commit d0c4f31c99b390c9bfc54e79de0f7650ab819352
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri Apr 27 10:17:35 2012 -0700
Linux 3.3.4
commit 0df29c4a2857ed43ff23689423144aaf4f4101bc
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue Apr 24 23:01:22 2012 -0400
tcp: avoid order-1 allocations on wifi and tx path
[ This combines upstream commit
a21d45726acacc963d8baddf74607d9b74e2b723 and the follow-on bug fix
commit a21d45726acacc963d8baddf74607d9b74e2b723 ]
Marc Merlin reported many order-1 allocations failures in TX path on its
wireless setup, that dont make any sense with MTU=1500 network, and non
SG capable hardware.
After investigation, it turns out TCP uses sk_stream_alloc_skb() and
used as a convention skb_tailroom(skb) to know how many bytes of data
payload could be put in this skb (for non SG capable devices)
Note : these skb used kmalloc-4096 (MTU=1500 + MAX_HEADER +
sizeof(struct skb_shared_info) being above 2048)
Later, mac80211 layer need to add some bytes at the tail of skb
(IEEE80211_ENCRYPT_TAILROOM = 18 bytes) and since no more tailroom is
available has to call pskb_expand_head() and request order-1
allocations.
This patch changes sk_stream_alloc_skb() so that only
sk->sk_prot->max_header bytes of headroom are reserved, and use a new
skb field, avail_size to hold the data payload limit.
This way, order-0 allocations done by TCP stack can leave more than 2 KB
of tailroom and no more allocation is performed in mac80211 layer (or
any layer needing some tailroom)
avail_size is unioned with mark/dropcount, since mark will be set later
in IP stack for output packets. Therefore, skb size is unchanged.
Reported-by: Marc MERLIN <marc@merlins.org>
Tested-by: Marc MERLIN <marc@merlins.org>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1cf9d571c6e48f15608203fc76fa29c617459e0c
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue Apr 10 20:08:39 2012 +0000
net: allow pskb_expand_head() to get maximum tailroom
[ Upstream commit 87151b8689d890dfb495081f7be9b9e257f7a2df ]
Marc Merlin reported many order-1 allocations failures in TX path on its
wireless setup, that dont make any sense with MTU=1500 network, and non
SG capable hardware.
Turns out part of the problem comes from pskb_expand_head() not using
ksize() to get exact head size given by kmalloc(). Doing the same thing
than __alloc_skb() allows more tailroom in skb and can prevent future
reallocations.
As a bonus, struct skb_shared_info becomes cache line aligned.
Reported-by: Marc MERLIN <marc@merlins.org>
Tested-by: Marc MERLIN <marc@merlins.org>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 069d2955aa39b11764025031235ec3d7d215ce84
Author: Neal Cardwell <ncardwell@google.com>
Date: Sun Apr 22 09:45:47 2012 +0000
tcp: fix TCP_MAXSEG for established IPv6 passive sockets
[ Upstream commit d135c522f1234f62e81be29cebdf59e9955139ad ]
Commit f5fff5d forgot to fix TCP_MAXSEG behavior IPv6 sockets, so IPv6
TCP server sockets that used TCP_MAXSEG would find that the advmss of
child sockets would be incorrect. This commit mirrors the advmss logic
from tcp_v4_syn_recv_sock in tcp_v6_syn_recv_sock. Eventually this
logic should probably be shared between IPv4 and IPv6, but this at
least fixes this issue.
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0bcc60d6527fde19ce2ccff7bc3eaba5209a6693
Author: Eric W. Biederman <ebiederm@xmission.com>
Date: Wed Apr 18 16:11:23 2012 +0000
net ax25: Reorder ax25_exit to remove races.
[ Upstream commit 3adadc08cc1e2cbcc15a640d639297ef5fcb17f5 ]
While reviewing the sysctl code in ax25 I spotted races in ax25_exit
where it is possible to receive notifications and packets after already
freeing up some of the data structures needed to process those
notifications and updates.
Call unregister_netdevice_notifier early so that the rest of the cleanup
code does not need to deal with network devices. This takes advantage
of my recent enhancement to unregister_netdevice_notifier to send
unregister notifications of all network devices that are current
registered.
Move the unregistration for packet types, socket types and protocol
types before we cleanup any of the ax25 data structures to remove the
possibilities of other races.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9d0566204ed97b07856dbe9ad1cea97d255132cb
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu Apr 19 10:00:19 2012 +0300
ksz884x: don't copy too much in netdev_set_mac_address()
[ Upstream commit 716af4abd6e6370226f567af50bfaca274515980 ]
MAX_ADDR_LEN is 32. ETH_ALEN is 6. mac->sa_data is a 14 byte array, so
the memcpy() is doing a read past the end of the array. I asked about
this on netdev and Ben Hutchings told me it's supposed to be copying
ETH_ALEN bytes (thanks Ben).
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e6f8c8491515dcaa8686d7e6b805edd4aba281d8
Author: Julian Anastasov <ja@ssi.bg>
Date: Mon Apr 16 04:43:15 2012 +0000
netns: do not leak net_generic data on failed init
[ Upstream commit b922934d017f1cc831b017913ed7d1a56c558b43 ]
ops_init should free the net_generic data on
init failure and __register_pernet_operations should not
call ops_free when NET_NS is not enabled.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 07b267776c0746c14b28d931a623fb59736a672a
Author: Eric Dumazet <edumazet@google.com>
Date: Mon Apr 16 23:28:07 2012 +0000
tcp: fix tcp_grow_window() for large incoming frames
[ Upstream commit 4d846f02392a710f9604892ac3329e628e60a230 ]
tcp_grow_window() has to grow rcv_ssthresh up to window_clamp, allowing
sender to increase its window.
tcp_grow_window() still assumes a tcp frame is under MSS, but its no
longer true with LRO/GRO.
This patch fixes one of the performance issue we noticed with GRO on.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Tom Herbert <therbert@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit aa222ab252147b94968f7da05d788607d471a66e
Author: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Date: Sun Apr 15 13:26:01 2012 +0000
dummy: Add ndo_uninit().
[ Upstream commit 890fdf2a0cb88202d1427589db2cf29c1bdd3c1d ]
In register_netdevice(), when ndo_init() is successful and later
some error occurred, ndo_uninit() will be called.
So dummy deivce is desirable to implement ndo_uninit() method
to free percpu stats for this case.
And, ndo_uninit() is also called along with dev->destructor() when
device is unregistered, so in order to prevent dev->dstats from
being freed twice, dev->destructor is modified to free_netdev().
Signed-off-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2ccc2c1e85b15874fd39350b04100f3a7b998308
Author: Stephane Fillod <fillods@users.sf.net>
Date: Sun Apr 15 11:38:29 2012 +0000
net: usb: smsc75xx: fix mtu
[ Upstream commit a99ff7d0123b19ecad3b589480b6542716ab6b52 ]
Make smsc75xx recalculate the hard_mtu after adjusting the
hard_header_len.
Without this, usbnet adjusts the MTU down to 1492 bytes, and the host is
unable to receive standard 1500-byte frames from the device.
Inspired by same fix on cdc_eem 78fb72f7936c01d5b426c03a691eca082b03f2b9.
Tested on ARM/Omap3 with EVB-LAN7500-LC.
Signed-off-by: Stephane Fillod <fillods@users.sf.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c2b606aa4f25a3cd94a1eb061c814e2acf8134c9
Author: David Ward <david.ward@ll.mit.edu>
Date: Sun Apr 15 12:31:45 2012 +0000
net_sched: gred: Fix oops in gred_dump() in WRED mode
[ Upstream commit 244b65dbfede788f2fa3fe2463c44d0809e97c6b ]
A parameter set exists for WRED mode, called wred_set, to hold the same
values for qavg and qidlestart across all VQs. The WRED mode values had
been previously held in the VQ for the default DP. After these values
were moved to wred_set, the VQ for the default DP was no longer created
automatically (so that it could be omitted on purpose, to have packets
in the default DP enqueued directly to the device without using RED).
However, gred_dump() was overlooked during that change; in WRED mode it
still reads qavg/qidlestart from the VQ for the default DP, which might
not even exist. As a result, this command sequence will cause an oops:
tc qdisc add dev $DEV handle $HANDLE parent $PARENT gred setup \
DPs 3 default 2 grio
tc qdisc change dev $DEV handle $HANDLE gred DP 0 prio 8 $RED_OPTIONS
tc qdisc change dev $DEV handle $HANDLE gred DP 1 prio 8 $RED_OPTIONS
This fixes gred_dump() in WRED mode to use the values held in wred_set.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ec86d62e20e80613eaebea6ab67b9a7b6539e645
Author: Davide Ciminaghi <ciminaghi@gnudd.com>
Date: Fri Apr 13 04:48:25 2012 +0000
net/ethernet: ks8851_mll fix rx frame buffer overflow
[ Upstream commit 8a9a0ea6032186e3030419262678d652b88bf6a8 ]
At the beginning of ks_rcv(), a for loop retrieves the
header information relevant to all the frames stored
in the mac's internal buffers. The number of pending
frames is stored as an 8 bits field in KS_RXFCTR.
