Commit Graph

169329 Commits

Author SHA1 Message Date
Chris Wilson d271817bae drm/i915: Avoid NULL dereference with component_only tv_modes
In commit d2d9f2324, the guard for a valid video mode was removed. This
caused the regression:

  kernel crash during kms graphic boot on Intel GM4500 platform
  https://bugzilla.redhat.com/show_bug.cgi?id=540218

This patches changes the logic slightly not to rely on a coupled
variable, but to just check whether the video_modes is valid before
dereferencing.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Zhenyu Wang <zhenyu.z.wang@intel.com>
[ickle: Actually reference the correct bug report]
Acked-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
2009-11-30 15:16:32 -08:00
Linus Torvalds 5ebacb2712 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vapier/blackfin
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vapier/blackfin:
  Blackfin: fix SMP build error in start_thread()
  Blackfin: fix memset in smp_send_reschedule() and -stop()
  Blackfin: fix typo in ptrace poking
  Blackfin: check for anomaly 05000475
  Blackfin: work around testset anomaly 05000477
  Blackfin: update anomaly lists
  Blackfin: fix cache Kconfig typo
  Blackfin: fix suspend/resume failure with some on-chip ROMs
2009-11-30 14:51:29 -08:00
Linus Torvalds 99d7832c0e Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  [CIFS] Fix sparse warning
  [CIFS] Duplicate data on appending to some Samba servers
  [CIFS] fix oops in cifs_lookup during net boot
2009-11-30 14:51:01 -08:00
Linus Torvalds af5fdf8064 Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging
* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  at24: Use timeout also for read
  i2c: Fix userspace_device list corruption
  MAINTAINERS: Add missing i2c files
  i2c/tsl2550: Fix lux value in extended mode
2009-11-30 14:50:44 -08:00
Linus Torvalds 07a6d5a49c Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm
* 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] Update mach-types
  ARM: 5793/1: ARM: Check put_user fail in do_signal when enable OABI_COMPAT
  MAINTAINERS: add maintainer information for AMBA primecell drivers
  [ARM] pxa/spitz: fix compile regression on spitz
  ARM: PNX4008: i2c-pnx: use the same dev_id for request_irq and free_irq
  [ARM] pxa/cpufreq: fix index assignments for end marker
  ARM: PNX4008: fix watchdog device driver name
  [ARM] kmap: fix build errors with DEBUG_HIGHMEM enabled
2009-11-30 14:50:01 -08:00
Linus Torvalds b4297b0119 Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc: Fix DEBUG_HIGHMEM build break from d451564669
2009-11-30 14:49:39 -08:00
Becky Bruce e8105903d7 powerpc: Fix DEBUG_HIGHMEM build break from d451564669
Code was added to mm/higmem.c that depends on several
kmap types that powerpc does not support.  We add dummy
invalid definitions for KM_NMI, KM_NM_PTE, and KM_IRQ_PTE.

According to list discussion, this fix should not be needed
anymore starting with 2.6.33.  The code is commented to this
effect so hopefully we will remember to remove this.

