Linus Torvalds [Fri, 7 May 2010 20:58:56 +0000 (13:58 -0700)]
Merge branch 'v4l_for_2.6.34' of git://git./linux/kernel/git/mchehab/linux-2.6
* 'v4l_for_2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6:
V4L/DVB: pxa_camera: move fifo reset direct before dma start
V4L/DVB: video: testing unsigned for less than 0
V4L/DVB: mx1-camera: compile fix
V4L/DVB: budget: Oops: "BUG: unable to handle kernel NULL pointer dereference"
V4L/DVB: ngene: Workaround for stuck DiSEqC pin
V4L/DVB: saa7146: fix regression of the av7110/budget-av driver
V4L/DVB: v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1
V4L/DVB: feature-removal: announce videotext.h removal
V4L/DVB: V4L - vpfe capture - fix for kernel crash
V4L/DVB: gspca: make usb id 0461:0815 get handled by the right driver
V4L/DVB: gspca - stv06xx: Remove the 046d:08da from the stv06xx driver
V4L/DVB: gspca - sn9c20x: Correct onstack wait_queue_head declaration
V4L/DVB: saa7146: fix up bytesperline if it is an impossible value
V4L/DVB: V4L: vpfe_capture - free ccdc_lock when memory allocation fails
V4L/DVB: V4L - Makfile:Removed duplicate entry of davinci
V4L/DVB: omap24xxcam: potential buffer overflow
Linus Torvalds [Fri, 7 May 2010 20:58:21 +0000 (13:58 -0700)]
Merge branch 'core-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
rcu: create rcu_my_thread_group_empty() wrapper
memcg: css_id() must be called under rcu_read_lock()
cgroup: Check task_lock in task_subsys_state()
sched: Fix an RCU warning in print_task()
cgroup: Fix an RCU warning in alloc_css_id()
cgroup: Fix an RCU warning in cgroup_path()
KEYS: Fix an RCU warning in the reading of user keys
KEYS: Fix an RCU warning
Stefan Herbrechtsmeier [Tue, 20 Apr 2010 06:51:29 +0000 (03:51 -0300)]
V4L/DVB: pxa_camera: move fifo reset direct before dma start
Move the fifo reset from pxa_camera_start_capture to pxa_camera_irq direct
before the dma start after an end of frame interrupt to prevent images from
shifting because of old data at the begin of the frame.
Signed-off-by: Stefan Herbrechtsmeier <hbmeier@hni.uni-paderborn.de>
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Tested-by: Antonio Ospite <ospite@studenti.unina.it>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Dan Carpenter [Wed, 7 Apr 2010 09:41:14 +0000 (06:41 -0300)]
V4L/DVB: video: testing unsigned for less than 0
soc_mbus_bytes_per_line() returns -EINVAL on error but we store it in an
unsigned int so the test for less than zero doesn't work. I think it
always returns "small" positive values so we can just cast it to int
here.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Uwe Kleine-König [Sat, 27 Mar 2010 21:42:13 +0000 (18:42 -0300)]
V4L/DVB: mx1-camera: compile fix
This fixes a regression of
7d58289 (mx1: prefix SOC specific defines with MX1_ and deprecate old names)
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Bjørn Mork [Wed, 24 Mar 2010 10:57:57 +0000 (07:57 -0300)]
V4L/DVB: budget: Oops: "BUG: unable to handle kernel NULL pointer dereference"
Never call dvb_frontend_detach if we failed to attach a frontend. This fixes
the following oops, which will be triggered by a missing stv090x module:
[ 8.172997] DVB: registering new adapter (TT-Budget S2-1600 PCI)
[ 8.209018] adapter has MAC addr = 00:d0:5c:cc:a7:29
[ 8.328665] Intel ICH 0000:00:1f.5: PCI INT B -> GSI 17 (level, low) -> IRQ 17
[ 8.328753] Intel ICH 0000:00:1f.5: setting latency timer to 64
[ 8.562047] DVB: Unable to find symbol stv090x_attach()
[ 8.562117] BUG: unable to handle kernel NULL pointer dereference at
000000ac
[ 8.562239] IP: [<
e08b04a3>] dvb_frontend_detach+0x4/0x67 [dvb_core]
Ref http://bugs.debian.org/575207
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Cc: stable@kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Oliver Endriss [Sun, 21 Mar 2010 14:48:47 +0000 (11:48 -0300)]
V4L/DVB: ngene: Workaround for stuck DiSEqC pin
Send one DiSEqC byte to make sure that the pin is set to low level.
Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Reviewed-by: Manu Abraham <abraham.manu@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Hans Verkuil [Wed, 24 Mar 2010 22:09:55 +0000 (19:09 -0300)]
V4L/DVB: saa7146: fix regression of the av7110/budget-av driver
An earlier regression fix for the mxb driver (V4L/DVB: saa7146_vv: fix
regression where v4l2_device was registered too late) caused a new
regression in the av7110 driver.
Reverted the old fix and fixed the problem in the mxb driver instead.
Tested on mxb and budget-av cards.
The real problem is that the saa7146 framework has separate probe()
and attach() driver callbacks which should be rolled into one. This
is now done for the mxb driver, but others should do the same. Lack
of hardware makes this hard to do, though. I hope to get hold of some
hexium cards and then I can try to improve the framework to prevent
this from happening again.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Hans Verkuil [Mon, 22 Mar 2010 06:14:22 +0000 (03:14 -0300)]
V4L/DVB: v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1
v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Hans Verkuil [Mon, 22 Mar 2010 08:43:08 +0000 (05:43 -0300)]
V4L/DVB: feature-removal: announce videotext.h removal
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Muralidharan Karicheri [Thu, 18 Mar 2010 14:44:12 +0000 (11:44 -0300)]
V4L/DVB: V4L - vpfe capture - fix for kernel crash
As part of upstream merge, set_params() function was removed from isif.c.
This requires removal of BUG_ON() and check for set_params ptr in
vpfe_capture.c. Without this kernel crash dump is seen while bootup on DM365
Also made following changes:-
1) converted error messages to debug messages since it is not right to flood
the console with error messages for user mistakes.
2) returns -EINVAL if ioctl is not supported
Signed-off-by: Muralidharan Karicheri <m-karicheri2@ti.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
John Ellson [Wed, 17 Mar 2010 13:22:58 +0000 (10:22 -0300)]
V4L/DVB: gspca: make usb id 0461:0815 get handled by the right driver
The 0461:0815 camera is spca561 based not spca508
Signed-off-by: John Ellson <john.ellson@comcast.net>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Erik Andrén [Mon, 8 Mar 2010 20:16:00 +0000 (17:16 -0300)]
V4L/DVB: gspca - stv06xx: Remove the 046d:08da from the stv06xx driver
The 046d:08da usb id shouldn't be associated with the stv06xx driver as they're
not compatible with each other.
