platform/kernel/linux-rpi.git
14 years agox86, cacheinfo: Turn off L3 cache index disable feature in virtualized environments
Frank Arnold [Thu, 22 Apr 2010 14:06:59 +0000 (16:06 +0200)]
x86, cacheinfo: Turn off L3 cache index disable feature in virtualized environments

When running a quest kernel on xen we get:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
IP: [<ffffffff8142f2fb>] cpuid4_cache_lookup_regs+0x2ca/0x3df
PGD 0
Oops: 0000 [#1] SMP
last sysfs file:
CPU 0
Modules linked in:

Pid: 0, comm: swapper Tainted: G        W  2.6.34-rc3 #1 /HVM domU
RIP: 0010:[<ffffffff8142f2fb>]  [<ffffffff8142f2fb>] cpuid4_cache_lookup_regs+0x
2ca/0x3df
RSP: 0018:ffff880002203e08  EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000060
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000000
RBP: ffff880002203ed8 R08: 00000000000017c0 R09: ffff880002203e38
R10: ffff8800023d5d40 R11: ffffffff81a01e28 R12: ffff880187e6f5c0
R13: ffff880002203e34 R14: ffff880002203e58 R15: ffff880002203e68
FS:  0000000000000000(0000) GS:ffff880002200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000038 CR3: 0000000001a3c000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffffffff81a00000, task ffffffff81a44020)
Stack:
 ffffffff810d7ecb ffff880002203e20 ffffffff81059140 ffff880002203e30
<0> ffffffff810d7ec9 0000000002203e40 000000000050d140 ffff880002203e70
<0> 0000000002008140 0000000000000086 ffff880040020140 ffffffff81068b8b
Call Trace:
 <IRQ>
 [<ffffffff810d7ecb>] ? sync_supers_timer_fn+0x0/0x1c
 [<ffffffff81059140>] ? mod_timer+0x23/0x25
 [<ffffffff810d7ec9>] ? arm_supers_timer+0x34/0x36
 [<ffffffff81068b8b>] ? hrtimer_get_next_event+0xa7/0xc3
 [<ffffffff81058e85>] ? get_next_timer_interrupt+0x19a/0x20d
 [<ffffffff8142fa23>] get_cpu_leaves+0x5c/0x232
 [<ffffffff8106a7b1>] ? sched_clock_local+0x1c/0x82
 [<ffffffff8106a9a0>] ? sched_clock_tick+0x75/0x7a
 [<ffffffff8107748c>] generic_smp_call_function_single_interrupt+0xae/0xd0
 [<ffffffff8101f6ef>] smp_call_function_single_interrupt+0x18/0x27
 [<ffffffff8100a773>] call_function_single_interrupt+0x13/0x20
 <EOI>
 [<ffffffff8143c468>] ? notifier_call_chain+0x14/0x63
 [<ffffffff810295c6>] ? native_safe_halt+0xc/0xd
 [<ffffffff810114eb>] ? default_idle+0x36/0x53
 [<ffffffff81008c22>] cpu_idle+0xaa/0xe4
 [<ffffffff81423a9a>] rest_init+0x7e/0x80
 [<ffffffff81b10dd2>] start_kernel+0x40e/0x419
 [<ffffffff81b102c8>] x86_64_start_reservations+0xb3/0xb7
 [<ffffffff81b103c4>] x86_64_start_kernel+0xf8/0x107
Code: 14 d5 40 ff ae 81 8b 14 02 31 c0 3b 15 47 1c 8b 00 7d 0e 48 8b 05 36 1c 8b
 00 48 63 d2 48 8b 04 d0 c7 85 5c ff ff ff 00 00 00 00 <8b> 70 38 48 8d 8d 5c ff
 ff ff 48 8b 78 10 ba c4 01 00 00 e8 eb
RIP  [<ffffffff8142f2fb>] cpuid4_cache_lookup_regs+0x2ca/0x3df
 RSP <ffff880002203e08>
CR2: 0000000000000038
---[ end trace a7919e7f17c0a726 ]---

The L3 cache index disable feature of AMD CPUs has to be disabled if the
kernel is running as guest on top of a hypervisor because northbridge
devices are not available to the guest. Currently, this fixes a boot
crash on top of Xen. In the future this will become an issue on KVM as
well.

Check if northbridge devices are present and do not enable the feature
if there are none.

[ hpa: backported to 2.6.34 ]

Signed-off-by: Frank Arnold <frank.arnold@amd.com>
LKML-Reference: <1271945222-5283-3-git-send-email-bp@amd64.org>
Acked-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: <stable@kernel.org>
14 years agox86, k8: Fix build error when K8_NB is disabled
Borislav Petkov [Sat, 24 Apr 2010 07:56:53 +0000 (09:56 +0200)]
x86, k8: Fix build error when K8_NB is disabled

K8_NB depends on PCI and when the last is disabled (allnoconfig) we fail
at the final linking stage due to missing exported num_k8_northbridges.
Add a header stub for that.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
LKML-Reference: <20100503183036.GJ26107@aftab>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: <stable@kernel.org>
14 years agox86, amd: Check X86_FEATURE_OSVW bit before accessing OSVW MSRs
Andreas Herrmann [Tue, 27 Apr 2010 10:13:48 +0000 (12:13 +0200)]
x86, amd: Check X86_FEATURE_OSVW bit before accessing OSVW MSRs

If host CPU is exposed to a guest the OSVW MSRs are not guaranteed
to be present and a GP fault occurs. Thus checking the feature flag is
essential.

Cc: <stable@kernel.org> # .32.x .33.x
Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com>
LKML-Reference: <20100427101348.GC4489@alberich.amd.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
14 years agox86: Fix fake apicid to node mapping for numa emulation
David Rientjes [Thu, 6 May 2010 09:24:34 +0000 (02:24 -0700)]
x86: Fix fake apicid to node mapping for numa emulation

With NUMA emulation, it's possible for a single cpu to be bound
to multiple nodes since more than one may have affinity if
allocated on a physical node that is local to the cpu.

APIC ids must therefore be mapped to the lowest node ids to
maintain generic kernel use of functions such as cpu_to_node()
that determine device affinity.  For example, if a device has
proximity to physical node 1, for instance, and a cpu happens to
be mapped to a higher emulated node id 8, the proximity may not
be correctly determined by comparison in generic code even
though the cpu may be truly local and allocated on physical node 1.

When this happens, the true topology of the machine isn't
accurately represented in the emulated environment; although
this isn't critical to the system's uptime, any generic code
that is NUMA aware benefits from the physical topology being
accurately represented.

This can affect any system that maps multiple APIC ids to a
single node and is booted with numa=fake=N where N is greater
than the number of physical nodes.

Signed-off-by: David Rientjes <rientjes@google.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <alpine.DEB.2.00.1005060224140.19473@chino.kir.corp.google.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
14 years agoMerge branch 'zerolen' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6
Linus Torvalds [Wed, 5 May 2010 22:48:13 +0000 (15:48 -0700)]
Merge branch 'zerolen' of git://git./linux/kernel/git/jgarzik/misc-2.6

* 'zerolen' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6:
  [MTD] Remove zero-length files mtdbdi.c and internal.ho

14 years agoMerge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzi...
Linus Torvalds [Wed, 5 May 2010 22:47:57 +0000 (15:47 -0700)]
Merge branch 'upstream-linus' of git://git./linux/kernel/git/jgarzik/libata-dev

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  pata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs
  libata: Fix several inaccuracies in developer's guide

14 years ago[MTD] Remove zero-length files mtdbdi.c and internal.ho
Jeff Garzik [Wed, 5 May 2010 19:25:12 +0000 (15:25 -0400)]
[MTD] Remove zero-length files mtdbdi.c and internal.ho

Both were "removed" in commit a33eb6b91034c95b9b08576f68be170f995b2c7d.

Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
14 years agopata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs
Kristoffer Ericson [Sun, 2 May 2010 19:48:24 +0000 (21:48 +0200)]
pata_pcmcia / ide-cs: Fix bad hashes for Transcend and kingston IDs

This patch fixes the bad hashes for one Kingston and one Transcend card.
Thanks to komuro for pointing this out.

Signed-off-by: Kristoffer Ericson <kristoffer.ericson@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
14 years agolibata: Fix several inaccuracies in developer's guide
Sergei Shtylyov [Wed, 5 May 2010 13:27:10 +0000 (17:27 +0400)]
libata: Fix several inaccuracies in developer's guide

Commit 6bfff31e77cfa1b13490337e5a4dbaa3407e83ac (libata: kill probe_ent
and related helpers) killed ata_device_add() but didn't remove references
to it from the libata developer's guide.

Commits 9363c3825ea9ad76561eb48a395349dd29211ed6 (libata: rename SFF
functions) and 5682ed33aae05d10a25c95633ef9d9c062825888 (libata: rename
SFF port ops) renamed the taskfile access methods but didn't update the
developer's guide.  Commit c9f75b04ed5ed65a058d18a8a8dda50632a96de8
(libata: kill ata_noop_dev_select()) didn't update the developer's
guide as well.

The guide also refers to the long gone ata_pio_data_xfer_noirq(),
ata_pio_data_xfer(), and ata_mmio_data_xfer() -- replace those by
the modern ata_sff_data_xfer_noirq(), ata_sff_data_xfer(), and
ata_sff_data_xfer32().

Also, remove the reference to non-existant ata_port_stop()...

Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
14 years agoMerge branch 'slab-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penber...
Linus Torvalds [Wed, 5 May 2010 18:18:16 +0000 (11:18 -0700)]
Merge branch 'slab-for-linus' of git://git./linux/kernel/git/penberg/slab-2.6

* 'slab-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6:
  slub: Fix bad boundary check in init_kmem_cache_nodes()

14 years agoslub: Fix bad boundary check in init_kmem_cache_nodes()
Zhang, Yanmin [Thu, 1 Apr 2010 09:32:30 +0000 (17:32 +0800)]
slub: Fix bad boundary check in init_kmem_cache_nodes()

Function init_kmem_cache_nodes is incorrect when checking upper limitation of
kmalloc_caches. The breakage was introduced by commit
91efd773c74bb26b5409c85ad755d536448e229c ("dma kmalloc handling fixes").

Acked-by: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Wed, 5 May 2010 16:06:24 +0000 (09:06 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  KEYS: call_sbin_request_key() must write lock keyrings before modifying them
  KEYS: Use RCU dereference wrappers in keyring key type code
  KEYS: find_keyring_by_name() can gain access to a freed keyring

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Linus Torvalds [Wed, 5 May 2010 14:56:36 +0000 (07:56 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tj/wq

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: flush_delayed_work: keep the original workqueue for re-queueing

14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Wed, 5 May 2010 14:55:07 +0000 (07:55 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  FEC: Fix kernel panic in fec_set_mac_address.
  ipv6: Fix default multicast hops setting.
  net: ep93xx_eth stops receiving packets
  drivers/net/phy: micrel phy driver
  dm9601: fix phy/eeprom write routine
  ppp_generic: handle non-linear skbs when passing them to pppd
  ppp_generic: pull 2 bytes so that PPP_PROTO(skb) is valid
  net: fix compile error due to double return type in SOCK_DEBUG
  net/usb: initiate sync sequence in sierra_net.c driver
  net/usb: remove default in Kconfig for sierra_net driver
  r8169: Fix rtl8169_rx_interrupt()
  e1000e: Fix oops caused by ASPM patch.
  net/sb1250: register mdio bus in probe
  sctp: Fix skb_over_panic resulting from multiple invalid parameter errors (CVE-2010-1173) (v4)
  p54pci: fix bugs in p54p_check_tx_ring

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
Linus Torvalds [Wed, 5 May 2010 14:54:22 +0000 (07:54 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)
  ALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582
  ALSA: take tu->qlock with irqs disabled
  ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T
  ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F
  ALSA: hda - fix array indexing while creating inputs for Cirrus codecs
  ALSA: es968: fix wrong PnP dma index

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Wed, 5 May 2010 14:53:18 +0000 (07:53 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: joydev - allow binding to button-only devices
  Input: elantech - ignore high bits in the position coordinates
  Input: elantech - allow forcing Elantech protocol
  Input: elantech - fix firmware version check
  Input: ati_remote - add some missing devices from lirc_atiusb
  Input: eeti_ts - cancel pending work when going to suspend
  Input: Add support of Synaptics Clickpad device
  Revert "Input: ALPS - add signature for HP Pavilion dm3 laptops"
  Input: psmouse - ignore parity error for basic protocols

14 years agoraid6: fix recovery performance regression
Dan Williams [Wed, 5 May 2010 03:41:56 +0000 (20:41 -0700)]
raid6: fix recovery performance regression

The raid6 recovery code should immediately drop back to the optimized
synchronous path when a p+q dma resource is not available.  Otherwise we
run the non-optimized/multi-pass async code in sync mode.

Verified with raid6test (NDISKS=255)

Applies to kernels >= 2.6.32.

Cc: <stable@kernel.org>
Acked-by: NeilBrown <neilb@suse.de>
Reported-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoKEYS: call_sbin_request_key() must write lock keyrings before modifying them
David Howells [Fri, 30 Apr 2010 13:32:23 +0000 (14:32 +0100)]
KEYS: call_sbin_request_key() must write lock keyrings before modifying them

call_sbin_request_key() creates a keyring and then attempts to insert a link to
the authorisation key into that keyring, but does so without holding a write
lock on the keyring semaphore.

It will normally get away with this because it hasn't told anyone that the
keyring exists yet.  The new keyring, however, has had its serial number
published, which means it can be accessed directly by that handle.

This was found by a previous patch that adds RCU lockdep checks to the code
that reads the keyring payload pointer, which includes a check that the keyring
semaphore is actually locked.

Without this patch, the following command:

keyctl request2 user b a @s

will provoke the following lockdep warning is displayed in dmesg:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/keyring.c:727 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
2 locks held by keyctl/2076:
 #0:  (key_types_sem){.+.+.+}, at: [<ffffffff811a5b29>] key_type_lookup+0x1c/0x71
 #1:  (keyring_serialise_link_sem){+.+.+.}, at: [<ffffffff811a6d1e>] __key_link+0x4d/0x3c5

stack backtrace:
Pid: 2076, comm: keyctl Not tainted 2.6.34-rc6-cachefs #54
Call Trace:
 [<ffffffff81051fdc>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811a6d1e>] ? __key_link+0x4d/0x3c5
 [<ffffffff811a6e6f>] __key_link+0x19e/0x3c5
 [<ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
 [<ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
 [<ffffffff811aa0dc>] call_sbin_request_key+0xe7/0x33b
 [<ffffffff8139376a>] ? mutex_unlock+0x9/0xb
 [<ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
 [<ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
 [<ffffffff811aa6fa>] ? request_key_auth_new+0x1c2/0x23c
 [<ffffffff810aaf15>] ? cache_alloc_debugcheck_after+0x108/0x173
 [<ffffffff811a9d00>] ? request_key_and_link+0x146/0x300
 [<ffffffff810ac568>] ? kmem_cache_alloc+0xe1/0x118
 [<ffffffff811a9e45>] request_key_and_link+0x28b/0x300
 [<ffffffff811a89ac>] sys_request_key+0xf7/0x14a
 [<ffffffff81052c0b>] ? trace_hardirqs_on_caller+0x10c/0x130
 [<ffffffff81394fb9>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoKEYS: Use RCU dereference wrappers in keyring key type code
David Howells [Fri, 30 Apr 2010 13:32:18 +0000 (14:32 +0100)]
KEYS: Use RCU dereference wrappers in keyring key type code

The keyring key type code should use RCU dereference wrappers, even when it
holds the keyring's key semaphore.

Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoKEYS: find_keyring_by_name() can gain access to a freed keyring
Toshiyuki Okajima [Fri, 30 Apr 2010 13:32:13 +0000 (14:32 +0100)]
KEYS: find_keyring_by_name() can gain access to a freed keyring

find_keyring_by_name() can gain access to a keyring that has had its reference
count reduced to zero, and is thus ready to be freed.  This then allows the
dead keyring to be brought back into use whilst it is being destroyed.

The following timeline illustrates the process:

|(cleaner)                           (user)
|
| free_user(user)                    sys_keyctl()
|  |                                  |
|  key_put(user->session_keyring)     keyctl_get_keyring_ID()
|  || //=> keyring->usage = 0        |
|  |schedule_work(&key_cleanup_task)   lookup_user_key()
|  ||                                   |
|  kmem_cache_free(,user)               |
|  .                                    |[KEY_SPEC_USER_KEYRING]
|  .                                    install_user_keyrings()
|  .                                    ||
| key_cleanup() [<= worker_thread()]    ||
|  |                                    ||
|  [spin_lock(&key_serial_lock)]        |[mutex_lock(&key_user_keyr..mutex)]
|  |                                    ||
|  atomic_read() == 0                   ||
|  |{ rb_ease(&key->serial_node,) }     ||
|  |                                    ||
|  [spin_unlock(&key_serial_lock)]      |find_keyring_by_name()
|  |                                    |||
|  keyring_destroy(keyring)             ||[read_lock(&keyring_name_lock)]
|  ||                                   |||
|  |[write_lock(&keyring_name_lock)]    ||atomic_inc(&keyring->usage)
|  |.                                   ||| *** GET freeing keyring ***
|  |.                                   ||[read_unlock(&keyring_name_lock)]
|  ||                                   ||
|  |list_del()                          |[mutex_unlock(&key_user_k..mutex)]
|  ||                                   |
|  |[write_unlock(&keyring_name_lock)]  ** INVALID keyring is returned **
|  |                                    .
|  kmem_cache_free(,keyring)            .
|                                       .
|                                       atomic_dec(&keyring->usage)
v                                         *** DESTROYED ***
TIME

If CONFIG_SLUB_DEBUG=y then we may see the following message generated:

=============================================================================
BUG key_jar: Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xffff880197a7e200-0xffff880197a7e200. First byte 0x6a instead of 0x6b
INFO: Allocated in key_alloc+0x10b/0x35f age=25 cpu=1 pid=5086
INFO: Freed in key_cleanup+0xd0/0xd5 age=12 cpu=1 pid=10
INFO: Slab 0xffffea000592cb90 objects=16 used=2 fp=0xffff880197a7e200 flags=0x200000000000c3
INFO: Object 0xffff880197a7e200 @offset=512 fp=0xffff880197a7e300

Bytes b4 0xffff880197a7e1f0:  5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
  Object 0xffff880197a7e200:  6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b jkkkkkkkkkkkkkkk

Alternatively, we may see a system panic happen, such as:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
IP: [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9
PGD 6b2b4067 PUD 6a80d067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/kernel/kexec_crash_loaded
CPU 1
...
Pid: 31245, comm: su Not tainted 2.6.34-rc5-nofixed-nodebug #2 D2089/PRIMERGY
RIP: 0010:[<ffffffff810e61a3>]  [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9
RSP: 0018:ffff88006af3bd98  EFLAGS: 00010002
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88007d19900b
RDX: 0000000100000000 RSI: 00000000000080d0 RDI: ffffffff81828430
RBP: ffffffff81828430 R08: ffff88000a293750 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000100000 R12: 00000000000080d0
R13: 00000000000080d0 R14: 0000000000000296 R15: ffffffff810f20ce
FS:  00007f97116bc700(0000) GS:ffff88000a280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000001 CR3: 000000006a91c000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process su (pid: 31245, threadinfo ffff88006af3a000, task ffff8800374414c0)
Stack:
 0000000512e0958e 0000000000008000 ffff880037f8d180 0000000000000001
 0000000000000000 0000000000008001 ffff88007d199000 ffffffff810f20ce
 0000000000008000 ffff88006af3be48 0000000000000024 ffffffff810face3
Call Trace:
 [<ffffffff810f20ce>] ? get_empty_filp+0x70/0x12f
 [<ffffffff810face3>] ? do_filp_open+0x145/0x590
 [<ffffffff810ce208>] ? tlb_finish_mmu+0x2a/0x33
 [<ffffffff810ce43c>] ? unmap_region+0xd3/0xe2
 [<ffffffff810e4393>] ? virt_to_head_page+0x9/0x2d
 [<ffffffff81103916>] ? alloc_fd+0x69/0x10e
 [<ffffffff810ef4ed>] ? do_sys_open+0x56/0xfc
 [<ffffffff81008a02>] ? system_call_fastpath+0x16/0x1b
Code: 0f 1f 44 00 00 49 89 c6 fa 66 0f 1f 44 00 00 65 4c 8b 04 25 60 e8 00 00 48 8b 45 00 49 01 c0 49 8b 18 48 85 db 74 0d 48 63 45 18 <48> 8b 04 03 49 89 00 eb 14 4c 89 f9 83 ca ff 44 89 e6 48 89 ef
RIP  [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9

This problem is that find_keyring_by_name does not confirm that the keyring is
valid before accepting it.

Skipping keyrings that have been reduced to a zero count seems the way to go.
To this end, use atomic_inc_not_zero() to increment the usage count and skip
the candidate keyring if that returns false.

The following script _may_ cause the bug to happen, but there's no guarantee
as the window of opportunity is small:

#!/bin/sh
LOOP=100000
USER=dummy_user
/bin/su -c "exit;" $USER || { /usr/sbin/adduser -m $USER; add=1; }
for ((i=0; i<LOOP; i++))
do
/bin/su -c "echo '$i' > /dev/null" $USER
done
(( add == 1 )) && /usr/sbin/userdel -r $USER
exit

Note that the nominated user must not be in use.

An alternative way of testing this may be:

for ((i=0; i<100000; i++))
do
keyctl session foo /bin/true || break
done >&/dev/null

as that uses a keyring named "foo" rather than relying on the user and
user-session named keyrings.

Reported-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoMerge branch 'fix/hda' into for-linus
Takashi Iwai [Wed, 5 May 2010 08:08:30 +0000 (10:08 +0200)]
Merge branch 'fix/hda' into for-linus

14 years agoALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)
Daniel T Chen [Wed, 28 Apr 2010 22:00:11 +0000 (18:00 -0400)]
ALSA: hda: Fix 0 dB for Packard Bell models using Conexant CX20549 (Venice)

BugLink: https://launchpad.net/bugs/541802
The OR's hardware distorts at PCM 100% because it does not correspond to
0 dB. Fix this in patch_cxt5045() for all Packard Bell models.

