Bug #11989: Suspend failure on NForce4-based boards due to chanes in
stop_machine
We should not access active.fnret outside the lock; in theory the next
stop_machine could overwrite it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Tested-by: "Rafael J. Wysocki" <rjw@sisk.pl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 0794469da3: ("ACPI: struct device -
replace bus_id with dev_name(), dev_set_name()") introduced a bug by
testing 'dev_name(ldev)' instead of 'ldev->bus' for NULL when printing
out the bus information.
So if ldev->bus was NULL, we'd oops.
Reported-and-tested-by: Bruno Prémont <bonbons@linux-vserver.org>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Len Brown <len.brown@intel.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: don't grab devices with no input
HID: fix radio-mr800 hidquirks
HID: fix kworld fm700 radio hidquirks
HID: fix start/stop cycle in usbhid driver
HID: use single threaded work queue for hid_compat
HID: map macbook keys for "Expose" and "Dashboard"
HID: support for new unibody macbooks
HID: fix locking in hidraw_open()
Inotify watch removals suck violently.
To kick the watch out we need (in this order) inode->inotify_mutex and
ih->mutex. That's fine if we have a hold on inode; however, for all
other cases we need to make damn sure we don't race with umount. We can
*NOT* just grab a reference to a watch - inotify_unmount_inodes() will
happily sail past it and we'll end with reference to inode potentially
outliving its superblock.
Ideally we just want to grab an active reference to superblock if we
can; that will make sure we won't go into inotify_umount_inodes() until
we are done. Cleanup is just deactivate_super().
However, that leaves a messy case - what if we *are* racing with
umount() and active references to superblock can't be acquired anymore?
We can bump ->s_count, grab ->s_umount, which will almost certainly wait
until the superblock is shut down and the watch in question is pining
for fjords. That's fine, but there is a problem - we might have hit the
window between ->s_active getting to 0 / ->s_count - below S_BIAS (i.e.
the moment when superblock is past the point of no return and is heading
for shutdown) and the moment when deactivate_super() acquires
->s_umount.
We could just do drop_super() yield() and retry, but that's rather
antisocial and this stuff is luser-triggerable. OTOH, having grabbed
->s_umount and having found that we'd got there first (i.e. that
->s_root is non-NULL) we know that we won't race with
inotify_umount_inodes().
So we could grab a reference to watch and do the rest as above, just
with drop_super() instead of deactivate_super(), right? Wrong. We had
to drop ih->mutex before we could grab ->s_umount. So the watch
could've been gone already.
That still can be dealt with - we need to save watch->wd, do idr_find()
and compare its result with our pointer. If they match, we either have
the damn thing still alive or we'd lost not one but two races at once,
the watch had been killed and a new one got created with the same ->wd
at the same address. That couldn't have happened in inotify_destroy(),
but inotify_rm_wd() could run into that. Still, "new one got created"
is not a problem - we have every right to kill it or leave it alone,
whatever's more convenient.
So we can use idr_find(...) == watch && watch->inode->i_sb == sb as
"grab it and kill it" check. If it's been our original watch, we are
fine, if it's a newcomer - nevermind, just pretend that we'd won the
race and kill the fscker anyway; we are safe since we know that its
superblock won't be going away.
And yes, this is far beyond mere "not very pretty"; so's the entire
concept of inotify to start with.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The file(s) below do not use LINUX_VERSION_CODE nor KERNEL_VERSION.
drivers/hwmon/lis3lv02d.c
This patch removes the said #include <version.h>.
Signed-off-by: Huang Weiyi <weiyi.huang@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'sh/for-2.6.28' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
serial: sh-sci: Reorder the SCxTDR write after the TDxE clear.
sh: __copy_user function can corrupt the stack in case of exception
sh: Fixed the TMU0 reload value on resume
sh: Don't factor in PAGE_OFFSET for valid_phys_addr_range() check.
sh: early printk port type fix
i2c: fix i2c-sh_mobile rx underrun
sh: Provide a sane valid_phys_addr_range() to prevent TLB reset with PMB.
usb: r8a66597-hcd: fix wrong data access in SuperH on-chip USB
fix sci type for SH7723
serial: sh-sci: fix cannot work SH7723 SCIFA
sh: Handle fixmap TLB eviction more coherently.
