9 years agoTTY: restore tty_ldisc_wait_idle
Jiri Slaby [Sun, 31 Oct 2010 22:17:51 +0000]
TTY: restore tty_ldisc_wait_idle

It was removed in 65b770468e98 (tty-ldisc: turn ldisc user count into
a proper refcount), but we need to wait for last user to quit the
ldisc before we close it in tty_set_ldisc.

Otherwise weird things start to happen. There might be processes
waiting in tty_read->n_tty_read on tty->read_wait for input to appear
and at that moment, a change of ldisc is fatal. n_tty_close is called,
it frees read_buf and the waiting process is still in the middle of
reading and goes nuts after it is woken.

Previously we prevented close to happen when others are in ldisc ops
by tty_ldisc_wait_idle in tty_set_ldisc. But the commit above removed
that. So revoke the change and test whether there is 1 user (=we), and
allow the close then.

We can do that without ldisc/tty locks, because nobody else can open
the device due to TTY_LDISC_CHANGING bit set, so we in fact wait for
everybody to leave.

I don't understand why tty_ldisc_lock would be needed either when the
counter is an atomic variable, so this is a lockless
tty_ldisc_wait_idle.

On the other hand, if we fail to wait (timeout or signal), we have to
reenable the halted ldiscs, so we take ldisc lock and reuse the setup
path at the end of tty_set_ldisc.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Sebastian Andrzej Siewior <bigeasy@breakpoint.cc>
LKML-Reference: <20101031104136.GA511@Chamillionaire.breakpoint.cc>
LKML-Reference: <1287669539-22644-1-git-send-email-jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Cc: stable@kernel.org [32, 33, 36]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agoSERIAL: blacklist si3052 chip
Maciej Szmigiero [Tue, 26 Oct 2010 19:48:21 +0000]
SERIAL: blacklist si3052 chip

[SERIAL]blacklist si3052 chip

Si3052-based softmodems aren't serial ports so don't bind serial driver to them.
Allows proper driver to bind to them.

Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agodrivers/serial/bfin_5xx.c: Fix line continuation defects
Joe Perches [Sun, 7 Nov 2010 21:10:23 +0000]
drivers/serial/bfin_5xx.c: Fix line continuation defects

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agotty: prevent DOS in the flush_to_ldisc
Jiri Olsa [Mon, 8 Nov 2010 18:01:47 +0000]
tty: prevent DOS in the flush_to_ldisc

There's a small window inside the flush_to_ldisc function,
where the tty is unlocked and calling ldisc's receive_buf
function. If in this window new buffer is added to the tty,
the processing might never leave the flush_to_ldisc function.

This scenario will hog the cpu, causing other tty processing
starving, and making it impossible to interface the computer
via tty.

I was able to exploit this via pty interface by sending only
control characters to the master input, causing the flush_to_ldisc
to be scheduled, but never actually generate any output.

To reproduce, please run multiple instances of following code.

- SNIP
#define _XOPEN_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

int main(int argc, char **argv)
{
        int i, slave, master = getpt();
        char buf[8192];

        sprintf(buf, "%s", ptsname(master));
        grantpt(master);
        unlockpt(master);

        slave = open(buf, O_RDWR);
        if (slave < 0) {
                perror("open slave failed");
                return 1;
        }

        for(i = 0; i < sizeof(buf); i++)
                buf[i] = rand() % 32;

        while(1) {
                write(master, buf, sizeof(buf));
        }

        return 0;
}
- SNIP

The attached patch (based on -next tree) fixes this by checking on the
tty buffer tail. Once it's reached, the current work is rescheduled
and another could run.

Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Cc: stable <stable@kernel.org>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years ago8250: add support for Kouwell KW-L221N-2
Mikulas Patocka [Tue, 26 Oct 2010 18:20:48 +0000]
8250: add support for Kouwell KW-L221N-2

Add support for Kouwell KW-L221N-2 card.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agonozomi: Fix warning from the previous TIOCGCOUNT changes
Alan Cox [Tue, 26 Oct 2010 14:56:34 +0000]
nozomi: Fix warning from the previous TIOCGCOUNT changes

Just remove a now unused variable

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agotty: fix warning in synclink driver
Andres Salomon [Tue, 9 Nov 2010 22:10:38 +0000]
tty: fix warning in synclink driver

During builds I see the following warning -

CC [M] drivers/char/pcmcia/synclink_cs.o
drivers/char/pcmcia/synclink_cs.c:2194: warning: ‘mgslpc_get_icount’ defined but not used

The function is a callback meant to be assigned to get_icount (added during 0587102cf).
Fix accordingly.

Signed-off-by: Andres Salomon <dilinger@queued.net>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agotty: Fix formatting in tty.h
Alan Cox [Tue, 9 Nov 2010 10:48:25 +0000]
tty: Fix formatting in tty.h

Someone added a new ldisc number and messed up the tabbing. Fix it before
anyone else copies it.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agotty: the development tree is now done in git
Greg Kroah-Hartman [Tue, 9 Nov 2010 17:15:40 +0000]
tty: the development tree is now done in git

So properly mark it as such in the MAINTAINERS file.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agoMerge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Linus Torvalds [Mon, 8 Nov 2010 19:54:53 +0000]
Merge branch 'for_linus' of git://git./linux/kernel/git/tytso/ext4

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: Add new ext4 inode tracepoints
  ext4: Don't call sb_issue_discard() in ext4_free_blocks()
  ext4: do not try to grab the s_umount semaphore in ext4_quota_off
  ext4: fix potential race when freeing ext4_io_page structures
  ext4: handle writeback of inodes which are being freed
  ext4: initialize the percpu counters before replaying the journal
  ext4: "ret" may be used uninitialized in ext4_lazyinit_thread()
  ext4: fix lazyinit hang after removing request

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6
Linus Torvalds [Mon, 8 Nov 2010 18:55:29 +0000]
Merge git://git./linux/kernel/git/gregkh/tty-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
  TTY: move .gitignore from drivers/char/ to drivers/tty/vt/
  TTY: create drivers/tty/vt and move the vt code there
  TTY: create drivers/tty and move the tty core files there

9 years agoMerge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Mon, 8 Nov 2010 18:54:49 +0000]
Merge branch 'staging-linus' of git://git./linux/kernel/git/gregkh/staging-next-2.6

* 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-next-2.6:
  Staging: ath6kl: remove empty files that mess with 'distclean'
  staging: ath6kl: Fixing the driver to use modified mmc_host structure
  Staging: solo6x10: fix build problem

9 years agoMerge branch 'rmobile-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Mon, 8 Nov 2010 18:54:23 +0000]
Merge branch 'rmobile-fixes-for-linus' of git://git./linux/kernel/git/lethal/sh-2.6

