len;
- /*
- * Goal is not to verify user data, but to prevent returning
- * negative value, which is interpreted as errno.
- * Overflow is still possible, but it is harmless.
- */
- if (err < 0)
- return -EMSGSIZE;
+ size_t len = iov[ct].iov_len;
+
+ if (len > INT_MAX - err) {
+ len = INT_MAX - err;
+ iov[ct].iov_len = len;
+ }
+ err += len;
}
return err;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [264/289] Input: i8042 - add Sony VAIO VPCZ122GX to nomux list
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (263 preceding siblings ...)
2010-12-08 1:00 ` [263/289] net: Limit socket I/O iovec total " Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [265/289] omap: dma: Fix buffering disable bit setting for omap24xx Greg KH
` (21 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Dmitry Torokhov
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[Note that the mainline will not have this particular fix but rather
will blacklist entire VAIO line based off DMI board name. For stable
I am being a bit more cautious and blacklist one particular product.]
Trying to query/activate active multiplexing mode on this VAIO makes
both keyboard and touchpad inoperable. Futher kernels will blacklist
entire VAIO line, however here we blacklist just one particular model.
Reported-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/input/serio/i8042-x86ia64io.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -333,6 +333,13 @@ static const struct dmi_system_id __init
},
},
{
+ /* Sony Vaio VPCZ122GX */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "VPCZ122GX"),
+ },
+ },
+ {
/* Sony Vaio FS-115b */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
^ permalink raw reply [flat|nested] 288+ messages in thread
* [265/289] omap: dma: Fix buffering disable bit setting for omap24xx
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (264 preceding siblings ...)
2010-12-08 1:00 ` [264/289] Input: i8042 - add Sony VAIO VPCZ122GX to nomux list Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [266/289] OMAP3: DMA: Errata i541: sDMA FIFO draining does not finish Greg KH
` (20 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Jarkko Nikula,
Peter Ujfalusi, Manjunath Kondaiah G, Tony Lindgren
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jarkko Nikula <jhnikula@gmail.com>
commit 3e57f1626b5febe5cc99aa6870377deef3ae03cc upstream.
An errata workaround for omap24xx is not setting the buffering disable bit
25 what is the purpose but channel enable bit 7 instead.
Background for this fix is the DMA stalling issue with ASoC omap-mcbsp
driver. Peter Ujfalusi <peter.ujfalusi@nokia.com> has found an issue in
recording that the DMA stall could happen if there were a buffer overrun
detected by ALSA and the DMA was stopped and restarted due that. This
problem is known to occur on both OMAP2420 and OMAP3. It can recover on
OMAP3 after dma free, dma request and reconfiguration cycle. However, on
OMAP2420 it seems that only way to recover is a reset.
Problem was not visible before the commit c12abc0. That commit changed that
the McBSP transmitter/receiver is released from reset only when needed. That
is, only enabled McBSP transmitter without transmission was able to prevent
this DMA stall problem in receiving side and underlying problem did not show
up until now. McBSP transmitter itself seems to no be reason since DMA
stall does not recover by enabling the transmission after stall.
Debugging showed that there were a DMA write active during DMA stop time and
it never completed even when restarting the DMA. Experimenting showed that
the DMA buffering disable bit could be used to avoid stalling when using
source synchronized transfers. However that could have performance hit and
OMAP3 TRM states that buffering disable is not allowed for destination
synchronized transfers so subsequent patch will implement a method to
complete DMA writes when stopping.
This patch is based on assumtion that complete lock-up on OMAP2420 is
different but related problem. I don't have access to OMAP2420 errata but
I believe this old workaround here is put for a reason but unfortunately
a wrong bit was typed and problem showed up only now.
Signed-off-by: Jarkko Nikula <jhnikula@gmail.com>
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@nokia.com>
Acked-by: Manjunath Kondaiah G <manjugk@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/arm/plat-omap/dma.c | 14 ++++++++++----
arch/arm/plat-omap/include/plat/dma.h | 1 +
2 files changed, 11 insertions(+), 4 deletions(-)
--- a/arch/arm/plat-omap/dma.c
+++ b/arch/arm/plat-omap/dma.c
@@ -996,11 +996,17 @@ void omap_start_dma(int lch)
l = dma_read(CCR(lch));
/*
- * Errata: On ES2.0 BUFFERING disable must be set.
- * This will always fail on ES1.0
+ * Errata: Inter Frame DMA buffering issue (All OMAP2420 and
+ * OMAP2430ES1.0): DMA will wrongly buffer elements if packing and
+ * bursting is enabled. This might result in data gets stalled in
+ * FIFO at the end of the block.
+ * Workaround: DMA channels must have BUFFERING_DISABLED bit set to
+ * guarantee no data will stay in the DMA FIFO in case inter frame
+ * buffering occurs.
*/
- if (cpu_is_omap24xx())
- l |= OMAP_DMA_CCR_EN;
+ if (cpu_is_omap2420() ||
+ (cpu_is_omap2430() && (omap_type() == OMAP2430_REV_ES1_0)))
+ l |= OMAP_DMA_CCR_BUFFERING_DISABLE;
l |= OMAP_DMA_CCR_EN;
dma_write(l, CCR(lch));
--- a/arch/arm/plat-omap/include/plat/dma.h
+++ b/arch/arm/plat-omap/include/plat/dma.h
@@ -335,6 +335,7 @@
#define OMAP2_DMA_MISALIGNED_ERR_IRQ (1 << 11)
#define OMAP_DMA_CCR_EN (1 << 7)
+#define OMAP_DMA_CCR_BUFFERING_DISABLE (1 << 25)
#define OMAP_DMA_DATA_TYPE_S8 0x00
#define OMAP_DMA_DATA_TYPE_S16 0x01
^ permalink raw reply [flat|nested] 288+ messages in thread
* [266/289] OMAP3: DMA: Errata i541: sDMA FIFO draining does not finish
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (265 preceding siblings ...)
2010-12-08 1:00 ` [265/289] omap: dma: Fix buffering disable bit setting for omap24xx Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [267/289] memory corruption in X.25 facilities parsing Greg KH
` (19 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Peter Ujfalusi,
Jarkko Nikula, Tony Lindgren
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Peter Ujfalusi <peter.ujfalusi@nokia.com>
commit 0e4905c0199d683497833be60a428c784d7575b8 upstream.
Implement the suggested workaround for OMAP3 regarding to sDMA draining
issue, when the channel is disabled on the fly.
This errata affects the following configuration:
sDMA transfer is source synchronized
Buffering is enabled
SmartStandby is selected.
The issue can be easily reproduced by creating overrun situation while
recording audio.
Either introduce load to the CPU:
nice -19 arecord -D hw:0 -M -B 10000 -F 5000 -f dat > /dev/null & \
dd if=/dev/urandom of=/dev/null
or suspending the arecord, and resuming it:
arecord -D hw:0 -M -B 10000 -F 5000 -f dat > /dev/null
CTRL+Z; fg; CTRL+Z; fg; ...
In case of overrun audio stops DMA, and restarts it (without reseting
the sDMA channel). When we hit this errata in stop case (sDMA drain did
not complete), at the coming start the sDMA will not going to be
operational (it is still draining).
This leads to DMA stall condition.
On OMAP3 we can recover with sDMA channel reset, it has been observed
that by introducing unrelated sDMA activity might also help (reading
from MMC for example).
The same errata exists for OMAP2, where the suggestion is to disable the
buffering to avoid this type of error.
On OMAP3 the suggestion is to set sDMA to NoStandby before disabling
the channel, and wait for the drain to finish, than configure sDMA to
SmartStandby again.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@nokia.com>
Acked-by: Jarkko Nikula <jhnikula@gmail.com>
Acked-by : Santosh Shilimkar <santosh.shilimkar@ti.com>
Acked-by : Manjunath Kondaiah G <manjugk@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/arm/plat-omap/dma.c | 36 ++++++++++++++++++++++++++++++++--
arch/arm/plat-omap/include/plat/dma.h | 3 ++
2 files changed, 37 insertions(+), 2 deletions(-)
--- a/arch/arm/plat-omap/dma.c
+++ b/arch/arm/plat-omap/dma.c
@@ -30,6 +30,7 @@
#include <linux/irq.h>
#include <linux/io.h>
#include <linux/slab.h>
+#include <linux/delay.h>
#include <asm/system.h>
#include <mach/hardware.h>
@@ -1024,8 +1025,39 @@ void omap_stop_dma(int lch)
dma_write(0, CICR(lch));
l = dma_read(CCR(lch));
- l &= ~OMAP_DMA_CCR_EN;
- dma_write(l, CCR(lch));
+ /* OMAP3 Errata i541: sDMA FIFO draining does not finish */
+ if (cpu_is_omap34xx() && (l & OMAP_DMA_CCR_SEL_SRC_DST_SYNC)) {
+ int i = 0;
+ u32 sys_cf;
+
+ /* Configure No-Standby */
+ l = dma_read(OCP_SYSCONFIG);
+ sys_cf = l;
+ l &= ~DMA_SYSCONFIG_MIDLEMODE_MASK;
+ l |= DMA_SYSCONFIG_MIDLEMODE(DMA_IDLEMODE_NO_IDLE);
+ dma_write(l , OCP_SYSCONFIG);
+
+ l = dma_read(CCR(lch));
+ l &= ~OMAP_DMA_CCR_EN;
+ dma_write(l, CCR(lch));
+
+ /* Wait for sDMA FIFO drain */
+ l = dma_read(CCR(lch));
+ while (i < 100 && (l & (OMAP_DMA_CCR_RD_ACTIVE |
+ OMAP_DMA_CCR_WR_ACTIVE))) {
+ udelay(5);
+ i++;
+ l = dma_read(CCR(lch));
+ }
+ if (i >= 100)
+ printk(KERN_ERR "DMA drain did not complete on "
+ "lch %d\n", lch);
+ /* Restore OCP_SYSCONFIG */
+ dma_write(sys_cf, OCP_SYSCONFIG);
+ } else {
+ l &= ~OMAP_DMA_CCR_EN;
+ dma_write(l, CCR(lch));
+ }
if (!omap_dma_in_1510_mode() && dma_chan[lch].next_lch != -1) {
int next_lch, cur_lch = lch;
--- a/arch/arm/plat-omap/include/plat/dma.h
+++ b/arch/arm/plat-omap/include/plat/dma.h
@@ -335,6 +335,9 @@
#define OMAP2_DMA_MISALIGNED_ERR_IRQ (1 << 11)
#define OMAP_DMA_CCR_EN (1 << 7)
+#define OMAP_DMA_CCR_RD_ACTIVE (1 << 9)
+#define OMAP_DMA_CCR_WR_ACTIVE (1 << 10)
+#define OMAP_DMA_CCR_SEL_SRC_DST_SYNC (1 << 24)
#define OMAP_DMA_CCR_BUFFERING_DISABLE (1 << 25)
#define OMAP_DMA_DATA_TYPE_S8 0x00
^ permalink raw reply [flat|nested] 288+ messages in thread
* [267/289] memory corruption in X.25 facilities parsing
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (266 preceding siblings ...)
2010-12-08 1:00 ` [266/289] OMAP3: DMA: Errata i541: sDMA FIFO draining does not finish Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [268/289] [stable] [PATCH 2.6.36 stable] vlan: Avoid hwaccel vlan packets when vid not used Greg KH
` (18 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: andrew hendry <andrew.hendry@gmail.com>
commit a6331d6f9a4298173b413cf99a40cc86a9d92c37 upstream.
