posix-cpu-timers.c correctly assumes that the dying process does
posix_cpu_timers_exit_group() and removes all !CPUCLOCK_PERTHREAD
timers from signal->cpu_timers list.
But, it also assumes that timer->it.cpu.task is always the group
leader, and thus the dead ->task means the dead thread group.
This is obviously not true after de_thread() changes the leader.
After that almost every posix_cpu_timer_ method has problems.
It is not simple to fix this bug correctly. First of all, I think
that timer->it.cpu should use struct pid instead of task_struct.
Also, the locking should be reworked completely. In particular,
tasklist_lock should not be used at all. This all needs a lot of
nontrivial and hard-to-test changes.
Change __exit_signal() to do posix_cpu_timers_exit_group() when
the old leader dies during exec. This is not the fix, just the
temporary hack to hide the problem for 2.6.37 and stable. IOW,
this is obviously wrong but this is what we currently have anyway:
cpu timers do not work after mt exec.
In theory this change adds another race. The exiting leader can
detach the timers which were attached to the new leader. However,
the window between de_thread() and release_task() is small, we
can pretend that sys_timer_create() was called before de_thread().
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
All the callers already have a pointer to struct cifsInodeInfo. Use it.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Wrong MPP configuration would cause <cpu>_mpp_conf loop infinitely
because the mpp list iterator would not be incremented.
Signed-off-by: Mike Rapoport <mike@compulab.co.il>
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
The type was IORESOURCE_IO which is not what is expected by
plat_nand_probe(). This device has not worked since 2d098a72
("mtd: plat_nand: request memory resource before doing ioremap").
Signed-off-by: Michael Spang <mspang@csclub.uwaterloo.ca>
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
adapter->id is deprecated and not set by any adapter driver, so this
was certainly not what the author wanted to use. adapter->nr maybe,
but as dev_err() already includes this value, as well as the client's
address, there's no point repeating them. Better print a simple error
message in plain English words.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
arch/tile: mark "hardwall" device as non-seekable
asm-generic/stat.h: support 64-bit file time_t for stat()
arch/tile: don't allow user code to set the PL via ptrace or signal return
arch/tile: correct double syscall restart for nested signals
arch/tile: avoid __must_check warning on one strict_strtol check
arch/tile: bomb raw_local_irq_ to arch_local_irq_
arch/tile: complete migration to new kmap_atomic scheme
Add MODULE_LICENSE() that matches file comments so that kernel
is not tainted.
leds_net5501: module license 'unspecified' taints kernel.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Acked-by: Richard Purdie <rpurdie@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This was preventing the guest from setting any bits in the
hardware MSR which aren't forced on, such as MSR[SPE].
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
It is not legal to call mutex_lock() with interrupts disabled.
This will assert with debug checks enabled.
If there's a real need to disable interrupts here, it could be done
after the mutex is acquired -- but I don't see why it's needed at all.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Reviewed-by: Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The VCPU uninit calls some TLB functions, and the TLB uninit function
frees the memory used by them.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Acked-by: Liu Yu <yu.liu@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Fix an unresolved symbol with CONFIG_KVM_GUEST plus CONFIG_RELOCATABLE on
Book E.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
smp_call_function_many is specified to be called only with preemption
disabled. Fulfill this requirement.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and
kvm_clock_data are copied to userland with some padding and reserved
fields unitialized. It leads to leaking of contents of kernel stack
memory. We have to initialize them to zero.
In patch v1 Jan Kiszka suggested to fill reserved fields with zeros
instead of memset'ting the whole struct. It makes sense as these
fields are explicitly marked as padding. No more fields need zeroing.
KVM-Stable-Tag.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Structure kvm_ppc_pvinfo is copied to userland with flags and
pad fields unitialized. It leads to leaking of contents of
kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
drop_spte should not attempt to rmap_remove a non present shadow pte.
This fixes a BUG_ON seen on kvm-autotest.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Reported-by: Lucas Meneghel Rodrigues <lmr@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
I have observed the following bug trigger:
1. userspace calls GET_DIRTY_LOG
2. kvm_mmu_slot_remove_write_access is called and makes a page ro
3. page fault happens and makes the page writeable
fault is logged in the bitmap appropriately
4. kvm_vm_ioctl_get_dirty_log swaps slot pointers
a lot of time passes
5. guest writes into the page
6. userspace calls GET_DIRTY_LOG
At point (5), bitmap is clean and page is writeable,
thus, guest modification of memory is not logged
and GET_DIRTY_LOG returns an empty bitmap.
The rule is that all pages are either dirty in the current bitmap,
or write-protected, which is violated here.
