Commit Graph

287766 Commits

Author SHA1 Message Date
Tejun Heo
07c2bd3735 block: don't call elevator callbacks for plug merges
Plug merge calls two elevator callbacks outside queue lock -
elevator_allow_merge_fn() and elevator_bio_merged_fn().  Although
attempt_plug_merge() suggests that elevator is guaranteed to be there
through the existing request on the plug list, nothing prevents plug
merge from calling into dying or initializing elevator.

For regular merges, bypass ensures elvpriv count to reach zero, which
in turn prevents merges as all !ELVPRIV requests get REQ_SOFTBARRIER
from forced back insertion.  Plug merge doesn't check ELVPRIV, and, as
the requests haven't gone through elevator insertion yet, it doesn't
have SOFTBARRIER set allowing merges on a bypassed queue.

This, for example, leads to the following crash during elevator
switch.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
 IP: [<ffffffff813b34e9>] cfq_allow_merge+0x49/0xa0
 PGD 112cbc067 PUD 115d5c067 PMD 0
 Oops: 0000 [#1] PREEMPT SMP
 CPU 1
 Modules linked in: deadline_iosched

 Pid: 819, comm: dd Not tainted 3.3.0-rc2-work+ #76 Bochs Bochs
 RIP: 0010:[<ffffffff813b34e9>]  [<ffffffff813b34e9>] cfq_allow_merge+0x49/0xa0
 RSP: 0018:ffff8801143a38f8  EFLAGS: 00010297
 RAX: 0000000000000000 RBX: ffff88011817ce28 RCX: ffff880116eb6cc0
 RDX: 0000000000000000 RSI: ffff880118056e20 RDI: ffff8801199512f8
 RBP: ffff8801143a3908 R08: 0000000000000000 R09: 0000000000000000
 R10: 0000000000000001 R11: 0000000000000000 R12: ffff880118195708
 R13: ffff880118052aa0 R14: ffff8801143a3d50 R15: ffff880118195708
 FS:  00007f19f82cb700(0000) GS:ffff88011fc80000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: 0000000000000008 CR3: 0000000112c6a000 CR4: 00000000000006e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Process dd (pid: 819, threadinfo ffff8801143a2000, task ffff880116eb6cc0)
 Stack:
  ffff88011817ce28 ffff880118195708 ffff8801143a3928 ffffffff81391bba
  ffff88011817ce28 ffff880118195708 ffff8801143a3948 ffffffff81391bf1
  ffff88011817ce28 0000000000000000 ffff8801143a39a8 ffffffff81398e3e
 Call Trace:
  [<ffffffff81391bba>] elv_rq_merge_ok+0x4a/0x60
  [<ffffffff81391bf1>] elv_try_merge+0x21/0x40
  [<ffffffff81398e3e>] blk_queue_bio+0x8e/0x390
  [<ffffffff81396a5a>] generic_make_request+0xca/0x100
  [<ffffffff81396b04>] submit_bio+0x74/0x100
  [<ffffffff811d45c2>] __blockdev_direct_IO+0x1ce2/0x3450
  [<ffffffff811d0dc7>] blkdev_direct_IO+0x57/0x60
  [<ffffffff811460b5>] generic_file_aio_read+0x6d5/0x760
  [<ffffffff811986b2>] do_sync_read+0xe2/0x120
  [<ffffffff81199345>] vfs_read+0xc5/0x180
  [<ffffffff81199501>] sys_read+0x51/0x90
  [<ffffffff81aeac12>] system_call_fastpath+0x16/0x1b

There are multiple ways to fix this including making plug merge check
ELVPRIV; however,

* Calling into elevator outside queue lock is confusing and
  error-prone.

* Requests on plug list aren't known to the elevator.  They aren't on
  the elevator yet, so there's no elevator specific state to update.

* Given the nature of plug merges - collecting bio's for the same
  purpose from the same issuer - elevator specific restrictions aren't
  applicable.

So, simply don't call into elevator methods from plug merge by moving
elv_bio_merged() from bio_attempt_*_merge() to blk_queue_bio(), and
using blk_try_merge() in attempt_plug_merge().

This is based on Jens' patch to skip elevator_allow_merge_fn() from
plug merge.

Note that this makes per-cgroup merged stats skip plug merging.

Signed-off-by: Tejun Heo <tj@kernel.org>
LKML-Reference: <4F16F3CA.90904@kernel.dk>
Original-patch-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2012-02-08 09:19:42 +01:00
Tejun Heo
050c8ea80e block: separate out blk_rq_merge_ok() and blk_try_merge() from elevator functions
blk_rq_merge_ok() is the elevator-neutral part of merge eligibility
test.  blk_try_merge() determines merge direction and expects the
caller to have tested elv_rq_merge_ok() previously.

elv_rq_merge_ok() now wraps blk_rq_merge_ok() and then calls
elv_iosched_allow_merge().  elv_try_merge() is removed and the two
callers are updated to call elv_rq_merge_ok() explicitly followed by
blk_try_merge().  While at it, make rq_merge_ok() functions return
bool.

This is to prepare for plug merge update and doesn't introduce any
behavior change.

This is based on Jens' patch to skip elevator_allow_merge_fn() from
plug merge.

Signed-off-by: Tejun Heo <tj@kernel.org>
LKML-Reference: <4F16F3CA.90904@kernel.dk>
Original-patch-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2012-02-08 09:19:38 +01:00
Igor Grinberg
3686396410 ARM: OMAP3: cm-t35: fix section mismatch warning
WARNING: arch/arm/mach-omap2/built-in.o(.text+0xeae8):
Section mismatch in reference from the function cm_t35_init_usbh()
to the (unknown reference) .init.data:(unknown)
The function cm_t35_init_usbh() references
the (unknown reference) __initdata (unknown).
This is often because cm_t35_init_usbh lacks a __initdata
annotation or the annotation of (unknown) is wrong.

