Commit Graph

190937 Commits

Author SHA1 Message Date
Hans Verkuil
03b1930efd V4L/DVB: saa7146: fix regression of the av7110/budget-av driver
An earlier regression fix for the mxb driver (V4L/DVB: saa7146_vv: fix
regression where v4l2_device was registered too late) caused a new
regression in the av7110 driver.

Reverted the old fix and fixed the problem in the mxb driver instead.
Tested on mxb and budget-av cards.

The real problem is that the saa7146 framework has separate probe()
and attach() driver callbacks which should be rolled into one. This
is now done for the mxb driver, but others should do the same. Lack
of hardware makes this hard to do, though. I hope to get hold of some
hexium cards and then I can try to improve the framework to prevent
this from happening again.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:20:50 -03:00
Hans Verkuil
d2f2d6d0a1 V4L/DVB: v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1
v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:20:50 -03:00
Hans Verkuil
b75396a4ea V4L/DVB: feature-removal: announce videotext.h removal
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:20:50 -03:00
Muralidharan Karicheri
6a4f0623a4 V4L/DVB: V4L - vpfe capture - fix for kernel crash
As part of upstream merge, set_params() function was removed from isif.c.
This requires removal of BUG_ON() and check for set_params ptr in
vpfe_capture.c. Without this kernel crash dump is seen while bootup on DM365

Also made following changes:-

 1) converted error messages to debug messages since it is not right to flood
    the console with error messages for user mistakes.
 2) returns -EINVAL if ioctl is not supported

Signed-off-by: Muralidharan Karicheri <m-karicheri2@ti.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:19:05 -03:00
John Ellson
f8f73d01a3 V4L/DVB: gspca: make usb id 0461:0815 get handled by the right driver
The 0461:0815 camera is spca561 based not spca508

Signed-off-by: John Ellson <john.ellson@comcast.net>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:19:05 -03:00
Erik Andrén
55e0b489a3 V4L/DVB: gspca - stv06xx: Remove the 046d:08da from the stv06xx driver
The 046d:08da usb id shouldn't be associated with the stv06xx driver as they're
not compatible with each other.
This fixes a bug where Quickcam Messenger cams fail to use its proper driver
(gspca-zc3xx), rendering the camera inoperable.

Signed-off-by: Erik Andrén <erik.andren@gmail.com>
Tested-by: Gabriel Craciunescu <nix.or.die@googlemail.com>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:19:04 -03:00
Yong Zhang
a76b9f49ba V4L/DVB: gspca - sn9c20x: Correct onstack wait_queue_head declaration
Use DECLARE_WAIT_QUEUE_HEAD_ONSTACK to make lockdep happy

Signed-off-by: Yong Zhang <yong.zhang0@gmail.com>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
CC: Brian Johnson <brijohn@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:19:04 -03:00
Michael Hunold
84a1d9c83e V4L/DVB: saa7146: fix up bytesperline if it is an impossible value
xawtv using DGA on a Radeon graphics card provides bogus
values to S_FBUF, which will then screw up overlay video:

https://bugs.launchpad.net/ubuntu/+source/xawtv/+bug/499734

This fixes the bytesperline value if it is off completely.

Signed-off-by: Michael Hunold <michael@mihu.de>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:19:04 -03:00
Murali Karicheri
ab51bec1f8 V4L/DVB: V4L: vpfe_capture - free ccdc_lock when memory allocation fails
This patch fixes a bug in vpfe_probe() that doesn't call mutex_unlock() if memory
allocation for ccdc_cfg fails. See also the smatch warning report from Dan
Carpenter that shows this as an issue.

Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:19:02 -03:00
Vaibhav Hiremath
b704e82a54 V4L/DVB: V4L - Makfile:Removed duplicate entry of davinci
Signed-off-by: Vaibhav Hiremath <hvaibhav@ti.com>
Signed-off-by: Muralidharan Karicheri <mkaricheri@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:19:00 -03:00
Dan Carpenter
2132deff69 V4L/DVB: omap24xxcam: potential buffer overflow
The previous loop goes until last == VIDEO_MAX_FRAME, so this could
potentially go one past the end of the loop.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Sakari Ailus <sakari.ailus@maxwell.research.nokia.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-05-06 19:18:58 -03:00
Kamal Mostafa
ea5bc73f4f ACPI: sleep: init_set_sci_en_on_resume for Dell Studio 155x
Add Dell Studio models (1558, 1557, 1555) to the 'set_sci_en_on_resume'
list to fix hang on resume.