* 'rmobile-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
  mmc: sh_mmcif: Convert extern inline to static inline.
  ARM: mach-shmobile: Allow GPIO chips to register IRQ mappings.
  ARM: mach-shmobile: fix sh7372 after a recent clock framework rework
  ARM: mach-shmobile: include drivers/sh/Kconfig
  ARM: mach-shmobile: ap4evb: Add HDMI sound support
  ARM: mach-shmobile: clock-sh7372: Add FSIDIV clock support
  ARM: shmobile: remove sh_timer_config clk member

9 years agoMerge branch 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Mon, 8 Nov 2010 18:53:21 +0000]
Merge branch 'sh-fixes-for-linus' of git://git./linux/kernel/git/lethal/sh-2.6

* 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
  sh: clkfwk: Fix up checkpatch warnings.
  sh: make some needlessly global sh7724 clocks static
  sh: add clk_round_parent() to optimize parent clock rate
  sh: Simplify phys_addr_mask()/PTE_PHYS_MASK for 29/32-bit.
  sh: nommu: Support building without an uncached mapping.
  sh: nommu: use 32-bit phys mode.
  sh: mach-se: Fix up SE7206 no ioport build.
  sh: intc: Update for single IRQ reservation helper.
  sh: clkfwk: Fix up rate rounding error handling.
  sh: mach-se: Rip out superfluous 7751 PIO routines.
  sh: mach-se: Rip out superfluous 770x PIO routines.
  sh: mach-edosk7705: Kill off machtype, consolidate board def.
  sh: mach-edosk7705: update for this century, kill off PIO trapping.
  sh: mach-se: Rip out superfluous 7206 PIO routines.
  sh: mach-systemh: Kill off dead board.
  sh: mach-snapgear: Kill off machtype, consolidate board def.
  sh: mach-snapgear: Rip out superfluous PIO routines.
  sh: mach-microdev: SuperIO-relative ioport mapping.

9 years agoext4: Add new ext4 inode tracepoints
Theodore Ts'o [Mon, 8 Nov 2010 18:51:33 +0000]
ext4: Add new ext4 inode tracepoints

Add ext4_evict_inode, ext4_drop_inode, ext4_mark_inode_dirty, and
ext4_begin_ordered_truncate()

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

9 years agoext4: Don't call sb_issue_discard() in ext4_free_blocks()
Theodore Ts'o [Mon, 8 Nov 2010 18:49:33 +0000]
ext4: Don't call sb_issue_discard() in ext4_free_blocks()

Commit 5c521830cf (ext4: Support discard requests when running in
no-journal mode) attempts to add sb_issue_discard() for data blocks
(in data=writeback mode) and in no-journal mode.  Unfortunately, this
no longer works, because in commit dd3932eddf (block: remove
BLKDEV_IFL_WAIT), sb_issue_discard() only presents a synchronous
interface, and there are times when we call ext4_free_blocks() when we
are are holding a spinlock, or are otherwise in an atomic context.

For now, I've removed the call to sb_issue_discard() to prevent a
deadlock or (if spinlock debugging is enabled) failures like this:

BUG: scheduling while atomic: rc.sysinit/1376/0x00000002
Pid: 1376, comm: rc.sysinit Not tainted 2.6.36-ARCH #1
Call Trace:
[<ffffffff810397ce>] __schedule_bug+0x5e/0x70
[<ffffffff81403110>] schedule+0x950/0xa70
[<ffffffff81060bad>] ? insert_work+0x7d/0x90
[<ffffffff81060fbd>] ? queue_work_on+0x1d/0x30
[<ffffffff81061127>] ? queue_work+0x37/0x60
[<ffffffff8140377d>] schedule_timeout+0x21d/0x360
[<ffffffff812031c3>] ? generic_make_request+0x2c3/0x540
[<ffffffff81402680>] wait_for_common+0xc0/0x150
[<ffffffff81041490>] ? default_wake_function+0x0/0x10
[<ffffffff812034bc>] ? submit_bio+0x7c/0x100
[<ffffffff810680a0>] ? wake_bit_function+0x0/0x40
[<ffffffff814027b8>] wait_for_completion+0x18/0x20
[<ffffffff8120a969>] blkdev_issue_discard+0x1b9/0x210
[<ffffffff811ba03e>] ext4_free_blocks+0x68e/0xb60
[<ffffffff811b1650>] ? __ext4_handle_dirty_metadata+0x110/0x120
[<ffffffff811b098c>] ext4_ext_truncate+0x8cc/0xa70
[<ffffffff810d713e>] ? pagevec_lookup+0x1e/0x30
[<ffffffff81191618>] ext4_truncate+0x178/0x5d0
[<ffffffff810eacbb>] ? unmap_mapping_range+0xab/0x280
[<ffffffff810d8976>] vmtruncate+0x56/0x70
[<ffffffff811925cb>] ext4_setattr+0x14b/0x460
[<ffffffff811319e4>] notify_change+0x194/0x380
[<ffffffff81117f80>] do_truncate+0x60/0x90
[<ffffffff811e08fa>] ? security_inode_permission+0x1a/0x20
[<ffffffff811eaec1>] ? tomoyo_path_truncate+0x11/0x20
[<ffffffff81127539>] do_last+0x5d9/0x770
[<ffffffff811278bd>] do_filp_open+0x1ed/0x680
[<ffffffff8140644f>] ? page_fault+0x1f/0x30
[<ffffffff81132bfc>] ? alloc_fd+0xec/0x140
[<ffffffff81118db1>] do_sys_open+0x61/0x120
[<ffffffff81118e8b>] sys_open+0x1b/0x20
[<ffffffff81002e6b>] system_call_fastpath+0x16/0x1b

https://bugzilla.kernel.org/show_bug.cgi?id=22302

Reported-by: Mathias Burén <mathias.buren@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: jiayingz@google.com

9 years agoext4: do not try to grab the s_umount semaphore in ext4_quota_off
Dmitry Monakhov [Mon, 8 Nov 2010 18:47:33 +0000]
ext4: do not try to grab the s_umount semaphore in ext4_quota_off

It's not needed to sync the filesystem, and it fixes a lock_dep complaint.

Signed-off-by: Dmitry Monakhov <dmonakhov@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>

9 years agoext4: fix potential race when freeing ext4_io_page structures
Theodore Ts'o [Mon, 8 Nov 2010 18:45:33 +0000]
ext4: fix potential race when freeing ext4_io_page structures

Use an atomic_t and make sure we don't free the structure while we
might still be submitting I/O for that page.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

9 years agoext4: handle writeback of inodes which are being freed
Theodore Ts'o [Mon, 8 Nov 2010 18:43:33 +0000]
ext4: handle writeback of inodes which are being freed

The following BUG can occur when an inode which is getting freed when
it still has dirty pages outstanding, and it gets deleted (in this
because it was the target of a rename).  In ordered mode, we need to
make sure the data pages are written just in case we crash before the
rename (or unlink) is committed.  If the inode is being freed then
when we try to igrab the inode, we end up tripping the BUG_ON at
fs/ext4/page-io.c:146.