This fixes a bug where Quickcam Messenger cams fail to use its proper driver
(gspca-zc3xx), rendering the camera inoperable.
Signed-off-by: Erik Andrén <erik.andren@gmail.com>
Tested-by: Gabriel Craciunescu <nix.or.die@googlemail.com>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Yong Zhang [Fri, 5 Feb 2010 13:52:39 +0000 (10:52 -0300)]
V4L/DVB: gspca - sn9c20x: Correct onstack wait_queue_head declaration
Use DECLARE_WAIT_QUEUE_HEAD_ONSTACK to make lockdep happy
Signed-off-by: Yong Zhang <yong.zhang0@gmail.com>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
CC: Brian Johnson <brijohn@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Michael Hunold [Sat, 13 Mar 2010 14:45:46 +0000 (11:45 -0300)]
V4L/DVB: saa7146: fix up bytesperline if it is an impossible value
xawtv using DGA on a Radeon graphics card provides bogus
values to S_FBUF, which will then screw up overlay video:
https://bugs.launchpad.net/ubuntu/+source/xawtv/+bug/499734
This fixes the bytesperline value if it is off completely.
Signed-off-by: Michael Hunold <michael@mihu.de>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Murali Karicheri [Mon, 1 Mar 2010 22:54:02 +0000 (19:54 -0300)]
V4L/DVB: V4L: vpfe_capture - free ccdc_lock when memory allocation fails
This patch fixes a bug in vpfe_probe() that doesn't call mutex_unlock() if memory
allocation for ccdc_cfg fails. See also the smatch warning report from Dan
Carpenter that shows this as an issue.
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Vaibhav Hiremath [Sat, 13 Mar 2010 13:58:39 +0000 (10:58 -0300)]
V4L/DVB: V4L - Makfile:Removed duplicate entry of davinci
Signed-off-by: Vaibhav Hiremath <hvaibhav@ti.com>
Signed-off-by: Muralidharan Karicheri <mkaricheri@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Dan Carpenter [Wed, 10 Mar 2010 10:57:03 +0000 (07:57 -0300)]
V4L/DVB: omap24xxcam: potential buffer overflow
The previous loop goes until last == VIDEO_MAX_FRAME, so this could
potentially go one past the end of the loop.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Sakari Ailus <sakari.ailus@maxwell.research.nokia.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Paul E. McKenney [Thu, 6 May 2010 16:28:41 +0000 (09:28 -0700)]
rcu: create rcu_my_thread_group_empty() wrapper
Some RCU-lockdep splat repairs need to know whether they are running
in a single-threaded process. Unfortunately, the thread_group_empty()
primitive is defined in sched.h, and can induce #include hell. This
commit therefore introduces a rcu_my_thread_group_empty() wrapper that
is defined in rcupdate.c, thus avoiding the need to include sched.h
everywhere.
Signed-off-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Linus Torvalds [Thu, 6 May 2010 15:38:20 +0000 (08:38 -0700)]
Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze
* 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze:
microblaze: Defconfig update
microblaze: Optimize CACHE_LOOP_LIMITS and CACHE_RANGE_LOOP macros
microblaze: Fix consistent-sync code
microblaze: Define correct L1_CACHE_SHIFT value
microblaze: cpuinfo shows cache line length
microblaze: Fix kmalloc alignment on non-coherent DMA platforms
microblaze: Fix typo fault in cache code
microblaze: Fix consistent code
microblaze: pci-dma: use include/linux/dma-mapping.h
microblaze: page.h: Remove get_user_page and free_user_page
microblaze: Remove "cache" optimized copy_page function
microblaze: invoke oom-killer from page fault
microblaze: fix divide by zero exception message
microblaze: Add isa_dma_bridge_buggy to dma.h
microblaze: Remove ancient code
microblaze: Quiet section mismatch warnings for MMU version
microblaze: Quiet section mismatch warnings
microblaze: Fix IRQ entry/exit ftracing
microblaze: resource/PCI: align functions now return start of resource
microblaze: PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs
Linus Torvalds [Thu, 6 May 2010 15:38:03 +0000 (08:38 -0700)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] pxa/colibri: fix missing #include <mach/mfp.h> in colibri.h
[ARM] pxa/spitz: fix On/off key name to fix warning during boot
[ARM] pxa: fix the incorrect cpu_is_pxa950()
[ARM] pxa: update cpuid pattern for pxa9xx in head.S
[ARM] pxa/viper: fix timeout usage for I2C
[ARM] pxa/raumfeld: fix button name
[ARM] pxa/imote2: Fix iMote2 defconfig
[ARM] pxa: add missing new line to regs-u2d.h
ARM: 6093/1: Fix kernel memory printing for sparsemem
arch/arm/include/asm/elf.h: forward-declare the task-struct
arch/arm/plat-pxa/dma.c: correct NULL test
ARM: 6076/1: SA1100: add processor check to sa1110-cpufreq driver
ARM: 6075/1: SA1100: fix wrong CPU type for h3100 and h3600
ARM: Update mach-types
ARM: 6066/1: Fix "BUG: scheduling while atomic: swapper/0/0x00000002
ARM: 6068/1: Fix build break with KPROBES enabled
mx5: Fix build error for mx51_defconfig
Linus Torvalds [Thu, 6 May 2010 15:37:39 +0000 (08:37 -0700)]
Merge branch 'sh/for-2.6.34' of git://git./linux/kernel/git/lethal/sh-2.6
* 'sh/for-2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
sh: fix a number of Oopses and leaks in SH framebuffer driver
SH: fix error paths in DMA driver
sh: sh7751 pci controller io port fix
sh: Fix maximum number of SCIF ports in R2D defconfigs
SH: fix TS field shift calculation for DMA drivers
Michal Simek [Thu, 6 May 2010 09:37:42 +0000 (11:37 +0200)]
microblaze: Defconfig update
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Mon, 26 Apr 2010 06:54:13 +0000 (08:54 +0200)]
microblaze: Optimize CACHE_LOOP_LIMITS and CACHE_RANGE_LOOP macros
1. Remove CACHE_ALL_LOOP2 macro because it is identical to CACHE_ALL_LOOP
2. Change BUG_ON to WARN_ON
3. Remove end aligned from CACHE_LOOP_LIMITS.
C implementation do not need aligned end address and ASM code do aligned
in their macros
4. ASM optimized CACHE_RANGE_LOOP_1/2 macros needs to get aligned end address.
Because end address is compound from start + size, end address is the first address
which is exclude.
Here is the corresponding code which describe it.