Signed-off-by: Becky Bruce <beckyb@kernel.crashing.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2009-12-01 09:33:45 +11:00
Linus Torvalds a8a84540eb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6:
  ide: fix ioctl to pass requested transfer mode to ide_find_dma_mode instead of UDMA6
2009-11-30 14:02:34 -08:00
Linus Torvalds ffece4808d Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  sunsu: Use sunserial_console_termios() in sunsu_console_setup().
  sunsu: Pass true 'ignore_line' to console match when RSC or LOM console.
  serial: suncore: Fix RSC/LOM handling in sunserial_console_termios().
  serial: suncore: Add 'ignore_line' argument to sunserial_console_match().
  sunsu: Fix detection of SU ports which are RSC console or control.
  sunsab: Do not set sunsab_reg.cons right before registering minors.
  sparc64: Fix definition of VMEMMAP_SIZE.
2009-11-30 14:02:23 -08:00
Linus Torvalds cd79bf7b1c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (42 commits)
  b44: Fix wedge when using netconsole.
  wan: cosa: drop chan->wsem on error path
  ep93xx-eth: check for zero MAC address on probe, not on device open
  NET: smc91x: Fix irq flags
  smsc9420: prevent BUG() if ethtool is called with interface down
  r8169: restore mac addr in rtl8169_remove_one and rtl_shutdown
  ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr OOPS
  e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation failure
  sctp: on T3_RTX retransmit all the in-flight chunks
  pktgen: Fix netdevice unregister
  macvlan: fix gso_max_size setting
  rfkill: fix miscdev ops
  ath9k: set ps_default as false
  hso: fix soft-lockup
  hso: fix debug routines
  pktgen: Fix device name compares
  stmmac: do not fail when the timer cannot be used.
  stmmac: fixed a compilation error when use the external timer
  netfilter: xt_limit: fix invalid return code in limit_mt_check()
  Au1x00: fix crash when trying register_netdev()
  ...
2009-11-30 14:01:36 -08:00
Linus Torvalds d0964c37b5 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: reject O_DIRECT flag also in fuse_create
2009-11-30 14:00:09 -08:00
Linus Torvalds ff961c68b1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: keyboard - fix braille keyboard keysym generation
2009-11-30 13:59:51 -08:00
Linus Torvalds 432983d261 Merge branch 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
  PM: fix irq enable/disable in runtime PM code
2009-11-30 13:58:50 -08:00
Linus Torvalds f8a2cee091 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: ohci: pass correct iso xmit timestamps to core
  firewire: ohci: Make cycleMatch ISO transmission work
2009-11-30 13:58:23 -08:00
Linus Torvalds a5e63931fd Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6:
  V4L/DVB (13372): staging/go7007: fix mutex function usage for s2250
  staging/go7007: Fix compilation by re-adding the missing s2250-loader.h
  V4L/DVB (13530): Fix wrong parameter order in memset
  V4L/DVB (13481): sh_mobile_ceu_camera: fix compile warning
  V4L/DVB (13436): cxusb: Fix hang on DViCO FusionHDTV DVB-T Dual Digital 4 (rev 1)
  V4L/DVB (13412): SMS_SIANO_MDTV should depend on HAS_DMA
  V4L/DVB (13372a): MAINTAINERS: addition of gspca_gl860 driver
  V4L/DVB (13371): davinci: remove stray duplicate config pointer
  V4L/DVB (13366): em28xx: fix Reddo DVB-C USB TV Box GPIO
  V4L/DVB (13345): soc-camera: sh_mobile_ceu_camera: call pm_runtime_disable
  V4L/DVB (13344): soc-camera: properly initialise the device object when reusing
  V4L/DVB (13343): v4l: add more missing linux/sched.h includes
  V4L/DVB (13321): radio-gemtek-pci: fix double mutex_lock
2009-11-30 13:58:01 -08:00
Linus Torvalds 9709652703 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel:
  drm/i915: Select CONFIG_SHMEM
  drm/i915: Fix CRT hotplug detect by checking really no channels attached
  agp/intel: new host bridge support
  drm/i915: Add more registers save/restore for Ironlake suspend
  drm/i915: Fix IRQ stall issue on Ironlake
  drm/i915: HDMI hardware workaround for Ironlake
  drm/i915: Fix and cleanup DPLL calculation for Ironlake
  drm/i915: Avoid potential sleep whilst holding spinlock
2009-11-30 13:57:19 -08:00
Linus Torvalds b54eb1795c Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  cciss: make device attrs static
  Thaw refrigerated bdi flusher threads before invoking kthread_stop on them
2009-11-30 13:57:03 -08:00
Linus Torvalds 0bb3246265 Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
  acerhdf: return temperature in milidegree instead of degree
  thinkpad-acpi: fix detection of old ThinkPads
  thinkpad-acpi: fix sign of ERESTARTSYS return
  ACPI: Add Thinkpad T400, T500 to OSI(Linux) white-list
  ACPICA: Silence the warning about _BIF returning the buffer
  ACPI: DMI init_set_sci_en_on_resume for HP-Compaq C700
2009-11-30 13:56:21 -08:00
Linus Torvalds 1486b2014a Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq:
  [CPUFREQ] Enable ACPI PDC handshake for VIA/Centaur CPUs
2009-11-30 13:55:48 -08:00
Linus Torvalds 6c49e2700f Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: AACI: fix recording bug
  ALSA: AACI: fix AC97 multiple-open bug
  ASoC: AIC23: Fixing infinite loop in resume path
  ASoC: Fix suspend with active audio streams
2009-11-30 13:55:20 -08:00
Linus Torvalds 23e041dbaa Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/fb: fix FBIOGET/PUT_VSCREENINFO pixel clock handling
  drm: make sure page protections are updated after changing vm_flags
  drm/radeon/kms: Report vga connector is connected according to ddc_probe
  drm: mm always protect change to unused_nodes with unused_lock spinlock
  drm/radeon/kms: Disable TV load detect on RS400,RC410,RS480
  drm/radeon/kms: read back register before writing in IIO.
  drm/radeon/kms: fix handling of d1/d2 vga
  drm: work around EDIDs with bad htotal/vtotal values
  drm/radeon/kms: resume AGP by calling init.
2009-11-30 13:54:10 -08:00
Linus Torvalds f507334503 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx:
  shdma: fix initialization error handling
  ioat3: fix pq completion versus channel deallocation race
  async_tx: build-time toggling of async_{syndrome,xor}_val dma support
  dmaengine: include xor/pq validate in device_has_all_tx_types()
  ioat2,3: report all uncorrectable errors
  ioat3: specify valid address for disabled-Q or disabled-P
  ioat2,3: disable asynchronous error notifications
  ioat3: dca and raid operations are incompatible
  ioat: silence "dca disabled" messages
2009-11-30 13:53:53 -08:00
Linus Torvalds 50b767d0ba Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  Staging: octeon-ethernet: Assign proper MAC addresses.
  Staging: Octeon: Use symbolic values for irq numbers.
  MIPS: Octeon: Fix compile error in drivers/staging/octeon/ethernet-mdio.c
2009-11-30 13:53:14 -08:00
David Woodhouse 199bc9ff5c jffs2: Fix memory corruption in jffs2_read_inode_range()
In 2.6.23 kernel, commit a32ea1e1f9
("Fix read/truncate race") fixed a race in the generic code, and as a
side effect, now do_generic_file_read() can ask us to readpage() past
the i_size. This seems to be correctly handled by the block routines
(e.g. block_read_full_page() fills the page with zeroes in case if
somebody is trying to read past the last inode's block).