Signed-of-by: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/x25/x25_facilities.c | 8 ++++----
net/x25/x25_in.c | 2 ++
2 files changed, 6 insertions(+), 4 deletions(-)
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -134,15 +134,15 @@ int x25_parse_facilities(struct sk_buff
case X25_FAC_CLASS_D:
switch (*p) {
case X25_FAC_CALLING_AE:
- if (p[1] > X25_MAX_DTE_FACIL_LEN)
- break;
+ if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
+ return 0;
dte_facs->calling_len = p[2];
memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
*vc_fac_mask |= X25_MASK_CALLING_AE;
break;
case X25_FAC_CALLED_AE:
- if (p[1] > X25_MAX_DTE_FACIL_LEN)
- break;
+ if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
+ return 0;
dte_facs->called_len = p[2];
memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
*vc_fac_mask |= X25_MASK_CALLED_AE;
--- a/net/x25/x25_in.c
+++ b/net/x25/x25_in.c
@@ -119,6 +119,8 @@ static int x25_state1_machine(struct soc
&x25->vc_facil_mask);
if (len > 0)
skb_pull(skb, len);
+ else
+ return -1;
/*
* Copy any Call User Data.
*/
^ permalink raw reply [flat|nested] 288+ messages in thread
* [268/289] [stable] [PATCH 2.6.36 stable] vlan: Avoid hwaccel vlan packets when vid not used.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (267 preceding siblings ...)
2010-12-08 1:00 ` [267/289] memory corruption in X.25 facilities parsing Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [269/289] kbuild: use getopt_long(), not its _only() variant Greg KH
` (17 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, netdev, David Miller, Jesse Gross
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jesse Gross <jesse@nicira.com>
[This patch applies only to 2.6.36 stable. The problem was introduced
in that release and is already fixed by larger changes to the vlan
code in 2.6.37.]
Normally hardware accelerated vlan packets are quickly dropped if
there is no corresponding vlan device configured. The one exception
is promiscuous mode, where we allow all of these packets through so
they can be picked up by tcpdump. However, this behavior causes a
crash if we actually try to receive these packets. This fixes that
crash by ignoring packets with vids not corresponding to a configured
device in the vlan hwaccel routines and then dropping them before they
get to consumers in the network stack.
Reported-by: Ben Greear <greearb@candelatech.com>
Tested-by: Nikola Ciprich <extmaillist@linuxbox.cz>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/8021q/vlan_core.c | 3 +++
net/core/dev.c | 13 +++++++++++++
2 files changed, 16 insertions(+)
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -43,6 +43,9 @@ int vlan_hwaccel_do_receive(struct sk_bu
struct net_device *dev = skb->dev;
struct vlan_rx_stats *rx_stats;
+ if (unlikely(!is_vlan_dev(dev)))
+ return 0;
+
skb->dev = vlan_dev_info(dev)->real_dev;
netif_nit_deliver(skb);
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2891,6 +2891,19 @@ static int __netif_receive_skb(struct sk
ncls:
#endif
+ /* If we got this far with a hardware accelerated VLAN tag, it means
+ * that we were put in promiscuous mode but nobody is interested in
+ * this vid. Drop the packet now to prevent it from getting propagated
+ * to other parts of the stack that won't know how to deal with packets
+ * tagged in this manner.
+ */
+ if (unlikely(vlan_tx_tag_present(skb))) {
+ if (pt_prev)
+ ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
+ kfree_skb(skb);
+ goto out;
+ }
+
/* Handle special case of bridge or macvlan */
rx_handler = rcu_dereference(skb->dev->rx_handler);
if (rx_handler) {
^ permalink raw reply [flat|nested] 288+ messages in thread
* [269/289] kbuild: use getopt_long(), not its _only() variant
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (268 preceding siblings ...)
2010-12-08 1:00 ` [268/289] [stable] [PATCH 2.6.36 stable] vlan: Avoid hwaccel vlan packets when vid not used Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [270/289] filter: make sure filters dont read uninitialized memory Greg KH
` (16 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Arnaud Lacombe,
Sam Ravnborg, Michal Marek
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Arnaud Lacombe <lacombar@gmail.com>
commit c94d3fb01fb6db1899cdf53ea4eb9d38e08a08fe upstream.
NetBSD lacks getopt_long_only() whereas getopt_long() works just fine.
Signed-off-by: Arnaud Lacombe <lacombar@gmail.com>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
scripts/kconfig/conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/scripts/kconfig/conf.c
+++ b/scripts/kconfig/conf.c
@@ -466,7 +466,7 @@ int main(int ac, char **av)
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
- while ((opt = getopt_long_only(ac, av, "", long_opts, NULL)) != -1) {
+ while ((opt = getopt_long(ac, av, "", long_opts, NULL)) != -1) {
input_mode = (enum input_mode)opt;
switch (opt) {
case silentoldconfig:
^ permalink raw reply [flat|nested] 288+ messages in thread
* [270/289] filter: make sure filters dont read uninitialized memory
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (269 preceding siblings ...)
2010-12-08 1:00 ` [269/289] kbuild: use getopt_long(), not its _only() variant Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [271/289] can-bcm: fix minor heap overflow Greg KH
` (15 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric Dumazet, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: David S. Miller <davem@davemloft.net>
commit 57fe93b374a6b8711995c2d466c502af9f3a08bb upstream.
There is a possibility malicious users can get limited information about
uninitialized stack mem array. Even if sk_run_filter() result is bound
to packet length (0 .. 65535), we could imagine this can be used by
hostile user.
Initializing mem[] array, like Dan Rosenberg suggested in his patch is
expensive since most filters dont even use this array.
Its hard to make the filter validation in sk_chk_filter(), because of
the jumps. This might be done later.
In this patch, I use a bitmap (a single long var) so that only filters
using mem[] loads/stores pay the price of added security checks.
For other filters, additional cost is a single instruction.
[ Since we access fentry->k a lot now, cache it in a local variable
and mark filter entry pointer as const. -DaveM ]
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/core/filter.c | 64 +++++++++++++++++++++++++++++-------------------------
1 file changed, 35 insertions(+), 29 deletions(-)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -112,39 +112,41 @@ EXPORT_SYMBOL(sk_filter);
*/
unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen)
{
- struct sock_filter *fentry; /* We walk down these */
void *ptr;
u32 A = 0; /* Accumulator */
u32 X = 0; /* Index Register */
u32 mem[BPF_MEMWORDS]; /* Scratch Memory Store */
+ unsigned long memvalid = 0;
u32 tmp;
int k;
int pc;
+ BUILD_BUG_ON(BPF_MEMWORDS > BITS_PER_LONG);
/*
* Process array of filter instructions.
*/
for (pc = 0; pc < flen; pc++) {
- fentry = &filter[pc];
+ const struct sock_filter *fentry = &filter[pc];
+ u32 f_k = fentry->k;
switch (fentry->code) {
case BPF_S_ALU_ADD_X:
A += X;
continue;
case BPF_S_ALU_ADD_K:
- A += fentry->k;
+ A += f_k;
continue;
case BPF_S_ALU_SUB_X:
A -= X;
continue;
case BPF_S_ALU_SUB_K:
- A -= fentry->k;
+ A -= f_k;
continue;
case BPF_S_ALU_MUL_X:
A *= X;
continue;
case BPF_S_ALU_MUL_K:
- A *= fentry->k;
+ A *= f_k;
continue;
case BPF_S_ALU_DIV_X:
if (X == 0)
@@ -152,49 +154,49 @@ unsigned int sk_run_filter(struct sk_buf
A /= X;
continue;
case BPF_S_ALU_DIV_K:
- A /= fentry->k;
+ A /= f_k;
continue;
case BPF_S_ALU_AND_X:
A &= X;
continue;
case BPF_S_ALU_AND_K:
- A &= fentry->k;
+ A &= f_k;
continue;
case BPF_S_ALU_OR_X:
A |= X;
continue;
case BPF_S_ALU_OR_K:
- A |= fentry->k;
+ A |= f_k;
continue;
case BPF_S_ALU_LSH_X:
A <<= X;
continue;
case BPF_S_ALU_LSH_K:
- A <<= fentry->k;
+ A <<= f_k;
continue;
case BPF_S_ALU_RSH_X:
A >>= X;
continue;
case BPF_S_ALU_RSH_K:
- A >>= fentry->k;
+ A >>= f_k;
continue;
case BPF_S_ALU_NEG:
A = -A;
continue;
case BPF_S_JMP_JA:
- pc += fentry->k;
+ pc += f_k;
continue;
case BPF_S_JMP_JGT_K:
- pc += (A > fentry->k) ? fentry->jt : fentry->jf;
+ pc += (A > f_k) ? fentry->jt : fentry->jf;
continue;
case BPF_S_JMP_JGE_K:
- pc += (A >= fentry->k) ? fentry->jt : fentry->jf;
+ pc += (A >= f_k) ? fentry->jt : fentry->jf;
continue;
case BPF_S_JMP_JEQ_K:
- pc += (A == fentry->k) ? fentry->jt : fentry->jf;
+ pc += (A == f_k) ? fentry->jt : fentry->jf;
continue;
case BPF_S_JMP_JSET_K:
- pc += (A & fentry->k) ? fentry->jt : fentry->jf;
+ pc += (A & f_k) ? fentry->jt : fentry->jf;
continue;
case BPF_S_JMP_JGT_X:
pc += (A > X) ? fentry->jt : fentry->jf;
@@ -209,7 +211,7 @@ unsigned int sk_run_filter(struct sk_buf
pc += (A & X) ? fentry->jt : fentry->jf;
continue;
case BPF_S_LD_W_ABS:
- k = fentry->k;
+ k = f_k;
load_w:
ptr = load_pointer(skb, k, 4, &tmp);
if (ptr != NULL) {
@@ -218,7 +220,7 @@ load_w:
}
break;
case BPF_S_LD_H_ABS:
- k = fentry->k;
+ k = f_k;
load_h:
ptr = load_pointer(skb, k, 2, &tmp);
if (ptr != NULL) {
@@ -227,7 +229,7 @@ load_h:
}
break;
case BPF_S_LD_B_ABS:
- k = fentry->k;
+ k = f_k;
load_b:
ptr = load_pointer(skb, k, 1, &tmp);
if (ptr != NULL) {
@@ -242,32 +244,34 @@ load_b:
X = skb->len;
continue;
case BPF_S_LD_W_IND:
- k = X + fentry->k;
+ k = X + f_k;
goto load_w;
case BPF_S_LD_H_IND:
- k = X + fentry->k;
+ k = X + f_k;
goto load_h;
case BPF_S_LD_B_IND:
- k = X + fentry->k;
+ k = X + f_k;
goto load_b;
case BPF_S_LDX_B_MSH:
- ptr = load_pointer(skb, fentry->k, 1, &tmp);
+ ptr = load_pointer(skb, f_k, 1, &tmp);
if (ptr != NULL) {
X = (*(u8 *)ptr & 0xf) << 2;
continue;
}
return 0;
case BPF_S_LD_IMM:
- A = fentry->k;
+ A = f_k;
continue;
case BPF_S_LDX_IMM:
- X = fentry->k;
+ X = f_k;
continue;
case BPF_S_LD_MEM:
- A = mem[fentry->k];
+ A = (memvalid & (1UL << f_k)) ?