+ int align = ~(line_length - 1);
+ end = ((end & align) == end) ? end - line_length : end & align;
a) end is aligned:
it is necessary to subtruct line length because we don't want to work with
next cacheline
b) end address is not aligned:
Just align it to be ready for ASM code.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Thu, 29 Apr 2010 11:02:17 +0000 (13:02 +0200)]
microblaze: Fix consistent-sync code
PCI_DMA_FROMDEVICE should call invalidation not flushing.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Mon, 26 Apr 2010 11:43:23 +0000 (13:43 +0200)]
microblaze: Define correct L1_CACHE_SHIFT value
Microblaze cacheline length is configurable and current cpu
uses two cacheline length 4 and 8.
We are taking conservative maximum value to be sure that cacheline
alignment is satisfied for all cases.
Here is the calculation for cacheline lenght 8 32bit=4Byte values
which is corresponding with SHIFT 5.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Mon, 26 Apr 2010 11:53:04 +0000 (13:53 +0200)]
microblaze: cpuinfo shows cache line length
Show cache line length in /proc/cpuinfo.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Mon, 26 Apr 2010 11:49:01 +0000 (13:49 +0200)]
microblaze: Fix kmalloc alignment on non-coherent DMA platforms
Based on PowerPC patche
52142e756e9bf6485d3d53596e8aff2e816a7253
PowerPC description:
On platforms doing non-coherent DMA (4xx, 8xx, ...), it's important
that the kmalloc minimum alignment is set to the cache line size, to
avoid sharing cache lines between different objects, so that DMA to
one of the objects doesn't corrupt the other.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Fri, 23 Apr 2010 09:38:43 +0000 (11:38 +0200)]
microblaze: Fix typo fault in cache code
Copy & paste error.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Sat, 10 Apr 2010 15:34:06 +0000 (17:34 +0200)]
microblaze: Fix consistent code
This patch fix consistent code which had problems with consistent_free
function.
I am not sure if we need to call flush_tlb_all after it but it keeps
tlbs synced.
I added noMMU and MMU version together.
Uncached shadow feature is not tested.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Fri, 16 Apr 2010 07:13:27 +0000 (09:13 +0200)]
microblaze: pci-dma: use include/linux/dma-mapping.h
Based on
af407c6db16aa9ca63559076dbe620220a822580
and
f41b177157718abe9a93868bb76e47d4a6f3681d
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Thu, 22 Apr 2010 06:07:46 +0000 (08:07 +0200)]
microblaze: page.h: Remove get_user_page and free_user_page
Remove ancient macros which are here from Linux-2.4
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Thu, 22 Apr 2010 05:28:48 +0000 (07:28 +0200)]
microblaze: Remove "cache" optimized copy_page function
Current implementation doesn't handle dcache_line_length
correctly that's why is better to use generic memcpy.
Cache optimized function could be good way howto improve
performance but must be based on benchmarking not blind
function like this.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Nick Piggin [Thu, 22 Apr 2010 16:06:21 +0000 (02:06 +1000)]
microblaze: invoke oom-killer from page fault
As explained in commit
1c0fe6e3bd, we want to call the architecture independent
oom killer when getting an unexplained OOM from handle_mm_fault, rather than
simply killing current.
Cc: microblaze-uclinux@itee.uq.edu.au
Cc: Michal Simek <monstr@monstr.eu>
Cc: linux-arch@vger.kernel.org
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Michal Simek <monstr@monstr.eu>
Randy Dunlap [Wed, 21 Apr 2010 21:11:34 +0000 (14:11 -0700)]
microblaze: fix divide by zero exception message
Fix divide exception message to say "divide by zero".
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: microblaze-uclinux@itee.uq.edu.au
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Tue, 20 Apr 2010 17:02:13 +0000 (19:02 +0200)]
microblaze: Add isa_dma_bridge_buggy to dma.h
It is necessary for several drivers.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Fri, 16 Apr 2010 07:41:07 +0000 (09:41 +0200)]
microblaze: Remove ancient code
I found several function which we don't use that's why I am removing them.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Tue, 13 Apr 2010 06:59:37 +0000 (08:59 +0200)]
microblaze: Quiet section mismatch warnings for MMU version
Remove section mismatch - based on ppc aproach.
WARNING: vmlinux.o(.text+0x64834): Section mismatch in reference
from the function __pte_alloc_kernel() to the function .init.text:early_get_page()
The function __pte_alloc_kernel() references
the function __init early_get_page().
This is often because __pte_alloc_kernel lacks a __init
annotation or the annotation of early_get_page is wrong.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Steven J. Magnani [Sat, 10 Apr 2010 03:03:37 +0000 (22:03 -0500)]
microblaze: Quiet section mismatch warnings
_start is located in .text, which causes mismatch warnings with
machine_early_init() and start_kernel() in .init.text.
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Michal Simek <monstr@monstr.eu>
Steven J. Magnani [Mon, 12 Apr 2010 21:01:36 +0000 (16:01 -0500)]
microblaze: Fix IRQ entry/exit ftracing
Function traces on Microblaze don't include IRQ entry and exit arrows,
i.e.
0) | memcpy_toiovec() {
0) ==========> |
0) | do_IRQ() {
...
0) <========== |
0) ! 5414.000 us | }
...because do_IRQ() doesn't have the proper attributes.
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Fri, 16 Apr 2010 07:04:51 +0000 (09:04 +0200)]
microblaze: resource/PCI: align functions now return start of resource
This change should be part of
b26b2d494b659f988b4d75eb394dfa0ddac415c9
Origin description:
resource/PCI: align functions now return start of resource
As suggested by Linus, align functions should return the start
of a resource, not void. An update of "res->start" is no longer
necessary.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Michal Simek [Fri, 16 Apr 2010 07:03:00 +0000 (09:03 +0200)]
microblaze: PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs
This change should be part of
89a74ecccd1f78e51faf6287e5c0e93a92ac096e
Origin description:
PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs
No functional change; this converts loops that iterate from 0 to
PCI_BUS_NUM_RESOURCES through pci_bus resource[] table to use the
pci_bus_for_each_resource() iterator instead.
This doesn't change the way resources are stored; it merely removes
dependencies on the fact that they're in a table.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Russell King [Thu, 6 May 2010 07:16:34 +0000 (08:16 +0100)]
Merge branch 'fix' of git://git./linux/kernel/git/ycmiao/pxa-linux-2.6
Guennadi Liakhovetski [Fri, 30 Apr 2010 16:07:00 +0000 (16:07 +0000)]
sh: fix a number of Oopses and leaks in SH framebuffer driver
Fix a number of Oopses, memory leaks and unbalanced calls on error paths in
sh_mobile_lcdcfb.c.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Jakob Viketoft [Wed, 5 May 2010 10:25:27 +0000 (18:25 +0800)]
[ARM] pxa/colibri: fix missing #include <mach/mfp.h> in colibri.h
The use of mfp_cfg_t causes build errors without including <mach/mfp.h>.