To solve this problem, we need to keep track of the number of io
callbacks which are pending, and avoid destroying the inode until they
have all been completed.  That way we don't have to bump the inode
count to keep the inode from being destroyed; an approach which
doesn't work because the count could have already been dropped down to
zero before the inode writeback has started (at which point we're not
allowed to bump the count back up to 1, since it's already started
getting freed).

Thanks to Dave Chinner for suggesting this approach, which is also
used by XFS.

  kernel BUG at /scratch_space/linux-2.6/fs/ext4/page-io.c:146!
  Call Trace:
   [<ffffffff811075b1>] ext4_bio_write_page+0x172/0x307
   [<ffffffff811033a7>] mpage_da_submit_io+0x2f9/0x37b
   [<ffffffff811068d7>] mpage_da_map_and_submit+0x2cc/0x2e2
   [<ffffffff811069b3>] mpage_add_bh_to_extent+0xc6/0xd5
   [<ffffffff81106c66>] write_cache_pages_da+0x2a4/0x3ac
   [<ffffffff81107044>] ext4_da_writepages+0x2d6/0x44d
   [<ffffffff81087910>] do_writepages+0x1c/0x25
   [<ffffffff810810a4>] __filemap_fdatawrite_range+0x4b/0x4d
   [<ffffffff810815f5>] filemap_fdatawrite_range+0xe/0x10
   [<ffffffff81122a2e>] jbd2_journal_begin_ordered_truncate+0x7b/0xa2
   [<ffffffff8110615d>] ext4_evict_inode+0x57/0x24c
   [<ffffffff810c14a3>] evict+0x22/0x92
   [<ffffffff810c1a3d>] iput+0x212/0x249
   [<ffffffff810bdf16>] dentry_iput+0xa1/0xb9
   [<ffffffff810bdf6b>] d_kill+0x3d/0x5d
   [<ffffffff810be613>] dput+0x13a/0x147
   [<ffffffff810b990d>] sys_renameat+0x1b5/0x258
   [<ffffffff81145f71>] ? _atomic_dec_and_lock+0x2d/0x4c
   [<ffffffff810b2950>] ? cp_new_stat+0xde/0xea
   [<ffffffff810b29c1>] ? sys_newlstat+0x2d/0x38
   [<ffffffff810b99c6>] sys_rename+0x16/0x18
   [<ffffffff81002a2b>] system_call_fastpath+0x16/0x1b

Reported-by: Nick Bowler <nbowler@elliptictech.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Tested-by: Nick Bowler <nbowler@elliptictech.com>

9 years agoMerge branch 'rmobile/core' into rmobile-fixes-for-linus
Paul Mundt [Mon, 8 Nov 2010 00:51:41 +0000]
Merge branch 'rmobile/core' into rmobile-fixes-for-linus

9 years agoMerge branches 'sh/pio-death', 'sh/nommu', 'sh/clkfwk', 'sh/core' and 'sh/intc-extens...
Paul Mundt [Mon, 8 Nov 2010 00:42:43 +0000]
Merge branches 'sh/pio-death', 'sh/nommu', 'sh/clkfwk', 'sh/core' and 'sh/intc-extension' into sh-fixes-for-linus

9 years agosh: clkfwk: Fix up checkpatch warnings.
Paul Mundt [Mon, 8 Nov 2010 00:40:23 +0000]
sh: clkfwk: Fix up checkpatch warnings.

The clk_round_parent() change introduced various checkpatch warnings,
tidy them up.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agosh: make some needlessly global sh7724 clocks static
Guennadi Liakhovetski [Thu, 4 Nov 2010 14:14:29 +0000]
sh: make some needlessly global sh7724 clocks static

These clocks are currently only used inside one .c file and are not
declared in any headers, therefore having them global is useless.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agosh: add clk_round_parent() to optimize parent clock rate
Guennadi Liakhovetski [Tue, 2 Nov 2010 11:27:24 +0000]
sh: add clk_round_parent() to optimize parent clock rate

Sometimes it is possible and reasonable to adjust the parent clock rate to
improve precision of the child clock, e.g., if the child clock has no siblings.
clk_round_parent() is a new addition to the SH clock-framework API, that
implements such an optimization for child clocks with divisors, taking all
integer values in a range.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agoStaging: ath6kl: remove empty files that mess with 'distclean'
Greg Kroah-Hartman [Sat, 6 Nov 2010 18:27:04 +0000]
Staging: ath6kl: remove empty files that mess with 'distclean'

These two .h files would get removed from the tree when doing
make distclean

It turns out they are not needed at all, so just delete them which fixes
people's git trees when doing development.

Reported-by: Andi Kleen <andi@firstfloor.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agofloppy: fix another use-after-free
Vivek Goyal [Sat, 6 Nov 2010 12:16:05 +0000]
floppy: fix another use-after-free

While scanning the floopy code due to c093ee4f07f4 ("floppy: fix
use-after-free in module load failure path"), I found one more instance
of trying to access disk->queue pointer after doing put_disk() on
gendisk.  For some reason , floppy moule still loads/unloads fine.  The
object is probably still around with right pointer values.

 o There seems to be one more instance of trying to cleanup the request
   queue after we have called put_disk() on associated gendisk.

 o This fix is more out of code inspection.  Even without this fix for
   some reason I am able to load/unload floppy module without any
   issues.

 o Floppy module loads/unloads fine after the fix.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agoTTY: move .gitignore from drivers/char/ to drivers/tty/vt/
Greg Kroah-Hartman [Sat, 6 Nov 2010 05:18:23 +0000]
TTY: move .gitignore from drivers/char/ to drivers/tty/vt/

The autogenerated files (consolemap_deftbl.c and defkeymap.c) need to
be ignored by git, so move the .gitignore file that was doing it to the
properly location now that the files have moved as well.

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agoipw2x00: remove the right /proc/net entry
Linus Torvalds [Sat, 6 Nov 2010 01:57:04 +0000]
ipw2x00: remove the right /proc/net entry

Commit 27ae60f8f7aa ("ipw2x00: replace "ieee80211" with "libipw" where
appropriate") changed DRV_NAME to be "libipw", but didn't properly fix
up the places where it was used to specify the name for the /proc/net/
directory.

For backwards compatibility reasons, that directory name remained
"ieee80211", but due to the DRV_NAME change, the error case printouts
and the cleanup functions now used "libipw" instead.  Which made it all
fail badly.

For example, on module unload as reported by Randy:

  WARNING: at fs/proc/generic.c:816 remove_proc_entry+0x156/0x35e()
  name 'libipw'

because it's trying to unregister a /proc directory that obviously
doesn't even exist.

Clean it all up to use DRV_PROCNAME for the actual /proc directory name.

