1. 24 Sep, 2010 17 commits
  2. 20 Sep, 2010 19 commits
    • Linus Torvalds's avatar
      Linux 2.6.36-rc5 · b30a3f62
      Linus Torvalds authored
      b30a3f62
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 · 6b3d2cc4
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
        Staging: vt6655: fix buffer overflow
        Revert: "Staging: batman-adv: Adding netfilter-bridge hooks"
      6b3d2cc4
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 · 0c4ab345
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
        USB: musb: MAINTAINERS: Fix my mail address
        USB: serial/mos*: prevent reading uninitialized stack memory
        USB: otg: twl4030: fix phy initialization(v1)
        USB: EHCI: Disable langwell/penwell LPM capability
        usb: musb_debugfs: don't use the struct file private_data field with seq_files
      0c4ab345
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 · 36ff4a55
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
        serial: mfd: fix bug in serial_hsu_remove()
        serial: amba-pl010: fix set_ldisc
      36ff4a55
    • Dan Carpenter's avatar
      Staging: vt6655: fix buffer overflow · dd173abf
      Dan Carpenter authored
      "param->u.wpa_associate.wpa_ie_len" comes from the user.  We should
      check it so that the copy_from_user() doesn't overflow the buffer.
      
      Also further down in the function, we assume that if
      "param->u.wpa_associate.wpa_ie_len" is set then "abyWPAIE[0]" is
      initialized.  To make that work, I changed the test here to say that if
      "wpa_ie_len" is set then "wpa_ie" has to be a valid pointer or we return
      -EINVAL.
      
      Oddly, we only use the first element of the abyWPAIE[] array.  So I
      suspect there may be some other issues in this function.
      Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      dd173abf
    • Sven Eckelmann's avatar
      Revert: "Staging: batman-adv: Adding netfilter-bridge hooks" · 350aede6
      Sven Eckelmann authored
      This reverts commit 96d592ed.
      
      The netfilter hook seems to be misused and may leak skbs in situations
      when NF_HOOK returns NF_STOLEN. It may not filter everything as
      expected. Also the ethernet bridge tables are not yet capable to
      understand batman-adv packet correctly.
      
      It was only added for testing purposes and can be removed again.
      Reported-by: default avatarVasiliy Kulikov <segooon@gmail.com>
      Signed-off-by: default avatarSven Eckelmann <sven.eckelmann@gmx.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      350aede6
    • Feng Tang's avatar
      serial: mfd: fix bug in serial_hsu_remove() · e3671ac4
      Feng Tang authored
      Medfield HSU driver deal with 4 pci devices(3 uart ports + 1 dma controller),
      so in pci remove func, we need handle them differently
      Signed-off-by: default avatarFeng Tang <feng.tang@intel.com>
      Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      e3671ac4
    • Mika Westerberg's avatar
      serial: amba-pl010: fix set_ldisc · 476f771c
      Mika Westerberg authored
      Commit d87d9b7d ("tty: serial - fix tty referencing in set_ldisc") changed
      set_ldisc to take ldisc number as parameter. This patch fixes AMBA PL010 driver
      according the new prototype.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@iki.fi>
      Cc: Alan Cox <alan@linux.intel.com>
      Cc: Russell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      476f771c
    • Felipe Balbi's avatar
      USB: musb: MAINTAINERS: Fix my mail address · f299470a
      Felipe Balbi authored
      If we don't, contributors to musb and any USB OMAP
      code will be sending mails to an unexistent inbox.
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      f299470a
    • Dan Rosenberg's avatar
      USB: serial/mos*: prevent reading uninitialized stack memory · a0846f18
      Dan Rosenberg authored
      The TIOCGICOUNT device ioctl in both mos7720.c and mos7840.c allows
      unprivileged users to read uninitialized stack memory, because the
      "reserved" member of the serial_icounter_struct struct declared on the
      stack is not altered or zeroed before being copied back to the user.
      This patch takes care of it.
      Signed-off-by: default avatarDan Rosenberg <dan.j.rosenberg@gmail.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      a0846f18
    • Ming Lei's avatar
      USB: otg: twl4030: fix phy initialization(v1) · fc8f2a76
      Ming Lei authored
      Commit 461c3177(into 2.6.36-v3)
      is put forward to power down phy if no usb cable is connected,
      but does introduce the two issues below:
      
      1), phy is not into work state if usb cable is connected
      with PC during poweron, so musb device mode is not usable
      in such case, follows the reasons:
      	-twl4030_phy_resume is not called, so
      		regulators are not enabled
      		i2c access are not enabled
      		usb mode not configurated
      
      2), The kernel warings[1] of regulators 'unbalanced disables'
      is caused if poweron without usb cable connected
      with PC or b-device.
      
