25 Feb, 2011
40 commits
-
commit 2c6315da6a1657a49e03970a4084dc3d1958ad70 upstream.
On systems where the temperature sensor is actually used, the BIOS is
likely to have locked the alarm registers. In that case, all writes
through the corresponding sysfs files would be silently ignored.To prevent this, detect the locks and make the affected sysfs files
read-only.Signed-off-by: Clemens Ladisch
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit d5622f5b6c4671d1588ccc9056705366d4eb312a upstream.
The documentation lists standard numbers and chip names in excruciating
detail, but that's all it does. To help mere mortals in deciding
whether to enable this driver, mention what this sensor is for and in
which systems it might be found.Also add a link to the actual JC 42.4 specification.
Signed-off-by: Clemens Ladisch
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit e866729605a43a739fc56023a8530b07a93d3458 upstream.
In set_temp_crit_hyst(), make the variable 'val' have the correct
type for strict_strtoul().Signed-off-by: Clemens Ladisch
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit aa4790a6287818078ca968164a5f0d0870326602 upstream.
Add the PCI ID to support the internal temperature sensor of the
AMD "Llano" and "Brazos" processor families.Signed-off-by: Clemens Ladisch
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit ca86828ccd3128513f6d4e200b437deac95408db upstream.
This patch adds the PCI northbridge device id for AMD CPU
families 12h and 14h. Both families have implemented the same
PCI northbridge device.There are some future use cases that use this PCI device and
we would like to clarify its naming.Signed-off-by: Robert Richter
Cc: xen-devel@lists.xensource.com
Cc: Keir Fraser
Cc: Jan Beulich
LKML-Reference:
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit f065a93e168299569078bc6f52128b57f602fff3 upstream.
The interface is identical EMC6D102, so all that needs to be added are
some definitions and their uses.Registers apparently missing in EMC6D103S/EMC6D103:A2 compared to EMC6D103:A0,
EMC6D103:A1, and EMC6D102 (according to the data sheets), but used
unconditionally in the driver: 62[5:7], 6D[0:7], and 6E[0:7]. For that
reason, EMC6D103S chips don't get enabled for the time being.Signed-off-by: Jan Beulich
(Guenter Roeck: Replaced EMC6D103_A2 with EMC6D103S per EMC6D103S datasheet)
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit 89724958e5d596bb91328644c97dd80399443e87 upstream.
Without this patch, one line-out and one speaker and
Conexant's auto parser would announce (non-working) surround
capabilities.BugLink: http://bugs.launchpad.net/bugs/721126
Signed-off-by: David Henningsson
Signed-off-by: Takashi Iwai
Signed-off-by: Greg Kroah-Hartman -
commit eaae55dac6b64c0616046436b294e69fc5311581 upstream.
Use strlcpy() to assure not to overflow the string array sizes by
too long USB device name string.Reported-by: Rafa
Signed-off-by: Takashi Iwai
Signed-off-by: Greg Kroah-Hartman -
commit b540afc2b3d6e4cd1d1f137ef6d9e9c78d67fecd upstream.
The bug reporter claims that position_fix=1 is needed for his
microphone to work. The controller PCI vendor-id is [1002:4383] (rev 40).Reported-by: Kjell L.
BugLink: http://bugs.launchpad.net/bugs/718402
Signed-off-by: David Henningsson
Signed-off-by: Takashi Iwai
Signed-off-by: Greg Kroah-Hartman -
commit c91d01556f52255a31575be0cb1981c92a2a5028 upstream.
Patch fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=654599Many users report very low speed problem on 3945 devices,
this patch fixes problem, but only for some of them.For unknown reason, sometimes after hw scanning, device is not able
to receive frames at high rate. Since plcp health check may request
hw scan to "reset radio", performance problem start to be observable
after update kernel to .35, where plcp check was introduced.Bug reporter confirmed that removing plcp check fixed problem for him.
Reported-and-tested-by: SilvioTO
Signed-off-by: Stanislaw Gruszka
Acked-by: Wey-Yi Guy
Signed-off-by: John W. Linville
Signed-off-by: Greg Kroah-Hartman -
commit ceaaec98ad99859ac90ac6863ad0a6cd075d8e0e upstream.
commit 9b5e383c11b08784 (net: Introduce
unregister_netdevice_many()) left an active LIST_HEAD() in
rollback_registered(), with possible memory corruption.Even if device is freed without touching its unreg_list (and therefore
touching the previous memory location holding LISTE_HEAD(single), better
close the bug for good, since its really subtle.(Same fix for default_device_exit_batch() for completeness)
Reported-by: Michal Hocko
Tested-by: Michal Hocko
Reported-by: Eric W. Biderman
Tested-by: Eric W. Biderman
Signed-off-by: Linus Torvalds
Signed-off-by: Eric Dumazet
CC: Ingo Molnar
CC: Octavian Purdila
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
commit 3233cdbd9fa347a6d6897a94cc6ed0302ae83c4f upstream.