+ mem[f_k] : 0;
continue;
case BPF_S_LDX_MEM:
- X = mem[fentry->k];
+ X = (memvalid & (1UL << f_k)) ?
+ mem[f_k] : 0;
continue;
case BPF_S_MISC_TAX:
X = A;
@@ -276,14 +280,16 @@ load_b:
A = X;
continue;
case BPF_S_RET_K:
- return fentry->k;
+ return f_k;
case BPF_S_RET_A:
return A;
case BPF_S_ST:
- mem[fentry->k] = A;
+ memvalid |= 1UL << f_k;
+ mem[f_k] = A;
continue;
case BPF_S_STX:
- mem[fentry->k] = X;
+ memvalid |= 1UL << f_k;
+ mem[f_k] = X;
continue;
default:
WARN_ON(1);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [271/289] can-bcm: fix minor heap overflow
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (270 preceding siblings ...)
2010-12-08 1:00 ` [270/289] filter: make sure filters dont read uninitialized memory Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [272/289] x25: Prevent crashing when parsing bad X.25 facilities Greg KH
` (14 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Oliver Hartkopp, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Oliver Hartkopp <socketcan@hartkopp.net>
commit 0597d1b99fcfc2c0eada09a698f85ed413d4ba84 upstream.
On 64-bit platforms the ASCII representation of a pointer may be up to 17
bytes long. This patch increases the length of the buffer accordingly.
http://marc.info/?l=linux-netdev&m=128872251418192&w=2
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
CC: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/can/bcm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -125,7 +125,7 @@ struct bcm_sock {
struct list_head tx_ops;
unsigned long dropped_usr_msgs;
struct proc_dir_entry *bcm_proc_read;
- char procname [9]; /* pointer printed in ASCII with \0 */
+ char procname [20]; /* pointer printed in ASCII with \0 */
};
static inline struct bcm_sock *bcm_sk(const struct sock *sk)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [272/289] x25: Prevent crashing when parsing bad X.25 facilities
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (271 preceding siblings ...)
2010-12-08 1:00 ` [271/289] can-bcm: fix minor heap overflow Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [273/289] crypto: padlock - Fix AES-CBC handling on odd-block-sized input Greg KH
` (13 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dan Rosenberg, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dan Rosenberg <drosenberg@vsecurity.com>
commit 5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f upstream.
Now with improved comma support.
On parsing malformed X.25 facilities, decrementing the remaining length
may cause it to underflow. Since the length is an unsigned integer,
this will result in the loop continuing until the kernel crashes.
This patch adds checks to ensure decrementing the remaining length does
not cause it to wrap around.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/x25/x25_facilities.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -61,6 +61,8 @@ int x25_parse_facilities(struct sk_buff
while (len > 0) {
switch (*p & X25_FAC_CLASS_MASK) {
case X25_FAC_CLASS_A:
+ if (len < 2)
+ return 0;
switch (*p) {
case X25_FAC_REVERSE:
if((p[1] & 0x81) == 0x81) {
@@ -104,6 +106,8 @@ int x25_parse_facilities(struct sk_buff
len -= 2;
break;
case X25_FAC_CLASS_B:
+ if (len < 3)
+ return 0;
switch (*p) {
case X25_FAC_PACKET_SIZE:
facilities->pacsize_in = p[1];
@@ -125,6 +129,8 @@ int x25_parse_facilities(struct sk_buff
len -= 3;
break;
case X25_FAC_CLASS_C:
+ if (len < 4)
+ return 0;
printk(KERN_DEBUG "X.25: unknown facility %02X, "
"values %02X, %02X, %02X\n",
p[0], p[1], p[2], p[3]);
@@ -132,6 +138,8 @@ int x25_parse_facilities(struct sk_buff
len -= 4;
break;
case X25_FAC_CLASS_D:
+ if (len < p[1] + 2)
+ return 0;
switch (*p) {
case X25_FAC_CALLING_AE:
if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
@@ -149,9 +157,7 @@ int x25_parse_facilities(struct sk_buff
break;
default:
printk(KERN_DEBUG "X.25: unknown facility %02X,"
- "length %d, values %02X, %02X, "
- "%02X, %02X\n",
- p[0], p[1], p[2], p[3], p[4], p[5]);
+ "length %d\n", p[0], p[1]);
break;
}
len -= p[1] + 2;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [273/289] crypto: padlock - Fix AES-CBC handling on odd-block-sized input
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (272 preceding siblings ...)
2010-12-08 1:00 ` [272/289] x25: Prevent crashing when parsing bad X.25 facilities Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [274/289] ext4: fix NULL pointer dereference in print_daily_error_info() Greg KH
` (12 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: stable-review, torvalds, akpm, alan, Herbert Xu
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit c054a076a1bd4731820a9c4d638b13d5c9bf5935 upstream.
On certain VIA chipsets AES-CBC requires the input/output to be
a multiple of 64 bytes. We had a workaround for this but it was
buggy as it sent the whole input for processing when it is meant
to only send the initial number of blocks which makes the rest
a multiple of 64 bytes.
As expected this causes memory corruption whenever the workaround
kicks in.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/crypto/padlock-aes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/padlock-aes.c
+++ b/drivers/crypto/padlock-aes.c
@@ -286,7 +286,7 @@ static inline u8 *padlock_xcrypt_cbc(con
if (initial)
asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */
: "+S" (input), "+D" (output), "+a" (iv)
- : "d" (control_word), "b" (key), "c" (count));
+ : "d" (control_word), "b" (key), "c" (initial));
asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */
: "+S" (input), "+D" (output), "+a" (iv)
^ permalink raw reply [flat|nested] 288+ messages in thread
* [274/289] ext4: fix NULL pointer dereference in print_daily_error_info()
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (273 preceding siblings ...)
2010-12-08 1:00 ` [273/289] crypto: padlock - Fix AES-CBC handling on odd-block-sized input Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [275/289] econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849 Greg KH
` (11 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Sergey Senozhatsky,
Theodore Tso, Thomas Meyer
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
commit a1c6c5698d53db4c47a25c3a8d11731a4d7b8370 upstream.
Fix NULL pointer dereference in print_daily_error_info, when
called on unmounted fs (EXT4_SB(sb) returns NULL), by removing error
reporting timer in ext4_put_super.
Google-Bug-Id: 3017663
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/ext4/super.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -719,6 +719,7 @@ static void ext4_put_super(struct super_
ext4_abort(sb, "Couldn't clean up the journal");
}
+ del_timer(&sbi->s_err_report);
ext4_release_system_zone(sb);
ext4_mb_release(sb);
ext4_ext_release(sb);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [275/289] econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (274 preceding siblings ...)
2010-12-08 1:00 ` [274/289] ext4: fix NULL pointer dereference in print_daily_error_info() Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [276/289] econet: fix CVE-2010-3850 Greg KH
` (10 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Phil Blundell, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Phil Blundell <philb@gnu.org>
commit fa0e846494792e722d817b9d3d625a4ef4896c96 upstream.
Later parts of econet_sendmsg() rely on saddr != NULL, so return early
with EINVAL if NULL was passed otherwise an oops may occur.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/econet/af_econet.c | 26 ++++++++------------------
1 file changed, 8 insertions(+), 18 deletions(-)
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -297,23 +297,14 @@ static int econet_sendmsg(struct kiocb *
mutex_lock(&econet_mutex);
- if (saddr == NULL) {
- struct econet_sock *eo = ec_sk(sk);
-
- addr.station = eo->station;
- addr.net = eo->net;
- port = eo->port;
- cb = eo->cb;
- } else {
- if (msg->msg_namelen < sizeof(struct sockaddr_ec)) {
- mutex_unlock(&econet_mutex);
- return -EINVAL;
- }
- addr.station = saddr->addr.station;
- addr.net = saddr->addr.net;
- port = saddr->port;
- cb = saddr->cb;
- }
+ if (saddr == NULL || msg->msg_namelen < sizeof(struct sockaddr_ec)) {
+ mutex_unlock(&econet_mutex);
+ return -EINVAL;
+ }
+ addr.station = saddr->addr.station;
+ addr.net = saddr->addr.net;
+ port = saddr->port;
+ cb = saddr->cb;
/* Look for a device with the right network number. */
dev = net2dev_map[addr.net];
@@ -351,7 +342,6 @@ static int econet_sendmsg(struct kiocb *
eb = (struct ec_cb *)&skb->cb;
- /* BUG: saddr may be NULL */
eb->cookie = saddr->cookie;
eb->sec = *saddr;
eb->sent = ec_tx_done;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [276/289] econet: fix CVE-2010-3850
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (275 preceding siblings ...)
2010-12-08 1:00 ` [275/289] econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849 Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [277/289] econet: fix CVE-2010-3848 Greg KH
` (9 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Phil Blundell, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Phil Blundell <philb@gnu.org>
commit 16c41745c7b92a243d0874f534c1655196c64b74 upstream.
Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR operation.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/econet/af_econet.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -661,6 +661,9 @@ static int ec_dev_ioctl(struct socket *s
err = 0;
switch (cmd) {
case SIOCSIFADDR:
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
edev = dev->ec_ptr;
if (edev == NULL) {
/* Magic up a new one. */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [277/289] econet: fix CVE-2010-3848
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (276 preceding siblings ...)
2010-12-08 1:00 ` [276/289] econet: fix CVE-2010-3850 Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [278/289] rds: Integer overflow in RDS cmsg handling Greg KH
` (8 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Phil Blundell, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Phil Blundell <philb@gnu.org>
commit a27e13d370415add3487949c60810e36069a23a6 upstream.