      This patch fixes the two issues above:
      	-power down phy only if no usb cable is connected with PC
      and b-device
      	-do phy initialization(via __twl4030_phy_resume) if usb cable
      is connected with PC(vbus event) or another b-device(ID event) in
      twl4030_usb_probe.
      
      This patch also doesn't put VUSB3V1 LDO into active mode in
      twl4030_usb_ldo_init until VBUS/ID change detected, so we can
      save more power consumption than before.
      
      This patch is verified OK on Beagle board either connected with
      usb cable or not when poweron.
      
      [1]. warnings of 'unbalanced disables' of regulators.
      [root@OMAP3EVM /]# dmesg
      ------------[ cut here ]------------
      WARNING: at drivers/regulator/core.c:1357 _regulator_disable+0x38/0x128()
      unbalanced disables for VUSB1V8
      Modules linked in:
      Backtrace:
      [<c0030c48>] (dump_backtrace+0x0/0x110) from [<c034f5a8>] (dump_stack+0x18/0x1c)
       r7:c78179d8 r6:c01ed6b8 r5:c0410822 r4:0000054d
      [<c034f590>] (dump_stack+0x0/0x1c) from [<c0057da8>] (warn_slowpath_common+0x54/0x6c)
      [<c0057d54>] (warn_slowpath_common+0x0/0x6c) from [<c0057e64>] (warn_slowpath_fmt+0x38/0x40)
       r9:00000000 r8:00000000 r7:c78e6608 r6:00000000 r5:fffffffb
       r4:c78e6c00
      [<c0057e2c>] (warn_slowpath_fmt+0x0/0x40) from [<c01ed6b8>] (_regulator_disable+0x38/0x128)
       r3:c0410e53 r2:c0410ad5
      [<c01ed680>] (_regulator_disable+0x0/0x128) from [<c01ed87c>] (regulator_disable+0x24/0x38)
       r7:c78e6608 r6:00000000 r5:c78e6c40 r4:c78e6c00
      [<c01ed858>] (regulator_disable+0x0/0x38) from [<c02382dc>] (twl4030_phy_power+0x15c/0x17c)
       r5:c78595c0 r4:00000000
      [<c0238180>] (twl4030_phy_power+0x0/0x17c) from [<c023831c>] (twl4030_phy_suspend+0x20/0x2c)
       r6:00000000 r5:c78595c0 r4:c78595c0
      [<c02382fc>] (twl4030_phy_suspend+0x0/0x2c) from [<c0238638>] (twl4030_usb_irq+0x11c/0x16c)
       r5:c78595c0 r4:00000040
      [<c023851c>] (twl4030_usb_irq+0x0/0x16c) from [<c034ec18>] (twl4030_usb_probe+0x2c4/0x32c)
       r6:00000000 r5:00000000 r4:c78595c0
      [<c034e954>] (twl4030_usb_probe+0x0/0x32c) from [<c02152a0>] (platform_drv_probe+0x20/0x24)
       r7:00000000 r6:c047d49c r5:c78e6608 r4:c047d49c
      [<c0215280>] (platform_drv_probe+0x0/0x24) from [<c0214244>] (driver_probe_device+0xd0/0x190)
      [<c0214174>] (driver_probe_device+0x0/0x190) from [<c02143d4>] (__device_attach+0x44/0x48)
       r7:00000000 r6:c78e6608 r5:c78e6608 r4:c047d49c
      [<c0214390>] (__device_attach+0x0/0x48) from [<c0213694>] (bus_for_each_drv+0x50/0x90)
       r5:c0214390 r4:00000000
      [<c0213644>] (bus_for_each_drv+0x0/0x90) from [<c0214474>] (device_attach+0x70/0x94)
       r6:c78e663c r5:c78e6608 r4:c78e6608
      [<c0214404>] (device_attach+0x0/0x94) from [<c02134fc>] (bus_probe_device+0x2c/0x48)
       r7:00000000 r6:00000002 r5:c78e6608 r4:c78e6600
      [<c02134d0>] (bus_probe_device+0x0/0x48) from [<c0211e48>] (device_add+0x340/0x4b4)
      [<c0211b08>] (device_add+0x0/0x4b4) from [<c021597c>] (platform_device_add+0x110/0x16c)
      [<c021586c>] (platform_device_add+0x0/0x16c) from [<c0220cb0>] (add_numbered_child+0xd8/0x118)
       r7:00000000 r6:c045f15c r5:c78e6600 r4:00000000
      [<c0220bd8>] (add_numbered_child+0x0/0x118) from [<c001c618>] (twl_probe+0x3a4/0x72c)
      [<c001c274>] (twl_probe+0x0/0x72c) from [<c02601ac>] (i2c_device_probe+0x7c/0xa4)
      [<c0260130>] (i2c_device_probe+0x0/0xa4) from [<c0214244>] (driver_probe_device+0xd0/0x190)
       r5:c7856e20 r4:c047c860
      [<c0214174>] (driver_probe_device+0x0/0x190) from [<c02143d4>] (__device_attach+0x44/0x48)
       r7:c7856e04 r6:c7856e20 r5:c7856e20 r4:c047c860
      [<c0214390>] (__device_attach+0x0/0x48) from [<c0213694>] (bus_for_each_drv+0x50/0x90)
       r5:c0214390 r4:00000000
      [<c0213644>] (bus_for_each_drv+0x0/0x90) from [<c0214474>] (device_attach+0x70/0x94)
       r6:c7856e54 r5:c7856e20 r4:c7856e20
      [<c0214404>] (device_attach+0x0/0x94) from [<c02134fc>] (bus_probe_device+0x2c/0x48)
       r7:c7856e04 r6:c78fd048 r5:c7856e20 r4:c7856e20
      [<c02134d0>] (bus_probe_device+0x0/0x48) from [<c0211e48>] (device_add+0x340/0x4b4)
      [<c0211b08>] (device_add+0x0/0x4b4) from [<c0211fd8>] (device_register+0x1c/0x20)
      [<c0211fbc>] (device_register+0x0/0x20) from [<c0260aa8>] (i2c_new_device+0xec/0x150)
