Commit Graph

111887 Commits

Author SHA1 Message Date
James Bottomley
c055f5b261 [SCSI] fix oops in scsi_run_queue()
The recent commit closing the race window in device teardown:

commit 86cbfb5607
Author: James Bottomley <James.Bottomley@suse.de>
Date:   Fri Apr 22 10:39:59 2011 -0500

    [SCSI] put stricter guards on queue dead checks

is causing a potential NULL deref in scsi_run_queue() because the
q->queuedata may already be NULL by the time this function is called.
Since we shouldn't be running a queue that is being torn down, simply
add a NULL check in scsi_run_queue() to forestall this.

Tested-by: Jim Schutt <jaschut@sandia.gov>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-05-03 15:30:00 -05:00
Harry Wei
9005fcd89c staging: Remove a warning for drivers/staging/wlan-ng/cfg80211.c
Hi us,
   When i was compiling kernel, a warning happened to me.
The warning said like following.

drivers/staging/wlan-ng/cfg80211.c:709: warning: initialization from
incompatible pointer type.

See http://s1202.photobucket.com/albums/bb364/harrywei/?action=view&current=patched2.png
for more details.

So i patch like following.

Signed-off-by: Harry Wei <harryxiyou@gmail.com>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-03 12:52:00 -07:00
Andiry Xu
4f0871a6c7 xHCI: Clear PLC in xhci_bus_resume()
This patch clears PORT_PLC if xhci_bus_resume() resumes a previous suspended
port, because if a port transition from U3 to U0 state, it will report a
port link state change, and software should clear the corresponding PLC bit.

It also uses hcd->speed to check if a port is a USB2 protocol port.

The patch fixes the issue that USB keyboard can not wakeup system from
hibernation.

Signed-off-by: Andiry Xu <andiry.xu@amd.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
2011-05-03 11:14:32 -07:00
Sage Weil
4ad12621e4 libceph: fix ceph_osdc_alloc_request error checks
ceph_osdc_alloc_request returns NULL on failure.

Signed-off-by: Sage Weil <sage@newdream.net>
2011-05-03 09:28:13 -07:00
Linus Torvalds
9a6cd4b45a Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
  mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish
  mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
  mmc: tmio: fix .set_ios(MMC_POWER_UP) handling
  mmc: fix a race between card-detect rescan and clock-gate work instances
  mmc: omap: Fix possible NULL pointer deref
  mmc: core: mmc_add_card(): fix missing break in switch statement
  mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()
2011-05-03 09:24:44 -07:00
Linus Torvalds
497ff03444 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: wm831x-ts - move BTN_TOUCH reporting to data transfer
  Input: wm831x-ts - allow IRQ flags to be specified
  Input: wm831x-ts - fix races with IRQ management
2011-05-02 20:26:32 -07:00
Linus Torvalds
5933f2ae35 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (47 commits)
  sysctl: net: call unregister_net_sysctl_table where needed
  Revert: veth: remove unneeded ifname code from veth_newlink()
  smsc95xx: fix reset check
  tg3: Fix failure to enable WoL by default when possible
  networking: inappropriate ioctl operation should return ENOTTY
  amd8111e: trivial typo spelling: Negotitate -> Negotiate
  ipv4: don't spam dmesg with "Using LC-trie" messages
  af_unix: Only allow recv on connected seqpacket sockets.
  mii: add support of pause frames in mii_get_an
  net: ftmac100: fix scheduling while atomic during PHY link status change
  usbnet: Transfer of maintainership
  usbnet: add support for some Huawei modems with cdc-ether ports
  bnx2: cancel timer on device removal
  iwl4965: fix "Received BA when not expected"
  iwlagn: fix "Received BA when not expected"
  dsa/mv88e6131: fix unknown multicast/broadcast forwarding on mv88e6085
  usbnet: Resubmit interrupt URB if device is open
  iwl4965: fix "TX Power requested while scanning"
  iwlegacy: led stay solid on when no traffic
  b43: trivial: update module info about ucode16_mimo firmware
  ...
2011-05-02 18:00:43 -07:00
Alan Stern
cee6a26255 USB: fix regression in usbip by setting has_tt flag
This patch (as1460) fixes a regression in the usbip driver caused by
the new check for Transaction Translators in USB-2 hubs.  The root hub
registered by vhci_hcd needs to have the has_tt flag set, because it
can connect to low- and full-speed devices as well as high-speed
devices.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Nikola Ciprich <nikola.ciprich@linuxbox.cz>
CC: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-02 17:07:50 -07:00
Arvid Brodin
d93da492d9 usb/isp1760: Report correct urb status after unlink
This fixes a bug in my previous (2.6.38) patch series which caused
urb->status value to be wrong after unlink (broke usbtest 11, 12).

Signed-off-by: Arvid Brodin <arvid.brodin@enea.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-02 17:07:49 -07:00
Jiri Pirko
6c8c44462a Revert: veth: remove unneeded ifname code from veth_newlink()
84c49d8c3e ("veth: remove unneeded
ifname code from veth_newlink()") caused regression on veth
creation. This patch reverts the original one.

Reported-by: Michał Mirosław <mirqus@gmail.com>
Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-02 15:54:31 -07:00
Rabin Vincent
d946092000 smsc95xx: fix reset check
The reset loop check should check the MII_BMCR register value for
BMCR_RESET rather than for MII_BMCR (the register address, which also
happens to be zero).

Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-02 15:50:58 -07:00
Rafael J. Wysocki
6fdbab9d93 tg3: Fix failure to enable WoL by default when possible
tg3 is supposed to enable WoL by default on adapters which support
that, but it fails to do so unless the adapter's
/sys/devices/.../power/wakeup file contains 'enabled' during the
initialization of the adapter.  Fix that by making tg3 use
device_set_wakeup_enable() to enable wakeup automatically whenever
WoL should be enabled by default.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-02 15:44:17 -07:00
Joe Perches
983960b159 amd8111e: trivial typo spelling: Negotitate -> Negotiate
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-02 14:42:55 -07:00
B.J. Buchalter
2e053a27d9 firewire: Fix for broken configrom updates in quick succession
Current implementation of ohci_set_config_rom() uses a deferred
bus reset via fw_schedule_bus_reset(). If clients add multiple
unit descriptors to the config_rom in quick succession, the
deferred bus reset may not have fired before succeeding update
requests have come in. This can lead to an incorrect partial
update of the config_rom for both addition and removal of
config_rom descriptors, as the ohci_set_config_rom() routine
will return -EBUSY if a previous pending update has not been
completed yet; the requested update just gets dropped on the floor.

This patch recognizes that the "in-flight" update can be modified
until it has been processed by the bus-reset, and the locking
in the bus_reset_tasklet ensures that the update is done atomically
with respect to modifications made by ohci_set_config_rom(). The
-EBUSY error case is simply removed.

[Stefan R:  The bug always existed at least theoretically.  But it
became easy to trigger since 2.6.36 commit 02d37bed18 "firewire: core:
integrate software-forced bus resets with bus management" which
introduced long mandatory delays between janitorial bus resets.]

Signed-off-by: Benjamin Buchalter <bj@mhlabs.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (trivial style changes)
Cc: <stable@kernel.org> # 2.6.36.y and newer
2011-05-02 22:55:22 +02:00
David S. Miller
badb02953a Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2011-05-02 12:21:47 -07:00
Linus Torvalds
625a3b6057 Merge branch 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm
* 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm: (47 commits)
  CLKDEV: Fix clkdev return value for NULL clk case
  ARM: 6891/1: prevent heap corruption in OABI semtimedop
  ARM: kprobes: Tidy-up kprobes-decode.c
  ARM: kprobes: Add emulation of hint instructions like NOP and WFI
  ARM: kprobes: Add emulation of SBFX, UBFX, BFI and BFC instructions
  ARM: kprobes: Add emulation of MOVW and MOVT instructions
  ARM: kprobes: Reject probing of undefined data processing instructions
  ARM: kprobes: Remove redundant code in space_1111
  ARM: kprobes: Fix emulation of PLD instructions
  ARM: kprobes: Reject probing of SETEND instructions
  ARM: kprobes: Consolidate stub decoding functions
  ARM: kprobes: Reject probing of all coprocessor instructions
  ARM: kprobes: Fix emulation of USAD8 instructions
  ARM: kprobes: Fix emulation of SMUAD, SMUSD and SMMUL instructions
  ARM: kprobes: Fix emulation of SXTB16, SXTB, SXTH, UXTB16, UXTB and UXTH instructions
  ARM: kprobes: Reject probing of undefined media instructions
  ARM: kprobes: Add emulation of RBIT instruction
  ARM: kprobes: Reject probing of LDRB instructions which load PC
  ARM: kprobes: Fix emulation of LDRD and STRD instructions
  ARM: kprobes: Reject probing of LDR/STR instructions which update PC unpredictably
  ...
2011-05-02 12:17:05 -07:00
Linus Torvalds
96f3ee2805 Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
  [S390] irqstats: fix counting of pfault, dasd diag and virtio irqs
  [S390] prng: fix pointer arithmetic
2011-05-02 08:47:35 -07:00
Linus Torvalds
fa51588882 Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging:
  hwmon: (twl4030-madc-hwmon) Return proper error if hwmon_device_register fails
2011-05-02 08:47:12 -07:00
Keshava Munegowda
6e3d4bec6b omap:usb: add regulator support for EHCI
in case of ehci phy mode; regulator of phy
should be enabled before initializing the
usbhs core driver.