If interrupts are disabled long enough to allow for more than
32 frames to accumulate in the MAC's internal buffers, a buffer
overflow occurs.
This patch fixes the problem by making the
driver's frame_head_info buffer big enough.
Well actually, since the chip appears to have 12K of
internal rx buffers and the shortest ethernet frame should
be 64 bytes long, maybe the limit could be set to
12*1024/64 = 192 frames, but 255 should be safer.
Signed-off-by: Davide Ciminaghi <ciminaghi@gnudd.com>
Signed-off-by: Raffaele Recalcati <raffaele.recalcati@bticino.it>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 626398f31f6ad37ca4e5e81a33b0ab3d01953c00
Author: Will Deacon <will.deacon@arm.com>
Date: Thu Apr 12 05:54:09 2012 +0000
net: smsc911x: fix skb handling in receive path
[ Upstream commit 3c5e979bd037888dd7d722da22da4b43659af485 ]
The SMSC911x driver resets the ->head, ->data and ->tail pointers in the
skb on the reset path in order to avoid buffer overflow due to packet
padding performed by the hardware.
This patch fixes the receive path so that the skb pointers are fixed up
after the data has been read from the device, The error path is also
fixed to use number of words consistently and prevent erroneous FIFO
fastforwarding when skipping over bad data.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1cdee7a0216d67656aba886be73e32d4862a1bab
Author: Jason Wang <jasowang@redhat.com>
Date: Wed Apr 11 22:10:54 2012 +0000
8139cp: set intr mask after its handler is registered
[ Upstream commit a8c9cb106fe79c28d6b7f1397652cadd228715ff ]
We set intr mask before its handler is registered, this does not work well when
8139cp is sharing irq line with other devices. As the irq could be enabled by
the device before 8139cp's hander is registered which may lead unhandled
irq. Fix this by introducing an helper cp_irq_enable() and call it after
request_irq().
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 60cf9a4017ed9b3bcd1c28e7a443f4dfe239b8df
Author: Tony Zelenoff <antonz@parallels.com>
Date: Wed Apr 11 06:15:03 2012 +0000
atl1: fix kernel panic in case of DMA errors
[ Upstream commit 03662e41c7cff64a776bfb1b3816de4be43de881 ]
Problem:
There was two separate work_struct structures which share one
handler. Unfortunately getting atl1_adapter structure from
work_struct in case of DMA error was done from incorrect
offset which cause kernel panics.
Solution:
The useless work_struct for DMA error removed and
handler name changed to more generic one.
Signed-off-by: Tony Zelenoff <antonz@parallels.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8607ccff19e16b51feab33664425e5984f751074
Author: Neal Cardwell <ncardwell@google.com>
Date: Tue Apr 10 07:59:20 2012 +0000
tcp: fix tcp_rcv_rtt_update() use of an unscaled RTT sample
[ Upstream commit 18a223e0b9ec8979320ba364b47c9772391d6d05 ]
Fix a code path in tcp_rcv_rtt_update() that was comparing scaled and
unscaled RTT samples.
The intent in the code was to only use the 'm' measurement if it was a
new minimum. However, since 'm' had not yet been shifted left 3 bits
but 'new_sample' had, this comparison would nearly always succeed,
leading us to erroneously set our receive-side RTT estimate to the 'm'
sample when that sample could be nearly 8x too high to use.
The overall effect is to often cause the receive-side RTT estimate to
be significantly too large (up to 40% too large for brief periods in
my tests).
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ce30c9603e01ed68e7536a0936f30ec047acd57f
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue Apr 10 00:56:42 2012 +0000
tcp: restore correct limit
[ Upstream commit 5fb84b1428b271f8767e0eb3fcd7231896edfaa4 ]
Commit c43b874d5d714f (tcp: properly initialize tcp memory limits) tried
to fix a regression added in commits 4acb4190 & 3dc43e3,
but still get it wrong.
Result is machines with low amount of memory have too small tcp_rmem[2]
value and slow tcp receives : Per socket limit being 1/1024 of memory
instead of 1/128 in old kernels, so rcv window is capped to small
values.
Fix this to match comment and previous behavior.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Glauber Costa <glommer@parallels.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 44ffc7c1c604e0ea5dd727b440b74b6121d152d9
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Fri Apr 6 10:49:10 2012 +0200
net: fix a race in sock_queue_err_skb()
[ Upstream commit 110c43304db6f06490961529536c362d9ac5732f ]
As soon as an skb is queued into socket error queue, another thread
can consume it, so we are not allowed to reference skb anymore, or risk
use after free.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 567d1cca5d81446e452c0f4aa6751a8612a31817
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Thu Apr 5 22:17:46 2012 +0000
netlink: fix races after skb queueing
[ Upstream commit 4a7e7c2ad540e54c75489a70137bf0ec15d3a127 ]
As soon as an skb is queued into socket receive_queue, another thread
can consume it, so we are not allowed to reference skb anymore, or risk
use after free.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8087d1a115874141742ffecd54953bb691a5940e
Author: Phil Sutter <phil.sutter@viprinet.com>
Date: Mon Mar 26 09:01:30 2012 +0000
wimax: i2400m - prevent a possible kernel bug due to missing fw_name string
[ Upstream commit 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80 ]
This happened on a machine with a custom hotplug script calling nameif,
probably due to slow firmware loading. At the time nameif uses ethtool
to gather interface information, i2400m->fw_name is zero and so a null
pointer dereference occurs from within i2400m_get_drvinfo().
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 08f416bd670c6e4f3582894ddbaf67aecf7c6e71
Author: Veaceslav Falico <vfalico@redhat.com>
Date: Thu Apr 5 03:47:43 2012 +0000
bonding: properly unset current_arp_slave on slave link up
[ Upstream commit 5a4309746cd74734daa964acb02690c22b3c8911 ]
When a slave comes up, we're unsetting the current_arp_slave without
removing active flags from it, which can lead to situations where we have
more than one slave with active flags in active-backup mode.
To avoid this situation we must remove the active flags from a slave before
removing it as a current_arp_slave.
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a18963fd8c43d8f961cc9648e1c46a4e79e124c4
Author: Sasha Levin <levinsasha928@gmail.com>
Date: Thu Apr 5 12:07:45 2012 +0000
phonet: Check input from user before allocating
[ Upstream commit bcf1b70ac6eb0ed8286c66e6bf37cb747cbaa04c ]
A phonet packet is limited to USHRT_MAX bytes, this is never checked during
tx which means that the user can specify any size he wishes, and the kernel
will attempt to allocate that size.
In the good case, it'll lead to the following warning, but it may also cause
the kernel to kick in the OOM and kill a random task on the server.