       r5:c7856e00 r4:c7856e20
      [<c02609bc>] (i2c_new_device+0x0/0x150) from [<c0260dc0>] (i2c_register_adapter+0xa0/0x1c4)
       r7:00000000 r6:c78fd078 r5:c78fd048 r4:c781d5c0
      [<c0260d20>] (i2c_register_adapter+0x0/0x1c4) from [<c0260f80>] (i2c_add_numbered_adapter+0x9c/0xb4)
       r7:00000a28 r6:c04600a8 r5:c78fd048 r4:00000000
      [<c0260ee4>] (i2c_add_numbered_adapter+0x0/0xb4) from [<c034efa4>] (omap_i2c_probe+0x324/0x3e8)
       r5:00000000 r4:c78fd000
      [<c034ec80>] (omap_i2c_probe+0x0/0x3e8) from [<c02152a0>] (platform_drv_probe+0x20/0x24)
      [<c0215280>] (platform_drv_probe+0x0/0x24) from [<c0214244>] (driver_probe_device+0xd0/0x190)
      [<c0214174>] (driver_probe_device+0x0/0x190) from [<c021436c>] (__driver_attach+0x68/0x8c)
       r7:c78b2140 r6:c047e214 r5:c04600e4 r4:c04600b0
      [<c0214304>] (__driver_attach+0x0/0x8c) from [<c021399c>] (bus_for_each_dev+0x50/0x84)
       r7:c78b2140 r6:c047e214 r5:c0214304 r4:00000000
      [<c021394c>] (bus_for_each_dev+0x0/0x84) from [<c0214068>] (driver_attach+0x20/0x28)
       r6:c047e214 r5:c047e214 r4:c00270d0
      [<c0214048>] (driver_attach+0x0/0x28) from [<c0213274>] (bus_add_driver+0xa8/0x228)
      [<c02131cc>] (bus_add_driver+0x0/0x228) from [<c02146a4>] (driver_register+0xb0/0x13c)
      [<c02145f4>] (driver_register+0x0/0x13c) from [<c0215744>] (platform_driver_register+0x4c/0x60)
       r9:00000000 r8:c001f688 r7:00000013 r6:c005b6fc r5:c00083dc
      r4:c00270d0
      [<c02156f8>] (platform_driver_register+0x0/0x60) from [<c001f69c>] (omap_i2c_init_driver+0x14/0x1c)
      [<c001f688>] (omap_i2c_init_driver+0x0/0x1c) from [<c002c460>] (do_one_initcall+0xd0/0x1a4)
      [<c002c390>] (do_one_initcall+0x0/0x1a4) from [<c0008478>] (kernel_init+0x9c/0x154)
      [<c00083dc>] (kernel_init+0x0/0x154) from [<c005b6fc>] (do_exit+0x0/0x688)
       r5:c00083dc r4:00000000
      ---[ end trace 1b75b31a2719ed1d ]---
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Felipe Balbi <me@felipebalbi.com>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      fc8f2a76
    • Alek Du's avatar
      USB: EHCI: Disable langwell/penwell LPM capability · fc928250
      Alek Du authored
      We have to do so due to HW limitation.
      Signed-off-by: default avatarAlek Du <alek.du@intel.com>
      Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      
      fc928250
    • Mathias Nyman's avatar
      usb: musb_debugfs: don't use the struct file private_data field with seq_files · 024cfa59
      Mathias Nyman authored
      seq_files use the private_data field of a file struct for storing a seq_file structure,
      data should be stored in seq_file's own private field (e.g. file->private_data->private)
      Otherwise seq_release() will free the private data when the file is closed.
      Signed-off-by: default avatarMathias Nyman <mathias.nyman@nokia.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      024cfa59
    • Al Viro's avatar
      frv: double syscall restarts, syscall restart in sigreturn() · ed1cde68
      Al Viro authored
      We need to make sure that only the first do_signal() to be handled on
      the way out syscall will bother with syscall restarts; additionally, the
      check on the "signal has user handler" path had been wrong - compare
      with restart prevention in sigreturn()...
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ed1cde68
    • Al Viro's avatar
      frv: handling of restart into restart_syscall is fscked · 44c7afff
      Al Viro authored
      do_signal() should place the syscall number in gr7, not gr8 when
      handling ERESTART_WOULDBLOCK.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      44c7afff
    • Al Viro's avatar
      frv: avoid infinite loop of SIGSEGV delivery · ad0acab4
      Al Viro authored
      Use force_sigsegv() rather than force_sig(SIGSEGV, ...) as the former
      resets the SEGV handler pointer which will kill the process, rather than
      leaving it open to an infinite loop if the SEGV handler itself caused a
      SEGV signal.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ad0acab4
    • Al Viro's avatar
      frv: fix address verification holes in setup_frame/setup_rt_frame · 5f4ad04a
      Al Viro authored
      a) sa_handler might be maliciously set to point to kernel memory;
         blindly dereferencing it in FDPIC case is a Bad Idea(tm).
      
