Dave Airlie [Mon, 14 Feb 2011 00:13:34 +0000 (10:13 +1000)]
Merge remote branch 'intel/drm-intel-fixes' of /ssd/git/drm-next into drm-fixes
* 'intel/drm-intel-fixes' of /ssd/git/drm-next:
drm/i915: Fix resume regression from 5d1d0cc
drm/i915/tv: Use polling rather than interrupt-based hotplug
drm/i915: Trigger modesetting if force-audio changes
drm/i915/sdvo: If we have an EDID confirm it matches the mode of the connection
drm/i915: Disable RC6 on Ironlake
drm/i915/lvds: Restore dithering on native modes for gen2/3
drm/i915: Invalidate TLB caches on SNB BLT/BSD rings
Marek Olšák [Mon, 14 Feb 2011 00:01:10 +0000 (01:01 +0100)]
drm/radeon/kms: check AA resolve registers on r300
This is an important security fix because we allowed arbitrary values
to be passed to AARESOLVE_OFFSET. This also puts the right buffer address
in the register.
Signed-off-by: Marek Olšák <maraeo@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
Alex Deucher [Thu, 10 Feb 2011 19:51:34 +0000 (14:51 -0500)]
drm/radeon/kms: use linear aligned for evergreen/ni bo blits
Not only is linear aligned supposedly more performant,
linear general is only supported by the CB in single
slice mode. The texture hardware doesn't support
linear general, but I think the hw automatically
upgrades it to linear aligned.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
Alex Deucher [Thu, 10 Feb 2011 19:51:33 +0000 (14:51 -0500)]
drm/radeon/kms: use linear aligned for 6xx/7xx bo blits
Not only is linear aligned supposedly more performant,
linear general is only supported by the CB in single
slice mode. The texture hardware doesn't support
linear general, but I think the hw automatically
upgrades it to linear aligned.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave Airlie [Thu, 10 Feb 2011 04:46:06 +0000 (14:46 +1000)]
drm/radeon: fix race between GPU reset and TTM delayed delete thread.
My evergreen has been in a remote PC for week and reset has never once
saved me from certain doom, I finally relocated to the box with a
serial cable and noticed an oops when the GPU resets, and the TTM
delayed delete thread tries to remove something from the GTT.
This stops the delayed delete thread from executing across the GPU
reset handler, and woot I can GPU reset now.
Marek Olšák [Sat, 12 Feb 2011 18:21:35 +0000 (19:21 +0100)]
drm/radeon/kms: optimize CS state checking for r100->r500
The colorbuffer, zbuffer, and texture states are checked only once when
they get changed. This improves performance in the apps which emit
lots of draw packets and few state changes.
This drops performance in glxgears by a 1% or so, but glxgears is not
a benchmark we care about.
The time spent in the kernel when running Torcs dropped from 33% to 23%
and the frame rate is higher, which is a good thing.
r600 might need something like this as well.
Signed-off-by: Marek Olšák <maraeo@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
Jesper Juhl [Sat, 5 Feb 2011 19:51:53 +0000 (20:51 +0100)]
radeon mkregtable: Add missing fclose() calls
drivers/gpu/drm/radeon/mkregtable.c:parser_auth() almost always remembers
to fclose(file) before returning, but it misses two spots.
This is not really important since the process will exit shortly after and
thus close the file for us, but being explicit prevents static analysis
tools from complaining about leaked memory and missing fclose() calls and
it also seems to be the prefered style of the existing code to explicitly
close the file.
So, here's a patch to add the two missing fclose() calls.
Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Dave Airlie <airlied@redhat.com>
Alex Deucher [Sun, 6 Feb 2011 19:23:26 +0000 (14:23 -0500)]
drm/radeon/kms: fix interlaced modes on dce4+
- set scaler table clears the interleave bit, need to
reset it in encoder quirks, this was already done for
pre-dce4.
- remove the interleave settings from set_base() functions
this is now handled in the encoder quirks functions, and
isn't technically part of the display base setup.
- rename evergreen_do_set_base() to dce4_do_set_base() since
it's used on both evergreen and NI asics.
Linus Torvalds [Sun, 13 Feb 2011 15:59:48 +0000 (07:59 -0800)]
Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6
* 'spi/merge' of git://git.secretlab.ca/git/linux-2.6:
devicetree-discuss is moderated for non-subscribers
MAINTAINERS: Add entry for GPIO subsystem
dt: add documentation of ARM dt boot interface
dt: Remove obsolete description of powerpc boot interface
dt: Move device tree documentation out of powerpc directory
spi/spi_sh_msiof: fix wrong address calculation, which leads to an Oops
Linus Torvalds [Sun, 13 Feb 2011 15:58:50 +0000 (07:58 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: hda - add quirk for Ordissimo EVE using a realtek ALC662
ALSA: hrtimer: remove superfluous tasklet invocation
ALSA: hrtimer: handle delayed timer interrupts
ALSA: HDA: Add subwoofer quirk for Acer Aspire 8942G
ALSA: hda - Don't handle empty patch files
ALSA: hda - Fix missing CA initialization for HDMI/DP
ALSA: usbaudio - Enable the E-MU 0204 USB
ALSA: hda - switch lfe with side in mixer for 4930g
ASoC: Improve WM8994 digital power sequencing
ASoC: Create an AIF1ADCDAT signal widget to match AIF2
asoc: davinci: da830/omap-l137: correct cpu_dai_name
ASoC: fill in snd_soc_pcm_runtime.card before calling snd_soc_dai_link.init()
It turns out it breaks several distributions. Looks like the stricter
selinux checks fail due to selinux policies not being set to allow the
access - breaking X, but also lspci.