[ 8921.744094] WARNING: at mm/page_alloc.c:2255 __alloc_pages_slowpath+0x65/0x730()
[ 8921.749770] Pid: 5081, comm: trinity Tainted: G W 3.4.0-rc1-next-20120402-sasha #46
[ 8921.756672] Call Trace:
[ 8921.758185] [<ffffffff810b2ba7>] warn_slowpath_common+0x87/0xb0
[ 8921.762868] [<ffffffff810b2be5>] warn_slowpath_null+0x15/0x20
[ 8921.765399] [<ffffffff8117eae5>] __alloc_pages_slowpath+0x65/0x730
[ 8921.769226] [<ffffffff81179c8a>] ? zone_watermark_ok+0x1a/0x20
[ 8921.771686] [<ffffffff8117d045>] ? get_page_from_freelist+0x625/0x660
[ 8921.773919] [<ffffffff8117f3a8>] __alloc_pages_nodemask+0x1f8/0x240
[ 8921.776248] [<ffffffff811c03e0>] kmalloc_large_node+0x70/0xc0
[ 8921.778294] [<ffffffff811c4bd4>] __kmalloc_node_track_caller+0x34/0x1c0
[ 8921.780847] [<ffffffff821b0e3c>] ? sock_alloc_send_pskb+0xbc/0x260
[ 8921.783179] [<ffffffff821b3c65>] __alloc_skb+0x75/0x170
[ 8921.784971] [<ffffffff821b0e3c>] sock_alloc_send_pskb+0xbc/0x260
[ 8921.787111] [<ffffffff821b002e>] ? release_sock+0x7e/0x90
[ 8921.788973] [<ffffffff821b0ff0>] sock_alloc_send_skb+0x10/0x20
[ 8921.791052] [<ffffffff824cfc20>] pep_sendmsg+0x60/0x380
[ 8921.792931] [<ffffffff824cb4a6>] ? pn_socket_bind+0x156/0x180
[ 8921.794917] [<ffffffff824cb50f>] ? pn_socket_autobind+0x3f/0x90
[ 8921.797053] [<ffffffff824cb63f>] pn_socket_sendmsg+0x4f/0x70
[ 8921.798992] [<ffffffff821ab8e7>] sock_aio_write+0x187/0x1b0
[ 8921.801395] [<ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
[ 8921.803501] [<ffffffff8111842c>] ? __lock_acquire+0x42c/0x4b0
[ 8921.805505] [<ffffffff821ab760>] ? __sock_recv_ts_and_drops+0x140/0x140
[ 8921.807860] [<ffffffff811e07cc>] do_sync_readv_writev+0xbc/0x110
[ 8921.809986] [<ffffffff811958e7>] ? might_fault+0x97/0xa0
[ 8921.811998] [<ffffffff817bd99e>] ? security_file_permission+0x1e/0x90
[ 8921.814595] [<ffffffff811e17e2>] do_readv_writev+0xe2/0x1e0
[ 8921.816702] [<ffffffff810b8dac>] ? do_setitimer+0x1ac/0x200
[ 8921.818819] [<ffffffff810e2ec1>] ? get_parent_ip+0x11/0x50
[ 8921.820863] [<ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
[ 8921.823318] [<ffffffff811e1926>] vfs_writev+0x46/0x60
[ 8921.825219] [<ffffffff811e1a3f>] sys_writev+0x4f/0xb0
[ 8921.827127] [<ffffffff82658039>] system_call_fastpath+0x16/0x1b
[ 8921.829384] ---[ end trace dffe390f30db9eb7 ]---
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 134a84c3bb558e657624ca876685ca1855f06289
Author: RongQing.Li <roy.qing.li@gmail.com>
Date: Wed Apr 4 16:47:04 2012 +0000
ipv6: fix array index in ip6_mc_add_src()
[ Upstream commit 78d50217baf36093ab320f95bae0d6452daec85c ]
Convert array index from the loop bound to the loop index.
And remove the void type conversion to ip6_mc_del1_src() return
code, seem it is unnecessary, since ip6_mc_del1_src() does not
use __must_check similar attribute, no compiler will report the
warning when it is removed.
v2: enrich the commit header
Signed-off-by: RongQing.Li <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e4d90d800592947e994f3276cf065ca25c836e8c
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed Apr 4 01:01:20 2012 +0000
bridge: Do not send queries on multicast group leaves
[ Upstream commit 996304bbea3d2a094b7ba54c3bd65d3fffeac57b ]
As it stands the bridge IGMP snooping system will respond to
group leave messages with queries for remaining membership.
This is both unnecessary and undesirable. First of all any
multicast routers present should be doing this rather than us.
What's more the queries that we send may end up upsetting other
multicast snooping swithces in the system that are buggy.
In fact, we can simply remove the code that send these queries
because the existing membership expiry mechanism doesn't rely
on them anyway.
So this patch simply removes all code associated with group
queries in response to group leave messages.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 159ea327099b6b63eac8d95f840606fd2fc86881
Author: Thomas Graf <tgraf@infradead.org>
Date: Tue Apr 3 22:17:53 2012 +0000
sctp: Allow struct sctp_event_subscribe to grow without breaking binaries
[ Upstream commit acdd5985364f8dc511a0762fab2e683f29d9d692 ]
getsockopt(..., SCTP_EVENTS, ...) performs a length check and returns
an error if the user provides less bytes than the size of struct
sctp_event_subscribe.
Struct sctp_event_subscribe needs to be extended by an u8 for every
new event or notification type that is added.
This obviously makes getsockopt fail for binaries that are compiled
against an older versions of <net/sctp/user.h> which do not contain
all event types.
This patch changes getsockopt behaviour to no longer return an error
if not enough bytes are being provided by the user. Instead, it
returns as much of sctp_event_subscribe as fits into the provided buffer.
This leads to the new behavior that users see what they have been aware
of at compile time.
The setsockopt(..., SCTP_EVENTS, ...) API is already behaving like this.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ee301068a48d6dd3a1aa957c2bbf80cf6fb480bb
Author: Srinivas Kandagatla <srinivas.kandagatla@st.com>
Date: Mon Apr 2 00:02:09 2012 +0000
phy:icplus:fix Auto Power Saving in ip101a_config_init.
[ Upstream commit b3300146aa8efc5d3937fd33f3cfdc580a3843bc ]
This patch fixes Auto Power Saving configuration in ip101a_config_init
which was broken as there is no phy register write followed after
setting IP101A_APS_ON flag.
This patch also fixes the return value of ip101a_config_init.
Without this patch ip101a_config_init returns 2 which is not an error
accroding to IS_ERR and the mac driver will continue accessing 2 as
valid pointer to phy_dev resulting in memory fault.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b2b96b30f3d835fa17b54a454e37ba98ee21a67a
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue Apr 24 22:12:06 2012 -0400
tcp: allow splice() to build full TSO packets
[ This combines upstream commit
2f53384424251c06038ae612e56231b96ab610ee and the follow-on bug fix
commit 35f9c09fe9c72eb8ca2b8e89a593e1c151f28fc2 ]
vmsplice()/splice(pipe, socket) call do_tcp_sendpages() one page at a
time, adding at most 4096 bytes to an skb. (assuming PAGE_SIZE=4096)
The call to tcp_push() at the end of do_tcp_sendpages() forces an
immediate xmit when pipe is not already filled, and tso_fragment() try
to split these skb to MSS multiples.
4096 bytes are usually split in a skb with 2 MSS, and a remaining
sub-mss skb (assuming MTU=1500)
This makes slow start suboptimal because many small frames are sent to
qdisc/driver layers instead of big ones (constrained by cwnd and packets
in flight of course)
In fact, applications using sendmsg() (adding an additional memory copy)
instead of vmsplice()/splice()/sendfile() are a bit faster because of
this anomaly, especially if serving small files in environments with
large initial [c]wnd.
Call tcp_push() only if MSG_MORE is not set in the flags parameter.
This bit is automatically provided by splice() internals but for the
last page, or on all pages if user specified SPLICE_F_MORE splice()
flag.
In some workloads, this can reduce number of sent logical packets by an
order of magnitude, making zero-copy TCP actually faster than
one-copy :)
Reported-by: Tom Herbert <therbert@google.com>
Cc: Nandita Dukkipati <nanditad@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: H.K. Jerry Chu <hkchu@google.com>
Cc: Maciej Żenczykowski <maze@google.com>
Cc: Mahesh Bandewar <maheshb@google.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 914ec645853259a95f2a0495e91bcc3a867c977a
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: Tue Apr 24 22:09:47 2012 -0400
ppp: Don't stop and restart queue on every TX packet
[ This combines upstream commit
e675f0cc9a872fd152edc0c77acfed19bf28b81e and follow-on bug fix
commit 9a5d2bd99e0dfe9a31b3c160073ac445ba3d773f ]
For every transmitted packet, ppp_start_xmit() will stop the netdev
queue and then, if appropriate, restart it. This causes the TX softirq
to run, entirely gratuitously.
This is "only" a waste of CPU time in the normal case, but it's actively
harmful when the PPP device is a TEQL slave — the wakeup will cause the
offending device to receive the next TX packet from the TEQL queue, when
it *should* have gone to the next slave in the list. We end up seeing
large bursts of packets on just *one* slave device, rather than using
the full available bandwidth over all slaves.
This patch fixes the problem by *not* unconditionally stopping the queue
in ppp_start_xmit(). It adds a return value from ppp_xmit_process()
which indicates whether the queue should be stopped or not.
It *doesn't* remove the call to netif_wake_queue() from
ppp_xmit_process(), because other code paths (especially from
ppp_output_wakeup()) need it there and it's messy to push it out to the
other callers to do it based on the return value. So we leave it in
place — it's a no-op in the case where the queue wasn't stopped, so it's
harmless in the TX path.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3f97bf1dddac33d09627fd941d0ee3a2f57898d7
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date: Mon Apr 2 22:33:02 2012 +0000
net: fix /proc/net/dev regression
[ Upstream commit 2def16ae6b0c77571200f18ba4be049b03d75579 ]
Commit f04565ddf52 (dev: use name hash for dev_seq_ops) added a second
regression, as some devices are missing from /proc/net/dev if many
devices are defined.
When seq_file buffer is filled, the last ->next/show() method is
canceled (pos value is reverted to value prior ->next() call)
Problem is after above commit, we dont restart the lookup at right
position in ->start() method.
Fix this by removing the internal 'pos' pointer added in commit, since
we need to use the 'loff_t *pos' provided by seq_file layer.