Reported-by: Valombre
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582
Anisse Astier [Wed, 28 Apr 2010 16:05:06 +0000 (18:05 +0200)]
ALSA: hda - Add quirk for Dell Inspiron 19T using a Conexant CX20582

Add a quirk for all-in-one computer Dell Inspiron One 19 Touch to have proper
HP and Mic support.

Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: take tu->qlock with irqs disabled
Dan Carpenter [Wed, 28 Apr 2010 08:29:14 +0000 (10:29 +0200)]
ALSA: take tu->qlock with irqs disabled

We should disable irqs when we take the tu->qlock because it is used in
the irq handler.  The only place that doesn't is
snd_timer_user_ccallback().  Most of the time snd_timer_user_ccallback()
is called with interrupts disabled but the the first ti->ccallback()
call in snd_timer_notify1() has interrupts enabled.

This was caught by lockdep which generates the following message:

> =================================
> [ INFO: inconsistent lock state ]
> 2.6.34-rc5 #5
> ---------------------------------
> inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
> dolphin/4003 [HC1[1]:SC0[0]:HE0:SE1] takes:
> (&(&tu->qlock)->rlock){?.+...}, at: [<f84ec472>] snd_timer_user_tinterrupt+0x28/0x132 [snd_timer]
> {HARDIRQ-ON-W} state was registered at:
>   [<c1048de9>] __lock_acquire+0x654/0x1482
>   [<c1049c73>] lock_acquire+0x5c/0x73
>   [<c125ac3e>] _raw_spin_lock+0x25/0x34
>   [<f84ec370>] snd_timer_user_ccallback+0x55/0x95 [snd_timer]
>   [<f84ecc4b>] snd_timer_notify1+0x53/0xca [snd_timer]

Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoFEC: Fix kernel panic in fec_set_mac_address.
Mattias Walström [Wed, 5 May 2010 07:55:48 +0000 (00:55 -0700)]
FEC: Fix kernel panic in fec_set_mac_address.

Fix memory corruption that sometimes result in kernel panic.

Signed-off-by: Mattias Walström <mattias@vmlinux.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T
Daniel T Chen [Wed, 5 May 2010 02:07:58 +0000 (22:07 -0400)]
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite P500-PSPGSC-01800T

BugLink: https://launchpad.net/bugs/549267
The OR verified that using the olpc-xo-1_5 model quirk allows the
headphones to be audible when inserted into the jack. Capture was
also verified to work correctly.

Reported-by: Richard Gagne
Tested-by: Richard Gagne
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F
Daniel T Chen [Tue, 4 May 2010 00:39:31 +0000 (20:39 -0400)]
ALSA: hda: Use olpc-xo-1_5 quirk for Toshiba Satellite Pro T130-15F

BugLink: https://launchpad.net/bugs/573284
The OR verified that using the olpc-xo-1_5 model quirk allows the
headphones to be audible when inserted into the jack. Capture was
also verified to work correctly.

Reported-by: Andy Couldrake <acouldrake@googlemail.com>
Tested-by: Andy Couldrake <acouldrake@googlemail.com>
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoALSA: hda - fix array indexing while creating inputs for Cirrus codecs
Brian J. Tarricone [Mon, 3 May 2010 00:32:10 +0000 (17:32 -0700)]
ALSA: hda - fix array indexing while creating inputs for Cirrus codecs

This fixes a problem where cards show up as only having a single mixer
element, suppressing all sound output.

Signed-off-by: Brian J. Tarricone <brian@tarricone.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agoMerge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied...
Linus Torvalds [Wed, 5 May 2010 02:08:12 +0000 (19:08 -0700)]
Merge branch 'drm-linus' of git://git./linux/kernel/git/airlied/drm-2.6

* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms/legacy: only enable load detection property on DVI-I
  drm/radeon/kms: fix panel scaling adjusted mode setup
  drivers/gpu/drm/drm_sysfs.c: sysfs files error handling
  drivers/gpu/drm/radeon/radeon_atombios.c: range check issues
  gpu: vga_switcheroo, fix lock imbalance
  drivers/gpu/drm/drm_memory.c: fix check for end of loop
  drivers/gpu/drm/via/via_video.c: fix off by one issue
  drm/radeon/kms/agp The wrong AGP chipset can cause a NULL pointer dereference
  drm/radeon/kms: r300 fix CS checker to allow zbuffer-only fastfill

14 years agoMerge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Wed, 5 May 2010 02:07:35 +0000 (19:07 -0700)]
Merge branch 'x86-fixes-for-linus' of git://git./linux/kernel/git/x86/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip:
  powernow-k8: Fix frequency reporting
  x86: Fix parse_reservetop() build failure on certain configs
  x86: Fix NULL pointer access in irq_force_complete_move() for Xen guests
  x86: Fix 'reservetop=' functionality

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Wed, 5 May 2010 01:49:34 +0000 (18:49 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  KEYS: Fix RCU handling in key_gc_keyring()
  KEYS: Fix an RCU warning in the reading of user keys

14 years agoKEYS: Fix RCU handling in key_gc_keyring()
David Howells [Tue, 4 May 2010 13:16:10 +0000 (14:16 +0100)]
KEYS: Fix RCU handling in key_gc_keyring()

key_gc_keyring() needs to either hold the RCU read lock or hold the keyring
semaphore if it's going to scan the keyring's list.  Given that it only needs
to read the key list, and it's doing so under a spinlock, the RCU read lock is
the thing to use.

Furthermore, the RCU check added in e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe is
incorrect as holding the spinlock on key_serial_lock is not grounds for
assuming a keyring's pointer list can be read safely.  Instead, a simple
rcu_dereference() inside of the previously mentioned RCU read lock is what we
want.

Reported-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agoKEYS: Fix an RCU warning in the reading of user keys
David Howells [Fri, 30 Apr 2010 13:32:08 +0000 (14:32 +0100)]
KEYS: Fix an RCU warning in the reading of user keys

Fix an RCU warning in the reading of user keys:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/3637:
 #0:  (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf

stack backtrace:
Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
Call Trace:
 [<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811aa55f>] user_read+0x47/0x91
 [<ffffffff811a80be>] keyctl_read_key+0xac/0xcf
 [<ffffffff811a8a06>] sys_keyctl+0x75/0xb7
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
14 years agodrm/radeon/kms/legacy: only enable load detection property on DVI-I
Alex Deucher [Fri, 30 Apr 2010 16:37:31 +0000 (12:37 -0400)]
drm/radeon/kms/legacy: only enable load detection property on DVI-I

DVI-D doesn't have analog.  This matches the avivo behavior.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
14 years agodrm/radeon/kms: fix panel scaling adjusted mode setup
Alex Deucher [Fri, 30 Apr 2010 16:00:44 +0000 (12:00 -0400)]
drm/radeon/kms: fix panel scaling adjusted mode setup

This should duplicate exactly what the ddx does for both
legacy and avivo.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
14 years agoMerge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2
Linus Torvalds [Tue, 4 May 2010 23:33:18 +0000 (16:33 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/jlbec/ocfs2

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2:
  ocfs2: Avoid a gcc warning in ocfs2_wipe_inode().
  ocfs2: Avoid direct write if we fall back to buffered I/O
  ocfs2_dlmfs: Fix math error when reading LVB.
  ocfs2: Update VFS inode's id info after reflink.
  ocfs2: potential ERR_PTR dereference on error paths
  ocfs2: Add directory entry later in ocfs2_symlink() and ocfs2_mknod()
  ocfs2: use OCFS2_INODE_SKIP_ORPHAN_DIR in ocfs2_mknod error path
  ocfs2: use OCFS2_INODE_SKIP_ORPHAN_DIR in ocfs2_symlink error path
  ocfs2: add OCFS2_INODE_SKIP_ORPHAN_DIR flag and honor it in the inode wipe code
  ocfs2: Reset status if we want to restart file extension.
  ocfs2: Compute metaecc for superblocks during online resize.
  ocfs2: Check the owner of a lockres inside the spinlock
  ocfs2: one more warning fix in ocfs2_file_aio_write(), v2
  ocfs2_dlmfs: User DLM_* when decoding file open flags.