JFFS2 doesn't handle this; it assumes that it won't be asked to read
pages which don't exist -- and thus that there will be at least _one_
valid 'frag' on the page it's being asked to read. It will fill any
holes with the following memset:

  memset(buf, 0, min(end, frag->ofs + frag->size) - offset);

When the 'closest smaller match' returned by jffs2_lookup_node_frag() is
actually on a previous page and ends before 'offset', that results in:

  memset(buf, 0, <huge unsigned negative>);

Hopefully, in most cases the corruption is fatal, and quickly causing
random oopses, like this:

  root@10.0.0.4:~/ltp-fs-20090531# ./testcases/kernel/fs/ftest/ftest01
  Unable to handle kernel paging request for data at address 0x00000008
  Faulting instruction address: 0xc01cd980
  Oops: Kernel access of bad area, sig: 11 [#1]
  [...]
  NIP [c01cd980] rb_insert_color+0x38/0x184
  LR [c0043978] enqueue_hrtimer+0x88/0xc4
  Call Trace:
  [c6c63b60] [c004f9a8] tick_sched_timer+0xa0/0xe4 (unreliable)
  [c6c63b80] [c0043978] enqueue_hrtimer+0x88/0xc4
  [c6c63b90] [c0043a48] __run_hrtimer+0x94/0xbc
  [c6c63bb0] [c0044628] hrtimer_interrupt+0x140/0x2b8
  [c6c63c10] [c000f8e8] timer_interrupt+0x13c/0x254
  [c6c63c30] [c001352c] ret_from_except+0x0/0x14
  --- Exception: 901 at memset+0x38/0x5c
      LR = jffs2_read_inode_range+0x144/0x17c
  [c6c63cf0] [00000000] (null) (unreliable)

This patch fixes the issue, plus fixes all LTP tests on NAND/UBI with
JFFS2 filesystem that were failing since 2.6.23 (seems like the bug
above also broke the truncation).