This also reverts commit 5cac98dd0 (net: Fix corruption
in /proc/*/net/dev_mcast), since its not needed anymore.
Reported-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Mihai Maruseac <mmaruseac@ixiacom.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 36de412a4eb52d3558b946f7055e83c19c31b1ba
Author: Felipe Balbi <balbi@ti.com>
Date: Wed Mar 21 11:44:00 2012 +0200
usb: dwc3: ep0: increment "actual" on bounced ep0 case
commit cd423dd3634a5232a3019eb372b144619a61cd16 upstream.
due to a HW limitation we have a bounce buffer for ep0
out transfers which are not aligned with MaxPacketSize.
On such case we were not increment r->actual as we should.
This patch fixes that mistake.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9bfc5bfd121734e0a620f63b66eda5e000562950
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 13:49:47 2012 -0400
lockd: fix the endianness bug
commit e847469bf77a1d339274074ed068d461f0c872bc upstream.
comparing be32 values for < is not doing the right thing...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 199a3dba1217889bc429e54f6e860e5c37a28bc9
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 12:30:02 2012 -0400
ocfs2: ->e_leaf_clusters endianness breakage
commit 72094e43e3af5020510f920321d71f1798fa896d upstream.
le16, not le32...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1f3fdb95d1375141defad679417c25a0940300dc
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 12:28:21 2012 -0400
ocfs2: ->rl_count endianness breakage
commit 28748b325dc2d730ccc312830a91c4ae0c0d9379 upstream.
le16, not le32...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 84b9ed018569cd44078e66fb7006230f31b8782d
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 12:27:11 2012 -0400
ocfs: ->rl_used breakage on big-endian
commit e1bf4cc620fd143766ddfcee3b004a1d1bb34fd0 upstream.
it's le16, not le32 or le64...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0c5f40fb8bc4502660434bdc4557df9b92645731
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 12:22:00 2012 -0400
ocfs2: ->l_next_free_req breakage on big-endian
commit 3a251f04fe97c3d335b745c98e4b377e3c3899f2 upstream.
It's le16, not le32...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b0f97b2f7316b31570474f501cfc82aaa043b541
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 11:49:04 2012 -0400
btrfs: btrfs_root_readonly() broken on big-endian
commit 6ed3cf2cdfce4c9f1d73171bd3f27d9cb77b734e upstream.
->root_flags is __le64 and all accesses to it go through the helpers
that do proper conversions. Except for btrfs_root_readonly(), which
checks bit 0 as in host-endian...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Chris Mason <chris.mason@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a0b81f202cdf44cd9dbbab769bfaa42701785cc7
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 00:32:14 2012 -0400
nfsd: fix compose_entry_fh() failure exits
commit efe39651f08813180f37dc508d950fc7d92b29a8 upstream.
Restore the original logics ("fail on mountpoints, negatives and in
case of fh_compose() failures"). Since commit 8177e (nfsd: clean up
readdirplus encoding) that got broken -
rv = fh_compose(fhp, exp, dchild, &cd->fh);
if (rv)
goto out;
if (!dchild->d_inode)
goto out;
rv = 0;
out:
is equivalent to
rv = fh_compose(fhp, exp, dchild, &cd->fh);
out:
and the second check has no effect whatsoever...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1022d6b6504962323098fee89f7cbd6fdd4fbc87
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 00:10:34 2012 -0400
nfsd: fix endianness breakage in TEST_STATEID handling
commit 02f5fde5df0ea930e70f93763dd48beff182b208 upstream.
->ts_id_status gets nfs errno, i.e. it's already big-endian; no need
to apply htonl() to it. Broken by commit 174568 (NFSD: Added TEST_STATEID
operation) last year...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 211e68baa6b2f5a5b5f0cbae29090381a1cecb00
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri Apr 13 00:00:04 2012 -0400
nfsd: fix error values returned by nfsd4_lockt() when nfsd_open() fails
commit 04da6e9d63427b2d0fd04766712200c250b3278f upstream.
nfsd_open() already returns an NFS error value; only vfs_test_lock()
result needs to be fed through nfserrno(). Broken by commit 55ef12
(nfsd: Ensure nfsv4 calls the underlying filesystem on LOCKT)
three years ago...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 197ee6f87b5621edd549122dab9dd0b9645253ff
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Thu Apr 12 23:47:00 2012 -0400
nfsd: fix b0rken error value for setattr on read-only mount
commit 96f6f98501196d46ce52c2697dd758d9300c63f5 upstream.
..._want_write() returns -EROFS on failure, _not_ an NFS error value.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c4cb93a3a14e4f7452eace81e31ddda5d6c21c04
Author: AceLan Kao <acelan.kao@canonical.com>
Date: Wed Mar 28 10:25:36 2012 +0800
Bluetooth: Add support for Atheros [04ca:3005]
commit 55ed7d4d1469eafbe3ad7e8fcd44f5af27845a81 upstream.
Add another vendor specific ID for Atheros AR3012 device.
This chip is wrapped by Lite-On Technology Corp.
output of usb-devices:
T: Bus=04 Lev=01 Prnt=01 Port=03 Cnt=01 Dev#= 2 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=04ca ProdID=3005 Rev=00.02
S: Manufacturer=Atheros Communications
S: Product=Bluetooth USB Host Controller
S: SerialNumber=Alaska Day 2006
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
Signed-off-by: AceLan Kao <acelan.kao@canonical.com>
Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cb3e0956985114a629cc5bdb36526920983d3e32
Author: AceLan Kao <acelan.kao@canonical.com>
Date: Tue Jan 17 16:18:06 2012 +0800
dell-laptop: touchpad LED should persist its status after S3
commit 2d5de9e84928e35b4d9b46b4d8d5dcaac1cff1fa upstream.
Touchpad LED will not turn on after S3, it will make the touchpad status
doesn't consist with the LED.
By adding one flag to let the LED device restore it's status.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 318ab7f31dfe496fdecf28657a25a7de5a72f1de
Author: AceLan Kao <acelan.kao@canonical.com>
Date: Thu Nov 17 15:30:42 2011 +0800
dell-laptop: add 3 machines that has touchpad LED
commit 2a748853ca395c48ea75baa250f7cea6f0f23dbf upstream.
Add "Vostro 3555", "Inspiron N311z", and "Inspiron M5110" into quirks,
so that they could have touchpad LED function work.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 09ca8e1173bcb12e2a449698c9ae3b86a8a10195
Author: Alex Williamson <alex.williamson@redhat.com>
Date: Wed Apr 11 09:51:49 2012 -0600
KVM: unmap pages from the iommu when slots are removed
commit 32f6daad4651a748a58a3ab6da0611862175722f upstream.
We've been adding new mappings, but not destroying old mappings.
This can lead to a page leak as pages are pinned using
get_user_pages, but only unpinned with put_page if they still
exist in the memslots list on vm shutdown. A memslot that is
destroyed while an iommu domain is enabled for the guest will
therefore result in an elevated page reference count that is
never cleared.
Additionally, without this fix, the iommu is only programmed
with the first translation for a gpa. This can result in
peer-to-peer errors if a mapping is destroyed and replaced by a
new mapping at the same gpa as the iommu will still be pointing
to the original, pinned memory address.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f16e3ad91afa96717232a393e07e86f76099af03
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Thu Apr 12 20:32:25 2012 -0400
ext4: fix endianness breakage in ext4_split_extent_at()
commit af1584f570b19b0285e4402a0b54731495d31784 upstream.
->ee_len is __le16, so assigning cpu_to_le32() to it is going to do
Bad Things(tm) on big-endian hosts...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Ted Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 001b910ab666f0ce54fc8f81850ab498724076a7
Author: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Wed Dec 7 22:08:11 2011 +0100
PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs
commit f67fd55fa96f7d7295b43ffbc4a97d8f55e473aa upstream.
Some BIOS implementations leave the Intel GPU interrupts enabled,
even though no one is handling them (f.e. i915 driver is never loaded).
Additionally the interrupt destination is not set up properly
and the interrupt ends up -somewhere-.
These spurious interrupts are "sticky" and the kernel disables
the (shared) interrupt line after 100.000+ generated interrupts.
Fix it by disabling the still enabled interrupts.
This resolves crashes often seen on monitor unplug.
Tested on the following boards:
- Intel DH61CR: Affected
- Intel DH67BL: Affected
- Intel S1200KP server board: Affected
- Asus P8H61-M LE: Affected, but system does not crash.
Probably the IRQ ends up somewhere unnoticed.
According to reports on the net, the Intel DH61WW board is also affected.
Many thanks to Jesse Barnes from Intel for helping
with the register configuration and to Intel in general
for providing public hardware documentation.
