10 May, 2010
6 commits
-
Remove the dev_node declaration. We now only pass the device name
to the deprecated userspace tools.Signed-off-by: Dominik Brodowski
-
With req_irq_t gone, we can get rid of some definitions.
Signed-off-by: Dominik Brodowski
-
Instead of the old pcmcia_request_irq() interface, drivers may now
choose between:- calling request_irq/free_irq directly. Use the IRQ from *p_dev->irq.
- use pcmcia_request_irq(p_dev, handler_t); the PCMCIA core will
clean up automatically on calls to pcmcia_disable_device() or
device ejection.- drivers still not capable of IRQF_SHARED (or not telling us so) may
use the deprecated pcmcia_request_exclusive_irq() for the time
being; they might receive a shared IRQ nonetheless.CC: linux-bluetooth@vger.kernel.org
CC: netdev@vger.kernel.org
CC: linux-wireless@vger.kernel.org
CC: linux-serial@vger.kernel.org
CC: alsa-devel@alsa-project.org
CC: linux-usb@vger.kernel.org
CC: linux-ide@vger.kernel.org
Signed-off-by: Dominik Brodowski -
As it's only used there it makes no sense relying on pcmcia_request_irq().
CC: alsa-devel@alsa-project.org
Signed-off-by: Dominik Brodowski -
As we don't need the "Config" counter any more, we can simplify
struct pcmcia_socket.Signed-off-by: Dominik Brodowski
-
Setup the IRQ to be used by PCMCIA drivers already during the device
registration stage, making use of a new function pcmcia_setup_irq().
This will allow us to get rid of quite a lot of indirection in the
future.Signed-off-by: Dominik Brodowski
08 May, 2010
3 commits
-
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/ttm: Remove the ttm_bo_block_reservation() function.
drm/ttm: Remove some leftover debug messages.
drm/radeon: async event synchronization for drmWaitVblank -
* 'v4l_for_2.6.34' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6:
V4L/DVB: pxa_camera: move fifo reset direct before dma start
V4L/DVB: video: testing unsigned for less than 0
V4L/DVB: mx1-camera: compile fix
V4L/DVB: budget: Oops: "BUG: unable to handle kernel NULL pointer dereference"
V4L/DVB: ngene: Workaround for stuck DiSEqC pin
V4L/DVB: saa7146: fix regression of the av7110/budget-av driver
V4L/DVB: v4l: fix config dependencies: mxb and saa7191 are V4L2 drivers, not V4L1
V4L/DVB: feature-removal: announce videotext.h removal
V4L/DVB: V4L - vpfe capture - fix for kernel crash
V4L/DVB: gspca: make usb id 0461:0815 get handled by the right driver
V4L/DVB: gspca - stv06xx: Remove the 046d:08da from the stv06xx driver
V4L/DVB: gspca - sn9c20x: Correct onstack wait_queue_head declaration
V4L/DVB: saa7146: fix up bytesperline if it is an impossible value
V4L/DVB: V4L: vpfe_capture - free ccdc_lock when memory allocation fails
V4L/DVB: V4L - Makfile:Removed duplicate entry of davinci
V4L/DVB: omap24xxcam: potential buffer overflow -
…/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
rcu: create rcu_my_thread_group_empty() wrapper
memcg: css_id() must be called under rcu_read_lock()
cgroup: Check task_lock in task_subsys_state()
sched: Fix an RCU warning in print_task()
cgroup: Fix an RCU warning in alloc_css_id()
cgroup: Fix an RCU warning in cgroup_path()
KEYS: Fix an RCU warning in the reading of user keys
KEYS: Fix an RCU warning
07 May, 2010
3 commits
-
It's unused and buggy in its current form, since it can place a bo
in the reserved state without removing it from lru lists.Signed-off-by: Thomas Hellstrom
Signed-off-by: Dave Airlie -
An earlier regression fix for the mxb driver (V4L/DVB: saa7146_vv: fix
regression where v4l2_device was registered too late) caused a new
regression in the av7110 driver.Reverted the old fix and fixed the problem in the mxb driver instead.
