Commit Graph

211645 Commits

Author SHA1 Message Date
Linus Torvalds 8fe9793af0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: Initialize total_len in fuse_retrieve()
2010-10-06 09:50:41 -07:00
Antonio Ospite e42dee9a99 HID: hidraw, fix a NULL pointer dereference in hidraw_write
BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
IP: [<ffffffffa0f0a625>] hidraw_write+0x3b/0x116 [hid]
[...]

This is reproducible by disconnecting the device while userspace writes
to dev node in a loop and doesn't check return values in order to exit
the loop.

Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
Cc: stable@kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2010-10-06 11:30:34 +02:00
Antonio Ospite d20d5ffab9 HID: hidraw, fix a NULL pointer dereference in hidraw_ioctl
BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
IP: [<ffffffffa02c66b4>] hidraw_ioctl+0xfc/0x32c [hid]
[...]

This is reproducible by disconnecting the device while userspace does
ioctl in a loop and doesn't check return values in order to exit the
loop.

Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
Cc: stable@kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2010-10-06 11:30:31 +02:00
Eric Dumazet 79315068f4 caif: fix two caif_connect() bugs
caif_connect() might dereference a netdevice after dev_put() it.

It also doesnt check dev_get_by_index() return value and could
dereference a NULL pointer.

Fix it, using RCU to avoid taking a reference.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 20:35:53 -07:00
Neil Horman 27e6f065df bonding: fix WARN_ON when writing to bond_master sysfs file
Fix a WARN_ON failure in bond_masters sysfs file

Got a report of this warning recently

bonding: bond0 is being created...
------------[ cut here ]------------
WARNING: at fs/proc/generic.c:590 proc_register+0x14d/0x185()
Hardware name: ProLiant BL465c G1
proc_dir_entry 'bonding/bond0' already registered
Modules linked in: bonding ipv6 tg3 bnx2 shpchp amd64_edac_mod edac_core
ipmi_si
ipmi_msghandler serio_raw i2c_piix4 k8temp edac_mce_amd hpwdt microcode hpsa
cc
iss radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core [last unloaded:
scsi_wai
t_scan]
Pid: 935, comm: ifup-eth Not tainted 2.6.33.5-124.fc13.x86_64 #1
Call Trace:
[<ffffffff8104b54c>] warn_slowpath_common+0x77/0x8f
[<ffffffff8104b5b1>] warn_slowpath_fmt+0x3c/0x3e
[<ffffffff8114bf0b>] proc_register+0x14d/0x185
[<ffffffff8114c20c>] proc_create_data+0x87/0xa1
[<ffffffffa0211e9b>] bond_create_proc_entry+0x55/0x95 [bonding]
[<ffffffffa0215e5d>] bond_init+0x95/0xd0 [bonding]
[<ffffffff8138cd97>] register_netdevice+0xdd/0x29e
[<ffffffffa021240b>] bond_create+0x8e/0xb8 [bonding]
[<ffffffffa021c4be>] bonding_store_bonds+0xb3/0x1c1 [bonding]
[<ffffffff812aec85>] class_attr_store+0x27/0x29
[<ffffffff8115423d>] sysfs_write_file+0x10f/0x14b
[<ffffffff81101acf>] vfs_write+0xa9/0x106
[<ffffffff81101be2>] sys_write+0x45/0x69
[<ffffffff81009b02>] system_call_fastpath+0x16/0x1b
---[ end trace a677c3f7f8b16b1e ]---
bonding: Bond creation failed.

It happens because a user space writer to bond_master can try to
register an already existing bond interface name.  Fix it by teaching
bond_create to check for the existance of devices with that name first
in cases where a non-NULL name parameter has been passed in

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 20:06:01 -07:00
Mark Brown cf8eda3ef0 ASoC: Update links for Wolfson MAINTAINERS entry
We also have a separate git for audio, and a generic page for all of our
drivers not just the PMICs.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2010-10-05 19:33:34 -07:00
Mark Brown 645a659925 ASoC: Add Dimitris Papastamos to Wolfson maintainers
Add Dimitris Papastamos as a contact for Wolfson device drivers.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
2010-10-05 19:33:09 -07:00
Stephen Rothwell 7c6d45e665 powerpc: remove unused variable
Since powerpc uses -Werror on arch powerpc, the build was broken like
this:

  cc1: warnings being treated as errors
  arch/powerpc/kernel/module.c: In function 'module_finalize':
  arch/powerpc/kernel/module.c:66: error: unused variable 'err'

