GitHub/exynos8895/android_kernel_samsung_universal8895.git
14 years agoMerge branch 'v4l_for_2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/mcheha...
Linus Torvalds [Fri, 7 May 2010 20:58:56 +0000 (13:58 -0700)]
Merge branch 'v4l_for_2.6.34' of git://git./linux/kernel/git/mchehab/linux-2.6

* 'v4l_for_2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6:
  V4L/DVB: pxa_camera: move fifo reset direct before dma start
  V4L/DVB: video: testing unsigned for less than 0
  V4L/DVB: mx1-camera: compile fix
  V4L/DVB: budget: Oops: "BUG: unable to handle kernel NULL pointer  dereference"
  V4L/DVB: ngene: Workaround for stuck DiSEqC pin
  V4L/DVB: saa7146: fix regression of the av7110/budget-av driver
  V4L/DVB: v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1
  V4L/DVB: feature-removal: announce videotext.h removal
  V4L/DVB: V4L - vpfe capture - fix for kernel crash
  V4L/DVB: gspca: make usb id 0461:0815 get handled by the right driver
  V4L/DVB: gspca - stv06xx: Remove the 046d:08da from the stv06xx driver
  V4L/DVB: gspca - sn9c20x: Correct onstack wait_queue_head declaration
  V4L/DVB: saa7146: fix up bytesperline if it is an impossible value
  V4L/DVB: V4L: vpfe_capture - free ccdc_lock when memory allocation fails
  V4L/DVB: V4L - Makfile:Removed duplicate entry of davinci
  V4L/DVB: omap24xxcam: potential buffer overflow

14 years agoMerge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 7 May 2010 20:58:21 +0000 (13:58 -0700)]
Merge branch 'core-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  rcu: create rcu_my_thread_group_empty() wrapper
  memcg: css_id() must be called under rcu_read_lock()
  cgroup: Check task_lock in task_subsys_state()
  sched: Fix an RCU warning in print_task()
  cgroup: Fix an RCU warning in alloc_css_id()
  cgroup: Fix an RCU warning in cgroup_path()
  KEYS: Fix an RCU warning in the reading of user keys
  KEYS: Fix an RCU warning

14 years agoV4L/DVB: pxa_camera: move fifo reset direct before dma start
Stefan Herbrechtsmeier [Tue, 20 Apr 2010 06:51:29 +0000 (03:51 -0300)]
V4L/DVB: pxa_camera: move fifo reset direct before dma start

Move the fifo reset from pxa_camera_start_capture to pxa_camera_irq direct
before the dma start after an end of frame interrupt to prevent images from
shifting because of old data at the begin of the frame.

Signed-off-by: Stefan Herbrechtsmeier <hbmeier@hni.uni-paderborn.de>
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Tested-by: Antonio Ospite <ospite@studenti.unina.it>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: video: testing unsigned for less than 0
Dan Carpenter [Wed, 7 Apr 2010 09:41:14 +0000 (06:41 -0300)]
V4L/DVB: video: testing unsigned for less than 0

soc_mbus_bytes_per_line() returns -EINVAL on error but we store it in an
unsigned int so the test for less than zero doesn't work.  I think it
always returns "small" positive values so we can just cast it to int
here.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: mx1-camera: compile fix
Uwe Kleine-König [Sat, 27 Mar 2010 21:42:13 +0000 (18:42 -0300)]
V4L/DVB: mx1-camera: compile fix

This fixes a regression of

7d58289 (mx1: prefix SOC specific defines with MX1_ and deprecate old names)

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: budget: Oops: "BUG: unable to handle kernel NULL pointer dereference"
Bjørn Mork [Wed, 24 Mar 2010 10:57:57 +0000 (07:57 -0300)]
V4L/DVB: budget: Oops: "BUG: unable to handle kernel NULL pointer  dereference"

Never call dvb_frontend_detach if we failed to attach a frontend. This fixes
the following oops, which will be triggered by a missing stv090x module:

[    8.172997] DVB: registering new adapter (TT-Budget S2-1600 PCI)
[    8.209018] adapter has MAC addr = 00:d0:5c:cc:a7:29
[    8.328665] Intel ICH 0000:00:1f.5: PCI INT B -> GSI 17 (level, low) -> IRQ 17
[    8.328753] Intel ICH 0000:00:1f.5: setting latency timer to 64
[    8.562047] DVB: Unable to find symbol stv090x_attach()
[    8.562117] BUG: unable to handle kernel NULL pointer dereference at 000000ac
[    8.562239] IP: [<e08b04a3>] dvb_frontend_detach+0x4/0x67 [dvb_core]

Ref http://bugs.debian.org/575207

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Cc: stable@kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: ngene: Workaround for stuck DiSEqC pin
Oliver Endriss [Sun, 21 Mar 2010 14:48:47 +0000 (11:48 -0300)]
V4L/DVB: ngene: Workaround for stuck DiSEqC pin

Send one DiSEqC byte to make sure that the pin is set to low level.

Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Reviewed-by: Manu Abraham <abraham.manu@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: saa7146: fix regression of the av7110/budget-av driver
Hans Verkuil [Wed, 24 Mar 2010 22:09:55 +0000 (19:09 -0300)]
V4L/DVB: saa7146: fix regression of the av7110/budget-av driver

An earlier regression fix for the mxb driver (V4L/DVB: saa7146_vv: fix
regression where v4l2_device was registered too late) caused a new
regression in the av7110 driver.

Reverted the old fix and fixed the problem in the mxb driver instead.
Tested on mxb and budget-av cards.

The real problem is that the saa7146 framework has separate probe()
and attach() driver callbacks which should be rolled into one. This
is now done for the mxb driver, but others should do the same. Lack
of hardware makes this hard to do, though. I hope to get hold of some
hexium cards and then I can try to improve the framework to prevent
this from happening again.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1
Hans Verkuil [Mon, 22 Mar 2010 06:14:22 +0000 (03:14 -0300)]
V4L/DVB: v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1

v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: feature-removal: announce videotext.h removal
Hans Verkuil [Mon, 22 Mar 2010 08:43:08 +0000 (05:43 -0300)]
V4L/DVB: feature-removal: announce videotext.h removal

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: V4L - vpfe capture - fix for kernel crash
Muralidharan Karicheri [Thu, 18 Mar 2010 14:44:12 +0000 (11:44 -0300)]
V4L/DVB: V4L - vpfe capture - fix for kernel crash

As part of upstream merge, set_params() function was removed from isif.c.
This requires removal of BUG_ON() and check for set_params ptr in
vpfe_capture.c. Without this kernel crash dump is seen while bootup on DM365

Also made following changes:-

 1) converted error messages to debug messages since it is not right to flood
    the console with error messages for user mistakes.
 2) returns -EINVAL if ioctl is not supported

Signed-off-by: Muralidharan Karicheri <m-karicheri2@ti.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: gspca: make usb id 0461:0815 get handled by the right driver
John Ellson [Wed, 17 Mar 2010 13:22:58 +0000 (10:22 -0300)]
V4L/DVB: gspca: make usb id 0461:0815 get handled by the right driver

The 0461:0815 camera is spca561 based not spca508

Signed-off-by: John Ellson <john.ellson@comcast.net>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: gspca - stv06xx: Remove the 046d:08da from the stv06xx driver
Erik Andrén [Mon, 8 Mar 2010 20:16:00 +0000 (17:16 -0300)]
V4L/DVB: gspca - stv06xx: Remove the 046d:08da from the stv06xx driver

The 046d:08da usb id shouldn't be associated with the stv06xx driver as they're
not compatible with each other.
This fixes a bug where Quickcam Messenger cams fail to use its proper driver
(gspca-zc3xx), rendering the camera inoperable.