CC: stable@kernel.org
CC: Daniel Mack <daniel@caiaq.de>
Signed-off-by: Jakob Viketoft <jakob.viketoft@bitsim.com>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Pavel Machek [Wed, 5 May 2010 07:03:12 +0000 (15:03 +0800)]
[ARM] pxa/spitz: fix On/off key name to fix warning during boot
On/Off contains slash in the name, which causes warning during boot.
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Haojian Zhuang [Fri, 12 Mar 2010 13:51:54 +0000 (08:51 -0500)]
[ARM] pxa: fix the incorrect cpu_is_pxa950()
Fix the wrong variable used in cpu_is_pxa950().
Signed-off-by: Haojian Zhuang <haojian.zhuang@marvell.com>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Haojian Zhuang [Fri, 12 Mar 2010 10:47:55 +0000 (05:47 -0500)]
[ARM] pxa: update cpuid pattern for pxa9xx in head.S
Update CPUID pattern of PXA9xx in head.S and fix the duplicate
entries for pxa935.
Signed-off-by: Haojian Zhuang <haojian.zhuang@marvell.com>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Wolfram Sang [Sun, 18 Apr 2010 11:48:29 +0000 (13:48 +0200)]
[ARM] pxa/viper: fix timeout usage for I2C
The timeout value is in jiffies, so it should be using HZ, not a plain
number. Assume with HZ=100 '100' means 1s here and adapt accordingly.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Acked-by: Marc Zyngier <maz@misterjones.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Paul Shen <paul.shen@marvell.com>
Cc: Mike Rapoport <mike@compulab.co.il>
Cc: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Daniel Mack [Sun, 18 Apr 2010 07:35:29 +0000 (09:35 +0200)]
[ARM] pxa/raumfeld: fix button name
"on/off button" was recently renamed to remove the slash character.
Follow that change in the pin polarity detection as well.
While at it, fix another cosmetic coding style flaw as well.
Signed-off-by: Daniel Mack <daniel@caiaq.de>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Stefan Schmidt [Thu, 8 Apr 2010 14:03:25 +0000 (16:03 +0200)]
[ARM] pxa/imote2: Fix iMote2 defconfig
- Bring in a CMDLINE that actually works and prints to the right tty
- Compile-in JFFS2 to boot into rootfs
- Remove unneeded options for Bluetooth and radio
- Disable CPU_FREQ as it makes the flash driver fail
Thanks Jonathan for spotting what I messed up.
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Igor Grinberg [Wed, 7 Apr 2010 08:40:37 +0000 (11:40 +0300)]
[ARM] pxa: add missing new line to regs-u2d.h
Signed-off-by: Igor Grinberg <grinberg@compulab.co.il>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
Linus Torvalds [Wed, 5 May 2010 22:48:13 +0000 (15:48 -0700)]
Merge branch 'zerolen' of git://git./linux/kernel/git/jgarzik/misc-2.6
* 'zerolen' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6:
[MTD] Remove zero-length files mtdbdi.c and internal.ho
Linus Torvalds [Wed, 5 May 2010 22:47:57 +0000 (15:47 -0700)]
Merge branch 'upstream-linus' of git://git./linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
pata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs
libata: Fix several inaccuracies in developer's guide
Jeff Garzik [Wed, 5 May 2010 19:25:12 +0000 (15:25 -0400)]
[MTD] Remove zero-length files mtdbdi.c and internal.ho
Both were "removed" in commit
a33eb6b91034c95b9b08576f68be170f995b2c7d.
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Kristoffer Ericson [Sun, 2 May 2010 19:48:24 +0000 (21:48 +0200)]
pata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs
This patch fixes the bad hashes for one Kingston and one Transcend card.
Thanks to komuro for pointing this out.
Signed-off-by: Kristoffer Ericson <kristoffer.ericson@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Sergei Shtylyov [Wed, 5 May 2010 13:27:10 +0000 (17:27 +0400)]
libata: Fix several inaccuracies in developer's guide
Commit
6bfff31e77cfa1b13490337e5a4dbaa3407e83ac (libata: kill probe_ent
and related helpers) killed ata_device_add() but didn't remove references
to it from the libata developer's guide.
Commits
9363c3825ea9ad76561eb48a395349dd29211ed6 (libata: rename SFF
functions) and
5682ed33aae05d10a25c95633ef9d9c062825888 (libata: rename
SFF port ops) renamed the taskfile access methods but didn't update the
developer's guide. Commit
c9f75b04ed5ed65a058d18a8a8dda50632a96de8
(libata: kill ata_noop_dev_select()) didn't update the developer's
guide as well.
The guide also refers to the long gone ata_pio_data_xfer_noirq(),
ata_pio_data_xfer(), and ata_mmio_data_xfer() -- replace those by
the modern ata_sff_data_xfer_noirq(), ata_sff_data_xfer(), and
ata_sff_data_xfer32().
Also, remove the reference to non-existant ata_port_stop()...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Linus Torvalds [Wed, 5 May 2010 18:18:16 +0000 (11:18 -0700)]
Merge branch 'slab-for-linus' of git://git./linux/kernel/git/penberg/slab-2.6
* 'slab-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6:
slub: Fix bad boundary check in init_kmem_cache_nodes()
Zhang, Yanmin [Thu, 1 Apr 2010 09:32:30 +0000 (17:32 +0800)]
slub: Fix bad boundary check in init_kmem_cache_nodes()
Function init_kmem_cache_nodes is incorrect when checking upper limitation of
kmalloc_caches. The breakage was introduced by commit
91efd773c74bb26b5409c85ad755d536448e229c ("dma kmalloc handling fixes").
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Linus Torvalds [Wed, 5 May 2010 16:06:24 +0000 (09:06 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
KEYS: call_sbin_request_key() must write lock keyrings before modifying them
KEYS: Use RCU dereference wrappers in keyring key type code
KEYS: find_keyring_by_name() can gain access to a freed keyring
Linus Torvalds [Wed, 5 May 2010 14:56:36 +0000 (07:56 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tj/wq
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: flush_delayed_work: keep the original workqueue for re-queueing
Linus Torvalds [Wed, 5 May 2010 14:55:07 +0000 (07:55 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
FEC: Fix kernel panic in fec_set_mac_address.
ipv6: Fix default multicast hops setting.
net: ep93xx_eth stops receiving packets
drivers/net/phy: micrel phy driver
dm9601: fix phy/eeprom write routine
ppp_generic: handle non-linear skbs when passing them to pppd
ppp_generic: pull 2 bytes so that PPP_PROTO(skb) is valid
net: fix compile error due to double return type in SOCK_DEBUG
net/usb: initiate sync sequence in sierra_net.c driver
net/usb: remove default in Kconfig for sierra_net driver
r8169: Fix rtl8169_rx_interrupt()
e1000e: Fix oops caused by ASPM patch.
