summaryrefslogtreecommitdiffstats
path: root/fs/squashfs (unfollow)
Commit message (Collapse)AuthorFilesLines
2010-02-05sh: Fix an off-by-1 in SH7780 PCIC memory resource mapping.Paul Mundt1-5/+5
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-02-05usb: r8a66597-hcd: Fix up spinlock recursion in root hub polling.Paul Mundt1-0/+4
The current root hub polling code exhibits a spinlock recursion on the private controller lock. r8a66597_root_hub_control() is called from r8a66597_timer() which grabs the lock and disables IRQs. The following chain emerges: r8a66597_timer() <-- lock taken r8a66597_root_hub_control() r8a66597_check_syssts() usb_hcd_poll_rh_status() <-- acquires the same lock /* insert death here */ The entire chain requires IRQs to be disabled, so we just unlock and relock around the call to usb_hcd_poll_rh_status() while leaving the IRQ state unchanged. Signed-off-by: Paul Mundt <lethal@linux-sh.org> Acked-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
2010-02-05usb: r8a66597-hcd: Flush the D-cache for the pipe-in transfer buffers.Paul Mundt1-12/+25
This implements the same D-cache flushing logic for r8a66597-hcd as Catalin's isp1760 (http://patchwork.kernel.org/patch/76391/) change, with the same note applying here as well: When the HDC driver writes the data to the transfer buffers it pollutes the D-cache (unlike DMA drivers where the device writes the data). If the corresponding pages get mapped into user space, there are no additional cache flushing operations performed and this causes random user space faults on architectures with separate I and D caches (Harvard) or those with aliasing D-cache. This fixes up crashes during USB boot on SH7724 and others: http://marc.info/?l=linux-sh&m=126439837308912&w=2 Reported-by: Goda Yusuke <goda.yusuke@renesas.com> Tested-by: Goda Yusuke <goda.yusuke@renesas.com> Cc: stable@kernel.org Signed-off-by: Paul Mundt <lethal@linux-sh.org> Acked-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
2010-02-05idr: revert misallocation bug fixTejun Heo1-3/+4
Commit 859ddf09743a8cc680af33f7259ccd0fd36bfe9d tried to fix misallocation bug but broke full bit marking by not clearing pa[idp->layers] and also is causing X failures due to lookup failure in drm code. The cause of the latter hasn't been found yet. Revert the fix for now. Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03omap: Disable serial port autoidle by defaultTony Lindgren1-2/+9
Currently the omap serial clocks are autoidled after 5 seconds. However, this causes lost characters on the serial ports. As this is considered non-standard behaviour for Linux, disable the timeout. Note that this will also cause blocking of any deeper omap sleep states. To enable the autoidling of the serial ports, do something like this for each serial port: # echo 5 > /sys/devices/platform/serial8250.0/sleep_timeout # echo 5 > /sys/devices/platform/serial8250.1/sleep_timeout ... Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03omap: Fix access to already released memory in clk_debugfs_register_one()Marek Skuczynski1-2/+2
I have found an access to already released memory in clk_debugfs_register_one() function. Signed-off-by: Marek Skuczynski <mareksk7@gmail.com> Acked-by: Paul Walmsley <paul@pwsan.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03omap: Fix arch/arm/mach-omap2/mux.c: Off by one errorTony Lindgren1-1/+2
David Binderman ran the sourceforge tool cppcheck over the source code of the new Linux kernel 2.6.33-rc6: [./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds 13 characters + 1 digit + 1 zero byte is more than 14 characters. Also add a comment on mode0 name length in case new omaps start using longer names. Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03omap: Fix 3630 mux errorsTony Lindgren2-0/+54
3630 has more mux signals than 34xx. The additional pins exist in omap36xx_cbp_subset, but are not initialized as the superset is missing these offsets. This causes the following errors during the boot: mux: Unknown entry offset 0x236 mux: Unknown entry offset 0x22e mux: Unknown entry offset 0x1ec mux: Unknown entry offset 0x1ee mux: Unknown entry offset 0x1f4 mux: Unknown entry offset 0x1f6 mux: Unknown entry offset 0x1f8 mux: Unknown entry offset 0x1fa mux: Unknown entry offset 0x1fc mux: Unknown entry offset 0x22a mux: Unknown entry offset 0x226 mux: Unknown entry offset 0x230 mux: Unknown entry offset 0x22c mux: Unknown entry offset 0x228 Fix this by adding the missing offsets to omap3 superset. Note that additionally the uninitialized pins need to be skipped on 34xx. Based on an earlier patch by Allen Pais <allen.pais@ti.com>. Reported-by: Allen Pais <allen.pais@ti.com> Signed-off-by: Allen Pais <allen.pais@ti.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03OMAP2/3: GPMC: ensure valid clock pointerKevin Hilman1-1/+4