Signed-off-by: Igor Grinberg <grinberg@compulab.co.il>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2012-02-07 21:36:32 -08:00
Santosh Shilimkar
fef67c5183 ARM: OMAP2: Fix the OMAP2 only build break seen with 2011+ ARM tool-chains
With the latest Sourcery G++ Lite 2011.03-41 and latest linaro
tool-chains OMAP2 only build breaks with below error.

arch/arm/mach-omap2/omap-smc.S: Assembler messages:
arch/arm/mach-omap2/omap-smc.S:30: Error: selected processor does not support ARM mode `smc #0'
arch/arm/mach-omap2/omap-smc.S:53: Error: selected processor does not support ARM mode `smc #0'
arch/arm/mach-omap2/omap-smc.S:61: Error: selected processor does not support ARM mode `smc #0'
arch/arm/mach-omap2/omap-smc.S:69: Error: selected processor does not support ARM mode `smc #0'
arch/arm/mach-omap2/omap-smc.S:77: Error: selected processor does not support ARM mode `smc #0'
make[1]: *** [arch/arm/mach-omap2/omap-smc.o] Error 1

OMAP2 devices doesn't have the security support but the security support
was getting built because of OMAP2PLUS. Don't build security code for
OMAP2 devices.

While at it, fix the secure-common line in the Makefile to use tabs
instead of spaces.

Reported-by: Kevin Hilman <khilman@ti.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2012-02-07 21:33:16 -08:00
Tony Lindgren
2416dc8510 Merge branch 'fixes-dt' into fixes 2012-02-07 20:57:41 -08:00
Jeff Layton
ff4fa4a25a cifs: don't return error from standard_receive3 after marking response malformed
standard_receive3 will check the validity of the response from the
server (via checkSMB). It'll pass the result of that check to handle_mid
which will dequeue it and mark it with a status of
MID_RESPONSE_MALFORMED if checkSMB returned an error. At that point,
standard_receive3 will also return an error, which will make the
demultiplex thread skip doing the callback for the mid.

This is wrong -- if we were able to identify the request and the
response is marked malformed, then we want the demultiplex thread to do
the callback. Fix this by making standard_receive3 return 0 in this
situation.

Cc: stable@vger.kernel.org
Reported-and-Tested-by: Mark Moseley <moseleymark@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
2012-02-07 22:25:31 -06:00
Jeff Layton
8b0192a5f4 cifs: request oplock when doing open on lookup
Currently, it's always set to 0 (no oplock requested).

Cc: <stable@vger.kernel.org>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
2012-02-07 22:25:29 -06:00
Jeff Layton
4edc53c1f8 cifs: fix error handling when cifscreds key payload is an error
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
2012-02-07 22:25:26 -06:00
Linus Torvalds
98e9685248 fbdev fixes for 3.3
It includes:
 - a compile fix for fsl-diu-fb
 
 - a fix for a suspend/resume issue in atmel_lcdfb
 
 - a fix for a suspend/resume issue in OMAP
 
 - a workaround for a hardware bug to avoid physical damage in OMAP
 
 - a really trivial dead code removal in intelfb
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJPMG54AAoJECSVL5KnPj1PR6QQAKOoD4luFRw2F85jdk4GYBiX
 WqUWc1OlKYxCGIhk6LpV6fwBLDZCTjOw9NU/9i3JIOHAscGzqVvUce1zYwolEu0B
 tTH15/6Bh6uuRJEKYF8H53t1vsbrutssvUsqVcJsHrfie6bVjqjGV18cLT9siVy5
 jEZnU958Nb7t8hk7Af1ppQkbB4cpExHX4k3hXTKM+dOkRWMaH1fHv2dnikKuYXDq
 G7PC57VqN89DP14M+isUGt5uUgaMSmI09VdTYZ8xgULaZwOxnfOQNnceb/AaKnTY
 I2oHDNlNwmiHVgafN7uS0tAhIqnlYOAVLJNLlDfL7xC71AyH6WtzwJuhXnqun7v6
 moSwzzGKHohCXyeTjMAthx6HyLq55fBPAI1CmEEtmFLMv1tADLAp9Rm4dsaAjyF8
 7aKJO/9iGEpolLYjAGJGGjgCALa+/NWdXnW/zP/2vmcjAaPOZtd0YlD3OaPYr31p
 0cImhG57xIAfh60BRq+/FDthEN478Xj8f2jRe/2nsonw8JuFodZZ6nUaFeQS25X/
 X/07Wkvmz2CY8FoPeXDHaKO8B1wJphzvY2iJjDwI1jg8u/PT2agILNM24tH3SVky
 s6nyBLOEBHZh7mVwll2YifjZ6zzJm4y09LzgZpqXmUXOYPDn5JP9yZE4+R23RaEY
 kVz8fkE/FjmjAlx/WjKa
 =2uP4
 -----END PGP SIGNATURE-----

Merge tag 'fbdev-fixes-for-3.3-1' of git://github.com/schandinat/linux-2.6

fbdev fixes for 3.3

It includes:
 - compile fix for fsl-diu-fb
 - fix for a suspend/resume issue in atmel_lcdfb
 - fix for a suspend/resume issue in OMAP
 - workaround for a hardware bug to avoid physical damage in OMAP
 - really trivial dead code removal in intelfb