A common reason for device drivers to implement their own printk macros
is the lack of a printk prefix with the standard pr_xyz macros.
Introduce a pr_fmt() macro that is applied for every pr_xyz macro to the
format string.
The most common use of the pr_fmt macro would be to add the name of the
device driver to all pr_xyz messages in a source file.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6:
V4L/DVB (9624): CVE-2008-5033: fix OOPS on tvaudio when controlling bass/treble
V4L/DVB (9623): tvaudio: Improve debug msg by printing something more human
V4L/DVB (9622): tvaudio: Improve comments and remove a unneeded prototype
V4L/DVB (9621): Avoid writing outside shadow.bytes[] array
V4L/DVB (9620): tvaudio: use a direct reference for chip description
V4L/DVB (9619): tvaudio: update initial comments
V4L/DVB (9618): tvaudio: add additional logic to avoid OOPS
V4L/DVB (9617): tvtime: remove generic_checkmode callback
V4L/DVB (9616): tvaudio: cleanup - group all callbacks together
V4L/DVB (9615): tvaudio: instead of using a magic number, use ARRAY_SIZE
V4L/DVB (9613): tvaudio: fix a memory leak
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] dpt_i2o: fix transferred data length for scsi_set_resid()
[SCSI] scsi_error regression: Fix idempotent command handling
[SCSI] zfcp: Fix hexdump data in s390dbf traces
[SCSI] zfcp: fix erp timeout cleanup for port open requests
[SCSI] zfcp: Wait for port scan to complete when setting adapter online
[SCSI] zfcp: Fix cast warning
[SCSI] zfcp: Fix request list handling in error path
[SCSI] zfcp: fix mempool usage for status_read requests
[SCSI] zfcp: fix req_list_locking.
[SCSI] zfcp: Dont clear reference from SCSI device to unit
[SCSI] qla2xxx: Update version number to 8.02.01-k9.
[SCSI] qla2xxx: Return a FAILED status when abort mailbox-command fails.
[SCSI] qla2xxx: Do not honour max_vports from firmware for 2G ISPs and below.
[SCSI] qla2xxx: Use pci_disable_rom() to manipulate PCI config space.
[SCSI] qla2xxx: Correct Atmel flash-part handling.
[SCSI] megaraid: fix mega_internal_command oops
This reverts commit e51af66308, which was
wrongly hoovered up and submitted about a month after a better fix had
already been merged.
The better fix is commit cbda1ba898
("PCI/iommu: blacklist DMAR on Intel G31/G33 chipsets"), where we do
this blacklisting based on the DMI identification for the offending
motherboard, since sometimes this chipset (or at least a chipset with
the same PCI ID) apparently _does_ actually have an IOMMU.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins reported show_page_path() is buggy and unsafe because
- lack dput() against d_find_alias()
- don't concern vma->vm_mm->owner == NULL
- lack lock_page()
it was only for debugging, so rather than trying to fix it, just remove
it now.
Reported-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
CC: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
CC: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
m68k allmodconfig:
| drivers/misc/c2port/core.c: In function 'c2port_reset':
| drivers/misc/c2port/core.c:73: error: dereferencing pointer to incomplete type
| drivers/misc/c2port/core.c: In function 'c2port_strobe_ck':
| drivers/misc/c2port/core.c:91: error: dereferencing pointer to incomplete type
Include <linux/sched.h> to fix it, as m68k's local_irq_enable() needs to know
about struct task_struct.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
commit 69961c3752 ("[PATCH] m68k/Atari:
Interrupt updates") added a BUG_ON() with an incorrect upper bound
comparison, which causes an early crash on VME boards, where IRQ_USER is
8, cnt is 192 and NR_IRQS is 200.
Reported-by: Stephen N Chivers <schivers@csc.com.au>
Tested-by: Kars de Jong <jongk@linux-m68k.org>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
We don't want to get rid of the futexes just at exit() time, we want to
drop them when doing an execve() too, since that gets rid of the
previous VM image too.
Doing it at mm_release() time means that we automatically always do it
when we disassociate a VM map from the task.