Tested on mxb and budget-av cards.The real problem is that the saa7146 framework has separate probe()
and attach() driver callbacks which should be rolled into one. This
is now done for the mxb driver, but others should do the same. Lack
of hardware makes this hard to do, though. I hope to get hold of some
hexium cards and then I can try to improve the framework to prevent
this from happening again.Signed-off-by: Hans Verkuil
Signed-off-by: Mauro Carvalho Chehab -
Some RCU-lockdep splat repairs need to know whether they are running
in a single-threaded process. Unfortunately, the thread_group_empty()
primitive is defined in sched.h, and can induce #include hell. This
commit therefore introduces a rcu_my_thread_group_empty() wrapper that
is defined in rcupdate.c, thus avoiding the need to include sched.h
everywhere.Signed-off-by: "Paul E. McKenney"
05 May, 2010
2 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
FEC: Fix kernel panic in fec_set_mac_address.
ipv6: Fix default multicast hops setting.
net: ep93xx_eth stops receiving packets
drivers/net/phy: micrel phy driver
dm9601: fix phy/eeprom write routine
ppp_generic: handle non-linear skbs when passing them to pppd
ppp_generic: pull 2 bytes so that PPP_PROTO(skb) is valid
net: fix compile error due to double return type in SOCK_DEBUG
net/usb: initiate sync sequence in sierra_net.c driver
net/usb: remove default in Kconfig for sierra_net driver
r8169: Fix rtl8169_rx_interrupt()
e1000e: Fix oops caused by ASPM patch.
net/sb1250: register mdio bus in probe
sctp: Fix skb_over_panic resulting from multiple invalid parameter errors (CVE-2010-1173) (v4)
p54pci: fix bugs in p54p_check_tx_ring -
Expand task_subsys_state()'s rcu_dereference_check() to include the full
locking rule as documented in Documentation/cgroups/cgroups.txt by adding
a check for task->alloc_lock being held.This fixes an RCU false positive when resuming from suspend. The warning
comes from freezer cgroup in cgroup_freezing_or_frozen().Signed-off-by: Li Zefan
Acked-by: Matt Helsley
Signed-off-by: Paul E. McKenney
04 May, 2010
1 commit
-
Using a single list for all userspace devices leads to a dead lock
on multiplexed buses in some circumstances (mux chip instantiated
from userspace). This is solved by using a separate list for each
bus segment.Signed-off-by: Jean Delvare
Acked-by: Michael Lawnick
03 May, 2010
1 commit
-
Fix this one:
include/net/sock.h: error: two or more data types in declaration specifiersSigned-off-by: Jan Engelhardt
Signed-off-by: David S. Miller
01 May, 2010
1 commit
-
For more clearance what the functions actually do,
usb_buffer_alloc() is renamed to usb_alloc_coherent()
usb_buffer_free() is renamed to usb_free_coherent()They should only be used in code which really needs DMA coherency.
[added compatibility macros so we can convert things easier - gregkh]
Signed-off-by: Daniel Mack
Cc: Alan Stern
Cc: Pedro Ribeiro
Signed-off-by: Greg Kroah-Hartman
30 Apr, 2010
1 commit
-
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
nfs: fix memory leak in nfs_get_sb with CONFIG_NFS_V4
nfs: fix some issues in nfs41_proc_reclaim_complete()
NFS: Ensure that nfs_wb_page() waits for Pg_writeback to clear
NFS: Fix an unstable write data integrity race
nfs: testing for null instead of ERR_PTR()
NFS: rsize and wsize settings ignored on v4 mounts
NFSv4: Don't attempt an atomic open if the file is a mountpoint
SUNRPC: Fix a bug in rpcauth_prune_expired
29 Apr, 2010
4 commits
-
Ok, version 4
Change Notes:
1) Minor cleanups, from Vlads notesSummary:
Hey-
Recently, it was reported to me that the kernel could oops in the
following way:kernel BUG at net/core/skbuff.c:91!