Signed-off-by: Erik Andrén <erik.andren@gmail.com>
Tested-by: Gabriel Craciunescu <nix.or.die@googlemail.com>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: gspca - sn9c20x: Correct onstack wait_queue_head declaration
Yong Zhang [Fri, 5 Feb 2010 13:52:39 +0000 (10:52 -0300)]
V4L/DVB: gspca - sn9c20x: Correct onstack wait_queue_head declaration

Use DECLARE_WAIT_QUEUE_HEAD_ONSTACK to make lockdep happy

Signed-off-by: Yong Zhang <yong.zhang0@gmail.com>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
CC: Brian Johnson <brijohn@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: saa7146: fix up bytesperline if it is an impossible value
Michael Hunold [Sat, 13 Mar 2010 14:45:46 +0000 (11:45 -0300)]
V4L/DVB: saa7146: fix up bytesperline if it is an impossible value

xawtv using DGA on a Radeon graphics card provides bogus
values to S_FBUF, which will then screw up overlay video:

https://bugs.launchpad.net/ubuntu/+source/xawtv/+bug/499734

This fixes the bytesperline value if it is off completely.

Signed-off-by: Michael Hunold <michael@mihu.de>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: V4L: vpfe_capture - free ccdc_lock when memory allocation fails
Murali Karicheri [Mon, 1 Mar 2010 22:54:02 +0000 (19:54 -0300)]
V4L/DVB: V4L: vpfe_capture - free ccdc_lock when memory allocation fails

This patch fixes a bug in vpfe_probe() that doesn't call mutex_unlock() if memory
allocation for ccdc_cfg fails. See also the smatch warning report from Dan
Carpenter that shows this as an issue.

Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: V4L - Makfile:Removed duplicate entry of davinci
Vaibhav Hiremath [Sat, 13 Mar 2010 13:58:39 +0000 (10:58 -0300)]
V4L/DVB: V4L - Makfile:Removed duplicate entry of davinci

Signed-off-by: Vaibhav Hiremath <hvaibhav@ti.com>
Signed-off-by: Muralidharan Karicheri <mkaricheri@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoV4L/DVB: omap24xxcam: potential buffer overflow
Dan Carpenter [Wed, 10 Mar 2010 10:57:03 +0000 (07:57 -0300)]
V4L/DVB: omap24xxcam: potential buffer overflow

The previous loop goes until last == VIDEO_MAX_FRAME, so this could
potentially go one past the end of the loop.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Sakari Ailus <sakari.ailus@maxwell.research.nokia.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agorcu: create rcu_my_thread_group_empty() wrapper
Paul E. McKenney [Thu, 6 May 2010 16:28:41 +0000 (09:28 -0700)]
rcu: create rcu_my_thread_group_empty() wrapper

Some RCU-lockdep splat repairs need to know whether they are running
in a single-threaded process.  Unfortunately, the thread_group_empty()
primitive is defined in sched.h, and can induce #include hell.  This
commit therefore introduces a rcu_my_thread_group_empty() wrapper that
is defined in rcupdate.c, thus avoiding the need to include sched.h
everywhere.

Signed-off-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
14 years agoMerge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze
Linus Torvalds [Thu, 6 May 2010 15:38:20 +0000 (08:38 -0700)]
Merge branch 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze

* 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze:
  microblaze: Defconfig update
  microblaze: Optimize CACHE_LOOP_LIMITS and CACHE_RANGE_LOOP macros
  microblaze: Fix consistent-sync code
  microblaze: Define correct L1_CACHE_SHIFT value
  microblaze: cpuinfo shows cache line length
  microblaze: Fix kmalloc alignment on non-coherent DMA platforms
  microblaze: Fix typo fault in cache code
  microblaze: Fix consistent code
  microblaze: pci-dma: use include/linux/dma-mapping.h
  microblaze: page.h: Remove get_user_page and free_user_page
  microblaze: Remove "cache" optimized copy_page function
  microblaze: invoke oom-killer from page fault
  microblaze: fix divide by zero exception message
  microblaze: Add isa_dma_bridge_buggy to dma.h
  microblaze: Remove ancient code
  microblaze: Quiet section mismatch warnings for MMU version
  microblaze: Quiet section mismatch warnings
  microblaze: Fix IRQ entry/exit ftracing
  microblaze: resource/PCI: align functions now return start of resource
  microblaze: PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs

14 years agoMerge master.kernel.org:/home/rmk/linux-2.6-arm
Linus Torvalds [Thu, 6 May 2010 15:38:03 +0000 (08:38 -0700)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm

* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] pxa/colibri: fix missing #include <mach/mfp.h> in colibri.h
  [ARM] pxa/spitz: fix On/off key name to fix warning during boot
  [ARM] pxa: fix the incorrect cpu_is_pxa950()
  [ARM] pxa: update cpuid pattern for pxa9xx in head.S
  [ARM] pxa/viper: fix timeout usage for I2C
  [ARM] pxa/raumfeld: fix button name
  [ARM] pxa/imote2: Fix iMote2 defconfig
  [ARM] pxa: add missing new line to regs-u2d.h
  ARM: 6093/1: Fix kernel memory printing for sparsemem
  arch/arm/include/asm/elf.h: forward-declare the task-struct
  arch/arm/plat-pxa/dma.c: correct NULL test
  ARM: 6076/1: SA1100: add processor check to sa1110-cpufreq driver
  ARM: 6075/1: SA1100: fix wrong CPU type for h3100 and h3600
  ARM: Update mach-types
  ARM: 6066/1: Fix "BUG: scheduling while atomic: swapper/0/0x00000002
  ARM: 6068/1: Fix build break with KPROBES enabled
  mx5: Fix build error for mx51_defconfig

14 years agoMerge branch 'sh/for-2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal...
Linus Torvalds [Thu, 6 May 2010 15:37:39 +0000 (08:37 -0700)]
Merge branch 'sh/for-2.6.34' of git://git./linux/kernel/git/lethal/sh-2.6

* 'sh/for-2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
  sh: fix a number of Oopses and leaks in SH framebuffer driver
  SH: fix error paths in DMA driver
  sh: sh7751 pci controller io port fix
  sh: Fix maximum number of SCIF ports in R2D defconfigs
  SH: fix TS field shift calculation for DMA drivers

14 years agomicroblaze: Defconfig update
Michal Simek [Thu, 6 May 2010 09:37:42 +0000 (11:37 +0200)]
microblaze: Defconfig update

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Optimize CACHE_LOOP_LIMITS and CACHE_RANGE_LOOP macros
Michal Simek [Mon, 26 Apr 2010 06:54:13 +0000 (08:54 +0200)]
microblaze: Optimize CACHE_LOOP_LIMITS and CACHE_RANGE_LOOP macros

1. Remove CACHE_ALL_LOOP2 macro because it is identical to CACHE_ALL_LOOP
2. Change BUG_ON to WARN_ON
3. Remove end aligned from CACHE_LOOP_LIMITS.
C implementation do not need aligned end address and ASM code do aligned
in their macros
4. ASM optimized  CACHE_RANGE_LOOP_1/2 macros needs to get aligned end address.
Because end address is compound from start + size, end address is the first address
which is exclude.

