- 19 Oct, 2010 1 commit
-
-
Darren Hart authored
futex_wait() is leaking key references due to futex_wait_setup() acquiring an additional reference via the queue_lock() routine. The nested key ref-counting has been masking bugs and complicating code analysis. queue_lock() is only called with a previously ref-counted key, so remove the additional ref-counting from the queue_(un)lock() functions. Also futex_wait_requeue_pi() drops one key reference too many in unqueue_me_pi(). Remove the key reference handling from unqueue_me_pi(). This was paired with a queue_lock() in futex_lock_pi(), so the count remains unchanged. Document remaining nested key ref-counting sites. Signed-off-by: Darren Hart <dvhart@linux.intel.com> Reported-and-tested-by: Matthieu Fertré<matthieu.fertre@kerlabs.com> Reported-by: Louis Rilling<louis.rilling@kerlabs.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: John Kacur <jkacur@redhat.com> Cc: Rusty Russell <rusty@rustcorp.com.au> LKML-Reference: <4CBB17A8.70401@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@kernel.org
-
- 17 Oct, 2010 2 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6Linus Torvalds authored
* 'fix/misc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: rawmidi: fix oops (use after free) when unloading a driver module
-
Clemens Ladisch authored
When a driver module is unloaded and the last still open file is a raw MIDI device, the card and its devices will be actually freed in the snd_card_file_remove() call when that file is closed. Afterwards, rmidi and rmidi->card point into freed memory, so the module pointer is likely to be garbage. (This was introduced by commit 9a1b64ca.) Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Reported-by: Krzysztof Foltman <wdev@foltman.com> Cc: 2.6.30-2.6.35 <stable@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
- 16 Oct, 2010 4 commits
-
-
Kyle McMartin authored
Fixes build for me... these are what's tested in byteorder.h... Signed-off-by: Kyle McMartin <kyle@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Kyle McMartin authored
Signed-off-by: Kyle McMartin <kyle@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Kyle McMartin authored
Signed-off-by: Kyle McMartin <kyle@redhat.com> Acked-by: Al "my fuckup" Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Kyle McMartin authored
Commit a7f8388e accidentally removed it... Al explains: "Sorry, reordering breakage. In the signals tree here I have static inline void sig_set_blocked(struct sigset_t *set) ... and it's used all over the place (including quite a few places where we currently have sigprocmask(SIG_SETMASK, set, NULL), which is what it's equivalent to). With that done, m32r doesn't use _BLOCKABLE anywhere, so it got removed. And that chunk got picked when I'd been reordering the queue to pull the arch-specific fixes in front. Sorry." Signed-off-by: Kyle McMartin <kyle@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 15 Oct, 2010 10 commits
-
-
Eric Paris authored
We currently have a kernel internal type called aligned_u64 which aligns __u64's on 8 bytes boundaries even on systems which would normally align them on 4 byte boundaries. This patch creates a new type __aligned_u64 which does the same thing but which is exposed to userspace rather than being kernel internal. [akpm: merge early as both the net and audit trees want this] [akpm@linux-foundation.org: enhance the comment describing the reasons for using aligned_u64. Via Andreas and Andi.] Based-on-patch-by: Andreas Gruenbacher <agruen@suse.de> Signed-off-by: Eric Paris <eparis@redhat.com> Cc: Jan Engelhardt <jengelh@medozas.de> Cc: David Miller <davem@davemloft.net> Cc: Andi Kleen <andi@firstfloor.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
FUJITA Tomonori authored
Fix a build error introduced by d6d1b650 ("param: simple locking for sysfs-writable charp parameters"). CC arch/um/kernel/trap.o arch/um/drivers/hostaudio_kern.c: In function 'hostaudio_open': arch/um/drivers/hostaudio_kern.c:204: error: '__param_dsp' undeclared (first use in this function) arch/um/drivers/hostaudio_kern.c:204: error: (Each undeclared identifier is reported only once arch/um/drivers/hostaudio_kern.c:204: error: for each function it appears in.) arch/um/drivers/hostaudio_kern.c: In function 'hostmixer_open_mixdev': arch/um/drivers/hostaudio_kern.c:265: error: '__param_mixer' undeclared (first use in this function) arch/um/drivers/hostaudio_kern.c:272: error: '__param_dsp' undeclared (first use in this function) Reported-by: Toralf Förster <toralf.foerster@gmx.de> Tested-by: Toralf Förster <toralf.foerster@gmx.de> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Takashi Iwai <tiwai@suse.de> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Eric Dumazet authored
sysctl check complains with a WARN() when proc_doulongvec_minmax() or proc_doulongvec_ms_jiffies_minmax() are used by a vector of longs (with more than one element), with no min or max value specified. This is unexpected, given we had a bug on this min/max handling :) Reported-by: Jiri Slaby <jirislaby@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: David Miller <davem@davemloft.net> Acked-by: WANG Cong <xiyou.wangcong@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmcLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: mmc: sdio: fix SDIO suspend/resume regression