So while the change was clearly the RightThing(tm) to do in theory, in
practice we have backwards compatibility issues making it not work.
Reported-by: Dave Young <hidave.darkstar@gmail.com> Acked-by: David Airlie <airlied@linux.ie> Acked-by: Alex Riesen <raa.lkml@gmail.com> Cc: Eric Paris <eparis@redhat.com> Cc: Chris Wright <chrisw@sous-sol.org> Cc: James Morris <jmorris@namei.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 12 Feb 2011 17:10:24 +0000 (09:10 -0800)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
jbd2: call __jbd2_log_start_commit with j_state_lock write locked
ext4: serialize unaligned asynchronous DIO
ext4: make grpinfo slab cache names static
ext4: Fix data corruption with multi-block writepages support
ext4: fix up ext4 error handling
ext4: unregister features interface on module unload
ext4: fix panic on module unload when stopping lazyinit thread
Theodore Ts'o [Sat, 12 Feb 2011 13:18:24 +0000 (08:18 -0500)]
jbd2: call __jbd2_log_start_commit with j_state_lock write locked
On an SMP ARM system running ext4, I've received a report that the
first J_ASSERT in jbd2_journal_commit_transaction has been triggering:
J_ASSERT(journal->j_running_transaction != NULL);
While investigating possible causes for this problem, I noticed that
__jbd2_log_start_commit() is getting called with j_state_lock only
read-locked, in spite of the fact that it's possible for it might
j_commit_request. Fix this by grabbing the necessary information so
we can test to see if we need to start a new transaction before
dropping the read lock, and then calling jbd2_log_start_commit() which
will grab the write lock.
Eric Sandeen [Sat, 12 Feb 2011 13:17:34 +0000 (08:17 -0500)]
ext4: serialize unaligned asynchronous DIO
ext4 has a data corruption case when doing non-block-aligned
asynchronous direct IO into a sparse file, as demonstrated
by xfstest 240.
The root cause is that while ext4 preallocates space in the
hole, mappings of that space still look "new" and
dio_zero_block() will zero out the unwritten portions. When
more than one AIO thread is going, they both find this "new"
block and race to zero out their portion; this is uncoordinated
and causes data corruption.
Dave Chinner fixed this for xfs by simply serializing all
unaligned asynchronous direct IO. I've done the same here.
The difference is that we only wait on conversions, not all IO.
This is a very big hammer, and I'm not very pleased with
stuffing this into ext4_file_write(). But since ext4 is
DIO_LOCKING, we need to serialize it at this high level.
I tried to move this into ext4_ext_direct_IO, but by then
we have the i_mutex already, and we will wait on the
work queue to do conversions - which must also take the
i_mutex. So that won't work.
This was originally exposed by qemu-kvm installing to
a raw disk image with a normal sector-63 alignment. I've
tested a backport of this patch with qemu, and it does
avoid the corruption. It is also quite a lot slower
(14 min for package installs, vs. 8 min for well-aligned)
but I'll take slow correctness over fast corruption any day.
Mingming suggested that we can track outstanding
conversions, and wait on those so that non-sparse
files won't be affected, and I've implemented that here;
unaligned AIO to nonsparse files won't take a perf hit.
[tytso@mit.edu: Keep the mutex as a hashed array instead
of bloating the ext4 inode]
[tytso@mit.edu: Fix up namespace issues so that global
variables are protected with an "ext4_" prefix.]
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Eric Sandeen [Sat, 12 Feb 2011 13:12:18 +0000 (08:12 -0500)]
ext4: make grpinfo slab cache names static
In 2.6.37 I was running into oopses with repeated module
loads & unloads. I tracked this down to:
fb1813f4 ext4: use dedicated slab caches for group_info structures
(this was in addition to the features advert unload problem)
The kstrdup & subsequent kfree of the cache name was causing
a double free. In slub, at least, if I read it right it allocates
& frees the name itself, slab seems to do something different...
so in slub I think we were leaking -our- cachep->name, and double
freeing the one allocated by slub.
After getting lost in slab/slub/slob a bit, I just looked at other
sized-caches that get allocated. jbd2, biovec, sgpool all do it
more or less the way jbd2 does. Below patch follows the jbd2
method of dynamically allocating a cache at mount time from
a list of static names.
