Commit Graph

130259 Commits

Author SHA1 Message Date
Vegard Nossum
3632dee2f8 inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.

The best fix (contributed largely by Linus) is a total rewrite
of the function in question:

On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
>  - locking is done in just one place, and there is no question about it
>   not having an unlock.
>
>  - that whole double-while(1)-loop thing is gone.
>
>  - use multiple functions to make nesting and error handling sane
>
>  - do error testing after doing the things you always need to do, ie do
>   this:
>
>        mutex_lock(..)
>        ret = function_call();
>        mutex_unlock(..)
>
>        .. test ret here ..
>
>   instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.

Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-26 10:08:05 -08:00
Linus Torvalds
aeb565dfc3 Fix annoying DRM_ERROR() string warning
Use '%zu' to print out a size_t variable, not '%d'.  Another case of the
"let's keep at least Linus' defconfig compile warningless" rule.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-26 10:01:53 -08:00
Linus Torvalds
2d07d4d1bb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: fix poll notify
  fuse: destroy bdi on umount
  fuse: fuse_fill_super error handling cleanup
  fuse: fix missing fput on error
  fuse: fix NULL deref in fuse_file_alloc()
2009-01-26 09:49:22 -08:00
Linus Torvalds
3386c05bdb Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  debugobjects: add and use INIT_WORK_ON_STACK
  rcu: remove duplicate CONFIG_RCU_CPU_STALL_DETECTOR
  relay: fix lock imbalance in relay_late_setup_files
  oprofile: fix uninitialized use of struct op_entry
  rcu: move Kconfig menu
  softlock: fix false panic which can occur if softlockup_thresh is reduced
  rcu: add __cpuinit to rcu_init_percpu_data()
2009-01-26 09:47:56 -08:00
Linus Torvalds
1e70c7f7a9 Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  hrtimers: fix inconsistent lock state on resume in hres_timers_resume
  time-sched.c: tick_nohz_update_jiffies should be static
  locking, hpet: annotate false positive warning
  kernel/fork.c: unused variable 'ret'
  itimers: remove the per-cpu-ish-ness
2009-01-26 09:47:43 -08:00
Linus Torvalds
810ee58de2 Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (29 commits)
  xen: unitialised return value in xenbus_write_transaction
  x86: fix section mismatch warning
  x86: unmask CPUID levels on Intel CPUs, fix
  x86: work around PAGE_KERNEL_WC not getting WC in iomap_atomic_prot_pfn.
  x86: use standard PIT frequency
  xen: handle highmem pages correctly when shrinking a domain
  x86, mm: fix pte_free()
  xen: actually release memory when shrinking domain
  x86: unmask CPUID levels on Intel CPUs
  x86: add MSR_IA32_MISC_ENABLE bits to <asm/msr-index.h>
  x86: fix PTE corruption issue while mapping RAM using /dev/mem
  x86: mtrr fix debug boot parameter
  x86: fix page attribute corruption with cpa()
  Revert "x86: signal: change type of paramter for sys_rt_sigreturn()"
  x86: use early clobbers in usercopy*.c
  x86: remove kernel_physical_mapping_init() from init section
  fix: crash: IP: __bitmap_intersects+0x48/0x73
  cpufreq: use work_on_cpu in acpi-cpufreq.c for drv_read and drv_write
  work_on_cpu: Use our own workqueue.
  work_on_cpu: don't try to get_online_cpus() in work_on_cpu.
  ...
2009-01-26 09:47:28 -08:00
Linus Torvalds
2927fceafc Merge git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
  drivers/ide/palm_bk3710.c buildfix
  ide: fix Falcon IDE breakage
  ide: fix IDE PMAC breakage
2009-01-26 09:46:29 -08:00
Linus Torvalds
36f392d096 Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
  Long btree pointers are still 64 bit on disk
  [XFS] Remove the rest of the macro-to-function indirections.
  xfs: sanity check attr fork size
  xfs: fix bad_features2 fixups for the root filesystem
  xfs: add a lock class for group/project dquots
  xfs: lockdep annotations for xfs_dqlock2
  xfs: add a separate lock class for the per-mount list of dquots
  xfs: use mnt_want_write in compat_attrmulti ioctl
  xfs: fix dentry aliasing issues in open_by_handle
2009-01-26 09:44:17 -08:00
Linus Torvalds
6c31e7ee48 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ASoC: Add missing comma to SND_SOC_DAPM_SWITCH_E in soc-dapm.h
  ALSA: hda: Add STAC92HD83XXX_PWR_REF quirk
  ALSA: hda: revert change to 92hd83xxx power mapping
  ALSA: hda - Add model entry for HP dv4
  ALSA: hda: 83xxx port 0xe DAC selection
  ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
  sound: virtuoso: document HDAV1.3 driver status
  sound: virtuoso: add newline
  sound: virtuoso: enable UART on Xonar HDAV1.3
  sound: Remove removed OSS kernel parameters from doc
  ALSA: hda: fix invalid power mapping masks
  ASoC: atmel_pcm: Remove non-existant header
  ALSA: hda - add quirks for some 82801H variants to use ALC883_MITAC
  ALSA: hda - Fix (yet more) STAC925x issues
2009-01-26 09:42:00 -08:00
Miklos Szeredi
f6d47a1761 fuse: fix poll notify
Move fuse_copy_finish() to before calling fuse_notify_poll_wakeup().
This is not a big issue because fuse_notify_poll_wakeup() should be
atomic, but it's cleaner this way, and later uses of notification will
need to be able to finish the copying before performing some actions.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2009-01-26 15:00:59 +01:00
Miklos Szeredi
26c3679101 fuse: destroy bdi on umount
If a fuse filesystem is unmounted but the device file descriptor
remains open and a new mount reuses the old device number, then the
mount fails with EEXIST and the following warning is printed in the
kernel log:

  WARNING: at fs/sysfs/dir.c:462 sysfs_add_one+0x35/0x3d()
  sysfs: duplicate filename '0:15' can not be created

The cause is that the bdi belonging to the fuse filesystem was
destoryed only after the device file was released.  Fix this by
calling bdi_destroy() from fuse_put_super() instead.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
2009-01-26 15:00:59 +01:00
Miklos Szeredi
c2b8f00690 fuse: fuse_fill_super error handling cleanup
Clean up error handling for the whole of fuse_fill_super() function.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2009-01-26 15:00:58 +01:00
Miklos Szeredi
3ddf1e7f57 fuse: fix missing fput on error
Fix the leaking file reference if allocation or initialization of
fuse_conn failed.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
2009-01-26 15:00:58 +01:00
Dan Carpenter
bb875b38dc fuse: fix NULL deref in fuse_file_alloc()
ff is set to NULL and then dereferenced on line 65.  Compile tested only.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
2009-01-26 15:00:58 +01:00
Ian Campbell
e88a0faae5 xen: unitialised return value in xenbus_write_transaction
The return value of xenbus_write_transaction can be uninitialised in
the success case leading to the userspace xenstore utilities failing.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-26 14:29:26 +01:00
Rakib Mullick
659d2618b3 x86: fix section mismatch warning
Here function vmi_activate calls a init function activate_vmi , which
causes the following section mismatch warnings:

  LD      arch/x86/kernel/built-in.o
WARNING: arch/x86/kernel/built-in.o(.text+0x13ba9): Section mismatch
in reference from the function vmi_activate() to the function
.init.text:vmi_time_init()
The function vmi_activate() references
the function __init vmi_time_init().
This is often because vmi_activate lacks a __init
annotation or the annotation of vmi_time_init is wrong.

WARNING: arch/x86/kernel/built-in.o(.text+0x13bd1): Section mismatch
in reference from the function vmi_activate() to the function
.devinit.text:vmi_time_bsp_init()
The function vmi_activate() references
the function __devinit vmi_time_bsp_init().
This is often because vmi_activate lacks a __devinit
annotation or the annotation of vmi_time_bsp_init is wrong.

WARNING: arch/x86/kernel/built-in.o(.text+0x13bdb): Section mismatch
in reference from the function vmi_activate() to the function
.devinit.text:vmi_time_ap_init()
The function vmi_activate() references
the function __devinit vmi_time_ap_init().
This is often because vmi_activate lacks a __devinit
annotation or the annotation of vmi_time_ap_init is wrong.

Fix it by marking vmi_activate() as __init too.