Signed-off-by: Keshava Munegowda <keshava_mgowda@ti.com>
Tested-by: Steve Calfee <stevecalfee@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2011-05-02 15:29:26 +03:00
Axel Lin
d11536e4e0 mfd: Fix usbhs_enable error handling
In the case of missing platform_data we do not hold a spin_lock,
thus we should not call spin_unlock_irqrestore in the error path.

Also simplify the error handling by separating the successful path
from error path. I think this change improves readability.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Tested-by: Steve Calfee <stevecalfee@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2011-05-02 12:34:34 +03:00
Jarkko Nikula
cdefce1695 usb: musb: gadget: Fix out-of-sync runtime pm calls
If cable is not connected to peripheral only board when initializing the
gadget driver, then runtime pm calls are out-of-sync and the musb cannot
idle with omap2430.c. This was noted on Nokia N900 where musb prevented the
CPU to be able to enter deeper retention idle state.

This was working in 2.6.38 before runtime pm conversions but there musb
smart standby/idle modes were configured statically where they are now
updated runtime depending on use and cable status.

Reason for out-of-sync is that runtime pm is activated in function
musb_gadget.c: usb_gadget_probe_driver but suspended only in OTG mode if
cable is not connected when initializing. In peripheral only mode this leads
to out-of-sync runtime pm since runtime pm remain active and is activated
another time in omap2430.c: musb_otg_notifications for VBUS Connect event
and thus cannot suspend for VBUS Disconnect event since the use count remains
active.

Fix this by moving cable status check and pm_runtime_put call in
usb_gadget_probe_driver out of is_otg_enabled block.

Signed-off-by: Jarkko Nikula <jhnikula@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2011-05-02 12:34:33 +03:00
Jarkko Nikula
383cf4e8d4 usb: musb: omap2430: Fix retention idle on musb peripheral only boards
Recent runtime pm and hwmod conversions for 2.6.39 broke the musb peripheral
mode OMAP retention idle on boards where the board mode in struct
musb_hdrc_platform_data is set to MUSB_PERIPHERAL.

These conversions changed the way how the OTG_SYSCONFIG register is
configured and used in runtime. Before 2.6.39 smart standby/idle modes were
activated statically in OTG_SYSCONFIG. Those modes allow that the musb is
able to idle when peripheral device is not connected to host.

In 2.6.39 the OTG_SYSCONFIG is updated runtime depending on VBUS status.
No standby/idle modes are used when device is connected and force
standby/idle when disconnected.

Unfortunately VBUS disconnect event that handles the disconnect case lets
the peripheral musb to idle only when board mode is MUSB_OTG. Fix this by
checking the peripheral mode also.

Signed-off-by: Jarkko Nikula <jhnikula@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2011-05-02 12:34:32 +03:00
Jean Delvare
56acc7a39a i2c-parport: Fix adapter list handling
Use a standard list with proper locking to handle the list of
adapters. Thankfully it only matters on systems with more than one
parallel port, which are very rare.

Thanks to Lukasz Kapiec for reporting the problem to me.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@kernel.org
2011-05-01 18:18:49 +02:00
Jean Delvare
a6e5e2be44 i2c-i801: Move device ID definitions to driver
Move the SMBus device ID definitions of recent devices from pci_ids.h
to the i2c-i801.c driver file. They don't have to be shared, as they
are clearly identified and only used in this driver. In the future,
such IDs will go to i2c-i801 directly. This will make adding support
for new devices much faster and easier, as it will avoid cross-
subsystem patch sets and merge conflicts.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Seth Heasley <seth.heasley@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
2011-05-01 18:18:49 +02:00
Axel Lin
c30aa39c23 hwmon: (twl4030-madc-hwmon) Return proper error if hwmon_device_register fails
The driver did not return an error if the call to hwmon_device_register failed.
Fix by returning the error reported from hwmon_device_register.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
2011-05-01 09:06:35 -07:00
Russell King
e8bf8df9c2 CLKDEV: Fix clkdev return value for NULL clk case
clkdev may incorrectly cause a clkdev entry with a NULL clk to return
-ENOENT.  This is not the intention of this code; -ENOENT should only
be returned if the clock entry can not be found in the table.  Fix
this.

Reported-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-04-30 10:14:08 +01:00
Linus Torvalds
1be6a1f89f Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] pmcraid: reject negative request size
  [SCSI] put stricter guards on queue dead checks
  [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path
  [SCSI] mpt2sas: prevent heap overflows and unchecked reads
2011-04-29 16:27:52 -07:00
Linus Torvalds
fcc4dc7151 Merge branch 'timer-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'timer-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  hrtimer: Initialize CLOCK_ID to HRTIMER_BASE table statically
  rtc: max8925: Call dev_set_drvdata before rtc_device_register
2011-04-29 15:08:31 -07:00
artpol
2b5a4ace66 mii: add support of pause frames in mii_get_an
Add support of pause frames advertise in mii_get_an. This provides all drivers
that use mii_ethtool_gset to represent their own and Link partner flow control
abilities in ethtool.

Signed-off-by: Artem Polyakov <artpol84@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-29 13:57:32 -07:00
Adam Jaremko
eee9700c5d net: ftmac100: fix scheduling while atomic during PHY link status change
Signed-off-by: Adam Jaremko <adam.jaremko@gmail.com>
Acked-by: Po-Yu Chuang <ratbert@faraday-tech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-29 12:41:59 -07:00
Dan Williams
b3c914aa84 usbnet: add support for some Huawei modems with cdc-ether ports
Some newer Huawei devices (T-Mobile Rocket, others) have cdc-ether
compatible ports, so recognize and expose them.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-29 12:40:20 -07:00
Neil Horman
8333a46ad3 bnx2: cancel timer on device removal
This oops was recently reported to me:

invalid opcode: 0000 [#1] SMP
last sysfs file:
/sys/devices/pci0000:00/0000:00:01.0/0000:01:0d.0/0000:02:05.0/device
CPU 1
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
dm_mod [last unloaded: bnx2]

Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
dm_mod [last unloaded: bnx2]
Pid: 23900, comm: pidof Not tainted 2.6.32-130.el6.x86_64 #1 BladeCenter LS21
-[797251Z]-
RIP: 0010:[<ffffffffa058b270>]  [<ffffffffa058b270>] 0xffffffffa058b270
RSP: 0018:ffff880002083e48  EFLAGS: 00010246
RAX: ffff880002083e90 RBX: ffff88007ccd4000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: dead000000200200 RDI: ffff8800007b8700
RBP: ffff880002083ed0 R08: ffff88000208db40 R09: 0000022d191d27c8
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800007b9bc8
R13: ffff880002083e90 R14: ffff8800007b8700 R15: ffffffffa058b270
FS:  00007fbb3bcf7700(0000) GS:ffff880002080000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001664a98 CR3: 0000000060395000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process pidof (pid: 23900, threadinfo ffff8800007e8000, task ffff8800091c0040)
Stack:
 ffffffff81079f77 ffffffff8109e010 ffff88007ccd5c20 ffff88007ccd5820
<0> ffff88007ccd5420 ffff8800007e9fd8 ffff8800007e9fd8 0000010000000000
<0> ffff88007ccd5020 ffff880002083e90 ffff880002083e90 ffffffff8102a00d
Call Trace:
 <IRQ>
 [<ffffffff81079f77>] ? run_timer_softirq+0x197/0x340
 [<ffffffff8109e010>] ? tick_sched_timer+0x0/0xc0
 [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
 [<ffffffff8106f737>] __do_softirq+0xb7/0x1e0
 [<ffffffff81092cc0>] ? hrtimer_interrupt+0x140/0x250
 [<ffffffff81185f90>] ? filldir+0x0/0xe0
 [<ffffffff8100c2cc>] call_softirq+0x1c/0x30
 [<ffffffff8100df05>] do_softirq+0x65/0xa0
 [<ffffffff8106f525>] irq_exit+0x85/0x90
 [<ffffffff814e3340>] smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc93>] apic_timer_interrupt+0x13/0x20
 <EOI>
 [<ffffffff81211ba5>] ? selinux_file_permission+0x45/0x150
 [<ffffffff81262a75>] ? _atomic_dec_and_lock+0x55/0x80
 [<ffffffff812050c6>] security_file_permission+0x16/0x20
 [<ffffffff811861c1>] vfs_readdir+0x71/0xe0
 [<ffffffff81186399>] sys_getdents+0x89/0xf0
 [<ffffffff8100b172>] system_call_fastpath+0x16/0x1b

It occured during some stress testing, in which the reporter was repeatedly
removing and modprobing the bnx2 module while doing various other random
operations on the bnx2 registered net device.  Noting that this error occured on
a serdes based device, we noted that there were a few ethtool operations (most
notably self_test and set_phys_id) that have execution paths that lead into
bnx2_setup_serdes_phy.  This function is notable because it executes a mod_timer
call, which starts the bp->timer running.  Currently bnx2 is setup to assume
that this timer only nees to be stopped when bnx2_close or bnx2_suspend is
called.  Since the above ethtool operations are not gated on the net device
having been opened however, that assumption is incorrect, and can lead to the
timer still running after the module has been removed, leading to the oops above
(as well as other simmilar oopses).

