1. 24 Sep, 2010 4 commits
  2. 22 Sep, 2010 2 commits
  3. 21 Sep, 2010 10 commits
  4. 20 Sep, 2010 20 commits
    • Linus Torvalds's avatar
      Linux 2.6.36-rc5 · b30a3f62
      Linus Torvalds authored
      b30a3f62
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 · 6b3d2cc4
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
        Staging: vt6655: fix buffer overflow
        Revert: "Staging: batman-adv: Adding netfilter-bridge hooks"
      6b3d2cc4
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 · 0c4ab345
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
        USB: musb: MAINTAINERS: Fix my mail address
        USB: serial/mos*: prevent reading uninitialized stack memory
        USB: otg: twl4030: fix phy initialization(v1)
        USB: EHCI: Disable langwell/penwell LPM capability
        usb: musb_debugfs: don't use the struct file private_data field with seq_files
      0c4ab345
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 · 36ff4a55
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
        serial: mfd: fix bug in serial_hsu_remove()
        serial: amba-pl010: fix set_ldisc
      36ff4a55
    • Dan Carpenter's avatar
      Staging: vt6655: fix buffer overflow · dd173abf
      Dan Carpenter authored
      "param->u.wpa_associate.wpa_ie_len" comes from the user.  We should
      check it so that the copy_from_user() doesn't overflow the buffer.
      
      Also further down in the function, we assume that if
      "param->u.wpa_associate.wpa_ie_len" is set then "abyWPAIE[0]" is
      initialized.  To make that work, I changed the test here to say that if
      "wpa_ie_len" is set then "wpa_ie" has to be a valid pointer or we return
      -EINVAL.
      
      Oddly, we only use the first element of the abyWPAIE[] array.  So I
      suspect there may be some other issues in this function.
      Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      dd173abf
    • Sven Eckelmann's avatar
      Revert: "Staging: batman-adv: Adding netfilter-bridge hooks" · 350aede6
      Sven Eckelmann authored
      This reverts commit 96d592ed.
      
      The netfilter hook seems to be misused and may leak skbs in situations
      when NF_HOOK returns NF_STOLEN. It may not filter everything as
      expected. Also the ethernet bridge tables are not yet capable to
      understand batman-adv packet correctly.
      
      It was only added for testing purposes and can be removed again.
      Reported-by: default avatarVasiliy Kulikov <segooon@gmail.com>
      Signed-off-by: default avatarSven Eckelmann <sven.eckelmann@gmx.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      350aede6
    • Feng Tang's avatar
      serial: mfd: fix bug in serial_hsu_remove() · e3671ac4
      Feng Tang authored
      Medfield HSU driver deal with 4 pci devices(3 uart ports + 1 dma controller),
      so in pci remove func, we need handle them differently
      Signed-off-by: default avatarFeng Tang <feng.tang@intel.com>
      Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      e3671ac4
    • Mika Westerberg's avatar
      serial: amba-pl010: fix set_ldisc · 476f771c
      Mika Westerberg authored
      Commit d87d9b7d ("tty: serial - fix tty referencing in set_ldisc") changed
      set_ldisc to take ldisc number as parameter. This patch fixes AMBA PL010 driver
      according the new prototype.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@iki.fi>
      Cc: Alan Cox <alan@linux.intel.com>
      Cc: Russell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      476f771c
    • Felipe Balbi's avatar
      USB: musb: MAINTAINERS: Fix my mail address · f299470a
      Felipe Balbi authored
      If we don't, contributors to musb and any USB OMAP
      code will be sending mails to an unexistent inbox.
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      f299470a
    • Dan Rosenberg's avatar
      USB: serial/mos*: prevent reading uninitialized stack memory · a0846f18
      Dan Rosenberg authored
      The TIOCGICOUNT device ioctl in both mos7720.c and mos7840.c allows
      unprivileged users to read uninitialized stack memory, because the
      "reserved" member of the serial_icounter_struct struct declared on the
      stack is not altered or zeroed before being copied back to the user.
      This patch takes care of it.
      Signed-off-by: default avatarDan Rosenberg <dan.j.rosenberg@gmail.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      a0846f18
    • Ming Lei's avatar
      USB: otg: twl4030: fix phy initialization(v1) · fc8f2a76
      Ming Lei authored
      Commit 461c3177(into 2.6.36-v3)
      is put forward to power down phy if no usb cable is connected,
      but does introduce the two issues below:
      