Here is the corresponding code which describe it.
+       int align = ~(line_length - 1);
+       end = ((end & align) == end) ? end - line_length : end & align;

a) end is aligned:
it is necessary to subtruct line length because we don't want to work with
next cacheline
b) end address is not aligned:
Just align it to be ready for ASM code.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Fix consistent-sync code
Michal Simek [Thu, 29 Apr 2010 11:02:17 +0000 (13:02 +0200)]
microblaze: Fix consistent-sync code

PCI_DMA_FROMDEVICE should call invalidation not flushing.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Define correct L1_CACHE_SHIFT value
Michal Simek [Mon, 26 Apr 2010 11:43:23 +0000 (13:43 +0200)]
microblaze: Define correct L1_CACHE_SHIFT value

Microblaze cacheline length is configurable and current cpu
uses two cacheline length 4 and 8.

We are taking conservative maximum value to be sure that cacheline
alignment is satisfied for all cases.

Here is the calculation for cacheline lenght 8  32bit=4Byte values
which is corresponding with SHIFT 5.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: cpuinfo shows cache line length
Michal Simek [Mon, 26 Apr 2010 11:53:04 +0000 (13:53 +0200)]
microblaze: cpuinfo shows cache line length

Show cache line length in /proc/cpuinfo.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Fix kmalloc alignment on non-coherent DMA platforms
Michal Simek [Mon, 26 Apr 2010 11:49:01 +0000 (13:49 +0200)]
microblaze: Fix kmalloc alignment on non-coherent DMA platforms

Based on PowerPC patche 52142e756e9bf6485d3d53596e8aff2e816a7253

PowerPC description:
On platforms doing non-coherent DMA (4xx, 8xx, ...), it's important
that the kmalloc minimum alignment is set to the cache line size, to
avoid sharing cache lines between different objects, so that DMA to
one of the objects doesn't corrupt the other.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Fix typo fault in cache code
Michal Simek [Fri, 23 Apr 2010 09:38:43 +0000 (11:38 +0200)]
microblaze: Fix typo fault in cache code

Copy & paste error.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Fix consistent code
Michal Simek [Sat, 10 Apr 2010 15:34:06 +0000 (17:34 +0200)]
microblaze: Fix consistent code

This patch fix consistent code which had problems with consistent_free
function.
I am not sure if we need to call flush_tlb_all after it but it keeps
tlbs synced.
I added noMMU and MMU version together.

Uncached shadow feature is not tested.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: pci-dma: use include/linux/dma-mapping.h
Michal Simek [Fri, 16 Apr 2010 07:13:27 +0000 (09:13 +0200)]
microblaze: pci-dma: use include/linux/dma-mapping.h

Based on af407c6db16aa9ca63559076dbe620220a822580
and f41b177157718abe9a93868bb76e47d4a6f3681d

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: page.h: Remove get_user_page and free_user_page
Michal Simek [Thu, 22 Apr 2010 06:07:46 +0000 (08:07 +0200)]
microblaze: page.h: Remove get_user_page and free_user_page

Remove ancient macros which are here from Linux-2.4

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Remove "cache" optimized copy_page function
Michal Simek [Thu, 22 Apr 2010 05:28:48 +0000 (07:28 +0200)]
microblaze: Remove "cache" optimized copy_page function

Current implementation doesn't handle dcache_line_length
correctly that's why is better to use generic memcpy.

Cache optimized function could be good way howto improve
performance but must be based on benchmarking not blind
function like this.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: invoke oom-killer from page fault
Nick Piggin [Thu, 22 Apr 2010 16:06:21 +0000 (02:06 +1000)]
microblaze: invoke oom-killer from page fault

As explained in commit 1c0fe6e3bd, we want to call the architecture independent
oom killer when getting an unexplained OOM from handle_mm_fault, rather than
simply killing current.

Cc: microblaze-uclinux@itee.uq.edu.au
Cc: Michal Simek <monstr@monstr.eu>
Cc: linux-arch@vger.kernel.org
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: fix divide by zero exception message
Randy Dunlap [Wed, 21 Apr 2010 21:11:34 +0000 (14:11 -0700)]
microblaze: fix divide by zero exception message

Fix divide exception message to say "divide by zero".

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: microblaze-uclinux@itee.uq.edu.au
Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Add isa_dma_bridge_buggy to dma.h
Michal Simek [Tue, 20 Apr 2010 17:02:13 +0000 (19:02 +0200)]
microblaze: Add isa_dma_bridge_buggy to dma.h

It is necessary for several drivers.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Remove ancient code
Michal Simek [Fri, 16 Apr 2010 07:41:07 +0000 (09:41 +0200)]
microblaze: Remove ancient code

I found several function which we don't use that's why I am removing them.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Quiet section mismatch warnings for MMU version
Michal Simek [Tue, 13 Apr 2010 06:59:37 +0000 (08:59 +0200)]
microblaze: Quiet section mismatch warnings for MMU version

Remove section mismatch - based on ppc aproach.

WARNING: vmlinux.o(.text+0x64834): Section mismatch in reference
from the function __pte_alloc_kernel() to the function .init.text:early_get_page()
The function __pte_alloc_kernel() references
the function __init early_get_page().
This is often because __pte_alloc_kernel lacks a __init
annotation or the annotation of early_get_page is wrong.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Quiet section mismatch warnings
Steven J. Magnani [Sat, 10 Apr 2010 03:03:37 +0000 (22:03 -0500)]
microblaze: Quiet section mismatch warnings

_start is located in .text, which causes mismatch warnings with
machine_early_init() and start_kernel() in .init.text.

Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: Fix IRQ entry/exit ftracing
Steven J. Magnani [Mon, 12 Apr 2010 21:01:36 +0000 (16:01 -0500)]
microblaze: Fix IRQ entry/exit ftracing

Function traces on Microblaze don't include IRQ entry and exit arrows,
i.e.

 0)               |                            memcpy_toiovec() {
 0)   ==========> |
 0)               |                              do_IRQ() {
 ...
 0)   <========== |
 0) ! 5414.000 us |                            }

...because do_IRQ() doesn't have the proper attributes.

Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: resource/PCI: align functions now return start of resource
Michal Simek [Fri, 16 Apr 2010 07:04:51 +0000 (09:04 +0200)]
microblaze: resource/PCI: align functions now return start of resource

This change should be part of b26b2d494b659f988b4d75eb394dfa0ddac415c9

Origin description:

resource/PCI: align functions now return start of resource

As suggested by Linus, align functions should return the start
of a resource, not void. An update of "res->start" is no longer
necessary.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agomicroblaze: PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs
Michal Simek [Fri, 16 Apr 2010 07:03:00 +0000 (09:03 +0200)]
microblaze: PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs

This change should be part of 89a74ecccd1f78e51faf6287e5c0e93a92ac096e

Origin description:

PCI: add pci_bus_for_each_resource(), remove direct bus->resource[] refs

No functional change; this converts loops that iterate from 0 to
PCI_BUS_NUM_RESOURCES through pci_bus resource[] table to use the
pci_bus_for_each_resource() iterator instead.

This doesn't change the way resources are stored; it merely removes
dependencies on the fact that they're in a table.