Fix the problem by ensuring that the timer is stopped when pci_device_unregister
is called.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: Hushan Jia <hjia@redhat.com>
CC: Michael Chan <mchan@broadcom.com>
CC: "David S. Miller" <davem@davemloft.net>
Acked-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-29 12:32:35 -07:00
Stanislaw Gruszka
16b345d896 iwl4965: fix "Received BA when not expected"
Need to use broadcast sta_id for management frames, otherwise we broke
BA session in the firmware and get messages like that:

"Received BA when not expected"

or (on older kernels):

"BA scd_flow 0 does not match txq_id 10"

This fix regression introduced in 2.6.35 during station management
code rewrite by:

commit 2a87c26bbe
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Fri Apr 30 11:30:45 2010 -0700

    iwlwifi: use iwl_find_station less

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-29 15:24:15 -04:00
Stanislaw Gruszka
bfd36103ec iwlagn: fix "Received BA when not expected"
Need to use broadcast sta_id for management frames, otherwise we broke
BA session in the firmware and get messages like that:

"Received BA when not expected"

or (on older kernels):

"BA scd_flow 0 does not match txq_id 10"

This fix regression introduced in 2.6.35 during station management
code rewrite by:

commit 2a87c26bbe
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Fri Apr 30 11:30:45 2010 -0700

    iwlwifi: use iwl_find_station less

Patch partially resolve:
https://bugzilla.kernel.org/show_bug.cgi?id=16691
However, there are still 11n performance problems on 4965 and 5xxx
devices that need to be investigated.

Cc: stable@kernel.org # 2.6.35+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-29 15:24:15 -04:00
Oliver Endriss
b730011061 [media] ngene: Fix CI data transfer regression
Fix CI data transfer regression introduced by previous cleanup.

Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 12:35:10 -03:00
Herton Ronaldo Krzesinski
80845a3316 [media] v4l: make sure drivers supply a zeroed struct v4l2_subdev
Some v4l drivers currently don't initialize their struct v4l2_subdev
with zeros, and this is a problem since some of the v4l2 code expects
this. One example is the addition of internal_ops in commit 45f6f84,
after that we are at risk of random oopses with these drivers when code
in v4l2_device_register_subdev tries to dereference sd->internal_ops->*,
as can be shown by the report at http://bugs.launchpad.net/bugs/745213
and analysis of its crash at https://lkml.org/lkml/2011/4/1/168

Use kzalloc within problematic drivers to ensure we have a zeroed struct
v4l2_subdev.

BugLink: http://bugs.launchpad.net/bugs/745213
Cc: <stable@kernel.org>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 12:33:28 -03:00
Malcolm Priestley
2b5cb549f8 [media] Missing frontend config for LME DM04/QQBOX
Forgot to add the DVB_STV0299/DVB_PLL to config

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 11:46:12 -03:00
Hussam Al-Tayeb
88fda5619e [media] rc_core: avoid kernel oops when rmmod saa7134
The following is a patch to avoid a kernel oops when running rmmod
saa7134 on kernel 2.6.27.1. The change is as suggested by mchehab on
irc.freenode.org

Signed-off-by: Hussam Al-Tayeb <ht990332@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 11:45:52 -03:00
Jean Delvare
bc4d45f190 hwmon: (lm85) Fix error paths in probe function
We must remove all files we created, even in error cases.

Fixes second part of kernel bug #34072:
https://bugzilla.kernel.org/show_bug.cgi?id=34072

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
2011-04-29 16:33:36 +02:00
Jean Delvare
5f441e2256 hwmon: (lm85) Add missing list terminators
Fixes kernel bug #34072:
https://bugzilla.kernel.org/show_bug.cgi?id=34072

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
2011-04-29 16:33:36 +02:00
Jean Delvare
d7ce0335b5 hwmon: (adm1021) Clarify documentation regarding Xeon processors
Recent Xeon processor thermal sensors are supported by the coretemp
driver and not the adm1021 driver. Only one old generation of Xeon
processors (the first Netburst ones) are supported by the adm1021
driver.

Reported-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
2011-04-29 16:33:36 +02:00
Guenter Roeck
5a4e5e6a70 hwmon: (lm90) Add support for ADT7461A and NCT1008
This patch adds support for ADT7461A and NCT1008 to the lm90 driver.
Both chips have identical functionality and report the same manufacturing ID
and device ID values.

Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
2011-04-29 16:33:35 +02:00
Jarod Wilson
23ef710e1a [media] imon: add conditional locking in change_protocol
The imon_ir_change_protocol function gets called two different ways, one
way is from rc_register_device, for initial protocol selection/setup,
and the other is via a userspace-initiated protocol change request,
either by direct sysfs prodding or by something like ir-keytable.

In the rc_register_device case, the imon context lock is already held,
but when initiated from userspace, it is not, so we must acquire it,
prior to calling send_packet, which requires that the lock is held.

Without this change, there's an easily reproduceable deadlock when
another function calls send_packet (such as either of the display write
fops) after a userspace-initiated change_protocol.

With a lock-debugging-enabled kernel, I was getting this:

[   15.014153] =====================================
[   15.015048] [ BUG: bad unlock balance detected! ]
[   15.015048] -------------------------------------
[   15.015048] ir-keytable/773 is trying to release lock (&ictx->lock) at:
[   15.015048] [<ffffffff814c6297>] mutex_unlock+0xe/0x10
[   15.015048] but there are no more locks to release!
[   15.015048]
[   15.015048] other info that might help us debug this:
[   15.015048] 2 locks held by ir-keytable/773:
[   15.015048]  #0:  (&buffer->mutex){+.+.+.}, at: [<ffffffff8119d400>] sysfs_write_file+0x3c/0x144
[   15.015048]  #1:  (s_active#87){.+.+.+}, at: [<ffffffff8119d4ab>] sysfs_write_file+0xe7/0x144
[   15.015048]
[   15.015048] stack backtrace:
[   15.015048] Pid: 773, comm: ir-keytable Not tainted 2.6.38.4-20.fc15.x86_64.debug #1
[   15.015048] Call Trace:
[   15.015048]  [<ffffffff81089715>] ? print_unlock_inbalance_bug+0xca/0xd5
[   15.015048]  [<ffffffff8108b35c>] ? lock_release_non_nested+0xc1/0x263
[   15.015048]  [<ffffffff814c6297>] ? mutex_unlock+0xe/0x10
[   15.015048]  [<ffffffff814c6297>] ? mutex_unlock+0xe/0x10
[   15.015048]  [<ffffffff8108b67b>] ? lock_release+0x17d/0x1a4
[   15.015048]  [<ffffffff814c6229>] ? __mutex_unlock_slowpath+0xc5/0x125
[   15.015048]  [<ffffffff814c6297>] ? mutex_unlock+0xe/0x10
[   15.015048]  [<ffffffffa02964b6>] ? send_packet+0x1c9/0x264 [imon]
[   15.015048]  [<ffffffff8108b376>] ? lock_release_non_nested+0xdb/0x263
[   15.015048]  [<ffffffffa0296731>] ? imon_ir_change_protocol+0x126/0x15e [imon]
[   15.015048]  [<ffffffffa024a334>] ? store_protocols+0x1c3/0x286 [rc_core]
[   15.015048]  [<ffffffff81326e4e>] ? dev_attr_store+0x20/0x22
[   15.015048]  [<ffffffff8119d4cc>] ? sysfs_write_file+0x108/0x144
...

The original report that led to the investigation was the following:

[ 1679.457305] INFO: task LCDd:8460 blocked for more than 120 seconds.
[ 1679.457307] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1679.457309] LCDd            D ffff88010fcd89c8     0  8460      1 0x00000000
[ 1679.457312]  ffff8800d5a03b48 0000000000000082 0000000000000000 ffff8800d5a03fd8
[ 1679.457314]  00000000012dcd30 fffffffffffffffd ffff8800d5a03fd8 ffff88010fcd86f0
[ 1679.457316]  ffff8800d5a03fd8 ffff8800d5a03fd8 ffff88010fcd89d0 ffff8800d5a03fd8
[ 1679.457319] Call Trace:
[ 1679.457324]  [<ffffffff810ff1a5>] ? zone_statistics+0x75/0x90
[ 1679.457327]  [<ffffffff810ea907>] ? get_page_from_freelist+0x3c7/0x820
[ 1679.457330]  [<ffffffff813b0a49>] __mutex_lock_slowpath+0x139/0x320
[ 1679.457335]  [<ffffffff813b0c41>] mutex_lock+0x11/0x30
[ 1679.457338]  [<ffffffffa0d54216>] display_open+0x66/0x130 [imon]
[ 1679.457345]  [<ffffffffa01d06c0>] usb_open+0x180/0x310 [usbcore]
[ 1679.457349]  [<ffffffff81143b3b>] chrdev_open+0x1bb/0x2d0
[ 1679.457350]  [<ffffffff8113d93d>] __dentry_open+0x10d/0x370
[ 1679.457352]  [<ffffffff81143980>] ? chrdev_open+0x0/0x2d0
...

Bump the driver version here so its easier to tell if people have this
locking fix or not, and also make locking during probe easier to follow.

CC: stable@kernel.org
Reported-by: Benjamin Hodgetts <ben@xnode.org>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 09:27:48 -03:00
Jarod Wilson
b30039333a [media] rc: show RC_TYPE_OTHER in sysfs
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 09:26:22 -03:00
Jarod Wilson
d7516c7cf3 [media] ite-cir: modular build on ppc requires delay.h include
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 09:26:05 -03:00
Jarod Wilson
e296e1276c [media] mceusb: add Dell transceiver ID
Add device ID for a Dell-branded, Philips device ID transceiver reported
by an OpenELEC user on their forums.

http://openelec.tv/forum/27-hardware-support/5622-adding-support-for-an-ir-receiver--dell-branded--#5622

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-04-29 09:25:36 -03:00
Heiko Carstens
a985183285 [S390] irqstats: fix counting of pfault, dasd diag and virtio irqs
pfault, dasd diag and virtio all use the same external interrupt number.
The respective interrupt handlers decide by the subcode if they are
meant to handle the interrupt.
Counting is currently done before looking at the subcode which means
each handler counts an interrupt even if it is not handling it.
Fix this by moving the kstat code after the code which looks at the
subcode.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-04-29 10:42:25 +02:00
Linus Torvalds
fafc9929c6 Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/i915: restore only the mode of this driver on lastclose (v2)
  drm/radeon/kms: add info query for tile pipes
  drm/radeon/kms: add missing safe regs for 6xx/7xx
  drm: select FRAMEBUFFER_CONSOLE_PRIMARY if we have FRAMEBUFFER_CONSOLE
2011-04-28 13:14:02 -07:00
Paul Stewart
68972efa65 usbnet: Resubmit interrupt URB if device is open
Resubmit interrupt URB if device is open.  Use a flag set in
usbnet_open() to determine this state.  Also kill and free
interrupt URB in usbnet_disconnect().