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Tested-by: Charlie Suffin <charlie.suffin@stratus.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5d782e6bba7fa9da7347b8ac749fc18176be9ae3
Author: Shubhrajyoti D <shubhrajyoti@ti.com>
Date: Thu Mar 22 12:48:06 2012 +0530
usb: musb: omap: fix the error check for pm_runtime_get_sync
commit ad579699c4f0274bf522a9252ff9b20c72197e48 upstream.
pm_runtime_get_sync returns a signed integer. In case of errors
it returns a negative value. This patch fixes the error check
by making it signed instead of unsigned thus preventing register
access if get_sync_fails. Also passes the error cause to the
debug message.
Cc: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Shubhrajyoti D <shubhrajyoti@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6407c7c9a16e5778e93da2b067c80f7a609a9e37
Author: Kishon Vijay Abraham I <kishon@ti.com>
Date: Wed Mar 21 21:30:20 2012 +0530
usb: musb: omap: fix crash when musb glue (omap) gets initialized
commit 3006dc8c627d738693e910c159630e4368c9e86c upstream.
pm_runtime_enable is being called after omap2430_musb_init. Hence
pm_runtime_get_sync in omap2430_musb_init does not have any effect (does
not enable clocks) resulting in a crash during register access. It is
fixed here.
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6793b13c9aedea8e24cf429b924d6dabfd59e0d8
Author: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Date: Wed Mar 28 09:30:50 2012 +0200
usb: gadget: eliminate NULL pointer dereference (bugfix)
commit 92b0abf80c5c5f0e0d71d1309688a330fd74731b upstream.
usb: gadget: eliminate NULL pointer dereference (bugfix)
This patch fixes a bug which causes NULL pointer dereference in
ffs_ep0_ioctl. The bug happens when the FunctionFS is not bound (either
has not been bound yet or has been bound and then unbound) and can be
reproduced with running the following commands:
$ insmod g_ffs.ko
$ mount -t functionfs func /dev/usbgadget
$ ./null
where null.c is:
#include <fcntl.h>
#include <linux/usb/functionfs.h>
int main(void)
{
int fd = open("/dev/usbgadget/ep0", O_RDWR);
ioctl(fd, FUNCTIONFS_CLEAR_HALT);
return 0;
}
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fa0dc144ce618ddcbbe4047e9c1c61b44cee9594
Author: Kishon Vijay Abraham I <kishon@ti.com>
Date: Wed Mar 21 21:34:30 2012 +0530
usb: gadget: udc-core: fix asymmetric calls in remove_driver
commit 8ae8090c82eb407267001f75b3d256b3bd4ae691 upstream.
During modprobe of gadget driver, pullup is called after
udc_start. In order to make the exit path symmetric when
removing a gadget driver, call pullup before ->udc_stop.
This is needed to avoid issues with PM where udc_stop
disables the module completely (put IP in reset state,
cut functional and interface clocks, and so on), which
prevents us from accessing the IP's address space,
thus creating the possibility of an abort exception
when we try to access IP's address space after clocks
are off.
Signed-off-by: Partha Basak <p-basak2@ti.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 10dea522a023d442069362eb0aa389e0c5c04c25
Author: Felipe Balbi <balbi@ti.com>
Date: Thu Mar 15 16:37:18 2012 +0200
usb: gadget: udc-core: stop UDC on device-initiated disconnect
commit 6d258a4c42089229b855fd706622029decf316d6 upstream.
When we want to do device-initiated disconnect,
let's make sure we stop the UDC in order to
e.g. allow lower power states to be achieved by
turning off unnecessary clocks and/or stoping
PHYs.
When reconnecting, call ->udc_start() again to
make sure UDC is reinitialized.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9eb3eaa8235cbe184fc7057b48881f15614c7b44
Author: Alan Stern <stern@rowland.harvard.edu>
Date: Tue Apr 17 15:22:39 2012 -0400
USB: fix deadlock in bConfigurationValue attribute method
commit 8963c487a80b4688c9e68dcc504a90074aacc145 upstream.
This patch (as154) fixes a self-deadlock that occurs when userspace
writes to the bConfigurationValue sysfs attribute for a hub with
children. The task tries to lock the bandwidth_mutex at a time when
it already owns the lock:
The attribute's method calls usb_set_configuration(),
which calls usb_disable_device() with the bandwidth_mutex
held.
usb_disable_device() unregisters the existing interfaces,
which causes the hub driver to be unbound.
The hub_disconnect() routine calls hub_quiesce(), which
calls usb_disconnect() for each of the hub's children.
usb_disconnect() attempts to acquire the bandwidth_mutex
around a call to usb_disable_device().
The solution is to make usb_disable_device() acquire the mutex for
itself instead of requiring the caller to hold it. Then the mutex can
cover only the bandwidth deallocation operation and not the region
where the interfaces are unregistered.
This has the potential to change system behavior slightly when a
config change races with another config or altsetting change. Some of
the bandwidth released from the old config might get claimed by the
other config or altsetting, make it impossible to restore the old
config in case of a failure. But since we don't try to recover from
config-change failures anyway, this doesn't matter.
[This should be marked for stable kernels that contain the commit
fccf4e86200b8f5edd9a65da26f150e32ba79808 "USB: Free bandwidth when
usb_disable_device is called."
That commit was marked for stable kernels as old as 2.6.32.]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 31f50d3450f96ef57a9a3f8977655cda550fbc51
Author: Alan Stern <stern@rowland.harvard.edu>
Date: Wed Apr 18 11:33:00 2012 -0400
EHCI: always clear the STS_FLR status bit
commit 2fbe2bf1fd37f9d99950bd8d8093623cf22cf08b upstream.
This patch (as1544) fixes a problem affecting some EHCI controllers.
They can generate interrupts whenever the STS_FLR status bit is turned
on, even though that bit is masked out in the Interrupt Enable
register.
Since the driver doesn't use STS_FLR anyway, the patch changes the
interrupt routine to clear that bit whenever it is set, rather than
leaving it alone.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Tomoya MORINAGA <tomoya.rohm@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 10d6eea9355dbceb0b935dc69ae6ea9d47251391
Author: Alan Stern <stern@rowland.harvard.edu>
Date: Tue Apr 17 15:24:15 2012 -0400
EHCI: fix criterion for resuming the root hub
commit dc75ce9d929aabeb0843a6b1a4ab320e58ba1597 upstream.
This patch (as1542) changes the criterion ehci-hcd uses to tell when
it needs to resume the controller's root hub. A resume is needed when
a port status change is detected, obviously, but only if the root hub
is currently suspended.
Right now the driver tests whether the root hub is running, and that
is not the correct test. In particular, if the controller has died
then the root hub should not be restarted. In addition, some buggy
hardware occasionally requires the root hub to be running and
sending out SOF packets even while it is nominally supposed to be
suspended.
In the end, the test needs to be changed. Rather than checking whether
the root hub is currently running, the driver will now check whether
the root hub is currently suspended. This will yield the correct
behavior in all cases.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Peter Chen <B29397@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8b33e7d5c366b9b61db2e59915b9e5bf9df5f916
Author: Bjørn Mork <bjorn@mork.no>
Date: Tue Apr 17 21:37:29 2012 +0200
USB: sierra: avoid QMI/wwan interface on MC77xx
commit 749541d19e70905e3971f2a08335a206a98e4d0c upstream.
These devices have a number of non serial interfaces as well. Use
the existing "Direct IP" blacklist to prevent binding to interfaces
which are handled by other drivers.
We also extend the "Direct IP" blacklist with with interfaces only
seen in "QMI" mode, assuming that these devices use the same
interface numbers for serial interfaces both in "Direct IP" and in
"QMI" mode.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dcf6b42c8065c0053bcc15bcbed35955f59367f0
Author: Julia Lawall <Julia.Lawall@lip6.fr>
Date: Thu Apr 19 18:12:40 2012 +0200
drivers/tty/amiserial.c: add missing tty_unlock
commit d3a7b83f865b46bb7b5e1ed18a129ce1af349db4 upstream.
tty_unlock is used on all other exits from the function.
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3fe36f180e16aec8a9f5e8a64676b0a315807471
Author: Tomoya MORINAGA <tomoya.rohm@gmail.com>
Date: Thu Apr 12 10:47:50 2012 +0900
pch_uart: Fix dma channel unallocated issue
commit af6d17cdc8c89aeb3101f0d27cd32fc0592b40b2 upstream.
This driver anticipates pch_uart_verify_port() is not called
during installation.
However, actually pch_uart_verify_port() is called during
installation.
As a result, memory access violation occurs like below.
0. initial value: use_dma=0
1. starup()
- dma channel is not allocated because use_dma=0
2. pch_uart_verify_port()
- Set use_dma=1
3. UART processing acts DMA mode because use_dma=1
- memory access violation occurs!
This patch fixes the issue.
Solution:
Whenever pch_uart_verify_port() is called and then
dma channel is not allocated, the channel should be allocated.