Signed-off-by: Michal Simek <monstr@monstr.eu>
14 years agoMerge branch 'fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ycmiao/pxa-linux-2.6
Russell King [Thu, 6 May 2010 07:16:34 +0000 (08:16 +0100)]
Merge branch 'fix' of git://git./linux/kernel/git/ycmiao/pxa-linux-2.6

14 years agosh: fix a number of Oopses and leaks in SH framebuffer driver
Guennadi Liakhovetski [Fri, 30 Apr 2010 16:07:00 +0000 (16:07 +0000)]
sh: fix a number of Oopses and leaks in SH framebuffer driver

Fix a number of Oopses, memory leaks and unbalanced calls on error paths in
sh_mobile_lcdcfb.c.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
14 years ago[ARM] pxa/colibri: fix missing #include <mach/mfp.h> in colibri.h
Jakob Viketoft [Wed, 5 May 2010 10:25:27 +0000 (18:25 +0800)]
[ARM] pxa/colibri: fix missing #include <mach/mfp.h> in colibri.h

The use of mfp_cfg_t causes build errors without including <mach/mfp.h>.

CC: stable@kernel.org
CC: Daniel Mack <daniel@caiaq.de>
Signed-off-by: Jakob Viketoft <jakob.viketoft@bitsim.com>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years ago[ARM] pxa/spitz: fix On/off key name to fix warning during boot
Pavel Machek [Wed, 5 May 2010 07:03:12 +0000 (15:03 +0800)]
[ARM] pxa/spitz: fix On/off key name to fix warning during boot

On/Off contains slash in the name, which causes warning during boot.

Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years ago[ARM] pxa: fix the incorrect cpu_is_pxa950()
Haojian Zhuang [Fri, 12 Mar 2010 13:51:54 +0000 (08:51 -0500)]
[ARM] pxa: fix the incorrect cpu_is_pxa950()

Fix the wrong variable used in cpu_is_pxa950().

Signed-off-by: Haojian Zhuang <haojian.zhuang@marvell.com>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years ago[ARM] pxa: update cpuid pattern for pxa9xx in head.S
Haojian Zhuang [Fri, 12 Mar 2010 10:47:55 +0000 (05:47 -0500)]
[ARM] pxa: update cpuid pattern for pxa9xx in head.S

Update CPUID pattern of PXA9xx in head.S and fix the duplicate
entries for pxa935.

Signed-off-by: Haojian Zhuang <haojian.zhuang@marvell.com>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years ago[ARM] pxa/viper: fix timeout usage for I2C
Wolfram Sang [Sun, 18 Apr 2010 11:48:29 +0000 (13:48 +0200)]
[ARM] pxa/viper: fix timeout usage for I2C

The timeout value is in jiffies, so it should be using HZ, not a plain
number. Assume with HZ=100 '100' means 1s here and adapt accordingly.

Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Acked-by: Marc Zyngier <maz@misterjones.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Paul Shen <paul.shen@marvell.com>
Cc: Mike Rapoport <mike@compulab.co.il>
Cc: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years ago[ARM] pxa/raumfeld: fix button name
Daniel Mack [Sun, 18 Apr 2010 07:35:29 +0000 (09:35 +0200)]
[ARM] pxa/raumfeld: fix button name

"on/off button" was recently renamed to remove the slash character.
Follow that change in the pin polarity detection as well.

While at it, fix another cosmetic coding style flaw as well.

Signed-off-by: Daniel Mack <daniel@caiaq.de>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years ago[ARM] pxa/imote2: Fix iMote2 defconfig
Stefan Schmidt [Thu, 8 Apr 2010 14:03:25 +0000 (16:03 +0200)]
[ARM] pxa/imote2: Fix iMote2 defconfig

- Bring in a CMDLINE that actually works and prints to the right tty
- Compile-in JFFS2 to boot into rootfs
- Remove unneeded options for Bluetooth and radio
- Disable CPU_FREQ as it makes the flash driver fail

Thanks Jonathan for spotting what I messed up.

Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years ago[ARM] pxa: add missing new line to regs-u2d.h
Igor Grinberg [Wed, 7 Apr 2010 08:40:37 +0000 (11:40 +0300)]
[ARM] pxa: add missing new line to regs-u2d.h

Signed-off-by: Igor Grinberg <grinberg@compulab.co.il>
Signed-off-by: Eric Miao <eric.y.miao@gmail.com>
14 years agoMerge branch 'zerolen' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6
Linus Torvalds [Wed, 5 May 2010 22:48:13 +0000 (15:48 -0700)]
Merge branch 'zerolen' of git://git./linux/kernel/git/jgarzik/misc-2.6

* 'zerolen' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6:
  [MTD] Remove zero-length files mtdbdi.c and internal.ho

14 years agoMerge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzi...
Linus Torvalds [Wed, 5 May 2010 22:47:57 +0000 (15:47 -0700)]
Merge branch 'upstream-linus' of git://git./linux/kernel/git/jgarzik/libata-dev

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  pata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs
  libata: Fix several inaccuracies in developer's guide

14 years ago[MTD] Remove zero-length files mtdbdi.c and internal.ho
Jeff Garzik [Wed, 5 May 2010 19:25:12 +0000 (15:25 -0400)]
[MTD] Remove zero-length files mtdbdi.c and internal.ho

Both were "removed" in commit a33eb6b91034c95b9b08576f68be170f995b2c7d.

Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
14 years agopata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs
Kristoffer Ericson [Sun, 2 May 2010 19:48:24 +0000 (21:48 +0200)]
pata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs

This patch fixes the bad hashes for one Kingston and one Transcend card.
Thanks to komuro for pointing this out.

Signed-off-by: Kristoffer Ericson <kristoffer.ericson@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
14 years agolibata: Fix several inaccuracies in developer's guide
Sergei Shtylyov [Wed, 5 May 2010 13:27:10 +0000 (17:27 +0400)]
libata: Fix several inaccuracies in developer's guide

Commit 6bfff31e77cfa1b13490337e5a4dbaa3407e83ac (libata: kill probe_ent
and related helpers) killed ata_device_add() but didn't remove references
to it from the libata developer's guide.

Commits 9363c3825ea9ad76561eb48a395349dd29211ed6 (libata: rename SFF
functions) and 5682ed33aae05d10a25c95633ef9d9c062825888 (libata: rename
SFF port ops) renamed the taskfile access methods but didn't update the
developer's guide.  Commit c9f75b04ed5ed65a058d18a8a8dda50632a96de8
(libata: kill ata_noop_dev_select()) didn't update the developer's
guide as well.

The guide also refers to the long gone ata_pio_data_xfer_noirq(),
ata_pio_data_xfer(), and ata_mmio_data_xfer() -- replace those by
the modern ata_sff_data_xfer_noirq(), ata_sff_data_xfer(), and
ata_sff_data_xfer32().

Also, remove the reference to non-existant ata_port_stop()...

Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
14 years agoMerge branch 'slab-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penber...
Linus Torvalds [Wed, 5 May 2010 18:18:16 +0000 (11:18 -0700)]
Merge branch 'slab-for-linus' of git://git./linux/kernel/git/penberg/slab-2.6

* 'slab-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6:
  slub: Fix bad boundary check in init_kmem_cache_nodes()

14 years agoslub: Fix bad boundary check in init_kmem_cache_nodes()
Zhang, Yanmin [Thu, 1 Apr 2010 09:32:30 +0000 (17:32 +0800)]
slub: Fix bad boundary check in init_kmem_cache_nodes()

Function init_kmem_cache_nodes is incorrect when checking upper limitation of
kmalloc_caches. The breakage was introduced by commit
91efd773c74bb26b5409c85ad755d536448e229c ("dma kmalloc handling fixes").