[Rebased off git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git]

Signed-off-by: Paul Stewart <pstew@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-28 12:56:09 -07:00
Stanislaw Gruszka
f325757ab2 iwl4965: fix "TX Power requested while scanning"
Fix the following:

WARNING: at drivers/net/wireless/iwlegacy/iwl-4965.c:1128 \
iwl4965_send_tx_power+0x61/0x102 [iwl4965]() Hardware name: [...]
TX Power requested while scanning!

Pid: 5723, comm: kworker/u:28 Not tainted 2.6.39-0.rc4.4.fc14.x86_64 #1
Call Trace:
 [<ffffffff8104e27b>] warn_slowpath_common+0x85/0x9d
 [<ffffffffa02782e0>] ? iwl4965_show_temperature+0x49/0x49 [iwl4965]
 [<ffffffff8104e336>] warn_slowpath_fmt+0x46/0x48
 [<ffffffffa027712f>] iwl4965_send_tx_power+0x61/0x102 [iwl4965]
 [<ffffffff81477e05>] ? mutex_lock+0x36/0x50
 [<ffffffffa0278337>] iwl4965_bg_txpower_work+0x57/0x73 [iwl4965]
 [<ffffffff810647f3>] process_one_work+0x18d/0x286
 [<ffffffff81065a5e>] worker_thread+0xfd/0x181
 [<ffffffff81065961>] ? manage_workers.clone.16+0x172/0x172
 [<ffffffff81069036>] kthread+0x82/0x8a
 [<ffffffff81480524>] kernel_thread_helper+0x4/0x10
 [<ffffffff81068fb4>] ? kthread_worker_fn+0x14b/0x14b
 [<ffffffff81480520>] ? gs_change+0x13/0x13

Reported-and-tested-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-28 14:38:36 -04:00
Wey-Yi Guy
1501b6764f iwlegacy: led stay solid on when no traffic
commit 5ed540aecc change the led behavior
for iwlwifi driver; the side effect cause led blink all the time.

Modify the led blink table to fix this problem

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-28 14:38:35 -04:00
Rafał Miłecki
f615839416 b43: trivial: update module info about ucode16_mimo firmware
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-28 14:38:35 -04:00
Zhangfei Gao
f945a3d960 rtc: max8925: Call dev_set_drvdata before rtc_device_register
We call rtc_read_alarm from rtc_device_register, so it is important
that the rtc device is fully initialized prior to registration.

rtc-max8925 sets drvdata after register, so the rtc_read_alarm code
dereferences a NULL pointer.

Call dev_set_drvdata before rtc_device_register.

[ jstultz/tglx: Massaged commit message ]

Signed-off-by: Zhangfei Gao <zhangfei.gao@marvell.com>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Link: http://lkml.kernel.org/r/%3C1303929869-25249-1-git-send-email-john.stultz%40linaro.org%3E
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2011-04-28 11:16:21 +02:00
Mark Brown
bf283707d5 Input: wm831x-ts - move BTN_TOUCH reporting to data transfer
Don't report BTN_TOUCH until we've got data as some less robust applications
can be confused by getting a touch event by itself and it doesn't seem
unreasonable for them to expect coordinates along with a touch.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
2011-04-27 23:12:22 -07:00
Mark Brown
acad9853b9 Input: wm831x-ts - allow IRQ flags to be specified
This allows maximum flexibility for configuring the direct GPIO based
interrupts.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
2011-04-27 23:12:16 -07:00
Mark Brown
f534666815 Input: wm831x-ts - fix races with IRQ management
If the WM831x pen down and data IRQs run in parallel it is possible for the
data and pen down IRQs to deadlock themselves as one is part way through
disabling its operation while the other is part way through enabling. Fix
this by always disabling the pen down interrupt while data is active and
vice versa.  When a changeover is required we disable the IRQ that is to
be stopped then schedule work that will enable the new IRQ.

We need to handle the data flow in the data IRQ as the readback from the
device needs to be ordered correctly with the IRQ for robust operation.

This also fixes an issue when using the built in IRQs due to enable_irq()
not being valid from interrupt context on an interrupt controller with bus
operations like the built in IRQ controller - this issue may also have
affected other interrupt controllers.  We can't rely on having the data
and pen down IRQs available via GPIOs on the CPU on every system.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
2011-04-27 23:12:12 -07:00
Chris Ball
0c9c99a765 mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish
It seems that under certain circumstances the sdhci_tasklet_finish()
call can be entered with mrq set to NULL, causing the system to crash
with a NULL pointer de-reference.

Seen on S3C6410 system.  Based on a patch by Dimitris Papastamos.

Reported-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
Cc: <stable@kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
2011-04-27 19:16:50 -04:00
Ben Dooks
b7b4d3426d mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
It seems that under certain circumstances that the sdhci_tasklet_finish()
call can be entered with mrq->cmd set to NULL, causing the system to crash
with a NULL pointer de-reference.

Unable to handle kernel NULL pointer dereference at virtual address 00000000
PC is at sdhci_tasklet_finish+0x34/0xe8
LR is at sdhci_tasklet_finish+0x24/0xe8

Seen on S3C6410 system.

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: <stable@kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
2011-04-27 19:16:45 -04:00
Guennadi Liakhovetski
c919c2a073 mmc: tmio: fix .set_ios(MMC_POWER_UP) handling
The aggressive clock gating for TMIO MMC patch has broken switching
interface power on, using MFD or platform callbacks. Restore the
ios->power_mode == MMC_POWER_UP && ios->clock == 0 case handling.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Chris Ball <cjb@laptop.org>
2011-04-27 19:16:29 -04:00
Guennadi Liakhovetski
26fc8775b5 mmc: fix a race between card-detect rescan and clock-gate work instances
Currently there is a race in the MMC core between a card-detect
rescan work and the clock-gating work, scheduled from a command
completion. Fix it by removing the dedicated clock-gating mutex
and using the MMC standard locking mechanism instead.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Cc: Simon Horman <horms@verge.net.au>
Cc: Magnus Damm <damm@opensource.se>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Cc: <stable@kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
2011-04-27 19:16:12 -04:00
Michael Buesch
f694751421 mmc: omap: Fix possible NULL pointer deref
Either OMAP_MMC_STAT_CARD_ERR or OMAP_MMC_STAT_END_OF_CMD might fire
if there is no host->cmd pointer.

Check for a valid host->cmd pointer before calling mmc_omap_cmd_done().

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
2011-04-27 19:15:12 -04:00
Michał Mirosław
9bc21848b1 mmc: core: mmc_add_card(): fix missing break in switch statement
Fixes a cosmetic bug that affects printk() for SD-combo cards.

Reported-by: Prashanth Bhat <prashanth.bhat@manipal.net>
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: Chris Ball <cjb@laptop.org>
2011-04-27 19:15:07 -04:00
Chris Ball
9fdcdbb0d8 mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()
If pci_ioremap_bar() fails during probe, we "goto release;" and free the
host, but then we return 0 -- which tells sdhci_pci_probe() that the probe
succeeded.  Since we think the probe succeeded, when we unload sdhci we'll
go to sdhci_pci_remove_slot() and it will try to dereference slot->host,
which is now NULL because we freed it in the error path earlier.

The patch simply sets ret appropriately, so that sdhci_pci_probe() will
detect the failure immediately and bail out.

Signed-off-by: Chris Ball <cjb@laptop.org>
Cc: <stable@kernel.org>
2011-04-27 19:14:55 -04:00
Linus Torvalds
be6b694713 Merge branch 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
  ACPI / PM: Avoid infinite recurrence while registering power resources
  PM / Wakeup: Fix initialization of wakeup-related device sysfs files
2011-04-27 15:20:00 -07:00
Linus Torvalds
0fd97ab489 Merge branch 'spell-fix' of git://git.profusion.mobi/users/lucas/linux-2.6
* 'spell-fix' of git://git.profusion.mobi/users/lucas/linux-2.6:
  Revert wrong fixes for common misspellings
2011-04-27 15:18:37 -07:00
Linus Torvalds
7fcaa9aaea Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6: (42 commits)
  [media] media: vb2: correct queue initialization order
  [media] media: vb2: fix incorrect v4l2_buffer->flags handling
  [media] s5p-fimc: Add support for the buffer timestamps and sequence
  [media] s5p-fimc: Fix bytesperline and plane payload setup
  [media] s5p-fimc: Do not allow changing format after REQBUFS
  [media] s5p-fimc: Fix FIMC3 pixel limits on Exynos4
  [media] tda18271: update tda18271c2_rf_cal as per NXP's rev.04 datasheet
  [media] tda18271: update tda18271_rf_band as per NXP's rev.04 datasheet
  [media] tda18271: fix bad calculation of main post divider byte
  [media] tda18271: prog_cal and prog_tab variables should be s32, not u8
  [media] tda18271: fix calculation bug in tda18271_rf_tracking_filters_init
  [media] omap3isp: queue: Don't corrupt buf->npages when get_user_pages() fails
  [media] v4l: Don't register media entities for subdev device nodes
  [media] omap3isp: Don't increment node entity use count when poweron fails
  [media] omap3isp: lane shifter support
  [media] omap3isp: ccdc: support Y10/12, 8-bit bayer fmts
  [media] media: add missing 8-bit bayer formats and Y12
  [media] v4l: add V4L2_PIX_FMT_Y12 format
  cx23885: Fix stv0367 Kconfig dependency
  [media] omap3isp: Use isp xclk defines
  ...