* tag 'fbdev-fixes-for-3.3-1' of git://github.com/schandinat/linux-2.6:
  atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume
  intelfb: remove some dead code
  drivers/video: compile fixes for fsl-diu-fb.c
  OMAPDSS: HDMI: PHY burnout fix
  OMAP: 4430SDP/Panda: add HDMI HPD gpio
  OMAP: 4430SDP/Panda: setup HDMI GPIO muxes
  OMAPDSS: remove wrong HDMI HPD muxing
  OMAP: 4430SDP/Panda: rename HPD GPIO to CT_CP_HPD
  OMAP: 4430SDP/Panda: use gpio_free_array to free HDMI gpios
  OMAPDSS: use sync versions of pm_runtime_put
2012-02-07 15:54:02 -08:00
Joe Perches
8eef05dd3e checkpatch: Warn on code with 6+ tab indentation
Overly indented code should be refactored.

Suggest refactoring excessive indentation of of
if/else/for/do/while/switch statements.

For example:

$ cat t.c
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv)
{

	if (1)
		if (2)
			if (3)
				if (4)
					if (5)
						if (6)
							if (7)
								if (8)
									;
	return 0;
}

$ ./scripts/checkpatch.pl -f t.c
WARNING: Too many leading tabs - consider code refactoring
#12: FILE: t.c:12:
+						if (6)

WARNING: Too many leading tabs - consider code refactoring
#13: FILE: t.c:13:
+							if (7)

WARNING: Too many leading tabs - consider code refactoring
#14: FILE: t.c:14:
+								if (8)

total: 0 errors, 3 warnings, 17 lines checked

t.c has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-02-07 15:53:08 -08:00
Linus Torvalds
6bd113f1f4 Cleanups and error path fixes for the new SRP (SCSI RDMA protocol) target.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABCAAGBQJPMV+vAAoJEENa44ZhAt0hP1oP/itn0EMwiII4F9TjhPjk8xaj
 XD2J1DIkuMYbTgi8Gn5OQ8EwoppsPIsPUd1yOiNyUm5BpvHtDWE1q6IzBx6Izn8y
 2o4ZDmcc12NKBHpV0ZOgQVvGqEgsvqJ8x+qmEKI7s1t+WZjm8FZBbGh9qMtft/zW
 ojl7i5PwA8UhZab31xG2jHwXdU31sxk85RGrVc9NDl7OAa2kYo3owYeIhvTLyLtk
 erKrUVxym2iIIkUobyeel2TxDR3iRYWI4nmVsJ90b8bazVOOSxIchaWJuLkY5G/a
 R28UCtXRT7QQqYfzAlw0IUurUqNGPGtDORgiENzqIXbDDBs6GvPsSCG6VMDMqYmo
 rZIyq2LbnHsXoas03IPPrckkNfjlQs6VoM4q2mh0uB1hyHcLmeRG3wzVo0j+KXbv
 yL3T6PV9S69phjUwAWbJi7R/vnjhNmRoDSay0X+rQQlQBSkSZYTm48Fl2875tpPc
 ZBs0PgiVLzgcr1nzV1gb9iirYKQXWnlDhqIPduRbanDLg0AqMEt+Iox49934DPo3
 qnvy0eQ/8X0F5O5q4F07a4vaw2lV0BoiAl5y18GcBQYtvboqhs7LRgOqW0K1+iOL
 VHtfEoqG6UzRl0yIsLFZ+WLM+r7ZEHgQ5C3B+shEJ3Ap0/ZqI7eKSY0cuUQZocQZ
 Mmk3u4+y/sz6ERYglx8H
 =Pr/F
 -----END PGP SIGNATURE-----

Merge tag 'ib-srpt-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband

Cleanups and error path fixes for the new SRP (SCSI RDMA protocol) target.

* tag 'ib-srpt-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IB/srpt: Don't return freed pointer from srpt_alloc_ioctx_ring()
  IB/srpt: Fix ERR_PTR() vs. NULL checking confusion
  IB/srpt: Remove unneeded <linux/version.h> include
  IB/srpt: Use ARRAY_SIZE() instead of open-coding
  IB/srpt: Use DEFINE_SPINLOCK()/LIST_HEAD()
2012-02-07 14:35:19 -08:00
Linus Torvalds
95025d6b27 arch: fix ioport mapping on mips,sh
Kevin Cernekee reported that recent cleanup
 that replaced pci_iomap with a generic function
 failed to take into account the differences
 in io port handling on mips and sh architectures.
 
 Rather than revert the changes reintroducing the
 code duplication, this patchset fixes this
 by adding ability for architectures to override
 ioport mapping for pci devices.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQEcBAABAgAGBQJPL9X8AAoJECgfDbjSjVRpgzgIAIQGeWIP0JUWDDhLfYscTBZx
 96Am+8+maVl12t+evVH8lMnJDSqjKH0kWxk6CTQSUo57gZ4ne1SxbZ0+s5DcsE6m
 XAnIvkA+4pw36l4QRkEj8g+yrhpQhqaiKJt/l80jaVFGVAw47WrxGKatUe9L90lI
 X7+xa/F5zvZO6oamEI94SAojIvmKkZfHIjGc/NaZLaWHRysdFf8Ek13mj2+9FLq3
 dxmg9F14eS2X59tIkN4BLM4Dq8UyZqraT0N/0bO0Tetqx0azzNZbsBsg5RwQ15IF
 Ei0dMFARoT9UcIpdSwtpGGCoqYa5yRHFT1g54hv/Pon0mKUjG7Fpz5LRWmZ5Xic=
 =b1R2
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

arch: fix ioport mapping on mips,sh

Kevin Cernekee reported that recent cleanup that replaced pci_iomap with
a generic function failed to take into account the differences in io
port handling on mips and sh architectures.