14 years agoFix the x86_64 implementation of call_rwsem_wait()
David Howells [Tue, 4 May 2010 12:42:53 +0000 (13:42 +0100)]
Fix the x86_64 implementation of call_rwsem_wait()

The x86_64 call_rwsem_wait() treats the active state counter part of the
R/W semaphore state as being 16-bit when it's actually 32-bit (it's half
of the 64-bit state).  It should do "decl %edx" not "decw %dx".

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoMerge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvar...
Linus Torvalds [Tue, 4 May 2010 22:20:37 +0000 (15:20 -0700)]
Merge branch 'i2c-for-linus' of git://git./linux/kernel/git/jdelvare/staging

* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  i2c-core: Use per-adapter userspace device lists
  i2c: Fix probing of FSC hardware monitoring chips
  i2c-core: Erase pointer to clientdata on removal

14 years agoMerge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 4 May 2010 22:16:15 +0000 (15:16 -0700)]
Merge branch 'perf-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  perf: Fix resource leak in failure path of perf_event_open()

14 years agoMerge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 4 May 2010 22:15:43 +0000 (15:15 -0700)]
Merge branch 'core-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  rcu: Fix RCU lockdep splat on freezer_fork path
  rcu: Fix RCU lockdep splat in set_task_cpu on fork path
  mutex: Don't spin when the owner CPU is offline or other weird cases

14 years agoi2c-core: Use per-adapter userspace device lists
Jean Delvare [Tue, 4 May 2010 09:09:28 +0000 (11:09 +0200)]
i2c-core: Use per-adapter userspace device lists

Using a single list for all userspace devices leads to a dead lock
on multiplexed buses in some circumstances (mux chip instantiated
from userspace). This is solved by using a separate list for each
bus segment.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Michael Lawnick <ml.lawnick@gmx.de>
14 years agoi2c: Fix probing of FSC hardware monitoring chips
Jean Delvare [Tue, 4 May 2010 09:09:28 +0000 (11:09 +0200)]
i2c: Fix probing of FSC hardware monitoring chips

Some FSC hardware monitoring chips (Syleus at least) doesn't like
quick writes we typically use to probe for I2C chips. Use a regular
byte read instead for the address they live at (0x73). These are the
only known chips living at this address on PC systems.

For clarity, this fix should not be needed for kernels 2.6.30 and
later, as we started instantiating the hwmon devices explicitly based
on DMI data. Still, this fix is valuable in the following two cases:
* Support for recent FSC chips on older kernels. The DMI-based device
  instantiation is more difficult to backport than the device support
  itself.
* Case where the DMI-based device instantiation fails, whatever the
  reason. We fall back to probing in that case, so it should work.

This fixes kernel bug #15634:
https://bugzilla.kernel.org/show_bug.cgi?id=15634

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Cc: stable@kernel.org
14 years agoi2c-core: Erase pointer to clientdata on removal
Wolfram Sang [Tue, 4 May 2010 09:09:27 +0000 (11:09 +0200)]
i2c-core: Erase pointer to clientdata on removal

After discovering that a lot of i2c-drivers leave the pointer to their
clientdata dangling, it was decided to let the core handle this issue.
It is assumed that the core may access the private data after remove()
as there are no guarantees for the lifetime of such pointers anyhow (see
thread starting at http://lkml.org/lkml/2010/3/21/68)

Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
14 years agoInput: joydev - allow binding to button-only devices
Christoph Fritz [Sun, 25 Apr 2010 04:41:05 +0000 (21:41 -0700)]
Input: joydev - allow binding to button-only devices

Dance pads don't have an axis, so allow this kind of controllers
to be used via legacy joystick interface.

Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
14 years agoipv6: Fix default multicast hops setting.
David S. Miller [Tue, 4 May 2010 06:42:27 +0000 (23:42 -0700)]
ipv6: Fix default multicast hops setting.

As per RFC 3493 the default multicast hops setting
for a socket should be "1" just like ipv4.

Ironically we have a IPV6_DEFAULT_MCASTHOPS macro
it just wasn't being used.

Reported-by: Elliot Hughes <enh@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoInput: elantech - ignore high bits in the position coordinates
Florian Ragwitz [Tue, 4 May 2010 06:29:37 +0000 (23:29 -0700)]
Input: elantech - ignore high bits in the position coordinates

In older versions of the elantech hardware/firmware those bits always
were unset, so it didn't actually matter, but newer versions seem to
use those high bits for something else, screwing up the coordinates
we report to the input layer for those devices.

Signed-off-by: Florian Ragwitz <rafl@debian.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
14 years agoInput: elantech - allow forcing Elantech protocol
Florian Ragwitz [Tue, 27 Apr 2010 07:47:04 +0000 (00:47 -0700)]
Input: elantech - allow forcing Elantech protocol

Apparently hardware vendors now ship elantech touchpads with different version
magic. This options allows for them to be tested easier with the current driver
in order to add their magic to the whitelist later.

Signed-off-by: Florian Ragwitz <rafl@debian.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
14 years agoInput: elantech - fix firmware version check
Florian Ragwitz [Tue, 27 Apr 2010 07:45:10 +0000 (00:45 -0700)]
Input: elantech - fix firmware version check

The check determining whether device should use 4- or 6-byte packets
was trying to compare firmware with 2.48, but was failing on majors
greater than 2. The new check ensures that versions like 4.1 are
checked properly.

Signed-off-by: Florian Ragwitz <rafl@debian.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
14 years agoInput: ati_remote - add some missing devices from lirc_atiusb
Jarod Wilson [Tue, 4 May 2010 06:30:32 +0000 (23:30 -0700)]
Input: ati_remote - add some missing devices from lirc_atiusb

The (out-of-tree) lirc_atiusb driver has a much longer list of devices
it supports.  Some of them look like they may just be guesses at possible
device IDs, but a few are definitely confirmed devices.  This adds the
nVidia-branded RF receiver and the X10 Lola Wireless Video Sender device
(which contains an RF receiver) to the list of devices in ati_remote.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
14 years agonet: ep93xx_eth stops receiving packets
David S. Miller [Tue, 4 May 2010 06:21:27 +0000 (23:21 -0700)]
net: ep93xx_eth stops receiving packets

Receiving small packet(s) in a fast pace leads to not receiving any
packets at all after some time.

After ethernet packet(s) arrived the receive descriptor is incremented
by the number of frames processed. If another packet arrives while
processing, this is processed in another call of ep93xx_rx. This
second call leads that too many receive descriptors getting released.

This fix increments, even in these case, the right number of processed
receive descriptors.

