Commit Graph

169096 Commits

Author SHA1 Message Date
Julia Lawall cc9a2c8301 arch/alpha/kernel: Add kmalloc NULL tests
Check that the result of kmalloc is not NULL before passing it to other
functions.

The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@
expression *x;
identifier f;
constant char *C;
@@

x = \(kmalloc\|kcalloc\|kzalloc\)(...);
... when != x == NULL
    when != x != NULL
    when != (x || ...)
(
kfree(x)
f(...,C,...,x,...)
|
*f(...,x,...)
|
*x->f
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Matt Turner <mattst88@gmail.com>
2009-11-30 15:38:19 -05:00
Julia Lawall 04d8a9db89 arch/alpha/kernel/sys_ruffian.c: Use DIV_ROUND_CLOSEST
The kernel.h macro DIV_ROUND_CLOSEST performs the computation (x + d/2)/d
but is perhaps more readable.

The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@haskernel@
@@

@depends on haskernel@
expression x,__divisor;
@@

- (((x) + ((__divisor) / 2)) / (__divisor))
+ DIV_ROUND_CLOSEST(x,__divisor)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Matt Turner <mattst88@gmail.com>
2009-11-30 15:37:25 -05:00
Pete Eberlein e49bd72f9c V4L/DVB (13372): staging/go7007: fix mutex function usage for s2250
Fix mutex function usage, which was overlooked in a previous patch.

Signed-off-by: Pete Eberlein <pete@sensoray.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-30 17:49:15 -02:00
Mauro Carvalho Chehab 7924326fef staging/go7007: Fix compilation by re-adding the missing s2250-loader.h
As pointed by Stefan Lippers-Hollmann <s.L-H@gmx.de>,

Commit:	fd9a40da1d broke s2250
compilation.

This patch re-adds the missing s2250-loader.h

Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-30 17:37:20 -02:00
Johannes Berg 827d42c9ac mac80211: fix spurious delBA handling
Lennert Buytenhek noticed that delBA handling in mac80211
was broken and has remotely triggerable problems, some of
which are due to some code shuffling I did that ended up
changing the order in which things were done -- this was

  commit d75636ef9c
  Author: Johannes Berg <johannes@sipsolutions.net>
  Date:   Tue Feb 10 21:25:53 2009 +0100

    mac80211: RX aggregation: clean up stop session

and other parts were already present in the original

  commit d92684e660
  Author: Ron Rindjunsky <ron.rindjunsky@intel.com>
  Date:   Mon Jan 28 14:07:22 2008 +0200

      mac80211: A-MPDU Tx add delBA from recipient support

The first problem is that I moved a BUG_ON before various
checks -- thereby making it possible to hit. As the comment
indicates, the BUG_ON can be removed since the ampdu_action
callback must already exist when the state is != IDLE.

The second problem isn't easily exploitable but there's a
race condition due to unconditionally setting the state to
OPERATIONAL when a delBA frame is received, even when no
aggregation session was ever initiated. All the drivers
accept stopping the session even then, but that opens a
race window where crashes could happen before the driver
accepts it. Right now, a WARN_ON may happen with non-HT
drivers, while the race opens only for HT drivers.

For this case, there are two things necessary to fix it:
 1) don't process spurious delBA frames, and be more careful
    about the session state; don't drop the lock

 2) HT drivers need to be prepared to handle a session stop
    even before the session was really started -- this is
    true for all drivers (that support aggregation) but
    iwlwifi which can be fixed easily. The other HT drivers
    (ath9k and ar9170) are behaving properly already.

Reported-by: Lennert Buytenhek <buytenh@marvell.com>
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-11-30 13:55:51 -05:00
Johannes Berg 4253119acf mac80211: fix two remote exploits
Lennert Buytenhek noticed a remotely triggerable problem
in mac80211, which is due to some code shuffling I did
that ended up changing the order in which things were
done -- this was in

  commit d75636ef9c
  Author: Johannes Berg <johannes@sipsolutions.net>
  Date:   Tue Feb 10 21:25:53 2009 +0100

    mac80211: RX aggregation: clean up stop session

The problem is that the BUG_ON moved before the various
checks, and as such can be triggered.

As the comment indicates, the BUG_ON can be removed since
the ampdu_action callback must already exist when the
state is OPERATIONAL.