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/econet/af_econet.c | 62 ++++++++++++++++++++++++-------------------------
1 file changed, 31 insertions(+), 31 deletions(-)
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -31,6 +31,7 @@
#include <linux/skbuff.h>
#include <linux/udp.h>
#include <linux/slab.h>
+#include <linux/vmalloc.h>
#include <net/sock.h>
#include <net/inet_common.h>
#include <linux/stat.h>
@@ -276,12 +277,12 @@ static int econet_sendmsg(struct kiocb *
#endif
#ifdef CONFIG_ECONET_AUNUDP
struct msghdr udpmsg;
- struct iovec iov[msg->msg_iovlen+1];
+ struct iovec iov[2];
struct aunhdr ah;
struct sockaddr_in udpdest;
__kernel_size_t size;
- int i;
mm_segment_t oldfs;
+ char *userbuf;
#endif
/*
@@ -319,17 +320,17 @@ static int econet_sendmsg(struct kiocb *
}
}
- if (len + 15 > dev->mtu) {
- mutex_unlock(&econet_mutex);
- return -EMSGSIZE;
- }
-
if (dev->type == ARPHRD_ECONET) {
/* Real hardware Econet. We're not worthy etc. */
#ifdef CONFIG_ECONET_NATIVE
unsigned short proto = 0;
int res;
+ if (len + 15 > dev->mtu) {
+ mutex_unlock(&econet_mutex);
+ return -EMSGSIZE;
+ }
+
dev_hold(dev);
skb = sock_alloc_send_skb(sk, len+LL_ALLOCATED_SPACE(dev),
@@ -405,6 +406,11 @@ static int econet_sendmsg(struct kiocb *
return -ENETDOWN; /* No socket - can't send */
}
+ if (len > 32768) {
+ err = -E2BIG;
+ goto error;
+ }
+
/* Make up a UDP datagram and hand it off to some higher intellect. */
memset(&udpdest, 0, sizeof(udpdest));
@@ -436,36 +442,26 @@ static int econet_sendmsg(struct kiocb *
/* tack our header on the front of the iovec */
size = sizeof(struct aunhdr);
- /*
- * XXX: that is b0rken. We can't mix userland and kernel pointers
- * in iovec, since on a lot of platforms copy_from_user() will
- * *not* work with the kernel and userland ones at the same time,
- * regardless of what we do with set_fs(). And we are talking about
- * econet-over-ethernet here, so "it's only ARM anyway" doesn't
- * apply. Any suggestions on fixing that code? -- AV
- */
iov[0].iov_base = (void *)&ah;
iov[0].iov_len = size;
- for (i = 0; i < msg->msg_iovlen; i++) {
- void __user *base = msg->msg_iov[i].iov_base;
- size_t iov_len = msg->msg_iov[i].iov_len;
- /* Check it now since we switch to KERNEL_DS later. */
- if (!access_ok(VERIFY_READ, base, iov_len)) {
- mutex_unlock(&econet_mutex);
- return -EFAULT;
- }
- iov[i+1].iov_base = base;
- iov[i+1].iov_len = iov_len;
- size += iov_len;
+
+ userbuf = vmalloc(len);
+ if (userbuf == NULL) {
+ err = -ENOMEM;
+ goto error;
}
+ iov[1].iov_base = userbuf;
+ iov[1].iov_len = len;
+ err = memcpy_fromiovec(userbuf, msg->msg_iov, len);
+ if (err)
+ goto error_free_buf;
+
/* Get a skbuff (no data, just holds our cb information) */
if ((skb = sock_alloc_send_skb(sk, 0,
msg->msg_flags & MSG_DONTWAIT,
- &err)) == NULL) {
- mutex_unlock(&econet_mutex);
- return err;
- }
+ &err)) == NULL)
+ goto error_free_buf;
eb = (struct ec_cb *)&skb->cb;
@@ -481,7 +477,7 @@ static int econet_sendmsg(struct kiocb *
udpmsg.msg_name = (void *)&udpdest;
udpmsg.msg_namelen = sizeof(udpdest);
udpmsg.msg_iov = &iov[0];
- udpmsg.msg_iovlen = msg->msg_iovlen + 1;
+ udpmsg.msg_iovlen = 2;
udpmsg.msg_control = NULL;
udpmsg.msg_controllen = 0;
udpmsg.msg_flags=0;
@@ -489,9 +485,13 @@ static int econet_sendmsg(struct kiocb *
oldfs = get_fs(); set_fs(KERNEL_DS); /* More privs :-) */
err = sock_sendmsg(udpsock, &udpmsg, size);
set_fs(oldfs);
+
+error_free_buf:
+ vfree(userbuf);
#else
err = -EPROTOTYPE;
#endif
+ error:
mutex_unlock(&econet_mutex);
return err;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [278/289] rds: Integer overflow in RDS cmsg handling
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (277 preceding siblings ...)
2010-12-08 1:00 ` [277/289] econet: fix CVE-2010-3848 Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [279/289] cfg80211: fix extension channel checks to initiate communication Greg KH
` (7 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Dan Rosenberg, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dan Rosenberg <drosenberg@vsecurity.com>
commit 218854af84038d828a32f061858b1902ed2beec6 upstream.
In rds_cmsg_rdma_args(), the user-provided args->nr_local value is
restricted to less than UINT_MAX. This seems to need a tighter upper
bound, since the calculation of total iov_size can overflow, resulting
in a small sock_kmalloc() allocation. This would probably just result
in walking off the heap and crashing when calling rds_rdma_pages() with
a high count value. If it somehow doesn't crash here, then memory
corruption could occur soon after.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/rds/rdma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/rds/rdma.c
+++ b/net/rds/rdma.c
@@ -474,7 +474,7 @@ static struct rds_rdma_op *rds_rdma_prep
goto out;
}
- if (args->nr_local > (u64)UINT_MAX) {
+ if (args->nr_local > UIO_MAXIOV) {
ret = -EMSGSIZE;
goto out;
}
^ permalink raw reply [flat|nested] 288+ messages in thread
* [279/289] cfg80211: fix extension channel checks to initiate communication
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (278 preceding siblings ...)
2010-12-08 1:00 ` [278/289] rds: Integer overflow in RDS cmsg handling Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [280/289] [SCSI] qla2xxx: Add module parameter to enable/disable GFF_ID device type check Greg KH
` (6 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Luis R. Rodriguez, John W. Linville
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Luis R. Rodriguez <lrodriguez@atheros.com>
commit 9236d838c920e90708570d9bbd7bb82d30a38130 upstream.
When operating in a mode that initiates communication and using
HT40 we should fail if we cannot use both primary and secondary
channels to initiate communication. Our current ht40 allowmap
only covers STA mode of operation, for beaconing modes we need
a check on the fly as the mode of operation is dynamic and
there other flags other than disable which we should read
to check if we can initiate communication.
Do not allow for initiating communication if our secondary HT40
channel has is either disabled, has a passive scan flag, a
no-ibss flag or is a radar channel. Userspace now has similar
checks but this is also needed in-kernel.
Reported-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/wireless/chan.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -44,6 +44,36 @@ rdev_freq_to_chan(struct cfg80211_regist
return chan;
}
+static bool can_beacon_sec_chan(struct wiphy *wiphy,
+ struct ieee80211_channel *chan,
+ enum nl80211_channel_type channel_type)
+{
+ struct ieee80211_channel *sec_chan;
+ int diff;
+
+ switch (channel_type) {
+ case NL80211_CHAN_HT40PLUS:
+ diff = 20;
+ case NL80211_CHAN_HT40MINUS:
+ diff = -20;
+ default:
+ return false;
+ }
+
+ sec_chan = ieee80211_get_channel(wiphy, chan->center_freq + diff);
+ if (!sec_chan)
+ return false;
+
+ /* we'll need a DFS capability later */
+ if (sec_chan->flags & (IEEE80211_CHAN_DISABLED |
+ IEEE80211_CHAN_PASSIVE_SCAN |
+ IEEE80211_CHAN_NO_IBSS |
+ IEEE80211_CHAN_RADAR))
+ return false;
+
+ return true;
+}
+
int cfg80211_set_freq(struct cfg80211_registered_device *rdev,
struct wireless_dev *wdev, int freq,
enum nl80211_channel_type channel_type)
@@ -68,6 +98,27 @@ int cfg80211_set_freq(struct cfg80211_re
if (!chan)
return -EINVAL;
+ /* Both channels should be able to initiate communication */
+ if (wdev && (wdev->iftype == NL80211_IFTYPE_ADHOC ||
+ wdev->iftype == NL80211_IFTYPE_AP ||
+ wdev->iftype == NL80211_IFTYPE_AP_VLAN ||
+ wdev->iftype == NL80211_IFTYPE_MESH_POINT)) {
+ switch (channel_type) {
+ case NL80211_CHAN_HT40PLUS:
+ case NL80211_CHAN_HT40MINUS:
+ if (!can_beacon_sec_chan(&rdev->wiphy, chan,
+ channel_type)) {
+ printk(KERN_DEBUG
+ "cfg80211: Secondary channel not "
+ "allowed to initiate communication\n");
+ return -EINVAL;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
result = rdev->ops->set_channel(&rdev->wiphy,
wdev ? wdev->netdev : NULL,
chan, channel_type);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [280/289] [SCSI] qla2xxx: Add module parameter to enable/disable GFF_ID device type check.
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (279 preceding siblings ...)
2010-12-08 1:00 ` [279/289] cfg80211: fix extension channel checks to initiate communication Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [281/289] [media] msp3400: fix mute audio regression Greg KH
` (5 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Chad Dupuis,
Madhuranath Iyengar, James Bottomley
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Chad Dupuis <chad.dupuis@qlogic.com>
commit 4da26e162b69d89c3186a35a052c05e61a555637 upstream.
Add the module parameter ql2xgffidenable to disable/enable the use of the
GFF_ID name server command to prevent non FCP SCSI devices from being added to
the driver's internal fc_port database.
Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: Madhuranath Iyengar <Madhu.Iyengar@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/scsi/qla2xxx/qla_gbl.h | 1 +
drivers/scsi/qla2xxx/qla_init.c | 5 +++--
drivers/scsi/qla2xxx/qla_os.c | 5 +++++
3 files changed, 9 insertions(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
@@ -92,6 +92,7 @@ extern int ql2xshiftctondsd;
extern int ql2xdbwr;
extern int ql2xdontresethba;
extern int ql2xasynctmfenable;
+extern int ql2xgffidenable;
extern int ql2xenabledif;
extern int ql2xenablehba_err_chk;
extern int ql2xtargetreset;
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -3258,8 +3258,9 @@ qla2x00_find_all_fabric_devs(scsi_qla_ho
continue;
/* Bypass ports whose FCP-4 type is not FCP_SCSI */
- if (new_fcport->fc4_type != FC4_TYPE_FCP_SCSI &&
- new_fcport->fc4_type != FC4_TYPE_UNKNOWN)
+ if (ql2xgffidenable &&
+ (new_fcport->fc4_type != FC4_TYPE_FCP_SCSI &&
+ new_fcport->fc4_type != FC4_TYPE_UNKNOWN))
continue;
/* Locate matching device in database. */
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -160,6 +160,11 @@ MODULE_PARM_DESC(ql2xtargetreset,
"Enable target reset."
"Default is 1 - use hw defaults.");
+int ql2xgffidenable;
+module_param(ql2xgffidenable, int, S_IRUGO|S_IRUSR);
+MODULE_PARM_DESC(ql2xgffidenable,
+ "Enables GFF_ID checks of port type. "
+ "Default is 0 - Do not use GFF_ID information.");
int ql2xasynctmfenable;
module_param(ql2xasynctmfenable, int, S_IRUGO|S_IRUSR);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [281/289] [media] msp3400: fix mute audio regression
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (280 preceding siblings ...)
2010-12-08 1:00 ` [280/289] [SCSI] qla2xxx: Add module parameter to enable/disable GFF_ID device type check Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:00 ` [282/289] r8169: fix rx checksum offload Greg KH
` (4 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Hans Verkuil, Mauro Carvalho Chehab
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Hans Verkuil <hverkuil@xs4all.nl>
commit 0310871d8f71da4ad8643687fbc40f219a0dac4d upstream.
The switch to the new control framework caused a regression where the audio was
no longer unmuted after the carrier scan finished.
The original code attempted to set the volume control to its current value in
order to have the set-volume control code to be called that handles the volume
and muting. However, the framework will not call that code unless the new volume
value is different from the old.
Instead we now call msp_s_ctrl directly.
It is a bit of a hack: we really need a v4l2_ctrl_refresh_ctrl function for this
(or something along those lines).
Thanks to Andy Walls for bisecting this and to Shane Shrybman for reporting it!