MAYDAY_INITIAL_TIMEOUT is defined as HZ / 100 and depending on
configuration may end up 0 or 1. Even when it's 1, depending on when
the mayday timer is added in the current jiffy interval, it may expire
way before a jiffy has passed.Make sure MAYDAY_INITIAL_TIMEOUT is at least two to guarantee that at
least a full jiffy has passed before calling rescuers.Signed-off-by: Tejun Heo
Reported-by: Ray Jui
Signed-off-by: Greg Kroah-Hartman -
commit 7576958a9d5a4a677ad7dd40901cdbb6c1110c98 upstream.
After executing the matching works, a rescuer leaves the gcwq whether
there are more pending works or not. This may decrease the
concurrency level to zero and stall execution until a new work item is
queued on the gcwq.Make rescuer wake up a regular worker when it leaves a gcwq if there
are more works to execute, so that execution isn't stalled.Signed-off-by: Tejun Heo
Reported-by: Ray Jui
Signed-off-by: Greg Kroah-Hartman -
commit fa7ea87a057958a8b7926c1a60a3ca6d696328ed upstream.
Validate number of blocks in map and remove redundant variable.
Signed-off-by: Timo Warns
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
commit 9f4283f49f0a96a64c5a45fe56f0f8c942885eef upstream.
The fixed ref/post dividers are set by the AdjustPll table
rather than the ss info table on dce4+. Make sure we enable
the fractional feedback dividers when using a fixed post
or ref divider on them as well.Fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=29272Signed-off-by: Alex Deucher
Signed-off-by: Dave Airlie
Signed-off-by: Greg Kroah-Hartman -
commit 2e725a065b0153f0c449318da1923a120477633d upstream.
Currently we return 0 in swsusp_alloc() when alloc_image_page() fails.
Fix that. Also remove unneeded "error" variable since the only
useful value of error is -ENOMEM.[rjw: Fixed up the changelog and changed subject.]
Signed-off-by: Stanislaw Gruszka
Signed-off-by: Rafael J. Wysocki
Signed-off-by: Greg Kroah-Hartman -
This is a backport for 2.6.37 stable. The original commit ID is
6550904ddbc3c286798a87edf95eeebcc62bc58aOfflining the secondary CPU causes the timer irq affinity to be set to
CPU 0. When the secondary CPU is back online again, the wrong irq
affinity will be used.This patch ensures secondary per CPU timer always has the correct
IRQ affinity when enabled.Signed-off-by: Jacob Pan
LKML-Reference:
Signed-off-by: H. Peter Anvin
Signed-off-by: Greg Kroah-Hartman -
commit 261cd298a8c363d7985e3482946edb4bfedacf98 upstream.
task_show_regs used to be a debugging aid in the early bringup days
of Linux on s390. /proc//status is a world readable file, it
is not a good idea to show the registers of a process. The only
correct fix is to remove task_show_regs.Reported-by: Al Viro
Signed-off-by: Martin Schwidefsky
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
Upstream commits: 93789b32dbf355e70f18b17a82e8661677a7f7fb,
1c9d16e35911090dee3f9313e6af13af623d66eeea53069231f9317062910d6e772cca4ce93de8c8 made a CPU use monitor/mwait
when offline. This is not the optimal choice for AMD wrt to powersavings
and we'd prefer our cores to halt (i.e. enter C1) instead. For this, the
same selection whether to use monitor/mwait has to be used as when we
select the idle routine for the machine.With this patch, offlining cores 1-5 on a X6 machine allows core0 to
boost again.[ hpa: putting this in urgent since it is a (power) regression fix ]
Reported-by: Andreas Herrmann
Cc: H. Peter Anvin
Cc: Arjan van de Ven
Cc: Len Brown
Cc: Venkatesh Pallipadi
Cc: Peter Zijlstra
Signed-off-by: Borislav Petkov
LKML-Reference:
Signed-off-by: H. Peter Anvin
Signed-off-by: Greg Kroah-Hartman -
commit 47c85291d3dd1a51501555000b90f8e281a0458e upstream.