(This might also possibly fix a race creating the caches with
parallel mounts running).
[Folded in a fix from Dan Carpenter which fixed an off-by-one error in
the original patch]
Cc: stable@kernel.org Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: don't always drop malformed replies on the floor (try #3)
cifs: clean up checks in cifs_echo_request
[CIFS] Do not send SMBEcho requests on new sockets until SMBNegotiate
Linus Torvalds [Sat, 12 Feb 2011 00:16:03 +0000 (16:16 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
pci: use security_capable() when checking capablities during config space read
security: add cred argument to security_capable()
tpm_tis: Use timeouts returned from TPM
Linus Torvalds [Sat, 12 Feb 2011 00:15:15 +0000 (16:15 -0800)]
Merge branch 's5p-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung
* 's5p-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: SAMSUNG: Ensure struct sys_device is declared in plat/pm.h
ARM: S5PV310: Cleanup System MMU
ARM: S5PV310: Add support System MMU on SMDKV310
This code makes two calls to clk_get, then test both return values and
fails if either failed.
The problem is that in the first inner if, where the first call to
clk_get has failed, it don't know if the second call has failed as well.
So it don't know whether clk_get should be called on the result of the
second call. Of course, it would be possible to test that value again.
A simpler solution is just to test the result of calling clk_get
directly after each call.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@r@
position p1,p2;
expression e;
statement S;
@@
Johannes Weiner [Thu, 10 Feb 2011 23:01:34 +0000 (15:01 -0800)]
vmscan: fix zone shrinking exit when scan work is done
Commit 3e7d34497067 ("mm: vmscan: reclaim order-0 and use compaction
instead of lumpy reclaim") introduced an indefinite loop in
shrink_zone().
It meant to break out of this loop when no pages had been reclaimed and
not a single page was even scanned. The way it would detect the latter
is by taking a snapshot of sc->nr_scanned at the beginning of the
function and comparing it against the new sc->nr_scanned after the scan
loop. But it would re-iterate without updating that snapshot, looping
forever if sc->nr_scanned changed at least once since shrink_zone() was
invoked.
This is not the sole condition that would exit that loop, but it
requires other processes to change the zone state, as the reclaimer that
is stuck obviously can not anymore.
This is only happening for higher-order allocations, where reclaim is
run back to back with compaction.
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Reported-by: Michal Hocko <mhocko@suse.cz> Tested-by: Kent Overstreet<kent.overstreet@gmail.com> Reported-by: Kent Overstreet <kent.overstreet@gmail.com> Acked-by: Mel Gorman <mel@csn.ul.ie> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Rik van Riel <riel@redhat.com> Reviewed-by: Minchan Kim <minchan.kim@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
If the page is going to be written to, __do_page needs to break COW.
However, the old page (before breaking COW) was never mapped mapped into
the current pte (__do_fault is only called when the pte is not present),
so vmscan can't have marked the old page as PageMlocked due to being
mapped in __do_fault's VMA. Therefore, __do_fault() does not need to
worry about clearing PageMlocked() on the old page.
Signed-off-by: Michel Lespinasse <walken@google.com> Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Acked-by: Hugh Dickins <hughd@google.com> Cc: Rik van Riel <riel@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mlock: fix race when munlocking pages in do_wp_page()
vmscan can lazily find pages that are mapped within VM_LOCKED vmas, and
set the PageMlocked bit on these pages, transfering them onto the
unevictable list. When do_wp_page() breaks COW within a VM_LOCKED vma,
it may need to clear PageMlocked on the old page and set it on the new
page instead.
This change fixes an issue where do_wp_page() was clearing PageMlocked
on the old page while the pte was still pointing to it (as well as
rmap). Therefore, we were not protected against vmscan immediately
transfering the old page back onto the unevictable list. This could
cause pages to get stranded there forever.
I propose to move the corresponding code to the end of do_wp_page(),
after the pte (and rmap) have been pointed to the new page.
Additionally, we can use munlock_vma_page() instead of
clear_page_mlock(), so that the old page stays mlocked if there are
still other VM_LOCKED vmas mapping it.
Signed-off-by: Michel Lespinasse <walken@google.com> Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Acked-by: Hugh Dickins <hughd@google.com> Cc: Rik van Riel <riel@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Yinghai Lu [Thu, 10 Feb 2011 23:01:30 +0000 (15:01 -0800)]
memblock: don't adjust size in memblock_find_base()
While applying patch to use memblock to find aperture for 64bit x86.
Ingo found system with 1g + force_iommu
> No AGP bridge found
> Node 0: aperture @ 38000000 size 32 MB
> Aperture pointing to e820 RAM. Ignoring.
> Your BIOS doesn't leave a aperture memory hole
> Please enable the IOMMU option in the BIOS setup
> This costs you 64 MB of RAM
> Cannot allocate aperture memory hole (0,65536K)
fails because memblock core code align the size with 512M. That could
make size way too big.
