This shoud fix the problem with SysRq mode staying half-way enabled
and interfereing with normal PrtScrn operation after user presses ALT
for the first time.
Reported-and-tested-by: Éric Piel <E.A.B.Piel@tudelft.nl>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
The commit "asm-generic: add NEED_SG_DMA_LENGTH to define sg_dma_len()"
18e98307de broke microblaze compilation.
dma_direct_map_sg() sets sg->dma_length, however microblaze doesn't
set NEED_SG_DMA_LENGTH so scatterlist strcutres doesn't include
dma_length.
sg->dma_length is always equal to sg->length on microblaze. So we
don't need to set set dma_length, that is, microblaze can simply use
sg->length.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Michal Simek <monstr@monstr.eu>
The commit "mm: Move ARCH_SLAB_MINALIGN and
ARCH_KMALLOC_MINALIGN to <linux/slab_def.h>"
1f0ce8b3dd which moved the ARCH_SLAB_MINALIGN
default into the global header broke FLAT for Microblaze.
Error message:
slab error in verify_redzone_free(): cache `idr_layer_cache':
memory outside object was overwritten
Signed-off-by: Michal Simek <monstr@monstr.eu>
The code that hashes and unhashes connections from the connection table
is missing locking of the connection being modified, which opens up a
race condition and results in memory corruption when this race condition
is hit.
Here is what happens in pretty verbose form:
CPU 0 CPU 1
------------ ------------
An active connection is terminated and
we schedule ip_vs_conn_expire() on this
CPU to expire this connection.
IRQ assignment is changed to this CPU,
but the expire timer stays scheduled on
the other CPU.
New connection from same ip:port comes
in right before the timer expires, we
find the inactive connection in our
connection table and get a reference to
it. We proper lock the connection in
tcp_state_transition() and read the
connection flags in set_tcp_state().
ip_vs_conn_expire() gets called, we
unhash the connection from our
connection table and remove the hashed
flag in ip_vs_conn_unhash(), without
proper locking!
While still holding proper locks we
write the connection flags in
set_tcp_state() and this sets the hashed
flag again.
ip_vs_conn_expire() fails to expire the
connection, because the other CPU has
incremented the reference count. We try
to re-insert the connection into our
connection table, but this fails in
ip_vs_conn_hash(), because the hashed
flag has been set by the other CPU. We
re-schedule execution of
ip_vs_conn_expire(). Now this connection
has the hashed flag set, but isn't
actually hashed in our connection table
and has a dangling list_head.
We drop the reference we held on the
connection and schedule the expire timer
for timeouting the connection on this
CPU. Further packets won't be able to
find this connection in our connection
table.
ip_vs_conn_expire() gets called again,
we think it's already hashed, but the
list_head is dangling and while removing
the connection from our connection table
we write to the memory location where
this list_head points to.
The result will probably be a kernel oops at some other point in time.
This race condition is pretty subtle, but it can be triggered remotely.
It needs the IRQ assignment change or another circumstance where packets
coming from the same ip:port for the same service are being processed on
different CPUs. And it involves hitting the exact time at which
ip_vs_conn_expire() gets called. It can be avoided by making sure that
all packets from one connection are always processed on the same CPU and
can be made harder to exploit by changing the connection timeouts to
some custom values.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Cc: stable@kernel.org
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
firewire: core: check for 1394a compliant IRM, fix inaccessibility of Sony camcorder
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: (23 commits)
drm/radeon: don't poll tv dac if crtc2 is in use.
drm/radeon: reset i2c valid to avoid incorrect tv-out polling.
drm/nv50: fix iommu errors caused by device reading from address 0
drm/nouveau: off by one in init_i2c_device_find()
nouveau: off by one in nv50_gpio_location()
drm/nouveau: completely fail init if we fail to map the PRAMIN BAR
drm/nouveau: match U/DP script against SOR link
drm/radeon/kms/pm: resurrect printing power states
drm/radeon/kms: add trivial debugging for voltage
drm/radeon/kms/r600+: use voltage from requested clock mode (v3)
drm/radeon/kms/pm: track current voltage (v2)
drm/radeon/kms/pm: Disable voltage adjust on RS780/RS880
drm/radeon/kms: fix typo in printing the HPD info
drm/radeon/kms/pm: add mid profile
drm/radeon/kms/pm: Misc fixes
drm/radeon/kms/combios: fix typo in voltage fix
drm/radeon/kms/evergreen: set accel_enabled
drm/vmwgfx: return -EFAULT for copy_to_user errors
drm/drm_crtc: return -EFAULT on copy_to_user errors
drm/fb: use printk to print out the switching to text mode error.
...
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] Update default configuration.