These functions return an nfs status, not a host_err. So don't
try to convert before returning.This is a regression introduced by
3c726023402a2f3b28f49b9d90ebf9e71151157d; I fixed up two of the callers,
but missed these two.Reported-by: Herbert Poetzl
Signed-off-by: NeilBrown
Signed-off-by: J. Bruce Fields
Signed-off-by: Greg Kroah-Hartman -
This is a backport of mainline kernel commit
2a5d24286e8bdafdc272b37ec5bdd9e977b3767c.Commit 9630bdd (ACPI: Use GPE reference counting to support shared
GPEs) introduced a suspend regression where boxes resume immediately
after being suspended due to the lid or sleep button wakeup status
not being cleared properly. This happens if the GPEs corresponding
to those devices are not enabled all the time, which apparently is
expected by some BIOSes.To fix this problem, enable button and lid GPEs unconditionally
during initialization and keep them enabled all the time, regardless
of whether or not the ACPI button driver is used.References: https://bugzilla.kernel.org/show_bug.cgi?id=27372
Reported-and-tested-by: Ferenc Wágner
Signed-off-by: Rafael J. Wysocki
Signed-off-by: Greg Kroah-Hartman -
commit a628e7b87e100befac9702aa0c3b9848a7685e49 upstream.
This reintroduces commit 47970b1b which was subsequently reverted
as f00eaeea. The original change was broken and caused X startup
failures and generally made privileged processes incapable of reading
device dependent config space. The normal capable() interface returns
true on success, but the LSM interface returns 0 on success. This thinko
is now fixed in this patch, and has been confirmed to work properly.So, once again...Eric Paris noted that commit de139a3 ("pci: check caps
from sysfs file open to read device dependent config space") caused the
capability check to bypass security modules and potentially auditing.
Rectify this by calling security_capable() when checking the open file's
capabilities for config space reads.Reported-by: Eric Paris
Tested-by: Dave Young
Acked-by: James Morris
Cc: Dave Airlie
Cc: Alex Riesen
Cc: Sedat Dilek
Cc: Linus Torvalds
Signed-off-by: Chris Wright
Signed-off-by: James Morris
Signed-off-by: Greg Kroah-Hartman -
commit 6037b715d6fab139742c3df8851db4c823081561 upstream.
Expand security_capable() to include cred, so that it can be usable in a
wider range of call sites.Signed-off-by: Chris Wright
Acked-by: Serge Hallyn
Signed-off-by: James Morris
Signed-off-by: Greg Kroah-Hartman -
commit fb2b2a1d37f80cc818fd4487b510f4e11816e5e1 upstream.
In prepare_kernel_cred() since 2.6.29, put_cred(new) is called without
assigning new->usage when security_prepare_creds() returned an error. As a
result, memory for new and refcount for new->{user,group_info,tgcred} are
leaked because put_cred(new) won't call __put_cred() unless old->usage == 1.Fix these leaks by assigning new->usage (and new->subscribers which was added
in 2.6.32) before calling security_prepare_creds().Signed-off-by: Tetsuo Handa
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
commit 2edeaa34a6e3f2c43b667f6c4f7b27944b811695 upstream.
In cred_alloc_blank() since 2.6.32, abort_creds(new) is called with
new->security == NULL and new->magic == 0 when security_cred_alloc_blank()
returns an error. As a result, BUG() will be triggered if SELinux is enabled
or CONFIG_DEBUG_CREDENTIALS=y.If CONFIG_DEBUG_CREDENTIALS=y, BUG() is called from __invalid_creds() because
cred->magic == 0. Failing that, BUG() is called from selinux_cred_free()
because selinux_cred_free() is not expecting cred->security == NULL. This does
not affect smack_cred_free(), tomoyo_cred_free() or apparmor_cred_free().Fix these bugs by
(1) Set new->magic before calling security_cred_alloc_blank().
(2) Handle null cred->security in creds_are_invalid() and selinux_cred_free().
Signed-off-by: Tetsuo Handa
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
commit 51788b1bdd0d68345bab0af4301e7fa429277228 upstream.
Commit bf5fc093c5b625e4259203f1cee7ca73488a5620 refactored
btrfs_ioctl_space_info() and introduced several security issues.space_args.space_slots is an unsigned 64-bit type controlled by a
possibly unprivileged caller. The comparison as a signed int type
allows providing values that are treated as negative and cause the
subsequent allocation size calculation to wrap, or be truncated to 0.