Signed-off-by: Tomoya MORINAGA <tomoya.rohm@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0a51fa60df2dbece7c9f2a686df59e896e76b4d3
Author: Yuri Matylitski <ym@tekinsoft.com>
Date: Fri Apr 20 12:38:32 2012 +0300
USB: serial: cp210x: Fixed usb_control_msg timeout values
commit 2d5733fcd33dd451022d197cb6b476e970519ca7 upstream.
Fixed too small hardcoded timeout values for usb_control_msg
in driver for SiliconLabs cp210x-based usb-to-serial adapters.
Replaced with USB_CTRL_GET_TIMEOUT/USB_CTRL_SET_TIMEOUT.
Signed-off-by: Yuri Matylitski <ym@tekinsoft.com>
Acked-by: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 633a19a518ac8a58f02ece56e482a577831b70e2
Author: Shaohua Li <shli@kernel.org>
Date: Fri Apr 13 10:27:35 2012 +0800
jbd2: use GFP_NOFS for blkdev_issue_flush
commit 99aa78466777083255b876293e9e83dec7cd809a upstream.
flush request is issued in transaction commit code path, so looks using
GFP_KERNEL to allocate memory for flush request bio falls into the classic
deadlock issue. I saw btrfs and dm get it right, but ext4, xfs and md are
using GFP.
Signed-off-by: Shaohua Li <shli@fusionio.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ff459d1ea87ea7d3bdbe7e2eaee26a6b535d7d31
Author: NeilBrown <neilb@suse.de>
Date: Tue Apr 24 10:23:16 2012 +1000
md: fix possible corruption of array metadata on shutdown.
commit 30b8aa9172dfeaac6d77897c67ee9f9fc574cdbb upstream.
commit c744a65c1e2d59acc54333ce8
md: don't set md arrays to readonly on shutdown.
removed the possibility of a 'BUG' when data is written to an array
that has just been switched to read-only, but also introduced the
possibility that the array metadata could be corrupted.
If, when md_notify_reboot gets the mddev lock, the array is
in a state where it is assembled but hasn't been started (as can
happen if the personality module is not available, or in other unusual
situations), then incorrect metadata will be written out making it
impossible to re-assemble the array.
So only call __md_stop_writes() if the array has actually been
activated.
This patch is needed for any stable kernel which has had the above
commit applied.
Reported-by: Christoph Nelles <evilazrael@evilazrael.de>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bad6c903cbb6b5f5437d6f977171194b3e1ef3ef
Author: NeilBrown <neilb@suse.de>
Date: Tue Apr 24 10:23:14 2012 +1000
md: don't call ->add_disk unless there is good reason.
commit ed209584c38fb74b7eecc03e5b1bfe674e591bd8 upstream.
Commit 7bfec5f35c68121e7b18
md/raid5: If there is a spare and a want_replacement device, start replacement.
cause md_check_recovery to call ->add_disk much more often.
Instead of only when the array is degraded, it is now called whenever
md_check_recovery finds anything useful to do, which includes
updating the metadata for clean<->dirty transition.
This causes unnecessary work, and causes info messages from ->add_disk
to be reported much too often.
So refine md_check_recovery to only do any actual recovery checking
(including ->add_disk) if MD_RECOVERY_NEEDED is set.
This fix is suitable for 3.3.y:
Reported-by: Jan Ceuleers <jan.ceuleers@computer.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1916d323e457b1944b8c068f827c212908549f78
Author: Hugh Dickins <hughd@google.com>
Date: Mon Apr 23 11:14:50 2012 -0700
mm: fix s390 BUG by __set_page_dirty_no_writeback on swap
commit aca50bd3b4c4bb5528a1878158ba7abce41de534 upstream.
Mel reports a BUG_ON(slot == NULL) in radix_tree_tag_set() on s390
3.0.13: called from __set_page_dirty_nobuffers() when page_remove_rmap()
tries to transfer dirty flag from s390 storage key to struct page and
radix_tree.
That would be because of reclaim's shrink_page_list() calling
add_to_swap() on this page at the same time: first PageSwapCache is set
(causing page_mapping(page) to appear as &swapper_space), then
page->private set, then tree_lock taken, then page inserted into
radix_tree - so there's an interval before taking the lock when the
radix_tree slot is empty.
We could fix this by moving __add_to_swap_cache()'s spin_lock_irq up
before the SetPageSwapCache. But a better fix is simply to do what's
five years overdue: Ken Chen introduced __set_page_dirty_no_writeback()
(if !PageDirty TestSetPageDirty) for tmpfs to skip all the radix_tree
overhead, and swap is just the same - it ignores the radix_tree tag, and
does not participate in dirty page accounting, so should be using
__set_page_dirty_no_writeback() too.
s390 testing now confirms that this does indeed fix the problem.
Reported-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Ken Chen <kenchen@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2d56754cf362428cb9e05762c58cf888d35d1585
Author: David Miller <davem@davemloft.net>
Date: Thu Apr 12 14:37:30 2012 -0400
Fix modpost failures in fedora 17
commit e88aa7bbbe3046a125ea1936b16bb921cc9c6349 upstream.
The symbol table on x86-64 starts to have entries that have names
like:
_GLOBAL__sub_I_65535_0___mod_x86cpu_device_table
They are of type STT_FUNCTION and this one had a length of 18. This
matched the device ID validation logic and it barfed because the
length did not meet the device type's criteria.
--------------------
FATAL: arch/x86/crypto/aesni-intel: sizeof(struct x86cpu_device_id)=16 is not a modulo of the size of section __mod_x86cpu_device_table=18.
Fix definition of struct x86cpu_device_id in mod_devicetable.h
--------------------
These are some kind of compiler tool internal stuff being emitted and
not something we want to inspect in modpost's device ID table
validation code.
So skip the symbol if it is not of type STT_OBJECT.
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7ad1f0d2118c32d49357dc9c4f508aa9ed75ff49
Author: Larry Finger <Larry.Finger@lwfinger.net>
Date: Sat Feb 25 18:10:21 2012 -0600
staging: r8712u: Fix regression caused by commit 8c213fa
commit 2080913e017ab9f88379d93fd09546ad95faf87b upstream.
In commit 8c213fa "staging: r8712u: Use asynchronous firmware loading",
the command to release the firmware was placed in the wrong routine.
In combination with the bug introduced in commit a5ee652 "staging: r8712u:
Interface-state not fully tracked", the driver attempts to upload firmware
that had already been released. This bug is the source of one of the
problems in https://bugs.archlinux.org/task/27996#comment89833.
Tested-by: Alberto Lago Ballesteros <saniukeokusainaya@gmail.com>
Tested-by: Adrian <agib@gmx.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a153976d9cdfde28e1552220794c511d7280d7df
Author: Lukasz Kucharczyk <lukasz.kucharczyk@tieto.com>
Date: Wed Apr 11 14:55:10 2012 +0200
cfg80211: fix interface combinations check.
commit e55a4046dab28c440c96890bdddcf02dc8981f2d upstream.
Signed-off-by: Lukasz Kucharczyk <lukasz.kucharczyk@tieto.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 56c881f7d764308e193eb706a8c362271776e3e9
Author: Mauro Carvalho Chehab <mchehab@redhat.com>
Date: Tue Apr 17 18:32:19 2012 -0300
media: dvb_frontend: Fix a regression when switching back to DVB-S
commit 3626479e482aa3247aac03724094ba6c13ea1e46 upstream.
There are some softwares (Kaffeine and likely xine) that uses a
DVBv5 call to switch to DVB-S2, but expects that a DVBv3 call to
switch back to DVB-S. Well, this is not right, as a DVBv3 call
doesn't know anything about delivery systems.
However, as, by accident, this used to work, we need to restore its
behavior, in order to avoid regressions with those softwares.
Reported on this Fedora 16 bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=812895
Reported-by: Dieter Roever <Dieter.Roever@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6b26bf1374ee7fbb615e0c7a80b04e573a7584f0
Author: Alexey Khoroshilov <khoroshilov@ispras.ru>
Date: Thu Apr 5 18:53:20 2012 -0300
media: drxk: Does not unlock mutex if sanity check failed in scu_command()
commit e4459e1682c107d7ee1bf102c1ba534230e9b50b upstream.
If sanity check fails in scu_command(), goto error leads to unlock of
an unheld mutex. The check should not fail in reality, but it nevertheless
worth fixing.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 732ecb92a61ff21a18397dfa749aa7575065f6f4
Author: David Härdeman <david@hardeman.nu>
Date: Sun Apr 8 06:13:04 2012 -0300
media: rc-core: set mode for winbond-cir
commit d9b786955f80fb306471fdb9ea24c6d03af6ca36 upstream.