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-10-05 17:27:54 -07:00
Thomas Hellstrom 1df6a2ebd7 drm/ttm: Fix two race conditions + fix busy codepaths
This fixes a race pointed out by Dave Airlie where we don't take a buffer
object about to be destroyed off the LRU lists properly. It also fixes a rare
case where a buffer object could be destroyed in the middle of an
accelerated eviction.

The patch also adds a utility function that can be used to prematurely
release GPU memory space usage of an object waiting to be destroyed.
For example during eviction or swapout.

The above mentioned commit didn't queue the buffer on the delayed destroy
list under some rare circumstances. It also didn't completely honor the
remove_all parameter.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=615505
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591061

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-10-06 09:04:43 +10:00
Stanislaw Gruszka 392bd0cb00 skge: add quirk to limit DMA
Skge devices installed on some Gigabyte motherboards are not able to
perform 64 dma correctly due to board PCI implementation, so limit
DMA to 32bit if such boards are detected.

Bug was reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=447489

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Tested-by: Luya Tshimbalanga <luya@fedoraproject.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 15:11:40 -07:00
Jeff Kirsher 0d16440135 MAINTAINERS: update Intel LAN Ethernet info
- Add ixgbevf and docs files to the maintainers file

Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 13:28:19 -07:00
Jeff Kirsher da8c01c450 e1000e.txt: Add e1000e documentation
Adds documentation for the e1000e networking driver.

Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 13:28:07 -07:00
Jeff Kirsher 2bff89c3f3 e1000.txt: Update e1000 documentation
Updated the e1000 networking driver documentation.

Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 13:27:31 -07:00
Jeff Kirsher c4b8c01112 ixgbevf.txt: Update ixgbevf documentation
Update the documentation for the ixgbevf (ixgbe virtual
function driver).

Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 13:27:30 -07:00
Linus Torvalds e1d9694cae Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  rcu: rcu_read_lock_bh_held(): disabling irqs also disables bh
  generic-ipi: Fix deadlock in __smp_call_function_single
2010-10-05 13:07:43 -07:00
Matthew Garrett d24a9da573 IPS driver: Fix limit clamping when reducing CPU power
Values here are in internal units rather than Watts, so we shouldn't
perform any conversion.

Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:35 -04:00
Jesse Barnes 96f3823f53 [PATCH 2/2] IPS driver: disable CPU turbo
The undocumented interface we're using for reading CPU power seems to be
overreporting power.  Until we figure out how to correct it, disable CPU
turbo and power reporting to be safe.  This will keep the CPU within default
limits and still allow us to increase GPU frequency as needed.

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:28 -04:00
Jesse Barnes 4fd07ac00d IPS driver: apply BIOS provided CPU limit if different from default
The BIOS may hand us a lower CPU power limit than the default for a
given SKU.  We should use it in case the platform isn't designed to
dissapate the full TDP of a given part.

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:25 -04:00
Andy Whitcroft 070c0ee1ef intel_ips -- ensure we do not enable gpu turbo mode without driver linkage
Both when polling the current turbo status (in poll_turbo_status mode)
and when handling thermal events (in ips_irq_handler) the current status
of GPU turbo is updated to match the hardware status.  However if during
driver initialisation we were unable aquire linkage to the i915 driver
enabling GPU turbo will lead to an oops on the first attempt to determine
GPU busy status.

Ensure that we do not enable GPU turbo unless we have driver linkage.

BugLink: http://bugs.launchpad.net/bugs/632430
Cc: stable@kernel.org
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:21 -04:00
Tim Gardner a8c096adbd intel_ips: Print MCP limit exceeded values.
Print some interesting values when MCP limits
are exceeded.

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Cc: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:17 -04:00
Jesse Barnes eceab272fb IPS driver: verify BIOS provided limits
They're optional.  If not present or sane, we should use the CPU
defaults.