      1), phy is not into work state if usb cable is connected
      with PC during poweron, so musb device mode is not usable
      in such case, follows the reasons:
      	-twl4030_phy_resume is not called, so
      		regulators are not enabled
      		i2c access are not enabled
      		usb mode not configurated
      
      2), The kernel warings[1] of regulators 'unbalanced disables'
      is caused if poweron without usb cable connected
      with PC or b-device.
      
      This patch fixes the two issues above:
      	-power down phy only if no usb cable is connected with PC
      and b-device
      	-do phy initialization(via __twl4030_phy_resume) if usb cable
      is connected with PC(vbus event) or another b-device(ID event) in
      twl4030_usb_probe.
      
      This patch also doesn't put VUSB3V1 LDO into active mode in
      twl4030_usb_ldo_init until VBUS/ID change detected, so we can
      save more power consumption than before.
      
      This patch is verified OK on Beagle board either connected with
      usb cable or not when poweron.
      
      [1]. warnings of 'unbalanced disables' of regulators.
      [root@OMAP3EVM /]# dmesg
      ------------[ cut here ]------------
      WARNING: at drivers/regulator/core.c:1357 _regulator_disable+0x38/0x128()
      unbalanced disables for VUSB1V8
      Modules linked in:
      Backtrace:
      [<c0030c48>] (dump_backtrace+0x0/0x110) from [<c034f5a8>] (dump_stack+0x18/0x1c)
       r7:c78179d8 r6:c01ed6b8 r5:c0410822 r4:0000054d
      [<c034f590>] (dump_stack+0x0/0x1c) from [<c0057da8>] (warn_slowpath_common+0x54/0x6c)
      [<c0057d54>] (warn_slowpath_common+0x0/0x6c) from [<c0057e64>] (warn_slowpath_fmt+0x38/0x40)
       r9:00000000 r8:00000000 r7:c78e6608 r6:00000000 r5:fffffffb
       r4:c78e6c00
      [<c0057e2c>] (warn_slowpath_fmt+0x0/0x40) from [<c01ed6b8>] (_regulator_disable+0x38/0x128)
       r3:c0410e53 r2:c0410ad5
      [<c01ed680>] (_regulator_disable+0x0/0x128) from [<c01ed87c>] (regulator_disable+0x24/0x38)
       r7:c78e6608 r6:00000000 r5:c78e6c40 r4:c78e6c00
      [<c01ed858>] (regulator_disable+0x0/0x38) from [<c02382dc>] (twl4030_phy_power+0x15c/0x17c)
       r5:c78595c0 r4:00000000
      [<c0238180>] (twl4030_phy_power+0x0/0x17c) from [<c023831c>] (twl4030_phy_suspend+0x20/0x2c)
       r6:00000000 r5:c78595c0 r4:c78595c0
      [<c02382fc>] (twl4030_phy_suspend+0x0/0x2c) from [<c0238638>] (twl4030_usb_irq+0x11c/0x16c)
       r5:c78595c0 r4:00000040
      [<c023851c>] (twl4030_usb_irq+0x0/0x16c) from [<c034ec18>] (twl4030_usb_probe+0x2c4/0x32c)
       r6:00000000 r5:00000000 r4:c78595c0
      [<c034e954>] (twl4030_usb_probe+0x0/0x32c) from [<c02152a0>] (platform_drv_probe+0x20/0x24)
       r7:00000000 r6:c047d49c r5:c78e6608 r4:c047d49c