Ensure valid clock pointer during GPMC init. Fixes compiler warning about potential use of uninitialized variable. Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03OMAP2/3: IRQ: ensure valid base addressKevin Hilman1-1/+3
Ensure valid base address during IRQ init. Fixes compiler warning about potential use of uninitialized variable. Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03ARCH OMAP : enable ARCH_HAS_HOLES_MEMORYMODEL for OMAPSriram1-0/+1
OMAP platforms(like OMAP3530) include DSP or other co-processors for media acceleration. when carving out memory for the accelerators we can end up creating a hole in the memory map of sort: <kernel memory><hole(memory for accelerator)><kernel memory> To handle such a memory configuration ARCH_HAS_HOLES_MEMORYMODEL has to be enabled. For further information refer discussion at: http://www.mail-archive.com/linux-omap@vger.kernel.org/msg15262.html. Signed-off-by: Sriramakrishnan <srk@ti.com> Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03omap: Remove old unused defines for OMAP_32KSYNCT_BASETony Lindgren1-10/+0
Remove old unused defines for OMAP_32KSYNCT_BASE Signed-off-by: Tony Lindgren <tony@atomide.com>
2010-02-03ARM: Fix wrong register in proc-arm6_7.S data abort handlerRussell King1-1/+1
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2010-02-03futex: Handle futex value corruption gracefullyThomas Gleixner1-2/+19
The WARN_ON in lookup_pi_state which complains about a mismatch between pi_state->owner->pid and the pid which we retrieved from the user space futex is completely bogus. The code just emits the warning and then continues despite the fact that it detected an inconsistent state of the futex. A conveniant way for user space to spam the syslog. Replace the WARN_ON by a consistency check. If the values do not match return -EINVAL and let user space deal with the mess it created. This also fixes the missing task_pid_vnr() when we compare the pi_state->owner pid with the futex value. Reported-by: Jermome Marchand <jmarchan@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: <stable@kernel.org>
2010-02-03futex: Handle user space corruption gracefullyThomas Gleixner1-0/+7
If the owner of a PI futex dies we fix up the pi_state and set pi_state->owner to NULL. When a malicious or just sloppy programmed user space application sets the futex value to 0 e.g. by calling pthread_mutex_init(), then the futex can be acquired again. A new waiter manages to enqueue itself on the pi_state w/o damage, but on unlock the kernel dereferences pi_state->owner and oopses. Prevent this by checking pi_state->owner in the unlock path. If pi_state->owner is not current we know that user space manipulated the futex value. Ignore the mess and return -EINVAL. This catches the above case and also the case where a task hijacks the futex by setting the tid value and then tries to unlock it. Reported-by: Jermome Marchand <jmarchan@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Darren Hart <dvhltc@us.ibm.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: <stable@kernel.org>
2010-02-03futex_lock_pi() key refcnt fixMikael Pettersson1-1/+1
This fixes a futex key reference count bug in futex_lock_pi(), where a key's reference count is incremented twice but decremented only once, causing the backing object to not be released. If the futex is created in a temporary file in an ext3 file system, this bug causes the file's inode to become an "undead" orphan, which causes an oops from a BUG_ON() in ext3_put_super() when the file system is unmounted. glibc's test suite is known to trigger this, see <http://bugzilla.kernel.org/show_bug.cgi?id=14256>. The bug is a regression from 2.6.28-git3, namely Peter Zijlstra's 38d47c1b7075bd7ec3881141bb3629da58f88dab "[PATCH] futex: rely on get_user_pages() for shared futexes". That commit made get_futex_key() also increment the reference count of the futex key, and updated its callers to decrement the key's reference count before returning. Unfortunately the normal exit path in futex_lock_pi() wasn't corrected: the reference count is incremented by get_futex_key() and queue_lock(), but the normal exit path only decrements once, via unqueue_me_pi(). The fix is to put_futex_key() after unqueue_me_pi(), since 2.6.31 this is easily done by 'goto out_put_key' rather than 'goto out'. Signed-off-by: Mikael Pettersson <mikpe@it.uu.se> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Darren Hart <dvhltc@us.ibm.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: <stable@kernel.org>