So don't align the size in that case.
actually __memblock_alloc_base, the another caller already align that
before calling that function.
BTW. x86 does not use __memblock_alloc_base...
Signed-off-by: Yinghai Lu <yinghai@kernel.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: David Miller <davem@davemloft.net> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Dave Airlie <airlied@linux.ie> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Soren Hansen [Thu, 10 Feb 2011 23:01:28 +0000 (15:01 -0800)]
nbd: remove module-level ioctl mutex
Commit 2a48fc0ab242417 ("block: autoconvert trivial BKL users to private
mutex") replaced uses of the BKL in the nbd driver with mutex
operations. Since then, I've been been seeing these lock ups:
Instrumenting the nbd module's ioctl handler with some extra logging
clearly shows the NBD_DO_IT ioctl being invoked which is a long-lived
ioctl in the sense that it doesn't return until another ioctl asks the
driver to disconnect. However, that other ioctl blocks, waiting for the
module-level mutex that replaced the BKL, and then we're stuck.
This patch removes the module-level mutex altogether. It's clearly
wrong, and as far as I can see, it's entirely unnecessary, since the nbd
driver maintains per-device mutexes, and I don't see anything that would
require a module-level (or kernel-level, for that matter) mutex.
Roland Stigge [Thu, 10 Feb 2011 23:01:23 +0000 (15:01 -0800)]
drivers/gpio/pca953x.c: add a mutex to fix race condition
Add a mutex to register communication and handling. Without the mutex,
GPIOs didn't switch as expected when toggled in a fast sequence of
status changes of multiple outputs.
Signed-off-by: Roland Stigge <stigge@antcom.de> Acked-by: Eric Miao <eric.y.miao@gmail.com> Cc: Grant Likely <grant.likely@secretlab.ca> Cc: Marc Zyngier <maz@misterjones.org> Cc: Ben Gardner <bgardner@wabtec.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tejun Heo [Thu, 10 Feb 2011 23:01:22 +0000 (15:01 -0800)]
ptrace: use safer wake up on ptrace_detach()
The wake_up_process() call in ptrace_detach() is spurious and not
interlocked with the tracee state. IOW, the tracee could be running or
sleeping in any place in the kernel by the time wake_up_process() is
called. This can lead to the tracee waking up unexpectedly which can be
dangerous.
The wake_up is spurious and should be removed but for now reduce its
toxicity by only waking up if the tracee is in TRACED or STOPPED state.
This bug can possibly be used as an attack vector. I don't think it
will take too much effort to come up with an attack which triggers oops
somewhere. Most sleeps are wrapped in condition test loops and should
be safe but we have quite a number of places where sleep and wakeup
conditions are expected to be interlocked. Although the window of
opportunity is tiny, ptrace can be used by non-privileged users and with
some loading the window can definitely be extended and exploited.
Boaz Harrosh [Thu, 10 Feb 2011 23:01:20 +0000 (15:01 -0800)]
vfs: call rcu_barrier after ->kill_sb()
In commit fa0d7e3de6d6 ("fs: icache RCU free inodes"), we use rcu free
inode instead of freeing the inode directly. It causes a crash when we
rmmod immediately after we umount the volume[1].
So we need to call rcu_barrier after we kill_sb so that the inode is
freed before we do rmmod. The idea is inspired by Aneesh Kumar.
rcu_barrier will wait for all callbacks to end before preceding. The
original patch was done by Tao Ma, but synchronize_rcu() is not enough
here.
Tested-by: Tao Ma <boyu.mt@taobao.com> Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Cc: Nick Piggin <npiggin@kernel.dk> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Chris Mason <chris.mason@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 11 Feb 2011 23:53:38 +0000 (15:53 -0800)]
Fix possible filp_cachep memory corruption
In commit 31e6b01f4183 ("fs: rcu-walk for path lookup") we started doing
path lookup using RCU, which then falls back to a careful non-RCU lookup
in case of problems (LOOKUP_REVAL). So do_filp_open() has this "re-do
the lookup carefully" looping case.
However, that means that we must not release the open-intent file data
if we are going to loop around and use it once more!
Fix this by moving the release of the open-intent data to the function
that allocates it (do_filp_open() itself) rather than the helper
functions that can get called multiple times (finish_open() and
do_last()). This makes the logic for the lifetime of that field much
more obvious, and avoids the possible double free.
Reported-by: J. R. Okajima <hooanon05@yahoo.co.jp> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Cc: Nick Piggin <npiggin@kernel.dk> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Teigland [Fri, 11 Feb 2011 22:44:31 +0000 (16:44 -0600)]
dlm: use single thread workqueues
The recent commit to use cmwq for send and recv threads dcce240ead802d42b1e45ad2fcb2ed4a399cb255 introduced problems,
apparently due to multiple workqueue threads. Single threads
make the problems go away, so return to that until we fully
understand the concurrency issues with multiple threads.