Reported-by: Shane Shrybman <shrybman@teksavvy.com>
Thanks-to: Andy Walls <awalls@md.metrocast.net>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/media/video/msp3400-driver.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/media/video/msp3400-driver.c
+++ b/drivers/media/video/msp3400-driver.c
@@ -382,7 +382,12 @@ static int msp_s_ctrl(struct v4l2_ctrl *
void msp_update_volume(struct msp_state *state)
{
- v4l2_ctrl_s_ctrl(state->volume, v4l2_ctrl_g_ctrl(state->volume));
+ /* Force an update of the volume/mute cluster */
+ v4l2_ctrl_lock(state->volume);
+ state->volume->val = state->volume->cur.val;
+ state->muted->val = state->muted->cur.val;
+ msp_s_ctrl(state->volume);
+ v4l2_ctrl_unlock(state->volume);
}
/* --- v4l2 ioctls --- */
^ permalink raw reply [flat|nested] 288+ messages in thread
* [282/289] r8169: fix rx checksum offload
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (281 preceding siblings ...)
2010-12-08 1:00 ` [281/289] [media] msp3400: fix mute audio regression Greg KH
@ 2010-12-08 1:00 ` Greg KH
2010-12-08 1:01 ` [283/289] r8169: (re)init phy on resume Greg KH
` (3 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:00 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric Dumazet,
Francois Romieu, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Eric Dumazet <eric.dumazet@gmail.com>
commit adea1ac7effbddbe60a9de6d63462bfe79289e59 upstream.
While porting GRO to r8169, I found this driver has a bug in its rx
path.
All skbs given to network stack had their ip_summed set to
CHECKSUM_NONE, while hardware said they had correct TCP/UDP checksums.
The reason is driver sets skb->ip_summed on the original skb before the
copy eventually done by copybreak. The fresh skb gets the ip_summed =
CHECKSUM_NONE value, forcing network stack to recompute checksum, and
preventing my GRO patch to work.
Fix is to make the ip_summed setting after skb copy.
Note : rx_copybreak current value is 16383, so all frames are copied...
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/r8169.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/net/r8169.c
+++ b/drivers/net/r8169.c
@@ -4455,9 +4455,8 @@ static inline int rtl8169_fragmented_fra
return (status & (FirstFrag | LastFrag)) != (FirstFrag | LastFrag);
}
-static inline void rtl8169_rx_csum(struct sk_buff *skb, struct RxDesc *desc)
+static inline void rtl8169_rx_csum(struct sk_buff *skb, u32 opts1)
{
- u32 opts1 = le32_to_cpu(desc->opts1);
u32 status = opts1 & RxProtoMask;
if (((status == RxProtoTCP) && !(opts1 & TCPFail)) ||
@@ -4551,8 +4550,6 @@ static int rtl8169_rx_interrupt(struct n
continue;
}
- rtl8169_rx_csum(skb, desc);
-
if (rtl8169_try_rx_copy(&skb, tp, pkt_size, addr)) {
dma_sync_single_for_device(&pdev->dev, addr,
pkt_size, PCI_DMA_FROMDEVICE);
@@ -4563,6 +4560,7 @@ static int rtl8169_rx_interrupt(struct n
tp->Rx_skbuff[entry] = NULL;
}
+ rtl8169_rx_csum(skb, status);
skb_put(skb, pkt_size);
skb->protocol = eth_type_trans(skb, dev);
^ permalink raw reply [flat|nested] 288+ messages in thread
* [283/289] r8169: (re)init phy on resume
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (282 preceding siblings ...)
2010-12-08 1:00 ` [282/289] r8169: fix rx checksum offload Greg KH
@ 2010-12-08 1:01 ` Greg KH
2010-12-08 1:01 ` [284/289] r8169: revert "Handle rxfifo errors on 8168 chips" Greg KH
` (2 subsequent siblings)
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:01 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Stanislaw Gruszka,
David S. Miller, Francois Romieu
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Stanislaw Gruszka <sgruszka@redhat.com>
commit fccec10b33503a2b1197c8e7a3abd30443bedb08 upstream.
Fix switching device to low-speed mode after resume reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=502974
Reported-and-tested-by: Laurentiu Badea <bugzilla-redhat@wotevah.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/r8169.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/r8169.c
+++ b/drivers/net/r8169.c
@@ -4889,6 +4889,9 @@ static int rtl8169_resume(struct device
{
struct pci_dev *pdev = to_pci_dev(device);
struct net_device *dev = pci_get_drvdata(pdev);
+ struct rtl8169_private *tp = netdev_priv(dev);
+
+ rtl8169_init_phy(dev, tp);
if (netif_running(dev))
__rtl8169_resume(dev);
@@ -4929,6 +4932,8 @@ static int rtl8169_runtime_resume(struct
tp->saved_wolopts = 0;
spin_unlock_irq(&tp->lock);
+ rtl8169_init_phy(dev, tp);
+
__rtl8169_resume(dev);
return 0;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [284/289] r8169: revert "Handle rxfifo errors on 8168 chips"
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (283 preceding siblings ...)
2010-12-08 1:01 ` [283/289] r8169: (re)init phy on resume Greg KH
@ 2010-12-08 1:01 ` Greg KH
2010-12-08 1:01 ` [285/289] r8169: fix checksum broken Greg KH
2010-12-08 1:01 ` [286/289] [S390] nmi: fix clock comparator revalidation Greg KH
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:01 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Francois Romieu,
Matthew Garrett, Daniel J Blueman, David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: =?UTF-8?q?fran=C3=A7ois=20romieu?= <romieu@fr.zoreil.com>
commit 53f57357ff0afc37804f4e82ee3123e0c0a2cad6 upstream.
The original patch helps under obscure conditions (no pun) but
some 8168 do not like it. The change needs to be tightened with
a specific 8168 version.
This reverts commit 801e147cde02f04b5c2f42764cd43a89fc7400a2
("r8169: Handle rxfifo errors on 8168 chips").
Regression at https://bugzilla.kernel.org/show_bug.cgi?id=20882
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Andreas Radke <a.radke@arcor.de>
Cc: Matthew Garrett <mjg@redhat.com>
Cc: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/r8169.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/net/r8169.c
+++ b/drivers/net/r8169.c
@@ -2936,7 +2936,7 @@ static const struct rtl_cfg_info {
.hw_start = rtl_hw_start_8168,
.region = 2,
.align = 8,
- .intr_event = SYSErr | RxFIFOOver | LinkChg | RxOverflow |
+ .intr_event = SYSErr | LinkChg | RxOverflow |
TxErr | TxOK | RxOK | RxErr,
.napi_event = TxErr | TxOK | RxOK | RxOverflow,
.features = RTL_FEATURE_GMII | RTL_FEATURE_MSI,
@@ -4628,7 +4628,8 @@ static irqreturn_t rtl8169_interrupt(int
}
/* Work around for rx fifo overflow */
- if (unlikely(status & RxFIFOOver)) {
+ if (unlikely(status & RxFIFOOver) &&
+ (tp->mac_version == RTL_GIGA_MAC_VER_11)) {
netif_stop_queue(dev);
rtl8169_tx_timeout(dev);
break;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [285/289] r8169: fix checksum broken
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (284 preceding siblings ...)
2010-12-08 1:01 ` [284/289] r8169: revert "Handle rxfifo errors on 8168 chips" Greg KH
@ 2010-12-08 1:01 ` Greg KH
2010-12-08 1:01 ` [286/289] [S390] nmi: fix clock comparator revalidation Greg KH
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:01 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Shan Wei, Francois Romieu,
David S. Miller
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Shan Wei <shanwei@cn.fujitsu.com>
commit d5d3ebe3be5c5123f2d444e186717f45284151e2 upstream.
If r8196 received packets with invalid sctp/igmp(not tcp, udp) checksum, r8196 set skb->ip_summed
wit CHECKSUM_UNNECESSARY. This cause that upper protocol don't check checksum field.
I am not family with r8196 driver. I try to guess the meaning of RxProtoIP and IPFail.
RxProtoIP stands for received IPv4 packet that upper protocol is not tcp and udp.
!(opts1 & IPFail) is true means that driver correctly to check checksum in IPv4 header.
If it's right, I think we should not set ip_summed wit CHECKSUM_UNNECESSARY for my sctp packets
with invalid checksum.
If it's not right, please tell me.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/r8169.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/r8169.c
+++ b/drivers/net/r8169.c
@@ -4460,8 +4460,7 @@ static inline void rtl8169_rx_csum(struc
u32 status = opts1 & RxProtoMask;
if (((status == RxProtoTCP) && !(opts1 & TCPFail)) ||
- ((status == RxProtoUDP) && !(opts1 & UDPFail)) ||
- ((status == RxProtoIP) && !(opts1 & IPFail)))
+ ((status == RxProtoUDP) && !(opts1 & UDPFail)))
skb->ip_summed = CHECKSUM_UNNECESSARY;
else
skb->ip_summed = CHECKSUM_NONE;
^ permalink raw reply [flat|nested] 288+ messages in thread
* [286/289] [S390] nmi: fix clock comparator revalidation
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
` (285 preceding siblings ...)
2010-12-08 1:01 ` [285/289] r8169: fix checksum broken Greg KH
@ 2010-12-08 1:01 ` Greg KH
286 siblings, 0 replies; 288+ messages in thread
From: Greg KH @ 2010-12-08 1:01 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Heiko Carstens, Martin Schwidefsky
2.6.36-stable review patch. If anyone has any objections, please let us know.
------------------
From: Heiko Carstens <heiko.carstens@de.ibm.com>
commit e8129c642155616d9e2160a75f103e127c8c3708 upstream.
On each machine check all registers are revalidated. The save area for
the clock comparator however only contains the upper most seven bytes
of the former contents, if valid.
Therefore the machine check handler uses a store clock instruction to
get the current time and writes that to the clock comparator register
which in turn will generate an immediate timer interrupt.
However within the lowcore the expected time of the next timer
interrupt is stored. If the interrupt happens before that time the
handler won't be called. In turn the clock comparator won't be
reprogrammed and therefore the interrupt condition stays pending which
causes an interrupt loop until the expected time is reached.
On NOHZ machines this can result in unresponsive machines since the
time of the next expected interrupted can be a couple of days in the
future.
To fix this just revalidate the clock comparator register with the
expected value.