BugLink: http://bugs.launchpad.net/bugs/553498

Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Acked-by: Alex Chiang <achiang@canonical.com>
Cc: stable@kernel.org
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-06 13:22:45 -04:00
Paul E. McKenney
ee84b8243b rcu: create rcu_my_thread_group_empty() wrapper
Some RCU-lockdep splat repairs need to know whether they are running
in a single-threaded process.  Unfortunately, the thread_group_empty()
primitive is defined in sched.h, and can induce #include hell.  This
commit therefore introduces a rcu_my_thread_group_empty() wrapper that
is defined in rcupdate.c, thus avoiding the need to include sched.h
everywhere.

Signed-off-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
2010-05-06 09:28:41 -07:00
Linus Torvalds
e8e8fade7b Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze
* 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze:
  microblaze: Defconfig update
  microblaze: Optimize CACHE_LOOP_LIMITS and CACHE_RANGE_LOOP macros
  microblaze: Fix consistent-sync code
  microblaze: Define correct L1_CACHE_SHIFT value
  microblaze: cpuinfo shows cache line length
  microblaze: Fix kmalloc alignment on non-coherent DMA platforms
  microblaze: Fix typo fault in cache code
  microblaze: Fix consistent code
  microblaze: pci-dma: use include/linux/dma-mapping.h
  microblaze: page.h: Remove get_user_page and free_user_page
  microblaze: Remove "cache" optimized copy_page function
  microblaze: invoke oom-killer from page fault
  microblaze: fix divide by zero exception message
  microblaze: Add isa_dma_bridge_buggy to dma.h
  microblaze: Remove ancient code
  microblaze: Quiet section mismatch warnings for MMU version
  microblaze: Quiet section mismatch warnings
  microblaze: Fix IRQ entry/exit ftracing
  microblaze: resource/PCI: align functions now return start of resource
  microblaze: PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs
2010-05-06 08:38:20 -07:00
Linus Torvalds
325ce9e306 Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] pxa/colibri: fix missing #include <mach/mfp.h> in colibri.h
  [ARM] pxa/spitz: fix On/off key name to fix warning during boot
  [ARM] pxa: fix the incorrect cpu_is_pxa950()
  [ARM] pxa: update cpuid pattern for pxa9xx in head.S
  [ARM] pxa/viper: fix timeout usage for I2C
  [ARM] pxa/raumfeld: fix button name
  [ARM] pxa/imote2: Fix iMote2 defconfig
  [ARM] pxa: add missing new line to regs-u2d.h
  ARM: 6093/1: Fix kernel memory printing for sparsemem
  arch/arm/include/asm/elf.h: forward-declare the task-struct
  arch/arm/plat-pxa/dma.c: correct NULL test
  ARM: 6076/1: SA1100: add processor check to sa1110-cpufreq driver
  ARM: 6075/1: SA1100: fix wrong CPU type for h3100 and h3600
  ARM: Update mach-types
  ARM: 6066/1: Fix "BUG: scheduling while atomic: swapper/0/0x00000002
  ARM: 6068/1: Fix build break with KPROBES enabled
  mx5: Fix build error for mx51_defconfig
2010-05-06 08:38:03 -07:00
Linus Torvalds
bbfdbe9dc0 Merge branch 'sh/for-2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6
* 'sh/for-2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
  sh: fix a number of Oopses and leaks in SH framebuffer driver
  SH: fix error paths in DMA driver
  sh: sh7751 pci controller io port fix
  sh: Fix maximum number of SCIF ports in R2D defconfigs
  SH: fix TS field shift calculation for DMA drivers
2010-05-06 08:37:39 -07:00
David S. Miller
80ea76bb25 phy: Fix initialization in micrel driver.
Missing name string in ks8001_driver, so we crash on register.

Reported-by: Ingo Molnar <mingo@elte.hu>
Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-05-06 04:02:01 -07:00
David Rientjes
b0c4d952a1 x86: Fix fake apicid to node mapping for numa emulation
With NUMA emulation, it's possible for a single cpu to be bound
to multiple nodes since more than one may have affinity if
allocated on a physical node that is local to the cpu.

APIC ids must therefore be mapped to the lowest node ids to
maintain generic kernel use of functions such as cpu_to_node()
that determine device affinity.  For example, if a device has
proximity to physical node 1, for instance, and a cpu happens to
be mapped to a higher emulated node id 8, the proximity may not
be correctly determined by comparison in generic code even
though the cpu may be truly local and allocated on physical node 1.