invalid operand: 0000 [#1]
Modules linked in: sctp netconsole nls_utf8 autofs4 sunrpc iptable_filter
ip_tables cpufreq_powersave parport_pc lp parport vmblock(U) vsock(U) vmci(U)
vmxnet(U) vmmemctl(U) vmhgfs(U) acpiphp dm_mirror dm_mod button battery ac md5
ipv6 uhci_hcd ehci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_ac97_codec snd soundcore
pcnet32 mii floppy ext3 jbd ata_piix libata mptscsih mptsas mptspi mptscsi
mptbase sd_mod scsi_mod
CPU: 0
EIP: 0060:[] Not tainted VLI
EFLAGS: 00010216 (2.6.9-89.0.25.EL)
EIP is at skb_over_panic+0x1f/0x2d
eax: 0000002c ebx: c033f461 ecx: c0357d96 edx: c040fd44
esi: c033f461 edi: df653280 ebp: 00000000 esp: c040fd40
ds: 007b es: 007b ss: 0068
Process swapper (pid: 0, threadinfo=c040f000 task=c0370be0)
Stack: c0357d96 e0c29478 00000084 00000004 c033f461 df653280 d7883180
e0c2947d
00000000 00000080 df653490 00000004 de4f1ac0 de4f1ac0 00000004
df653490
00000001 e0c2877a 08000800 de4f1ac0 df653490 00000000 e0c29d2e
00000004
Call Trace:
[] sctp_addto_chunk+0xb0/0x128 [sctp]
[] sctp_addto_chunk+0xb5/0x128 [sctp]
[] sctp_init_cause+0x3f/0x47 [sctp]
[] sctp_process_unk_param+0xac/0xb8 [sctp]
[] sctp_verify_init+0xcc/0x134 [sctp]
[] sctp_sf_do_5_1B_init+0x83/0x28e [sctp]
[] sctp_do_sm+0x41/0x77 [sctp]
[] cache_grow+0x140/0x233
[] sctp_endpoint_bh_rcv+0xc5/0x108 [sctp]
[] sctp_inq_push+0xe/0x10 [sctp]
[] sctp_rcv+0x454/0x509 [sctp]
[] ipt_hook+0x17/0x1c [iptable_filter]
[] nf_iterate+0x40/0x81
[] ip_local_deliver_finish+0x0/0x151
[] ip_local_deliver_finish+0xc6/0x151
[] nf_hook_slow+0x83/0xb5
[] ip_local_deliver+0x1a2/0x1a9
[] ip_local_deliver_finish+0x0/0x151
[] ip_rcv+0x334/0x3b4
[] netif_receive_skb+0x320/0x35b
[] init_stall_timer+0x67/0x6a [uhci_hcd]
[] process_backlog+0x6c/0xd9
[] net_rx_action+0xfe/0x1f8
[] __do_softirq+0x35/0x79
[] handle_IRQ_event+0x0/0x4f
[] do_softirq+0x46/0x4dIts an skb_over_panic BUG halt that results from processing an init chunk in
which too many of its variable length parameters are in some way malformed.The problem is in sctp_process_unk_param:
if (NULL == *errp)
*errp = sctp_make_op_error_space(asoc, chunk,
ntohs(chunk->chunk_hdr->length));if (*errp) {
sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
WORD_ROUND(ntohs(param.p->length)));
sctp_addto_chunk(*errp,
WORD_ROUND(ntohs(param.p->length)),
param.v);When we allocate an error chunk, we assume that the worst case scenario requires
that we have chunk_hdr->length data allocated, which would be correct nominally,
given that we call sctp_addto_chunk for the violating parameter. Unfortunately,
we also, in sctp_init_cause insert a sctp_errhdr_t structure into the error
chunk, so the worst case situation in which all parameters are in violation
requires chunk_hdr->length+(sizeof(sctp_errhdr_t)*param_count) bytes of data.The result of this error is that a deliberately malformed packet sent to a
listening host can cause a remote DOS, described in CVE-2010-1173:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1173I've tested the below fix and confirmed that it fixes the issue. We move to a