A similar code path leads to a WARN_ON in
ieee80211_stop_tx_ba_session, which can also be removed.

Cc: stable@kernel.org [2.6.29+]
Cc: Lennert Buytenhek <buytenh@marvell.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-11-30 13:52:21 -05:00
Gertjan van Wingerde e3a41d7b99 .gitignore: Add bzip2 compressed files
We can have bzip2 compressed images nowadays.

Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-30 08:39:36 -08:00
Helge Deller 33a932d143 parisc: fix unwind with recent gcc versions
kernel unwinding is broken with gcc >= 4.x.  Part of the problem is that
binutils seems very sensitive to where the unwind information is stored.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-30 08:20:24 -08:00
Russell King 8ee763b9c8 ALSA: AACI: fix recording bug
pcm->r[1].slots is the double rate slot information, not the
capture information.  For capture, 'pcm' will already be the
capture ac97 pcm structure.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-30 14:50:55 +01:00
Russell King 4acd57c3de ALSA: AACI: fix AC97 multiple-open bug
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-30 14:50:53 +01:00
Takashi Iwai 77a9d3eb77 Merge branch 'fix/asoc' into fix/misc 2009-11-30 14:50:37 +01:00
David S. Miller 0cae200eec b44: Fix wedge when using netconsole.
Fixes kernel bugzilla #14691

Due to the way netpoll works, it is perfectly legal to see
NAPI already scheduled when new device events are pending
in b44_interrupt().

So logging a message about it is wrong and in fact harmful.

Based upon a patch by Andreas Mohr.

Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-30 00:13:28 -08:00
Dan Carpenter 40be261dfd wan: cosa: drop chan->wsem on error path
The other paths all drop chan->wsem.  This was found by a static
checker (smatch).

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-30 00:06:51 -08:00
Florian Fainelli 3c91c7ae84 ep93xx-eth: check for zero MAC address on probe, not on device open
If we happen to have registered the driver without passing
a MAC address, we will print a zero MAC address and register
the interface with this invalid address, this is confusin. This
patch moves the checking of a valid ethernet address and the
generation of a random one down from the open function to
the probe function.

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Acked-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:50:32 -08:00
Russell King - ARM Linux d5ccd67bb7 NET: smc91x: Fix irq flags
smc91x.h defines SMC_IRQ_FLAGS to be -1 when it wants the interrupt
flags to be taken from the resource structure.  However, d280ead
changed this to checking for non-zero resource flags.

Unfortunately, this means that on some platforms, we end up passing
'-1' to request_irq rather than the desired result.  Combine the two
conditions into one so that the IRQ flags are taken from the resource
if either SMC_IRQ_FLAGS is -1 or the resource flags specify an
interrupt trigger.

This restores network on at least the Versatile platform.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Eric Miao <eric.y.miao@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:47:14 -08:00
Steve Glendinning 6c53b1b15e smsc9420: prevent BUG() if ethtool is called with interface down
This patch fixes a null pointer dereference BUG() if ethtool is used on
an smsc9420 interface while it is down, because the phy_dev is only
allocated while the interface is up.

Signed-off-by: Steve Glendinning <steve.glendinning@smsc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:14:45 -08:00
Ivan Vecera cc098dc705 r8169: restore mac addr in rtl8169_remove_one and rtl_shutdown
The newer chipsets (all PCI-E) are known that they need full power cycle
(AC or battery removal) to reset MAC address to a  hardwired one. Previous
patch to address this problem loads the original MAC address from EEPROM.
But it brought other problem for which it is necessary to introduce a new
module parameter.
However, it might suffice to restore the initial MAC address before
shutdown/reboot/kexec and when removing the module.

Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:12:52 -08:00
David Ford bbf31bf18d ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr OOPS
ipv4 ip_frag_reasm(), fully replace 'dev_net(dev)' with 'net', defined
previously patched into 2.6.29.

Between 2.6.28.10 and 2.6.29, net/ipv4/ip_fragment.c was patched,
changing from dev_net(dev) to container_of(...).  Unfortunately the goto
section (out_fail) on oversized packets inside ip_frag_reasm() didn't
get touched up as well.  Oversized IP packets cause a NULL pointer
dereference and immediate hang.