-
Ohad Ben-Cohen authored
Fix SDIO suspend/resume regression introduced by 4c2ef25f "mmc: fix all hangs related to mmc/sd card insert/removal during suspend/resume": PM: Syncing filesystems ... done. Freezing user space processes ... (elapsed 0.01 seconds) done. Freezing remaining freezable tasks ... (elapsed 0.01 seconds) done. Suspending console(s) (use no_console_suspend to debug) pm_op(): platform_pm_suspend+0x0/0x5c returns -38 PM: Device pxa2xx-mci.0 failed to suspend: error -38 PM: Some devices failed to suspend 4c2ef25f moved the card removal/insertion mechanism out of MMC's suspend/resume path and into pm notifiers (mmc_pm_notify), and that broke SDIO's expectation that mmc_suspend_host() will remove the card, and squash the error, in case -ENOSYS is returned from the bus suspend handler (mmc_sdio_suspend() in this case). mmc_sdio_suspend() is using this whenever at least one of the card's SDIO function drivers does not have suspend/resume handlers - in that case it is agreed to force removal of the entire card. This patch fixes this regression by trivially bringing back that part of mmc_suspend_host(), which was removed by 4c2ef25f. Reported-and-tested-by: Sven Neumann <s.neumann@raumfeld.com> Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com> Cc: Maxim Levitsky <maximlevitsky@gmail.com> Cc: <stable@kernel.org> Acked-by: Nicolas Pitre <nico@fluxnic.net> Signed-off-by: Chris Ball <cjb@laptop.org>
-
Linus Torvalds authored
Merge branch 'timers-for-linus-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'timers-for-linus-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: hrtimer: Preserve timer state in remove_hrtimer()
-
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hidLinus Torvalds authored
* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: Add Cando touch screen 15.6-inch product id HID: Add MULTI_INPUT quirk for turbox/mosart touchscreen HID: hidraw, fix a NULL pointer dereference in hidraw_write HID: hidraw, fix a NULL pointer dereference in hidraw_ioctl
-
git://git.kernel.dk/linux-2.6-blockLinus Torvalds authored
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: ubd: fix incorrect sector handling during request restart ps3disk: passing wrong variable to bvec_kunmap_irq()
-
Tejun Heo authored
Commit f81f2f7c (ubd: drop unnecessary rq->sector manipulation) dropped request->sector manipulation in preparation for global request handling cleanup; unfortunately, it incorrectly assumed that the updated sector wasn't being used. ubd tries to issue as many requests as possible to io_thread. When issuing fails due to memory pressure or other reasons, the device is put on the restart list and issuing stops. On IO completion, devices on the restart list are scanned and IO issuing is restarted. ubd issues IOs sg-by-sg and issuing can be stopped in the middle of a request, so each device on the restart queue needs to remember where to restart in its current request. ubd needs to keep track of the issue position itself because, * blk_rq_pos(req) is now updated by the block layer to keep track of _completion_ position. * Multiple io_req's for the current request may be in flight, so it's difficult to tell where blk_rq_pos(req) currently is. Add ubd->rq_pos to keep track of the issue position and use it to correctly restart io_req issue. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Richard Weinberger <richard@nod.at> Tested-by: Richard Weinberger <richard@nod.at> Tested-by: Chris Frey <cdfrey@foursquare.net> Cc: stable@kernel.org Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
-
Linus Torvalds authored
If you build aout support as a module, you'll want these exported. Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 14 Oct, 2010 5 commits
-
-
Linus Torvalds authored
-
Linus Torvalds authored
Tony Luck reports that the addition of the access_ok() check in commit 0eead9ab ("Don't dump task struct in a.out core-dumps") broke the ia64 compile due to missing the necessary header file includes. Rather than add yet another include (<asm/unistd.h>) to make everything happy, just uninline the silly core dump helper functions and move the bodies to fs/exec.c where they make a lot more sense. dump_seek() in particular was too big to be an inline function anyway, and none of them are in any way performance-critical. And we really don't need to mess up our include file headers more than they already are. Reported-and-tested-by: Tony Luck <tony.luck@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: ehea: Fix a checksum issue on the receive path net: allow FEC driver to use fixed PHY support tg3: restore rx_dropped accounting b44: fix carrier detection on bind net: clear heap allocations for privileged ethtool actions NET: wimax, fix use after free ATM: iphase, remove sleep-inside-atomic ATM: mpc, fix use after free ATM: solos-pci, remove use after free net/fec: carrier off initially to avoid root mount failure r8169: use device model DMA API r8169: allocate with GFP_KERNEL flag when able to sleep
-
Linus Torvalds authored