net/sb1250: register mdio bus in probe
sctp: Fix skb_over_panic resulting from multiple invalid parameter errors (CVE-2010-1173) (v4)
p54pci: fix bugs in p54p_check_tx_ring
Linus Torvalds [Wed, 5 May 2010 14:54:22 +0000 (07:54 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)
ALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582
ALSA: take tu->qlock with irqs disabled
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F
ALSA: hda - fix array indexing while creating inputs for Cirrus codecs
ALSA: es968: fix wrong PnP dma index
Linus Torvalds [Wed, 5 May 2010 14:53:18 +0000 (07:53 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: joydev - allow binding to button-only devices
Input: elantech - ignore high bits in the position coordinates
Input: elantech - allow forcing Elantech protocol
Input: elantech - fix firmware version check
Input: ati_remote - add some missing devices from lirc_atiusb
Input: eeti_ts - cancel pending work when going to suspend
Input: Add support of Synaptics Clickpad device
Revert "Input: ALPS - add signature for HP Pavilion dm3 laptops"
Input: psmouse - ignore parity error for basic protocols
Dan Williams [Wed, 5 May 2010 03:41:56 +0000 (20:41 -0700)]
raid6: fix recovery performance regression
The raid6 recovery code should immediately drop back to the optimized
synchronous path when a p+q dma resource is not available. Otherwise we
run the non-optimized/multi-pass async code in sync mode.
Verified with raid6test (NDISKS=255)
Applies to kernels >= 2.6.32.
Cc: <stable@kernel.org>
Acked-by: NeilBrown <neilb@suse.de>
Reported-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Fri, 30 Apr 2010 13:32:23 +0000 (14:32 +0100)]
KEYS: call_sbin_request_key() must write lock keyrings before modifying them
call_sbin_request_key() creates a keyring and then attempts to insert a link to
the authorisation key into that keyring, but does so without holding a write
lock on the keyring semaphore.
It will normally get away with this because it hasn't told anyone that the
keyring exists yet. The new keyring, however, has had its serial number
published, which means it can be accessed directly by that handle.
This was found by a previous patch that adds RCU lockdep checks to the code
that reads the keyring payload pointer, which includes a check that the keyring
semaphore is actually locked.
Without this patch, the following command:
keyctl request2 user b a @s
will provoke the following lockdep warning is displayed in dmesg:
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/keyring.c:727 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
2 locks held by keyctl/2076:
#0: (key_types_sem){.+.+.+}, at: [<
ffffffff811a5b29>] key_type_lookup+0x1c/0x71
#1: (keyring_serialise_link_sem){+.+.+.}, at: [<
ffffffff811a6d1e>] __key_link+0x4d/0x3c5
stack backtrace:
Pid: 2076, comm: keyctl Not tainted 2.6.34-rc6-cachefs #54
Call Trace:
[<
ffffffff81051fdc>] lockdep_rcu_dereference+0xaa/0xb2
[<
ffffffff811a6d1e>] ? __key_link+0x4d/0x3c5
[<
ffffffff811a6e6f>] __key_link+0x19e/0x3c5
[<
ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
[<
ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
[<
ffffffff811aa0dc>] call_sbin_request_key+0xe7/0x33b
[<
ffffffff8139376a>] ? mutex_unlock+0x9/0xb
[<
ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
[<
ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
[<
ffffffff811aa6fa>] ? request_key_auth_new+0x1c2/0x23c
[<
ffffffff810aaf15>] ? cache_alloc_debugcheck_after+0x108/0x173
[<
ffffffff811a9d00>] ? request_key_and_link+0x146/0x300
[<
ffffffff810ac568>] ? kmem_cache_alloc+0xe1/0x118
[<
ffffffff811a9e45>] request_key_and_link+0x28b/0x300
[<
ffffffff811a89ac>] sys_request_key+0xf7/0x14a
[<
ffffffff81052c0b>] ? trace_hardirqs_on_caller+0x10c/0x130
[<
ffffffff81394fb9>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<
ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Fri, 30 Apr 2010 13:32:18 +0000 (14:32 +0100)]
KEYS: Use RCU dereference wrappers in keyring key type code
The keyring key type code should use RCU dereference wrappers, even when it
holds the keyring's key semaphore.
Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Toshiyuki Okajima [Fri, 30 Apr 2010 13:32:13 +0000 (14:32 +0100)]
KEYS: find_keyring_by_name() can gain access to a freed keyring
find_keyring_by_name() can gain access to a keyring that has had its reference
count reduced to zero, and is thus ready to be freed. This then allows the
dead keyring to be brought back into use whilst it is being destroyed.
The following timeline illustrates the process:
|(cleaner) (user)
|
| free_user(user) sys_keyctl()
| | |
| key_put(user->session_keyring) keyctl_get_keyring_ID()
| || //=> keyring->usage = 0 |
| |schedule_work(&key_cleanup_task) lookup_user_key()
| || |
| kmem_cache_free(,user) |
| . |[KEY_SPEC_USER_KEYRING]
| . install_user_keyrings()
| . ||
| key_cleanup() [<= worker_thread()] ||
| | ||
| [spin_lock(&key_serial_lock)] |[mutex_lock(&key_user_keyr..mutex)]
| | ||
| atomic_read() == 0 ||
| |{ rb_ease(&key->serial_node,) } ||
| | ||
| [spin_unlock(&key_serial_lock)] |find_keyring_by_name()
| | |||
| keyring_destroy(keyring) ||[read_lock(&keyring_name_lock)]
| || |||
| |[write_lock(&keyring_name_lock)] ||atomic_inc(&keyring->usage)
| |. ||| *** GET freeing keyring ***
| |. ||[read_unlock(&keyring_name_lock)]
| || ||
| |list_del() |[mutex_unlock(&key_user_k..mutex)]
| || |
| |[write_unlock(&keyring_name_lock)] ** INVALID keyring is returned **
| | .
| kmem_cache_free(,keyring) .
| .
| atomic_dec(&keyring->usage)
v *** DESTROYED ***
TIME
If CONFIG_SLUB_DEBUG=y then we may see the following message generated:
=============================================================================
BUG key_jar: Poison overwritten
-----------------------------------------------------------------------------
INFO: 0xffff880197a7e200-0xffff880197a7e200. First byte 0x6a instead of 0x6b
INFO: Allocated in key_alloc+0x10b/0x35f age=25 cpu=1 pid=5086
INFO: Freed in key_cleanup+0xd0/0xd5 age=12 cpu=1 pid=10
INFO: Slab 0xffffea000592cb90 objects=16 used=2 fp=0xffff880197a7e200 flags=0x200000000000c3
INFO: Object 0xffff880197a7e200 @offset=512 fp=0xffff880197a7e300
Bytes b4 0xffff880197a7e1f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
Object 0xffff880197a7e200: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b jkkkkkkkkkkkkkkk
Alternatively, we may see a system panic happen, such as:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000001
IP: [<
ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9
PGD
6b2b4067 PUD
6a80d067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/kernel/kexec_crash_loaded
CPU 1
...