Reported-by: pageexec@freemail.hu
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Brad Spengler <spender@grsecurity.net>
Cc: Alex Efros <powerman@powerman.name>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
dpt_i2o.c::adpt_i2o_to_scsi() reads the value at (reply+5) which
should contain the length in bytes of the transferred data. This
would be correct if reply was a u32 *. However it is a void * here,
so we need to read the value at (reply+20) instead.
The value at (reply+5) is usually 0xff0000, which is apparently
'large enough' and didn't cause any trouble until 2.6.27 where
commit 427e59f09f
Author: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: Sat Mar 8 18:24:17 2008 -0600
[SCSI] make use of the residue value
caused this to become visible through e.g. iostat -x .
Signed-off-by: Miquel van Smoorenburg <mikevs@xs4all.net>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Currently libata uses four methods to detect device presence.
1. PHY status if available.
2. TF register R/W test (only promotes presence, never demotes)
3. device signature after reset
4. IDENTIFY failure detection in SFF state machine
Combination of the above works well in most cases but recently there
have been a few reports where a phantom device causes unnecessary
delay during probe. In both cases, PHY status wasn't available. In
one case, it passed #2 and #3 and failed IDENTIFY with ATA_ERR which
didn't qualify as #4. The other failed #2 but as it passed #3 and #4,
it still caused failure.
In both cases, phantom device reported diagnostic failure, so these
cases can be safely worked around by considering any !ATA_DRQ IDENTIFY
failure as NODEV_HINT if diagnostic failure is set.
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
linux-next:
Make 9p's RDMA option depend on INET since it uses Infiniband rdma_*
functions and that code depends on INET. Otherwise 9p can try to
use symbols which don't exist.
ERROR: "rdma_destroy_id" [net/9p/9pnet_rdma.ko] undefined!
ERROR: "rdma_connect" [net/9p/9pnet_rdma.ko] undefined!
ERROR: "rdma_create_id" [net/9p/9pnet_rdma.ko] undefined!
ERROR: "rdma_create_qp" [net/9p/9pnet_rdma.ko] undefined!
ERROR: "rdma_resolve_route" [net/9p/9pnet_rdma.ko] undefined!
ERROR: "rdma_disconnect" [net/9p/9pnet_rdma.ko] undefined!
ERROR: "rdma_resolve_addr" [net/9p/9pnet_rdma.ko] undefined!
I used an if/endif block so that the menu items would remain
presented together.
Also correct an article adjective.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Create Documentation/blockdev/ sub-directory and populate it.
Populate the Documentation/serial/ sub-directory.
Move MSI-HOWTO.txt to Documentation/PCI/.
Move ioctl-number.txt to Documentation/ioctl/.
Update all relevant 00-INDEX files.
Update all relevant Kconfig files and source files.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
The uname system call for 64 bit compares current->personality without
masking the upper 16 bits. If e.g. READ_IMPLIES_EXEC is set the result
of a uname system call will always be s390x even if the process uses
the s390 personality.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The logging of sense data for fatal errors was accidentally removed
during Hyper PAV implementation.
Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
cpu_coregroup_map used to grab a mutex on s390 since it was only
called from process context.
Since c7c22e4d5c "block: add support
for IO CPU affinity" this is not true anymore.
It now also gets called from softirq context.
To prevent possible deadlocks change this in architecture code and
use a spinlock instead of a mutex.
Cc: stable@kernel.org
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
In ccw_device_move_to_orphanage(), a replacing ccw_device
is searched via get_{disc,orphaned}_ccwdev_by_dev_id()
which obtain a reference on the returned ccw_device.
This reference must be given up again after the device
has been moved to its new parent.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
With CONFIG_IRQSOFF_TRACER the trace_hardirqs_off() function includes
a call to __builtin_return_address(1). But we calltrace_hardirqs_off()
from early entry code. There we have just a single stack frame.
So this results in a kernel stack backchain walk that would walk beyond
the kernel stack. Following the NULL terminated backchain this results
in a lowcore read access.