      [<c0215280>] (platform_drv_probe+0x0/0x24) from [<c0214244>] (driver_probe_device+0xd0/0x190)
      [<c0214174>] (driver_probe_device+0x0/0x190) from [<c02143d4>] (__device_attach+0x44/0x48)
       r7:00000000 r6:c78e6608 r5:c78e6608 r4:c047d49c
      [<c0214390>] (__device_attach+0x0/0x48) from [<c0213694>] (bus_for_each_drv+0x50/0x90)
       r5:c0214390 r4:00000000
      [<c0213644>] (bus_for_each_drv+0x0/0x90) from [<c0214474>] (device_attach+0x70/0x94)
       r6:c78e663c r5:c78e6608 r4:c78e6608
      [<c0214404>] (device_attach+0x0/0x94) from [<c02134fc>] (bus_probe_device+0x2c/0x48)
       r7:00000000 r6:00000002 r5:c78e6608 r4:c78e6600
      [<c02134d0>] (bus_probe_device+0x0/0x48) from [<c0211e48>] (device_add+0x340/0x4b4)
      [<c0211b08>] (device_add+0x0/0x4b4) from [<c021597c>] (platform_device_add+0x110/0x16c)
      [<c021586c>] (platform_device_add+0x0/0x16c) from [<c0220cb0>] (add_numbered_child+0xd8/0x118)
       r7:00000000 r6:c045f15c r5:c78e6600 r4:00000000
      [<c0220bd8>] (add_numbered_child+0x0/0x118) from [<c001c618>] (twl_probe+0x3a4/0x72c)
      [<c001c274>] (twl_probe+0x0/0x72c) from [<c02601ac>] (i2c_device_probe+0x7c/0xa4)
      [<c0260130>] (i2c_device_probe+0x0/0xa4) from [<c0214244>] (driver_probe_device+0xd0/0x190)
       r5:c7856e20 r4:c047c860
      [<c0214174>] (driver_probe_device+0x0/0x190) from [<c02143d4>] (__device_attach+0x44/0x48)
       r7:c7856e04 r6:c7856e20 r5:c7856e20 r4:c047c860
      [<c0214390>] (__device_attach+0x0/0x48) from [<c0213694>] (bus_for_each_drv+0x50/0x90)
       r5:c0214390 r4:00000000
      [<c0213644>] (bus_for_each_drv+0x0/0x90) from [<c0214474>] (device_attach+0x70/0x94)
       r6:c7856e54 r5:c7856e20 r4:c7856e20
      [<c0214404>] (device_attach+0x0/0x94) from [<c02134fc>] (bus_probe_device+0x2c/0x48)
       r7:c7856e04 r6:c78fd048 r5:c7856e20 r4:c7856e20
      [<c02134d0>] (bus_probe_device+0x0/0x48) from [<c0211e48>] (device_add+0x340/0x4b4)
      [<c0211b08>] (device_add+0x0/0x4b4) from [<c0211fd8>] (device_register+0x1c/0x20)
      [<c0211fbc>] (device_register+0x0/0x20) from [<c0260aa8>] (i2c_new_device+0xec/0x150)
       r5:c7856e00 r4:c7856e20
      [<c02609bc>] (i2c_new_device+0x0/0x150) from [<c0260dc0>] (i2c_register_adapter+0xa0/0x1c4)
       r7:00000000 r6:c78fd078 r5:c78fd048 r4:c781d5c0
      [<c0260d20>] (i2c_register_adapter+0x0/0x1c4) from [<c0260f80>] (i2c_add_numbered_adapter+0x9c/0xb4)
       r7:00000a28 r6:c04600a8 r5:c78fd048 r4:00000000
      [<c0260ee4>] (i2c_add_numbered_adapter+0x0/0xb4) from [<c034efa4>] (omap_i2c_probe+0x324/0x3e8)
       r5:00000000 r4:c78fd000
      [<c034ec80>] (omap_i2c_probe+0x0/0x3e8) from [<c02152a0>] (platform_drv_probe+0x20/0x24)
      [<c0215280>] (platform_drv_probe+0x0/0x24) from [<c0214244>] (driver_probe_device+0xd0/0x190)