akiphie points out that a.out core-dumps have that odd task struct dumping that was never used and was never really a good idea (it goes back into the mists of history, probably the original core-dumping code). Just remove it. Also do the access_ok() check on dump_write(). It probably doesn't matter (since normal filesystems all seem to do it anyway), but he points out that it's normally done by the VFS layer, so ... [ I suspect that we should possibly do "vfs_write()" instead of calling ->write directly. That also does the whole fsnotify and write statistics thing, which may or may not be a good idea. ] And just to be anal, do this all for the x86-64 32-bit a.out emulation code too, even though it's not enabled (and won't currently even compile) Reported-by: akiphie <akiphie@lavabit.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Salman Qazi authored
The race is described as follows: CPU X CPU Y remove_hrtimer // state & QUEUED == 0 timer->state = CALLBACK unlock timer base timer->f(n) //very long hrtimer_start lock timer base remove_hrtimer // no effect hrtimer_enqueue timer->state = CALLBACK | QUEUED unlock timer base hrtimer_start lock timer base remove_hrtimer mode = INACTIVE // CALLBACK bit lost! switch_hrtimer_base CALLBACK bit not set: timer->base changes to a different CPU. lock this CPU's timer base The bug was introduced with commit ca109491 (hrtimer: removing all ur callback modes) in 2.6.29 [ tglx: Feed new state via local variable and add a comment. ] Signed-off-by: Salman Qazi <sqazi@google.com> Cc: akpm@linux-foundation.org Cc: Peter Zijlstra <peterz@infradead.org> LKML-Reference: <20101012142351.8485.21823.stgit@dungbeetle.mtv.corp.google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@kernel.org
-
- 13 Oct, 2010 12 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_txLinus Torvalds authored
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx: ioat2: fix performance regression
-
git://linux-nfs.org/~bfields/linuxLinus Torvalds authored
* 'for-2.6.36' of git://linux-nfs.org/~bfields/linux: nfsd: fix BUG at fs/nfsd/nfsfh.h:199 on unlink
-
Linus Torvalds authored
Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: ring-buffer: Fix typo of time extends per page perf, MIPS: Support cross compiling of tools/perf for MIPS perf: Fix incorrect copy_from_user() usage
-
Linus Torvalds authored
* master.kernel.org:/home/rmk/linux-2.6-arm: ARM: relax ioremap prohibition (309caa9c) for -final and -stable ARM: 6440/1: ep93xx: DMA: fix channel_disable cpuimx27: fix i2c bus selection cpuimx27: fix compile when ULPI is selected ARM: 6435/1: Fix HWCAP_TLS flag for ARM11MPCore/Cortex-A9 ARM: 6436/1: AT91: Fix power-saving in idle-mode on 926T processors ARM: fix section mismatch warnings in Versatile Express ARM: 6412/1: kprobes-decode: add support for MOVW instruction ARM: 6419/1: mmu: Fix MT_MEMORY and MT_MEMORY_NONCACHED pte flags ARM: 6416/1: errata: faulty hazard checking in the Store Buffer may lead to data corruption
-
Linus Torvalds authored
Merge branch 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6 * 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6: omap: iommu-load cam register before flushing the entry
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6Linus Torvalds authored
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/radeon/kms: Silent spurious error message drm/radeon/kms: fix bad cast/shift in evergreen.c drm/radeon/kms: make TV/DFP table info less verbose drm/radeon/kms: leave certain CP int bits enabled drm/radeon/kms: avoid corner case issue with unmappable vram V2
-
Linus Torvalds authored
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86, numa: For each node, register the memory blocks actually used x86, AMD, MCE thresholding: Fix the MCi_MISCj iteration order x86, mce, therm_throt.c: Fix missing curly braces in error handling logic
-
Dan Williams authored
Commit 07934481 "DMAENGINE: generic channel status v2" changed the interface for how dma channel progress is retrieved. It inadvertently exported an internal helper function ioat_tx_status() instead of ioat_dma_tx_status(). The latter polls the hardware to get the latest completion state, while the helper just evaluates the current state without touching hardware. The effect is that we end up waiting for completion timeouts or descriptor allocation errors before the completion state is updated. iperf (before fix): [SUM] 0.0-41.3 sec 364 MBytes 73.9 Mbits/sec iperf (after fix): [SUM] 0.0- 4.5 sec 499 MBytes 940 Mbits/sec This is a regression starting with 2.6.35. Cc: <stable@kernel.org> Cc: Dave Jiang <dave.jiang@intel.com> Cc: Jesse Brandeburg <jesse.brandeburg@intel.com> Cc: Linus Walleij <linus.walleij@stericsson.com> Cc: Maciej Sosnowski <maciej.sosnowski@intel.com> Reported-by: Richard Scobie <richard@sauce.co.nz> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
-
Breno Leitao authored
Currently we set all skbs with CHECKSUM_UNNECESSARY, even those whose protocol we don't know. This patch just add the CHECKSUM_COMPLETE tag for non TCP/UDP packets. Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com> Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
J. Bruce Fields authored
As of commit 43a9aa64 "NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and MKDIR", we sometimes call fh_unlock on a filehandle that isn't fully initialized. We should fix up the callers, but as a quick fix it is also sufficient just to remove this assertion. Reported-by: Marius Tolzmann <tolzmann@molgen.mpg.de> Cc: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-