Rather than revert the changes reintroducing the code duplication, this
patchset fixes this by adding ability for architectures to override
ioport mapping for pci devices.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  sh: use the the PCI channels's io_map_base
  mips: use the the PCI controller's io_map_base
  lib: add NO_GENERIC_PCI_IOPORT_MAP
2012-02-07 14:32:24 -08:00
Yinghai Lu
59c1204d46 ACPI: remove duplicated lines of merging problems with acpi_processor_add
Those lines have two copies.

Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Cc: Thomas Renninger <trenn@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-02-07 14:31:35 -08:00
Linus Torvalds
84f8bf38b9 Merge git://git.samba.org/sfrench/cifs-2.6
* git://git.samba.org/sfrench/cifs-2.6:
  cifs: Fix oops in session setup code for null user mounts
  [CIFS] Update cifs Kconfig title to match removal of experimental dependency
  cifs: fix printk format warnings
  cifs: check offset in decode_ntlmssp_challenge()
  cifs: NULL dereference on allocation failure
2012-02-07 14:07:20 -08:00
Linus Torvalds
e25c173379 Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: wiimote: fix invalid power_supply_powers call
  HID: wacom: Fix invalid power_supply_powers calls
  HID: hyperv: Properly disconnect the input device
  HID: usbhid: fix dead lock between open and disconect
2012-02-07 14:06:11 -08:00
Linus Torvalds
abaaf3e12c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6:
  mfd: Avoid twl6040-codec PLL reconfiguration when not needed
  mfd: Store twl6040-codec mclk configuration
2012-02-07 14:05:49 -08:00
Tomas Vanek
e81a7bd555 zd1211rw: firmware needs duration_id set to zero for non-pspoll frames
Some devices (iwl5100) cannot connect to zd1211rw based AP. It appears that
zd1211 firmware messes up duration_id field if it is not set to zero by driver.

Sniffing traffic shows that zd1211 is transmitting frames with duration_id bits
14 and 15 set and other bits appearing random. Setting duration_id at driver to
zero results zd1211 outputting sane duration_id. This means that firmware is
setting correct values itself and expects duration_id to be zero in first
place.

Looking at vendor driver shows that only PSPoll frames have duration_id set by
driver, for other frames duration_id left zero.

Original bug-report and attached patch at:
  http://sourceforge.net/mailarchive/message.php?msg_id=28759111

Reported-by: Tomas Vanek <Tomas.Vanek@fbl.cz>
[modified original patch from bug-report, added check for pspoll frame]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-02-07 14:43:15 -05:00
Atsushi Nemoto
a1728800be net: enable TC35815 for MIPS again
8<----------------------------------------------------------------------
From: Ralf Roesch <ralf.roesch@rw-gmbh.de>
Date: Wed, 16 Nov 2011 09:33:50 +0100
Subject: [PATCH] net: enable TC35815 for MIPS again

TX493[8,9] MIPS SoCs support 2 Ethernet channels of type TC35815
which are connected to the internal PCI controller.
And JMR3927 MIPS board has a TC35815 chip on board.
These dependencies were lost on movement to drivers/net/ethernet/toshiba.

Signed-off-by: Ralf Roesch <ralf.roesch@rw-gmbh.de>
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
CC: stable@vger.kernel.org [3.2+]
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-02-07 13:40:44 -05:00
Yoshihiro Shimoda
fdb37a7f84 net: sh_eth: fix skb_over_panic happen
When this GETHER controller received a large frame (about 1800 bytes
or more), skb_over_panic() happened. This is because the previous
driver set the RFLR to 0x1000 (4096 bytes) and the skb allocate size
is smaller than 4096 bytes. So, the controller accepted such a frame.

The controller can discard a large frame by the RFLR setting.
So, the patch modifies the value of RFLR to mtu + ETH_HLEN +
VLAN_HLEN + ETH_FCS_LEN.

Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-02-07 13:37:30 -05:00
Anisse Astier
6d25886ee2 net: Fix build regression when INET_UDP_DIAG=y and IPV6=m
Tested-by: Anisse Astier <anisse@astier.eu>

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-02-07 13:35:28 -05:00
Jesper Juhl
3f61cd879c bnx2x: Fix mem leak in bnx2x_tpa_stop() if build_skb() fails.
We allocate memory for 'new_data' with kmalloc(). If we get the memory
we then try to build_skb() and if that should fail (which it can) we
do not enter 'if (likely(skb)) {' and actually use 'new_data' but
instead fall through to the 'drop:' label and end up returning from
the function without ever assigning 'new'data' to anything or freeing
it. That leaks the memory allocated to 'new_data'.

This patch fixes the memory leak by doing a kfree(new_data) in the
case where build_skb() fails (or where allocation of 'new_data' itself
fails, but in taht case it's just a harmless kfree(NULL)).