Setting the correct mode is required by rc-core or scancodes won't be
generated (which isn't very user-friendly).
This one-line fix should be suitable for 3.4-rc2.
Signed-off-by: David Härdeman <david@hardeman.nu>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1384df42761379a44e3073e4d18defbf1ad7053c
Author: Felix Fietkau <nbd@openwrt.org>
Date: Mon Apr 16 22:10:42 2012 +0200
mac80211: fix logic error in ibss channel type check
commit 6741e7f048dacc92e37c5d724ff5c64e45f6c2c9 upstream.
The broken check leads to rate control attempting to use HT40 while
the driver is configured for HT20. This leads to interesting hardware
issues.
HT40 can only be used if the channel type is either HT40- or HT40+
and if the channel type of the cell matches the local type.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 98ce20a3fda1422f8ba75a479f50e64b7b9efe04
Author: Arend van Spriel <arend@broadcom.com>
Date: Wed Apr 11 11:52:51 2012 +0200
brcm80211: smac: resume transmit fifo upon receiving frames
commit badc4f07622f0f7093a201638f45e85765f1b5e4 upstream.
There have been reports about not being able to use access-points
on channel 12 and 13 or having connectivity issues when these channels
were part of the selected regulatory domain. Upon switching to these
channels the brcmsmac driver suspends the transmit dma fifos. This
patch resumes them upon handing over the first received beacon to
mac80211.
This patch is to be applied to the stable tree for kernel versions
3.2 and 3.3.
Tested-by: Francesco Saverio Schiavarelli <fschiava@libero.it>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Brett Rudley <brudley@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d9a30de1e4fedffcd03e6688b13d93fac4ffe581
Author: Bing Zhao <bzhao@marvell.com>
Date: Thu Apr 12 19:00:35 2012 -0700
mwifiex: update pcie8766 scratch register addresses
commit 428ca8a7065354877db63ceabfc493107686eebe upstream.
The scratch register addresses have been changed for newer chips.
Since the old chip was never shipped and it will not be supported
any more, just update register addresses to support the new chips.
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 63441881b73b7a609a4bb098cfc760f5996bef55
Author: Christian Riesch <christian.riesch@omicron.at>
Date: Mon Apr 16 04:35:25 2012 +0000
davinci_mdio: Fix MDIO timeout check
commit 5b76d0600b2b08eef77f8e9226938b7b6bde3099 upstream.
Under heavy load (flood ping) it is possible for the MDIO timeout to
expire before the loop checks the GO bit again. This patch adds an
additional check whether the operation was done before actually
returning -ETIMEDOUT.
To reproduce this bug, flood ping the device, e.g., ping -f -l 1000
After some time, a "timed out waiting for user access" warning
may appear. And even worse, link may go down since the PHY reported a
timeout.
Signed-off-by: Christian Riesch <christian.riesch@omicron.at>
Cc: Cyril Chemparathy <cyril@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 75473dbe96f24d632f41164058794b62413fa3f2
Author: Oliver Neukum <oliver@neukum.org>
Date: Wed Apr 18 10:05:55 2012 +0200
uwb: fix error handling
commit 5bd7b419ef2eb4989b207753e088c3437159618a upstream.
Fatal errors such as a device disconnect must not trigger
error handling. The error returns must be checked.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 928b7bed44420cffd21ee26f43cb58c6ed673e22
Author: Oliver Neukum <oliver@neukum.org>
Date: Mon Apr 16 15:28:28 2012 +0200
uwb: fix use of del_timer_sync() in interrupt
commit 9426cd05682745d1024dbabdec5631309bd2f480 upstream.
del_timer_sync() cannot be used in interrupt.
Replace it with del_timer() and a flag
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 933048c3767bf024c1e8aa7bdaea5bea357c8edc
Author: Tomoki Sekiyama <tomoki.sekiyama@gmail.com>
Date: Fri Mar 30 08:51:36 2012 +0900
USB: yurex: Fix missing URB_NO_TRANSFER_DMA_MAP flag in urb
commit 532f17b5d59bf0deb6f1ff9bc1fb27d5b5011c09 upstream.
Current probing code is setting URB_NO_TRANSFER_DMA_MAP flag into a wrong urb
structure, and this causes BUG_ON with some USB host implementations.
This patch fixes the issue.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f05982d97437dc87d913c3467eca4dc851e05234
Author: Tomoki Sekiyama <tomoki.sekiyama@gmail.com>
Date: Fri Mar 30 08:51:28 2012 +0900
USB: yurex: Remove allocation of coherent buffer for setup-packet buffer
commit 523fc5c14f6cad283e5a266eba0e343aed6e73d5 upstream.
Removes allocation of coherent buffer for the control-request setup-packet
buffer from the yurex driver. Using coherent buffers for setup-packet is
obsolete and does not work with some USB host implementations.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 885489289a0ad1763cc39fab165563563447b97b
Author: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Tue Apr 17 22:21:38 2012 -0400
xen/xenbus: Add quirk to deal with misconfigured backends.
commit 3066616ce23aad5719c23a0f21f32676402cb44b upstream.
A rather annoying and common case is when booting a PVonHVM guest
and exposing the PV KBD and PV VFB - as broken toolstacks don't
always initialize the backends correctly.
Normally The HVM guest is using the VGA driver and the emulated
keyboard for this (though upstream version of QEMU implements
PV KBD, but still uses a VGA driver). We provide a very basic
two-stage wait mechanism - where we wait for 30 seconds for all
devices, and then for 270 for all them except the two mentioned.
That allows us to wait for the essential devices, like network
or disk for the full 6 minutes.
To trigger this, put this in your guest config:
vfb = [ 'vnc=1, vnclisten=0.0.0.0 ,vncunused=1']
instead of this:
vnc=1
vnclisten="0.0.0.0"
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
[v3: Split delay in non-essential (30 seconds) and essential
devices per Ian and Stefano suggestion]
[v4: Added comments per Stefano suggestion]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f03ee5fccf5b1696f355ee978aec00e638dc9bd7
Author: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Date: Tue Apr 3 18:05:47 2012 +0100
xen/gntdev: do not set VM_PFNMAP
commit e8e937be971d706061dc56220ff3605ab77622a7 upstream.
Since we are using the m2p_override we do have struct pages
corresponding to the user vma mmap'ed by gntdev.
Removing the VM_PFNMAP flag makes get_user_pages work on that vma.
An example test case would be using a Xen userspace block backend
(QDISK) on a file on NFS using O_DIRECT.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c7e005991b0d85e22177eb7b3dac84054555cac3
Author: Eric Bénard <eric@eukrea.com>
Date: Wed Apr 18 02:30:20 2012 +0200
mmc: unbreak sdhci-esdhc-imx on i.MX25
commit b89152824f993a9572b47eb31f4579feadeac34c upstream.
This was broken by me in 37865fe91582582a6f6c00652f6a2b1ff71f8a78
("mmc: sdhci-esdhc-imx: fix timeout on i.MX's sdhci") where more
extensive tests would have shown that read or write of data to the
card were failing (even if the partition table was correctly read).
Signed-off-by: Eric Bénard <eric@eukrea.com>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Chris Ball <cjb@laptop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2be0e704414213f8b8ac24318fde213d55b4c960
Author: Daniel Drake <dsd@laptop.org>
Date: Tue Apr 10 00:14:20 2012 +0100
mmc: sdhci: refine non-removable card checking for card detection
commit 87b87a3fc0eec58d95e4216392f889a26439ad22 upstream.
Commit c79396c191bc19 ("mmc: sdhci: prevent card detection activity
for non-removable cards") disables card detection where the cards
are marked as non-removable.
This makes sense, but the implementation detail of calling
mmc_card_is_removable() causes some problems, because
mmc_card_is_removable() is overloaded with CONFIG_MMC_UNSAFE_RESUME
semantics.
In the OLPC XO case, we need CONFIG_MMC_UNSAFE_RESUME because our root
filesystem is stored on SD, but we also have external SD card slots
where we want automatic card detection.
Refine the check to only apply to hosts marked as MMC_CAP_NONREMOVABLE,
which is defined to mean that the card is *really* nonremovable. This
could be revisited in future if we find a way to improve
CONFIG_MMC_UNSAFE_RESUME semantics.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Chuanxiao Dong <chuanxiao.dong@intel.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 03fe1816469e4114f91f271c87dcb716dac84b6e
Author: Adrian Hunter <adrian.hunter@intel.com>
Date: Thu Apr 5 14:45:48 2012 +0300
mmc: fixes for eMMC v4.5 sanitize operation
commit 283028122db37621b124f079ca8eae5b64807ad4 upstream.
eMMC v4.5 sanitize operation erases all copies of unmapped
data. However trim or erase operations must be used first
to unmap the required sectors. That was not being done.