Fix up trivial conflict (spelink errurs) in drivers/media/video/omap3isp/isp.c
2011-04-27 15:17:52 -07:00
Dave Airlie
e8e7a2b8cc drm/i915: restore only the mode of this driver on lastclose (v2)
i915 calls the panic handler function on last close to reset the modes,
however this is a really bad idea for multi-gpu machines, esp shareable
gpus machines. So add a new entry point for the driver to just restore
its own fbcon mode.

v2: move code into fb helper, fix panic code to block mode change on
powered off GPUs.

[airlied: this hits drm core and I wrote it and it was reviewed on intel-gfx
 so really I signed it off twice ;-).]
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-27 17:51:59 +10:00
Alex Deucher
6565945b60 drm/radeon/kms: add info query for tile pipes
needed by mesa for htile setup.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-27 17:03:56 +10:00
Alex Deucher
834f0c353a drm/radeon/kms: add missing safe regs for 6xx/7xx
needed for HiS in mesa.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-27 17:03:54 +10:00
Dave Airlie
bf5192edcb drm: select FRAMEBUFFER_CONSOLE_PRIMARY if we have FRAMEBUFFER_CONSOLE
Multi-gpu/switcheroo relies on this option to get the console on the
correct GPU at bootup, some distros enable it but it seems some get
it wrong.

cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-27 16:54:06 +10:00
Lucas De Marchi
e9c549998d Revert wrong fixes for common misspellings
These changes were incorrectly fixed by codespell. They were now
manually corrected.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
2011-04-26 23:31:11 -07:00
Linus Torvalds
4175242c0d Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp:
  amd64_edac: Erratum #637 workaround
  amd64_edac: Factor in CC6 save area
  amd64_edac: Remove node interleave warning
  EDAC: Remove debugging output in scrub rate handling
2011-04-26 11:39:37 -07:00
Linus Torvalds
45dafe98f8 Merge git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
  watchdog: iTCO_wdt: TCO Watchdog patch for Intel Panther Point PCH
2011-04-26 11:39:14 -07:00
Linus Torvalds
fc7b3ff1ac Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
  [S390] kvm-390: Let kernel exit SIE instruction on work
  [S390] dasd: check sense type in device change handler
  [S390] pfault: fix token handling
  [S390] qdio: reset error states immediately
  [S390] fix page table walk for changing page attributes
  [S390] prng: prevent access beyond end of stack
  [S390] dasd: fix race between open and offline
2011-04-26 11:38:48 -07:00
Borislav Petkov
c1ae68309b amd64_edac: Erratum #637 workaround
F15h CPUs may report a non-DRAM address when reporting an error address
belonging to a CC6 state save area. Add a workaround to detect this
condition and compute the actual DRAM address of the error as documented
in the Revision Guide for AMD Family 15h Models 00h-0Fh Processors.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
2011-04-26 16:18:56 +02:00
Borislav Petkov
f08e457cec amd64_edac: Factor in CC6 save area
F15h and later use a portion of DRAM as a CC6 storage area. BIOS
programs D18F1x[17C:140,7C:40] DRAM Base/Limit accordingly by
subtracting the storage area from the DRAM limit setting. However, in
order for edac to consider that part of DRAM too, we need to include it
into the per-node range.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
2011-04-26 16:18:44 +02:00
Borislav Petkov
f030ddfb37 amd64_edac: Remove node interleave warning
This warning was wrongfully added for a normal condition - intlvsel
actually selects the destination node when node interleaving is enabled
and it is not a mismatch. For a detailed example, see section 2.8.10.2
"Node Interleaving" in F10h BKDG.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
2011-04-26 16:18:12 +02:00
Seth Heasley
aa1f465225 watchdog: iTCO_wdt: TCO Watchdog patch for Intel Panther Point PCH
This patch adds the TCO Watchdog DeviceIDs for the Intel Panther Point PCH.

Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2011-04-26 12:50:44 +00:00
Rafael J. Wysocki
7bed50c5ed ACPI / PM: Avoid infinite recurrence while registering power resources
There is at least one BIOS with a DSDT containing a power resource
object with a _PR0 entry pointing back to that power resource.  In
consequence, while registering that power resource
acpi_bus_get_power_flags() sees that it depends on itself and tries
to register it again, which leads to an infinitely deep recurrence.
This problem was introduced by commit bf325f9538
(ACPI / PM: Register power resource devices as soon as they are
needed).

To fix this problem use the observation that power resources cannot
be power manageable and prevent acpi_bus_get_power_flags() from
being called for power resource objects.

References: https://bugzilla.kernel.org/show_bug.cgi?id=31872
Reported-and-tested-by: Pascal Dormeau <pdormeau@free.fr>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Len Brown <lenb@kernel.org>
Cc: stable@kernel.org
2011-04-26 11:33:18 +02:00
Rafael J. Wysocki
22110faf8c PM / Wakeup: Fix initialization of wakeup-related device sysfs files
It turns out that some PCI devices are only found to be
wakeup-capable during registration, in which case, when
device_set_wakeup_capable() is called, device_is_registered() already
returns 'true' for the given device, but dpm_sysfs_add() hasn't been
called for it yet.  This leads to situations in which the device's
power.can_wakeup flag is not set as requested because of failing
wakeup_sysfs_add() and its wakeup-related sysfs files are not
created, although they should be present.  This is a post-2.6.38
regression introduced by commit cb8f51bdad
(PM: Do not create wakeup sysfs files for devices that cannot wake
up).

To work around this problem initialize the device's power.entry
field to an empty list head and make device_set_wakeup_capable()
check if it is still empty before attempting to add the devices
wakeup-related sysfs files with wakeup_sysfs_add().  Namely, if
power.entry is still empty at this point, device_pm_add() hasn't been
called yet for the device and its wakeup-related files will be
created later, so device_set_wakeup_capable() doesn't have to create
them.

Reported-and-tested-by: Tino Keitel <tino.keitel@tikei.de>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-26 11:33:09 +02:00
Linus Torvalds
71e9e6a582 Merge branch 'for-torvalds' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-stericsson
* 'for-torvalds' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-stericsson:
  rtc: fix coh901331 startup crash
  mach-ux500: fix i2c0 device setup regression
2011-04-25 19:00:55 -07:00
Randy Dunlap
b27b8ea853 staging: intel_sst: intelmid needs delay.h
intel_sst drivers need to #include <linux/delay.h> so that
they build cleanly:

drivers/staging/intel_sst/intelmid_v1_control.c:188: error: implicit declaration of function 'msleep'
drivers/staging/intel_sst/intelmid_v2_control.c:172: error: implicit declaration of function 'msleep'

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Vinod Koul <vinod.koul@intel.com>
Cc: Harsha Priya <priya.harsha@intel.com>
Cc: KP Jeeja <jeeja.kp@intel.com>
Cc: Dharageswari R <dharageswari.r@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:44:09 -07:00
Peter Foley
95c2b71b7b staging: solo6x10: add select SND_PCM to fix build error
This patch fixes a build error when SND_PCM is not set
by adding a select statment.

Signed-off-by: Peter Foley <pefoley2@verizon.net>
Acked-By: Ben Collins <bcollins@bluecherry.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:44:09 -07:00
Max Vozeler
d1b2e95ab0 staging: usbip: vhci: fix oops on subsequent attach
vhci_rx/vhci_tx threads are created once but stopped each
time the vdev is shut down. On subsequent attach wake_up_process()
oopses trying to access the stopped threads.

This patch does as before the kthread conversion which is to
create the threads each time a device is attached and stop the
threads when the device is shut down.

Signed-off-by: Max Vozeler <max@hinterhof.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Takahiro Hirofuchi <hirofuchi@users.sourceforge.net>
Cc: Arjan Mels <arjan.mels@gmx.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:09:51 -07:00
Jeff Mahoney
9f908a9eaa staging: ft1000: Remove unnecessary EXPORT_SYMBOLs
ft1000-pcmcia uses EXPORT_SYMBOL unnecessarily for sharing symbols
 inside the same module. For some reason, this is causing section
 conflicts on ia64 as well, even though neither are static.

 error: __ksymtab_stop_ft1000_card causes a section type conflict
 error: __ksymtab_init_ft1000_card causes a section type conflict

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:08:31 -07:00
Jeff Mahoney
1035117d2a staging: rts_pstor: use #ifdef instead of #if
This patch fixes a number of the following warnings:
warning: "CONFIG_RTS_PSTOR_DEBUG" is not defined

The code uses '#if CONFIG_RTS_PSTOR_DEBUG' when it should be using '#ifdef'

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:08:31 -07:00
Jeff Mahoney
c6cdaded14 staging: rts_pstor: Add <linux/vmalloc.h>
There are a few files in the rts_pstor driver that use vmalloc/vfree without
 including the header for it.

 This patch adds <linux/vmalloc.h> to those files.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:08:30 -07:00
Jeff Mahoney
4f80494daa staging: gma500: Depend on X86
The gma500 driver calls set_pages_uc, which is an x86 pageattr call.
 Since this driver is only used with Intel x86 motherboard chipsets,
 make the driver depend on X86.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:08:30 -07:00
Jeff Mahoney
97232fd666 staging: olpc: Add <linux/delay.h>
The olpc dcon xo1 driver uses udelay() without including <linux/delay.h>.