I discovered this running openvasd and my previous email on this is
titled:  NULL pointer dereference at 2.6.32-rc8:net/ipv4/ip_fragment.c:566

Signed-off-by: David Ford <david@blue-labs.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 23:02:22 -08:00
Roger Oksanen 98468efddb e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation failure
pci_alloc_consistent uses GFP_ATOMIC allocation that may fail on some systems
with limited memory (Bug #14265). pci_pool_alloc allows waiting with
GFP_KERNEL.

Tested-by: Karol Lewandowski <karol.k.lewandowski@gmail.com>
Signed-off-by: Roger Oksanen <roger.oksanen@cs.helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 17:17:29 -08:00
Alan Stern 862f89b3d4 PM: fix irq enable/disable in runtime PM code
This patch (as1305) fixes a bug in the irq-enable settings and removes
some related overhead in the runtime PM code.

	In __pm_runtime_resume(), within the scope of the original
	spin_lock_irq(), we know that irqs are disabled.  There's no
	reason to go through a pair of enable/disable cycles when
	acquiring and releasing the parent's lock.

	In __pm_runtime_set_status(), irqs are already disabled when
	the parent's lock is acquired, and they must remain disabled
	when it is released.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2009-11-29 16:51:27 +01:00
Andrei Pelinescu-Onciul 5fdd4baef6 sctp: on T3_RTX retransmit all the in-flight chunks
When retransmitting due to T3 timeout, retransmit all the
in-flight chunks for the corresponding  transport/path, including
chunks sent less then 1 rto ago.
This is the correct behaviour according to rfc4960 section 6.3.3
E3 and
"Note: Any DATA chunks that were sent to the address for which the
 T3-rtx timer expired but did not fit in one MTU (rule E3 above)
 should be marked for retransmission and sent as soon as cwnd
 allows (normally, when a SACK arrives). ".

This fixes problems when more then one path is present and the T3
retransmission of the first chunk that timeouts stops the T3 timer
for the initial active path, leaving all the other in-flight
chunks waiting forever or until a new chunk is transmitted on the
same path and timeouts (and this will happen only if the cwnd
allows sending new chunks, but since cwnd was dropped to MTU by
the timeout => it will wait until the first heartbeat).

Example: 10 packets in flight, sent at 0.1 s intervals on the
primary path. The primary path is down and the first packet
timeouts. The first packet is retransmitted on another path, the
T3 timer for the primary path is stopped and cwnd is set to MTU.
All the other 9 in-flight packets will not be retransmitted
(unless more new packets are sent on the primary path which depend
on cwnd allowing it, and even in this case the 9 packets will be
retransmitted only after a new packet timeouts which even in the
best case would be more then RTO).

This commit reverts d0ce92910b and
also removes the now unused transport->last_rto, introduced in
 b6157d8e03.

p.s  The problem is not only when multiple paths are there.  It
can happen in a single homed environment.  If the application
stops sending data, it possible to have a hung association.

Signed-off-by: Andrei Pelinescu-Onciul <andrei@iptel.org>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-29 00:14:02 -08:00
Alan Cox 361c95119a V4L/DVB (13530): Fix wrong parameter order in memset
Edwin Török found the following:

In function ‘memset’,
inlined from ‘ir_input_init’ at drivers/media/common/ir-functions.c:67:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters
memset(ir->ir_codes, sizeof(ir->ir_codes), 0);

In actual practice the only caller I can find happens to already have cleared
the buffer before calling ir_input_init.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-27 18:50:43 -02:00
Hans Verkuil 9807362e47 V4L/DVB (13481): sh_mobile_ceu_camera: fix compile warning
Trivial fix for this compile warning:

v4l/sh_mobile_ceu_camera.c:1789: warning: label 'exit_free_irq' defined but not used

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-27 18:27:49 -02:00
Robert Lowery 0bc3518019 V4L/DVB (13436): cxusb: Fix hang on DViCO FusionHDTV DVB-T Dual Digital 4 (rev 1)
Address yet another regression introduced by the introduction of the zl10353
disable_i2c_gate field.

djh - I unmangled the patch which apparently got screwed up in the user's
email client.