When this happens, the true topology of the machine isn't
accurately represented in the emulated environment; although
this isn't critical to the system's uptime, any generic code
that is NUMA aware benefits from the physical topology being
accurately represented.

This can affect any system that maps multiple APIC ids to a
single node and is booted with numa=fake=N where N is greater
than the number of physical nodes.

Signed-off-by: David Rientjes <rientjes@google.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <alpine.DEB.2.00.1005060224140.19473@chino.kir.corp.google.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2010-05-06 12:02:05 +02:00
Michal Simek
6513412135 microblaze: Defconfig update
Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:37:42 +02:00
Michal Simek
3274c5707c microblaze: Optimize CACHE_LOOP_LIMITS and CACHE_RANGE_LOOP macros
1. Remove CACHE_ALL_LOOP2 macro because it is identical to CACHE_ALL_LOOP
2. Change BUG_ON to WARN_ON
3. Remove end aligned from CACHE_LOOP_LIMITS.
C implementation do not need aligned end address and ASM code do aligned
in their macros
4. ASM optimized  CACHE_RANGE_LOOP_1/2 macros needs to get aligned end address.
Because end address is compound from start + size, end address is the first address
which is exclude.

Here is the corresponding code which describe it.
+       int align = ~(line_length - 1);
+       end = ((end & align) == end) ? end - line_length : end & align;

a) end is aligned:
it is necessary to subtruct line length because we don't want to work with
next cacheline
b) end address is not aligned:
Just align it to be ready for ASM code.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:22:00 +02:00
Michal Simek
385e1efafc microblaze: Fix consistent-sync code
PCI_DMA_FROMDEVICE should call invalidation not flushing.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:22:00 +02:00
Michal Simek
598acab44d microblaze: Define correct L1_CACHE_SHIFT value
Microblaze cacheline length is configurable and current cpu
uses two cacheline length 4 and 8.

We are taking conservative maximum value to be sure that cacheline
alignment is satisfied for all cases.

Here is the calculation for cacheline lenght 8  32bit=4Byte values
which is corresponding with SHIFT 5.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:59 +02:00
Michal Simek
77543cebab microblaze: cpuinfo shows cache line length
Show cache line length in /proc/cpuinfo.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:59 +02:00
Michal Simek
de925d9d3b microblaze: Fix kmalloc alignment on non-coherent DMA platforms
Based on PowerPC patche 52142e756e

PowerPC description:
On platforms doing non-coherent DMA (4xx, 8xx, ...), it's important
that the kmalloc minimum alignment is set to the cache line size, to
avoid sharing cache lines between different objects, so that DMA to
one of the objects doesn't corrupt the other.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:59 +02:00
Michal Simek
c17e1a1ced microblaze: Fix typo fault in cache code
Copy & paste error.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:59 +02:00
Michal Simek
f1525765fb microblaze: Fix consistent code
This patch fix consistent code which had problems with consistent_free
function.
I am not sure if we need to call flush_tlb_all after it but it keeps
tlbs synced.
I added noMMU and MMU version together.

Uncached shadow feature is not tested.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:59 +02:00
Michal Simek
16f6e99892 microblaze: pci-dma: use include/linux/dma-mapping.h
Based on af407c6db1
and f41b177157

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:59 +02:00
Michal Simek
22dcc2e3b9 microblaze: page.h: Remove get_user_page and free_user_page
Remove ancient macros which are here from Linux-2.4

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:59 +02:00
Michal Simek
43f2a6e8b1 microblaze: Remove "cache" optimized copy_page function
Current implementation doesn't handle dcache_line_length
correctly that's why is better to use generic memcpy.

Cache optimized function could be good way howto improve
performance but must be based on benchmarking not blind
function like this.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:58 +02:00
Nick Piggin
21e1c93631 microblaze: invoke oom-killer from page fault
As explained in commit 1c0fe6e3bd, we want to call the architecture independent
oom killer when getting an unexplained OOM from handle_mm_fault, rather than
simply killing current.

Cc: microblaze-uclinux@itee.uq.edu.au
Cc: Michal Simek <monstr@monstr.eu>
Cc: linux-arch@vger.kernel.org
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:58 +02:00
Randy Dunlap
f3ff8212a2 microblaze: fix divide by zero exception message
Fix divide exception message to say "divide by zero".