[S390] arch/s390/kvm: Use GFP_ATOMIC when a lock is held
[S390] kprobes: add parameter check to module_free()
[S390] appldata/extmem/kvm: add missing GFP_KERNEL flag
sync can currently take a really long time if a concurrent writer is
extending a file. The problem is that the dirty pages on the address
space grow in the same direction as write_cache_pages scans, so if
the writer keeps ahead of writeback, the writeback will not
terminate until the writer stops adding dirty pages.
For a data integrity sync, we only need to write the pages dirty at
the time we start the writeback, so we can stop scanning once we get
to the page that was at the end of the file at the time the scan
started.
This will prevent operations like copying a large file preventing
sync from completing as it will not write back pages that were
dirtied after the sync was started. This does not impact the
existing integrity guarantees, as any dirty page (old or new)
within the EOF range at the start of the scan will still be
captured.
This patch will not prevent sync from blocking on large writes into
holes. That requires more complex intervention while this patch only
addresses the common append-case of this sync holdoff.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Now that the background flush code has been fixed, we shouldn't need to
silently multiply the wbc->nr_to_write to get good writeback. Remove
that code.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
If a filesystem writes more than one page in ->writepage, write_cache_pages
fails to notice this and continues to attempt writeback when wbc->nr_to_write
has gone negative - this trace was captured from XFS:
wbc_writeback_start: towrt=1024
wbc_writepage: towrt=1024
wbc_writepage: towrt=0
wbc_writepage: towrt=-1
wbc_writepage: towrt=-5
wbc_writepage: towrt=-21
wbc_writepage: towrt=-85
This has adverse effects on filesystem writeback behaviour. write_cache_pages()
needs to terminate after a certain number of pages are written, not after a
certain number of calls to ->writepage are made. This is a regression
introduced by 17bc6c30cf ("vfs: Add
no_nrwrite_index_update writeback control flag"), but cannot be reverted
directly due to subsequent bug fixes that have gone in on top of it.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This reportedly causes a lockdep warning on nfsd shutdown. That looks
like a false positive to me, but there's no reason why this needs the
state lock anyway.
Reported-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Commit 55929332c9 "drivers: Push down BKL into various drivers"
introduced a regression in hp_sdc_rtc, caused by a missing
change of the .unlocked_ioctl pointer to the newly introduced
function.
Fixes:
drivers/input/misc/hp_sdc_rtc.c:681: warning: initialization from
incompatible pointer type
drivers/input/misc/hp_sdc_rtc.c:665: warning:
‘hp_sdc_rtc_unlocked_ioctl’ defined but not used
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
When functions incoming parameters are not in input operands list gcc
4.5 does not load the parameters into registers before calling this
function but the inline assembly assumes valid addresses inside this
function. This breaks the code because r0 and r1 are invalid when
execution enters v4wb_copy_user_page ()
Also the constant needs to be used as third input operand so account
for that as well.
Tested on qemu arm.
CC: <stable@kernel.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
When we receive a deauthentication frame before
having successfully associated, we neither print
a message nor abort assocation. The former makes
it hard to debug, while the latter later causes
a warning in cfg80211 when, as will typically be
the case, association timed out.
This warning was reported by many, e.g. in
https://bugzilla.kernel.org/show_bug.cgi?id=15981,
but I couldn't initially pinpoint it. I verified
the fix by hacking hostapd to send a deauth frame
instead of an association response.
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Tested-by: Miles Lane <miles.lane@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Instruction faults on pre-ARMv6 CPUs are interpreted as
a 'translation fault', but do_translation_fault doesn't
handle well if user mode trying to run instruction above
TASK_SIZE, and result in the infinite retry of that
instruction.
CC: <stable@kernel.org>
Signed-off-by: Anfei Zhou <anfei.zhou@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
When CONFIG_DEBUG_HIGHMEM is used, the fixmap entry used for a highmem page
by kmap_atomic() is always cleared by kunmap_atomic(). This helps find
bad usages such as dereferences after the unmap, or overflow into the
adjacent fixmap areas.
But this debugging aid is completely bypassed when a kmap for the same
page already exists as the kmap is reused instead. ON VIVT systems we
have no choice but to reuse that kmap due to cache coherency issues,
but on non VIVT systems we should always force the fixmap usage when
debugging is active.
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
The containing function is called from several places. At one of them, in
the function __sigp_stop, the spin lock &fi->lock is held.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@gfp exists@
identifier fn;
position p;
@@
fn(...) {
... when != spin_unlock
when any
GFP_KERNEL@p
... when any
}
@locked@
identifier gfp.fn;
@@
spin_lock(...)
... when != spin_unlock
fn(...)
@depends on locked@
position gfp.p;
@@
- GFP_KERNEL@p
+ GFP_ATOMIC
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
When unregistering kprobes, kprobes calls module_free() and
always passes NULL for the mod parameter. Add a check to
prevent NULL pointer dereferences.
See commit 740a8de079 for more details.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add missing GFP flag to memory allocations. The part in cio only
changes a comment.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Frederic reported that frequency driven swevents didn't work properly
and even caused a division-by-zero error.