Signed-off-by: David Teigland <teigland@redhat.com>
The irony of the patch to fix the resume regression on PineView causing
a further regression on Ironlake is not lost on me.
Reported-by: Jeff Chua <jeff.chua.linux@gmail.com> Reported-by: Björn Schließmann <chronoss@gmx.de> Tested-by: Björn Schließmann <chronoss@gmx.de>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=28802 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Chris Wilson [Thu, 10 Feb 2011 10:05:35 +0000 (10:05 +0000)]
drm/i915/tv: Use polling rather than interrupt-based hotplug
The documentation recommends that we should use a polling method for TV
detection as this is more power efficient than the interrupt based
mechanism (as the encoder can be completely switched off). A secondary
effect is that leaving the hotplug enabled seems to be causing pipe
underruns as reported by Hugh Dickins on his Crestline.
Tested-by: Hugh Dickins <hughd@google.com> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
[This is a candidate for stable, but needs minor porting to 2.6.37]
Chris Wilson [Wed, 9 Feb 2011 18:46:58 +0000 (18:46 +0000)]
drm/i915: Trigger modesetting if force-audio changes
If the user changes the force-audio property and it no longer reflects
the current configuration, then we need to trigger a mode set in order
to update the registers.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Chris Wright [Thu, 10 Feb 2011 23:58:56 +0000 (15:58 -0800)]
pci: use security_capable() when checking capablities during config space read
Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file
open to read device dependent config space") caused the capability check
to bypass security modules and potentially auditing. Rectify this by
calling security_capable() when checking the open file's capabilities
for config space reads.
Reported-by: Eric Paris <eparis@redhat.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: James Morris <jmorris@namei.org>
Jeff Layton [Thu, 10 Feb 2011 13:03:50 +0000 (08:03 -0500)]
cifs: don't always drop malformed replies on the floor (try #3)
Slight revision to this patch...use min_t() instead of conditional
assignment. Also, remove the FIXME comment and replace it with the
explanation that Steve gave earlier.
After receiving a packet, we currently check the header. If it's no
good, then we toss it out and continue the loop, leaving the caller
waiting on that response.
In cases where the packet has length inconsistencies, but the MID is
valid, this leads to unneeded delays. That's especially problematic now
that the client waits indefinitely for responses.
Instead, don't immediately discard the packet if checkSMB fails. Try to
find a matching mid_q_entry, mark it as having a malformed response and
issue the callback.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Stefan Berger [Tue, 11 Jan 2011 19:37:29 +0000 (14:37 -0500)]
tpm_tis: Use timeouts returned from TPM
The current TPM TIS driver in git discards the timeout values returned
from the TPM. The check of the response packet needs to consider that
the return_code field is 0 on success and the size of the expected
packet is equivalent to the header size + u32 length indicator for the
TPM_GetCapability() result + 3 timeout indicators of type u32.
I am also adding a sysfs entry 'timeouts' showing the timeouts that are
being used.
Corey Minyard [Thu, 10 Feb 2011 22:08:38 +0000 (16:08 -0600)]
char/ipmi: fix OOPS caused by pnp_unregister_driver on unregistered driver
This patch fixes an OOPS triggered when calling modprobe ipmi_si a
second time after the first modprobe returned without finding any ipmi
devices. This can happen if you reload the module after having the
first module load fail. The driver was not deregistering from PNP in
that case.
Peter Huewe originally reported this patch and supplied a fix, I have a
different patch based on Linus' suggestion that cleans things up a bit
more.
Cc: stable@kernel.org Cc: openipmi-developer@lists.sourceforge.net Reviewed-by: Peter Huewe <peterhuewe@gmx.de> Cc: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 11 Feb 2011 01:53:55 +0000 (17:53 -0800)]
cap_syslog: accept CAP_SYS_ADMIN for now
In commit ce6ada35bdf7 ("security: Define CAP_SYSLOG") Serge Hallyn
introduced CAP_SYSLOG, but broke backwards compatibility by no longer
accepting CAP_SYS_ADMIN as an override (it would cause a warning and
then reject the operation).
Re-instate CAP_SYS_ADMIN - but keeping the warning - as an acceptable
capability until any legacy applications have been updated. There are
apparently applications out there that drop all capabilities except for
CAP_SYS_ADMIN in order to access the syslog.
(This is a re-implementation of a patch by Serge, cleaning the logic up
and making the code more readable)
Kukjin Kim [Tue, 1 Feb 2011 06:08:53 +0000 (15:08 +0900)]
ARM: S5PV310: Cleanup System MMU
This patch cleans following up.
- Moved definition of System MMU IPNUM into mach/sysmmu.h
- Removed useless SYSMMU_DEBUG configuration
- Removed useless header file plat/sysmmu.h
Thomas Abraham [Mon, 24 Jan 2011 23:37:49 +0000 (08:37 +0900)]
ARM: S5PV310: Add support System MMU on SMDKV310
The 's5pv310_device_sysmmu' is used on SMDKV310. But since it is not
compiled now, there is a build error. To fix this compilation error,
S5PV310_DEV_SYSMMU needs to be selected for SMDKV310 board.