Signed-off-by: Stefan Agner <stefan@agner.ch>
Acked-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoocfs2: Avoid a gcc warning in ocfs2_wipe_inode().
Joel Becker [Tue, 4 May 2010 02:15:49 +0000 (19:15 -0700)]
ocfs2: Avoid a gcc warning in ocfs2_wipe_inode().

gcc warns that a variable is uninitialized.  It's actually handled, but
an early return fools gcc.  Let's just initialize the variable to a
garbage value that will crash if the usage is ever broken.

Signed-off-by: Joel Becker <joel.becker@oracle.com>
14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph...
Linus Torvalds [Mon, 3 May 2010 23:36:19 +0000 (16:36 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  ceph: remove bad auth_x kmem_cache
  ceph: fix lockless caps check
  ceph: clear dir complete, invalidate dentry on replayed rename
  ceph: fix direct io truncate offset
  ceph: discard incoming messages with bad seq #
  ceph: fix seq counting for skipped messages
  ceph: add missing #includes
  ceph: fix leaked spinlock during mds reconnect
  ceph: print more useful version info on module load
  ceph: fix snap realm splits
  ceph: clear dir complete on d_move

14 years agodrivers/net/phy: micrel phy driver
David J. Choi [Thu, 29 Apr 2010 06:12:41 +0000 (06:12 +0000)]
drivers/net/phy: micrel phy driver

This is the first version of phy driver from Micrel Inc.

Signed-off-by: David J. Choi <david.choi@micrel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodm9601: fix phy/eeprom write routine
Peter Korsgaard [Mon, 3 May 2010 10:01:26 +0000 (10:01 +0000)]
dm9601: fix phy/eeprom write routine

Use correct bit positions in DM_SHARED_CTRL register for writes.

Michael Planes recently encountered a 'KY-RS9600 USB-LAN converter', which
came with a driver CD containing a Linux driver. This driver turns out to
be a copy of dm9601.c with symbols renamed and my copyright stripped.
That aside, it did contain 1 functional change in dm_write_shared_word(),
and after checking the datasheet the original value was indeed wrong
(read versus write bits).

On Michaels HW, this change bumps receive speed from ~30KB/s to ~900KB/s.
On other devices the difference is less spectacular, but still significant
(~30%).

Reported-by: Michael Planes <michael.planes@free.fr>
CC: stable@kernel.org
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoppp_generic: handle non-linear skbs when passing them to pppd
Simon Arlott [Mon, 3 May 2010 10:20:27 +0000 (10:20 +0000)]
ppp_generic: handle non-linear skbs when passing them to pppd

Frequently when using PPPoE with an interface MTU greater than 1500,
the skb is likely to be non-linear. If the skb needs to be passed to
pppd then the skb data must be read correctly.

The previous commit fixes an issue with accidentally sending skbs
to pppd based on an invalid read of the protocol type. When that
error occurred pppd was reading invalid skb data too.

Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoppp_generic: pull 2 bytes so that PPP_PROTO(skb) is valid
Simon Arlott [Mon, 3 May 2010 10:19:33 +0000 (10:19 +0000)]
ppp_generic: pull 2 bytes so that PPP_PROTO(skb) is valid

In ppp_input(), PPP_PROTO(skb) may refer to invalid data in the skb.

If this happens and (proto >= 0xc000 || proto == PPP_CCPFRAG) then
the packet is passed directly to pppd.

This occurs frequently when using PPPoE with an interface MTU
greater than 1500 because the skb is more likely to be non-linear.

The next 2 bytes need to be pulled in ppp_input(). The pull of 2
bytes in ppp_receive_frame() has been removed as it is no longer
required.

Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoceph: remove bad auth_x kmem_cache
Sage Weil [Thu, 29 Apr 2010 20:26:53 +0000 (13:26 -0700)]
ceph: remove bad auth_x kmem_cache

It's useless, since our allocations are already a power of 2.  And it was
allocated per-instance (not globally), which caused a name collision when
we tried to mount a second file system with auth_x enabled.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: fix lockless caps check
Sage Weil [Fri, 23 Apr 2010 17:25:33 +0000 (10:25 -0700)]
ceph: fix lockless caps check

The __ variant requires caller to hold i_lock.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: clear dir complete, invalidate dentry on replayed rename
Sage Weil [Wed, 28 Apr 2010 23:12:06 +0000 (16:12 -0700)]
ceph: clear dir complete, invalidate dentry on replayed rename

If a rename operation is resent to the MDS following an MDS restart, the
client does not get a full reply (containing the resulting metadata) back.
In that case, a ceph_rename() needs to compensate by doing anything useful
that fill_inode() would have, like d_move().

It also needs to invalidate the dentry (to workaround the vfs_rename_dir()
bug) and clear the dir complete flag, just like fill_trace().

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: fix direct io truncate offset
Sage Weil [Thu, 22 Apr 2010 20:48:59 +0000 (13:48 -0700)]
ceph: fix direct io truncate offset

truncate_inode_pages_range wants the end offset to align with the last byte
in a page.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: discard incoming messages with bad seq #
Sage Weil [Thu, 22 Apr 2010 14:47:01 +0000 (07:47 -0700)]
ceph: discard incoming messages with bad seq #

We can get old message seq #'s after a tcp reconnect for stateful sessions
(i.e., the MDS).  If we get a higher seq #, that is an error, and we
shouldn't see any bad seq #'s for stateless (mon, osd) connections.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: fix seq counting for skipped messages
Sage Weil [Thu, 22 Apr 2010 03:45:59 +0000 (20:45 -0700)]
ceph: fix seq counting for skipped messages

Increment in_seq even when the message is skipped for some reason.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: add missing #includes
Sage Weil [Tue, 20 Apr 2010 22:20:33 +0000 (15:20 -0700)]
ceph: add missing #includes

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: fix leaked spinlock during mds reconnect
Sage Weil [Tue, 20 Apr 2010 17:27:13 +0000 (10:27 -0700)]
ceph: fix leaked spinlock during mds reconnect

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: print more useful version info on module load
Sage Weil [Mon, 19 Apr 2010 20:50:26 +0000 (13:50 -0700)]
ceph: print more useful version info on module load

Decouple the client version from the server side.  Print relevant protocol
and map version info instead.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: fix snap realm splits
Sage Weil [Mon, 19 Apr 2010 17:15:44 +0000 (10:15 -0700)]
ceph: fix snap realm splits

The snap realm split was checking i_snap_realm, not the list_head, to
determine if an inode belonged in the new realm.  The check always failed,
which meant we always moved the inode, corrupting the old realm's list and
causing various crashes.

Also wait to release old realm reference to avoid possibility of use after
free.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoceph: clear dir complete on d_move
Sage Weil [Fri, 16 Apr 2010 19:56:11 +0000 (12:56 -0700)]
ceph: clear dir complete on d_move

d_move() reorders the d_subdirs list, breaking the readdir result caching.
Unless/until d_move preserves that ordering, clear CEPH_I_COMPLETE on
rename.

Signed-off-by: Sage Weil <sage@newdream.net>
14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog
Linus Torvalds [Mon, 3 May 2010 14:54:08 +0000 (07:54 -0700)]
Merge git://git./linux/kernel/git/wim/linux-2.6-watchdog

* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
  watchdog: ep93xx_wdt.c fix default timout value in MODULE_PARM_DESC string.

14 years agonilfs2: fix sync silent failure
Ryusuke Konishi [Mon, 3 May 2010 12:00:48 +0000 (21:00 +0900)]
nilfs2: fix sync silent failure

As of 32a88aa1, __sync_filesystem() will return 0 if s_bdi is not set.
And nilfs does not set s_bdi anywhere.  I noticed this problem by the
warning introduced by the recent commit 5129a469 ("Catch filesystem
lacking s_bdi").