It turns out there are two bugs, the division-by-zero comes from a
failure to deal with that in perf_calculate_period().
The other was more interesting and turned out to be a wrong comparison
in perf_adjust_period(). The comparison was between an s64 and u64 and
got implicitly converted to an unsigned comparison. The problem is
that period_left is typically < 0, so it ended up being always true.
Cure this by making the local period variables s64.
Reported-by: Frederic Weisbecker <fweisbec@gmail.com>
Tested-by: Frederic Weisbecker <fweisbec@gmail.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: <stable@kernel.org>
LKML-Reference: <new-submission>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
The '*bitclk' of structure 'snd_at73c213' seems no use,
so I make a patch to remove the unnecessary variable.
Signed-off-by: Wan ZongShun <mcuos.com@gmail.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This patch add's the iMac7,1 SSID entry to
patch_realtek.c which adds sound support.
bug entry:
https://bugs.launchpad.net/mactel-support/+bug/360866
Note:I do not have this machine on hand only
codec#0 file for the machine so please
test if you have the appropriate equipment.
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This patch add's the MacBookAir1,1 SSID entry to
patch_realtek.c which adds sound support.
bug entry:
https://bugs.launchpad.net/mactel-support/+bug/268301
Note:I do not have this machine on hand only
codec#0 file for the machine so please
test if you have the appropriate equipment.
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
With no word size given in the users platform data, a generic spi host
controller driver will assume a default word size of eight bit. This
causes transmission to be performed bytewise, which will fail on little
endian machines for sure. Failure on big endian depends on usage
of slave select to mark word boundaries.
Anyway, ad7877 is specified to work with 16 bit per word, so
unconditionally set the word size accordingly. Flag an error where 16
bit per word is not available.
Signed-off-by: Oskar Schirmer <os@emlix.com>
Signed-off-by: Daniel Glöckner <dg@emlix.com>
Signed-off-by: Oliver Schneidewind <osw@emlix.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
So when we added output polling, we'd suddenly use this code more often, and the fact that it always takes over crtc2 and messes with it during probing isn't what we really want to be happening. A more complete fix would to change it to use whatever crtc was free at the time, but for now lets stay simple and just don't poll if crtc2 is already in use.
Although a more correct fix was found I suspect we should do this as well, until we get a chance to readdres the tv out polling issues.
Reported-by: Torsten Kaiser <just.for.lkml@googlemail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
We really don't want to be polling tv-out but since we weren't forcing the
i2c lines to invalid (tv-out has no DDC), we were adding tv connectors to the
polling setup and this was causing blinking on secondary displays.
This fixes the regression Torsten reported.
Reported-by: Torsten Kaiser <just.for.lkml@googlemail.com>
Tested-by: Torsten Kaiser <just.for.lkml@googlemail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
If "gpio->line" is 32 then "nv50_gpio_reg[gpio->line >> 3]" reads past the
end of the array.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
On cards where there's a specific BAR for PRAMIN, we used to try and fall
back to the "legacy" aperture within the mmio BAR.
This is doomed to cause problems, so lets just fail completely as there's
obviously something else very wrong anyway.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
It appears version 0x21 'U' and 'd' tables require us to take the SOR link
into account when selecting the appropriate table for a particular output.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
* git://git.infradead.org/~dwmw2/mtd-2.6.35:
jffs2: update ctime when changing the file's permission by setfacl
jffs2: Fix NFS race by using insert_inode_locked()
jffs2: Fix in-core inode leaks on error paths
mtd: Fix NAND submenu
mtd/r852: update card detect early.
mtd/r852: Fixes in case of DMA timeout
mtd/r852: register IRQ as last step
drivers/mtd: Use memdup_user
docbook: make mtd nand module init static
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
ahci: redo stopping DMA engines on empty ports
sata_sil24: fix kernel panic on ARM caused by unaligned access in sata_sil24
ahci: add pci quirk for JMB362
sata_via: explain the magic fix
This fixes FDO bug #28375, it's kind of regression, so quite important to have
it for .35.
V2: Fix on RV770+ as well. All other chipsets have only one clock mode per
state.
V3: I'm out of luck today. Grepped for voltage in r*.c and missed evergreen.
agd5f: rebased
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
track the current voltage level and avoid setting it
if the requested voltage is already set.
v2: check voltage type before checking current voltage
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
The vddc value in the power tables is not an actual voltage
like on discrete r6xx/r7xx/evergreen systems, but instead has
a symbolic meaning (e.g., NONE, LOW, HIGH, etc.). See atombios.h
Most RS780/RS880 vbioses don't have a SetVoltage table anyway,
so it shouldn't be doing anything to the hardware at the moment.
I need to figure out how voltage is supposed to work on the newer
IGPs; until then, disable it.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