 This patch adds it.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Andres Salomon <dilinger@queued.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-25 17:08:29 -07:00
Hans Petter Selasky
8c61d9d611 cdc_ncm: fix short packet issue on some devices
The default maximum transmit length for NCM USB frames should be so
that a short packet happens at the end if the device supports a length
greater than the defined maximum. This is achieved by adding 4 bytes
to the maximum length so that the existing logic can fit a short
packet there.

Signed-off-by: Hans Petter Selasky <hselasky@c2i.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-24 22:35:19 -07:00
David S. Miller
9ac067a84e Merge branch 'davem.r8169' of git://git.kernel.org/pub/scm/linux/kernel/git/romieu/netdev-2.6 2011-04-24 11:51:04 -07:00
Dan Rosenberg
5f6279da37 [SCSI] pmcraid: reject negative request size
There's a code path in pmcraid that can be reached via device ioctl that
causes all sorts of ugliness, including heap corruption or triggering
the OOM killer due to consecutive allocation of large numbers of pages.
Not especially relevant from a security perspective, since users must
have CAP_SYS_ADMIN to open the character device.

First, the user can call pmcraid_chr_ioctl() with a type
PMCRAID_PASSTHROUGH_IOCTL.  A pmcraid_passthrough_ioctl_buffer
is copied in, and the request_size variable is set to
buffer->ioarcb.data_transfer_length, which is an arbitrary 32-bit signed
value provided by the user.

If a negative value is provided here, bad things can happen.  For
example, pmcraid_build_passthrough_ioadls() is called with this
request_size, which immediately calls pmcraid_alloc_sglist() with a
negative size.  The resulting math on allocating a scatter list can
result in an overflow in the kzalloc() call (if num_elem is 0, the
sglist will be smaller than expected), or if num_elem is unexpectedly
large the subsequent loop will call alloc_pages() repeatedly, a high
number of pages will be allocated and the OOM killer might be invoked.

Prevent this value from being negative in pmcraid_ioctl_passthrough().

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Cc: Anil Ravindranath <anil_ravindranath@pmc-sierra.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-04-24 12:15:07 -05:00
James Bottomley
86cbfb5607 [SCSI] put stricter guards on queue dead checks
SCSI uses request_queue->queuedata == NULL as a signal that the queue
is dying.  We set this state in the sdev release function.  However,
this allows a small window where we release the last reference but
haven't quite got to this stage yet and so something will try to take
a reference in scsi_request_fn and oops.  It's very rare, but we had a
report here, so we're pushing this as a bug fix

The actual fix is to set request_queue->queuedata to NULL in
scsi_remove_device() before we drop the reference.  This causes
correct automatic rejects from scsi_request_fn as people who hold
additional references try to submit work and prevents anything from
getting a new reference to the sdev that way.

Cc: stable@kernel.org
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-04-24 11:02:17 -05:00
Mike Snitzer
0b8393578c [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path
Commit db422318cb ([SCSI] scsi_dh:
propagate SCSI device deletion) introduced a regression where the device
reference is not dropped prior to scsi_dh_activate's early return from
the error path.

Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@kernel.org # 2.6.38
Reviewed-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-04-24 11:02:09 -05:00
Dan Rosenberg
a1f74ae82d [SCSI] mpt2sas: prevent heap overflows and unchecked reads
At two points in handling device ioctls via /dev/mpt2ctl, user-supplied
length values are used to copy data from userspace into heap buffers
without bounds checking, allowing controllable heap corruption and
subsequently privilege escalation.

Additionally, user-supplied values are used to determine the size of a
copy_to_user() as well as the offset into the buffer to be read, with no
bounds checking, allowing users to read arbitrary kernel memory.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Acked-by: Eric Moore <eric.moore@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-04-24 11:01:59 -05:00
François Romieu
953a12cc28 r8169: don't request firmware when there's no userspace.
The firmware is cached during the first successfull call to open() and
released once the network device is unregistered. The driver uses the
cached firmware between open() and unregister_netdev().

So far the firmware is optional : a failure to load the firmware does
not prevent open() to success. It is thus necessary to 1) unregister
all 816x / 810[23] devices and 2) force a driver probe to issue a new
firmware load.

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Fixed-by: Ciprian Docan <docan@eden.rutgers.edu>
Cc: Realtek linux nic maintainers <nic_swsd@realtek.com>
2011-04-24 17:42:57 +02:00
Jian Peng
270dac35c2 libata: ahci_start_engine compliant to AHCI spec
At the end of section 10.1 of AHCI spec (rev 1.3), it states

Software shall not set PxCMD.ST to 1 until it is determined that
a functoinal device is present on the port as determined by
PxTFD.STS.BSY=0, PxTFD.STS.DRQ=0 and PxSSTS.DET=3h

Even though most AHCI host controller works without this check,
specific controller will fail under this condition.

Signed-off-by: Jian Peng <jipeng2005@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:35:40 -04:00
Igor Plyatov
792d37af35 ata: pata_at91.c bugfix for initial_timing initialisation
The "struct ata_timing" must contain 10 members, but ".dmack_hold" member was
forgotten for "initial_timing" initialisation. This patch fixes such a problem.

Signed-off-by: Igor Plyatov <plyatov@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:34:06 -04:00
Igor Plyatov
9719b8f5bc ata: pata_at91.c bugfix for high master clock
The AT91SAM9 microcontrollers with master clock higher then 105 MHz
and PIO0, have overflow of the NCS_RD_PULSE value in the MSB. This
lead to "NCS_RD_PULSE" pulse longer then "NRD_CYCLE" pulse and driver
does not detect ATA device.

Signed-off-by: Igor Plyatov <plyatov@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:34:06 -04:00
Seth Heasley
181e3ceaba ahci: AHCI-mode SATA patch for Intel Panther Point DeviceIDs
The previously submitted patch was word-wrapped.

This patch adds the AHCI-mode SATA DeviceIDs for the Intel Panther Point PCH.

Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:34:05 -04:00
Seth Heasley
4a836c701a ata_piix: IDE-mode SATA patch for Intel Panther Point DeviceIDs
The previously submitted patch was word-wrapped.

This patch adds the IDE-mode SATA DeviceIDs for the Intel Panther
Point PCH.

Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:34:05 -04:00
Jeff Mahoney
d69cf28cd2 libata: Pioneer DVR-216D can't do SETXFER
Commit 4a5610a04d fixed an issue with
 the Pioneer DVR-212D not handling SETXFER correctly. An openSUSE user
 reported a similar issue with his DVR-216D that the NOSETXFER horkage
 worked around for him as well.

 This patch adds the DVR-216D (1.08) to the horkage list for NOSETXFER.

 The issue was reported at:
 https://bugzilla.novell.com/show_bug.cgi?id=679143

Reported-by: Volodymyr Kyrychenko <vladimir.kirichenko@gmail.com>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:34:05 -04:00
Maxime Bizon
7b3a24c57d ahci: don't enable port irq before handler is registered
The ahci_pmp_attach() & ahci_pmp_detach() unmask port irqs, but they
are also called during port initialization, before ahci host irq
handler is registered. On ce4100 platform, this sometimes triggers
"irq 4: nobody cared" message when loading driver.

Fixed this by not touching the register if the port is in frozen
state, and mark all uninitialized port as frozen.

Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: stable@kernel.org
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:34:05 -04:00
Tejun Heo
ae01b2493c libata: Implement ATA_FLAG_NO_DIPM and apply it to mcp65
NVIDIA mcp65 familiy of controllers cause command timeouts when DIPM
is used.  Implement ATA_FLAG_NO_DIPM and apply it.

This problem was reported by Stefan Bader in the following thread.

 http://thread.gmane.org/gmane.linux.ide/48841

stable: applicable to 2.6.37 and 38.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Stefan Bader <stefan.bader@canonical.com>
Cc: stable@kernel.org
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:32:16 -04:00
Hannes Reinecke
6e5fe5b12c ahci: EM supported message type sysfs attribute
This patch adds an sysfs attribute 'em_message_supported' to the
ahci host device which prints out the supported enclosure management
message types.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-04-24 11:31:31 -04:00
Linus Torvalds
686c4cbb10 Merge branch 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
  PM: Add missing syscore_suspend() and syscore_resume() calls
  PM: Fix error code paths executed after failing syscore_suspend()
2011-04-23 22:35:16 -07:00
Vladislav Zolotarov
e39aece7d4 bnx2x: fix UDP csum offload
Fixed packets parameters for FW in UDP checksum offload flow.

Do not dereference TCP headers on non TCP frames.
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>

Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-23 15:13:17 -07:00
Linus Torvalds
0f1d9f78ce Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6
* 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
  tty/n_gsm: fix bug in CRC calculation for gsm1 mode
  serial/imx: read cts state only after acking cts change irq
  parport_pc.c: correctly release the requested region for the IT887x
2011-04-22 16:19:19 -07:00
Neil Horman
13f172ff26 netconsole: fix deadlock when removing net driver that netconsole is using (v2)
A deadlock was reported to me recently that occured when netconsole was being
used in a virtual guest.  If the virtio_net driver was removed while netconsole
was setup to use an interface that was driven by that driver, the guest
deadlocked.  No backtrace was provided because netconsole was the only console
configured, but it became clear pretty quickly what the problem was.  In
netconsole_netdev_event, if we get an unregister event, we call
__netpoll_cleanup with the target_list_lock held and irqs disabled.
__netpoll_cleanup can, if pending netpoll packets are waiting call
cancel_delayed_work_sync, which is a sleeping path.  the might_sleep call in
that path gets triggered, causing a console warning to be issued.  The
netconsole write handler of course tries to take the target_list_lock again,
which we already hold, causing deadlock.