In addition the special handling for udelay must be changed as well.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/s390/kernel/nmi.c | 10 ++++------
arch/s390/lib/delay.c | 14 +++++++++-----
2 files changed, 13 insertions(+), 11 deletions(-)
--- a/arch/s390/kernel/nmi.c
+++ b/arch/s390/kernel/nmi.c
@@ -95,7 +95,6 @@ EXPORT_SYMBOL_GPL(s390_handle_mcck);
static int notrace s390_revalidate_registers(struct mci *mci)
{
int kill_task;
- u64 tmpclock;
u64 zero;
void *fpt_save_area, *fpt_creg_save_area;
@@ -214,11 +213,10 @@ static int notrace s390_revalidate_regis
: "0", "cc");
#endif
/* Revalidate clock comparator register */
- asm volatile(
- " stck 0(%1)\n"
- " sckc 0(%1)"
- : "=m" (tmpclock) : "a" (&(tmpclock)) : "cc", "memory");
-
+ if (S390_lowcore.clock_comparator == -1)
+ set_clock_comparator(S390_lowcore.mcck_clock);
+ else
+ set_clock_comparator(S390_lowcore.clock_comparator);
/* Check if old PSW is valid */
if (!mci->wp)
/*
--- a/arch/s390/lib/delay.c
+++ b/arch/s390/lib/delay.c
@@ -29,17 +29,21 @@ static void __udelay_disabled(unsigned l
{
unsigned long mask, cr0, cr0_saved;
u64 clock_saved;
+ u64 end;
+ mask = psw_kernel_bits | PSW_MASK_WAIT | PSW_MASK_EXT;
+ end = get_clock() + (usecs << 12);
clock_saved = local_tick_disable();
- set_clock_comparator(get_clock() + (usecs << 12));
__ctl_store(cr0_saved, 0, 0);
cr0 = (cr0_saved & 0xffff00e0) | 0x00000800;
__ctl_load(cr0 , 0, 0);
- mask = psw_kernel_bits | PSW_MASK_WAIT | PSW_MASK_EXT;
lockdep_off();
- trace_hardirqs_on();
- __load_psw_mask(mask);
- local_irq_disable();
+ do {
+ set_clock_comparator(end);
+ trace_hardirqs_on();
+ __load_psw_mask(mask);
+ local_irq_disable();
+ } while (get_clock() < end);
lockdep_on();
__ctl_load(cr0_saved, 0, 0);
local_tick_enable(clock_saved);
^ permalink raw reply [flat|nested] 288+ messages in thread
end of thread, other threads:[~2010-12-08 2:04 UTC | newest]
Thread overview: 288+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-12-08 0:58 [000/289] 2.6.36.2-stable review Greg KH
2010-12-08 0:56 ` Greg KH
2010-12-08 0:56 ` [001/289] block: Ensure physical block size is unsigned int Greg KH
2010-12-08 0:56 ` [002/289] block: Fix race during disk initialization Greg KH
2010-12-08 0:56 ` [003/289] block: limit vec count in bio_kmalloc() and bio_alloc_map_data() Greg KH
2010-12-08 0:56 ` [004/289] block: take care not to overflow when calculating total iov length Greg KH
2010-12-08 0:56 ` [005/289] block: check for proper length of iov entries in blk_rq_map_user_iov() Greg KH
2010-12-08 0:56 ` [006/289] drm/radeon/kms: dont disable shared encoders on pre-DCE3 display blocks Greg KH
2010-12-08 0:56 ` [007/289] jme: Fix PHY power-off error Greg KH
2010-12-08 0:56 ` [008/289] irda: Fix parameter extraction stack overflow Greg KH
2010-12-08 0:56 ` [009/289] irda: Fix heap memory corruption in iriap.c Greg KH
2010-12-08 0:56 ` [010/289] r6040: Fix multicast filter some more Greg KH
2010-12-08 0:56 ` [011/289] drm/radeon/kms: fix 2D tile height alignment in the r600 CS checker Greg KH
2010-12-08 0:56 ` [012/289] ath9k: built-in rate control A-MPDU fix Greg KH
2010-12-08 0:56 ` [013/289] ath9k: fix channel flag / regd issues with multiple cards Greg KH
2010-12-08 0:56 ` [014/289] ath9k: A-MPDU rate control info fix Greg KH
2010-12-08 0:56 ` [015/289] ath9k: Fix tx struck state with paprd Greg KH
2010-12-08 0:56 ` [016/289] ath9k: clean up / fix aggregation session flush Greg KH
2010-12-08 0:56 ` [017/289] ath9k: fix power save race conditions Greg KH
2010-12-08 0:56 ` [018/289] ath9k: fix an aggregation start related race condition Greg KH
2010-12-08 0:56 ` [019/289] ath9k: fix regression which prevents chip sleep after CAB data Greg KH
2010-12-08 0:56 ` [020/289] ath9k_hw: handle rx key miss Greg KH
2010-12-08 0:56 ` [021/289] ath9k: fix regression which disabled ps on ath9k Greg KH
2010-12-08 0:56 ` [022/289] ath9k: fix regression on beacon loss after bgscan Greg KH
2010-12-08 0:56 ` [023/289] ath9k: fix spurious MIC failure reports Greg KH
2010-12-08 0:56 ` [024/289] ath9k: resume aggregation immediately after a hardware reset Greg KH
2010-12-08 0:56 ` [025/289] ath9k_hw: Fix divide by zero cases in paprd Greg KH
2010-12-08 0:56 ` [026/289] ath9k_hw: Fix TX carrier leakage for IEEE compliance on AR9003 2.2 Greg KH
2010-12-08 0:56 ` [027/289] ath9k_htc: Set proper firmware offset for Netgear WNDA3200 Greg KH
2010-12-08 0:56 ` [028/289] ath9k: Fix incorrect access of rate flags in RC Greg KH
2010-12-08 0:56 ` [029/289] ath9k: rename rxflushlock to pcu_lock Greg KH
2010-12-08 0:56 ` [030/289] ath9k: fix tx aggregation flush on AR9003 Greg KH
2010-12-08 0:56 ` [031/289] ath9k: add locking for stopping RX Greg KH
2010-12-08 0:56 ` [032/289] ath9k: fix enabling ANI / tx monitor after bg scan Greg KH
2010-12-08 0:56 ` [033/289] ath9k_hw: Fix memory leak on ath9k_hw_rf_alloc_ext_banks failure Greg KH
2010-12-08 0:56 ` [034/289] ath9k_hw: Fix AR9280 surprise removal during frequent idle on/off Greg KH
2010-12-08 0:56 ` [035/289] ath9k_htc: Avoid setting QoS control for non-QoS frames Greg KH
2010-12-08 0:56 ` [036/289] ath9k: add locking for starting the PCU on RX Greg KH
2010-12-08 0:56 ` [037/289] ath9k_hw: Set proper eeprom offset for AR9287 HTC devices Greg KH
2010-12-08 0:56 ` [038/289] ath9k_htc: Add new devices into AR7010 Greg KH
2010-12-08 0:56 ` [039/289] ath9k_htc: Add support for device ID 3346 Greg KH
2010-12-08 0:56 ` [040/289] ath9k_htc: Update usb device ID list Greg KH
2010-12-08 0:56 ` [041/289] ath9k: lock reset and PCU start/stopping Greg KH
2010-12-08 0:56 ` [042/289] cfg80211: fix BSS double-unlinking Greg KH
2010-12-08 0:57 ` [043/289] cfg80211: fix locking Greg KH
2010-12-08 0:57 ` [044/289] cfg80211: fix regression on processing country IEs Greg KH
2010-12-08 0:57 ` [045/289] mac80211: minstrel_ht A-MPDU fix Greg KH
2010-12-08 0:57 ` [046/289] mac80211: fix possible null-pointer de-reference Greg KH
2010-12-08 0:57 ` [047/289] mac80211: fix channel assumption for association done work Greg KH
2010-12-08 0:57 ` [048/289] mac80211: fix offchannel assumption upon association Greg KH
2010-12-08 0:57 ` [049/289] mac80211: Fix signal strength average initialization for CQM events Greg KH
2010-12-08 0:57 ` [050/289] mac80211: reset connection idle when going offchannel Greg KH
2010-12-08 0:57 ` [051/289] mac80211: add helper for reseting the connection monitor Greg KH
2010-12-08 0:57 ` [052/289] mac80211: make the beacon monitor available externally Greg KH
2010-12-08 0:57 ` [053/289] mac80211: send last 3/5 probe requests as unicast Greg KH
2010-12-08 0:57 ` [054/289] mac80211: disable beacon monitor while going offchannel Greg KH
2010-12-08 0:57 ` [055/289] mac80211: use correct station flags lock Greg KH
2010-12-08 0:57 ` [056/289] mac80211: clear txflags for ps-filtered frames Greg KH
2010-12-08 0:57 ` [057/289] mac80211: reset probe send counter upon connection timer reset Greg KH
2010-12-08 0:57 ` [058/289] mac80211: Fix ibss station got expired immediately Greg KH
2010-12-08 0:57 ` [059/289] mac80211: dont sanitize invalid rates Greg KH
2010-12-08 0:57 ` [060/289] mac80211: delete AddBA response timer Greg KH
2010-12-08 0:57 ` [061/289] isdn/gigaset: fix bas_gigaset AT read error handling Greg KH
2010-12-08 0:57 ` [062/289] isdn/gigaset: correct bas_gigaset rx buffer handling Greg KH
2010-12-08 0:57 ` [063/289] isdn/gigaset: bas_gigaset locking fix Greg KH
2010-12-08 0:57 ` [064/289] i2c-pca-platform: Change device name of request_irq Greg KH
2010-12-08 0:57 ` [065/289] viafb: fix i2c_transfer error handling Greg KH
2010-12-08 0:57 ` [066/289] drm/radeon/kms: register an i2c adapter name for the dp aux bus Greg KH
2010-12-08 0:57 ` [067/289] ALSA: hda - Disable sticky PCM stream assignment for AD codecs Greg KH
2010-12-08 0:57 ` [068/289] ALSA: hda - Add workarounds for CT-IBG controllers Greg KH
2010-12-08 0:57 ` [069/289] ALSA: hda - Fix wrong SPDIF NID assignment for CA0110 Greg KH
2010-12-08 0:57 ` [070/289] ALSA: hda - Add some workarounds for Creative IBG Greg KH
2010-12-08 0:57 ` [071/289] ALSA: OSS mixer emulation - fix locking Greg KH
2010-12-08 0:57 ` [072/289] ALSA: HDA: Enable internal mic on Dell E6410 and Dell E6510 Greg KH
2010-12-08 0:57 ` [073/289] powerpc: Fix call to subpage_protection() Greg KH
2010-12-08 0:57 ` [074/289] SUNRPC: After calling xprt_release(), we must restart from call_reserve Greg KH
2010-12-08 0:57 ` [075/289] microblaze: Fix build with make 3.82 Greg KH
2010-12-08 0:57 ` [076/289] phy/marvell: fix 88e1121 support Greg KH
2010-12-08 0:57 ` [077/289] NFSv4: Dont call nfs4_reclaim_complete() on receiving NFS4ERR_STALE_CLIENTID Greg KH
2010-12-08 0:57 ` [078/289] NFSv4: Dont call nfs4_state_mark_reclaim_reboot() from error handlers Greg KH
2010-12-08 0:57 ` [079/289] NFSv4: Fix open recovery Greg KH
2010-12-08 0:57 ` [080/289] NFS: Dont SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation Greg KH
2010-12-08 0:57 ` [081/289] drm/radeon/kms: MC vram map needs to be >= pci aperture size Greg KH