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc:	Michal Simek <monstr@monstr.eu>
Cc:	microblaze-uclinux@itee.uq.edu.au
Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:58 +02:00
Michal Simek
113a591a17 microblaze: Add isa_dma_bridge_buggy to dma.h
It is necessary for several drivers.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:58 +02:00
Michal Simek
e768223109 microblaze: Remove ancient code
I found several function which we don't use that's why I am removing them.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:58 +02:00
Michal Simek
63f1032b97 microblaze: Quiet section mismatch warnings for MMU version
Remove section mismatch - based on ppc aproach.

WARNING: vmlinux.o(.text+0x64834): Section mismatch in reference
from the function __pte_alloc_kernel() to the function .init.text:early_get_page()
The function __pte_alloc_kernel() references
the function __init early_get_page().
This is often because __pte_alloc_kernel lacks a __init
annotation or the annotation of early_get_page is wrong.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:58 +02:00
Steven J. Magnani
7a0248e819 microblaze: Quiet section mismatch warnings
_start is located in .text, which causes mismatch warnings with
machine_early_init() and start_kernel() in .init.text.

Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:57 +02:00
Steven J. Magnani
e6d7961e5b microblaze: Fix IRQ entry/exit ftracing
Function traces on Microblaze don't include IRQ entry and exit arrows,
i.e.

 0)               |                            memcpy_toiovec() {
 0)   ==========> |
 0)               |                              do_IRQ() {
 ...
 0)   <========== |
 0) ! 5414.000 us |                            }

...because do_IRQ() doesn't have the proper attributes.

Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:57 +02:00
Michal Simek
c86fac4382 microblaze: resource/PCI: align functions now return start of resource
This change should be part of b26b2d494b

Origin description:

resource/PCI: align functions now return start of resource

As suggested by Linus, align functions should return the start
of a resource, not void. An update of "res->start" is no longer
necessary.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:57 +02:00
Michal Simek
8a66da71fa microblaze: PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs
This change should be part of 89a74ecccd

Origin description:

PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs

No functional change; this converts loops that iterate from 0 to
PCI_BUS_NUM_RESOURCES through pci_bus resource[] table to use the
pci_bus_for_each_resource() iterator instead.

This doesn't change the way resources are stored; it merely removes
dependencies on the fact that they're in a table.

Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-05-06 11:21:57 +02:00
Vlad Yasevich
50b5d6ad63 sctp: Fix a race between ICMP protocol unreachable and connect()
ICMP protocol unreachable handling completely disregarded
the fact that the user may have locked the socket.  It proceeded
to destroy the association, even though the user may have
held the lock and had a ref on the association.  This resulted
in the following:

Attempt to release alive inet socket f6afcc00

=========================
[ BUG: held lock freed! ]
-------------------------
somenu/2672 is freeing memory f6afcc00-f6afcfff, with a lock still held
there!
 (sk_lock-AF_INET){+.+.+.}, at: [<c122098a>] sctp_connect+0x13/0x4c
1 lock held by somenu/2672:
 #0:  (sk_lock-AF_INET){+.+.+.}, at: [<c122098a>] sctp_connect+0x13/0x4c

stack backtrace:
Pid: 2672, comm: somenu Not tainted 2.6.32-telco #55
Call Trace:
 [<c1232266>] ? printk+0xf/0x11
 [<c1038553>] debug_check_no_locks_freed+0xce/0xff
 [<c10620b4>] kmem_cache_free+0x21/0x66
 [<c1185f25>] __sk_free+0x9d/0xab
 [<c1185f9c>] sk_free+0x1c/0x1e
 [<c1216e38>] sctp_association_put+0x32/0x89
 [<c1220865>] __sctp_connect+0x36d/0x3f4
 [<c122098a>] ? sctp_connect+0x13/0x4c
 [<c102d073>] ? autoremove_wake_function+0x0/0x33
 [<c12209a8>] sctp_connect+0x31/0x4c
 [<c11d1e80>] inet_dgram_connect+0x4b/0x55
 [<c11834fa>] sys_connect+0x54/0x71
 [<c103a3a2>] ? lock_release_non_nested+0x88/0x239
 [<c1054026>] ? might_fault+0x42/0x7c
 [<c1054026>] ? might_fault+0x42/0x7c
 [<c11847ab>] sys_socketcall+0x6d/0x178
 [<c10da994>] ? trace_hardirqs_on_thunk+0xc/0x10
 [<c1002959>] syscall_call+0x7/0xb

This was because the sctp_wait_for_connect() would aqcure the socket
lock and then proceed to release the last reference count on the
association, thus cause the fully destruction path to finish freeing
the socket.