 WARNING: at fs/super.c:959 vfs_kern_mount+0xc5/0x14e()
 Hardware name: PowerEdge 2850
 Modules linked in: nilfs2 loop tpm_tis tpm tpm_bios video shpchp pci_hotplug output dcdbas
 Pid: 3773, comm: mount.nilfs2 Not tainted 2.6.34-rc6-debug #38
 Call Trace:
  [<c1028422>] warn_slowpath_common+0x60/0x90
  [<c102845f>] warn_slowpath_null+0xd/0x10
  [<c1095936>] vfs_kern_mount+0xc5/0x14e
  [<c1095a03>] do_kern_mount+0x32/0xbd
  [<c10a811e>] do_mount+0x671/0x6d0
  [<c1073794>] ? __get_free_pages+0x1f/0x21
  [<c10a684f>] ? copy_mount_options+0x2b/0xe2
  [<c107b634>] ? strndup_user+0x48/0x67
  [<c10a81de>] sys_mount+0x61/0x8f
  [<c100280c>] sysenter_do_call+0x12/0x32

This ensures to set s_bdi for nilfs and fixes the sync silent failure.

Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Acked-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agopowernow-k8: Fix frequency reporting
Mark Langsdorf [Wed, 31 Mar 2010 19:56:45 +0000 (21:56 +0200)]
powernow-k8: Fix frequency reporting

With F10, model 10, all valid frequencies are in the ACPI _PST table.

Cc: <stable@kernel.org> # 33.x 32.x
Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com>
LKML-Reference: <1270065406-1814-6-git-send-email-bp@amd64.org>
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Reviewed-by: Thomas Renninger <trenn@suse.de>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
14 years agowatchdog: ep93xx_wdt.c fix default timout value in MODULE_PARM_DESC string.
Wim Van Sebroeck [Mon, 3 May 2010 08:58:56 +0000 (08:58 +0000)]
watchdog: ep93xx_wdt.c fix default timout value in MODULE_PARM_DESC string.

The WATCHDOG_TIMEOUT macro does not exist. The default timeout value is WDT_TIMEOUT.
Fix the MODULE_PARM_DESC so that the code can compile again.

reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
14 years agox86: Fix parse_reservetop() build failure on certain configs
Ingo Molnar [Mon, 3 May 2010 07:19:43 +0000 (09:19 +0200)]
x86: Fix parse_reservetop() build failure on certain configs

Commit e67a807 ("x86: Fix 'reservetop=' functionality") added a
fixup_early_ioremap() call to parse_reservetop() and declared it
in io.h.

But asm/io.h was only included indirectly - and on some configs
not at all, causing a build failure on those configs.

Cc: Liang Li <liang.li@windriver.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Cc: Wang Chen <wangchen@cn.fujitsu.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
LKML-Reference: <1272621711-8683-1-git-send-email-liang.li@windriver.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
14 years agonet: fix compile error due to double return type in SOCK_DEBUG
Jan Engelhardt [Sun, 2 May 2010 20:42:39 +0000 (13:42 -0700)]
net: fix compile error due to double return type in SOCK_DEBUG

Fix this one:
include/net/sock.h: error: two or more data types in declaration specifiers

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet/usb: initiate sync sequence in sierra_net.c driver
Elina Pasheva [Wed, 28 Apr 2010 13:28:24 +0000 (13:28 +0000)]
net/usb: initiate sync sequence in sierra_net.c driver

The following patch adds the initiation of the sync sequence to
"sierra_net_bind()". If this step is omitted, the modem will never sync up
with the host and it will not be possible to establish a data connection.

Signed-off-by: Elina Pasheva <epasheva@sierrawireless.com>
Signed-off-by: Rory Filer <rfiler@sierrawireless.com>
Tested-by: Elina Pasheva <epasheva@sierrawireless.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoperf: Fix resource leak in failure path of perf_event_open()
Tejun Heo [Sat, 1 May 2010 08:11:35 +0000 (10:11 +0200)]
perf: Fix resource leak in failure path of perf_event_open()

perf_event_open() kfrees event after init failure which doesn't
release all resources allocated by perf_event_alloc().  Use
free_event() instead.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Paul Mackerras <paulus@au1.ibm.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: <stable@kernel.org>
LKML-Reference: <4BDBE237.1040809@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
14 years agonet/usb: remove default in Kconfig for sierra_net driver
Elina Pasheva [Sat, 1 May 2010 02:05:28 +0000 (19:05 -0700)]
net/usb: remove default in Kconfig for sierra_net driver

The following patch removes the default from the Kconfig entry for sierra_net
driver as recommended.

Signed-off-by: Elina Pasheva <epasheva@sierrawireless.com>
Signed-off-by: Rory Filer <rfiler@sierrawireless.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agor8169: Fix rtl8169_rx_interrupt()
Eric Dumazet [Fri, 30 Apr 2010 23:20:39 +0000 (16:20 -0700)]
r8169: Fix rtl8169_rx_interrupt()

In case a reset is performed, rtl8169_rx_interrupt() is called from
process context instead of softirq context. Special care must be taken
to call appropriate network core services (netif_rx() instead of
netif_receive_skb()). VLAN handling also corrected.

Reported-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Tested-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Diagnosed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agox86: Fix NULL pointer access in irq_force_complete_move() for Xen guests
Prarit Bhargava [Tue, 27 Apr 2010 15:24:42 +0000 (11:24 -0400)]
x86: Fix NULL pointer access in irq_force_complete_move() for Xen guests

Upstream PV guests fail to boot because of a NULL pointer in
irq_force_complete_move().  It is possible that xen guests have
irq_desc->chip_data = NULL.

Test for NULL chip_data pointer before attempting to complete an irq move.

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
LKML-Reference: <20100427152434.16193.49104.sendpatchset@prarit.bos.redhat.com>
Acked-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: <stable@kernel.org> [2.6.33]
14 years agoocfs2: Avoid direct write if we fall back to buffered I/O
Li Dongyang [Sat, 17 Apr 2010 09:49:10 +0000 (17:49 +0800)]
ocfs2: Avoid direct write if we fall back to buffered I/O

when we fall back to buffered write from direct write, we call
__generic_file_aio_write() but that will end up doing direct write
even we are only prepared to do buffered write because the file
has the O_DIRECT flag set. This is a fix for
https://bugzilla.novell.com/show_bug.cgi?id=591039
revised with Joel's comments.