Signed-off-by: Rakib Mullick <rakib.mullick@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-26 14:27:18 +01:00
Ingo Molnar
99fb4d349d x86: unmask CPUID levels on Intel CPUs, fix
Impact: fix boot hang on pre-model-15 Intel CPUs

rdmsrl_safe() does not work in very early bootup code yet, because we
dont have the pagefault handler installed yet so exception section
does not get parsed. rdmsr_safe() will just crash and hang the bootup.

So limit the MSR_IA32_MISC_ENABLE MSR read to those CPU types that
support it.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-26 12:36:24 +01:00
Eric Anholt
ef5fa0ab24 x86: work around PAGE_KERNEL_WC not getting WC in iomap_atomic_prot_pfn.
In the absence of PAT, PAGE_KERNEL_WC ends up mapping to a memory type that
gets UC behavior even in the presence of a WC MTRR covering the area in
question.  By swapping to PAGE_KERNEL_UC_MINUS, we can get the actual
behavior the caller wanted (WC if you can manage it, UC otherwise).

This recovers the 40% performance improvement of using WC in the DRM
to upload vertex data.

Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2009-01-26 11:14:27 +01:00
David S. Miller
71be7a3602 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2009-01-25 21:36:34 -08:00
Timo Teras
a8d694c651 af_key: initialize xfrm encap_oa
Currently encap_oa is left uninitialized, so it contains garbage data which
is visible to userland via Netlink. Initialize it by zeroing it out.

Signed-off-by: Timo Teras <timo.teras@iki.fi>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-25 20:49:14 -08:00
Alex Williamson
e918085aaf virtio_net: Fix MAX_PACKET_LEN to support 802.1Q VLANs
802.1Q expanded the maximum ethernet frame size by 4 bytes for the
VLAN tag.  We're not taking this into account in virtio_net, which
means the buffers we provide to the backend in the virtqueue RX ring
aren't big enough to hold a full MTU VLAN packet.  For QEMU/KVM,
this results in the backend exiting with a packet truncation error.

Signed-off-by: Alex Williamson <alex.williamson@hp.com>
Acked-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-25 18:06:26 -08:00
Heiko Carstens
801599b0cd lcs: fix compilation for !CONFIG_IP_MULTICAST
drivers/s390/net/lcs.c: In function 'lcs_new_device':
drivers/s390/net/lcs.c:2179: error: implicit declaration of function 'lcs_set_multicast_list'

Reported-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-25 17:59:26 -08:00
Philipp Zabel
74194cc710 power_supply: pda_power: Don't request shared IRQs w/ IRQF_DISABLED
IRQF_DISABLED is not guaranteed for shared IRQs. I think power_changed_isr
doesn't need it anyway, as it only fires a timer.
This patch enables IRQF_SAMPLE_RANDOM instead.

Signed-off-by: Philipp Zabel <philipp.zabel@gmail.com>
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
2009-01-26 02:09:26 +03:00
Russell King
24f11ec001 [ARM] fix section-based ioremap
Tomi Valkeinen reports:
  Running with latest linux-omap kernel on OMAP3 SDP board, I have
  problem with iounmap(). It looks like iounmap() does not properly
  free large areas. Below is a test which fails for me in 6-7 loops.

	for (i = 0; i < 200; ++i) {
		vaddr = ioremap(paddr, size);
		if (!vaddr) {
			printk("couldn't ioremap\n");
			break;
		}
		iounmap(vaddr);
	}

The changes to vmalloc.c weren't reflected in the ARM ioremap
implementation.  Turns out the fix is rather simple.

Tested-by: Tomi Valkeinen <tomi.valkeinen@nokia.com>
Tested-by: Matt Gerassimoff <mgeras@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-25 17:36:34 +00:00
Ingo Molnar
e1b4d11436 x86: use standard PIT frequency
the RDC and ELAN platforms use slighly different PIT clocks, resulting in
a timex.h hack that changes PIT_TICK_RATE during build time. But if a
tester enables any of these platform support .config options, the PIT
will be miscalibrated on standard PC platforms.