2010-12-08 0:57 ` [082/289] drm/radeon/kms: properly compute group_size on 6xx/7xx Greg KH
2010-12-08 0:57 ` [083/289] drm/i915: Update hotplug interrupts register definitions for Sandybridge Greg KH
2010-12-08 0:57 ` [084/289] drm/radeon/kms: make sure blit addr masks are 64 bit Greg KH
2010-12-08 0:57 ` [085/289] drm/radeon/kms: fix handling of tex lookup disable in cs checker on r2xx Greg KH
2010-12-08 0:57 ` [086/289] drm/i915/crt: Make sure the hotplug interrupt is enabled Greg KH
2010-12-08 0:57 ` [087/289] drm/i915: Free hardware status page on unload when physically mapped Greg KH
2010-12-08 0:57 ` [088/289] drm/i915: diasable clock gating for the panel power sequencer Greg KH
2010-12-08 0:57 ` [089/289] drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing Greg KH
2010-12-08 0:57 ` [090/289] pcnet_cs: add new_id Greg KH
2010-12-08 0:57 ` [091/289] SH: Add missing consts to sys_execve() declaration Greg KH
2010-12-08 0:57 ` [092/289] reiserfs: fix inode mutex - reiserfs lock misordering Greg KH
2010-12-08 0:57 ` [093/289] reiserfs: dont acquire lock recursively in reiserfs_acl_chmod Greg KH
2010-12-08 0:57 ` [094/289] staging: rt2870: Add new USB ID for Belkin F6D4050 v1 Greg KH
2010-12-08 0:57 ` [095/289] Staging: asus_oled: fix up some sysfs attribute permissions Greg KH
2010-12-08 0:57 ` [096/289] Staging: asus_oled: fix up my fixup for " Greg KH
2010-12-08 0:57 ` [097/289] ALSA: hda: Use hp-laptop quirk to enable headphones automute for Asus A52J Greg KH
2010-12-08 0:57 ` [098/289] Staging: line6: fix up some sysfs attribute permissions Greg KH
2010-12-08 0:57 ` [099/289] kfifo: disable __kfifo_must_check_helper() Greg KH
2010-12-08 0:57 ` [100/289] hpet: fix unwanted interrupt due to stale irq status bit Greg KH
2010-12-08 0:57 ` [101/289] hpet: unmap unused I/O space Greg KH
2010-12-08 0:57 ` [102/289] olpc_battery: Fix endian neutral breakage for s16 values Greg KH
2010-12-08 0:58 ` [103/289] percpu: fix list_head init bug in __percpu_counter_init() Greg KH
2010-12-08 0:58 ` [104/289] hostfs: fix UML crash: remove f_spare from hostfs Greg KH
2010-12-08 0:58 ` [105/289] ipmi: proper spinlock initialization Greg KH
2010-12-08 0:58 ` [106/289] um: remove PAGE_SIZE alignment in linker script causing kernel segfault Greg KH
2010-12-08 0:58 ` [107/289] um: fix global timer issue when using CONFIG_NO_HZ Greg KH
2010-12-08 0:58 ` [108/289] numa: fix slab_node(MPOL_BIND) Greg KH
2010-12-08 0:58 ` [109/289] hwmon: (lm85) Fix ADT7468 frequency table Greg KH
2010-12-08 0:58 ` [110/289] oprofile: Fix the hang while taking the cpu offline Greg KH
2010-12-08 0:58 ` [111/289] mm: fix return value of scan_lru_pages in memory unplug Greg KH
2010-12-08 0:58 ` [112/289] mm, page-allocator: do not check the state of a non-existant buddy during free Greg KH
2010-12-08 0:58 ` [113/289] mm: fix is_mem_section_removable() page_order BUG_ON check Greg KH
2010-12-08 0:58 ` [114/289] mm/hugetlb.c: add missing spin_lock() to hugetlb_cow() Greg KH
2010-12-08 0:58 ` [115/289] agp/intel: Also add B43.1 to list of supported devices Greg KH
2010-12-08 0:58 ` [116/289] b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd Greg KH
2010-12-08 0:58 ` [117/289] wireless: b43: fix error path in SDIO Greg KH
2010-12-08 0:58 ` [118/289] ssb: b43-pci-bridge: Add new vendor for BCM4318 Greg KH
2010-12-08 0:58 ` [119/289] drivers/misc/ad525x_dpot.c: fix typo in spi write16 and write24 transfer counts Greg KH
2010-12-08 0:58 ` [120/289] sgi-xpc: XPC fails to discover partitions with all nasids above 128 Greg KH
2010-12-08 0:58 ` [121/289] xen: ensure that all event channels start off bound to VCPU 0 Greg KH
2010-12-08 0:58 ` [122/289] xen: dont bother to stop other cpus on shutdown/reboot Greg KH
2010-12-08 0:58 ` [123/289] ipc: initialize structure memory to zero for compat functions Greg KH
2010-12-08 0:58 ` [124/289] ipc: shm: fix information leak to userland Greg KH
2010-12-08 0:58 ` [125/289] net: NETIF_F_HW_CSUM does not imply FCoE CRC offload Greg KH
2010-12-08 0:58 ` [126/289] drivers/char/vt_ioctl.c: fix VT_OPENQRY error value Greg KH
2010-12-08 0:58 ` [127/289] viafb: use proper register for colour when doing fill ops Greg KH
2010-12-08 0:58 ` [128/289] sata_via: apply magic FIFO fix to vt6420 too Greg KH
2010-12-08 0:58 ` [129/289] eCryptfs: Clear LOOKUP_OPEN flag when creating lower file Greg KH
2010-12-08 0:58 ` [130/289] ecryptfs: call vfs_setxattr() in ecryptfs_setxattr() Greg KH
2010-12-08 0:58 ` [131/289] md: Fix regression with raid1 arrays without persistent metadata Greg KH
2010-12-08 0:58 ` [132/289] md/raid1: really fix recovery looping when single good device fails Greg KH
2010-12-08 0:58 ` [133/289] md: fix return value of rdev_size_change() Greg KH
2010-12-08 0:58 ` [134/289] ALSA: hda: Use BIOS auto-parsing instead of existing model quirk for MEDION MD2 Greg KH
2010-12-08 0:58 ` [135/289] tty: prevent DOS in the flush_to_ldisc Greg KH
2010-12-08 0:58 ` [136/289] TTY: restore tty_ldisc_wait_idle Greg KH
2010-12-08 0:58 ` [137/289] tty_ldisc: Fix BUG() on hangup Greg KH
2010-12-08 0:58 ` [138/289] TTY: ldisc, fix open flag handling Greg KH
2010-12-08 0:58 ` [139/289] TTY: dont allow reopen when ldisc is changing Greg KH
2010-12-08 0:58 ` [140/289] TTY: open/hangup race fixup Greg KH
2010-12-08 0:58 ` [141/289] usbnet: fix usb_autopm_get_interface failure(v1) Greg KH
2010-12-08 0:58 ` [142/289] HID: Fix for problems with eGalax/DWAV multi-touch-screen Greg KH
2010-12-08 0:58 ` [143/289] [media] gspca - main: Fix a regression with the PS3 Eye webcam Greg KH
2010-12-08 0:58 ` [144/289] [media] gspca - sonixj: Fix a regression of sensors hv7131r and mi0360 Greg KH
2010-12-08 0:58 ` [145/289] [media] hdpvr: Add missing URB_NO_TRANSFER_DMA_MAP flag Greg KH
2010-12-08 0:58 ` [146/289] [media] drivers/media/video/cx23885/cx23885-core.c: fix cx23885_dev_checkrevision() Greg KH
2010-12-08 0:58 ` [147/289] nfs: handle lock context allocation failures in nfs_create_request Greg KH
2010-12-08 0:58 ` [148/289] KVM: Write protect memory after slot swap Greg KH
2010-12-08 0:58 ` [149/289] KVM: x86: fix information leak to userland Greg KH
2010-12-08 0:58 ` [150/289] KVM: Correct ordering of ldt reload wrt fs/gs reload Greg KH
2010-12-08 0:58 ` [151/289] KVM: VMX: Fix host userspace gsbase corruption Greg KH
2010-12-08 0:58 ` [152/289] ASoC: Remove volatility from WM8900 POWER1 register Greg KH
2010-12-08 0:58 ` [153/289] ASoC: wm8961 - clear WM8961_DACSLOPE bit for normal mode Greg KH
2010-12-08 0:58 ` [154/289] ASoC: wm8961 - clear WM8961_MCLKDIV bit for freq <= 16500000 Greg KH
2010-12-08 0:58 ` [155/289] firewire: ohci: fix buffer overflow in AR split packet handling Greg KH
2010-12-08 0:58 ` [156/289] firewire: ohci: fix race " Greg KH
2010-12-08 0:58 ` [157/289] ALSA: hda - Fixed ALC887-VD initial error Greg KH
2010-12-08 0:58 ` [158/289] ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls Greg KH
2010-12-08 0:58 ` [159/289] ALSA: HDA: Add fixup pins for Ideapad Y550 Greg KH
2010-12-08 0:58 ` [160/289] ALSA: hda - Added fixup for Lenovo Y550P Greg KH
2010-12-08 0:58 ` [161/289] ALSA: hda: Add speaker pin to automute Acer Aspire 8943G Greg KH
2010-12-08 0:58 ` [162/289] ALSA: hda: Add Samsung R720 SSID for subwoofer pin fixup Greg KH
2010-12-08 0:59 ` [163/289] ALSA: hda - Use ALC_INIT_DEFAULT for really default initialization Greg KH
2010-12-08 0:59 ` [164/289] ALSA: hda - Fix ALC660-VD/ALC861-VD capture/playback mixers Greg KH
2010-12-08 0:59 ` [165/289] ALSA: HDA: Add an extra DAC for Realtek ALC887-VD Greg KH
2010-12-08 0:59 ` [166/289] ALSA: Fix SNDCTL_DSP_RESET ioctl for OSS emulation Greg KH
2010-12-08 0:59 ` [167/289] ALSA: hda: Use "alienware" model quirk for another SSID Greg KH
2010-12-08 0:59 ` [168/289] netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages Greg KH
2010-12-08 0:59 ` [169/289] netfilter: NF_HOOK_COND has wrong conditional Greg KH
2010-12-08 0:59 ` [170/289] radix-tree: fix RCU bug Greg KH
2010-12-08 0:59 ` [171/289] latencytop: fix per task accumulator Greg KH
2010-12-08 0:59 ` [172/289] mm/vfs: revalidate page->mapping in do_generic_file_read() Greg KH
2010-12-08 0:59 ` [173/289] bio: take care not overflow page count when mapping/copying user data Greg KH
2010-12-08 0:59 ` [174/289] drm/radeon/kms/atom: set sane defaults in atombios_get_encoder_mode() Greg KH
2010-12-08 0:59 ` [175/289] drm/radeon/kms: fix typos in disabled vbios code Greg KH
2010-12-08 0:59 ` [176/289] drm/radeon/kms: add workaround for dce3 ddc line vbios bug Greg KH
2010-12-08 0:59 ` [177/289] drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once Greg KH
2010-12-08 0:59 ` [178/289] drm/radeon/kms: fix thermal sensor reporting on rv6xx Greg KH
2010-12-08 0:59 ` [179/289] drm/radeon/kms: fix i2c pad masks on rs4xx Greg KH
2010-12-08 0:59 ` [180/289] drm/radeon/kms: fix resume regression for some r5xx laptops Greg KH
2010-12-08 0:59 ` [181/289] drm/radeon/kms: fix regression in rs4xx i2c setup Greg KH
2010-12-08 0:59 ` [182/289] drm/radeon/kms: fix interlaced and doublescan handling Greg KH