The simplest solution is to start a very short timer in case the socket
is owned by user.  When the timer expires, we can do some verification
and be able to do the release properly.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-05-06 00:56:07 -07:00
Eric Dumazet
6ec82562ff veth: Dont kfree_skb() after dev_forward_skb()
In case of congestion, netif_rx() frees the skb, so we must assume
dev_forward_skb() also consume skb.

Bug introduced by commit 445409602c
(veth: move loopback logic to common location)

We must change dev_forward_skb() to always consume skb, and veth to not
double free it.

Bug report : http://marc.info/?l=linux-netdev&m=127310770900442&w=3

Reported-by: Martín Ferrari <martin.ferrari@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-05-06 00:53:53 -07:00
Russell King
257dab8141 Merge branch 'fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ycmiao/pxa-linux-2.6 2010-05-06 08:16:34 +01:00
Vivek Goyal
dcf097b247 blk-cgroup: Fix RCU correctness warning in cfq_init_queue()
It is necessary to be in an RCU read-side critical section when invoking
css_id(), so this patch adds one to blkiocg_add_blkio_group().  This is
actually a false positive, because this is called at initialization time
and hence always refers to the root cgroup, which cannot go away.

[  103.790505] ===================================================
[  103.790509] [ INFO: suspicious rcu_dereference_check() usage. ]
[  103.790511] ---------------------------------------------------
[  103.790514] kernel/cgroup.c:4432 invoked rcu_dereference_check() without protection!
[  103.790517]
[  103.790517] other info that might help us debug this:
[  103.790519]
[  103.790521]
[  103.790521] rcu_scheduler_active = 1, debug_locks = 1
[  103.790524] 4 locks held by bash/4422:
[  103.790526]  #0:  (&buffer->mutex){+.+.+.}, at: [<ffffffff8114befa>] sysfs_write_file+0x3c/0x144
[  103.790537]  #1:  (s_active#102){.+.+.+}, at: [<ffffffff8114bfa5>] sysfs_write_file+0xe7/0x144
[  103.790544]  #2:  (&q->sysfs_lock){+.+.+.}, at: [<ffffffff812263b1>] queue_attr_store+0x49/0x8f
[  103.790552]  #3:  (&(&blkcg->lock)->rlock){......}, at: [<ffffffff8122e4db>] blkiocg_add_blkio_group+0x2b/0xad
[  103.790560]
[  103.790561] stack backtrace:
[  103.790564] Pid: 4422, comm: bash Not tainted 2.6.34-rc4-blkio-second-crash #81
[  103.790567] Call Trace:
[  103.790572]  [<ffffffff81068f57>] lockdep_rcu_dereference+0x9d/0xa5
[  103.790577]  [<ffffffff8107fac1>] css_id+0x44/0x57
[  103.790581]  [<ffffffff8122e503>] blkiocg_add_blkio_group+0x53/0xad
[  103.790586]  [<ffffffff81231936>] cfq_init_queue+0x139/0x32c
[  103.790591]  [<ffffffff8121f2d0>] elv_iosched_store+0xbf/0x1bf
[  103.790595]  [<ffffffff812263d8>] queue_attr_store+0x70/0x8f
[  103.790599]  [<ffffffff8114bfa5>] ? sysfs_write_file+0xe7/0x144
[  103.790603]  [<ffffffff8114bfc6>] sysfs_write_file+0x108/0x144
[  103.790609]  [<ffffffff810f527f>] vfs_write+0xae/0x10b
[  103.790612]  [<ffffffff81069863>] ? trace_hardirqs_on_caller+0x10c/0x130
[  103.790616]  [<ffffffff810f539c>] sys_write+0x4a/0x6e
[  103.790622]  [<ffffffff81002b5b>] system_call_fastpath+0x16/0x1b
[  103.790625]

Located-by: Miles Lane <miles.lane@gmail.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2010-05-06 08:54:00 +02:00
Shaohua Li
4bdae98f1a ACPI: fix acpi_hest_firmware_first_pci() caused oops
acpi_hest_firmware_first_pci() could be called when acpi is disabled
and cause system oops.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-06 02:39:06 -04:00
Dan Carpenter
97c227cb51 sbshc: acpi_device_class "smbus_host_controller" too long
acpi_device_class can only be 19 characters and a NULL terminator.