So use one frequency - in a subsequent patch we'll add a quirk to allow
x86 platforms to define different PIT frequencies.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-25 16:57:47 +01:00
Uwe Kleine-König
fb22d72782 [NET] am79c961a: fix spin_lock usage
spin_lock functions take a pointer to the lock, not the lock itself.
This error was noticed by compiling ebsa110_defconfig for linux-rt where
the locking functions obviously are more picky about their arguments.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Cc: Roel Kluin <12o3l@tiscali.nl>
Cc: Steven Rostedt <srostedt@redhat.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 23:21:33 +00:00
Russell King
0b23a0efec [ARM] omap: usb: thou shalt not provide empty release functions
... for devices.  Doing so is a bug, plain and simple, and drives
GregKH round the bend.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 17:00:45 +00:00
Russell King
b7cfc9ca6a [ARM] omap: watchdog: allow OMAP watchdog driver on OMAP34xx platforms
The driver was updated for OMAP34xx, but the Kconfig file was missed.
So this adds the missing parts from d99241c in Tony Lindgren's tree:

    Add watchdog timer support for TI OMAP3430.

    Signed-off-by: Madhusudhan Chikkature <madhu.cr@ti.com>
    Signed-off-by: Tony Lindgren <tony@atomide.com>

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 16:48:42 +00:00
Madhusudhan Chikkature
a45c6cb816 [ARM] 5369/1: omap mmc: Add new omap hsmmc controller for 2430 and 34xx, v3
Add omap hsmmc controller for 2430 and 34xx.

Note that this controller has different registers compared to
the earlier omap MMC controller, so sharing code currently is
not possible.

Various updates and fixes from linux-omap list have been
merged into this patch.

Signed-off-by: Madhusudhan Chikkature<madhu.cr@ti.com>
Acked-by: Pierre Ossman <drzeus@drzeus.cx>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 11:41:21 +00:00
Russell King
409dc360b4 [ARM] clkdev: fix clock matching
The old matching algorithm was too fuzzy, causing false positives.
For example, when asked for device D connection C1 and we only find
device D connection C2, we return that as a valid match despite the
connection names being different.

Change the algorithm such that:
  An entry with a NULL ID is assumed to be a wildcard.
  If an entry has a device ID, it must match
  If an entry has a connection ID, it must match

However, we maintain the order of precidence while still only doing
a single pass over all entries: dev+con > dev only > con only.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 11:41:20 +00:00
Jean-Christop PLAGNIOL-VILLARD
02e0746ecc [ARM] 5370/1: at91: fix rm9200 watchdog
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 11:41:19 +00:00
David Brownell
d0e58ae76c [ARM] 5368/1: arch/arm/mach-davinci/usb.c buildfix
From: David Brownell <dbrownell@users.sourceforge.net>
Subject: ARM/mach-davinci/usb.c buildfix

  CC      arch/arm/mach-davinci/usb.o
arch/arm/mach-davinci/usb.c:60: error: 'IRQ_USBINT' undeclared here (not in a function)
make[1]: *** [arch/arm/mach-davinci/usb.o] Error 1

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 11:41:18 +00:00
Ramax Lo
7ad14f83d3 [ARM] 5365/1: s3cmci: Use new include path of dma.h
Since dma.h has been moved to arch/arm/mach-s3c2410/include/mach,
use the new include path.

Signed-off-by: Ramax Lo <ramaxlo@gmail.com>
Acked-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 11:41:18 +00:00
Russell King
7dd8c4f352 [ARM] fix StrongARM-11x0 page copy implementation
Which had the 'from' and 'to' pages reversed.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 11:41:17 +00:00
Russell King
953a7e8476 [ARM] omap: ensure OMAP drivers pass a struct device to clk_get()
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-01-24 11:41:16 +00:00
Larry Finger
2fcbab044a rtl8187: Add termination packet to prevent stall
The RTL8187 and RTL8187B devices can stall unless an explicit termination
packet is sent.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-01-23 15:38:36 -05:00
Abbas, Mohamed
c338ba3ca5 iwlwifi: fix rs_get_rate WARN_ON()
In ieee80211_sta structure there is u64 supp_rates[IEEE80211_NUM_BANDS]
this is filled with all support rate from assoc_resp.  If we associate
with G-band AP only supp_rates of G-band will be set the other band
supp_rates will be set to 0. If the user type this command
this will cause mac80211 to set to new channel, mac80211
does not disassociate in setting new channel, so the active
band is now A-band. then in handling the new essid mac80211 will
kick in the assoc steps which involve sending disassociation frame.
in this mac80211 will WARN_ON sta->supp_rates[A_BAND] == 0.