Acked-by: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Wed, 5 May 2010 16:06:24 +0000 (09:06 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  KEYS: call_sbin_request_key() must write lock keyrings before modifying them
  KEYS: Use RCU dereference wrappers in keyring key type code
  KEYS: find_keyring_by_name() can gain access to a freed keyring

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Linus Torvalds [Wed, 5 May 2010 14:56:36 +0000 (07:56 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tj/wq

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: flush_delayed_work: keep the original workqueue for re-queueing

14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Wed, 5 May 2010 14:55:07 +0000 (07:55 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  FEC: Fix kernel panic in fec_set_mac_address.
  ipv6: Fix default multicast hops setting.
  net: ep93xx_eth stops receiving packets
  drivers/net/phy: micrel phy driver
  dm9601: fix phy/eeprom write routine
  ppp_generic: handle non-linear skbs when passing them to pppd
  ppp_generic: pull 2 bytes so that PPP_PROTO(skb) is valid
  net: fix compile error due to double return type in SOCK_DEBUG
  net/usb: initiate sync sequence in sierra_net.c driver
  net/usb: remove default in Kconfig for sierra_net driver
  r8169: Fix rtl8169_rx_interrupt()
  e1000e: Fix oops caused by ASPM patch.
  net/sb1250: register mdio bus in probe
  sctp: Fix skb_over_panic resulting from multiple invalid parameter errors (CVE-2010-1173) (v4)
  p54pci: fix bugs in p54p_check_tx_ring

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
Linus Torvalds [Wed, 5 May 2010 14:54:22 +0000 (07:54 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)
  ALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582
  ALSA: take tu->qlock with irqs disabled
  ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T
  ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F
  ALSA: hda - fix array indexing while creating inputs for Cirrus codecs
  ALSA: es968: fix wrong PnP dma index

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Wed, 5 May 2010 14:53:18 +0000 (07:53 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: joydev - allow binding to button-only devices
  Input: elantech - ignore high bits in the position coordinates
  Input: elantech - allow forcing Elantech protocol
  Input: elantech - fix firmware version check
  Input: ati_remote - add some missing devices from lirc_atiusb
  Input: eeti_ts - cancel pending work when going to suspend
  Input: Add support of Synaptics Clickpad device
  Revert "Input: ALPS - add signature for HP Pavilion dm3 laptops"
  Input: psmouse - ignore parity error for basic protocols

14 years agoraid6: fix recovery performance regression
Dan Williams [Wed, 5 May 2010 03:41:56 +0000 (20:41 -0700)]
raid6: fix recovery performance regression

The raid6 recovery code should immediately drop back to the optimized
synchronous path when a p+q dma resource is not available.  Otherwise we
run the non-optimized/multi-pass async code in sync mode.

Verified with raid6test (NDISKS=255)

Applies to kernels >= 2.6.32.

Cc: <stable@kernel.org>
Acked-by: NeilBrown <neilb@suse.de>
Reported-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoKEYS: call_sbin_request_key() must write lock keyrings before modifying them
David Howells [Fri, 30 Apr 2010 13:32:23 +0000 (14:32 +0100)]
KEYS: call_sbin_request_key() must write lock keyrings before modifying them

call_sbin_request_key() creates a keyring and then attempts to insert a link to
the authorisation key into that keyring, but does so without holding a write
lock on the keyring semaphore.

It will normally get away with this because it hasn't told anyone that the
keyring exists yet.  The new keyring, however, has had its serial number
published, which means it can be accessed directly by that handle.

This was found by a previous patch that adds RCU lockdep checks to the code
that reads the keyring payload pointer, which includes a check that the keyring
semaphore is actually locked.

Without this patch, the following command:

keyctl request2 user b a @s

will provoke the following lockdep warning is displayed in dmesg:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/keyring.c:727 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
2 locks held by keyctl/2076:
 #0:  (key_types_sem){.+.+.+}, at: [<ffffffff811a5b29>] key_type_lookup+0x1c/0x71
 #1:  (keyring_serialise_link_sem){+.+.+.}, at: [<ffffffff811a6d1e>] __key_link+0x4d/0x3c5

stack backtrace:
Pid: 2076, comm: keyctl Not tainted 2.6.34-rc6-cachefs #54
Call Trace:
 [<ffffffff81051fdc>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811a6d1e>] ? __key_link+0x4d/0x3c5
 [<ffffffff811a6e6f>] __key_link+0x19e/0x3c5
 [<ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
 [<ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
 [<ffffffff811aa0dc>] call_sbin_request_key+0xe7/0x33b
 [<ffffffff8139376a>] ? mutex_unlock+0x9/0xb
 [<ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
 [<ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
 [<ffffffff811aa6fa>] ? request_key_auth_new+0x1c2/0x23c
 [<ffffffff810aaf15>] ? cache_alloc_debugcheck_after+0x108/0x173
 [<ffffffff811a9d00>] ? request_key_and_link+0x146/0x300
 [<ffffffff810ac568>] ? kmem_cache_alloc+0xe1/0x118
 [<ffffffff811a9e45>] request_key_and_link+0x28b/0x300
 [<ffffffff811a89ac>] sys_request_key+0xf7/0x14a
 [<ffffffff81052c0b>] ? trace_hardirqs_on_caller+0x10c/0x130
 [<ffffffff81394fb9>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoKEYS: Use RCU dereference wrappers in keyring key type code
David Howells [Fri, 30 Apr 2010 13:32:18 +0000 (14:32 +0100)]
KEYS: Use RCU dereference wrappers in keyring key type code

The keyring key type code should use RCU dereference wrappers, even when it
holds the keyring's key semaphore.

Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoKEYS: find_keyring_by_name() can gain access to a freed keyring
Toshiyuki Okajima [Fri, 30 Apr 2010 13:32:13 +0000 (14:32 +0100)]
KEYS: find_keyring_by_name() can gain access to a freed keyring

find_keyring_by_name() can gain access to a keyring that has had its reference
count reduced to zero, and is thus ready to be freed.  This then allows the
dead keyring to be brought back into use whilst it is being destroyed.

The following timeline illustrates the process:

|(cleaner)                           (user)
|
| free_user(user)                    sys_keyctl()
|  |                                  |
|  key_put(user->session_keyring)     keyctl_get_keyring_ID()
|  || //=> keyring->usage = 0        |
|  |schedule_work(&key_cleanup_task)   lookup_user_key()
|  ||                                   |
|  kmem_cache_free(,user)               |
|  .                                    |[KEY_SPEC_USER_KEYRING]
|  .                                    install_user_keyrings()
|  .                                    ||
| key_cleanup() [<= worker_thread()]    ||
|  |                                    ||
|  [spin_lock(&key_serial_lock)]        |[mutex_lock(&key_user_keyr..mutex)]
|  |                                    ||
|  atomic_read() == 0                   ||
|  |{ rb_ease(&key->serial_node,) }     ||
|  |                                    ||
|  [spin_unlock(&key_serial_lock)]      |find_keyring_by_name()
|  |                                    |||
|  keyring_destroy(keyring)             ||[read_lock(&keyring_name_lock)]
|  ||                                   |||
|  |[write_lock(&keyring_name_lock)]    ||atomic_inc(&keyring->usage)
|  |.                                   ||| *** GET freeing keyring ***
|  |.                                   ||[read_unlock(&keyring_name_lock)]
|  ||                                   ||
|  |list_del()                          |[mutex_unlock(&key_user_k..mutex)]
|  ||                                   |
|  |[write_unlock(&keyring_name_lock)]  ** INVALID keyring is returned **
|  |                                    .
|  kmem_cache_free(,keyring)            .
|                                       .
|                                       atomic_dec(&keyring->usage)
v                                         *** DESTROYED ***
TIME