This patch enables System MMU support on SMDKV310.
Signed-off-by: Thomas Abraham <thomas.ab@samsung.com>
[kgene.kim@samsung.com: Adding description] Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Linus Torvalds [Thu, 10 Feb 2011 20:20:40 +0000 (12:20 -0800)]
Merge branch 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6
* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (21 commits)
USB: cdc-acm: Adding second ACM channel support for Nokia N8
USB, Mass Storage, composite, gadget: Fix build failure and memset of a struct
USB: Fix trout build failure with ci13xxx_msm gadget
USB: EHCI: fix scheduling while atomic during suspend
USB: usb-storage: unusual_devs entry for Coby MP3 player
USB: ftdi_sio: Add VID=0x0647, PID=0x0100 for Acton Research spectrograph
USB: fix race between root-hub resume and wakeup requests
USB: prevent buggy hubs from crashing the USB stack
usb: r8a66597-udc: Fixed bufnum of Bulk
USB: ftdi_sio: add ST Micro Connect Lite uart support
USB: Storage: Add unusual_devs entry for VTech Kidizoom
USB SL811HS HCD: Fix memory leak in sl811h_urb_enqueue()
USB: ti_usb: fix module removal
USB: io_edgeport: fix the reported firmware major and minor
usb: ehci-omap: Show fatal probing time errors to end user
usb: musb: introduce api for dma code to check compatibility with usb request
usb: musb: maintain three states for buffer mappings instead of two
usb: musb: disable double buffering when it's broken
usb: musb: hsdma: change back to use musb_read/writew
usb: musb: core: fix IRQ check
...
Linus Torvalds [Thu, 10 Feb 2011 20:19:58 +0000 (12:19 -0800)]
Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6
* 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
serial: bfin_5xx: split uart RX lock from uart port lock to avoid deadlock
68360serial: Plumb in rs_360_get_icount()
n_gsm: copy mtu over when configuring via ioctl interface
virtio: console: Move file back to drivers/char/
Linus Torvalds [Thu, 10 Feb 2011 20:19:23 +0000 (12:19 -0800)]
Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6
* 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
staging: zram: fix data corruption issue
Staging: Comedi: Fix a few NI module dependencies
Staging: comedi: Add MODULE_LICENSE and similar to NI modules
staging: brcm80211: bugfix for softmac crash on multi cpu configurations
staging: sst: Fix for dmic capture on v2 pmic
staging: hv: Enable sending GARP packet after live migration
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (34 commits)
virtio_net: Add schedule check to napi_enable call
x25: Do not reference freed memory.
pch_can: fix tseg1/tseg2 setting issue
isdn: hysdn: Kill (partially buggy) CVS regision log reporting.
can: softing_cs needs slab.h
pch_gbe: Fix the issue which a driver locks when rx offload is set by ethtool
netfilter: nf_conntrack: set conntrack templates again if we return NF_REPEAT
pch_can: fix module reload issue with MSI
pch_can: fix rmmod issue
pch_can: fix 800k comms issue
net: Fix lockdep regression caused by initializing netdev queues too early.
net/caif: Fix dangling list pointer in freed object on error.
USB CDC NCM errata updates for cdc_ncm host driver
CDC NCM errata updates for cdc.h
ixgbe: update version string
ixgbe: cleanup variable initialization
ixgbe: limit VF access to network traffic
ixgbe: fix for 82599 erratum on Header Splitting
ixgbe: fix variable set but not used warnings by gcc 4.6
e1000: add support for Marvell Alaska M88E1118R PHY
...
Bruce Rogers [Thu, 10 Feb 2011 19:03:31 +0000 (11:03 -0800)]
virtio_net: Add schedule check to napi_enable call
Under harsh testing conditions, including low memory, the guest would
stop receiving packets. With this patch applied we no longer see any
problems in the driver while performing these tests for extended periods
of time.
Make sure napi is scheduled subsequent to each napi_enable.
Signed-off-by: Bruce Rogers <brogers@novell.com> Signed-off-by: Olaf Kirch <okir@suse.de> Cc: stable@kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Commit bb758e9637e5ddc removed snd_hrtimer_callback() from the hardware
interrupt handler, thus moving it into a tasklet, but did not tell the
ALSA timer framework about this, so the timer handling would now be done
in the ALSA timer tasklet scheduled from another tasklet.
To fix this, add the flag to tell the ALSA timer framework that the
timer handler is already being invoked in a tasklet.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
Clemens Ladisch [Thu, 10 Feb 2011 15:15:44 +0000 (16:15 +0100)]
ALSA: hrtimer: handle delayed timer interrupts
If a timer interrupt was delayed too much, hrtimer_forward_now() will
forward the timer expiry more than once. When this happens, the
additional number of elapsed ALSA timer ticks must be passed to
snd_timer_interrupt() to prevent the ALSA timer from falling behind.