This fixes:
http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=1822
http://www.kerneloops.org/searchweek.php?search=rs_get_rate

Signed-off-by: mohamed abbas <mohamed.abbas@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-01-23 15:38:36 -05:00
Christian Lamparter
b4068a8049 p54usb: fix packet loss with first generation devices
Artur Skawina confirmed that the first generation devices needs the same
URB_ZERO_PACKET flag, in oder to finish the pending transfer properly.
The second generation has been successfully fixed by
"p54usb: fix random traffic stalls (LM87)" (43af18f06d5)

Signed-off-by: Christian Lamparter <chunkeey@web.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-01-23 15:38:35 -05:00
Ian Campbell
ff4ce8c332 xen: handle highmem pages correctly when shrinking a domain
Commit 1058a75f07 ("xen: actually release
memory when shrinking domain") causes a crash if the page being released
is a highmem page.

If a page is highmem then there is no need to unmap it.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-23 18:55:28 +01:00
Peter Zijlstra
42ef73fe13 x86, mm: fix pte_free()
On -rt we were seeing spurious bad page states like:

Bad page state in process 'firefox'
page:c1bc2380 flags:0x40000000 mapping:c1bc2390 mapcount:0 count:0
Trying to fix it up, but a reboot is needed
Backtrace:
Pid: 503, comm: firefox Not tainted 2.6.26.8-rt13 #3
[<c043d0f3>] ? printk+0x14/0x19
[<c0272d4e>] bad_page+0x4e/0x79
[<c0273831>] free_hot_cold_page+0x5b/0x1d3
[<c02739f6>] free_hot_page+0xf/0x11
[<c0273a18>] __free_pages+0x20/0x2b
[<c027d170>] __pte_alloc+0x87/0x91
[<c027d25e>] handle_mm_fault+0xe4/0x733
[<c043f680>] ? rt_mutex_down_read_trylock+0x57/0x63
[<c043f680>] ? rt_mutex_down_read_trylock+0x57/0x63
[<c0218875>] do_page_fault+0x36f/0x88a

This is the case where a concurrent fault already installed the PTE and
we get to free the newly allocated one.

This is due to pgtable_page_ctor() doing the spin_lock_init(&page->ptl)
which is overlaid with the {private, mapping} struct.

union {
    struct {
        unsigned long private;
        struct address_space *mapping;
    };
    spinlock_t ptl;
    struct kmem_cache *slab;
    struct page *first_page;
};

Normally the spinlock is small enough to not stomp on page->mapping, but
PREEMPT_RT=y has huge 'spin'locks.

But lockdep kernels should also be able to trigger this splat, as the
lock tracking code grows the spinlock to cover page->mapping.

The obvious fix is calling pgtable_page_dtor() like the regular pte free
path __pte_free_tlb() does.

It seems all architectures except x86 and nm10300 already do this, and
nm10300 doesn't seem to use pgtable_page_ctor(), which suggests it
doesn't do SMP or simply doesnt do MMU at all or something.

Signed-off-by: Peter Zijlstra <a.p.zijlsta@chello.nl>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: <stable@kernel.org>
2009-01-23 18:42:06 +01:00
Takashi Iwai
0f0779b155 Merge branch 'fix/asoc' into for-linus 2009-01-23 18:14:25 +01:00
Michael Holzheu
e34a628041 [S390] Add missing compat system call wrappers.
Add wrapper functions for the following compat system calls:
* readahead
* sendfile64
* tkill
* tgkill
* keyctl
This ensures that the high order bits of the parameter registers are correctly
sign extended.

Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2009-01-23 16:40:29 +01:00
Heiko Carstens
179cb81aa1 [S390] etr/stp: fix possible deadlock
Precreate stop_machine threads in case the machine supports ETR/STP.
Otherwise we might deadlock if a time sync operation gets scheduled
and the creation of stop_machine threads would cause disk I/O.
This is just the minimal fix.
The real fix would be to only precreate stop_machine threads if
ETR/STP is actually used. But that would be a rather large and
complicated patch.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2009-01-23 16:40:29 +01:00
Heiko Carstens
f9a2f797fc [S390] cputime: fix lowcore initialization on cpu hotplug
On (initial) cpu hotplug the lowcore values for user_timer and
system_timer don't get initialized like they would get on each
process schedule.
On initial start of secondary cpus this leads to the situation
where per thread user/system_timer values are larger than the
corresponding contents of the lowcore. When later calculating
time spent in user/system context the result can be negative.

So for cpu hotplug we should manually initialize lowcore values.

Fixes this bug:

Kernel BUG at 000ec080 [verbose debug info unavailable]
fixpoint divide exception: 0009 [#1] PREEMPT SMP
Modules linked in:
CPU: 10 Not tainted 2.6.28 #4
Process sysctl (pid: 975, task: 3fa752e0, ksp: 3fbebca0)
Krnl PSW : 070c1000 800ec080 (show_stat+0x390/0x5fc)
           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:1 PM:0
Krnl GPRS: 7fffffff fefc7ce5 3faec080 003879ae
           00000001 01388000 7fffffff 01388000
           00000000 00000000 0049ad50 3fbebcf8
           01388000 002f51a8 800ec1fe 3fbebcf8
Krnl Code: 800ec076: 9001b188           stm     %r0,%r1,392(%r11)
           800ec07a: 9801b0c0           lm      %r0,%r1,192(%r11)
           800ec07e: 1d05               dr      %r0,%r5
          >800ec080: 9001b0c0           stm     %r0,%r1,192(%r11)
           800ec084: 5860b0c4           l       %r6,196(%r11)
           800ec088: 1806               lr      %r0,%r6
           800ec08a: 8c800001           srdl    %r8,1
           800ec08e: 1d87               dr      %r8,%r7
Call Trace:
([<00000000000ec1ee>] show_stat+0x4fe/0x5fc)
 [<00000000000c13e8>] seq_read+0xc4/0x3ac
 [<00000000000e4796>] proc_reg_read+0x6e/0x9c
 [<00000000000a6a44>] vfs_read+0x78/0x100
 [<00000000000a6ba8>] sys_read+0x40/0x80
 [<00000000000234a8>] sysc_do_restart+0x1a/0x1e

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2009-01-23 16:40:28 +01:00
Michael Holzheu
e9a4e9d563 [S390] fix compat sigaltstack syscall table entry
When 31 bit user space programs call sigaltstack on a 64 bit Linux
OS, the system call returns -1 with errno=EFAULT. The 31 bit pointer passed
to the system call is extended to 64 bit, but the high order bits are not
set to zero. The kernel detects the invalid user space pointer and
returns -EFAULT. To solve the problem, sys32_sigaltstack_wrapper()
instead of sys32_sigaltstack() has to be called. The wrapper function sets
the high order bits to zero.

Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2009-01-23 16:40:28 +01:00
Heiko Carstens
03e4c49f84 [S390] personality: fix personality loss on execve
Use the personality() macro to mask out all bits that are not
relevant for the personality type.
The personality field contains bits for other things as well,
so without masking out the not relevalent bits the comparison
won't do what is expected.

Reported-by: Andreas Krebbel <krebbel@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2009-01-23 16:40:28 +01:00
Peter Ujfalusi
43d50807db ASoC: Add missing comma to SND_SOC_DAPM_SWITCH_E in soc-dapm.h
Typo fix.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@nokia.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2009-01-23 15:00:48 +00:00
Takashi Iwai
092ebf7a01 Merge branch 'fix/hda' into for-linus 2009-01-23 08:13:52 +01:00
Takashi Iwai
dd501d94b5 Merge branch 'fix/asoc' into for-linus 2009-01-23 08:13:49 +01:00
Matthew Ranostay
32ed3f4640 ALSA: hda: Add STAC92HD83XXX_PWR_REF quirk
Some revisions of the 92hd8xxx codec's not supporting port power
downs in which the using of it causes capture and also randomly
playback streams to not function at all. Thus by disabling it by
default and adding a option to enable it manually will fix all issue
on current and future revisions.

Signed-off-by: Matthew Ranostay <mranostay@embeddedalley.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-01-23 08:06:57 +01:00