strategy whereby we allocate a fixed size error chunk and ignore errors we don't
have space to report. Tested by me successfullySigned-off-by: Neil Horman
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (27 commits)
sfc: Change falcon_probe_board() to fail for unsupported boards
sfc: Always close net device at the end of a disabling reset
sfc: Wait at most 10ms for the MC to finish reading out MAC statistics
sctp: Fix oops when sending queued ASCONF chunks
sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set
sctp: per_cpu variables should be in bh_disabled section
sctp: fix potential reference of a freed pointer
sctp: avoid irq lock inversion while call sk->sk_data_ready()
Revert "tcp: bind() fix when many ports are bound"
net/usb: add sierra_net.c driver
cdc_ether: fix autosuspend for mbm devices
bluetooth: handle l2cap_create_connless_pdu() errors
gianfar: Wait for both RX and TX to stop
ipheth: potential null dereferences on error path
smc91c92_cs: spin_unlock_irqrestore before calling smc_interrupt()
drivers/usb/net/kaweth.c: add device "Allied Telesyn AT-USB10 USB Ethernet Adapter"
bnx2: Update version to 2.0.9.
bnx2: Prevent "scheduling while atomic" warning with cnic, bonding and vlan.
bnx2: Fix lost MSI-X problem on 5709 NICs.
cxgb3: Wait longer for control packets on initialization
... -
When we finish processing ASCONF_ACK chunk, we try to send
the next queued ASCONF. This action runs the sctp state
machine recursively and it's not prepared to do so.kernel BUG at kernel/timer.c:790!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/module/ipv6/initstate
Modules linked in: sha256_generic sctp libcrc32c ipv6 dm_multipath
uinput 8139too i2c_piix4 8139cp mii i2c_core pcspkr virtio_net joydev
floppy virtio_blk virtio_pci [last unloaded: scsi_wait_scan]Pid: 0, comm: swapper Not tainted 2.6.34-rc4 #15 /Bochs
EIP: 0060:[] EFLAGS: 00010286 CPU: 0
EIP is at add_timer+0xd/0x1b
EAX: cecbab14 EBX: 000000f0 ECX: c0957b1c EDX: 03595cf4
ESI: cecba800 EDI: cf276f00 EBP: c0957aa0 ESP: c0957aa0
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process swapper (pid: 0, ti=c0956000 task=c0988ba0 task.ti=c0956000)
Stack:
c0957ae0 d1851214 c0ab62e4 c0ab5f26 0500ffff 00000004 00000005 00000004
00000000 d18694fd 00000004 1666b892 cecba800 cecba800 c0957b14
00000004
c0957b94 d1851b11 ceda8b00 cecba800 cf276f00 00000001 c0957b14
000000d0
Call Trace:
[] ? sctp_side_effects+0x607/0xdfc [sctp]
[] ? sctp_do_sm+0x108/0x159 [sctp]
[] ? sctp_pname+0x0/0x1d [sctp]
[] ? sctp_primitive_ASCONF+0x36/0x3b [sctp]
[] ? sctp_process_asconf_ack+0x2a4/0x2d3 [sctp]
[] ? sctp_sf_do_asconf_ack+0x1dd/0x2b4 [sctp]
[] ? sctp_do_sm+0xb8/0x159 [sctp]
[] ? sctp_cname+0x0/0x52 [sctp]
[] ? sctp_assoc_bh_rcv+0xac/0xe1 [sctp]
[] ? sctp_inq_push+0x2d/0x30 [sctp]
[] ? sctp_rcv+0x797/0x82e [sctp]Tested-by: Wei Yongjun
Signed-off-by: Yuansong Qiao
Signed-off-by: Shuaijun Zhang
Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
sk->sk_data_ready() of sctp socket can be called from both BH and non-BH
contexts, but the default sk->sk_data_ready(), sock_def_readable(), can