If CONFIG_SLUB_DEBUG=y then we may see the following message generated:

=============================================================================
BUG key_jar: Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xffff880197a7e200-0xffff880197a7e200. First byte 0x6a instead of 0x6b
INFO: Allocated in key_alloc+0x10b/0x35f age=25 cpu=1 pid=5086
INFO: Freed in key_cleanup+0xd0/0xd5 age=12 cpu=1 pid=10
INFO: Slab 0xffffea000592cb90 objects=16 used=2 fp=0xffff880197a7e200 flags=0x200000000000c3
INFO: Object 0xffff880197a7e200 @offset=512 fp=0xffff880197a7e300

Bytes b4 0xffff880197a7e1f0:  5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
  Object 0xffff880197a7e200:  6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b jkkkkkkkkkkkkkkk

Alternatively, we may see a system panic happen, such as:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
IP: [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9
PGD 6b2b4067 PUD 6a80d067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/kernel/kexec_crash_loaded
CPU 1
...
Pid: 31245, comm: su Not tainted 2.6.34-rc5-nofixed-nodebug #2 D2089/PRIMERGY
RIP: 0010:[<ffffffff810e61a3>]  [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9
RSP: 0018:ffff88006af3bd98  EFLAGS: 00010002
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88007d19900b
RDX: 0000000100000000 RSI: 00000000000080d0 RDI: ffffffff81828430
RBP: ffffffff81828430 R08: ffff88000a293750 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000100000 R12: 00000000000080d0
R13: 00000000000080d0 R14: 0000000000000296 R15: ffffffff810f20ce
FS:  00007f97116bc700(0000) GS:ffff88000a280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000001 CR3: 000000006a91c000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process su (pid: 31245, threadinfo ffff88006af3a000, task ffff8800374414c0)
Stack:
 0000000512e0958e 0000000000008000 ffff880037f8d180 0000000000000001
 0000000000000000 0000000000008001 ffff88007d199000 ffffffff810f20ce
 0000000000008000 ffff88006af3be48 0000000000000024 ffffffff810face3
Call Trace:
 [<ffffffff810f20ce>] ? get_empty_filp+0x70/0x12f
 [<ffffffff810face3>] ? do_filp_open+0x145/0x590
 [<ffffffff810ce208>] ? tlb_finish_mmu+0x2a/0x33
 [<ffffffff810ce43c>] ? unmap_region+0xd3/0xe2
 [<ffffffff810e4393>] ? virt_to_head_page+0x9/0x2d
 [<ffffffff81103916>] ? alloc_fd+0x69/0x10e
 [<ffffffff810ef4ed>] ? do_sys_open+0x56/0xfc
 [<ffffffff81008a02>] ? system_call_fastpath+0x16/0x1b
Code: 0f 1f 44 00 00 49 89 c6 fa 66 0f 1f 44 00 00 65 4c 8b 04 25 60 e8 00 00 48 8b 45 00 49 01 c0 49 8b 18 48 85 db 74 0d 48 63 45 18 <48> 8b 04 03 49 89 00 eb 14 4c 89 f9 83 ca ff 44 89 e6 48 89 ef
RIP  [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9

This problem is that find_keyring_by_name does not confirm that the keyring is
valid before accepting it.

Skipping keyrings that have been reduced to a zero count seems the way to go.
To this end, use atomic_inc_not_zero() to increment the usage count and skip
the candidate keyring if that returns false.

The following script _may_ cause the bug to happen, but there's no guarantee
as the window of opportunity is small:

#!/bin/sh
LOOP=100000
USER=dummy_user
/bin/su -c "exit;" $USER || { /usr/sbin/adduser -m $USER; add=1; }
for ((i=0; i<LOOP; i++))
do
/bin/su -c "echo '$i' > /dev/null" $USER
done
(( add == 1 )) && /usr/sbin/userdel -r $USER
exit

Note that the nominated user must not be in use.

An alternative way of testing this may be:

for ((i=0; i<100000; i++))
do
keyctl session foo /bin/true || break
done >&/dev/null

as that uses a keyring named "foo" rather than relying on the user and
user-session named keyrings.

Reported-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoMerge branch 'fix/hda' into for-linus
Takashi Iwai [Wed, 5 May 2010 08:08:30 +0000 (10:08 +0200)]
Merge branch 'fix/hda' into for-linus

14 years agoALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)
Daniel T Chen [Wed, 28 Apr 2010 22:00:11 +0000 (18:00 -0400)]
ALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)

BugLink: https://launchpad.net/bugs/541802
The OR's hardware distorts at PCM 100% because it does not correspond to
0 dB. Fix this in patch_cxt5045() for all Packard Bell models.

Reported-by: Valombre
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582
Anisse Astier [Wed, 28 Apr 2010 16:05:06 +0000 (18:05 +0200)]
ALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582

Add a quirk for all-in-one computer Dell Inspiron One 19 Touch to have proper
HP and Mic support.

Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: take tu->qlock with irqs disabled
Dan Carpenter [Wed, 28 Apr 2010 08:29:14 +0000 (10:29 +0200)]
ALSA: take tu->qlock with irqs disabled

We should disable irqs when we take the tu->qlock because it is used in
the irq handler.  The only place that doesn't is
snd_timer_user_ccallback().  Most of the time snd_timer_user_ccallback()
is called with interrupts disabled but the the first ti->ccallback()
call in snd_timer_notify1() has interrupts enabled.

This was caught by lockdep which generates the following message:

> =================================
> [ INFO: inconsistent lock state ]
> 2.6.34-rc5 #5
> ---------------------------------
> inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
> dolphin/4003 [HC1[1]:SC0[0]:HE0:SE1] takes:
> (&(&tu->qlock)->rlock){?.+...}, at: [<f84ec472>] snd_timer_user_tinterrupt+0x28/0x132 [snd_timer]
> {HARDIRQ-ON-W} state was registered at:
>   [<c1048de9>] __lock_acquire+0x654/0x1482
>   [<c1049c73>] lock_acquire+0x5c/0x73
>   [<c125ac3e>] _raw_spin_lock+0x25/0x34
>   [<f84ec370>] snd_timer_user_ccallback+0x55/0x95 [snd_timer]
>   [<f84ecc4b>] snd_timer_notify1+0x53/0xca [snd_timer]

Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoFEC: Fix kernel panic in fec_set_mac_address.
Mattias Walström [Wed, 5 May 2010 07:55:48 +0000 (00:55 -0700)]
FEC: Fix kernel panic in fec_set_mac_address.

Fix memory corruption that sometimes result in kernel panic.

Signed-off-by: Mattias Walström <mattias@vmlinux.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T
Daniel T Chen [Wed, 5 May 2010 02:07:58 +0000 (22:07 -0400)]
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T

BugLink: https://launchpad.net/bugs/549267
The OR verified that using the olpc-xo-1_5 model quirk allows the
headphones to be audible when inserted into the jack. Capture was
also verified to work correctly.

Reported-by: Richard Gagne
Tested-by: Richard Gagne
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F
Daniel T Chen [Tue, 4 May 2010 00:39:31 +0000 (20:39 -0400)]
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F

BugLink: https://launchpad.net/bugs/573284
The OR verified that using the olpc-xo-1_5 model quirk allows the
headphones to be audible when inserted into the jack. Capture was
also verified to work correctly.