The fix is pretty striaghtforward.  Simply drop the target_list_lock and
re-enable irqs prior to calling __netpoll_cleanup, the re-acquire the lock, and
restart the loop.  Confirmed by myself to fix the problem reported.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-22 14:33:51 -07:00
David S. Miller
1ed3aad141 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2011-04-22 13:21:38 -07:00
Tim Gardner
cb77183871 atl1c: Fix work event interrupt/task races
The mechanism used to initiate work events from the interrupt
handler has a classic read/modify/write race between the interrupt
handler that sets the condition, and the worker task that reads and
clears the condition. Close these races by using atomic
bit fields.

Cc: stable@kernel.org
Cc: Jie Yang <jie.yang@atheros.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-21 21:04:32 -07:00
Ivan Vecera
e74fbd0302 be2net: increment work_counter in be_worker
The commit 609ff3b ("be2net: add code to display temperature of ASIC")
adds support to display temperature of ASIC but there is missing
increment of work_counter in be_worker. Because of this 1) the
function be_cmd_get_die_temperature is called every 1 second instead
of every 32 seconds 2) be_cmd_get_die_temperature is called, although
it is not supported.  This patch fixes this bug.

Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-21 17:36:00 -07:00
Andrea Galbusera
e2a85aeceb powerpc: Fix multicast problem in fs_enet driver
mac-fec.c was setting individual UDP address registers instead of multicast
group address registers when joining a multicast group.
This prevented from correctly receiving UDP multicast packets.
According to datasheet, replaced hash_table_high and hash_table_low
with grp_hash_table_high and grp_hash_table_low respectively.
Also renamed hash_table_* with grp_hash_table_* in struct fec declaration
for 8xx: these registers are used only for multicast there.

Tested on a MPC5121 based board.
Build tested also against mpc866_ads_defconfig.

Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-21 16:59:30 -07:00
Linus Torvalds
91e8549bde Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd
  block: don't propagate unlisted DISK_EVENTs to userland
  elevator: check for ELEVATOR_INSERT_SORT_MERGE in !elvpriv case too
2011-04-21 10:50:56 -07:00
Tejun Heo
7eec77a181 ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd
check_events() implementations in both ide-gd and ide-cd are
inadequate for in-kernel event polling.  Both generate media change
events continuously when certain conditions are met causing infinite
event loop between the driver and userland event handler.

As disk event now supports suppression of unlisted events, simply
de-listing DISK_EVENT_MEDIA_CHANGE from disk->events resolves the
problem.  Internal handling around media revalidation will behave the
same while userland will fall back to userland event polling after
detecting the device doesn't support disk events.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Jens Axboe <jaxboe@fusionio.com>
Acked-by: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
2011-04-21 19:43:59 +02:00
Randy Dunlap
d76c8420c3 raid5: fix build error, sector_t usage
Change <sectors> from unsigned long long to sector_t.
This matches its source field.

  ERROR: "__udivdi3" [drivers/md/raid456.ko] undefined!

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-04-21 10:00:00 -07:00
Linus Torvalds
83425eee85 Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
  virtio: console: Enable call to hvc_remove() on console port remove
  virtio_pci: Prevent double-free of pci regions after device hot-unplug
  virtio: Decrement avail idx on buffer detach
2011-04-21 09:58:42 -07:00
Linus Torvalds
8ed54bd565 Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  agp: fix arbitrary kernel memory writes
  agp: fix OOM and buffer overflow
  drm/radeon/kms: fix IH writeback on r6xx+ on big endian machines
2011-04-21 09:57:56 -07:00
Linus Torvalds
25b210371f Merge branch 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux-2.6
* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/keithp/linux-2.6:
  drm/i915: Initialise g4x watermarks for disabled pipes
  drm/i915: Sanitize the output registers after resume
  drm/i915/tv: Fix modeset flickering introduced in 7f58aabc3
  drm/i915/tv: Only poll for TV connections
  drm/i915/tv: Remember the detected TV type
2011-04-21 09:57:13 -07:00
Linus Torvalds
ec616048ea Merge git://git.infradead.org/iommu-2.6
* git://git.infradead.org/iommu-2.6:
  intel_iommu: disable all VT-d PMRs when TXT launched
  intel-iommu: Fix get_domain_for_dev() error path
  intel-iommu: Unlink domain from iommu
  intel-iommu: Fix use after release during device attach
2011-04-21 09:56:35 -07:00
Amit Shah
afa2689e19 virtio: console: Enable call to hvc_remove() on console port remove
This call was disabled as hot-unplugging one virtconsole port led to
another virtconsole port freezing.

Upon testing it again, this now works, so enable it.

In addition, a bug was found in qemu wherein removing a port of one type
caused the guest output from another port to stop working.  I doubt it
was just this bug that caused it (since disabling the hvc_remove() call
did allow other ports to continue working), but since it's all solved
now, we're fine with hot-unplugging of virtconsole ports.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-04-21 22:57:00 +09:30
Amit Shah
31a3ddda16 virtio_pci: Prevent double-free of pci regions after device hot-unplug
In the case where a virtio-console port is in use (opened by a program)
and a virtio-console device is removed, the port is kept around but all
the virtio-related state is assumed to be gone.

When the port is finally released (close() called), we call
device_destroy() on the port's device.  This results in the parent
device's structures to be freed as well.  This includes the PCI regions
for the virtio-console PCI device.

Once this is done, however, virtio_pci_release_dev() kicks in, as the
last ref to the virtio device is now gone, and attempts to do

     pci_iounmap(pci_dev, vp_dev->ioaddr);
     pci_release_regions(pci_dev);
     pci_disable_device(pci_dev);

which results in a double-free warning.

Move the code that releases regions, etc., to the virtio_pci_remove()
function, and all that's now left in release_dev is the final freeing of
the vp_dev.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-04-21 22:57:00 +09:30
Amit Shah
b3258ff1d6 virtio: Decrement avail idx on buffer detach
When detaching a buffer from a vq, the avail.idx value should be
decremented as well.

This was noticed by hot-unplugging a virtio console port and then
plugging in a new one on the same number (re-using the vqs which were
just 'disowned').  qemu reported

   'Guest moved used index from 0 to 256'

when any IO was attempted on the new port.

CC: stable@kernel.org
Reported-by: juzhang <juzhang@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-04-21 22:57:00 +09:30
Joseph Cihula
51a63e67da intel_iommu: disable all VT-d PMRs when TXT launched
Intel VT-d Protected Memory Regions (PMRs) are supposed to be disabled,
on each VT-d engine, after DMA remapping is enabled on the engines.
This is because the behavior of having both enabled is not deterministic
and because, if TXT has been used to launch the kernel, the PMRs may be
programmed to cover memory regions that will be used for DMA.

Under some circumstances (certain quirks detected, lack of multiple
devices, etc.), the current code does not set up DMA remapping on some
VT-d engines.  In such cases it also skips disabling the PMRs.  This
causes failures when the kernel is launched with TXT (most often this
occurs on the graphics engine and results in colored vertical bars on
the display).

This patch detects when the kernel has been launched with TXT and then
disables the PMRs on all VT-d engines.  In some cases where the reason
that remapping is not being enabled is due to possible ACPI DMAR table
errors, the VT-d engine addresses may not be correct and thus not able
to be safely programmed even to disable PMRs.  Because part of the TXT
launch process is the verification of these addresses, it will always be
safe to disable PMRs if the TXT launch has succeeded and hence only
doing this in such cases.

Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2011-04-21 13:51:40 +01:00
Markus Trippelsdorf
4949603a6f EDAC: Remove debugging output in scrub rate handling
This patch removes superfluous debugging output in the sysfs scrub rate
handler. It also consolidates the error handling in the scrub rate
accessors.

Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
2011-04-21 12:44:58 +02:00
Vasiliy Kulikov
194b3da873 agp: fix arbitrary kernel memory writes
pg_start is copied from userspace on AGPIOC_BIND and AGPIOC_UNBIND ioctl
cmds of agp_ioctl() and passed to agpioc_bind_wrap().  As said in the
comment, (pg_start + mem->page_count) may wrap in case of AGPIOC_BIND,
and it is not checked at all in case of AGPIOC_UNBIND.  As a result, user
with sufficient privileges (usually "video" group) may generate either
local DoS or privilege escalation.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-21 12:16:55 +10:00
Vasiliy Kulikov
b522f02184 agp: fix OOM and buffer overflow
page_count is copied from userspace.  agp_allocate_memory() tries to
check whether this number is too big, but doesn't take into account the
wrap case.  Also agp_create_user_memory() doesn't check whether
alloc_size is calculated from num_agp_pages variable without overflow.
This may lead to allocation of too small buffer with following buffer
overflow.

Another problem in agp code is not addressed in the patch - kernel memory
exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls).  It is not checked
whether requested pid is a pid of the caller (no check in agpioc_reserve_wrap()).
Each allocation is limited to 16KB, though, there is no per-process limit.
This might lead to OOM situation, which is not even solved in case of the
caller death by OOM killer - the memory is allocated for another (faked) process.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-21 11:51:04 +10:00
Linus Torvalds
584f790467 Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging:
  hwmon: (max34440) Add driver documentation
  hwmon: (max16064) Add driver documentation
  hwmon: (max8688) Add driver documentation
  hwmon: (pmbus) Documentation updates
  hwmon: (smm665) Fix spelling error in driver documentation
  hwmon: (pmbus) Removed unused variable from struct pmbus_data
  hwmon: Add submitting-patches checklist to documentation
2011-04-20 18:18:19 -07:00
Linus Torvalds
d09571059b Merge branch 'for-linus' of git://neil.brown.name/md
* 'for-linus' of git://neil.brown.name/md:
  md: Update documentation for sync_min and sync_max entries
  md: Cleanup after raid45->raid0 takeover
  md: Fix dev_sectors on takeover from raid0 to raid4/5
  md/raid5: remove setting of ->queue_lock
2011-04-20 17:40:02 -07:00
Stanislaw Gruszka
069f40fc07 iwl4965: fix skb usage after free
Since

commit a120e912eb
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link, making bisection of other problems impossible.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-20 16:05:59 -04:00
Stanislaw Gruszka
b25026981a iwlwifi: fix skb usage after free
Since

commit a120e912eb
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link.