By providing a size that's truncated to 0, kmalloc() will return
ZERO_SIZE_PTR. It's also possible to provide a value smaller than the
slot count. The subsequent loop ignores the allocation size when
copying data in, resulting in a heap overflow or write to ZERO_SIZE_PTR.The fix changes the slot count type and comparison typecast to u64,
which prevents truncation or signedness errors, and also ensures that we
don't copy more data than we've allocated in the subsequent loop. Note
that zero-size allocations are no longer possible since there is already
an explicit check for space_args.space_slots being 0 and truncation of
this value is no longer an issue.Signed-off-by: Dan Rosenberg
Signed-off-by: Josef Bacik
Reviewed-by: Josef Bacik
Signed-off-by: Chris Mason
Signed-off-by: Greg Kroah-Hartman -
commit 78d2978874e4e10e97dfd4fd79db45bdc0748550 upstream.
In get_empty_filp() since 2.6.29, file_free(f) is called with f->f_cred == NULL
when security_file_alloc() returned an error. As a result, kernel will panic()
due to put_cred(NULL) call within RCU callback.Fix this bug by assigning f->f_cred before calling security_file_alloc().
Signed-off-by: Tetsuo Handa
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
commit c64f6f934c7490faff76faf96217066a1b3570a0 upstream.
This device used the MULTI_INPUT quirk whereas it could be used
with hid-mosart instead to support the multitouch part.Reference: https://bugs.launchpad.net/ubuntu/+bug/620609/
Signed-off-by: Benjamin Tissoires
Signed-off-by: Jiri Kosina
Signed-off-by: Greg Kroah-Hartman -
commit bc5ab083a68bfec212780281f8e57d871d8882a0 upstream.
This device has been reported to be an hid-cando one.
Signed-off-by: Benjamin Tissoires
Signed-off-by: Jiri Kosina
Signed-off-by: Greg Kroah-Hartman -
commit 0fbca4d1c3932c27c4794bf5c2b5fc961cf5a54f upstream.
Commit 368e136 ("xfs: remove duplicate code from dquot reclaim") fails
to unlock the dquot freelist when the number of loop restarts is
exceeded in xfs_qm_dqreclaim_one(). This causes hangs in memory
reclaim.Rework the loop control logic into an unwind stack that all the
different cases jump into. This means there is only one set of code
that processes the loop exit criteria, and simplifies the unlocking
of all the items from different points in the loop. It also fixes a
double increment of the restart counter from the qi_dqlist_lock
case.Reported-by: Malcolm Scott
Signed-off-by: Dave Chinner
Reviewed-by: Alex Elder
Cc: Arkadiusz Miskiewicz
Signed-off-by: Greg Kroah-Hartman -
commit cb26a24ee9706473f31d34cc259f4dcf45cd0644 upstream.
info->num comes from the user. It's type int. If the user passes
in a negative value that would cause memory corruption.Signed-off-by: Dan Carpenter
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman -
commit cf04d120d9413de581437cf9a29f138ec1178f65 upstream.
In case the mfn_list does not have enough entries to fill
a p2m page we do not want the entries from max_pfn up to
the boundary to be filled with unknown values. Hence
set them to INVALID_P2M_ENTRY.Signed-off-by: Konrad Rzeszutek Wilk
Signed-off-by: Stefan Bader
Signed-off-by: Greg Kroah-Hartman -
commit 8e1b4cf2108488ccfb9a3e7ed7cd85a435e01d4b upstream.
After changing the p2m mapping to a tree by
commit 58e05027b530ff081ecea68e38de8d59db8f87e0
xen: convert p2m to a 3 level treeand trying to boot a DomU with 615MB of memory, the following crash was
observed in the dump:kernel direct mapping tables up to 26f00000 @ 1ec4000-1fff000
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [] xen_set_pte+0x27/0x60
*pdpt = 0000000000000000 *pde = 0000000000000000Adding further debug statements showed that when trying to set up
pfn=0x26700 the returned mapping was invalid.pfn=0x266ff calling set_pte(0xc1fe77f8, 0x6b3003)
pfn=0x26700 calling set_pte(0xc1fe7800, 0x3)Although the last_pfn obtained from the startup info is 0x26700, which
should in turn not be hit, the additional 8MB which are added as extra
memory normally seem to be ok. This lead to looking into the initial
p2m tree construction, which uses the smaller value and assuming that
there is other code handling the extra memory.When the p2m tree is set up, the leaves are directly pointed to the
array which the domain builder set up. But if the mapping is not on a
boundary that fits into one p2m page, this will result in the last leaf
being only partially valid. And as the invalid entries are not
initialized in that case, things go badly wrong.I am trying to fix that by checking whether the current leaf is a
complete map and if not, allocate a completely new page and copy only
the valid pointers there. This may not be the most efficient or elegant
solution, but at least it seems to allow me booting DomUs with memory
assignments all over the range.BugLink: http://bugs.launchpad.net/bugs/686692
[v2: Redid a bit of commit wording and fixed a compile warning]Signed-off-by: Stefan Bader
Signed-off-by: Konrad Rzeszutek Wilk
Signed-off-by: Greg Kroah-Hartman -
commit 37f809755845cc3e18e8216c04525bdb885fa13b upstream.