      b) I'm not sure you need that set_fs(USER_DS) there at all, but if you
         do, you'd better do it *before* checking the frame you've decided to
         use with access_ok(), lest sigaltstack() becomes a convenient
         roothole.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5f4ad04a
    • Al Viro's avatar
      frv: restart_block.fn needs to be reset on sigreturn · 20cd514d
      Al Viro authored
      Reset restart_block.fn on executing a sigreturn such that any currently
      pending system call restarts will be forced to return -EINTR.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      20cd514d
    • Hugh Dickins's avatar
      mm: further fix swapin race condition · 31c4a3d3
      Hugh Dickins authored
      Commit 4969c119 ("mm: fix swapin race condition") is now agreed to
      be incomplete.  There's a race, not very much less likely than the
      original race envisaged, in which it is further necessary to check that
      the swapcache page's swap has not changed.
      
      Here's the reasoning: cast in terms of reuse_swap_page(), but probably
      could be reformulated to rely on try_to_free_swap() instead, or on
      swapoff+swapon.
      
      A, faults into do_swap_page(): does page1 = lookup_swap_cache(swap1) and
      comes through the lock_page(page1).
      
      B, a racing thread of the same process, faults on the same address: does
      page1 = lookup_swap_cache(swap1) and now waits in lock_page(page1), but
      for whatever reason is unlucky not to get the lock any time soon.
      
      A carries on through do_swap_page(), a write fault, but cannot reuse the
      swap page1 (another reference to swap1).  Unlocks the page1 (but B
      doesn't get it yet), does COW in do_wp_page(), page2 now in that pte.
      
      C, perhaps the parent of A+B, comes in and write faults the same swap
      page1 into its mm, reuse_swap_page() succeeds this time, swap1 is freed.
      
      kswapd comes in after some time (B still unlucky) and swaps out some
      pages from A+B and C: it allocates the original swap1 to page2 in A+B,
      and some other swap2 to the original page1 now in C.  But does not
      immediately free page1 (actually it couldn't: B holds a reference),
      leaving it in swap cache for now.
      
      B at last gets the lock on page1, hooray! Is PageSwapCache(page1)? Yes.
      Is pte_same(*page_table, orig_pte)? Yes, because page2 has now been
      given the swap1 which page1 used to have.  So B proceeds to insert page1
      into A+B's page_table, though its content now belongs to C, quite
      different from what A wrote there.
      
      B ought to have checked that page1's swap was still swap1.
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      31c4a3d3
  3. 19 Sep, 2010 4 commits