Reported-By: Anton Vorontsov <avorontsov@ru.mvista.com>
Tested-By: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-30 13:52:40 -08:00
Geert Uytterhoeven c69f677cc8 fbdev: Migrate mailing lists to vger
The fbdev mailing lists at SourceForge have been migrated to a single
mailing list at kernel.org: linux-fbdev@vger.kernel.org.

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-30 13:46:04 -08:00
Linus Torvalds 9f1680794f Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-2.6-kconfig
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-2.6-kconfig:
  kconfig: Fix make O=<dir> local{mod,yes}config
2009-11-30 13:45:22 -08:00
Linus Torvalds 7d34f46426 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  sata_fsl: Split hard and soft reset
2009-11-30 13:43:30 -08:00
Linus Torvalds 6e80133f7f Merge git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-2.6-fscache
* git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-2.6-fscache: (31 commits)
  FS-Cache: Provide nop fscache_stat_d() if CONFIG_FSCACHE_STATS=n
  SLOW_WORK: Fix GFS2 to #include <linux/module.h> before using THIS_MODULE
  SLOW_WORK: Fix CIFS to pass THIS_MODULE to slow_work_register_user()
  CacheFiles: Don't log lookup/create failing with ENOBUFS
  CacheFiles: Catch an overly long wait for an old active object
  CacheFiles: Better showing of debugging information in active object problems
  CacheFiles: Mark parent directory locks as I_MUTEX_PARENT to keep lockdep happy
  CacheFiles: Handle truncate unlocking the page we're reading
  CacheFiles: Don't write a full page if there's only a partial page to cache
  FS-Cache: Actually requeue an object when requested
  FS-Cache: Start processing an object's operations on that object's death
  FS-Cache: Make sure FSCACHE_COOKIE_LOOKING_UP cleared on lookup failure
  FS-Cache: Add a retirement stat counter
  FS-Cache: Handle pages pending storage that get evicted under OOM conditions
  FS-Cache: Handle read request vs lookup, creation or other cache failure
  FS-Cache: Don't delete pending pages from the page-store tracking tree
  FS-Cache: Fix lock misorder in fscache_write_op()
  FS-Cache: The object-available state can't rely on the cookie to be available
  FS-Cache: Permit cache retrieval ops to be interrupted in the initial wait phase
  FS-Cache: Use radix tree preload correctly in tracking of pages to be stored
  ...
2009-11-30 13:33:48 -08:00
Julia Lawall cc9a2c8301 arch/alpha/kernel: Add kmalloc NULL tests
Check that the result of kmalloc is not NULL before passing it to other
functions.

The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@
expression *x;
identifier f;
constant char *C;
@@

x = \(kmalloc\|kcalloc\|kzalloc\)(...);
... when != x == NULL
    when != x != NULL
    when != (x || ...)
(
kfree(x)
f(...,C,...,x,...)
|
*f(...,x,...)
|
*x->f
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Matt Turner <mattst88@gmail.com>
2009-11-30 15:38:19 -05:00
Julia Lawall 04d8a9db89 arch/alpha/kernel/sys_ruffian.c: Use DIV_ROUND_CLOSEST
The kernel.h macro DIV_ROUND_CLOSEST performs the computation (x + d/2)/d
but is perhaps more readable.

The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@haskernel@
@@

@depends on haskernel@
expression x,__divisor;
@@

- (((x) + ((__divisor) / 2)) / (__divisor))
+ DIV_ROUND_CLOSEST(x,__divisor)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Matt Turner <mattst88@gmail.com>
2009-11-30 15:37:25 -05:00
Pete Eberlein e49bd72f9c V4L/DVB (13372): staging/go7007: fix mutex function usage for s2250
Fix mutex function usage, which was overlooked in a previous patch.

Signed-off-by: Pete Eberlein <pete@sensoray.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-30 17:49:15 -02:00
Mauro Carvalho Chehab 7924326fef staging/go7007: Fix compilation by re-adding the missing s2250-loader.h
As pointed by Stefan Lippers-Hollmann <s.L-H@gmx.de>,

Commit:	fd9a40da1d broke s2250
compilation.