not be used in this case. Therefore, we have to make a new function
sctp_data_ready() to grab sk->sk_data_ready() with BH disabling.=========================================================
[ INFO: possible irq lock inversion dependency detected ]
2.6.33-rc6 #129
---------------------------------------------------------
sctp_darn/1517 just changed the state of lock:
(clock-AF_INET){++.?..}, at: [] sock_def_readable+0x20/0x80
but this lock took another, SOFTIRQ-unsafe lock in the past:
(slock-AF_INET){+.-...}and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
1 lock held by sctp_darn/1517:
#0: (sk_lock-AF_INET){+.+.+.}, at: [] sctp_sendmsg+0x23d/0xc00 [sctp]Signed-off-by: Wei Yongjun
Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
28 Apr, 2010
3 commits
-
* 'urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6:
pcmcia: fix matching rules for pseudo-multi-function cards
pcmcia: pcmcia_dev_present bugfix -
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
coda: move backing-dev.h kernel include inside __KERNEL__
mtd: ensure that bdi entries are properly initialized and registered
Move mtd_bdi_*mappable to mtdcore.c
btrfs: convert to using bdi_setup_and_register()
Catch filesystems lacking s_bdi
drbd: Terminate a connection early if sending the protocol fails
drbd: fix memory leak
Fix JFFS2 sync silent failure
smbfs: add bdi backing to mount session
ncpfs: add bdi backing to mount session
exofs: add bdi backing to mount session
ecryptfs: add bdi backing to mount session
coda: add bdi backing to mount session
cifs: add bdi backing to mount session
afs: add bdi backing to mount session.
9p: add bdi backing to mount session
bdi: add helper function for doing init and register of a bdi for a file system
block: ensure jiffies wrap is handled correctly in blk_rq_timed_out_timer -
Otherwise we must export backing-dev.h as well, which doesn't make
any sense.Signed-off-by: Jens Axboe
25 Apr, 2010
2 commits
-
noop_backing_dev_info is used only as a flag to mark filesystems that
don't have any backing store, like tmpfs, procfs, spufs, etc.Signed-off-by: Joern Engel
Changed the BUG_ON() to a WARN_ON(). Note that adding dirty inodes
to the noop_backing_dev_info is not legal and will not result in
them being flushed, but we already catch this condition in
__mark_inode_dirty() when checking for a registered bdi.Signed-off-by: Jens Axboe
-
If a futex key happens to be located within a huge page mapped
MAP_PRIVATE, get_futex_key() can go into an infinite loop waiting for a
page->mapping that will never exist.See https://bugzilla.redhat.com/show_bug.cgi?id=552257 for more details
about the problem.This patch makes page->mapping a poisoned value that includes
PAGE_MAPPING_ANON mapped MAP_PRIVATE. This is enough for futex to
continue but because of PAGE_MAPPING_ANON, the poisoned value is not
dereferenced or used by futex. No other part of the VM should be
dereferencing the page->mapping of a hugetlbfs page as its page cache is
not on the LRU.This patch fixes the problem with the test case described in the bugzilla.