2010-02-03NFS: Don't clobber the attribute type in nfs_update_inode()Trond Myklebust1-1/+3
If the NFS_ATTR_FATTR_TYPE field isn't set in fattr->valid, then we should not set the S_IFMT part of inode->i_mode. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2010-02-03NFS: Fix a umount raceTrond Myklebust1-1/+14
Ensure that we unregister the bdi before kill_anon_super() calls ida_remove() on our device name. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org
2010-02-03NFS: Fix an Oops when truncating a fileTrond Myklebust1-8/+9
The VM/VFS does not allow mapping->a_ops->invalidatepage() to fail. Unfortunately, nfs_wb_page_cancel() may fail if a fatal signal occurs. Since the NFS code assumes that the page stays mapped for as long as the writeback is active, we can end up Oopsing (among other things). The only safe fix here is to convert nfs_wait_on_request(), so as to make it uninterruptible (as is already the case with wait_on_page_writeback()). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org
2010-02-03microblaze: fix interrupt state restoreSteven J. Magnani1-4/+6
Interrupts must be disabled while an interrupt state restore (prep for interrupt return) is in progress. Code to do this was lost in the port to the mainline kernel. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-02-03GFS2: Extend umount wait coverage to full glock lifetimeSteven Whitehouse5-7/+17
Although all glocks are, by the time of the umount glock wait, scheduled for demotion, some of them haven't made it far enough through the process for the original set of waiting code to wait for them. This extends the ref count to the whole glock lifetime in order to ensure that the waiting does catch all glocks. It does make it a bit more invasive, but it seems the only sensible solution at the moment. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2010-02-03GFS2: Wait for unlock completion on umountSteven Whitehouse4-1/+13
This patch adds a wait on umount between the point at which we dispose of all glocks and the point at which we unmount the lock protocol. This ensures that we've received all the replies to our unlock requests before we stop the locking. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com> Reported-by: Fabio M. Di Nitto <fdinitto@redhat.com>
2010-02-03microblaze: Defconfig updateMichal Simek2-44/+169
There were several changes in Microblaze defconfig that's why is good to update defconfigs. Signed-off-by: Michal Simek <monstr@monstr.eu>
2010-02-03sh: Fix up early PCI PERR/SERR IRQ handling.Paul Mundt4-26/+90
This adds support for handling early PERR/SERR triggering in between controller registration and the initial bus scan. Buggy cards end up asserting these as soon as the M66EN scan is undertaken, resulting in an early crash. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-02-03pktcdvd: removing device does not remove its sysfs dirThadeu Lima de Souza Cascardo1-1/+1
This is the counterpart to cba767175becadc5c4016cceb7bfdd2c7fe722f4 ("pktcdvd: remove broken dev_t export of class devices"). Device is not registered using dev_t, so it should not be destroyed using device_destroy which looks up the device by dev_t. This will fail and adding the device again will fail with the "duplicate name" error. This is fixed using device_unregister instead of device_destroy. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Peter Osterlund <petero2@telia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Jens Axboe <jens.axboe@oracle.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03memory hotplug: fix a bug on /dev/mem for 64-bit kernelsShaohui Zheng1-0/+19
Newly added memory can not be accessed via /dev/mem, because we do not update the variables high_memory, max_pfn and max_low_pfn. Add a function update_end_of_memory_vars() to update these variables for 64-bit kernels. [akpm@linux-foundation.org: simplify comment] Signed-off-by: Shaohui Zheng <shaohui.zheng@intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Li Haicheng <haicheng.li@intel.com> Reviewed-by: Wu Fengguang <fengguang.wu@intel.com> Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03fault injection: correct function names in documentationAnton Blanchard1-2/+2
init_fault_attr_entries() should be init_fault_attr_dentries(). cleanup_fault_attr_entries() should be cleanup_fault_attr_dentries(). Signed-off-by: Anton Blanchard <anton@samba.org> Acked-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03hugetlb: fix section mismatchesJeff Mahoney1-4/+3