This mostly fixes MIDI slowdown problems on highly-loaded systems with
badly behaved interrupt handlers.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Reported-and-tested-by: Arthur Marsh <arthur.marsh@internode.on.net> Cc: <stable@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
Borislav Petkov [Thu, 3 Feb 2011 14:59:57 +0000 (15:59 +0100)]
amd64_edac: Fix DIMMs per DCTs output
amd64_debug_display_dimm_sizes() reports the distribution of the DIMMs
on each DRAM controller and its chip select sizes. Thus, the last don't
have anything to do with whether we're running in ganged DCT mode or not
- their sizes don't change all of a sudden. Fix that by removing the
ganged-check and dump DCT0's config for DCT1 when in ganged mode since
they're identical.
Reported-and-tested-by: Markus Trippelsdorf <markus@trippelsdorf.de> Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
David S. Miller [Thu, 10 Feb 2011 05:48:36 +0000 (21:48 -0800)]
x25: Do not reference freed memory.
In x25_link_free(), we destroy 'nb' before dereferencing
'nb->dev'. Don't do this, because 'nb' might be freed
by then.
Reported-by: Randy Dunlap <randy.dunlap@oracle.com> Tested-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Layton [Wed, 9 Feb 2011 17:01:42 +0000 (12:01 -0500)]
cifs: clean up checks in cifs_echo_request
Follow-on patch to 7e90d705 which is already in Steve's tree...
The check for tcpStatus == CifsGood is not meaningful since it doesn't
indicate whether the NEGOTIATE request has been done. Also, clarify
why we're checking for maxBuf == 0.
Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Linus Torvalds [Thu, 10 Feb 2011 00:56:33 +0000 (16:56 -0800)]
Merge branch 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6:
deb-pkg: Fix building outside of source tree (O=...).
deb-pkg: Use $SRCARCH for include path
Tomoya MORINAGA [Thu, 10 Feb 2011 00:46:21 +0000 (16:46 -0800)]
pch_can: fix tseg1/tseg2 setting issue
Previous patch "[PATCH 1/3] pch_can: fix 800k comms issue" is wrong.
I should have modified tseg1_min not tseg2_min.
This patch reverts tseg2_min to 1 and set tseg1_min to 2.
Signed-off-by: Tomoya MORINAGA <tomoya-linux@dsn.okisemi.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Some cases try to modify const strings, and in any event the
CVS revision strings have not changed in over ten years making
these printouts completely worthless.
Just kill all of this stuff off.
Reported-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Chris Wilson [Wed, 9 Feb 2011 20:01:16 +0000 (20:01 +0000)]
drm/i915/sdvo: If we have an EDID confirm it matches the mode of the connection
If we have an EDID for a digital panel, but we are probing a non-TMDS
connector then we know that this is a false detection, and vice versa.
This should reduce the number of bogus outputs on multi-function
adapters that report the same output on multiple connectors.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=34101 Reported-by: Sebastien Caty <sebastien.caty@mrnf.gouv.qc.ca> Tested-by: Sebastien Caty <sebastien.caty@mrnf.gouv.qc.ca> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: stable@kernel.org
Randy Dunlap [Wed, 9 Feb 2011 20:43:38 +0000 (12:43 -0800)]
can: softing_cs needs slab.h
From: Randy Dunlap <randy.dunlap@oracle.com>
softing_cs.c uses kzalloc & kfree, so it needs to include linux/slab.h.
drivers/net/can/softing/softing_cs.c:234: error: implicit declaration of function 'kfree'
drivers/net/can/softing/softing_cs.c:271: error: implicit declaration of function 'kzalloc'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
virtio: console: Update Copyright
virtio: console: Wake up outvq on host notifications
Linus Torvalds [Wed, 9 Feb 2011 19:45:21 +0000 (11:45 -0800)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
cdrom: support devices that have check_events but not media_changed
cfq-iosched: Don't wait if queue already has requests.
blkio-throttle: Avoid calling blkiocg_lookup_group() for root group
cfq: rename a function to give it more appropriate name
cciss: make cciss_revalidate not loop through CISS_MAX_LUNS volumes unnecessarily.
drivers/block/aoe/Makefile: replace the use of <module>-objs with <module>-y
loop: queue_lock NULL pointer derefence in blk_throtl_exit
drivers/block/Makefile: replace the use of <module>-objs with <module>-y
blktrace: Don't output messages if NOTIFY isn't set.