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-02-07 13:13:33 -05:00
Al Viro
da09128685 CONFIG_TR/CONFIG_LLC: work around the problem with select
As it is, with PCI/ISA/MCA/CCW all set to n and PCMCIA set to m
setting TR to y will set LLC to m, with very unpleasant results -
net/802/psnap gets picked into obj-y, resulting in the kernel
that won't link - psnap calls functions from llc.  The cause,
AFAICS, is that kconfig gets rev_dep for LLC containing
|| TR && (deps for TR)
and even though TR is boolean, both LLC and PCMCIA are tristate
and that thing becomes || y && (n || m), i.e. || m.  The reason
for dependency on PCMCIA is that when none of PCI, ISA, MCA, CCW
or PCMCIA is set there'll be no tokenring drivers, so there's no
point building tokenring core.  Proper fix probably belongs in
kconfig (we need strict and, such that y <strict_and> m would be
y, so that rev_deps added for tristate selected by bool would
use that instead of &&; we'd have || TR <strict_and> (deps for TR)
in this case), but it's a rather intrusive change.  There's an
easy workaround in case of TR -> LLC select, namely to have a def_bool y
symbol sitting under if TR and have that symbol selecting LLC.
Kudos to johill for suggesting that one...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-02-07 13:06:14 -05:00
stephen hemminger
aadf1f0fc8 Revert "skge: check for PCI dma mapping errors"
As reported by several people...

The code in rx_clean was panic'ing so revert
commit d0249e4443.
Will redo DMA mapping checks as new patches for a later release.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-02-07 12:51:10 -05:00
Stephane Eranian
f39d47ff81 perf: Fix double start/stop in x86_pmu_start()
The following patch fixes a bug introduced by the following
commit:

        e050e3f0a7 ("perf: Fix broken interrupt rate throttling")

The patch caused the following warning to pop up depending on
the sampling frequency adjustments:

  ------------[ cut here ]------------
  WARNING: at arch/x86/kernel/cpu/perf_event.c:995 x86_pmu_start+0x79/0xd4()

It was caused by the following call sequence:

perf_adjust_freq_unthr_context.part() {
     stop()
     if (delta > 0) {
          perf_adjust_period() {
              if (period > 8*...) {
                  stop()
                  ...
                  start()
              }
          }
      }
      start()
}

Which caused a double start and a double stop, thus triggering
the assert in x86_pmu_start().

The patch fixes the problem by avoiding the double calls. We
pass a new argument to perf_adjust_period() to indicate whether
or not the event is already stopped. We can't just remove the
start/stop from that function because it's called from
__perf_event_overflow where the event needs to be reloaded via a
stop/start back-toback call.

The patch reintroduces the assertion in x86_pmu_start() which
was removed by commit:

	84f2b9b ("perf: Remove deprecated WARN_ON_ONCE()")

In this second version, we've added calls to disable/enable PMU
during unthrottling or frequency adjustment based on bug report
of spurious NMI interrupts from Eric Dumazet.

Reported-and-tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Stephane Eranian <eranian@google.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: markus@trippelsdorf.de
Cc: paulus@samba.org
Link: http://lkml.kernel.org/r/20120207133956.GA4932@quad
[ Minor edits to the changelog and to the code ]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2012-02-07 16:58:56 +01:00
Jaroslav Kysela
416846d2b3 ALSA: hda - add support for Uniwill ECS M31EI notebook
This hardware requires same fixup for the node 0x0f like Asus A6Rp.
More information: https://bugzilla.redhat.com/show_bug.cgi?id=785417

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-02-07 15:43:15 +01:00
Jiri Kosina
217c8b2b19 HID: wiimote: fix invalid power_supply_powers call
Analogically to d7cb3dbd1 ("HID: wacom: Fix invalid power_supply_powers
calls"), fix also the same occurence in wiimote driver.

Reported-by: przemo@firszt.eu
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-02-07 13:40:56 +01:00
Takashi Iwai
b97f6bfdd1 ALSA: hda - Fix error handling in patch_ca0132.c
In patch_ca0132.c, the error returned from chipio_write() isn't checked
always.  Also, the power-up/down sequence isn't tracked properly in some
error paths.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-02-07 11:05:07 +01:00
Takashi Iwai
cfd0d11ef5 The only particularly remarkable change here is the one for handling of
the Android suspend ignore code for idle_bias_off CODECs.  That one is
 actually a regression fix as some of the new power savings that have
 been introduced confused the suspend ignore code, making devices that
 are active for non-audio reasons look like they are idle causing them to
 be suspended instead of being kept active.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJPLSlpAAoJEBus8iNuMP3d0JkP/jA3bSbSR2/qg0SeOP1uEN9G
 5JBD12urid3+cPi8FzBw3ecIH2thf1SoSg8rL//4gENyX6N9Ia1jXNjhYsA701kH
 7EXsCqmMBl9qUfVTaGGAIh1SsRbNVuSQlL5KmG3yQPwRooNX+K/slr6BuItUepzz
 H4C1bl45a92Wh6Nc1t+jYDJXS5Z+o5fc45AVpeiw+xcPblFcXptKVuWpHXfBHgef
 +qK8SpfrvKfGygrFnLteYIwDby7ZPA21znRiBjPg2jL+w3KsIgOlZWbWJHZdlJ7/
 5oSKaYXYbuA3UCUBayteakeDqiAoxjv4aw6XzAVgtwaITyuOdkWtLjvmSVFAElF4
 J0u7/CukK434qezds9bztaBqigoEpRj4EH0Dd5ybZi1vOJO5V9UA8/SNux+K6yWX
 +MHizTDZFlZNMdYsoCfinVlpelmvNl1TJYTL7JLKMUmE0+ph2Jz6elgbIkvlwHFb
 bEjm/+fLZIHnzam88FikmbAER96w/pc7EtFFXmWKDkQwy9wDvnt4wNhy/MhwXub3
 XiMkmcb+cCoaN5nefs49mYvIMUP90INfLWTn8r30GqbByEWdASC4sj5GSC6Ak7/G
 Y4e90zxFd10UiaZMFoGmfcMBQ49ZKNGgxJ3aWPoz7dfM8MI6Gy9qcLyoDWBlwBFN
 uh159btp7tVAn4D/wgC+
 =FOxW
 -----END PGP SIGNATURE-----