hugetlb_sysfs_add_hstate is called by hugetlb_register_node directly during init and also indirectly via sysfs after init. This patch removes the __init tag from hugetlb_sysfs_add_hstate. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Cc: Lee Schermerhorn <lee.schermerhorn@hp.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03uartlite: fix crash when using as consoleRichard Röjfors1-1/+1
Move the ulite_console_setup to the .devinit section since it might be called on probe, which is in devinit. Fixes the crash below where the uartlite hw is probed after the .init section is freed from the kernel. uartlite: ttyUL0 at MMIO 0xc8000100 (irq = 30) is a uartlite BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c176720e>] ulite_console_setup+0x6f/0xa8 *pdpt = 0000000036fb0001 *pde = 0000000000000000 Oops: 0000 [#1] PREEMPT SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1f.1/host0/uevent Modules linked in: puffin(+) serio_raw Pid: 151, comm: modprobe Not tainted (2.6.31.5-1.0.b1-b1 #1) POULSBO EIP: 0060:[<c176720e>] EFLAGS: 00010246 CPU: 0 EIP is at ulite_console_setup+0x6f/0xa8 EAX: c16ec824 EBX: c16ec824 ECX: c176719f EDX: 00000000 ESI: 00000000 EDI: c17b42c4 EBP: f6fd1cf0 ESP: f6fd1cd8 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process modprobe (pid: 151, ti=f6fd0000 task=f6fa1020 task.ti=f6fd0000) Stack: c1031f51 00000000 00000000 00000246 c182237c f7742000 f6fd1d5c c11fd316 <0> c16ec85c f77420d4 0000001e 00000000 00000000 c1633e78 4f494d4d 63783020 <0> 30303038 00303031 f6fd1d3c c10e0786 f6fd1d48 00000000 f6fd1d48 00000000 Call Trace: [<c1031f51>] ? register_console+0xf6/0x1fc [<c11fd316>] ? uart_add_one_port+0x237/0x2bb [<c10e0786>] ? sysfs_add_one+0x13/0xd3 [<c10e142f>] ? sysfs_do_create_link+0xba/0xfc [<c146f200>] ? ulite_probe+0x198/0x1eb [<c12064ee>] ? platform_drv_probe+0xc/0xe [<c120597b>] ? driver_probe_device+0x79/0x105 [<c1205a8e>] ? __device_attach+0x28/0x30 [<c120511f>] ? bus_for_each_drv+0x3d/0x67 [<c1205af9>] ? device_attach+0x44/0x58 [<c1205a66>] ? __device_attach+0x0/0x30 [<c1204fb8>] ? bus_probe_device+0x1f/0x34 [<c1203e68>] ? device_add+0x385/0x4c0 [<c148491f>] ? _write_unlock+0x8/0x1f [<c1206aac>] ? platform_device_add+0xd9/0x11c [<c120c685>] ? mfd_add_devices+0x165/0x1bc [<f831b378>] ? puffin_probe+0x2d0/0x390 [puffin] [<c11a08ef>] ? pci_match_device+0xa0/0xa7 [<c11a07bc>] ? local_pci_probe+0xe/0x10 [<c11a11db>] ? pci_device_probe+0x43/0x66 [<c120597b>] ? driver_probe_device+0x79/0x105 [<c1205a4a>] ? __driver_attach+0x43/0x5f [<c120535d>] ? bus_for_each_dev+0x3d/0x67 [<c1205852>] ? driver_attach+0x14/0x16 [<c1205a07>] ? __driver_attach+0x0/0x5f [<c1204dea>] ? bus_add_driver+0xf9/0x220 [<c1205c8f>] ? driver_register+0x8b/0xeb [<c11a1518>] ? __pci_register_driver+0x43/0x9f [<c10477ef>] ? __blocking_notifier_call_chain+0x40/0x4c [<f831f000>] ? puffin_init+0x0/0x48 [puffin] [<f831f017>] ? puffin_init+0x17/0x48 [puffin] [<c1001139>] ? do_one_initcall+0x4c/0x131 [<c105607b>] ? sys_init_module+0xa7/0x1b7 [<c1002a61>] ? syscall_call+0x7/0xb Code: 6e 74 00 00 00 92 33 00 00 18 00 0e 01 73 79 6e 63 65 2d 72 65 67 69 73 74 72 79 0c 00 49 32 00 00 14 00 09 01 61 6c 73 61 2d 69 <6e> 66 6f 00 00 00 42 37 00 00 10 00 07 01 6b 69 6c 6c 61 6c 6c EIP: [<c176720e>] ulite_console_setup+0x6f/0xa8 SS:ESP 0068:f6fd1cd8 CR2: 0000000000000000 Signed-off-by: Richard Röjfors <richard.rojfors@pelagicore.com> Acked-by: Peter Korsgaard <jacmet@sunsite.dk> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03imxfb: correct location of callbacks in suspend and resumeUwe Kleine-König1-2/+4
The probe function passes a pointer to a struct fb_info to platform_set_drvdata(), so don't interpret the return value of platform_get_drvdata() as a pointer to struct imxfb_info. The original imxfb_info *fbi backlight_power was NULL but in imxfb_suspend it was 4 resulting in an oops as imxfb_suspend calls imxfb_disable_controller(fbi) which in turn has if (fbi->backlight_power) fbi->backlight_power(0); Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Acked-by: Sascha Hauer <kernel@pengutronix.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03cgroups: fix to return errno in a failure pathLi Zefan1-2/+5