Linus Torvalds [Wed, 9 Feb 2011 19:44:55 +0000 (11:44 -0800)]
Merge branch 'for-linus' of git://neil.brown.name/md
* 'for-linus' of git://neil.brown.name/md:
FIX: md: process hangs at wait_barrier after 0->10 takeover
md_make_request: don't touch the bio after calling make_request
md: Don't allow slot_store while resync/recovery is happening.
md: don't clear curr_resync_completed at end of resync.
md: Don't use remove_and_add_spares to remove failed devices from a read-only array
Add raid1->raid0 takeover support
md: Remove the AllReserved flag for component devices.
md: don't abort checking spares as soon as one cannot be added.
md: fix the test for finding spares in raid5_start_reshape.
md: simplify some 'if' conditionals in raid5_start_reshape.
md: revert change to raid_disks on failure.
Nitin Gupta [Sun, 6 Feb 2011 01:34:20 +0000 (20:34 -0500)]
staging: zram: fix data corruption issue
In zram_read() and zram_write() we were not incrementing the
index number and thus were reading/writing values from/to
incorrect sectors on zram disk, resulting in data corruption.
Ian Abbott [Tue, 8 Feb 2011 15:26:33 +0000 (15:26 +0000)]
Staging: Comedi: Fix a few NI module dependencies
The ni_tio and ni_tio modules do not depend on the 8255 module, but the
ni_atmio, ni_mio_cs and ni_pcimio modules do need the 8255 module. The
ni_pcimio module also needs the comedi_fc module.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ian Abbott [Mon, 7 Feb 2011 13:39:52 +0000 (13:39 +0000)]
Staging: comedi: Add MODULE_LICENSE and similar to NI modules
As mentioned by W. Trevor King on the devel@linuxdriverproject.org list
on "Thu, 27 Jan 2011 18:52:15 -0500", "Message-ID:
<20110127235214.GA5107@thialfi.dhcp.drexel.edu>", the ni_pcimio module
is missing module metadata, including a license.
This patch adds module metadata to all the NI comedi driver modules. It
also removes a duplicate MODULE_LICENSE("GPL") line from the "mite"
module.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Cc: W. Trevor King <wking@drexel.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chris Wilson [Wed, 9 Feb 2011 16:15:32 +0000 (16:15 +0000)]
drm/i915: Disable RC6 on Ironlake
The automatic powersaving feature is once again causing havoc, with 100%
reliable hangs on boot and resume on affected machines.
Reported-by: Francesco Allertsen <fallertsen@gmail.com> Reported-by: Gui Rui <chaos.proton@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=28582 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Joerg Roedel [Fri, 14 Jan 2011 15:45:01 +0000 (16:45 +0100)]
KVM: SVM: Make sure KERNEL_GS_BASE is valid when loading gs_index
The gs_index loading code uses the swapgs instruction to
switch to the user gs_base temporarily. This is unsave in an
lightweight exit-path in KVM on AMD because the
KERNEL_GS_BASE MSR is switches lazily. An NMI happening in
the critical path of load_gs_index may use the wrong GS_BASE
value then leading to unpredictable behavior, e.g. a
triple-fault.
This patch fixes the issue by making sure that load_gs_index
is called only with a valid KERNEL_GS_BASE value loaded in
KVM.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Avi Kivity <avi@redhat.com>
All users that check for the CDC_MEDIA_CHANGED capbility try both
the check_events op and the media_changed op, but register_cdrom()
was requiring media_changed.
This patch fixes the capability checking.
The cdrom_select_disc ioctl is also using the two operations, so
they should be required for CDC_SELECT_DISC too.
Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Cc: Tejun Heo <tj@kernel.org> Cc: Kay Sievers <kay.sievers@vrfy.org> Tested-by: Chris Clayton <chris2553@googlemail.com> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Justin TerAvest [Wed, 9 Feb 2011 13:20:03 +0000 (14:20 +0100)]
cfq-iosched: Don't wait if queue already has requests.
Commit 7667aa0630407bc07dc38dcc79d29cc0a65553c1 added logic to wait for
the last queue of the group to become busy (have at least one request),
so that the group does not lose out for not being continuously
backlogged. The commit did not check for the condition that the last
queue already has some requests. As a result, if the queue already has
requests, wait_busy is set. Later on, cfq_select_queue() checks the
flag, and decides that since the queue has a request now and wait_busy
is set, the queue is expired. This results in early expiration of the
queue.
This patch fixes the problem by adding a check to see if queue already
has requests. If it does, wait_busy is not set. As a result, time slices
do not expire early.
The queues with more than one request are usually buffered writers.
Testing shows improvement in isolation between buffered writers.
However, this is a problem for the iptables' CT target event filtering
which will not work in this case since the conntrack template will not
be there for the new session. To fix this, we reassign the conntrack
template to the packet if we return NF_REPEAT.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
Tomoya [Mon, 7 Feb 2011 23:29:02 +0000 (23:29 +0000)]
pch_can: fix rmmod issue
Currently, when rmmod pch_can, kernel failure occurs.
The cause is pci_iounmap executed before pch_can_reset.
Thus pci_iounmap moves after pch_can_reset.
Signed-off-by: Tomoya MORINAGA <tomoya-linux@dsn.okisemi.com> Signed-off-by: David S. Miller <davem@davemloft.net>