Reported-and-tested-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Pavel Roskin <proski@gnu.org>
Cc: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agoMerge branch 'kvm-updates/2.6.37' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Sat, 6 Nov 2010 00:49:22 +0000]
Merge branch 'kvm-updates/2.6.37' of git://git./virt/kvm/kvm

* 'kvm-updates/2.6.37' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: PPC: BookE: Load the lower half of MSR
  KVM: PPC: BookE: fix sleep with interrupts disabled
  KVM: PPC: e500: Call kvm_vcpu_uninit() before kvmppc_e500_tlb_uninit().
  PPC: KVM: Book E doesn't have __end_interrupts.
  KVM: x86: Issue smp_call_function_many with preemption disabled
  KVM: x86: fix information leak to userland
  KVM: PPC: fix information leak to userland
  KVM: MMU: fix rmap_remove on non present sptes
  KVM: Write protect memory after slot swap

9 years agofloppy: fix use-after-free in module load failure path
Linus Torvalds [Sat, 6 Nov 2010 00:45:59 +0000]
floppy: fix use-after-free in module load failure path

Commit 488211844e0c ("floppy: switch to one queue per drive instead of
sharing a queue") introduced a use-after-free.  We do "put_disk()" on
the disk device _before_ we then clean up the queue associated with that
disk.

Move the put_disk() down to avoid dereferencing a free'd data structure.

Cc: Jens Axboe <jaxboe@fusionio.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Reported-and-tested-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agowatchdog: Fix section mismatch and potential undefined behavior.
David Daney [Fri, 5 Nov 2010 23:17:39 +0000]
watchdog: Fix section mismatch and potential undefined behavior.

Commit d9ca07a05ce1 ("watchdog: Avoid kernel crash when disabling
watchdog") introduces a section mismatch.

Now that we reference no_watchdog from non-__init code it can no longer
be __initdata.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Fri, 5 Nov 2010 22:25:48 +0000]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (41 commits)
  inet_diag: Make sure we actually run the same bytecode we audited.
  netlink: Make nlmsg_find_attr take a const nlmsghdr*.
  fib: fib_result_assign() should not change fib refcounts
  netfilter: ip6_tables: fix information leak to userspace
  cls_cgroup: Fix crash on module unload
  memory corruption in X.25 facilities parsing
  net dst: fix percpu_counter list corruption and poison overwritten
  rds: Remove kfreed tcp conn from list
  rds: Lost locking in loop connection freeing
  de2104x: fix panic on load
  atl1 : fix panic on load
  netxen: remove unused firmware exports
  caif: Remove noisy printout when disconnecting caif socket
  caif: SPI-driver bugfix - incorrect padding.
  caif: Bugfix for socket priority, bindtodev and dbg channel.
  smsc911x: Set Ethernet EEPROM size to supported device's size
  ipv4: netfilter: ip_tables: fix information leak to userland
  ipv4: netfilter: arp_tables: fix information leak to userland
  cxgb4vf: remove call to stop TX queues at load time.
  cxgb4: remove call to stop TX queues at load time.
  ...

9 years agoMerge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1...
Linus Torvalds [Fri, 5 Nov 2010 21:17:22 +0000]
Merge branch 'fixes' of git://git./linux/kernel/git/ieee1394/linux1394-2.6

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: ohci: fix race when reading count in AR descriptor
  firewire: ohci: avoid reallocation of AR buffers
  firewire: ohci: fix race in AR split packet handling
  firewire: ohci: fix buffer overflow in AR split packet handling

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
Linus Torvalds [Fri, 5 Nov 2010 21:17:01 +0000]
Merge git://git./linux/kernel/git/sfrench/cifs-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  cifs: make cifs_set_oplock_level() take a cifsInodeInfo pointer
  cifs: dereferencing first then checking
  cifs: trivial comment fix: tlink_tree is now a rbtree
  [CIFS] Cleanup unused variable build warning
  cifs: convert tlink_tree to a rbtree
  cifs: store pointer to master tlink in superblock (try #2)
  cifs: trivial doc fix: note setlease implemented
  CIFS: Add cifs_set_oplock_level
  FS: cifs, remove unneeded NULL tests

9 years agoposix-cpu-timers: workaround to suppress the problems with mt exec
Oleg Nesterov [Fri, 5 Nov 2010 15:53:42 +0000]
posix-cpu-timers: workaround to suppress the problems with mt exec

posix-cpu-timers.c correctly assumes that the dying process does
posix_cpu_timers_exit_group() and removes all !CPUCLOCK_PERTHREAD
timers from signal->cpu_timers list.

But, it also assumes that timer->it.cpu.task is always the group
leader, and thus the dead ->task means the dead thread group.

This is obviously not true after de_thread() changes the leader.
After that almost every posix_cpu_timer_ method has problems.

It is not simple to fix this bug correctly. First of all, I think
that timer->it.cpu should use struct pid instead of task_struct.
Also, the locking should be reworked completely. In particular,
tasklist_lock should not be used at all. This all needs a lot of
nontrivial and hard-to-test changes.

Change __exit_signal() to do posix_cpu_timers_exit_group() when
the old leader dies during exec. This is not the fix, just the
temporary hack to hide the problem for 2.6.37 and stable. IOW,
this is obviously wrong but this is what we currently have anyway:
cpu timers do not work after mt exec.

In theory this change adds another race. The exiting leader can
detach the timers which were attached to the new leader. However,
the window between de_thread() and release_task() is small, we
can pretend that sys_timer_create() was called before de_thread().

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agoMerge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groec...
Linus Torvalds [Fri, 5 Nov 2010 21:15:17 +0000]
Merge branch 'hwmon-for-linus' of git://git./linux/kernel/git/groeck/staging

* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging:
  hwmon: (ltc4261) Fix error message format
  hwmon: (ltc4261) Add missing newline in debug message

9 years agocifs: make cifs_set_oplock_level() take a cifsInodeInfo pointer
Pavel Shilovsky [Wed, 3 Nov 2010 07:58:57 +0000]
cifs: make cifs_set_oplock_level() take a cifsInodeInfo pointer

All the callers already have a pointer to struct cifsInodeInfo. Use it.

Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agohwmon: (ltc4261) Fix error message format
Jean Delvare [Fri, 5 Nov 2010 14:59:29 +0000]
hwmon: (ltc4261) Fix error message format

adapter->id is deprecated and not set by any adapter driver, so this
was certainly not what the author wanted to use. adapter->nr maybe,
but as dev_err() already includes this value, as well as the client's
address, there's no point repeating them. Better print a simple error
message in plain English words.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>

9 years agohwmon: (ltc4261) Add missing newline in debug message
Guenter Roeck [Tue, 26 Oct 2010 22:59:21 +0000]
hwmon: (ltc4261) Add missing newline in debug message

Reported-by: Joe Perches <joe@perches.com>
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Acked-by: Jean Delvare <khali@linux-fr.org>

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile
Linus Torvalds [Fri, 5 Nov 2010 16:52:25 +0000]
Merge git://git./linux/kernel/git/cmetcalf/linux-tile

* git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
  arch/tile: mark "hardwall" device as non-seekable
  asm-generic/stat.h: support 64-bit file time_t for stat()
  arch/tile: don't allow user code to set the PL via ptrace or signal return
  arch/tile: correct double syscall restart for nested signals
  arch/tile: avoid __must_check warning on one strict_strtol check
  arch/tile: bomb raw_local_irq_ to arch_local_irq_
  arch/tile: complete migration to new kmap_atomic scheme

9 years agoleds-net5501: taints kernel, add license
Randy Dunlap [Thu, 4 Nov 2010 17:28:00 +0000]
leds-net5501: taints kernel, add license

Add MODULE_LICENSE() that matches file comments so that kernel
is not tainted.

leds_net5501: module license 'unspecified' taints kernel.