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:14 -04:00
Jesse Barnes 354aeeb1ca IPS driver: don't toggle CPU turbo on unsupported CPUs
If the CPU doesn't support turbo, don't try to enable/disable it.

http://bugzilla.kernel.org/show_bug.cgi?id=18742

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:09 -04:00
minskey guo a7abda8d72 NULL pointer might be used in ips_monitor()
The patch is to create ips_adjust thread before ips_monitor begins
 to run  because the latter will kthread_stop() or wake up the former
 via ips->adjust pointer. Without this change, it is possible that
 ips->adjust is NULL when kthread_stop() or wake_up_process() is
 called in ips_monitor().

Signed-off-by: minskey guo <chaohong.guo@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:06 -04:00
minskey guo fed522f7ea Release symbol on error-handling path of ips_get_i915_syms()
In ips_get_i915_syms(), the symbol i915_gpu_busy() is not released
when error occurs.

Signed-off-by: minskey guo <chaohong.guo@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:59:01 -04:00
minskey guo c21eae4f7c old_cpu_power is wrongly divided by 65535 in ips_monitor()
The variable old_cpu_power is used to save the value of THM_CEC
register. In get_cpu_power(), it will be divided by 65535.

Signed-off-by: minskey guo <chaohong.guo@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:58:57 -04:00
minskey guo 6230d18cc7 seqno mask of THM_ITV register is 16bit
The mask of sequence number in THM_ITV register is 16bit width instead
of 8bit.

Signed-off-by: minskey guo <chaohong.guo@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
2010-10-05 14:58:54 -04:00
Linus Torvalds 39c12be86a Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  perf trace scripting: Fix extern struct definitions
  perf ui hist browser: Fix segfault on 'a' for annotate
  perf tools: Fix build breakage
  perf, x86: Handle in flight NMIs on P4 platform
  oprofile, ARM: Release resources on failure
  oprofile: Add Support for Intel CPU Family 6 / Model 29
2010-10-05 11:57:37 -07:00
Evgeny Kuznetsov 231d0aefd8 wait: using uninitialized member of wait queue
The "flags" member of "struct wait_queue_t" is used in several places in
the kernel code without beeing initialized by init_wait().  "flags" is
used in bitwise operations.

If "flags" not initialized then unexpected behaviour may take place.
Incorrect flags might used later in code.

Added initialization of "wait_queue_t.flags" with zero value into
"init_wait".

Signed-off-by: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@nokia.com>
[ The bit we care about does end up being initialized by both
   prepare_to_wait() and add_to_wait_queue(), so this doesn't seem to
   cause actual bugs, but is definitely the right thing to do -Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-10-05 11:47:18 -07:00
Linus Torvalds 5336377d62 modules: Fix module_bug_list list corruption race
With all the recent module loading cleanups, we've minimized the code
that sits under module_mutex, fixing various deadlocks and making it
possible to do most of the module loading in parallel.

However, that whole conversion totally missed the rather obscure code
that adds a new module to the list for BUG() handling.  That code was
doubly obscure because (a) the code itself lives in lib/bugs.c (for
dubious reasons) and (b) it gets called from the architecture-specific
"module_finalize()" rather than from generic code.

Calling it from arch-specific code makes no sense what-so-ever to begin
with, and is now actively wrong since that code isn't protected by the
module loading lock any more.

So this commit moves the "module_bug_{finalize,cleanup}()" calls away
from the arch-specific code, and into the generic code - and in the
process protects it with the module_mutex so that the list operations
are now safe.

Future fixups:
 - move the module list handling code into kernel/module.c where it
   belongs.
 - get rid of 'module_bug_list' and just use the regular list of modules
   (called 'modules' - imagine that) that we already create and maintain
   for other reasons.

Reported-and-tested-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Adrian Bunk <bunk@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-10-05 11:29:27 -07:00
Hari Kanigeri 0fa035e523 omap: iommu-load cam register before flushing the entry
The flush_iotlb_page is not loading the cam register before flushing
the cam entry. This causes wrong entry to be flushed out from the TLB, and
if the entry happens to be a locked TLB entry it would lead to MMU faults.