Merge tag 'asoc-3.3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

The only particularly remarkable change here is the one for handling of
the Android suspend ignore code for idle_bias_off CODECs.  That one is
actually a regression fix as some of the new power savings that have
been introduced confused the suspend ignore code, making devices that
are active for non-audio reasons look like they are idle causing them to
be suspended instead of being kept active.
2012-02-07 11:04:48 +01:00
Ingo Molnar
136e0b8eab Fixes for some long standing problems.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJPMD/DAAoJENZQFvNTUqpAW48P/in/pKi7rQhetFmJmIhMvqpi
 Ujzj32NBGmF0XoI4+177VWAQ+IT3YsvJObwQqG9FPO76JVgJKHBPRbYHrO1HDnOe
 6EbVEH7vzVinWKgMhsMcSjtzWBWIsUV3VvNyZY9+2tnsbYmm9t6boeQXbvT7wZ1D
 kX9dWOciyryM3jJVu9L3+U11PblLFx4ilymbDYCjW7EpVe58xbeIqRpeTvC2+1Il
 QmqMRlG5qb04324GQw7ShwRUshc7OQVlvhlW2IFSXdOB0aanvkmpjhhdpQSq0XBd
 C0dcEaghiyR+7SRezSfXOQoZ/n4AryOTR/f2nUYdXN3n9R7W9rczpghiVH97oWey
 tvURjgx7gQkDSn40AmUSSZiqYpIKLkGnnkVpOH4WDsbn/496fZQYm3FwJaAMpbYL
 BnVaQHlqPqTXcWyRysek4CRAxfY71NUu785CT1xl30pR99FmaRDl+WGLRE2N4CnL
 FtHrupz8fvhhYqH+9UwJz0eftQWVWmcM0cpoXsWI4kyTF9WAXxTNkhtLITOnNMPJ
 RSOvjxMoAhttH75qUcUXG4KQyJ9+OvqqwN6154QpkGwHtr70MdbdoT4QwpPfd4XW
 L/lnncTPNpfqrWK1pbqOqck/obHF+uYMCfk/6FXztbM5YooU2KoJMt/gt+DbeKsJ
 hDbJsGjAr8jRi8qNhzi+
 =0Cs+
 -----END PGP SIGNATURE-----

Merge tag 'perf-urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent

Fixes for some long standing problems.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2012-02-07 09:44:14 +01:00
Asai Thambi S P
4e8670e261 mtip32xx: removed the irrelevant argument of mtip_hw_submit_io() and the unused member of struct driver_data
Removed the following:
	* irrelevant argument 'barrier' of mtip_hw_submit_io()
	* unused member 'eh_active' of struct driver_data

Signed-off-by: Asai Thambi S P <asamymuthupa@micron.com>
Signed-off-by: Sam Bradshaw <sbradshaw@micron.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2012-02-07 07:54:31 +01:00
Tejun Heo
11a3122f6c block: strip out locking optimization in put_io_context()
put_io_context() performed a complex trylock dancing to avoid
deferring ioc release to workqueue.  It was also broken on UP because
trylock was always assumed to succeed which resulted in unbalanced
preemption count.

While there are ways to fix the UP breakage, even the most
pathological microbench (forced ioc allocation and tight fork/exit
loop) fails to show any appreciable performance benefit of the
optimization.  Strip it out.  If there turns out to be workloads which
are affected by this change, simpler optimization from the discussion
thread can be applied later.

Signed-off-by: Tejun Heo <tj@kernel.org>
LKML-Reference: <1328514611.21268.66.camel@sli10-conroe>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2012-02-07 07:51:30 +01:00
Martin Svec
67236c4474 target: Fix unsupported WRITE_SAME sense payload
This patch fixes a bug in target-core where unsupported WRITE_SAME ops
from a target_check_write_same_discard() failure was incorrectly
returning CHECK_CONDITION w/ TCM_INVALID_CDB_FIELD sense data.
This was causing some clients to not properly fall back, so go ahead
and use the correct TCM_UNSUPPORTED_SCSI_OPCODE sense for this case.

Reported-by: Martin Svec <martin.svec@zoner.cz>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:48:58 +00:00
Dax Kelson
9f9ef6d3c0 iscsi: use IP_FREEBIND socket option
Use IP_FREEBIND socket option so that iscsi portal configuration with
explicit IP addresses can happen during boot, before network interfaces
have been assigned IPs.

This is especially important on systemd based Linux boxes where system
boot happens asynchronously and non-trivial configuration must be done
to get targetcli.service to start synchronously after the network is
configured.

Reference:
http://lists.fedoraproject.org/pipermail/devel/2011-October/158025.html

Signed-off-by: Dax Kelson <dkelson@gurulabs.com>
Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Cc: "Andy Grover" <agrover@redhat.com>
Cc: "Lennart Poettering" <lennart@poettering.net>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:48:53 +00:00
Christoph Hellwig
5c55125f47 iblock: fix handling of large requests
Requesting to many bvecs upsets bio_alloc_bioset, so limit the number we ask
for to the amount it can handle.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:48:46 +00:00
Dan Carpenter
3011684c0b target: handle empty string writes in sysfs
These are root only and we're not likely to hit the problem in practise,
but it makes the static checkers happy.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:48:40 +00:00
Stephen Rothwell
c3bc93da24 iscsi_target: in_aton needs linux/inet.h
Fixes this error after a recent nfs cleanup:

drivers/target/iscsi/iscsi_target_configfs.c: In function 'lio_target_call_addnptotpg':
drivers/target/iscsi/iscsi_target_configfs.c:214:3: error: implicit declaration of function 'in6_pton' [-Werror=implicit-function-declaration]
drivers/target/iscsi/iscsi_target_configfs.c:239:3: error: implicit declaration of function 'in_aton' [-Werror=implicit-function-declaration]