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Acked-by: Richard Purdie <rpurdie@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agoKVM: PPC: BookE: Load the lower half of MSR
Scott Wood [Thu, 30 Sep 2010 19:31:27 +0000]
KVM: PPC: BookE: Load the lower half of MSR

This was preventing the guest from setting any bits in the
hardware MSR which aren't forced on, such as MSR[SPE].

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

9 years agoKVM: PPC: BookE: fix sleep with interrupts disabled
Scott Wood [Thu, 30 Sep 2010 19:28:50 +0000]
KVM: PPC: BookE: fix sleep with interrupts disabled

It is not legal to call mutex_lock() with interrupts disabled.
This will assert with debug checks enabled.

If there's a real need to disable interrupts here, it could be done
after the mutex is acquired -- but I don't see why it's needed at all.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Reviewed-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

9 years agoKVM: PPC: e500: Call kvm_vcpu_uninit() before kvmppc_e500_tlb_uninit().
Scott Wood [Tue, 5 Oct 2010 19:22:41 +0000]
KVM: PPC: e500: Call kvm_vcpu_uninit() before kvmppc_e500_tlb_uninit().

The VCPU uninit calls some TLB functions, and the TLB uninit function
frees the memory used by them.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Acked-by: Liu Yu <yu.liu@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

9 years agoPPC: KVM: Book E doesn't have __end_interrupts.
Scott Wood [Mon, 18 Oct 2010 22:35:48 +0000]
PPC: KVM: Book E doesn't have __end_interrupts.

Fix an unresolved symbol with CONFIG_KVM_GUEST plus CONFIG_RELOCATABLE on
Book E.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

9 years agoKVM: x86: Issue smp_call_function_many with preemption disabled
Jan Kiszka [Mon, 1 Nov 2010 13:01:13 +0000]
KVM: x86: Issue smp_call_function_many with preemption disabled

smp_call_function_many is specified to be called only with preemption
disabled. Fulfill this requirement.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

9 years agoKVM: x86: fix information leak to userland
Vasiliy Kulikov [Sat, 30 Oct 2010 18:54:47 +0000]
KVM: x86: fix information leak to userland

Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and
kvm_clock_data are copied to userland with some padding and reserved
fields unitialized.  It leads to leaking of contents of kernel stack
memory.  We have to initialize them to zero.

In patch v1 Jan Kiszka suggested to fill reserved fields with zeros
instead of memset'ting the whole struct.  It makes sense as these
fields are explicitly marked as padding.  No more fields need zeroing.

KVM-Stable-Tag.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

9 years agoKVM: PPC: fix information leak to userland
Vasiliy Kulikov [Sat, 30 Oct 2010 09:04:24 +0000]
KVM: PPC: fix information leak to userland

Structure kvm_ppc_pvinfo is copied to userland with flags and
pad fields unitialized.  It leads to leaking of contents of
kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

9 years agoKVM: MMU: fix rmap_remove on non present sptes
Marcelo Tosatti [Mon, 25 Oct 2010 13:58:22 +0000]
KVM: MMU: fix rmap_remove on non present sptes

drop_spte should not attempt to rmap_remove a non present shadow pte.

This fixes a BUG_ON seen on kvm-autotest.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Reported-by: Lucas Meneghel Rodrigues <lmr@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

9 years agoKVM: Write protect memory after slot swap
Michael S. Tsirkin [Mon, 25 Oct 2010 01:21:24 +0000]
KVM: Write protect memory after slot swap

I have observed the following bug trigger:

1. userspace calls GET_DIRTY_LOG
2. kvm_mmu_slot_remove_write_access is called and makes a page ro
3. page fault happens and makes the page writeable
   fault is logged in the bitmap appropriately
4. kvm_vm_ioctl_get_dirty_log swaps slot pointers

a lot of time passes

5. guest writes into the page
6. userspace calls GET_DIRTY_LOG

At point (5), bitmap is clean and page is writeable,
thus, guest modification of memory is not logged
and GET_DIRTY_LOG returns an empty bitmap.

The rule is that all pages are either dirty in the current bitmap,
or write-protected, which is violated here.

It seems that just moving kvm_mmu_slot_remove_write_access down
to after the slot pointer swap should fix this bug.

KVM-Stable-Tag.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

9 years agoClean up relay_alloc_page_array() slightly by using vzalloc rather than vmalloc and...
Jesper Juhl [Thu, 4 Nov 2010 20:44:41 +0000]
Clean up relay_alloc_page_array() slightly by using vzalloc rather than vmalloc and memset

We can optimize kernel/relay.c::relay_alloc_page_array() slightly by
using vzalloc.  The patch makes these changes:

 - use vzalloc instead of vmalloc+memset.
 - remove redundant local variable 'array'.
 - declare local 'pa_size' as const.

Cuts down nicely on both source and object-code size.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Pekka Enberg <penberg@kernel.org>
Acked-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agoTTY: create drivers/tty/vt and move the vt code there
Greg Kroah-Hartman [Thu, 4 Nov 2010 19:50:47 +0000]
TTY: create drivers/tty/vt and move the vt code there

The vt and other related code is moved into the drivers/tty/vt directory.

Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agoTTY: create drivers/tty and move the tty core files there
Greg Kroah-Hartman [Thu, 4 Nov 2010 18:10:29 +0000]
TTY: create drivers/tty and move the tty core files there

The tty code should be in its own subdirectory and not in the char
driver with all of the cruft that is currently there.

Based on work done by Arnd Bergmann <arnd@arndb.de>

Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agoMerge branch 'for-linus-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg...
Linus Torvalds [Fri, 5 Nov 2010 14:54:40 +0000]
Merge branch 'for-linus-fixes' of git://git./linux/kernel/git/gerg/m68knommu

* 'for-linus-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68k, m68knommu: Do not include linux/hardirq.h in asm/irqflags.h
  m68knommu: add back in declaration of do_IRQ

9 years agocifs: dereferencing first then checking
Jeff Layton [Tue, 2 Nov 2010 20:22:50 +0000]
cifs: dereferencing first then checking

This patch is based on Dan's original patch. His original description is
below:

Smatch complained about a couple checking for NULL after dereferencing
bugs.  I'm not super familiar with the code so I did the conservative
thing and move the dereferences after the checks.