In cgroup_create(), if alloc_css_id() returns failure, the errno is not propagated to userspace, so mkdir will fail silently. To trigger this bug, we mount blkio (or memory subsystem), and create more then 65534 cgroups. (The number of cgroups is limited to 65535 if a subsystem has use_id == 1) # mount -t cgroup -o blkio xxx /mnt # for ((i = 0; i < 65534; i++)); do mkdir /mnt/$i; done # mkdir /mnt/65534 (should return ENOSPC) # Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: Paul Menage <menage@google.com> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03markup_oops.pl: fix $func_offset error with x86_64Hui Zhu1-1/+1
When I use markup_oops.pl parse a x8664 oops, I got: objdump: --start-address: bad number: NaN No matching code found This is because: main::(./m.pl:228): open(FILE, "objdump -dS --adjust-vma=$vmaoffset --start-address=$decodestart --stop-address=$decodestop $filename |") || die "Cannot start objdump"; DB<3> p $decodestart NaN This NaN is from: main::(./m.pl:176): my $decodestart = Math::BigInt->from_hex("0x$target") - Math::BigInt->from_hex("0x$func_offset"); DB<2> p $func_offset 0x175 There is already a "0x" in $func_offset, another 0x makes it a NaN. The $func_offset is from line: if ($line =~ /RIP: 0010:\[\<[0-9a-f]+\>\] \[\<[0-9a-f]+\>\] ([a-zA-Z0-9\_]+)\+(0x[0-9a-f]+)\/0x[a-f0-9]/) { $function = $1; $func_offset = $2; } I make a patch to change "(0x[0-9a-f]+)\/0x[a-f0-9]/)" to "0x([0-9a-f]+)\/0x[a-f0-9]/)". Signed-off-by: Hui Zhu <teawater@gmail.com> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03get_maintainer.pl: teach git log to use --no-colorRichard Kennedy1-2/+2
When git has been set to always use color in .gitconfig then I get the warning message Bad divisor in main::vcs_assign: 0 This is caused by vcs_file_signoffs not matching any commits due to the pattern not understand the colour codes. Fix this by telling git log to never use colour. Signed-off-by: Richard Kennedy <richard@rsk.demon.co.uk> Acked-by: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03devmem: fix kmem write bug on memory holesWu Fengguang1-1/+1
write_kmem() used to assume vwrite() always return the full buffer length. However now vwrite() could return 0 to indicate memory hole. This creates a bug that "buf" is not advanced accordingly. Fix it to simply ignore the return value, hence the memory hole. Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Tejun Heo <tj@kernel.org> Cc: Nick Piggin <npiggin@suse.de> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03devmem: check vmalloc address on kmem read/writeKAMEZAWA Hiroyuki1-10/+18
Otherwise vmalloc_to_page() will BUG(). This also makes the kmem read/write implementation aligned with mem(4): "References to nonexistent locations cause errors to be returned." Here we return -ENXIO (inspired by Hugh) if no bytes have been transfered to/from user space, otherwise return partial read/write results. Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03mm: flush dcache before writing into page to avoid aliasanfei zhou2-0/+6
The cache alias problem will happen if the changes of user shared mapping is not flushed before copying, then user and kernel mapping may be mapped into two different cache line, it is impossible to guarantee the coherence after iov_iter_copy_from_user_atomic. So the right steps should be: flush_dcache_page(page); kmap_atomic(page); write to page; kunmap_atomic(page); flush_dcache_page(page); More precisely, we might create two new APIs flush_dcache_user_page and flush_dcache_kern_page to replace the two flush_dcache_page accordingly. Here is a snippet tested on omap2430 with VIPT cache, and I think it is not ARM-specific: int val = 0x11111111; fd = open("abc", O_RDWR); addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); *(addr+0) = 0x44444444; tmp = *(addr+0); *(addr+1) = 0x77777777; write(fd, &val, sizeof(int)); close(fd); The results are not always 0x11111111 0x77777777 at the beginning as expected. Sometimes we see 0x44444444 0x77777777. Signed-off-by: Anfei <anfei.zhou@gmail.com> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Cc: <linux-arch@vger.kernel.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03kfifo: fix kernel-doc notationRandy Dunlap1-1/+2
Fix kfifo kernel-doc warnings: Warning(kernel/kfifo.c:361): No description found for parameter 'total' Warning(kernel/kfifo.c:402): bad line: @ @lenout: pointer to output variable with copied data Warning(kernel/kfifo.c:412): No description found for parameter 'lenout' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Stefani Seibold <stefani@seibold.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03rtc-fm3130: add missing bracesSergey Matyukevich1-2/+4