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:48:30 +00:00
Marco Sanvido
7347b5ff70 target: Fix iblock se_dev_attrib.unmap_granularity
The block layer keeps q->limits.discard_granularity in bytes, but iblock
(and the SCSI Block Limits VPD page) keep unmap_granularity in blocks.
Report the correct value when exporting block devices by dividing to
convert bytes to blocks.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:48:20 +00:00
Nicholas Bellinger
735703cac0 target: Fix target_submit_cmd() exception handling
This patch fixes a bug in target_submit_cmd() where the failure path
for transport_generic_allocate_tasks() made a direct call to
transport_send_check_condition_and_sense() and not calling the
final target_put_sess_cmd() release callback.

For transport_generic_allocate_tasks() failures, use the proper call to
transport_generic_request_failure() to handle kref_put() along
with potential internal queue full response processing.

It also makes transport_lookup_cmd_lun() failures in
target_submit_cmd() use transport_send_check_condition_and_sense() and
target_put_sess_cmd() directly to avoid se_cmd->se_dev reference in
transport_generic_request_failure() handling.

Finally it drops the out_check_cond: label and use direct reference for
allocate task failures, and per-se_device queue_full handling is
currently not supported for transport_lookup_cmd_lun() failure
descriptors due to se_device dependency.

Reported-by: Roland Dreier <roland@purestorage.com>
Cc: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:47:11 +00:00
Andy Grover
1edcdb497e target: Change target_submit_cmd() to return void
Retval not very useful, and may even be harmful. Once submitted, fabrics
should expect a sense error if anything goes wrong. All fabrics checking
of this retval are useless or broken:

fc checks it just to emit more debug output.
ib_srpt trickles retval up, then it is ignored.
qla2xxx trickles it up, which then causes a bug because the abort goto
in qla_target.c thinks cmd hasn't been sent to target.

Just returning nothing is best.

Signed-off-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:41:04 +00:00
Sebastian Andrzej Siewior
95fe1ee41e target: accept REQUEST_SENSE with 18bytes
WindowsXP+BOT issues a MODE_SENSE request with page 0x1c which is not
suppoerted by target. Target rejects that command with
TCM_INVALID_CDB_FIELD, so far so good. On BOT I can't send the SENSE
response back, instead I can only reply that an error occured. The next
thing happens is a REQUEST_SENSE request with 18 bytes length. Since the
check here is more than 18 bytes I have to NACK that request as well.
This is not really required: We check for some additional room, but we
never use it. The additional length is set to 0xa so the total length is
0xa + 8 = 18 which is fine with my 18 bytes.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-02-07 06:32:39 +00:00
Marc Dietrich
0783a9bf4a ARM: tegra: paz00: fix wrong UART port on mini-pcie plug
UARTC is connected to the mini-pcie port.

Signed-off-by: Marc Dietrich <marvin24@gmx.de>
Acked-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2012-02-06 18:32:51 -08:00
Marc Dietrich
5f21f1240c ARM: tegra: paz00: fix wrong SD1 power gpio
The power gpio for the external memory card was specified wrongly.
Replace it with the correct value (tested with warmboot with fastboot).

Signed-off-by: Marc Dietrich <marvin24@gmx.de>
Acked-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2012-02-06 18:32:50 -08:00
Shubhrajyoti Datta
218d06d794 i2c: tegra: Add devexit_p() for remove
It was originally missed in the __devinit/__devexit annotations.

Signed-off-by: Shubhrajyoti D <shubhrajyoti@ti.com>
Acked-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
2012-02-06 18:32:45 -08:00
NeilBrown
db91ff55bd md: two small fixes to handling interrupt resync.
1/ If a resync is aborted we should record how far we got
 (recovery_cp) the last request that we know has completed
 (->curr_resync_completed) rather than the last request that was
 submitted (->curr_resync).

2/ When a resync aborts we still want to update the metadata with
 any changes, so set MD_CHANGE_DEVS even if we 'skip'.

Signed-off-by: NeilBrown <neilb@suse.de>
2012-02-07 12:01:51 +11:00
Randy Dunlap
71ea4efe4f Documentation: update quilt tree location for Documentation patches
Update quilt tree location for Documentation/ patches.

Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-02-06 16:29:19 -08:00
Larry Finger
f5fe184b08 Documentation: add missing tainted bits to Documentation/sysctl/kernel.txt
Two of the bits in the tainted flag are not documented.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-02-06 16:29:19 -08:00
Linus Torvalds
14fdbf7eb4 Merge branch 'kvm-updates/3.3' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Fixing a regression with the PMU MSRs when PMU virtualization is
disabled, a guest-internal DoS with the SYSCALL instruction, and a dirty
memory logging race that may cause live migration to fail.