Pid: 31245, comm: su Not tainted 2.6.34-rc5-nofixed-nodebug #2 D2089/PRIMERGY
RIP: 0010:[<
ffffffff810e61a3>] [<
ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9
RSP: 0018:
ffff88006af3bd98 EFLAGS:
00010002
RAX:
0000000000000000 RBX:
0000000000000001 RCX:
ffff88007d19900b
RDX:
0000000100000000 RSI:
00000000000080d0 RDI:
ffffffff81828430
RBP:
ffffffff81828430 R08:
ffff88000a293750 R09:
0000000000000000
R10:
0000000000000001 R11:
0000000000100000 R12:
00000000000080d0
R13:
00000000000080d0 R14:
0000000000000296 R15:
ffffffff810f20ce
FS:
00007f97116bc700(0000) GS:
ffff88000a280000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000000001 CR3:
000000006a91c000 CR4:
00000000000006e0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process su (pid: 31245, threadinfo
ffff88006af3a000, task
ffff8800374414c0)
Stack:
0000000512e0958e 0000000000008000 ffff880037f8d180 0000000000000001
0000000000000000 0000000000008001 ffff88007d199000 ffffffff810f20ce
0000000000008000 ffff88006af3be48 0000000000000024 ffffffff810face3
Call Trace:
[<
ffffffff810f20ce>] ? get_empty_filp+0x70/0x12f
[<
ffffffff810face3>] ? do_filp_open+0x145/0x590
[<
ffffffff810ce208>] ? tlb_finish_mmu+0x2a/0x33
[<
ffffffff810ce43c>] ? unmap_region+0xd3/0xe2
[<
ffffffff810e4393>] ? virt_to_head_page+0x9/0x2d
[<
ffffffff81103916>] ? alloc_fd+0x69/0x10e
[<
ffffffff810ef4ed>] ? do_sys_open+0x56/0xfc
[<
ffffffff81008a02>] ? system_call_fastpath+0x16/0x1b
Code: 0f 1f 44 00 00 49 89 c6 fa 66 0f 1f 44 00 00 65 4c 8b 04 25 60 e8 00 00 48 8b 45 00 49 01 c0 49 8b 18 48 85 db 74 0d 48 63 45 18 <48> 8b 04 03 49 89 00 eb 14 4c 89 f9 83 ca ff 44 89 e6 48 89 ef
RIP [<
ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9
This problem is that find_keyring_by_name does not confirm that the keyring is
valid before accepting it.
Skipping keyrings that have been reduced to a zero count seems the way to go.
To this end, use atomic_inc_not_zero() to increment the usage count and skip
the candidate keyring if that returns false.
The following script _may_ cause the bug to happen, but there's no guarantee
as the window of opportunity is small:
#!/bin/sh
LOOP=100000
USER=dummy_user
/bin/su -c "exit;" $USER || { /usr/sbin/adduser -m $USER; add=1; }
for ((i=0; i<LOOP; i++))
do
/bin/su -c "echo '$i' > /dev/null" $USER
done
(( add == 1 )) && /usr/sbin/userdel -r $USER
exit
Note that the nominated user must not be in use.
An alternative way of testing this may be:
for ((i=0; i<100000; i++))
do
keyctl session foo /bin/true || break
done >&/dev/null
as that uses a keyring named "foo" rather than relying on the user and
user-session named keyrings.
Reported-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Takashi Iwai [Wed, 5 May 2010 08:08:30 +0000 (10:08 +0200)]
Merge branch 'fix/hda' into for-linus
Daniel T Chen [Wed, 28 Apr 2010 22:00:11 +0000 (18:00 -0400)]
ALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)
BugLink: https://launchpad.net/bugs/541802
The OR's hardware distorts at PCM 100% because it does not correspond to
0 dB. Fix this in patch_cxt5045() for all Packard Bell models.
Reported-by: Valombre
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Anisse Astier [Wed, 28 Apr 2010 16:05:06 +0000 (18:05 +0200)]
ALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582
Add a quirk for all-in-one computer Dell Inspiron One 19 Touch to have proper
HP and Mic support.
Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Dan Carpenter [Wed, 28 Apr 2010 08:29:14 +0000 (10:29 +0200)]
ALSA: take tu->qlock with irqs disabled
We should disable irqs when we take the tu->qlock because it is used in
the irq handler. The only place that doesn't is
snd_timer_user_ccallback(). Most of the time snd_timer_user_ccallback()
is called with interrupts disabled but the the first ti->ccallback()
call in snd_timer_notify1() has interrupts enabled.
This was caught by lockdep which generates the following message:
> =================================
> [ INFO: inconsistent lock state ]
> 2.6.34-rc5 #5
> ---------------------------------
> inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
> dolphin/4003 [HC1[1]:SC0[0]:HE0:SE1] takes:
> (&(&tu->qlock)->rlock){?.+...}, at: [<
f84ec472>] snd_timer_user_tinterrupt+0x28/0x132 [snd_timer]
> {HARDIRQ-ON-W} state was registered at:
> [<
c1048de9>] __lock_acquire+0x654/0x1482
> [<
c1049c73>] lock_acquire+0x5c/0x73
> [<
c125ac3e>] _raw_spin_lock+0x25/0x34
> [<
f84ec370>] snd_timer_user_ccallback+0x55/0x95 [snd_timer]
> [<
f84ecc4b>] snd_timer_notify1+0x53/0xca [snd_timer]
Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Mattias Walström [Wed, 5 May 2010 07:55:48 +0000 (00:55 -0700)]
FEC: Fix kernel panic in fec_set_mac_address.
Fix memory corruption that sometimes result in kernel panic.
Signed-off-by: Mattias Walström <mattias@vmlinux.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel T Chen [Wed, 5 May 2010 02:07:58 +0000 (22:07 -0400)]
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T
BugLink: https://launchpad.net/bugs/549267
The OR verified that using the olpc-xo-1_5 model quirk allows the
headphones to be audible when inserted into the jack. Capture was
also verified to work correctly.
Reported-by: Richard Gagne
Tested-by: Richard Gagne
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Daniel T Chen [Tue, 4 May 2010 00:39:31 +0000 (20:39 -0400)]
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F
BugLink: https://launchpad.net/bugs/573284
The OR verified that using the olpc-xo-1_5 model quirk allows the
headphones to be audible when inserted into the jack. Capture was
also verified to work correctly.