2010-12-08 0:59 ` [183/289] exec: make argv/envp memory visible to oom-killer Greg KH
2010-12-08 0:59 ` [184/289] exec: copy-and-paste the fixes into compat_do_execve() paths Greg KH
2010-12-08 0:59 ` [185/289] drm/i915/sdvo: Always add a 30ms delay to make SDVO TV detection reliable Greg KH
2010-12-08 0:59 ` [186/289] i915: reprogram power monitoring registers on resume Greg KH
2010-12-08 0:59 ` [187/289] intel-gtt: fix gtt_total_entries detection Greg KH
2010-12-08 0:59 ` [188/289] sched: fix RCU lockdep splat from task_group() Greg KH
2010-12-08 0:59 ` [189/289] libata: fix NULL sdev dereference race in atapi_qc_complete() Greg KH
2010-12-08 0:59 ` [190/289] PCI: fix size checks for mmap() on /proc/bus/pci files Greg KH
2010-12-08 0:59 ` [191/289] PCI: fix offset check for sysfs mmapped files Greg KH
2010-12-08 0:59 ` [192/289] xhci: Remove excessive printks with shared IRQs Greg KH
2010-12-08 0:59 ` [193/289] xHCI: fix wMaxPacketSize mask Greg KH
2010-12-08 0:59 ` [194/289] xhci: Fix reset-device and configure-endpoint commands Greg KH
2010-12-08 0:59 ` [195/289] xhci: Setup array of USB 2.0 and USB 3.0 ports Greg KH
2010-12-08 0:59 ` [196/289] xhci: Dont let the USB core disable SuperSpeed ports Greg KH
2010-12-08 0:59 ` [197/289] USB: gadget: AT91: fix typo in atmel_usba_udc driver Greg KH
2010-12-08 0:59 ` [198/289] usb: musb: fix kernel oops when loading musb_hdrc module for the 2nd time Greg KH
2010-12-08 0:59 ` [199/289] USB: ftdi_sio: add device IDs for Milkymist One JTAG/serial Greg KH
2010-12-08 0:59 ` [200/289] USB: option: fix when the driver is loaded incorrectly for some Huawei devices Greg KH
2010-12-08 0:59 ` [201/289] usb: misc: sisusbvga: fix information leak to userland Greg KH
2010-12-08 0:59 ` [202/289] usb: misc: iowarrior: " Greg KH
2010-12-08 0:59 ` [203/289] usb: core: " Greg KH
2010-12-08 0:59 ` [204/289] USB: ohci-jz4740: Fix spelling in MODULE_ALIAS Greg KH
2010-12-08 0:59 ` [205/289] Staging: rt2870: Add USB ID for Buffalo Airstation WLI-UC-GN Greg KH
2010-12-08 0:59 ` [206/289] USB: ehci: fix debugfs lpm permissions Greg KH
2010-12-08 0:59 ` [207/289] USB: EHCI: fix obscure race in ehci_endpoint_disable Greg KH
2010-12-08 0:59 ` [208/289] USB: ehci: disable LPM and PPCD for nVidia MCP89 chips Greg KH
2010-12-08 0:59 ` [209/289] USB: storage: sierra_ms: fix sysfs file attribute Greg KH
2010-12-08 0:59 ` [210/289] USB: atm: ueagle-atm: fix up some permissions on the sysfs files Greg KH
2010-12-08 0:59 ` [211/289] USB: misc: cypress_cy7c63: fix up some sysfs attribute permissions Greg KH
2010-12-08 0:59 ` [212/289] USB: misc: usbled: " Greg KH
2010-12-08 0:59 ` [213/289] USB: misc: trancevibrator: fix up a sysfs attribute permission Greg KH
2010-12-08 0:59 ` [214/289] USB: misc: usbsevseg: fix up some sysfs attribute permissions Greg KH
2010-12-08 0:59 ` [215/289] USB: ftdi_sio: Add ID for RT Systems USB-29B radio cable Greg KH
2010-12-08 0:59 ` [216/289] USB: serial: ftdi_sio: Vardaan USB RS422/485 converter PID added Greg KH
2010-12-08 0:59 ` [217/289] USB: fix autosuspend bug in usb-serial Greg KH
2010-12-08 0:59 ` [218/289] e1000: fix screaming IRQ Greg KH
2010-12-08 0:59 ` [219/289] ACPI: install ACPI table handler before any dynamic tables being loaded Greg KH
2010-12-08 0:59 ` [220/289] ACPI battery: support percentage battery remaining capacity Greg KH
2010-12-08 0:59 ` [221/289] acpi-cpufreq: fix a memleak when unloading driver Greg KH
2010-12-08 0:59 ` [222/289] ACPI: debugfs custom_method open to non-root Greg KH
2010-12-08 1:00 ` [223/289] PNPACPI: cope with invalid device IDs Greg KH
2010-12-08 1:00 ` [224/289] [media] saa7134: Fix autodetect for Behold A7 and H7 TV cards Greg KH
2010-12-08 1:00 ` [225/289] fuse: fix attributes after open(O_TRUNC) Greg KH
2010-12-08 1:00 ` [226/289] cs5535-gpio: apply CS5536 errata workaround for GPIOs Greg KH
2010-12-08 1:00 ` [227/289] do_exit(): make sure that we run with get_fs() == USER_DS Greg KH
2010-12-08 1:00 ` [228/289] mm/hugetlb.c: avoid double unlock_page() in hugetlb_fault() Greg KH
2010-12-08 1:00 ` [229/289] cifs: fix another memleak, in cifs_root_iget Greg KH
2010-12-08 1:00 ` [230/289] cifs: fix parsing of hostname in dfs referrals Greg KH
2010-12-08 1:00 ` [231/289] ath9k: fix timeout on stopping rx dma Greg KH
2010-12-08 1:00 ` [232/289] uml: disable winch irq before freeing handler data Greg KH
2010-12-08 1:00 ` [233/289] backlight: grab ops_lock before testing bd->ops Greg KH
2010-12-08 1:00 ` [234/289] nommu: yield CPU while disposing VM Greg KH
2010-12-08 1:00 ` [235/289] PM / PM QoS: Fix reversed min and max Greg KH
2010-12-08 1:00 ` [236/289] x86: Ignore trap bits on single step exceptions Greg KH
2010-12-08 1:00 ` [237/289] mmc: fix rmmod race for hosts using card-detection polling Greg KH
2010-12-08 1:00 ` [238/289] DECnet: dont leak uninitialized stack byte Greg KH
2010-12-08 1:00 ` [239/289] perf_events: Fix perf_counter_mmap() hook in mprotect() Greg KH
2010-12-08 1:00 ` [240/289] ARM: 6464/2: fix spinlock recursion in adjust_pte() Greg KH
2010-12-08 1:00 ` [241/289] ARM: 6489/1: thumb2: fix incorrect optimisation in usracc Greg KH
2010-12-08 1:00 ` [242/289] ARM: 6482/2: Fix find_next_zero_bit and related assembly Greg KH
2010-12-08 1:00 ` [243/289] leds: fix bug with reading NAS SS4200 dmi code Greg KH
2010-12-08 1:00 ` [244/289] serial: mfd: adjust the baud rate setting Greg KH
2010-12-08 1:00 ` [245/289] memcg: avoid deadlock between move charge and try_charge() Greg KH
2010-12-08 1:00 ` [246/289] Revert "vfs: show unreachable paths in getcwd and proc" Greg KH
2010-12-08 1:00 ` [247/289] Staging: udlfb: fix up some sysfs attribute permissions Greg KH
2010-12-08 1:00 ` [248/289] Staging: iio: adis16220: " Greg KH
2010-12-08 1:00 ` [249/289] Staging: iio: adis16220: fix up my fixup for " Greg KH
2010-12-08 1:00 ` [250/289] Staging: samsung-laptop: fix up " Greg KH
2010-12-08 1:00 ` [251/289] Staging: samsung-laptop: fix up my fixup for " Greg KH
2010-12-08 1:00 ` [252/289] Staging: frontier: fix up " Greg KH
2010-12-08 1:00 ` [253/289] staging: rtl8187se: Change panic to warn when RF switch turned off Greg KH
2010-12-08 1:00 ` [254/289] Staging: batman-adv: ensure that eth_type_trans gets linear memory Greg KH
2010-12-08 1:00 ` [255/289] perf: Fix inherit vs. context rotation bug Greg KH
2010-12-08 1:00 ` [256/289] ARM: 6456/1: Fix for building DEBUG with sa11xx_base.c as a module Greg KH
2010-12-08 1:00 ` [257/289] ARM: cns3xxx: Fix build with CONFIG_PCI=y Greg KH
2010-12-08 1:00 ` [258/289] PM / Hibernate: Fix memory corruption related to swap Greg KH
2010-12-08 1:00 ` [259/289] wmi: use memcmp instead of strncmp to compare GUIDs Greg KH
2010-12-08 1:00 ` [260/289] [S390] nohz/s390: fix arch_needs_cpu() return value on offline cpus Greg KH
2010-12-08 1:00 ` [261/289] genirq: Fix incorrect proc spurious output Greg KH
2010-12-08 1:00 ` [262/289] net: Truncate recvfrom and sendto length to INT_MAX Greg KH
2010-12-08 1:00 ` [263/289] net: Limit socket I/O iovec total " Greg KH
2010-12-08 1:00 ` [264/289] Input: i8042 - add Sony VAIO VPCZ122GX to nomux list Greg KH
2010-12-08 1:00 ` [265/289] omap: dma: Fix buffering disable bit setting for omap24xx Greg KH
2010-12-08 1:00 ` [266/289] OMAP3: DMA: Errata i541: sDMA FIFO draining does not finish Greg KH
2010-12-08 1:00 ` [267/289] memory corruption in X.25 facilities parsing Greg KH
2010-12-08 1:00 ` [268/289] [stable] [PATCH 2.6.36 stable] vlan: Avoid hwaccel vlan packets when vid not used Greg KH
2010-12-08 1:00 ` [269/289] kbuild: use getopt_long(), not its _only() variant Greg KH
2010-12-08 1:00 ` [270/289] filter: make sure filters dont read uninitialized memory Greg KH
2010-12-08 1:00 ` [271/289] can-bcm: fix minor heap overflow Greg KH
2010-12-08 1:00 ` [272/289] x25: Prevent crashing when parsing bad X.25 facilities Greg KH
2010-12-08 1:00 ` [273/289] crypto: padlock - Fix AES-CBC handling on odd-block-sized input Greg KH
2010-12-08 1:00 ` [274/289] ext4: fix NULL pointer dereference in print_daily_error_info() Greg KH
2010-12-08 1:00 ` [275/289] econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849 Greg KH
2010-12-08 1:00 ` [276/289] econet: fix CVE-2010-3850 Greg KH
2010-12-08 1:00 ` [277/289] econet: fix CVE-2010-3848 Greg KH
2010-12-08 1:00 ` [278/289] rds: Integer overflow in RDS cmsg handling Greg KH
2010-12-08 1:00 ` [279/289] cfg80211: fix extension channel checks to initiate communication Greg KH
2010-12-08 1:00 ` [280/289] [SCSI] qla2xxx: Add module parameter to enable/disable GFF_ID device type check Greg KH
2010-12-08 1:00 ` [281/289] [media] msp3400: fix mute audio regression Greg KH
2010-12-08 1:00 ` [282/289] r8169: fix rx checksum offload Greg KH
2010-12-08 1:01 ` [283/289] r8169: (re)init phy on resume Greg KH
2010-12-08 1:01 ` [284/289] r8169: revert "Handle rxfifo errors on 8168 chips" Greg KH
2010-12-08 1:01 ` [285/289] r8169: fix checksum broken Greg KH
2010-12-08 1:01 ` [286/289] [S390] nmi: fix clock comparator revalidation Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.