The dereferences in cifs_lock() and cifs_fsync() were added in
ba00ba64cf0 "cifs: make various routines use the cifsFileInfo->tcon
pointer".  The dereference in find_writable_file() was added in
6508d904e6f "cifs: have find_readable/writable_file filter by fsuid".
The comments there say it's possible to trigger the NULL dereference
under stress.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agocifs: trivial comment fix: tlink_tree is now a rbtree
Suresh Jayaraman [Wed, 3 Nov 2010 05:23:49 +0000]
cifs: trivial comment fix: tlink_tree is now a rbtree

Noticed while reviewing (late) the rbtree conversion patchset (which has been merged
already).

Cc: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agoinet_diag: Make sure we actually run the same bytecode we audited.
Nelson Elhage [Wed, 3 Nov 2010 16:35:41 +0000]
inet_diag: Make sure we actually run the same bytecode we audited.

We were using nlmsg_find_attr() to look up the bytecode by attribute when
auditing, but then just using the first attribute when actually running
bytecode. So, if we received a message with two attribute elements, where only
the second had type INET_DIAG_REQ_BYTECODE, we would validate and run different
bytecode strings.

Fix this by consistently using nlmsg_find_attr everywhere.

Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Thomas Graf <tgraf@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agonetlink: Make nlmsg_find_attr take a const nlmsghdr*.
Nelson Elhage [Wed, 3 Nov 2010 16:35:40 +0000]
netlink: Make nlmsg_find_attr take a const nlmsghdr*.

This will let us use it on a nlmsghdr stored inside a netlink_callback.

Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agofib: fib_result_assign() should not change fib refcounts
Eric Dumazet [Thu, 4 Nov 2010 01:21:39 +0000]
fib: fib_result_assign() should not change fib refcounts

After commit ebc0ffae5 (RCU conversion of fib_lookup()),
fib_result_assign()  should not change fib refcounts anymore.

Thanks to Michael who did the bisection and bug report.

Reported-by: Michael Ellerman <michael@ellerman.id.au>
Tested-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agosh: Simplify phys_addr_mask()/PTE_PHYS_MASK for 29/32-bit.
Paul Mundt [Thu, 4 Nov 2010 03:51:08 +0000]
sh: Simplify phys_addr_mask()/PTE_PHYS_MASK for 29/32-bit.

Given that __in_29bit_mode() is a constant for the non-PMB case, we can
simply use the PMB-facing version of phys_addr_mask() and drop the other
variants.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agosh: nommu: Support building without an uncached mapping.
Paul Mundt [Thu, 4 Nov 2010 03:46:19 +0000]
sh: nommu: Support building without an uncached mapping.

Now that nommu selects 32BIT we run in to the situation where SH-2A
supports an uncached identity mapping by way of the BSC, while the SH-2
does not. This provides stubs for the PC manglers and tidies up some of
the system*.h mess in the process.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agosh: nommu: use 32-bit phys mode.
Paul Mundt [Thu, 4 Nov 2010 03:32:24 +0000]
sh: nommu: use 32-bit phys mode.

The nommu code has regressed somewhat in that 29BIT gets set for the
SH-2/2A configs regardless of the fact that they are really 32BIT sans
MMU or PMB. This does a bit of tidying to get nommu properly selecting
32BIT as it was before.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agosh: mach-se: Fix up SE7206 no ioport build.
Paul Mundt [Thu, 4 Nov 2010 03:29:00 +0000]
sh: mach-se: Fix up SE7206 no ioport build.

There was a leftover inw() used here that really just wants to be a
__raw_readw() instead. Convert it over.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agommc: sh_mmcif: Convert extern inline to static inline.
Paul Mundt [Thu, 4 Nov 2010 03:21:25 +0000]
mmc: sh_mmcif: Convert extern inline to static inline.

Presently the extern inline case results in a compiler warning on ARM due
to the memory barrier definition used in the I/O routines. These
ultimately all want to be static inline anyways, so just convert them all
in place.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agoARM: mach-shmobile: Allow GPIO chips to register IRQ mappings.
Paul Mundt [Thu, 4 Nov 2010 03:19:11 +0000]
ARM: mach-shmobile: Allow GPIO chips to register IRQ mappings.

As non-PFC chips are added that may support IRQs, pass through to the
generic helper. This follows the the SH change.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

9 years agonetfilter: ip6_tables: fix information leak to userspace
Jan Engelhardt [Thu, 4 Nov 2010 01:55:39 +0000]
netfilter: ip6_tables: fix information leak to userspace

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
David S. Miller [Thu, 4 Nov 2010 01:52:32 +0000]
Merge branch 'master' of git://git./linux/kernel/git/kaber/nf-2.6

9 years agocls_cgroup: Fix crash on module unload
Herbert Xu [Wed, 3 Nov 2010 13:31:05 +0000]
cls_cgroup: Fix crash on module unload

Somewhere along the lines net_cls_subsys_id became a macro when
cls_cgroup is built as a module.  Not only did it make cls_cgroup
completely useless, it also causes it to crash on module unload.

This patch fixes this by removing that macro.

Thanks to Eric Dumazet for diagnosing this problem.

Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agomemory corruption in X.25 facilities parsing
andrew hendry [Wed, 3 Nov 2010 12:54:53 +0000]
memory corruption in X.25 facilities parsing

Signed-of-by: Andrew Hendry <andrew.hendry@gmail.com>

Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agonet dst: fix percpu_counter list corruption and poison overwritten
Xiaotian Feng [Tue, 2 Nov 2010 16:11:05 +0000]
net dst: fix percpu_counter list corruption and poison overwritten

There're some percpu_counter list corruption and poison overwritten warnings
in recent kernel, which is resulted by fc66f95c.

commit fc66f95c switches to use percpu_counter, in ip6_route_net_init, kernel
init the percpu_counter for dst entries, but, the percpu_counter is never destroyed
in ip6_route_net_exit. So if the related data is freed by kernel, the freed percpu_counter
is still on the list, then if we insert/remove other percpu_counter, list corruption
resulted. Also, if the insert/remove option modifies the ->prev,->next pointer of
the freed value, the poison overwritten is resulted then.

With the following patch, the percpu_counter list corruption and poison overwritten
warnings disappeared.

Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: "Pekka Savola (ipv6)" <pekkas@netcore.fi>
Cc: James Morris <jmorris@namei.org>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Patrick McHardy <kaber@trash.net>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agords: Remove kfreed tcp conn from list
Pavel Emelyanov [Tue, 2 Nov 2010 01:54:01 +0000]
rds: Remove kfreed tcp conn from list

All the rds_tcp_connection objects are stored list, but when
being freed it should be removed from there.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agords: Lost locking in loop connection freeing
Pavel Emelyanov [Tue, 2 Nov 2010 01:52:05 +0000]
rds: Lost locking in loop connection freeing

The conn is removed from list in there and this requires
proper lock protection.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agode2104x: fix panic on load
Eric Dumazet [Wed, 3 Nov 2010 12:25:32 +0000]
de2104x: fix panic on load

Its now illegal to call netif_stop_queue() before register_netdev()

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agoatl1 : fix panic on load
Eric Dumazet [Wed, 3 Nov 2010 12:11:21 +0000]
atl1 : fix panic on load

Its now illegal to call netif_stop_queue() before register_netdev()

Reported-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agonetxen: remove unused firmware exports
Amerigo Wang [Tue, 2 Nov 2010 18:25:31 +0000]
netxen: remove unused firmware exports

Quote from Amit Salecha:

"Actually I was not updated, NX_UNIFIED_ROMIMAGE_NAME (phanfw.bin) is already
submitted and its present in linux-firmware.git.