Reported-by: Andy Couldrake <acouldrake@googlemail.com>
Tested-by: Andy Couldrake <acouldrake@googlemail.com>
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Brian J. Tarricone [Mon, 3 May 2010 00:32:10 +0000 (17:32 -0700)]
ALSA: hda - fix array indexing while creating inputs for Cirrus codecs
This fixes a problem where cards show up as only having a single mixer
element, suppressing all sound output.
Signed-off-by: Brian J. Tarricone <brian@tarricone.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Linus Torvalds [Wed, 5 May 2010 02:08:12 +0000 (19:08 -0700)]
Merge branch 'drm-linus' of git://git./linux/kernel/git/airlied/drm-2.6
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/radeon/kms/legacy: only enable load detection property on DVI-I
drm/radeon/kms: fix panel scaling adjusted mode setup
drivers/gpu/drm/drm_sysfs.c: sysfs files error handling
drivers/gpu/drm/radeon/radeon_atombios.c: range check issues
gpu: vga_switcheroo, fix lock imbalance
drivers/gpu/drm/drm_memory.c: fix check for end of loop
drivers/gpu/drm/via/via_video.c: fix off by one issue
drm/radeon/kms/agp The wrong AGP chipset can cause a NULL pointer dereference
drm/radeon/kms: r300 fix CS checker to allow zbuffer-only fastfill
Linus Torvalds [Wed, 5 May 2010 02:07:35 +0000 (19:07 -0700)]
Merge branch 'x86-fixes-for-linus' of git://git./linux/kernel/git/x86/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip:
powernow-k8: Fix frequency reporting
x86: Fix parse_reservetop() build failure on certain configs
x86: Fix NULL pointer access in irq_force_complete_move() for Xen guests
x86: Fix 'reservetop=' functionality
Linus Torvalds [Wed, 5 May 2010 01:49:34 +0000 (18:49 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
KEYS: Fix RCU handling in key_gc_keyring()
KEYS: Fix an RCU warning in the reading of user keys
David Howells [Tue, 4 May 2010 13:16:10 +0000 (14:16 +0100)]
KEYS: Fix RCU handling in key_gc_keyring()
key_gc_keyring() needs to either hold the RCU read lock or hold the keyring
semaphore if it's going to scan the keyring's list. Given that it only needs
to read the key list, and it's doing so under a spinlock, the RCU read lock is
the thing to use.
Furthermore, the RCU check added in
e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe is
incorrect as holding the spinlock on key_serial_lock is not grounds for
assuming a keyring's pointer list can be read safely. Instead, a simple
rcu_dereference() inside of the previously mentioned RCU read lock is what we
want.
Reported-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Fri, 30 Apr 2010 13:32:08 +0000 (14:32 +0100)]
KEYS: Fix an RCU warning in the reading of user keys
Fix an RCU warning in the reading of user keys:
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/3637:
#0: (&key->sem){+++++.}, at: [<
ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf
stack backtrace:
Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
Call Trace:
[<
ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
[<
ffffffff811aa55f>] user_read+0x47/0x91
[<
ffffffff811a80be>] keyctl_read_key+0xac/0xcf
[<
ffffffff811a8a06>] sys_keyctl+0x75/0xb7
[<
ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Alex Deucher [Fri, 30 Apr 2010 16:37:31 +0000 (12:37 -0400)]
drm/radeon/kms/legacy: only enable load detection property on DVI-I
DVI-D doesn't have analog. This matches the avivo behavior.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Alex Deucher [Fri, 30 Apr 2010 16:00:44 +0000 (12:00 -0400)]
drm/radeon/kms: fix panel scaling adjusted mode setup
This should duplicate exactly what the ddx does for both
legacy and avivo.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Linus Torvalds [Tue, 4 May 2010 23:33:18 +0000 (16:33 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/jlbec/ocfs2
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2:
ocfs2: Avoid a gcc warning in ocfs2_wipe_inode().
ocfs2: Avoid direct write if we fall back to buffered I/O
ocfs2_dlmfs: Fix math error when reading LVB.
ocfs2: Update VFS inode's id info after reflink.
ocfs2: potential ERR_PTR dereference on error paths
ocfs2: Add directory entry later in ocfs2_symlink() and ocfs2_mknod()
ocfs2: use OCFS2_INODE_SKIP_ORPHAN_DIR in ocfs2_mknod error path
ocfs2: use OCFS2_INODE_SKIP_ORPHAN_DIR in ocfs2_symlink error path
ocfs2: add OCFS2_INODE_SKIP_ORPHAN_DIR flag and honor it in the inode wipe code
ocfs2: Reset status if we want to restart file extension.
ocfs2: Compute metaecc for superblocks during online resize.
ocfs2: Check the owner of a lockres inside the spinlock
ocfs2: one more warning fix in ocfs2_file_aio_write(), v2
ocfs2_dlmfs: User DLM_* when decoding file open flags.
David Howells [Tue, 4 May 2010 12:42:53 +0000 (13:42 +0100)]
Fix the x86_64 implementation of call_rwsem_wait()
The x86_64 call_rwsem_wait() treats the active state counter part of the
R/W semaphore state as being 16-bit when it's actually 32-bit (it's half
of the 64-bit state). It should do "decl %edx" not "decw %dx".
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 4 May 2010 22:20:37 +0000 (15:20 -0700)]
Merge branch 'i2c-for-linus' of git://git./linux/kernel/git/jdelvare/staging
* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
i2c-core: Use per-adapter userspace device lists
i2c: Fix probing of FSC hardware monitoring chips
i2c-core: Erase pointer to clientdata on removal
Linus Torvalds [Tue, 4 May 2010 22:16:15 +0000 (15:16 -0700)]
Merge branch 'perf-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf: Fix resource leak in failure path of perf_event_open()
Linus Torvalds [Tue, 4 May 2010 22:15:43 +0000 (15:15 -0700)]
Merge branch 'core-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
rcu: Fix RCU lockdep splat on freezer_fork path
rcu: Fix RCU lockdep splat in set_task_cpu on fork path
mutex: Don't spin when the owner CPU is offline or other weird cases
Catalin Marinas [Tue, 4 May 2010 16:27:43 +0000 (17:27 +0100)]
ARM: 6093/1: Fix kernel memory printing for sparsemem
The show_mem() and mem_init() function are assuming that the page map is
contiguous and calculates the start and end page of a bank using (map +
pfn). This fails with SPARSEMEM where pfn_to_page() must be used.
Tested-by: Will Deacon <Will.Deacon@arm.com>
Tested-by: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Paul E. McKenney [Fri, 23 Apr 2010 19:26:38 +0000 (12:26 -0700)]
memcg: css_id() must be called under rcu_read_lock()
This patch fixes task_in_mem_cgroup(), mem_cgroup_uncharge_swapcache(),
mem_cgroup_move_swap_account(), and is_target_pte_for_mc() to protect
calls to css_id(). An additional RCU lockdep splat was reported for
memcg_oom_wake_function(), however, this function is not yet in
mainline as of 2.6.34-rc5.