The fix is to load the cam register with the address to be flushed before
flushing the TLB entry.

Signed-off-by: Hari Kanigeri <h-kanigeri2@ti.com>
Acked-by: Hiroshi DOYU <Hiroshi.DOYU@nokia.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-10-05 10:22:13 -07:00
Stefano Stabellini 31e7e931cd xen: do not initialize PV timers on HVM if !xen_have_vector_callback
if !xen_have_vector_callback do not initialize PV timer unconditionally
because we still don't know how many cpus are available and if there is
more than one we won't be able to receive the timer interrupts on
cpu > 0.

This patch fixes an hang at boot when Xen does not support vector
callbacks and the guest has multiple vcpus.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
2010-10-05 13:39:23 +01:00
Stefano Stabellini a947f0f8f7 xen: do not set xenstored_ready before xenbus_probe on hvm
Register_xenstore_notifier should guarantee that the caller gets
notified even if xenstore is already up.
Therefore we revert "do not notify callers from
register_xenstore_notifier" and set xenstored_read at the right time for
PV on HVM guests too.
In fact in case of PV on HVM guests xenstored is ready only after the
platform pci driver has completed the initialization, so do not set
xenstored_ready before the call to xenbus_probe().

This patch fixes a shutdown_event watcher registration bug that causes
"xm shutdown" not to work properly.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
2010-10-05 13:37:28 +01:00
Russell King cdaf9a2f28 ARM: fix section mismatch warnings in Versatile Express
WARNING: vmlinux.o(.text+0xbf30): Section mismatch in reference from the function v2m_timer_init() to the function .init.text:sp804_clocksource_init()
The function v2m_timer_init() references
the function __init sp804_clocksource_init().
This is often because v2m_timer_init lacks a __init
annotation or the annotation of sp804_clocksource_init is wrong.

WARNING: vmlinux.o(.text+0xbf3c): Section mismatch in reference from the function v2m_timer_init() to the function .init.text:sp804_clockevents_init()
The function v2m_timer_init() references
the function __init sp804_clockevents_init().
This is often because v2m_timer_init lacks a __init
annotation or the annotation of sp804_clockevents_init is wrong.

WARNING: vmlinux.o(.text+0xc524): Section mismatch in reference from the function ct_ca9x4_init() to the function .init.text:l2x0_init()
The function ct_ca9x4_init() references
the function __init l2x0_init().
This is often because ct_ca9x4_init lacks a __init
annotation or the annotation of l2x0_init is wrong.

WARNING: vmlinux.o(.text+0xc530): Section mismatch in reference from the function ct_ca9x4_init() to the function .init.text:clkdev_add_table()
The function ct_ca9x4_init() references
the function __init clkdev_add_table().
This is often because ct_ca9x4_init lacks a __init
annotation or the annotation of clkdev_add_table is wrong.

WARNING: vmlinux.o(.text+0xc578): Section mismatch in reference from the function ct_ca9x4_init() to the (unknown reference) .init.data:(unknown)
The function ct_ca9x4_init() references
the (unknown reference) __initdata (unknown).
This is often because ct_ca9x4_init lacks a __initdata
annotation or the annotation of (unknown) is wrong.

Fix these by making ct_ca9x4_init() and v2m_timer_init() both __init.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2010-10-05 11:30:40 +01:00
Dan Carpenter 4e18b3edf7 cls_u32: signedness bug
skb_headroom() is unsigned so "skb_headroom(skb) + toff" is also
unsigned and can't be less than zero.  This test was added in 66d50d25:
"u32: negative offset fix"  It was supposed to fix a regression.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-05 00:40:39 -07:00
Dmitry Torokhov f6cd378372 Input: wacom - fix runtime PM related deadlock
When runtime PM is enabled by default for input devices, X hangs in
wacom open:
[<ffffffff814a00ea>] mutex_lock+0x1a/0x40
[<ffffffffa02bc94b>] wacom_resume+0x3b/0x90 [wacom]
[<ffffffff81327a32>] usb_resume_interface+0xd2/0x190
[<ffffffff81327b5d>] usb_resume_both+0x6d/0x110
[<ffffffff81327c24>] usb_runtime_resume+0x24/0x40
[<ffffffff8130a2cf>] __pm_runtime_resume+0x26f/0x450
[<ffffffff8130a23a>] __pm_runtime_resume+0x1da/0x450
[<ffffffff8130a53a>] pm_runtime_resume+0x2a/0x50
[<ffffffff81328176>] usb_autopm_get_interface+0x26/0x60
[<ffffffffa02bc626>] wacom_open+0x36/0x90 [wacom]