      [<c0214174>] (driver_probe_device+0x0/0x190) from [<c021436c>] (__driver_attach+0x68/0x8c)
       r7:c78b2140 r6:c047e214 r5:c04600e4 r4:c04600b0
      [<c0214304>] (__driver_attach+0x0/0x8c) from [<c021399c>] (bus_for_each_dev+0x50/0x84)
       r7:c78b2140 r6:c047e214 r5:c0214304 r4:00000000
      [<c021394c>] (bus_for_each_dev+0x0/0x84) from [<c0214068>] (driver_attach+0x20/0x28)
       r6:c047e214 r5:c047e214 r4:c00270d0
      [<c0214048>] (driver_attach+0x0/0x28) from [<c0213274>] (bus_add_driver+0xa8/0x228)
      [<c02131cc>] (bus_add_driver+0x0/0x228) from [<c02146a4>] (driver_register+0xb0/0x13c)
      [<c02145f4>] (driver_register+0x0/0x13c) from [<c0215744>] (platform_driver_register+0x4c/0x60)
       r9:00000000 r8:c001f688 r7:00000013 r6:c005b6fc r5:c00083dc
      r4:c00270d0
      [<c02156f8>] (platform_driver_register+0x0/0x60) from [<c001f69c>] (omap_i2c_init_driver+0x14/0x1c)
      [<c001f688>] (omap_i2c_init_driver+0x0/0x1c) from [<c002c460>] (do_one_initcall+0xd0/0x1a4)
      [<c002c390>] (do_one_initcall+0x0/0x1a4) from [<c0008478>] (kernel_init+0x9c/0x154)
      [<c00083dc>] (kernel_init+0x0/0x154) from [<c005b6fc>] (do_exit+0x0/0x688)
       r5:c00083dc r4:00000000
      ---[ end trace 1b75b31a2719ed1d ]---
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Felipe Balbi <me@felipebalbi.com>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      fc8f2a76
    • Alek Du's avatar
      USB: EHCI: Disable langwell/penwell LPM capability · fc928250
      Alek Du authored
      We have to do so due to HW limitation.
      Signed-off-by: default avatarAlek Du <alek.du@intel.com>
      Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      
      fc928250
    • Mathias Nyman's avatar
      usb: musb_debugfs: don't use the struct file private_data field with seq_files · 024cfa59
      Mathias Nyman authored
      seq_files use the private_data field of a file struct for storing a seq_file structure,
      data should be stored in seq_file's own private field (e.g. file->private_data->private)
      Otherwise seq_release() will free the private data when the file is closed.
      Signed-off-by: default avatarMathias Nyman <mathias.nyman@nokia.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      024cfa59
    • Chris Wilson's avatar
      drm/i915: Hold a reference to the object whilst unbinding the eviction list · af626103
      Chris Wilson authored
      During heavy aperture thrashing we may be forced to wait upon several active
      objects during eviction. The active list may be the last reference to
      these objects and so the action of waiting upon one of them may cause
      another to be freed (and itself unbound). To prevent the object
      disappearing underneath us, we need to acquire and hold a reference
      whilst unbinding.
      