I will get back to you on NX_P2_MN_ROMIMAGE_NAME, NX_P3_CT_ROMIMAGE_NAME and
NX_P3_MN_ROMIMAGE_NAME. Whether this will be submitted ?"

We have to remove these, otherwise we will get wrong info from modinfo.

Signed-off-by: WANG Cong <amwang@redhat.com>
Cc: Amit Kumar Salecha <amit.salecha@qlogic.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Dhananjay Phadke <dhananjay.phadke@qlogic.com>
Cc: Narender Kumar <narender.kumar@qlogic.com>
Acked-by: Amit Kumar Salecha <amit.salecha@qlogic.com>--
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agocaif: Remove noisy printout when disconnecting caif socket
sjur.brandeland@stericsson.com [Wed, 3 Nov 2010 10:19:25 +0000]
caif: Remove noisy printout when disconnecting caif socket

Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agocaif: SPI-driver bugfix - incorrect padding.
Sjur Brændeland [Mon, 1 Nov 2010 11:52:48 +0000]
caif: SPI-driver bugfix - incorrect padding.

Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agocaif: Bugfix for socket priority, bindtodev and dbg channel.
André Carvalho de Matos [Mon, 1 Nov 2010 11:52:47 +0000]
caif: Bugfix for socket priority, bindtodev and dbg channel.

Changes:
o Bugfix: SO_PRIORITY for SOL_SOCKET could not be handled
  in caif's setsockopt,  using the struct sock attribute priority instead.

o Bugfix: SO_BINDTODEVICE for SOL_SOCKET could not be handled
  in caif's setsockopt,  using the struct sock attribute ifindex instead.

o Wrong assert statement for RFM layer segmentation.

o CAIF Debug channels was not working over SPI, caif_payload_info
  containing padding info must be initialized.

o Check on pointer before dereferencing when unregister dev in caif_dev.c

Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agosmsc911x: Set Ethernet EEPROM size to supported device's size
John Faith [Mon, 1 Nov 2010 11:30:08 +0000]
smsc911x: Set Ethernet EEPROM size to supported device's size

The SMSC911x supports 128 x 8-bit EEPROMs.  Increase the EEPROM size
so more than just the MAC address can be stored.

Signed-off-by: John Faith <jfaith7@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

9 years agovmstat: fix offset calculation on void*
Wu Fengguang [Wed, 3 Nov 2010 17:56:49 +0000]
vmstat: fix offset calculation on void*

Fix regression introduced by commit 79da826aee6 ("writeback: report
dirty thresholds in /proc/vmstat").

The incorrect pointer arithmetic can result in problems like this:

  BUG: unable to handle kernel paging request at 07c06d16
  IP: [<c050c336>] strnlen+0x6/0x20
  Call Trace:
   [<c050a249>] ? string+0x39/0xe0
   [<c042be6b>] ? __wake_up_common+0x4b/0x80
   [<c050afcc>] ? vsnprintf+0x1ec/0x380
   [<c04b380e>] ? seq_printf+0x2e/0x60
   [<c04829a6>] ? vmstat_show+0x26/0x30
   [<c04b3bb6>] ? seq_read+0xa6/0x380
   [<c04b3b10>] ? seq_read+0x0/0x380
   [<c04d5d2f>] ? proc_reg_read+0x5f/0x90
   [<c049c4a1>] ? vfs_read+0xa1/0x140
   [<c04d5cd0>] ? proc_reg_read+0x0/0x90
   [<c049c981>] ? sys_read+0x41/0x70
   [<c0402bd0>] ? sysenter_do_call+0x12/0x26

Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Michael Rubin <mrubin@google.com>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
Linus Torvalds [Wed, 3 Nov 2010 17:44:55 +0000]
Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ASoC: tpa6130a2: Get rid of compile warning from tpa6130a2_power
  ALSA: hda - MacBookAir3,1(3,2) alsa support
  ASoC: fix the building issue of missing codec field in 'struct snd_soc_card'
  ALSA: usb-audio - Support for Power/Status LED on Creative USB X-Fi S51
  ALSA: asihpi - Unsafe memory management when allocating control cache
  ASoC: Update WARN uses in wm_hubs
  ASoC: Include cx20442 to SND_SOC_ALL_CODECS
  ASoC: Fix SND_SOC_ALL_CODECS typo for jz4740
  ASoC: Remove volatility from WM8900 POWER1 register
  ALSA: lx6464es - make 1 bit signed bitfield unsigned
  ALSA: cs46xx memory management fixes for cs46xx_dsp_spos_create()
  ALSA: usb - driver neglects kmalloc return value check and may deref NULL
  ASoC: tpa6130a2: Fix unbalanced regulator disables
  ASoC: tlv320dac33: Mode1 FIFO auto configuration fix
  ASoC: tlv320dac33: Limit the US_TO_SAMPLES macro
  ASoC: tlv320dac33: Error handling for broken chip
  ASoC: Check return value of struct_strtoul() in pmdown_time_set()

9 years agoext4: initialize the percpu counters before replaying the journal
Theodore Ts'o [Wed, 3 Nov 2010 16:03:21 +0000]
ext4: initialize the percpu counters before replaying the journal

We now initialize the percpu counters before replaying the journal,
but after the journal, we recalculate the global counters, to deal
with the possibility of the per-blockgroup counts getting updated by
the journal replay.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

9 years agoMerge branch 'fix/asoc' into for-linus
Takashi Iwai [Wed, 3 Nov 2010 14:51:26 +0000]
Merge branch 'fix/asoc' into for-linus

9 years agoASoC: tpa6130a2: Get rid of compile warning from tpa6130a2_power
Jarkko Nikula [Wed, 3 Nov 2010 14:39:00 +0000]
ASoC: tpa6130a2: Get rid of compile warning from tpa6130a2_power

Patch "ASoC: tpa6130a2: Fix unbalanced regulator disables" introduced a
compiler warning "‘ret’ may be used uninitialized in this function".
Initialize ret to zero to get rid of it and making sure that the function
does not return any random error code when the code is falling through.

Signed-off-by: Jarkko Nikula <jhnikula@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

9 years agostaging: ath6kl: Fixing the driver to use modified mmc_host structure
Vipin Mehta [Sat, 18 Sep 2010 01:45:38 +0000]
staging: ath6kl: Fixing the driver to use modified mmc_host structure

A recent change in the mmc_host structure removed the distinction
between hw and phys segments (58cb50c20fde6059f3f8db4466a1bd4d1fff999c)
Changing the driver to use the modified structure.

Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Vipin Mehta <vmehta@atheros.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

9 years agoMerge branch 'for-2.6.37' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/asoc...
Takashi Iwai [Wed, 3 Nov 2010 12:56:08 +0000]
Merge branch 'for-2.6.37' of git://git./linux/kernel/git/lrg/asoc-2.6 into fix/asoc

9 years agoipv4: netfilter: ip_tables: fix information leak to userland
Vasiliy Kulikov [Wed, 3 Nov 2010 07:45:06 +0000]
ipv4: netfilter: ip_tables: fix information leak to userland

Structure ipt_getinfo is copied to userland with the field "name"
that has the last elements unitialized.  It leads to leaking of
contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

9 years agoipv4: netfilter: arp_tables: fix information leak to userland
Vasiliy Kulikov [Wed, 3 Nov 2010 07:44:12 +0000]
ipv4: netfilter: arp_tables: fix information leak to userland

Structure arpt_getinfo is copied to userland with the field "name"
that has the last elements unitialized.  It leads to leaking of
contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

9 years agoALSA: hda - MacBookAir3,1(3,2) alsa support
Edgar (gimli) Hucek [Wed, 3 Nov 2010 07:14:10 +0000]
ALSA: hda - MacBookAir3,1(3,2) alsa support

This patch add support for the MacBookAir3,1 and MacBookAir3,2 to the alsa
sound system.

Signed-off-by: Edgar (gimli) Hucek <gimli@dark-green.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

9 years agom68k, m68knommu: Do not include linux/hardirq.h in asm/irqflags.h
Philippe De Muyter [Thu, 28 Oct 2010 12:42:58 +0000]
m68k, m68knommu: Do not include linux/hardirq.h in asm/irqflags.h

Recent changes to header files made kernel compilation for m68k/m68knommu
fail with :
CC arch/m68knommu/kernel/asm-offsets.s
In file included from /archives/linux/git/arch/m68k/include/asm/system.h:2,
                 from include/linux/wait.h:25,
                 from include/linux/mmzone.h:9,
                 from include/linux/gfp.h:4,
                 from include/linux/irq.h:20,
                 from include/asm-generic/hardirq.h:12,
                 from /archives/linux/git/arch/m68k/include/asm/hardirq_no.h:17,
                 from /archives/linux/git/arch/m68k/include/asm/hardirq.h:2,
                 from include/linux/hardirq.h:10,
                 from /archives/linux/git/arch/m68k/include/asm/irqflags.h:5,
                 from include/linux/irqflags.h:15,
                 from include/linux/spinlock.h:53,
                 from include/linux/seqlock.h:29,
                 from include/linux/time.h:8,
                 from include/linux/timex.h:56,
                 from include/linux/sched.h:56,
                 from arch/m68knommu/kernel/asm-offsets.c:12:
/archives/linux/git/arch/m68k/include/asm/system_no.h: In function ‘__xchg’:
/archives/linux/git/arch/m68k/include/asm/system_no.h:79: error: implicit
+declaration of function ‘local_irq_save’
/archives/linux/git/arch/m68k/include/asm/system_no.h:101: error: implicit
+declaration of function ‘local_irq_restore’

Fix that

Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>

9 years agom68knommu: add back in declaration of do_IRQ
Greg Ungerer [Tue, 2 Nov 2010 07:44:22 +0000]
m68knommu: add back in declaration of do_IRQ

The cleanup and merge of machdep should not have removed the do_IRQ
declaration. It is needed by the 68328 based targets.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>

9 years agoRelease page reference during page fault retry
Michel Lespinasse [Tue, 2 Nov 2010 20:05:18 +0000]
Release page reference during page fault retry

This slipped by when unifying the filemap and swap versions of
lock_page_or_retry()...

Signed-off-by: Michel Lespinasse <walken@google.com>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

9 years ago[CIFS] Cleanup unused variable build warning
Steve French [Tue, 2 Nov 2010 19:22:45 +0000]
[CIFS] Cleanup unused variable build warning

Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agocifs: convert tlink_tree to a rbtree
Jeff Layton [Thu, 28 Oct 2010 15:16:44 +0000]
cifs: convert tlink_tree to a rbtree

Radix trees are ideal when you want to track a bunch of pointers and
can't embed a tracking structure within the target of those pointers.
The tradeoff is an increase in memory, particularly if the tree is
sparse.

In CIFS, we use the tlink_tree to track tcon_link structs. A tcon_link
can never be in more than one tlink_tree, so there's no impediment to
using a rb_tree here instead of a radix tree.

Convert the new multiuser mount code to use a rb_tree instead. This
should reduce the memory required to manage the tlink_tree.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agocifs: store pointer to master tlink in superblock (try #2)
Jeff Layton [Thu, 28 Oct 2010 17:33:38 +0000]
cifs: store pointer to master tlink in superblock (try #2)

This is the second version of this patch, the only difference between
it and the first one is that this explicitly makes cifs_sb_master_tlink
a static inline.

Instead of keeping a tag on the master tlink in the tree, just keep a
pointer to the master in the superblock. That eliminates the need for
using the radix tree to look up a tagged entry.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agocifs: trivial doc fix: note setlease implemented
J. Bruce Fields [Sat, 30 Oct 2010 21:06:21 +0000]
cifs: trivial doc fix: note setlease implemented

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agoCIFS: Add cifs_set_oplock_level
Pavel Shilovsky [Tue, 2 Nov 2010 09:00:42 +0000]
CIFS: Add cifs_set_oplock_level

Simplify many places when we need to set oplock level on an inode.

Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

9 years agoext4: "ret" may be used uninitialized in ext4_lazyinit_thread()
Theodore Ts'o [Tue, 2 Nov 2010 18:19:30 +0000]
ext4: "ret" may be used uninitialized in ext4_lazyinit_thread()

Newer GCC's reported the following build warning:

   fs/ext4/super.c: In function 'ext4_lazyinit_thread':
   fs/ext4/super.c:2702: warning: 'ret' may be used uninitialized in this function

Fix it by removing the need for the ret variable in the first place.

Signed-off-by: "Lukas Czerner" <lczerner@redhat.com>
Reported-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

9 years agoext4: fix lazyinit hang after removing request
Lukas Czerner [Tue, 2 Nov 2010 18:07:17 +0000]
ext4: fix lazyinit hang after removing request

When the request has been removed from the list and no other request
has been issued, we will end up with next wakeup scheduled to
MAX_JIFFY_OFFSET which is bad. So check for that.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

9 years agoARM: mach-shmobile: fix sh7372 after a recent clock framework rework
Guennadi Liakhovetski [Tue, 2 Nov 2010 11:28:33 +0000]
ARM: mach-shmobile: fix sh7372 after a recent clock framework rework

The updated sh clock framework has introduced a .nr_freqs element of struct
clk, which has to be initialised with the number of possible frequencies.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>