Reported-by: Andy Couldrake <acouldrake@googlemail.com>
Tested-by: Andy Couldrake <acouldrake@googlemail.com>
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: hda - fix array indexing while creating inputs for Cirrus codecs
Brian J. Tarricone [Mon, 3 May 2010 00:32:10 +0000 (17:32 -0700)]
ALSA: hda - fix array indexing while creating inputs for Cirrus codecs

This fixes a problem where cards show up as only having a single mixer
element, suppressing all sound output.

Signed-off-by: Brian J. Tarricone <brian@tarricone.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoMerge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied...
Linus Torvalds [Wed, 5 May 2010 02:08:12 +0000 (19:08 -0700)]
Merge branch 'drm-linus' of git://git./linux/kernel/git/airlied/drm-2.6

* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms/legacy: only enable load detection property on DVI-I
  drm/radeon/kms: fix panel scaling adjusted mode setup
  drivers/gpu/drm/drm_sysfs.c: sysfs files error handling
  drivers/gpu/drm/radeon/radeon_atombios.c: range check issues
  gpu: vga_switcheroo, fix lock imbalance
  drivers/gpu/drm/drm_memory.c: fix check for end of loop
  drivers/gpu/drm/via/via_video.c: fix off by one issue
  drm/radeon/kms/agp The wrong AGP chipset can cause a NULL pointer dereference
  drm/radeon/kms: r300 fix CS checker to allow zbuffer-only fastfill

14 years agoMerge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Wed, 5 May 2010 02:07:35 +0000 (19:07 -0700)]
Merge branch 'x86-fixes-for-linus' of git://git./linux/kernel/git/x86/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip:
  powernow-k8: Fix frequency reporting
  x86: Fix parse_reservetop() build failure on certain configs
  x86: Fix NULL pointer access in irq_force_complete_move() for Xen guests
  x86: Fix 'reservetop=' functionality

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Wed, 5 May 2010 01:49:34 +0000 (18:49 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  KEYS: Fix RCU handling in key_gc_keyring()
  KEYS: Fix an RCU warning in the reading of user keys

14 years agoKEYS: Fix RCU handling in key_gc_keyring()
David Howells [Tue, 4 May 2010 13:16:10 +0000 (14:16 +0100)]
KEYS: Fix RCU handling in key_gc_keyring()

key_gc_keyring() needs to either hold the RCU read lock or hold the keyring
semaphore if it's going to scan the keyring's list.  Given that it only needs
to read the key list, and it's doing so under a spinlock, the RCU read lock is
the thing to use.

Furthermore, the RCU check added in e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe is
incorrect as holding the spinlock on key_serial_lock is not grounds for
assuming a keyring's pointer list can be read safely.  Instead, a simple
rcu_dereference() inside of the previously mentioned RCU read lock is what we
want.

Reported-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoKEYS: Fix an RCU warning in the reading of user keys
David Howells [Fri, 30 Apr 2010 13:32:08 +0000 (14:32 +0100)]
KEYS: Fix an RCU warning in the reading of user keys

Fix an RCU warning in the reading of user keys:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/3637:
 #0:  (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf

stack backtrace:
Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
Call Trace:
 [<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811aa55f>] user_read+0x47/0x91
 [<ffffffff811a80be>] keyctl_read_key+0xac/0xcf
 [<ffffffff811a8a06>] sys_keyctl+0x75/0xb7
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agodrm/radeon/kms/legacy: only enable load detection property on DVI-I
Alex Deucher [Fri, 30 Apr 2010 16:37:31 +0000 (12:37 -0400)]
drm/radeon/kms/legacy: only enable load detection property on DVI-I

DVI-D doesn't have analog.  This matches the avivo behavior.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
14 years agodrm/radeon/kms: fix panel scaling adjusted mode setup
Alex Deucher [Fri, 30 Apr 2010 16:00:44 +0000 (12:00 -0400)]
drm/radeon/kms: fix panel scaling adjusted mode setup

This should duplicate exactly what the ddx does for both
legacy and avivo.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
14 years agoMerge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2
Linus Torvalds [Tue, 4 May 2010 23:33:18 +0000 (16:33 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/jlbec/ocfs2

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2:
  ocfs2: Avoid a gcc warning in ocfs2_wipe_inode().
  ocfs2: Avoid direct write if we fall back to buffered I/O
  ocfs2_dlmfs: Fix math error when reading LVB.
  ocfs2: Update VFS inode's id info after reflink.
  ocfs2: potential ERR_PTR dereference on error paths
  ocfs2: Add directory entry later in ocfs2_symlink() and ocfs2_mknod()
  ocfs2: use OCFS2_INODE_SKIP_ORPHAN_DIR in ocfs2_mknod error path
  ocfs2: use OCFS2_INODE_SKIP_ORPHAN_DIR in ocfs2_symlink error path
  ocfs2: add OCFS2_INODE_SKIP_ORPHAN_DIR flag and honor it in the inode wipe code
  ocfs2: Reset status if we want to restart file extension.
  ocfs2: Compute metaecc for superblocks during online resize.
  ocfs2: Check the owner of a lockres inside the spinlock
  ocfs2: one more warning fix in ocfs2_file_aio_write(), v2
  ocfs2_dlmfs: User DLM_* when decoding file open flags.

14 years agoFix the x86_64 implementation of call_rwsem_wait()
David Howells [Tue, 4 May 2010 12:42:53 +0000 (13:42 +0100)]
Fix the x86_64 implementation of call_rwsem_wait()

The x86_64 call_rwsem_wait() treats the active state counter part of the
R/W semaphore state as being 16-bit when it's actually 32-bit (it's half
of the 64-bit state).  It should do "decl %edx" not "decw %dx".

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoMerge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvar...
Linus Torvalds [Tue, 4 May 2010 22:20:37 +0000 (15:20 -0700)]
Merge branch 'i2c-for-linus' of git://git./linux/kernel/git/jdelvare/staging

* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  i2c-core: Use per-adapter userspace device lists
  i2c: Fix probing of FSC hardware monitoring chips
  i2c-core: Erase pointer to clientdata on removal

14 years agoMerge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 4 May 2010 22:16:15 +0000 (15:16 -0700)]
Merge branch 'perf-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  perf: Fix resource leak in failure path of perf_event_open()

14 years agoMerge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 4 May 2010 22:15:43 +0000 (15:15 -0700)]
Merge branch 'core-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  rcu: Fix RCU lockdep splat on freezer_fork path
  rcu: Fix RCU lockdep splat in set_task_cpu on fork path
  mutex: Don't spin when the owner CPU is offline or other weird cases

14 years agoARM: 6093/1: Fix kernel memory printing for sparsemem
Catalin Marinas [Tue, 4 May 2010 16:27:43 +0000 (17:27 +0100)]
ARM: 6093/1: Fix kernel memory printing for sparsemem

The show_mem() and mem_init() function are assuming that the page map is
contiguous and calculates the start and end page of a bank using (map +
pfn). This fails with SPARSEMEM where pfn_to_page() must be used.