Signed-off-by: Robert Lowery <rglowery@exemail.com.au>
Signed-off-by: Devin Heitmueller <dheitmueller@kernellabs.com>
CC: stable@kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-27 18:27:48 -02:00
Geert Uytterhoeven d02b217a71 V4L/DVB (13412): SMS_SIANO_MDTV should depend on HAS_DMA
When building for Sun 3:

drivers/built-in.o: In function `smscore_unregister_device':
drivers/media/dvb/siano/smscoreapi.c:723: undefined reference to `dma_free_coherent'
drivers/built-in.o: In function `smscore_register_device':
drivers/media/dvb/siano/smscoreapi.c:365: undefined reference to `dma_alloc_coherent'

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-27 18:27:46 -02:00
Anuj Aggarwal e9ff5eb2ae ASoC: AIC23: Fixing infinite loop in resume path
This patch fixes two issues:
a) Infinite loop in resume function
b) Writes to non-existing registers in resume function

Cc: stable@kernel.org
Signed-off-by: Anuj Aggarwal <anuj.aggarwal@ti.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2009-11-27 16:45:42 +00:00
Csaba Henk 1b7323965a fuse: reject O_DIRECT flag also in fuse_create
The comment in fuse_open about O_DIRECT:

  "VFS checks this, but only _after_ ->open()"

also holds for fuse_create, however, the same kind of check was missing there.

As an impact of this bug, open(newfile, O_RDWR|O_CREAT|O_DIRECT) fails, but a
stub newfile will remain if the fuse server handled the implied FUSE_CREATE
request appropriately.

Other impact: in the above situation ima_file_free() will complain to open/free
imbalance if CONFIG_IMA is set.

Signed-off-by: Csaba Henk <csaba@gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Harshavardhana <harsha@gluster.com>
Cc: stable@kernel.org
2009-11-27 16:37:13 +01:00
Olivier Lorin 4b3fa3c486 V4L/DVB (13372a): MAINTAINERS: addition of gspca_gl860 driver
MAINTAINERS: addition of gspca_gl860 driver

- addition of gspca_gl860 driver

Signed-off-by: Olivier Lorin <o.lorin@laposte.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-26 19:38:04 -02:00
Hans Verkuil 934949d816 V4L/DVB (13371): davinci: remove stray duplicate config pointer
The vpif_config struct was renamed to vpif_display_config, but there
is still a stray vpif_config *config pointer in vpif_display.c, preventing
it from compiling.

Remove this old duplicate pointer.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-26 19:38:04 -02:00
Antti Palosaari 28f4ddd1e8 V4L/DVB (13366): em28xx: fix Reddo DVB-C USB TV Box GPIO
Set device GPIOs only once. There is no need for .dvb_gpio to select
between analog and digital because device is digital only.

Signed-off-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-26 19:38:03 -02:00
Kuninori Morimoto 055e05a08b V4L/DVB (13345): soc-camera: sh_mobile_ceu_camera: call pm_runtime_disable
pm_runtime_disable is needed if it failed or removed

Signed-off-by: Kuninori Morimoto <morimoto.kuninori@renesas.com>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-26 19:38:03 -02:00
Guennadi Liakhovetski 64ff9ba5f1 V4L/DVB (13344): soc-camera: properly initialise the device object when reusing
Commit ef373189f62413803b7b816c972fc154c488cdc0 "fix use-after-free Oops,
resulting from a driver-core API change" fixed the Oops, but didn't correct
missing device object initialisation. This patch makes unloading and reloading
of soc-camera host- and client-drivers possible again.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-26 19:38:02 -02:00
Guennadi Liakhovetski f39c1ab3c3 V4L/DVB (13343): v4l: add more missing linux/sched.h includes
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-26 19:38:02 -02:00
Hans Verkuil 3addbb8075 V4L/DVB (13321): radio-gemtek-pci: fix double mutex_lock
Double mutexlock found by the Linux Driver Verification project and
reported by Alexander Strakh.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
CC: stable@kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-11-26 19:38:01 -02:00
Alexey Kuznetsov 4e46bf8997 [SCSI] fix crash when disconnecting usb storage
__scsi_remove_device() in scsi_forget_host() is executed out of scan_mutex
and races with scsi_destroy_sdev() <- scsi_sysfs_add_devices() <-
scsi_finish_async_scan().  The result is use after free and/or double
free, oops.