With the current name we get a buffer overflow in acpi_smbus_hc_add()
when we do:
	strcpy(acpi_device_class(device), ACPI_SMB_HC_CLASS);

Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-06 02:38:25 -04:00
Dan Carpenter
18262714ca power_meter: acpi_device_class "power_meter_resource" too long
acpi_device_class can only be 19 characters and a NULL terminator.

The current code has a buffer overflow in acpi_power_meter_add():
       strcpy(acpi_device_class(device), ACPI_POWER_METER_CLASS);

Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: Len Brown <lenb@kernel.org>
Cc: "Darrick J. Wong" <djwong@us.ibm.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-06 02:38:24 -04:00
Dan Carpenter
a40770a953 acpi_pad: "processor_aggregator" name too long
cpi_device_class can only be 19 characters and a NULL terminator.

With the current name we get a buffer overflow in acpi_pad_add()
	strcpy(acpi_device_class(device), ACPI_PROCESSOR_AGGREGATOR_CLASS);

[akpm@linux-foundation.org: call it acpi_pad, per Shaohua Li]
Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: walter harms <wharms@bfs.de>
Acked-by: Shaohua Li <shaohua.li@intel.com>
Cc: Len Brown <lenb@kernel.org>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-06 02:38:23 -04:00
Bjorn Helgaas
11439a6fd9 PNP: don't check for conflicts with bridge windows
With fa35b4926, I broke a lot of PNP resource assignment.  That commit made
PNPACPI include bridge windows as PNP resources, and PNP resource assignment
treats any enabled overlapping PNP resources as conflicts.  Since PCI host
bridge windows typically include most of the I/O port space, this makes PNP
port assigments fail.

The PCI host bridge driver will eventually use those PNP window resources,
so we should make PNP ignore them when checking for conflicts.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=15903

Reported-and-tested-by: Pavel Kysilka <goldenfish@linuxsoft.cz>
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-05-06 02:08:47 -04:00
Brian Haley
d40a4de0be IPv6: fix IPV6_RECVERR handling of locally-generated errors
I noticed when I added support for IPV6_DONTFRAG that if you set
IPV6_RECVERR and tried to send a UDP packet larger than 64K to an
IPv6 destination, you'd correctly get an EMSGSIZE, but reading from
MSG_ERRQUEUE returned the incorrect address in the cmsg:

struct msghdr:
	 msg_name         0x7fff8f3c96d0
	 msg_namelen      28
struct sockaddr_in6:
	 sin6_family      10
	 sin6_port        7639
	 sin6_flowinfo    0
	 sin6_addr        ::ffff:38.32.0.0
	 sin6_scope_id    0  ((null))

It should have returned this in my case:

struct msghdr:
	 msg_name         0x7fffd866b510
	 msg_namelen      28
struct sockaddr_in6:
	 sin6_family      10
	 sin6_port        7639
	 sin6_flowinfo    0
	 sin6_addr        2620:0:a09:e000:21f:29ff:fe57:f88b
	 sin6_scope_id    0  ((null))

The problem is that ipv6_recv_error() assumes that if the error
wasn't generated by ICMPv6, it's an IPv4 address sitting there,
and proceeds to create a v4-mapped address from it.

Change ipv6_icmp_error() and ipv6_local_error() to set skb->protocol
to htons(ETH_P_IPV6) so that ipv6_recv_error() knows the address
sitting right after the extended error is IPv6, else it will
incorrectly map the first octet into an IPv4-mapped IPv6 address
in the cmsg structure returned in a recvmsg() call to obtain
the error.

Signed-off-by: Brian Haley <brian.haley@hp.com>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-05-05 21:32:40 -07:00
Sage Weil
54ad023ba8 ceph: don't use writeback_control in writepages completion
The ->writepages writeback_control is not still valid in the writepages
completion.  We were touching it solely to adjust pages_skipped when there
was a writeback error (EIO, ENOSPC, EPERM due to bad osd credentials),
causing an oops in the writeback code shortly thereafter.  Updating
pages_skipped on error isn't correct anyway, so let's just rip out this
(clearly broken) code to pass the wbc to the completion.

Signed-off-by: Sage Weil <sage@newdream.net>
2010-05-05 21:31:40 -07:00
Sebastian Andrzej Siewior
7df9c43fbe net/gianfar: drop recycled skbs on MTU change
The size for skbs which is added to the recycled list is using the
current descriptor size which is current MTU. gfar_new_skb() is also
using this size. So after changing or alteast increasing the MTU all
recycled skbs should be dropped.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-05-05 21:29:15 -07:00