Tested-by: Will Deacon <Will.Deacon@arm.com>
Tested-by: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
14 years agomemcg: css_id() must be called under rcu_read_lock()
Paul E. McKenney [Fri, 23 Apr 2010 19:26:38 +0000 (12:26 -0700)]
memcg: css_id() must be called under rcu_read_lock()

This patch fixes task_in_mem_cgroup(), mem_cgroup_uncharge_swapcache(),
mem_cgroup_move_swap_account(), and is_target_pte_for_mc() to protect
calls to css_id().  An additional RCU lockdep splat was reported for
memcg_oom_wake_function(), however, this function is not yet in
mainline as of 2.6.34-rc5.

Reported-by: Li Zefan <lizf@cn.fujitsu.com>
Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Tested-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
14 years agocgroup: Check task_lock in task_subsys_state()
Li Zefan [Fri, 23 Apr 2010 02:35:52 +0000 (10:35 +0800)]
cgroup: Check task_lock in task_subsys_state()

Expand task_subsys_state()'s rcu_dereference_check() to include the full
locking rule as documented in Documentation/cgroups/cgroups.txt by adding
a check for task->alloc_lock being held.

This fixes an RCU false positive when resuming from suspend. The warning
comes from freezer cgroup in cgroup_freezing_or_frozen().

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
14 years agosched: Fix an RCU warning in print_task()
Li Zefan [Thu, 22 Apr 2010 09:30:40 +0000 (17:30 +0800)]
sched: Fix an RCU warning in print_task()

With CONFIG_PROVE_RCU=y, a warning can be triggered:

  $ cat /proc/sched_debug

...
kernel/cgroup.c:1649 invoked rcu_dereference_check() without protection!
...

Both cgroup_path() and task_group() should be called with either
rcu_read_lock or cgroup_mutex held.

The rcu_dereference_check() does include cgroup_lock_is_held(), so we
know that this lock is not held.  Therefore, in a CONFIG_PREEMPT kernel,
to say nothing of a CONFIG_PREEMPT_RT kernel, the original code could
have ended up copying a string out of the freelist.

This patch inserts RCU read-side primitives needed to prevent this
scenario.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
14 years agocgroup: Fix an RCU warning in alloc_css_id()
Li Zefan [Thu, 22 Apr 2010 09:30:00 +0000 (17:30 +0800)]
cgroup: Fix an RCU warning in alloc_css_id()

With CONFIG_PROVE_RCU=y, a warning can be triggered:

  # mount -t cgroup -o memory xxx /mnt
  # mkdir /mnt/0

...
kernel/cgroup.c:4442 invoked rcu_dereference_check() without protection!
...

This is a false-positive. It's safe to directly access parent_css->id.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
14 years agocgroup: Fix an RCU warning in cgroup_path()
Li Zefan [Thu, 22 Apr 2010 09:29:24 +0000 (17:29 +0800)]
cgroup: Fix an RCU warning in cgroup_path()

with CONFIG_PROVE_RCU=y, a warning can be triggered:

  # mount -t cgroup -o debug xxx /mnt
  # cat /proc/$$/cgroup

...
kernel/cgroup.c:1649 invoked rcu_dereference_check() without protection!
...

This is a false-positive, because cgroup_path() can be called
with either rcu_read_lock() held or cgroup_mutex held.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
14 years agoKEYS: Fix an RCU warning in the reading of user keys
David Howells [Wed, 21 Apr 2010 16:36:35 +0000 (17:36 +0100)]
KEYS: Fix an RCU warning in the reading of user keys

Fix an RCU warning in the reading of user keys:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/3637:
 #0:  (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf

stack backtrace:
Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
Call Trace:
 [<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811aa55f>] user_read+0x47/0x91
 [<ffffffff811a80be>] keyctl_read_key+0xac/0xcf
 [<ffffffff811a8a06>] sys_keyctl+0x75/0xb7
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
14 years agoKEYS: Fix an RCU warning
David Howells [Tue, 20 Apr 2010 10:25:49 +0000 (11:25 +0100)]
KEYS: Fix an RCU warning

Fix the following RCU warning:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/request_key.c:116 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/5372:
 #0:  (key_types_sem){.+.+.+}, at: [<ffffffff811a4e3d>] key_type_lookup+0x1c/0x70

stack backtrace:
Pid: 5372, comm: keyctl Not tainted 2.6.34-rc3-cachefs #150
Call Trace:
 [<ffffffff810515f8>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811a9220>] call_sbin_request_key+0x156/0x2b6
 [<ffffffff811a4c66>] ? __key_instantiate_and_link+0xb1/0xdc
 [<ffffffff811a4cd3>] ? key_instantiate_and_link+0x42/0x5f
 [<ffffffff811a96b8>] ? request_key_auth_new+0x17b/0x1f3
 [<ffffffff811a8e00>] ? request_key_and_link+0x271/0x400
 [<ffffffff810aba6f>] ? kmem_cache_alloc+0xe1/0x118
 [<ffffffff811a8f1a>] request_key_and_link+0x38b/0x400
 [<ffffffff811a7b72>] sys_request_key+0xf7/0x14a
 [<ffffffff81052227>] ? trace_hardirqs_on_caller+0x10c/0x130
 [<ffffffff81393f5c>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

This was caused by doing:

[root@andromeda ~]# keyctl newring fred @s
539196288
[root@andromeda ~]# keyctl request2 user a a 539196288
request_key: Required key not available

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
14 years agoi2c-core: Use per-adapter userspace device lists
Jean Delvare [Tue, 4 May 2010 09:09:28 +0000 (11:09 +0200)]
i2c-core: Use per-adapter userspace device lists

Using a single list for all userspace devices leads to a dead lock
on multiplexed buses in some circumstances (mux chip instantiated
from userspace). This is solved by using a separate list for each
bus segment.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Michael Lawnick <ml.lawnick@gmx.de>
14 years agoi2c: Fix probing of FSC hardware monitoring chips
Jean Delvare [Tue, 4 May 2010 09:09:28 +0000 (11:09 +0200)]
i2c: Fix probing of FSC hardware monitoring chips

Some FSC hardware monitoring chips (Syleus at least) doesn't like
quick writes we typically use to probe for I2C chips. Use a regular
byte read instead for the address they live at (0x73). These are the
only known chips living at this address on PC systems.

For clarity, this fix should not be needed for kernels 2.6.30 and
later, as we started instantiating the hwmon devices explicitly based
on DMI data. Still, this fix is valuable in the following two cases:
* Support for recent FSC chips on older kernels. The DMI-based device
  instantiation is more difficult to backport than the device support
  itself.
* Case where the DMI-based device instantiation fails, whatever the
  reason. We fall back to probing in that case, so it should work.

This fixes kernel bug #15634:
https://bugzilla.kernel.org/show_bug.cgi?id=15634

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Cc: stable@kernel.org
14 years agoi2c-core: Erase pointer to clientdata on removal
Wolfram Sang [Tue, 4 May 2010 09:09:27 +0000 (11:09 +0200)]
i2c-core: Erase pointer to clientdata on removal

After discovering that a lot of i2c-drivers leave the pointer to their
clientdata dangling, it was decided to let the core handle this issue.
It is assumed that the core may access the private data after remove()
as there are no guarantees for the lifetime of such pointers anyhow (see
thread starting at http://lkml.org/lkml/2010/3/21/68)

Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
14 years agoInput: joydev - allow binding to button-only devices
Christoph Fritz [Sun, 25 Apr 2010 04:41:05 +0000 (21:41 -0700)]
Input: joydev - allow binding to button-only devices

Dance pads don't have an axis, so allow this kind of controllers
to be used via legacy joystick interface.

Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>