The fix is simple, move scsi_forget_host() under scan_mutex.

scsi_forget_host() is just sequence of __scsi_remove_device().  All
another calls of __scsi_remove_device() are made under scan_mutex.  So
that it is safe.

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2009-11-26 10:04:22 -06:00
James Bottomley 860dc73608 [SCSI] fix async scan add/remove race resulting in an oops
Async scanning introduced a very wide window where the SCSI device is
up and running but has not yet been added to sysfs.  We delay the
adding until all scans have completed to retain the same ordering as
sync scanning.

This delay in visibility causes an oops if a device is removed before
we make it visible because the SCSI removal routines have an inbuilt
assumption that if a device is in SDEV_RUNNING state, it must be
visible (which is not necessarily true in the async scanning case).

Fix this by introducing an additional is_visible flag which we can use
to condition the tear down so we do the right thing for running but
not yet made visible.

Reported-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2009-11-26 09:43:39 -06:00
Martin K. Petersen 3bf3583b6a [SCSI] sd: Return correct error code for DIF
sd_dif.c was not updated to return -EILSEQ, leading to error handling
failures in applications which provide their own integrity metadata (as
opposed to being protected by the block layer functions).

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2009-11-26 08:54:46 -06:00
Wolfram Sang 4d29196c53 at24: Use timeout also for read
Writes may take some time on EEPROMs, so for consecutive writes, we already
have a loop waiting for the EEPROM to become ready. Use such a loop for reads,
too, in case somebody wants to immediately read after a write. Detailed bug
report and test case can be found here:

http://article.gmane.org/gmane.linux.drivers.i2c/4660

Reported-by: Aleksandar Ivanov <ivanov.aleks@gmail.com>
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Tested-by: Aleksandar Ivanov <ivanov.aleks@gmail.com>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
2009-11-26 09:22:33 +01:00
Jean Delvare bbd2d9c919 i2c: Fix userspace_device list corruption
Fix userspace_device list corruption. The corruption was caused by
clients not being removed when adapters with such clients were
themselves removed. Something like the following would trigger it
(assuming i2c-stub gets adapter number 3):

# modprobe i2c-stub chip_addr=0x50
# echo 24c08 0x50 > /sys/bus/i2c/devices/i2c-3/new_device 
# rmmod i2c-stub
# modprobe i2c-stub chip_addr=0x50
# echo 24c08 0x50 > /sys/bus/i2c/devices/i2c-3/new_device 

For the records, the stack trace in the kernel logs look like this:

kernel: WARNING: at lib/list_debug.c:30 __list_add+0x8b/0x90()
kernel: Hardware name: (...)
kernel: list_add corruption. prev->next should be next (c137fc84), but was (null). (prev=f57111b8).
kernel: Modules linked in: (...)
kernel: Pid: 4669, comm: bash Not tainted 2.6.32-rc8 #259
kernel: Call Trace:
kernel:  [<c111eb8b>] ? __list_add+0x8b/0x90
kernel:  [<c111eb8b>] ? __list_add+0x8b/0x90
kernel:  [<c103265c>] warn_slowpath_common+0x6c/0xc0
kernel:  [<c111eb8b>] ? __list_add+0x8b/0x90
kernel:  [<c10326f6>] warn_slowpath_fmt+0x26/0x30
kernel:  [<c111eb8b>] __list_add+0x8b/0x90
kernel:  [<c11ba165>] i2c_sysfs_new_device+0x1c5/0x250
kernel:  [<c10861be>] ? might_fault+0x2e/0x80
kernel:  [<c11b9fa0>] ? i2c_sysfs_new_device+0x0/0x250
kernel:  [<c118c625>] dev_attr_store+0x25/0x30
kernel:  [<c10e305c>] sysfs_write_file+0x9c/0xf0
kernel:  [<c109d35c>] vfs_write+0x9c/0x160
kernel:  [<c10e2fc0>] ? sysfs_write_file+0x0/0xf0
kernel:  [<c109d4dd>] sys_write+0x3d/0x70
kernel:  [<c1002ed8>] sysenter_do_call+0x12/0x36

Signed-off-by: Jean Delvare <khali@linux-fr.org>
2009-11-26 09:22:33 +01:00
Jean Delvare 03b70d625c MAINTAINERS: Add missing i2c files
Add missing header files to the i2c subsystem section.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
2009-11-26 09:22:32 +01:00
Michele Jr De Candia 5f5bfb09d8 i2c/tsl2550: Fix lux value in extended mode
According to the TAOS Application Note 'Controlling a Backlight with
the TSL2550 Ambient Light Sensor' (page 14), the actual lux value in
extended mode should be obtained multiplying the calculated lux value
by 5.