This patch re-adds the missing s2250-loader.h

Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-30 17:37:20 -02:00
Johannes Berg 827d42c9ac mac80211: fix spurious delBA handling
Lennert Buytenhek noticed that delBA handling in mac80211
was broken and has remotely triggerable problems, some of
which are due to some code shuffling I did that ended up
changing the order in which things were done -- this was

  commit d75636ef9c
  Author: Johannes Berg <johannes@sipsolutions.net>
  Date:   Tue Feb 10 21:25:53 2009 +0100

    mac80211: RX aggregation: clean up stop session

and other parts were already present in the original

  commit d92684e660
  Author: Ron Rindjunsky <ron.rindjunsky@intel.com>
  Date:   Mon Jan 28 14:07:22 2008 +0200

      mac80211: A-MPDU Tx add delBA from recipient support

The first problem is that I moved a BUG_ON before various
checks -- thereby making it possible to hit. As the comment
indicates, the BUG_ON can be removed since the ampdu_action
callback must already exist when the state is != IDLE.

The second problem isn't easily exploitable but there's a
race condition due to unconditionally setting the state to
OPERATIONAL when a delBA frame is received, even when no
aggregation session was ever initiated. All the drivers
accept stopping the session even then, but that opens a
race window where crashes could happen before the driver
accepts it. Right now, a WARN_ON may happen with non-HT
drivers, while the race opens only for HT drivers.

For this case, there are two things necessary to fix it:
 1) don't process spurious delBA frames, and be more careful
    about the session state; don't drop the lock

 2) HT drivers need to be prepared to handle a session stop
    even before the session was really started -- this is
    true for all drivers (that support aggregation) but
    iwlwifi which can be fixed easily. The other HT drivers
    (ath9k and ar9170) are behaving properly already.

Reported-by: Lennert Buytenhek <buytenh@marvell.com>
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-11-30 13:55:51 -05:00
Johannes Berg 4253119acf mac80211: fix two remote exploits
Lennert Buytenhek noticed a remotely triggerable problem
in mac80211, which is due to some code shuffling I did
that ended up changing the order in which things were
done -- this was in

  commit d75636ef9c
  Author: Johannes Berg <johannes@sipsolutions.net>
  Date:   Tue Feb 10 21:25:53 2009 +0100

    mac80211: RX aggregation: clean up stop session

The problem is that the BUG_ON moved before the various
checks, and as such can be triggered.

As the comment indicates, the BUG_ON can be removed since
the ampdu_action callback must already exist when the
state is OPERATIONAL.

A similar code path leads to a WARN_ON in
ieee80211_stop_tx_ba_session, which can also be removed.

Cc: stable@kernel.org [2.6.29+]
Cc: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-11-30 13:52:21 -05:00
Daniel Vetter 9bedb9743f drm/i915: fixup interrupted overlay switch off calls
When switching to interruptible sleeps in the overlay code, I've
forgotten to recover from interruptions at one site.  This
resulted in the overlay still running when it should have been
switched off. This in turn caused a hang on resume because it
tried to disable the (not-running) overlay in preparation for the
resume modeset.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=24980
Tested-by: maximlevitsky@gmail.com

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Eric Anholt <eric@anholt.net>
2009-11-30 09:50:57 -08:00
Daniel Vetter 12ca45fea9 drm/i915: overlay: extract some duplicated code
I've suspected some bug there wrt to suspend, but that was not
the case. Clean up the code anyway.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Eric Anholt <eric@anholt.net>
2009-11-30 09:44:23 -08:00
Shaohua Li 2644487781 drm/i915: remove Pineview EOS protection support
HW guys have an evaluation about the impact about EOS, and say the impact
is quite small, so they have removed EOS detection support. This patch
removes EOS feature.

revert commit 0430296558
directly reverting it gives a hunk error, so please use this one.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
[anholt: fixed up commit message for update that the feature's really gone]
2009-11-30 09:42:12 -08:00
Shaohua Li 311089d3d3 drm/i915: use msleep for intel_wait_for_vblank
20ms delay is quite big and the routine isn't called in atomic context.
better use msleep to let other tasks run. This can reduce cpu time used
by Xorg, so potentially boost boot.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
2009-11-30 09:39:57 -08:00
Gertjan van Wingerde e3a41d7b99 .gitignore: Add bzip2 compressed files
We can have bzip2 compressed images nowadays.

Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-30 08:39:36 -08:00
Helge Deller 33a932d143 parisc: fix unwind with recent gcc versions
kernel unwinding is broken with gcc >= 4.x.  Part of the problem is that
binutils seems very sensitive to where the unwind information is stored.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-30 08:20:24 -08:00
Russell King 8ee763b9c8 ALSA: AACI: fix recording bug
pcm->r[1].slots is the double rate slot information, not the
capture information.  For capture, 'pcm' will already be the
capture ac97 pcm structure.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-30 14:50:55 +01:00
Russell King 4acd57c3de ALSA: AACI: fix AC97 multiple-open bug
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-30 14:50:53 +01:00
Takashi Iwai 77a9d3eb77 Merge branch 'fix/asoc' into fix/misc 2009-11-30 14:50:37 +01:00
David S. Miller 0cae200eec b44: Fix wedge when using netconsole.
Fixes kernel bugzilla #14691

Due to the way netpoll works, it is perfectly legal to see
NAPI already scheduled when new device events are pending
in b44_interrupt().

So logging a message about it is wrong and in fact harmful.

Based upon a patch by Andreas Mohr.

Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-30 00:13:28 -08:00
Dan Carpenter 40be261dfd wan: cosa: drop chan->wsem on error path
The other paths all drop chan->wsem.  This was found by a static
checker (smatch).

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-30 00:06:51 -08:00
Florian Fainelli 3c91c7ae84 ep93xx-eth: check for zero MAC address on probe, not on device open
If we happen to have registered the driver without passing
a MAC address, we will print a zero MAC address and register
the interface with this invalid address, this is confusin. This
patch moves the checking of a valid ethernet address and the
generation of a random one down from the open function to
the probe function.

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Acked-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:50:32 -08:00
Russell King - ARM Linux d5ccd67bb7 NET: smc91x: Fix irq flags
smc91x.h defines SMC_IRQ_FLAGS to be -1 when it wants the interrupt
flags to be taken from the resource structure.  However, d280ead
changed this to checking for non-zero resource flags.

Unfortunately, this means that on some platforms, we end up passing
'-1' to request_irq rather than the desired result.  Combine the two
conditions into one so that the IRQ flags are taken from the resource
if either SMC_IRQ_FLAGS is -1 or the resource flags specify an
interrupt trigger.

This restores network on at least the Versatile platform.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Eric Miao <eric.y.miao@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:47:14 -08:00
Steve Glendinning 6c53b1b15e smsc9420: prevent BUG() if ethtool is called with interface down
This patch fixes a null pointer dereference BUG() if ethtool is used on
an smsc9420 interface while it is down, because the phy_dev is only
allocated while the interface is up.

Signed-off-by: Steve Glendinning <steve.glendinning@smsc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:14:45 -08:00
Ivan Vecera cc098dc705 r8169: restore mac addr in rtl8169_remove_one and rtl_shutdown
The newer chipsets (all PCI-E) are known that they need full power cycle
(AC or battery removal) to reset MAC address to a  hardwired one. Previous
patch to address this problem loads the original MAC address from EEPROM.
But it brought other problem for which it is necessary to introduce a new
module parameter.
However, it might suffice to restore the initial MAC address before
shutdown/reboot/kexec and when removing the module.

Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:12:52 -08:00
David Ford bbf31bf18d ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr OOPS
ipv4 ip_frag_reasm(), fully replace 'dev_net(dev)' with 'net', defined
previously patched into 2.6.29.

Between 2.6.28.10 and 2.6.29, net/ipv4/ip_fragment.c was patched,
changing from dev_net(dev) to container_of(...).  Unfortunately the goto
section (out_fail) on oversized packets inside ip_frag_reasm() didn't
get touched up as well.  Oversized IP packets cause a NULL pointer
dereference and immediate hang.

I discovered this running openvasd and my previous email on this is
titled:  NULL pointer dereference at 2.6.32-rc8:net/ipv4/ip_fragment.c:566

Signed-off-by: David Ford <david@blue-labs.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:02:22 -08:00