[akpm@linux-foundation.org: mel cant spel]
Signed-off-by: Mel Gorman
Acked-by: Peter Zijlstra
Acked-by: Darren Hart
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
24 Apr, 2010
1 commit
-
This cleans up a few of the complaints of __generic_block_fiemap. I've
fixed all the typing stuff, used inline functions instead of macros,
gotten rid of a couple of variables, and made sure the size and block
requests are all block aligned. It also fixes a problem where sometimes
FIEMAP_EXTENT_LAST wasn't being set properly.Signed-off-by: Josef Bacik
Signed-off-by: Linus Torvalds
23 Apr, 2010
2 commits
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
firewire: ohci: wait for local CSR lock access to finish
firewire: ohci: prevent aliasing of locally handled register addresses
firewire: core: fw_iso_resource_manage: return -EBUSY when out of resources
firewire: core: fix retries calculation in iso manage_channel()
firewire: cdev: fix cut+paste mistake in disclaimer -
Commit 2c61be0a9478258f77b66208a0c4b1f5f8161c3c (NFS: Ensure that the WRITE
and COMMIT RPC calls are always uninterruptible) exposed a race on file
close. In order to ensure correct close-to-open behaviour, we want to wait
for all outstanding background commit operations to complete.This patch adds an inode flag that indicates if a commit operation is under
way, and provides a mechanism to allow ->write_inode() to wait for its
completion if this is a data integrity flush.Signed-off-by: Trond Myklebust
22 Apr, 2010
5 commits
-
This ensures that dirty data gets flushed properly.
Signed-off-by: Jens Axboe
-
This ensures that dirty data gets flushed properly.
Signed-off-by: Jens Axboe
-
This ensures that dirty data gets flushed properly.
Signed-off-by: Jens Axboe
-
Pretty trivial helper, just sets up the bdi and registers it. An atomic
sequence count is used to ensure that the registered sysfs names are
unique.Signed-off-by: Jens Axboe
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6:
mc13783-regulator: fix a memory leak in mc13783_regulator_remove
regulator: Let drivers know when they use the stub API
21 Apr, 2010
1 commit
-
pcmcia_dev_present is in and by itself buggy. Add a note specifying
why it is broken, and replace the broken locking -- taking a mutex
is a bad idea in IRQ context, from which this function is rarely
called -- by an atomic_t.Signed-off-by: Dominik Brodowski
20 Apr, 2010
2 commits
-
This patch increases the current hardcoded limit of NR_IOBUS_DEVS
from 6 to 200. We are hitting this limit when creating a guest with more
than 1 virtio-net device using vhost-net backend. Each virtio-net
device requires 2 such devices to service notifications from rx/tx queues.Signed-off-by: Sridhar Samudrala
Signed-off-by: Avi Kivity -
Int is not long enough to store the size of a dirty bitmap.
This patch fixes this problem with the introduction of a wrapper
function to calculate the sizes of dirty bitmaps.Note: in mark_page_dirty(), we have to consider the fact that
__set_bit() takes the offset as int, not long.Signed-off-by: Takuya Yoshikawa
Signed-off-by: Marcelo Tosatti
19 Apr, 2010
2 commits
-
…/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
rcu: Make RCU lockdep check the lockdep_recursion variable
rcu: Update docs for rcu_access_pointer and rcu_dereference_protected
rcu: Better explain the condition parameter of rcu_dereference_check()
rcu: Add rcu_access_pointer and rcu_dereference_protected -
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/radeon/kms: add FireMV 2400 PCI ID.
drm/radeon/kms: allow R500 regs VAP_ALT_NUM_VERTICES and VAP_INDEX_OFFSET
drivers/gpu/radeon: Add MSPOS regs to safe list.
drm/radeon/kms: disable the tv encoder when tv/cv is not in use
drm/radeon/kms: adjust pll settings for tv
drm/radeon/kms: fix tv dac conflict resolver
drm/radeon/kms/evergreen: don't enable hdmi audio stuff
drm/radeon/kms/atom: fix dual-link DVI on DCE3.2/4.0
drm/radeon/kms: fix rs600 tlb flush
drm/radeon/kms: print GPU family and device id when loading
drm/radeon/kms: fix calculation of mipmapped 3D texture sizes
drm/radeon/kms: only change mode when coherent value changes.
drm/radeon/kms: more atom parser fixes (v2)