* 'kvm-updates/3.3' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: do not #GP on perf MSR writes when vPMU is disabled
  KVM: x86: fix missing checks in syscall emulation
  KVM: x86: extend "struct x86_emulate_ops" with "get_cpuid"
  KVM: Fix __set_bit() race in mark_page_dirty() during dirty logging
2012-02-06 16:26:58 -08:00
Linus Torvalds
8597559a78 GPIO fixes for v3.3-rc2
Straight forward bug fixes in this branch.  A couple of x86 gpio drivers
 missing spinlock initialization, an API change fixup for the samsung driver
 and a name typo fix.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJPL3DuAAoJEEFnBt12D9kB3ZAP/ikN3WkdfTvufg9pxfWW5Mwn
 dMuZKRf8tjNVk+orTRc45mgF5w1b9QFfVC90q/hYWExHw34WgkW0yDoWDsnVzuez
 q5WpkxVgvc8lPBD/XC/hS9tNoER5AkdS5w5daw5t499jt17euxADmBSmI0N12api
 U1AmDuLK6281YbYfGJiFYaSyyVpE582XRm+jM+3SuwPpXeFu56sZk9r/ehEhRoT/
 7HjnBmga3REJN3YhUU6545HaD1hXdPCqXg2gYu0T3MCtvtuLAEEnUF6magWLNNfL
 JleZz0fQ1YAM/Q0CYU7S6Fib8j9QWgQOkrPRcvt83OMu7gbQT6A2i8tyM2eXhtlJ
 qFO3+uXdtrGBAGDT4G4Hdzt91xtKSIwZQZxpa0cZdif/MiFBwbOB6NwNURuOGEHk
 6WSQrstZozd6QjeSla+5jrppCJfBgguQ+xixY50xcYnb8xjJrm780UKdySsThXdv
 W1WhK2SgkbMztwBspXfx5SNg02udRwolfuVXL2TinPZOmJgnElK+WtJ+1dkyoQTW
 OhX4hWYCCi4Ao2qAoghWRCeVksFd6XsJvEZJsO57/URlNbEaE++FyCav/BS51CVe
 AP6m0EizXC89XHQW1xWpp5Wcv/8IvC7PfJ9liKXyvjteiSyC7hYlgYqOA9bMn9NP
 +G+6mzfJ66qC/Hvq3GkF
 =WQ/Y
 -----END PGP SIGNATURE-----

Merge tag 'gpio-for-linus' of git://git.secretlab.ca/git/linux-2.6

GPIO fixes for v3.3-rc2

Straight forward bug fixes in this branch.  A couple of x86 gpio drivers
missing spinlock initialization, an API change fixup for the samsung driver
and a name typo fix.

* tag 'gpio-for-linus' of git://git.secretlab.ca/git/linux-2.6:
  gpio: Add missing spin_lock_init in gpio-ml-ioh driver
  gpio: Add missing spin_lock_init in gpio-pch driver
  gpio: samsung: adapt to changes in gpio specifier translator function declaration
  Correct bad gpio naming
2012-02-06 15:29:56 -08:00
Linus Torvalds
105e518093 One patch to fix fan detection on NCT6776F.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iQEcBAABAgAGBQJPLedwAAoJEANmWzN1g3l3F18IAJvV8cvTBDr/OV5wmEHx4v7t
 s9l7wfXop2ilsNoAT8mdLwa6ilwatG9k9UhzsF8a2nUR1rNAWA9SFc2v6kLCIZpN
 SVQzh9260X5jrRiUn7dKpLwwxDbepcvHFbpei9Xi/ON97ZjUnHEk27tf/s6MI8ad
 EvCCJR+Lsw1ara6ZX+kQqznUME46dPZA6A5rxXFbRv8QTIe8++f+KSdXWBt8r3yK
 pDfdEGyYwkDoqjUBv2EZ/XMCQdjmdgU9NRExKHJdOyHnea+0RbUik1viuXm7JNQV
 Rd9DtC3vjq8qxCLBhJ1Ay5K8TmAbrgAGGjCo98mNY8D0F9NXL4sfyPW7qxCEa3E=
 =tYxf
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-fixes-for-3.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

One patch to fix fan detection on NCT6776F.

* tag 'hwmon-fixes-for-3.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (w83627ehf) Fix number of fans for NCT6776F
2012-02-06 15:25:48 -08:00
Heiko Carstens
96e02d1586 exec: fix use-after-free bug in setup_new_exec()
Setting the task name is done within setup_new_exec() by accessing
bprm->filename. However this happens after flush_old_exec().
This may result in a use after free bug, flush_old_exec() may
"complete" vfork_done, which will wake up the parent which in turn
may free the passed in filename.
To fix this add a new tcomm field in struct linux_binprm which
contains the now early generated task name until it is used.

Fixes this bug on s390:

  Unable to handle kernel pointer dereference at virtual kernel address 0000000039768000
  Process kworker/u:3 (pid: 245, task: 000000003a3dc840, ksp: 0000000039453818)
  Krnl PSW : 0704000180000000 0000000000282e94 (setup_new_exec+0xa0/0x374)
  Call Trace:
  ([<0000000000282e2c>] setup_new_exec+0x38/0x374)
   [<00000000002dd12e>] load_elf_binary+0x402/0x1bf4
   [<0000000000280a42>] search_binary_handler+0x38e/0x5bc
   [<0000000000282b6c>] do_execve_common+0x410/0x514
   [<0000000000282cb6>] do_execve+0x46/0x58
   [<00000000005bce58>] kernel_execve+0x28/0x70
   [<000000000014ba2e>] ____call_usermodehelper+0x102/0x140
   [<00000000005bc8da>] kernel_thread_starter+0x6/0xc
   [<00000000005bc8d4>] kernel_thread_starter+0x0/0xc
  Last Breaking-Event-Address:
   [<00000000002830f0>] setup_new_exec+0x2fc/0x374

  Kernel panic - not syncing: Fatal exception: panic_on_oops

Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-02-06 15:15:20 -08:00