Reported-by: Li Zefan <lizf@cn.fujitsu.com>
Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Tested-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Li Zefan [Fri, 23 Apr 2010 02:35:52 +0000 (10:35 +0800)]
cgroup: Check task_lock in task_subsys_state()
Expand task_subsys_state()'s rcu_dereference_check() to include the full
locking rule as documented in Documentation/cgroups/cgroups.txt by adding
a check for task->alloc_lock being held.
This fixes an RCU false positive when resuming from suspend. The warning
comes from freezer cgroup in cgroup_freezing_or_frozen().
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Li Zefan [Thu, 22 Apr 2010 09:30:40 +0000 (17:30 +0800)]
sched: Fix an RCU warning in print_task()
With CONFIG_PROVE_RCU=y, a warning can be triggered:
$ cat /proc/sched_debug
...
kernel/cgroup.c:1649 invoked rcu_dereference_check() without protection!
...
Both cgroup_path() and task_group() should be called with either
rcu_read_lock or cgroup_mutex held.
The rcu_dereference_check() does include cgroup_lock_is_held(), so we
know that this lock is not held. Therefore, in a CONFIG_PREEMPT kernel,
to say nothing of a CONFIG_PREEMPT_RT kernel, the original code could
have ended up copying a string out of the freelist.
This patch inserts RCU read-side primitives needed to prevent this
scenario.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Li Zefan [Thu, 22 Apr 2010 09:30:00 +0000 (17:30 +0800)]
cgroup: Fix an RCU warning in alloc_css_id()
With CONFIG_PROVE_RCU=y, a warning can be triggered:
# mount -t cgroup -o memory xxx /mnt
# mkdir /mnt/0
...
kernel/cgroup.c:4442 invoked rcu_dereference_check() without protection!
...
This is a false-positive. It's safe to directly access parent_css->id.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Li Zefan [Thu, 22 Apr 2010 09:29:24 +0000 (17:29 +0800)]
cgroup: Fix an RCU warning in cgroup_path()
with CONFIG_PROVE_RCU=y, a warning can be triggered:
# mount -t cgroup -o debug xxx /mnt
# cat /proc/$$/cgroup
...
kernel/cgroup.c:1649 invoked rcu_dereference_check() without protection!
...
This is a false-positive, because cgroup_path() can be called
with either rcu_read_lock() held or cgroup_mutex held.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
David Howells [Wed, 21 Apr 2010 16:36:35 +0000 (17:36 +0100)]
KEYS: Fix an RCU warning in the reading of user keys
Fix an RCU warning in the reading of user keys:
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/3637:
#0: (&key->sem){+++++.}, at: [<
ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf
stack backtrace:
Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
Call Trace:
[<
ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
[<
ffffffff811aa55f>] user_read+0x47/0x91
[<
ffffffff811a80be>] keyctl_read_key+0xac/0xcf
[<
ffffffff811a8a06>] sys_keyctl+0x75/0xb7
[<
ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
David Howells [Tue, 20 Apr 2010 10:25:49 +0000 (11:25 +0100)]
KEYS: Fix an RCU warning
Fix the following RCU warning:
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/request_key.c:116 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/5372:
#0: (key_types_sem){.+.+.+}, at: [<
ffffffff811a4e3d>] key_type_lookup+0x1c/0x70
stack backtrace:
Pid: 5372, comm: keyctl Not tainted 2.6.34-rc3-cachefs #150
Call Trace:
[<
ffffffff810515f8>] lockdep_rcu_dereference+0xaa/0xb2
[<
ffffffff811a9220>] call_sbin_request_key+0x156/0x2b6
[<
ffffffff811a4c66>] ? __key_instantiate_and_link+0xb1/0xdc
[<
ffffffff811a4cd3>] ? key_instantiate_and_link+0x42/0x5f
[<
ffffffff811a96b8>] ? request_key_auth_new+0x17b/0x1f3
[<
ffffffff811a8e00>] ? request_key_and_link+0x271/0x400
[<
ffffffff810aba6f>] ? kmem_cache_alloc+0xe1/0x118
[<
ffffffff811a8f1a>] request_key_and_link+0x38b/0x400
[<
ffffffff811a7b72>] sys_request_key+0xf7/0x14a
[<
ffffffff81052227>] ? trace_hardirqs_on_caller+0x10c/0x130
[<
ffffffff81393f5c>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<
ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
This was caused by doing:
[root@andromeda ~]# keyctl newring fred @s
539196288
[root@andromeda ~]# keyctl request2 user a a
539196288
request_key: Required key not available
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Jean Delvare [Tue, 4 May 2010 09:09:28 +0000 (11:09 +0200)]
i2c-core: Use per-adapter userspace device lists
Using a single list for all userspace devices leads to a dead lock
on multiplexed buses in some circumstances (mux chip instantiated
from userspace). This is solved by using a separate list for each
bus segment.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Michael Lawnick <ml.lawnick@gmx.de>
Jean Delvare [Tue, 4 May 2010 09:09:28 +0000 (11:09 +0200)]
i2c: Fix probing of FSC hardware monitoring chips
Some FSC hardware monitoring chips (Syleus at least) doesn't like
quick writes we typically use to probe for I2C chips. Use a regular
byte read instead for the address they live at (0x73). These are the
only known chips living at this address on PC systems.
For clarity, this fix should not be needed for kernels 2.6.30 and
later, as we started instantiating the hwmon devices explicitly based
on DMI data. Still, this fix is valuable in the following two cases:
* Support for recent FSC chips on older kernels. The DMI-based device
instantiation is more difficult to backport than the device support
itself.
* Case where the DMI-based device instantiation fails, whatever the
reason. We fall back to probing in that case, so it should work.
This fixes kernel bug #15634:
https://bugzilla.kernel.org/show_bug.cgi?id=15634
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Cc: stable@kernel.org
Wolfram Sang [Tue, 4 May 2010 09:09:27 +0000 (11:09 +0200)]
i2c-core: Erase pointer to clientdata on removal
After discovering that a lot of i2c-drivers leave the pointer to their
clientdata dangling, it was decided to let the core handle this issue.
It is assumed that the core may access the private data after remove()
as there are no guarantees for the lifetime of such pointers anyhow (see
thread starting at http://lkml.org/lkml/2010/3/21/68)
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Christoph Fritz [Sun, 25 Apr 2010 04:41:05 +0000 (21:41 -0700)]
Input: joydev - allow binding to button-only devices
Dance pads don't have an axis, so allow this kind of controllers
to be used via legacy joystick interface.
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>