Add missing braces for multiline 'if' statements in fm3130_probe. Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> Signed-off-by: Alessandro Zummo <a.zummo@towertech.it> Cc: Sergey Lapin <slapin@ossfans.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03mx3fb: some debug and initialisation fixesAlberto Panizzo1-4/+8
Fix the kernel oops when dev_dbg is called with mx3_fbi->txd == NULL Fix the late initialisation of mx3fb->backlight_level. If not, in the chain of function started by init_fb_chan(), in __blank() call sdc_set_brightness(mx3fb, mx3fb->backlight_level) that will shut down the CONTRAST PWM output. Signed-off-by: Alberto Panizzo <maramaopercheseimorto@gmail.com> Acked-by: Guennadi Liakhovetski <g.liakhovetski <at> gmx.de> Cc: Sascha Hauer <s.hauer@pengutronix.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03idr: fix a critical misallocation bugTejun Heo1-4/+3
Eric Paris located a bug in idr. With IDR_BITS of 6, it grows to three layers when id 4096 is first allocated. When that happens, idr wraps incorrectly and searches the idr array ignoring the high bits. The following test code from Eric demonstrates the bug nicely. #include <linux/idr.h> #include <linux/kernel.h> #include <linux/module.h> static DEFINE_IDR(test_idr); int init_module(void) { int ret, forty95, forty96; void *addr; /* add 2 entries both with 4095 as the start address */ again1: if (!idr_pre_get(&test_idr, GFP_KERNEL)) return -ENOMEM; ret = idr_get_new_above(&test_idr, (void *)4095, 4095, &forty95); if (ret) { if (ret == -EAGAIN) goto again1; return ret; } if (forty95 != 4095) printk(KERN_ERR "hmmm, forty95=%d\n", forty95); again2: if (!idr_pre_get(&test_idr, GFP_KERNEL)) return -ENOMEM; ret = idr_get_new_above(&test_idr, (void *)4096, 4095, &forty96); if (ret) { if (ret == -EAGAIN) goto again2; return ret; } if (forty96 != 4096) printk(KERN_ERR "hmmm, forty96=%d\n", forty96); /* try to find the 2 entries, noticing that 4096 broke */ addr = idr_find(&test_idr, forty95); if ((int)addr != forty95) printk(KERN_ERR "hmmm, after find forty95=%d addr=%d\n", forty95, (int)addr); addr = idr_find(&test_idr, forty96); if ((int)addr != forty96) printk(KERN_ERR "hmmm, after find forty96=%d addr=%d\n", forty96, (int)addr); /* really weird, the entry which should be at 4096 is actually at 0!! */ addr = idr_find(&test_idr, 0); if ((int)addr) printk(KERN_ERR "found an entry at id=0 for addr=%d\n", (int)addr); idr_remove(&test_idr, forty95); idr_remove(&test_idr, forty96); return 0; } void cleanup_module(void) { } MODULE_AUTHOR("Eric Paris <eparis@redhat.com>"); MODULE_DESCRIPTION("Simple idr test"); MODULE_LICENSE("GPL"); This happens because when sub_alloc() back tracks it doesn't always do it step-by-step while the over-the-limit detection assumes step-by-step backtracking. The logic in sub_alloc() looks like the following. restart: clear pa[top level + 1] for end cond detection l = top level while (true) { search for empty slot at this level if (not found) { push id to the next possible value l++ A: if (pa[l] is clear) failed, return asking caller to grow the tree if (going up 1 level gives more slots to search) continue the while loop above with the incremented l else C: goto restart } adjust id accordingly to the found slot if (l == 0) return found id; create lower level if not there yet record pa[l] and l-- } Test A is the fail exit condition but this assumes that failure is propagated upwared one level at a time but the B optimization path breaks the assumption and restarts the whole thing with a start value which is above the possible limit with the current layers. sub_alloc() assumes the start id value is inside the limit when called and test A is the only exit condition check, so it ends up searching for empty slot while ignoring high set bit. So, for 4095->4096 test, level0 search fails but pa[1] contains a valid pointer. However, going up 1 level wouldn't give any more empty slot so it takes C and when the whole thing restarts nobody notices the high bit set beyond the top level. This patch fixes the bug by changing the fail exit condition check to full id limit check. Based-on-patch-from: Eric Paris <eparis@redhat.com> Reported-by: Eric Paris <eparis@redhat.com> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-03connector: Delete buggy notification code.Evgeniy Polyakov2-207/+0