To fix this we simply call trace_hardirqs_off_caller() and pass the
current instruction pointer.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Disable tracing on idle psw. Otherwise it would give us huge
preempt off times for idle. Which is rather pointless.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
arch/s390/kernel/built-in.o: In function `cleanup_io_leave_insn':
mem_detect.c:(.text+0x10592): undefined reference to `lockdep_sys_exit'
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The current virtio model on s390 has the descriptor page above the main
memory. The guest virtio detection will oops if the mem= parameter is
used to reduce/change the memory size.
We have to use real_memory_size instead of max_pfn to detect the virtio
descriptor pages.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
add_active_range() expects start_pfn + size as end_pfn value, i.e. not
the pfn of the last page frame but the one behind that.
We used the pfn of the last page frame so far, which can lead to a
BUG_ON in move_freepages(), when the kernelcore parameter is specified
(page_zone(start_page) != page_zone(end_page)).
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Before the patch, the used ioctl were printed as an hexadecimal code,
hard to be understand without consulting the way _IO macros work.
Instead, use the V4L default handler for printing such errors into a way
that would be easier to understand.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Some comments are not clear enough. Improve it to allow a better
understanding of the driver behavior.
While there, remove an unneeded struct prototype.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
There were no check about the limits of shadow.bytes array. This offers
a risk of writing values outside the limits, overriding other data
areas.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Instead of storing the pointer for the proper entry at chip description
table, the driver were storing an indirect reference, by using an index.
Better to reference directly the data.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
A driver used on several bttv boards since 2000 is not experimental
anymore ;) Remove it from the comments.
While there, update copyrights addind a quick note about the "recent"
updates since 2005.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
This patch checks for volume, bass, treble, set mode and get mode
callbacks before actually enabling the code that would use them.
Instead of aborting the driver for load, this patch will allow it to
load with a reduced number of functionatities.
This prevents OOPS if some board entry is missing a needed callback.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
generic_checkmode() were called, via a callback, for some tvaudio chips.
There's just one callback code used on all those boards. So, it makes no
sense on keeping this as a callback.
Since there were some OOPS reported on tvaudio on kerneloops.org, this
patch removes this callback, adding the code at the only place were it
is called: inside chip_tread. A flag were added to indicate the need for
a kernel thread to set stereo mode on cards that needs it.
Using this more direct approach simplifies the code, making it more
robust against human errors.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Some devices have no input interrupt endpoint. These won't be handled
by usbhid, but currently they are not refused and reside on hid bus.
Perform this checking earlier so that we refuse to control such
a device early enough (and not pass it to the hid bus at all).
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (25 commits)
USB: net: asix: add support for Cables-to-Go USB Ethernet adapter
USB: gadget: cdc-acm deadlock fix
USB: EHCI: fix divide-by-zero bug
USB: EHCI: fix handling of dead controllers
usb: r8a66597-hcd: fix wrong data access in SuperH on-chip USB
ub: stub pre_reset and post_reset to fix oops
USB: SISUSB2VGA driver: add 0x0711, 0x0903
usb: unusual devs patch for Nokia 7610 Supernova
USB: remove optional bus bindings in isp1760, fixing runtime warning
+ usb-serial-cp2101-add-enfora-gsm2228.patch added to -mm tree
USB: storage: adjust comment in Kconfig
USB: Fix PS3 USB shutdown problems
USB: unusual_devs entry for Argosy USB mass-storage interface
USB: cdc-acm.c: fix recursive lock in acm_start_wb error path
USB: CP2101 Add device ID for AMB2560
USB: mention URB_FREE_BUFFER in usb_free_urb documentation
USB: Add YISO u893 usb modem vendor and product IDs to option driver
usb: musb: fix BULK request on different available endpoints
usb: musb: fix debug global variable name
usb: musb: Removes compilation warning in gadget mode
...
dm_any_congested() just checks for the DMF_BLOCK_IO and has no
code to make sure that suspend waits for dm_any_congested() to
complete. This patch adds such a check.
Without it, a race can occur with dm_table_put() attempting to
destroying the table in the wrong thread, the one running
dm_any_congested() which is meant to be quick and return
immediately.
Two examples of problems:
1. Sleeping functions called from congested code, the caller
of which holds a spin lock.
2. An ABBA deadlock between pdflush and multipathd. The two locks
in contention are inode lock and kernel lock.
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>