When trying to do channel equalization, we need to make sure we still
have clock recovery on all lanes while training. We also need to try
clock recovery again if we lose the clock or if channel eq fails 5
times. We'll try clock recovery up to 5 more times before giving up
entirely.Gets suspend/resume working on my Vaio again and brings us back into
compliance with the DP training sequence spec.Signed-off-by: Jesse Barnes
Signed-off-by: Chris Wilson
Signed-off-by: Greg Kroah-Hartman -
commit 7b698ea377e10b074ceef0d79218e6622d618421 upstream.
Mathias Merz reported that v2.6.37 failed to boot on his
system.Make sure that the thread_info part of the irqstack is
initialized to zeroes.Reported-and-Tested-by: Matthias Merz
Signed-off-by: Brian Gerst
Acked-by: Pekka Enberg
Cc: Arjan van de Ven
Cc: Linus Torvalds
LKML-Reference:
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 20c457b8587bee4644d998331d9e13be82e05b4c upstream.
[This patch is part of mainline git commit 20c457b8587bee4644d9.
This should fix:
http://www.mail-archive.com/linux-perf-users@vger.kernel.org/msg00057.htmlThe regression was introduced by git commit:
4c21adf26f8fcf86a755b9b9f55c2e9fd241e1fb]builtin-timechart must only pass -e power:xy events if they are supported by
the running kernel, otherwise try to fetch the old power:power{start,end}
events.For this I added the tiny helper function:
int is_valid_tracepoint(const char *event_string)
to parse-events.[hc], which could be more generic as an interface and support
hardware/software/... events, not only tracepoints, but someone else could
extend that if needed...Signed-off-by: Thomas Renninger
Acked-by: Arjan van de Ven
Acked-by: Jean Pihet
LKML-Reference:
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
[ Linus' tree commit 6a66bbd693c12f71697c61207aa18bc5a12da0ab ]
With the recent switch to having the hid layer handle standard axis
initialization, the Magic Trackpad now reports relative axes. This would
be fine in the normal mode, but the driver puts the device in multitouch
mode where no relative events are generated. Also, userspace software
depends on accurate axis information for device type detection. Thus,
ignoring the relative axes from the Magic Trackpad is best.Signed-off-by: Chase Douglas
Signed-off-by: Jiri Kosina
Signed-off-by: Greg Kroah-Hartman -
commit 4f444e2b59dd4255d121b57ec41a4a8c5d6bce46 upstream.
Since commit 7a5b4e16c880f8350d255dc188f81622905618c1, simpad devices don't
boot anymore, since platform devices are registered too early. Fix by moving
the registration from map_io to arch_initcall as done on other sa1100 boards.Signed-off-by: Jochen Friedrich
Acked-by: Kristoffer Ericson
Signed-off-by: Russell King
Signed-off-by: Greg Kroah-Hartman -
commit c55c63c6539499379ab4a7e8a5c0f857351fb946 upstream.
With framebuffer handover and multiple GPUs, we get into a
position where the fbcon unbinds the vesafb framebuffer for GPU 1,
but we still have a radeon framebuffer bound from GPU 0, so
we don't unregister the console driver. Then when we tried to bind
the new radeon framebuffer for GPU1 we never get to the bind
call as we fail due to the console being registered already.This changes the return value to -EBUSY when the driver is
already registered and continues to bind for -EBUSY.Signed-off-by: Dave Airlie
Cc: Alan Cox
Signed-off-by: Greg Kroah-Hartman -
commit c42988012ad9c1807b7c7a5ff855cd630094989b upstream.
CONFIG_ACPI_VIDEO depends on more than just CONFIG_ACPI, so add those
dependencies to the Kconfig select condition. The case where some
dependencies fail to be satisfied should be handled correctly, because
in that case the ACPI_VIDEO symbols we use are converted into
static-inline stubs.Signed-off-by: Ben Hutchings
Signed-off-by: Francisco Jerez
Signed-off-by: Ben Skeggs
Cc: Nick Bowler
Signed-off-by: Greg Kroah-Hartman