It seems that just moving kvm_mmu_slot_remove_write_access down
to after the slot pointer swap should fix this bug.
KVM-Stable-Tag.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
We can optimize kernel/relay.c::relay_alloc_page_array() slightly by
using vzalloc. The patch makes these changes:
- use vzalloc instead of vmalloc+memset.
- remove redundant local variable 'array'.
- declare local 'pa_size' as const.
Cuts down nicely on both source and object-code size.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Pekka Enberg <penberg@kernel.org>
Acked-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The vt and other related code is moved into the drivers/tty/vt directory.
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The tty code should be in its own subdirectory and not in the char
driver with all of the cruft that is currently there.
Based on work done by Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* 'for-linus-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k, m68knommu: Do not include linux/hardirq.h in asm/irqflags.h
m68knommu: add back in declaration of do_IRQ
In order to not touch the driver file for different xtal usage,
push the clkin value to board file and calculate the register
value instead of hardcoding it.
Signed-off-by: Bob Liu <lliubbo@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
We need to restart the timer in order to recognize USB devices in
host-only mode.
Signed-off-by: Bob Liu <lliubbo@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Split the USB MMR init steps out into a helper func that both the platform
init and the resume code may call.
Then while suspending, the gpio_vrsel will change from high to low which
will generate a wakeup event and resume the system immediately, so we need
to manually drive it low before we sleep.
Signed-off-by: Bob Liu <lliubbo@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Since clock support is optional across processors, don't make the whole
musb pm paths depend upon it. Just conditionalize the clock accesses.
Signed-off-by: Bob Liu <lliubbo@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
The new MUSB power code needs musb_read_txhubport() to
return a value (so stub it as 0 like the other Blackfin
hub funcs).
Signed-off-by: Ian Jeffray <ian@jeffray.co.uk>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Commit 9f445cb29918dc488b7a9a92ef018599cce33df7[USB: musb: disable
double buffering for older RTL versions] tries to disable double
buffer mode by writing endpoint hw max packet size to TXMAP/RXMAP.
First the approach can break full speed and cause overflow problems.
We should always set those registers with the actual max packet size
from endpoint descriptor.
Second, the problem describe by commit 9f445cb299
was caused by musb gadget driver; nothing to do with RTL revision as
originaly suspected.
The real fix to the problem is to always use actual max packet
size from endpoint descriptor to config TXMAP/RXMAP registers.
Cc: Cliff Cai <cliff.cai@analog.com>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Anand Gadiyar <gadiyar@ti.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Cc: stable@kernel.org
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Some actions like musb_platform_exit are only performed on module
removal and not on shutdown, which results in PHY being left enabled
on reboot at least. This is sometimes causing strange failures after
reboot (observed on OMAP3 pandora board), when DEVCTL does not report
VBUS state correctly due to unknown reasons (possibly because of
communication issues between musb IP and PHY). Running
musb_platform_exit before reset seems to resolve that issue.
Move some exit code from musb_remove() to musb_shutdown() so that it
is performed on both module removal and shutdown/reset. Also convert
the host check so that it doesn't need #ifdef.
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
In function musb_gadget_setup() call put_device()
when device_register() fails.
Signed-off-by: Rahul Ruikar <rahul.ruikar@gmail.com>
Acked-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
1, In Rx double buffer case, FIFO may have two packets, so
rxstate should be called to unload fifo if RXPKTRDY is set
even the current request has not been completed.
2, Commit 633ba7876b96ec339ef685357e2f7c60b5a8ce85
introduces autoclear to support double buffer in dma mode 0,
so remove clearing RXPKTRDY manually for dma mode 0.
3, Commit c7af6b29ffeffbeb28caf39e5b2ce29b11807c7d may break
dma mode 1 for non-doublebuffer endpoint, fix it.
With this patch, either usbtest #5 or g_file_storage(writing
file to device in usb host) or g_ether have been tested OK in
double buffer case(using fifo mode 3). Also, this patch has
been verified that single buffer case can't be broken.
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Anand Gadiyar <gadiyar@ti.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
This patch is based on Dan's original patch. His original description is
below:
Smatch complained about a couple checking for NULL after dereferencing
bugs. I'm not super familiar with the code so I did the conservative
thing and move the dereferences after the checks.
The dereferences in cifs_lock() and cifs_fsync() were added in
ba00ba64cf "cifs: make various routines use the cifsFileInfo->tcon
pointer". The dereference in find_writable_file() was added in
6508d904e6 "cifs: have find_readable/writable_file filter by fsuid".
The comments there say it's possible to trigger the NULL dereference
under stress.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Noticed while reviewing (late) the rbtree conversion patchset (which has been merged
already).