Cc: stable@kernel.org # 2.6.32+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-20 16:05:59 -04:00
Linus Torvalds
73aa86825f Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  block: Remove the extra check in queue_requests_store
  block, blk-sysfs: Fix an err return path in blk_register_queue()
  block: remove stale kerneldoc member from __blk_run_queue()
  block: get rid of QUEUE_FLAG_REENTER
  cfq-iosched: read_lock() does not always imply rcu_read_lock()
  block: kill blk_flush_plug_list() export
2011-04-20 09:48:52 -07:00
Linus Walleij
9cf3b5fa6f rtc: fix coh901331 startup crash
The rtc_device_register() call has changed semantics so that it
will immediately call out to rtc_read_alarm() and since the
callbacks require the drvdata to be set, we need to set it before
the registration call to avoid NULL dereference.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2011-04-20 18:46:56 +02:00
Jiri Bohac
2430af8b7f bonding: 802.3ad - fix agg_device_up
The slave member of struct aggregator does not necessarily point
to a slave which is part of the aggregator. It points to the
slave structure containing the aggregator structure, while
completely different slaves (or no slaves at all) may be part of
the aggregator.

The agg_device_up() function wrongly uses agg->slave to find the state
of the aggregator.  Use agg->lag_ports->slave instead. The bug has
been introduced by commit 4cd6fe1c64
("bonding: fix link down handling in 802.3ad mode").

Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-20 01:44:43 -07:00
Breno Leitao
6f4d6dc167 ehea: Fix a DLPAR bug on ehea_rereg_mrs().
We are currently continuing if ehea_restart_qps() fails, when we
do a memory DLPAR (remove or add more memory to the system).

This patch just let the NAPI disabled if the ehea_restart_qps()
fails.

Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-20 01:41:26 -07:00
Stefan Weinhuber
c7a29e56f0 [S390] dasd: check sense type in device change handler
When evaluating sense data in dasd_eckd_check_for_device_change, we
must always check for the type of sense data in byte 27, bit 0, to
make sure that the rest of the sense data is interpreted correctly.

Signed-off-by: Stefan Weinhuber <wein@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-04-20 10:15:44 +02:00
Jan Glauber
bffbbd2df4 [S390] qdio: reset error states immediately
The qdio hardware may surpress further interrupts as long as a SBAL is in
the error state. That can lead to unnotified data in the SBALs following
the error state. To prevent this behaviour change the SBAL[s] in error
state immediately to another program owned state so interrupts are again
received for further traffic on the device.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-04-20 10:15:43 +02:00
Stefan Weinhuber
65f8da4759 [S390] dasd: fix race between open and offline
The dasd_open function uses the private_data pointer of the gendisk to
find the dasd_block structure that matches the gendisk. When a DASD
device is set offline, we set the private_data pointer of the gendisk
to NULL and later remove the dasd_block structure, but there is still
a small race window, in which dasd_open could first read a pointer
from the private_data field and then try to use it, after the structure
has already been freed.
To close this race window, we will store a pointer to the dasd_devmap
structure of the base device in the private_data field. The devmap
entries are not deleted, and we already have proper locking and
reference counting in place, so that we can safely get from a devmap
pointer to the dasd_device and dasd_block structures of the device.

Signed-off-by: Stefan Weinhuber <wein@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-04-20 10:15:43 +02:00
Krzysztof Wojcik
fee68723cf md: Cleanup after raid45->raid0 takeover
Problem:
After raid4->raid0 takeover operation, another takeover operation
(e.g raid0->raid10) results "kernel oops".
Root cause:
Variables 'degraded' in mddev structure is not cleared
on raid45->raid0 takeover.

This patch reset this variable.

Signed-off-by: Krzysztof Wojcik <krzysztof.wojcik@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
2011-04-20 15:39:53 +10:00
NeilBrown
3b71bd9337 md: Fix dev_sectors on takeover from raid0 to raid4/5
A raid0 array doesn't set 'dev_sectors' as each device might
contribute a different number of sectors.
So when converting to a RAID4 or RAID5 we need to set dev_sectors
as they need the number.
We have already verified that in fact all devices do contribute
the same number of sectors, so use that number.

Signed-off-by: NeilBrown <neilb@suse.de>
2011-04-20 15:38:18 +10:00
NeilBrown
2b7da309ff md/raid5: remove setting of ->queue_lock
We previously needed to set ->queue_lock to match the raid5
device_lock so we could safely use queue_flag_* operations (e.g. for
plugging). which test the ->queue_lock is in fact locked.

However that need has completely gone away and is unlikely to come
back to remove this now-pointless setting.

Signed-off-by: NeilBrown <neilb@suse.de>
2011-04-20 15:38:07 +10:00
Linus Torvalds
2f666bcf75 Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms: pll tweaks for r7xx
  drm/nouveau: fix allocation of notifier object
  drm/nouveau: fix notifier memory corruption bug
  drm/nouveau: fix pinning of notifier block
  drm/nouveau: populate ttm_alloced with false, when it's not
  drm/nouveau: fix nv30 pcie boards
  drm/nouveau: split ramin_lock into two locks, one hardirq safe
  drm/radeon/kms: adjust evergreen display watermark setup
  drm/radeon/kms: add connectors even if i2c fails
  drm/radeon/kms: fix bad shift in atom iio table parser
2011-04-19 18:32:57 -07:00
Cédric Cano
204ae24dc7 drm/radeon/kms: fix IH writeback on r6xx+ on big endian machines
agd5f: fix commit message.

Signed-off-by: Cedric Cano <ccano@interfaceconcept.com>
Reviewed-by: Michel Dänzer <michel@daenzer.net>
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-20 10:45:21 +10:00
Alex Deucher
5785e53ffa drm/radeon/kms: pll tweaks for r7xx
Prefer min m to max p only on pre-r7xx asics.

Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=36197

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
2011-04-20 09:39:37 +10:00
Mikhail Kshevetskiy
9db4e4381a tty/n_gsm: fix bug in CRC calculation for gsm1 mode
Problem description:
  gsm_queue() calculate a CRC for arrived frames. As a last step of
  CRC calculation it call

    gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);

  This work perfectly for the case of GSM0 mode as gsm->received_fcs
  contain the last piece of data required to generate final CRC.

  gsm->received_fcs is not used for GSM1 mode. Thus we put an
  additional byte to CRC calculation. As result we get a wrong CRC
  and reject incoming frame.

Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@gmail.com>
Acked-by: Alan Cox <alan@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-19 16:38:50 -07:00
Uwe Kleine-König
5680e94148 serial/imx: read cts state only after acking cts change irq
If cts changes between reading the level at the cts input (USR1_RTSS)
and acking the irq (USR1_RTSD) the last edge doesn't generate an irq and
uart_handle_cts_change is called with a outdated value for cts.

The race was introduced by commit

	ceca629 ([ARM] 2971/1: i.MX uart handle rts irq)

Reported-by: Arwed Springer <Arwed.Springer@de.trumpf.com>
Tested-by: Arwed Springer <Arwed.Springer@de.trumpf.com>
Cc: stable@kernel.org # 2.6.14+
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-19 16:36:25 -07:00
Niels de Vos
0f6db2172f parport_pc.c: correctly release the requested region for the IT887x
Replace release_resource() by release_region() and also fix the
inconsistency in the size of the requested/released region.

The size of the resource should be 32, not 0x8 like it was corrected in
commit e7c310c36e already.

CC: linux-serial@vger.kernel.org
Reported-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-19 16:36:24 -07:00
Marcin Slusarz
e4ac93bf3c drm/nouveau: fix allocation of notifier object
Commit 73412c3854 ("drm/nouveau: allocate
kernel's notifier object at end of block") intended to align end of
notifier block to page boundary, but start of block was miscalculated
to be off by -16 bytes. Fix it.

Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Cc: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2011-04-20 08:51:34 +10:00
Marcin Slusarz
a18d89ca02 drm/nouveau: fix notifier memory corruption bug
nouveau_bo_wr32 expects offset to be in words, but we pass value in bytes,
so after commit 73412c3854 ("drm/nouveau: allocate
kernel's notifier object at end of block") we started to overwrite some memory
after notifier buffer object (previously m2mf_ntfy was always 0, so it didn't
matter it was a value in bytes).

Reported-by: Dominik Brodowski <linux@dominikbrodowski.net>
Reported-by: Nigel Cunningham <lkml@nigelcunningham.com.au>
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Cc: Ben Skeggs <bskeggs@redhat.com>
Cc: Pekka Paalanen <pq@iki.fi>
Cc: stable@kernel.org    [2.6.38]
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2011-04-20 08:51:31 +10:00
Ben Skeggs
11dea1a214 drm/nouveau: fix pinning of notifier block
Problem introduced with commit 6ba9a68317

Reported-by: Bob Gleitsmann <rjgleits@bellsouth.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2011-04-20 08:51:23 +10:00