wacom_open() takes wacom->lock and calls usb_autopm_get_interface(),
which in turn calls wacom_resume() which tries to acquire the lock
again.

The fix is to call usb_autopm_get_interface() first, before we take
the lock.

Since we do not do usb_autopm_put_interface() until wacom_close()
is called runtime PM is effectively disabled for the driver, however
changing it now would risk regressions so the complete fix will
have to wait till the next merge window.

Reported-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
2010-10-04 22:36:41 -07:00
Gustavo F. Padovan eaa71b318c Bluetooth: Disallow to change L2CAP_OPTIONS values when connected
L2CAP doesn't permit change like MTU, FCS, TxWindow values while the
connection is alive, we can only set that before the
connection/configuration process. That can lead to bugs in the L2CAP
operation.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-10-04 19:28:52 -03:00
Linus Torvalds 2f6b3aa7a5 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6:
  regulator: max8649 - fix setting extclk_freq
  regulator: fix typo in current units
  regulator: fix device_register() error handling
2010-10-04 13:35:48 -07:00
Linus Torvalds 3c06806e69 Merge branch 'merge-powerpc' of git://git.secretlab.ca/git/linux-2.6
* 'merge-powerpc' of git://git.secretlab.ca/git/linux-2.6:
  powerpc/5200: tighten up ac97 reset timing
  powerpc/5200: efika.c: Add of_node_put to avoid memory leak
  powerpc/512x: fix clk_get() return value
2010-10-04 11:45:35 -07:00
Will Deacon ccdf2e1bca ARM: 6412/1: kprobes-decode: add support for MOVW instruction
The MOVW instruction moves a 16-bit immediate into the bottom halfword
of the destination register.

This patch ensures that kprobes leaves the 16-bit immediate intact, rather
than assume a 12-bit immediate and mask out the upper 4 bits.

Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2010-10-04 19:21:37 +01:00
Santosh Shilimkar 7f58217bb6 ARM: 6419/1: mmu: Fix MT_MEMORY and MT_MEMORY_NONCACHED pte flags
The commit f1a2481c0 sets up the default flags for MT_MEMORY and
MT_MEMORY_NONCACHED memory types. L_PTE_USER flag is wrongly
set as default for these entries so remove it. Also adding
the 'L_PTE_WRITE' flag so that these pages become read-write
instead of just being read-only

[this stops them being exposed to userspace, which is the main
concern here --rmk]

Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@ti.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2010-10-04 19:20:18 +01:00
Will Deacon 475d92fc6e ARM: 6416/1: errata: faulty hazard checking in the Store Buffer may lead to data corruption
On the r2p0, r2p1 and r2p2 versions of the Cortex-A9, data corruption
can occur under very rare conditions due to a store buffer optimisation.

This workaround sets a bit in the diagnostic register of the Cortex-A9,
disabling the optimisation and preventing the problem from occurring.

Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2010-10-04 19:20:14 +01:00
Linus Torvalds d9f73afcd3 Merge branch 'fix/misc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'fix/misc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: i2c/other/ak4xx-adda: Fix a compile warning with CONFIG_PROCFS=n
  ALSA: prevent heap corruption in snd_ctl_new()
2010-10-04 11:15:59 -07:00
Linus Torvalds 53d22d886a Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging:
  hwmon: f71882fg: use a muxed resource lock for the Super I/O port
2010-10-04 11:15:06 -07:00
Linus Torvalds 5a4bbd01c8 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq:
  [CPUFREQ] Fix memory leaks in pcc_cpufreq_do_osc
  [CPUFREQ] acpi-cpufreq: add missing __percpu markup
2010-10-04 11:14:21 -07:00
Linus Torvalds 989cd445b4 Merge branch 'merge-spi' of git://git.secretlab.ca/git/linux-2.6
* 'merge-spi' of git://git.secretlab.ca/git/linux-2.6:
  of/spi: Fix OF-style driver binding of spi devices
  spi: spi-gpio.c tests SPI_MASTER_NO_RX bit twice, but not SPI_MASTER_NO_TX
  spi/mpc8xxx: fix buffer overrun on large transfers
2010-10-04 11:13:22 -07:00
Linus Torvalds 4a73a43741 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  vlan: dont drop packets from unknown vlans in promiscuous mode
  Phonet: Correct header retrieval after pskb_may_pull
  um: Proper Fix for f25c80a4: remove duplicate structure field initialization
  ip_gre: Fix dependencies wrt. ipv6.
  net-2.6: SYN retransmits: Add new parameter to retransmits_timed_out()
  iwl3945: queue the right work if the scan needs to be aborted
  mac80211: fix use-after-free
2010-10-04 11:11:01 -07:00
Linus Torvalds c470af0a27 Merge branch 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ickle/drm-intel
* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ickle/drm-intel:
  drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow
  drm/i915: Sanity check pread/pwrite
  drm/i915: Use pipe state to tell when pipe is off
  drm/i915: vblank status not valid while training display port
  drivers/gpu/drm/i915/i915_gem.c: Add missing error handling code
  drm/i915: Fix refleak during eviction.
  drm/i915: fix GMCH power reporting
2010-10-04 11:10:26 -07:00
Hugh Dickins 4e31635c36 ksm: fix bad user data when swapping
Building under memory pressure, with KSM on 2.6.36-rc5, collapsed with
an internal compiler error: typically indicating an error in swapping.

Perhaps there's a timing issue which makes it now more likely, perhaps
it's just a long time since I tried for so long: this bug goes back to
KSM swapping in 2.6.33.

Notice how reuse_swap_page() allows an exclusive page to be reused, but
only does SetPageDirty if it can delete it from swap cache right then -
if it's currently under Writeback, it has to be left in cache and we
don't SetPageDirty, but the page can be reused.  Fine, the dirty bit
will get set in the pte; but notice how zap_pte_range() does not bother
to transfer pte_dirty to page_dirty when unmapping a PageAnon.

If KSM chooses to share such a page, it will look like a clean copy of
swapcache, and not be written out to swap when its memory is needed;
then stale data read back from swap when it's needed again.

We could fix this in reuse_swap_page() (or even refuse to reuse a
page under writeback), but it's more honest to fix my oversight in
KSM's write_protect_page().  Several days of testing on three machines
confirms that this fixes the issue they showed.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-10-04 11:09:53 -07:00
Hugh Dickins 4829b906cc ksm: fix page_address_in_vma anon_vma oops
2.6.36-rc1 commit 21d0d443cd "rmap:
resurrect page_address_in_vma anon_vma check" was right to resurrect
that check; but now that it's comparing anon_vma->roots instead of
just anon_vmas, there's a danger of oopsing on a NULL anon_vma.

In most cases no NULL anon_vma ever gets here; but it turns out that
occasionally KSM, when enabled on a forked or forking process, will
itself call page_address_in_vma() on a "half-KSM" page left over from
an earlier failed attempt to merge - whose page_anon_vma() is NULL.

It's my bug that those should be getting here at all: I thought they
were already dealt with, this oops proves me wrong, I'll fix it in
the next release - such pages are effectively pinned until their
process exits, since rmap cannot find their ptes (though swapoff can).

For now just work around it by making page_address_in_vma() safe (and
add a comment on why that check is wanted anyway).  A similar check
in __page_check_anon_rmap() is safe because do_page_add_anon_rmap()
already excluded KSM pages.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-10-04 11:09:53 -07:00
David Daney 158d6742bc MIPS: Octeon: Place cnmips_cu2_setup in __init memory.
It is an early_initcall, so it should be in __init memory.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1593/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2010-10-04 18:34:00 +01:00