On Tue, Feb 02, 2010 at 02:57:14PM -0800, Greg KH (gregkh@suse.de) wrote: > > There are at least two ways to fix it: using a big cannon and a small > > one. The former way is to disable notification registration, since it is > > not used by anyone at all. Second way is to check whether calling > > process is root and its destination group is -1 (kind of priveledged > > one) before command is dispatched to workqueue. > > Well if no one is using it, removing it makes the most sense, right? > > No objection from me, care to make up a patch either way for this? Getting it is not used, let's drop support for notifications about (un)registered events from connector. Another option was to check credentials on receiving, but we can always restore it without bugs if needed, but genetlink has a wider code base and none complained, that userspace can not get notification when some other clients were (un)registered. Kudos for Sebastian Krahmer <krahmer@suse.de>, who found a bug in the code. Signed-off-by: Evgeniy Polyakov <zbr@ioremap.net> Acked-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-02-03kernel/cred.c: use kmem_cache_freeJulia Lawall1-1/+1
Free memory allocated using kmem_cache_zalloc using kmem_cache_free rather than kfree. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression x,E,c; @@ x = \(kmem_cache_alloc\|kmem_cache_zalloc\|kmem_cache_alloc_node\)(c,...) ... when != x = E when != &x ?-kfree(x) +kmem_cache_free(c,x) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Cc: Steve Dickson <steved@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
2010-02-02mm: purge fragmented percpu vmap blocksNick Piggin1-11/+81
Improve handling of fragmented per-CPU vmaps. We previously don't free up per-CPU maps until all its addresses have been used and freed. So fragmented blocks could fill up vmalloc space even if they actually had no active vmap regions within them. Add some logic to allow all CPUs to have these blocks purged in the case of failure to allocate a new vm area, and also put some logic to trim such blocks of a current CPU if we hit them in the allocation path (so as to avoid a large build up of them). Christoph reported some vmap allocation failures when using the per CPU vmap APIs in XFS, which cannot be reproduced after this patch and the previous bug fix. Cc: linux-mm@kvack.org Cc: stable@kernel.org Tested-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Nick Piggin <npiggin@suse.de> -- Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-02mm: percpu-vmap fix RCU list walkingNick Piggin1-14/+6
RCU list walking of the per-cpu vmap cache was broken. It did not use RCU primitives, and also the union of free_list and rcu_head is obviously wrong (because free_list is indeed the list we are RCU walking). While we are there, remove a couple of unused fields from an earlier iteration. These APIs aren't actually used anywhere, because of problems with the XFS conversion. Christoph has now verified that the problems are solved with these patches. Also it is an exported interface, so I think it will be good to be merged now (and Christoph wants to get the XFS changes into their local tree). Cc: stable@kernel.org Cc: linux-mm@kvack.org Tested-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Nick Piggin <npiggin@suse.de> -- Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-02Fix 'flush_old_exec()/setup_new_exec()' splitLinus Torvalds1-5/+5
Commit 221af7f87b9 ("Split 'flush_old_exec' into two functions") split the function at the point of no return - ie right where there were no more error cases to check. That made sense from a technical standpoint, but when we then also combined it with the actual personality setting going in between flush_old_exec() and setup_new_exec(), it needs to be a bit more careful. In particular, we need to make sure that we really flush the old personality bits in the 'flush' stage, rather than later in the 'setup' stage, since otherwise we might be flushing the _new_ personality state that we're just setting up. So this moves the flags and personality flushing (and 'flush_thread()', which is the arch-specific function that generally resets lazy FP state etc) of the old process into flush_old_exec(), so that it doesn't affect any state that execve() is setting up for the new process environment. This was reported by Michal Simek as breaking his Microblaze qemu environment. Reported-and-tested-by: Michal Simek <michal.simek@petalogix.com> Cc: Peter Anvin <hpa@zytor.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-02-02cfq-iosched: Do not idle on async queuesVivek Goyal1-1/+1