Greg Ungerer authored
At least one board using the FEC driver does not have a conventional PHY attached to it, it is directly connected to a somewhat simple ethernet switch (the board is the SnapGear/LITE, and the attached 4-port ethernet switch is a RealTek RTL8305). This switch does not present the usual register interface of a PHY, it presents nothing. So a PHY scan will find nothing - it finds ID's of 0 for each PHY on the attached MII bus. After the FEC driver was changed to use phylib for supporting PHYs it no longer works on this particular board/switch setup. Add code support to use a fixed phy if no PHY is found on the MII bus. This is based on the way the cpmac.c driver solved this same problem. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
François Jaouen authored
This add the product id of the touch screen found on ACER Aspire 5738PZ. Works with hid-cando driver. Signed-off-by: Francois Jaouen<francois.jaouen@laposte.net> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
- 12 Oct, 2010 6 commits
-
-
Russell King authored
... but produce a big warning about the problem as encouragement for people to fix their drivers. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
-
Mika Westerberg authored
When channel_disable() is called, it disables per channel interrupts and waits until channels state becomes STATE_STALL, and then disables the channel. Now, if the DMA transfer is disabled while the channel is in STATE_NEXT we will not wait anything and disable the channel immediately. This seems to cause weird data corruption for example in audio transfers. Fix is to wait while we are in STATE_NEXT or STATE_ON and only then disable the channel. Signed-off-by: Mika Westerberg <mika.westerberg@iki.fi> Acked-by: Ryan Mallon <ryan@bluewatersys.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
Dan Carpenter authored
This should pass "buf" to bvec_kunmap_irq() instead of "bv". The api is like kmap_atomic() instead of kmap(). Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
* 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: Move TSC reset out of vmcb_init KVM: x86: Fix SVM VMCB reset
-
Steven Rostedt authored
Time stamps for the ring buffer are created by the difference between two events. Each page of the ring buffer holds a full 64 bit timestamp. Each event has a 27 bit delta stamp from the last event. The unit of time is nanoseconds, so 27 bits can hold ~134 milliseconds. If two events happen more than 134 milliseconds apart, a time extend is inserted to add more bits for the delta. The time extend has 59 bits, which is good for ~18 years. Currently the time extend is committed separately from the event. If an event is discarded before it is committed, due to filtering, the time extend still exists. If all events are being filtered, then after ~134 milliseconds a new time extend will be added to the buffer. This can only happen till the end of the page. Since each page holds a full timestamp, there is no reason to add a time extend to the beginning of a page. Time extends can only fill a page that has actual data at the beginning, so there is no fear that time extends will fill more than a page without any data. When reading an event, a loop is made to skip over time extends since they are only used to maintain the time stamp and are never given to the caller. As a paranoid check to prevent the loop running forever, with the knowledge that time extends may only fill a page, a check is made that tests the iteration of the loop, and if the iteration is more than the number of time extends that can fit in a page a warning is printed and the ring buffer is disabled (all of ftrace is also disabled with it). There is another event type that is called a TIMESTAMP which can hold 64 bits of data in the theoretical case that two events happen 18 years apart. This code has not been implemented, but the name of this event exists, as well as the structure for it. The size of a TIMESTAMP is 16 bytes, where as a time extend is only 8 bytes. The macro used to calculate how many time extends can fit on a page used the TIMESTAMP size instead of the time extend size cutting the amount in half. The following test case can easily trigger the warning since we only need to have half the page filled with time extends to trigger the warning: # cd /sys/kernel/debug/tracing/ # echo function > current_tracer # echo 'common_pid < 0' > events/ftrace/function/filter # echo > trace # echo 1 > trace_marker # sleep 120 # cat trace Enabling the function tracer and then setting the filter to only trace functions where the process id is negative (no events), then clearing the trace buffer to ensure that we have nothing in the buffer, then write to trace_marker to add an event to the beginning of a page, sleep for 2 minutes (only 35 seconds is probably needed, but this guarantees the bug), and then finally reading the trace which will trigger the bug. This patch fixes the typo and prevents the false positive of that warning. Reported-by: Hans J. Koch <hjk@linutronix.de> Tested-by: Hans J. Koch <hjk@linutronix.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Stable Kernel <stable@kernel.org> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
-