      This should fix the reported page refcount OOPS:
      
      kernel BUG at drivers/gpu/drm/i915/i915_gem.c:1444!
      ...
      RIP: 0010:[<ffffffffa0093026>]  [<ffffffffa0093026>] i915_gem_object_put_pages+0x25/0xf5 [i915]
      Call Trace:
       [<ffffffffa009481d>] i915_gem_object_unbind+0xc5/0x1a7 [i915]
       [<ffffffffa0098ab2>] i915_gem_evict_something+0x3bd/0x409 [i915]
       [<ffffffffa0027923>] ? drm_gem_object_lookup+0x27/0x57 [drm]
       [<ffffffffa0093bc3>] i915_gem_object_bind_to_gtt+0x1d3/0x279 [i915]
       [<ffffffffa0095b30>] i915_gem_object_pin+0xa3/0x146 [i915]
       [<ffffffffa0027948>] ? drm_gem_object_lookup+0x4c/0x57 [drm]
       [<ffffffffa00961bc>] i915_gem_do_execbuffer+0x50d/0xe32 [i915]
      Reported-by: default avatarShawn Starr <shawn.starr@rogers.com>
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=18902Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      af626103
    • Al Viro's avatar
      frv: double syscall restarts, syscall restart in sigreturn() · ed1cde68
      Al Viro authored
      We need to make sure that only the first do_signal() to be handled on
      the way out syscall will bother with syscall restarts; additionally, the
      check on the "signal has user handler" path had been wrong - compare
      with restart prevention in sigreturn()...
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ed1cde68
    • Al Viro's avatar
      frv: handling of restart into restart_syscall is fscked · 44c7afff
      Al Viro authored
      do_signal() should place the syscall number in gr7, not gr8 when
      handling ERESTART_WOULDBLOCK.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      44c7afff
    • Al Viro's avatar
      frv: avoid infinite loop of SIGSEGV delivery · ad0acab4
      Al Viro authored
      Use force_sigsegv() rather than force_sig(SIGSEGV, ...) as the former
      resets the SEGV handler pointer which will kill the process, rather than
      leaving it open to an infinite loop if the SEGV handler itself caused a
      SEGV signal.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ad0acab4
    • Al Viro's avatar
      frv: fix address verification holes in setup_frame/setup_rt_frame · 5f4ad04a
      Al Viro authored
      a) sa_handler might be maliciously set to point to kernel memory;
         blindly dereferencing it in FDPIC case is a Bad Idea(tm).
      
      b) I'm not sure you need that set_fs(USER_DS) there at all, but if you
         do, you'd better do it *before* checking the frame you've decided to
         use with access_ok(), lest sigaltstack() becomes a convenient
         roothole.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5f4ad04a
    • Al Viro's avatar
      frv: restart_block.fn needs to be reset on sigreturn · 20cd514d
      Al Viro authored
      Reset restart_block.fn on executing a sigreturn such that any currently
      pending system call restarts will be forced to return -EINTR.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      20cd514d
    • Hugh Dickins's avatar
      mm: further fix swapin race condition · 31c4a3d3
      Hugh Dickins authored
      Commit 4969c119 ("mm: fix swapin race condition") is now agreed to
      be incomplete.  There's a race, not very much less likely than the
      original race envisaged, in which it is further necessary to check that
      the swapcache page's swap has not changed.
      
      Here's the reasoning: cast in terms of reuse_swap_page(), but probably
      could be reformulated to rely on try_to_free_swap() instead, or on
      swapoff+swapon.
      
      A, faults into do_swap_page(): does page1 = lookup_swap_cache(swap1) and
      comes through the lock_page(page1).
      
      B, a racing thread of the same process, faults on the same address: does
      page1 = lookup_swap_cache(swap1) and now waits in lock_page(page1), but
      for whatever reason is unlucky not to get the lock any time soon.
      
      A carries on through do_swap_page(), a write fault, but cannot reuse the
      swap page1 (another reference to swap1).  Unlocks the page1 (but B
      doesn't get it yet), does COW in do_wp_page(), page2 now in that pte.
      
      C, perhaps the parent of A+B, comes in and write faults the same swap
      page1 into its mm, reuse_swap_page() succeeds this time, swap1 is freed.
      
      kswapd comes in after some time (B still unlucky) and swaps out some
      pages from A+B and C: it allocates the original swap1 to page2 in A+B,
      and some other swap2 to the original page1 now in C.  But does not
      immediately free page1 (actually it couldn't: B holds a reference),
      leaving it in swap cache for now.
      
      B at last gets the lock on page1, hooray! Is PageSwapCache(page1)? Yes.
      Is pte_same(*page_table, orig_pte)? Yes, because page2 has now been
      given the swap1 which page1 used to have.  So B proceeds to insert page1
      into A+B's page_table, though its content now belongs to C, quite
      different from what A wrote there.
      
      B ought to have checked that page1's swap was still swap1.
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      31c4a3d3
  5. 19 Sep, 2010 4 commits