Signed-off-by: Michele Jr De Candia <michele.decandia@valueteam.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
2009-11-26 09:22:32 +01:00
Samuel Thibault 46a965462a Input: keyboard - fix braille keyboard keysym generation
Keysyms stored in key_map[] are not simply K() values, but U(K()) values,
as can be seen in the KDSKBENT ioctl handler.  The kernel-generated
braille keysyms thus need a U() call too.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
2009-11-25 23:05:17 -08:00
Hemant Pedanekar 28c1969ff8 ide: fix ioctl to pass requested transfer mode to ide_find_dma_mode instead of UDMA6
Currently, ide_cmd_ioctl when invoked for setting DMA transfer mode calls
ide_find_dma_mode with requested mode as XFER_UDMA_6. This prevents setting DMA
mode to any other value than the default (maximum) supported by the device (or
UDMA6, if supported) irrespective of the actual requested transfer mode and
returns error.

For example, setting mode to UDMA2 using hdparm, where UDMA4 is the default
transfer mode gives following error:
	# ./hdparm -d1 -Xudma2  /dev/hda
	 /dev/hda:hda: UDMA/66 mode selected
	 setting using_dma to 1 (on)
	 hda: UDMA/66 mode selected
	 setting xfermode to 66 (UltraDMA mode2)
	 HDIO_DRIVE_CMD(setxfermode) failed: Invalid argument
	 using_dma     =  1 (on)

This patch fixes the issue.

Signed-off-by: Hemant Pedanekar <hemantp@ti.com>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-25 15:04:54 -08:00
Russell King 3fcca9ac6c Merge branch 'mach-types' 2009-11-25 22:17:55 +00:00
Russell King 9faf3c1d0d [ARM] Update mach-types
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-11-25 22:17:36 +00:00
Chris Wilson ca9ab10033 drm/i915: Select CONFIG_SHMEM
The driver requires shmfs as the backing filesystem to handle the buffer
objects, so ensure it is selected if the user chooses to build our
driver.

Fixes: Bug 14662 - Dell E5500 kernel panic with KMS
http://bugzilla.kernel.org/show_bug.cgi?id=14662

The revealing nature of the panic is the NULL function pointer
dereference in read_cache_page_async().

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reported-and-tested-by: Mateusz Kaduk <mateusz.kaduk@gmail.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Cc: stable@kernel.org
2009-11-25 12:27:42 -08:00
Zhenyu Wang 8e9e0eea99 drm/i915: Fix CRT hotplug detect by checking really no channels attached
For CRT hotplug detect status, we have four test results as blue
channel only, green channel only, both blue and green channel, and
no channel attached. Origin code only marks both blue and green channel
case as connected, but ignore other possible connected states. This one
trys to detect CRT by checking no channel attached case instead.

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
2009-11-25 12:10:18 -08:00
Graf Yang aa23531ce5 Blackfin: fix SMP build error in start_thread()
Commit d5ce528c8e (Blackfin: convert irq/process to asm-generic)
incorrectly merged the smp and non-smp cases of start_thread() causing the
L1 stack to be setup on the SMP port instead of the UP port.

Signed-off-by: Graf Yang <graf.yang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-11-25 02:38:01 -05:00
Roel Kluin 05bad36ce7 Blackfin: fix memset in smp_send_reschedule() and -stop()
To set zeroes the sizeof the struct should be used rather
than sizeof the pointer, kzalloc does that.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-11-25 02:35:45 -05:00
Jie Zhang 46b60faf8c Blackfin: fix typo in ptrace poking
Commit c014e15a2f (Blackfin: convert ptrace to new memory functions)
introduced a copy & paste typo in the ptrace poke data/text handling.  The
access_process_vm() function call was telling it to read instead of write.

Signed-off-by: Jie Zhang <jie.zhang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-11-25 02:35:43 -05:00