Fixes apply to linux 3.2 on.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7c369b7f52feba0f10c6409e36552ff92bed2133
Author: Adrian Hunter <adrian.hunter@intel.com>
Date: Thu Apr 5 14:45:47 2012 +0300
mmc: fixes for eMMC v4.5 discard operation
commit 7194efb8f063ee3aa0cb50d9002348887e68ec10 upstream.
eMMC v4.5 discard operation is significantly different from the
existing trim operation because it is not guaranteed to work with
the new sanitize operation. Consequently mmc_can_trim() is
separated from mmc_can_discard().
Also the new discard operation does not result in the sectors being
set to all-zeros, so discard_zeroes_data must not be set.
In addition, the new discard has the same timeout as trim, but from
v4.5 trim is defined to use the hc timeout. The timeout calculation
is adjusted accordingly.
Fixes apply to linux 3.2 on.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cbd267314935af45bca6fcaabc99d6fa1268ec4c
Author: Santosh Shilimkar <santosh.shilimkar@ti.com>
Date: Fri Apr 13 23:25:04 2012 +0530
ARM: OMAP: serial: Fix the ocp smart idlemode handling bug
commit 5ae256dcd91bf308826a4ac19598b27ebb86a536 upstream.
The current serial UART code, while fidling with ocp idlemode bits,
forget about the smart idle wakeup bit even if it is supported by
UART IP block. This will lead to missing the module wakeup on OMAP's
where the smart idle wakeup is supported.
This was the root cause of the console sluggishness issue, I have been
observing on OMAP4 devices and also can be potential reason for some
other UART wakeup issues.
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@ti.com>
Acked-by: Kevin Hilman <khilman@ti.com>
Acked-by: Govindraj.R <govindraj.raja@ti.com>
Reviewed-by: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bf7e0bbbd566798fa1426d318284a1c3362a7890
Author: Paul Walmsley <paul@pwsan.com>
Date: Tue Apr 10 18:36:02 2012 -0600
ARM: OMAP1: DMTIMER: fix broken timer clock source selection
commit 6aaec67da1e41a0752a2b903b989e73b9f02e182 upstream.
DMTIMER source selection on OMAP1 is broken. omap1_dm_timer_set_src()
tries to use __raw_{read,write}l() to read from and write to physical
addresses, but those functions take virtual addresses.
sparse caught this:
arch/arm/mach-omap1/timer.c:50:13: warning: incorrect type in argument 1 (different base types)
arch/arm/mach-omap1/timer.c:50:13: expected void const volatile [noderef] <asn:2>*<noident>
arch/arm/mach-omap1/timer.c:50:13: got unsigned int
arch/arm/mach-omap1/timer.c:52:9: warning: incorrect type in argument 1 (different base types)
arch/arm/mach-omap1/timer.c:52:9: expected void const volatile [noderef] <asn:2>*<noident>
arch/arm/mach-omap1/timer.c:52:9: got unsigned int
Fix by using omap_{read,writel}(), just like the other users of the
MOD_CONF_CTRL_1 register in the OMAP1 codebase. Of course, in the long term,
removing omap_{read,write}l() is the appropriate thing to do; but
this will take some work to do this cleanly.
Looks like this was caused by 97933d6 (ARM: OMAP1: dmtimer: conversion
to platform devices) that dangerously moved code and changed it in
the same patch.
Signed-off-by: Paul Walmsley <paul@pwsan.com>
Cc: Tarun Kanti DebBarma <tarun.kanti@ti.com>
[tony@atomide.com: updated comments to include the breaking commit]
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 05caaba3bf47fb607e11424175017647b809dc34
Author: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Date: Tue Apr 10 17:32:44 2012 +0200
ARM: at91: fix at91sam9261ek Ethernet dm9000 irq
commit ee9dd7631af6fb5c02964ed5b496217cd4ced059 upstream.
You need to setup the dm9000 irq via gpio_to_irq() since
d0fbda9add (ARM: at91/gpio: drop PIN_BASE).
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8fbe256fdaccd21daeed4d5c98028f0700b28e70
Author: Alexander Shiyan <shc_work@mail.ru>
Date: Tue Mar 27 12:22:49 2012 +0400
ARM: clps711x: serial driver hungs are a result of call disable_irq within ISR
commit 7a6fbc9a887193a1e9f8658703881c528040afbc upstream.
Since 2.6.30-rc1 clps711x serial driver hungs system. This is a result
of call disable_irq from ISR. synchronize_irq waits for end of interrupt
and goes to infinite loop. This patch fix this problem.
Signed-off-by: Alexander Shiyan <shc_work@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 81748313768283b384819a2635cd211c62ff775d
Author: Tejun Heo <tj@kernel.org>
Date: Fri Apr 20 08:31:34 2012 -0700
memblock: memblock should be able to handle zero length operations
commit b3dc627cabb33fc95f93da78457770c1b2a364d2 upstream.
Commit 24aa07882b ("memblock, x86: Replace memblock_x86_reserve/
free_range() with generic ones") replaced x86 specific memblock
operations with the generic ones; unfortunately, it lost zero length
operation handling in the process making the kernel panic if somebody
tries to reserve zero length area.
There isn't much to be gained by being cranky to zero length operations
and panicking is almost the worst response. Drop the BUG_ON() in
memblock_reserve() and update memblock_add_region/isolate_range() so
that all zero length operations are handled as noops.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Valere Monseur <valere.monseur@ymail.com>
Bisected-by: Joseph Freeman <jfree143dev@gmail.com>
Tested-by: Joseph Freeman <jfree143dev@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=43098
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7c3c8db6c832c8215d49eb2f623dccfa84b48adb
Author: Takashi Iwai <tiwai@suse.de>
Date: Thu Apr 19 15:18:08 2012 +0200
ALSA: hda/conexant - Set up the missing docking-station pins
commit d70f363222ef373c2037412f09a600357cfa1c7a upstream.
ThinkPad 410,420,510,520 and X201 with cx50585 & co chips have the
docking-station ports, but BIOS doesn't initialize for these pins.
Thus, like the former X200, we need to set up the pins manually in the
driver.
The odd part is that the same PCI SSID is used for X200 and T400, thus
we need to prepare individual fixup tables for cx5051 and others.
Bugzilla entries:
https://bugzilla.redhat.com/show_bug.cgi?id=808559
https://bugzilla.redhat.com/show_bug.cgi?id=806217
https://bugzilla.redhat.com/show_bug.cgi?id=810697
Reported-by: Josh Boyer <jwboyer@redhat.com>
Reported-by: Jens Taprogge <jens.taprogge@taprogge.org>
Tested-by: Jens Taprogge <jens.taprogge@taprogge.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 77f5989e3ccb4a54ecc9aa8ca93df6c99d183a4b
Author: Takashi Iwai <tiwai@suse.de>
Date: Thu Apr 19 15:15:25 2012 +0200
ALSA: hda/conexant - Don't set HP pin-control bit unconditionally
commit ca3649de026ff95c6f2847e8d096cf2f411c02b3 upstream.
Some output pins on Conexant chips have no HP control bit, but the
auto-parser initializes these pins unconditionally with PIN_HP.
Check the pin-capability and avoid the HP bit if not supported.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3f0fcf4df3d2d99e9cb234128a5edb782432e2b0
Author: Kent Yoder <key@linux.vnet.ibm.com>
Date: Thu Apr 5 20:34:20 2012 +0800
crypto: sha512 - Fix byte counter overflow in SHA-512
commit 25c3d30c918207556ae1d6e663150ebdf902186b upstream.
The current code only increments the upper 64 bits of the SHA-512 byte
counter when the number of bytes hashed happens to hit 2^64 exactly.
This patch increments the upper 64 bits whenever the lower 64 bits
overflows.
Signed-off-by: Kent Yoder <key@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 968cb88a66d25f2a522e59dda0c1e6f229e9e239
Author: Zeev Tarantov <zeev.tarantov@gmail.com>
Date: Mon Apr 23 09:37:04 2012 +0300
Perf: fix build breakage
[Patch not needed upstream as this is a backport build bugfix - gregkh
gcc correctly complains:
util/hist.c: In function ‘__hists__add_entry’:
util/hist.c:240:27: error: invalid type argument of ‘->’ (have ‘struct hist_entry’)
util/hist.c:241:23: error: invalid type argument of ‘->’ (have ‘struct hist_entry’)
for this new code:
+ if (he->ms.map != entry->ms.map) {
+ he->ms.map = entry->ms.map;
+ if (he->ms.map)
+ he->ms.map->referenced = true;
+ }
because "entry" is a "struct hist_entry", not a pointer to a struct.
In mainline, "entry" is a pointer to struct passed as argument to the function.
So this is broken during backporting. But obviously not compile tested.
Signed-off-by: Zeev Tarantov <zeev.tarantov@gmail.com>
Cc: Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>