Cc: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
We were using nlmsg_find_attr() to look up the bytecode by attribute when
auditing, but then just using the first attribute when actually running
bytecode. So, if we received a message with two attribute elements, where only
the second had type INET_DIAG_REQ_BYTECODE, we would validate and run different
bytecode strings.
Fix this by consistently using nlmsg_find_attr everywhere.
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Thomas Graf <tgraf@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This will let us use it on a nlmsghdr stored inside a netlink_callback.
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
After commit ebc0ffae5 (RCU conversion of fib_lookup()),
fib_result_assign() should not change fib refcounts anymore.
Thanks to Michael who did the bisection and bug report.
Reported-by: Michael Ellerman <michael@ellerman.id.au>
Tested-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
On certain VIA chipsets AES-CBC requires the input/output to be
a multiple of 64 bytes. We had a workaround for this but it was
buggy as it sent the whole input for processing when it is meant
to only send the initial number of blocks which makes the rest
a multiple of 64 bytes.
As expected this causes memory corruption whenever the workaround
kicks in.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Many of the IBM Terminal keyboards from the 1980s and early 1990s communicate
using a protocol similar, but not identical to the AT keyboard protocol.
(Models known to be like this include 6110344, 6110668, 1390876, 1386887, and
possibly others.)
When the connector is rewired or adapter to an AT-DIN or PS/2 connector, they
can be connected to a standard PC, with three caveats:
a) They can only use scancode set 3; requests to use anything else are
quietly ignored.
b) The AT Command to request Make, Break and Repeat codes is not properly
interpreted.
c) The top function keys on a 122 key keyboard, and the arrow/edit keys in
the middle of the board send non-standard scancodes.
C) is easily taken care of in userspace, by use of setkeycodes
B) can be taken care of by a userspace hack (that makes the kernel complain
in dmesg)
A) is fixable in theory, but on the keyboard i tested on (6110668), it seems
to be detected unoverridably as Set 2, causing userspace oddities that make
it harder to fix C).
Enclosed is a small patch to the kernel that fixes A) and B) in the kernel,
making it much easier to fix C) in userspace. It adds a single kernel
command line parameter that overrides the detection that sets these boards
as set 2, and instead of sending the Make-break-repeat command to the
keyboard, it sends the make-break command, which is properly recognized by
these keyboards. Software level key repeating seems to make up for the lack
of hardware repeat codes perfectly.
Without manually setting the command line parameter (tentatively named
atkbd.terminal), this code has no effect, and the driver works exactly as
before.
See also:
http://www.seasip.info/VintagePC/ibm_1390876.htmlhttp://www.seasip.info/VintagePC/ibm_6110344.htmlhttp://geekhack.org/showwiki.php?title=Island:7306
Signed-off-by: Erika Quinn <erikas.aubade@gmail.com>
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
The Sony VPCZ1 doesn't support active multiplexing and trying to enable
it causes keyboard to stop working. Since most (all?) VAIOs do not have
external PS/2 ports nor they implement active multiplexing properly, and
trying to enable MUX usually messes up keyboard/touchpad, let's simply
disable MUX probing based on board name (VAIO).
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
This is broken from 97ef1bdd0b.
Let's set the correct bit for LLC+MLC and LLC only.
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: stable@kernel.org
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
This restores cache behavior for default AGP_USER_MEMORY as
uncached, and leave default AGP_USER_CACHED_MEMORY as LLC only.
I've seen different cache behavior on one sandybridge desktop CPU vs.
another mobile CPU. Until we figure out how to detect the real cache
config, restore back to the original behavior now.
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: stable@kernel.org
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
We should enable FDI normal training on Sandybridge/CPT system
as well.
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
[ickle: removed unrelated chunks]
Cc: stable@kernel.org
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Given that __in_29bit_mode() is a constant for the non-PMB case, we can
simply use the PMB-facing version of phys_addr_mask() and drop the other
variants.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Now that nommu selects 32BIT we run in to the situation where SH-2A
supports an uncached identity mapping by way of the BSC, while the SH-2
does not. This provides stubs for the PC manglers and tidies up some of
the system*.h mess in the process.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
The nommu code has regressed somewhat in that 29BIT gets set for the
SH-2/2A configs regardless of the fact that they are really 32BIT sans
MMU or PMB. This does a bit of tidying to get nommu properly selecting
32BIT as it was before.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
There was a leftover inw() used here that really just wants to be a
__raw_readw() instead. Convert it over.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Presently the extern inline case results in a compiler warning on ARM due
to the memory barrier definition used in the I/O routines. These
ultimately all want to be static inline anyways, so just convert them all
in place.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Oleg Nesterov