Few weeks back, Shaohua Li had posted similar patch. I am reposting it with more test results. This patch does two things. - Do not idle on async queues. - It also changes the write queue depth CFQ drives (cfq_may_dispatch()). Currently, we seem to driving queue depth of 1 always for WRITES. This is true even if there is only one write queue in the system and all the logic of infinite queue depth in case of single busy queue as well as slowly increasing queue depth based on last delayed sync request does not seem to be kicking in at all. This patch will allow deeper WRITE queue depths (subjected to the other WRITE queue depth contstraints like cfq_quantum and last delayed sync request). Shaohua Li had reported getting more out of his SSD. For me, I have got one Lun exported from an HP EVA and when pure buffered writes are on, I can get more out of the system. Following are test results of pure buffered writes (with end_fsync=1) with vanilla and patched kernel. These results are average of 3 sets of run with increasing number of threads. AVERAGE[bufwfs][vanilla] ------- job Set NR ReadBW(KB/s) MaxClat(us) WriteBW(KB/s) MaxClat(us) --- --- -- ------------ ----------- ------------- ----------- bufwfs 3 1 0 0 95349 474141 bufwfs 3 2 0 0 100282 806926 bufwfs 3 4 0 0 109989 2.7301e+06 bufwfs 3 8 0 0 116642 3762231 bufwfs 3 16 0 0 118230 6902970 AVERAGE[bufwfs] [patched kernel] ------- bufwfs 3 1 0 0 270722 404352 bufwfs 3 2 0 0 206770 1.06552e+06 bufwfs 3 4 0 0 195277 1.62283e+06 bufwfs 3 8 0 0 260960 2.62979e+06 bufwfs 3 16 0 0 299260 1.70731e+06 I also ran buffered writes along with some sequential reads and some buffered reads going on in the system on a SATA disk because the potential risk could be that we should not be driving queue depth higher in presence of sync IO going to keep the max clat low. With some random and sequential reads going on in the system on one SATA disk I did not see any significant increase in max clat. So it looks like other WRITE queue depth control logic is doing its job. Here are the results. AVERAGE[brr, bsr, bufw together] [vanilla] ------- job Set NR ReadBW(KB/s) MaxClat(us) WriteBW(KB/s) MaxClat(us) --- --- -- ------------ ----------- ------------- ----------- brr 3 1 850 546345 0 0 bsr 3 1 14650 729543 0 0 bufw 3 1 0 0 23908 8274517 brr 3 2 981.333 579395 0 0 bsr 3 2 14149.7 1175689 0 0 bufw 3 2 0 0 21921 1.28108e+07 brr 3 4 898.333 1.75527e+06 0 0 bsr 3 4 12230.7 1.40072e+06 0 0 bufw 3 4 0 0 19722.3 2.4901e+07 brr 3 8 900 3160594 0 0 bsr 3 8 9282.33 1.91314e+06 0 0 bufw 3 8 0 0 18789.3 23890622 AVERAGE[brr, bsr, bufw mixed] [patched kernel] ------- job Set NR ReadBW(KB/s) MaxClat(us) WriteBW(KB/s) MaxClat(us) --- --- -- ------------ ----------- ------------- ----------- brr 3 1 837 417973 0 0 bsr 3 1 14357.7 591275 0 0 bufw 3 1 0 0 24869.7 8910662 brr 3 2 1038.33 543434 0 0 bsr 3 2 13351.3 1205858 0 0 bufw 3 2 0 0 18626.3 13280370 brr 3 4 913 1.86861e+06 0 0 bsr 3 4 12652.3 1430974 0 0 bufw 3 4 0 0 15343.3 2.81305e+07 brr 3 8 890 2.92695e+06 0 0 bsr 3 8 9635.33 1.90244e+06 0 0 bufw 3 8 0 0 17200.3 24424392 So looks like it might make sense to include this patch. Thanks Vivek Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2010-02-02MIPS: 64-bit: Detect virtual memory sizeGuenter Roeck4-1/+24
Linux kernel 2.6.32 and later allocate address space from the top of the kernel virtual memory address space. This patch implements virtual memory size detection for 64 bit MIPS CPUs to avoid resulting crashes. Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/935/ Reviewed-by: David Daney <ddaney@caviumnetworks.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2010-02-02be2net: use eq-id to calculate cev-isr reg offsetSathya Perla1-1/+1
cev-isr reg offset for each function is better calculated using (any) eq-id alloted to that function instead of using pci-func number(which does not work in some configurations...) Signed-off-by: Sathya Perla <sathyap@serverengines.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-02-02sh: Disable generic IRQ probing.Paul Mundt1-3/+0
IRQ autoprobing hasn't actually worked for us at all since very early in 2.6, but no one seems to have noticed given that none of the drivers that use it see much testing. yenta_socket is the odd one out, and that depends on PCI IRQs which are fixed on all SH platforms anyways. Consequently, turning off autoprobing fixes up crashes triggered by yenta_socket and at least gets it working again on r7785rp. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-02-02sh: enable sparseirq for highlander and r2d.Paul Mundt1-12/+4
highlander and r2d are the only remaining ones that were blocking sparseirq being turned on by default, but it turns out that they already work fine with it by virtue of register_intc_controller(). As such, we can kill off the dependencies and turn it on by default. Signed-off-by: Paul Mundt <lethal@linux-sh.org>