Signed-off-by: Li Dongyang <lidongyang@novell.com>
Acked-by: Mark Fasheh <mfasheh@suse.com>
Signed-off-by: Joel Becker <joel.becker@oracle.com>
14 years agoMerge branch 'skip_delete_inode' of git://git.kernel.org/pub/scm/linux/kernel/git...
Joel Becker [Fri, 30 Apr 2010 20:37:29 +0000 (13:37 -0700)]
Merge branch 'skip_delete_inode' of git://git./linux/kernel/git/mfasheh/ocfs2-mark into ocfs2-fixes

14 years agoMerge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Fri, 30 Apr 2010 20:04:14 +0000 (13:04 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/upstream-linus

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: (27 commits)
  MIPS: Loongson 2F: Fix of problems introduced by -mfix-loongson2f-jump
  MIPS: Loongson-2F: Use CONFIG_CPU_JUMP_WORKAROUNDS to control workarounds.
  MIPS: Loongson 2F: Enable fixups of the latest binutils
  MIPS: Loongson: Add CPU_LOONGSON2F_WORKAROUNDS
  MIPS: Kconfig: Make Broadcom SoC support naming consistent
  MIPS: BCM63xx: Update defconfig
  MIPS: oprofile: Fix breakage when CONFIG_OPROFILE=m
  STAGING: octeon-ethernet: Use proper phy addresses for Movidis hardware.
  NET: mdio-octeon: Enable the hardware before using it.
  I2C: Fix section mismatch errors in i2c-octeon.c
  MIPS: Loongson: Fix LOONGSON_ADDRWIN_CFG macro.
  MIPS: Loongson: Fix phys_mem_access_prot() check
  MIPS: Loongson: Fix find_vga_mem_init()
  MIPS: Loongson: Fix typo in gdium mach type string.
  MIPS: Use CKSEG1ADDR for uncached handler
  MIPS: Check for accesses beyond the end of the PGD.
  MIPS: Use uasm_i_ds{r,l}l_safe() instead of uasm_i_ds{r,l}l() in tlbex.c
  MIPS: Add uasm_i_dsrl_safe() and uasm_i_dsll_safe() to uasm.
  MIPS: die() does not call die notifier chain
  MIPS: Swarm, Littlesur: Enable PATA platform driver.
  ...

14 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Fri, 30 Apr 2010 19:54:15 +0000 (12:54 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6

14 years agoMIPS: Loongson 2F: Fix of problems introduced by -mfix-loongson2f-jump
Wu Zhangjin [Sat, 10 Apr 2010 12:07:13 +0000 (20:07 +0800)]
MIPS: Loongson 2F: Fix of problems introduced by -mfix-loongson2f-jump

The -mfix-loongson2f-jump option provided by latest CVS binutils have fixed
the out-of-order issue of Loongson-2F described in chapter 15 of the
Loongson2F User Manual [1, 2], but introduced some problems.

The option changes all of the jump target to "addr & 0xcfffffff" through the
at($1) register, but for the reboot address of Loongson 2F 0xbfc00000 this is
wrong.  Avoids the problem via telling the assembler to not use the $at
register.

[1] Loongson2F User Manual (Chinese Version)
    http://www.loongson.cn/uploadfile/file/200808211
[2] English Version of Chapter 15:
    http://groups.google.com.hk/group/loongson-dev/msg/e0d2e220958f10a6?dmode=source

Reported-and-tested-by: Liu Shiwei <liushiwei@gmail.com>
Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com>
Cc: linux-mips <linux-mips@linux-mips.org>
Patchwork: http://patchwork.linux-mips.org/patch/1109/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Loongson-2F: Use CONFIG_CPU_JUMP_WORKAROUNDS to control workarounds.
Wu Zhangjin [Sat, 10 Apr 2010 12:07:01 +0000 (20:07 +0800)]
MIPS: Loongson-2F: Use CONFIG_CPU_JUMP_WORKAROUNDS to control workarounds.

Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com>
Cc: linux-mips <linux-mips@linux-mips.org>
Patchwork: http://patchwork.linux-mips.org/patch/1106/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Loongson 2F: Enable fixups of the latest binutils
Wu Zhangjin [Sat, 10 Apr 2010 12:05:01 +0000 (20:05 +0800)]
MIPS: Loongson 2F: Enable fixups of the latest binutils

With the  "Fixups of Loongson2F" patch [1] having been applied to binutils
for binutils 2.20.1 we now can use it's time to enable the options provided
by the patch to compile the kernel.

Without these fixups, the system may hang if the erratum is triggered.

For more information on these fixups please refer to the following
references.

[1] "Fixups of Loongson2F" patch for binutils(actually for gas)
    http://sourceware.org/ml/binutils/2009-11/msg00387.html
[2] Chapter 15 of "Loongson2F User Manual"(Chinese Version)
    http://www.loongson.cn/uploadfile/file/200808211
[3] Chapter 15 of the English version Loongson 2F User Manual
    http://groups.google.com.hk/group/loongson-dev/msg/e0d2e220958f10a6?dmode=source

Signed-off-by: Zhang Le <r0bertz@gentoo.org>
Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com>
Cc: Zhang Le <r0bertz@gentoo.org>
Cc: linux-mips <linux-mips@linux-mips.org>
Patchwork: http://patchwork.linux-mips.org/patch/1106/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Loongson: Add CPU_LOONGSON2F_WORKAROUNDS
Wu Zhangjin [Sat, 10 Apr 2010 12:04:42 +0000 (20:04 +0800)]
MIPS: Loongson: Add CPU_LOONGSON2F_WORKAROUNDS

As documented in the  Loongson 2F User Manual [2, 3], the old Loongson2F
series (2F01 / 2F02) have the NOP & JUMP issues which requires workarounds
in the kernel and binutils.  This issue has been rectified in Loongson 2F
series 2F03 so no workarounds needed.

Now that the workarounds [1] adding the the -mfix-loongson2f-nop and
-mfix-loongson2f-jump options have been comitted to the binutils the CVS
repository), we can add the workarounds in the kernel.

The workarounds have no significant side effect on the system but may
decrease performance so we control them through a a new
CPU_LOONGSON2F_WORKAROUNDS config option allowing the users to only enable
it as necessary.

[1] "Fixups of Loongson2F" patch for binutils(actually for gas)
    http://sourceware.org/ml/binutils/2009-11/msg00387.html
[2] Chapter 15 of "Loongson2F User Manual"(Chinese Version)
    http://www.loongson.cn/uploadfile/file/200808211
[3] English Version of the above chapter 15
    http://groups.google.com.hk/group/loongson-dev/msg/e0d2e220958f10a6?dmode=source

Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com>
Cc: linux-mips <linux-mips@linux-mips.org>
Patchwork: http://patchwork.linux-mips.org/patch/1105/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Kconfig: Make Broadcom SoC support naming consistent
Florian Fainelli [Thu, 25 Mar 2010 10:42:41 +0000 (11:42 +0100)]
MIPS: Kconfig: Make Broadcom SoC support naming consistent

Signed-off-by: Florian Fainelli <ffainelli@freebox.fr>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1082/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: BCM63xx: Update defconfig
Florian Fainelli [Thu, 25 Mar 2010 10:42:22 +0000 (11:42 +0100)]
MIPS: BCM63xx: Update defconfig

the defconfig was out-of-sync since 2.6.30-rc6, update it with the new
symbols and enable BCM6338, 6345, wireless, b43 driver and LEDs support.

Signed-off-by: Fainelli <ffainelli@freebox.fr>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1081/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: oprofile: Fix breakage when CONFIG_OPROFILE=m
Wu Zhangjin [Mon, 26 Apr 2010 12:01:54 +0000 (20:01 +0800)]
MIPS: oprofile: Fix breakage when CONFIG_OPROFILE=m

When the oprofile is compiled as a module do_IRQ() is not called in
arch/mips/loongson/lemote-2f/irq.c due to a wrong #ifdef there.

Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1143/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoSTAGING: octeon-ethernet: Use proper phy addresses for Movidis hardware.
David Daney [Fri, 2 Apr 2010 01:17:55 +0000 (18:17 -0700)]
STAGING: octeon-ethernet: Use proper phy addresses for Movidis hardware.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-mips@linux-mips.org
To: netdev@vger.kernel.org
To: gregkh@suse.de
Patchwork: http://patchwork.linux-mips.org/patch/1091/
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoNET: mdio-octeon: Enable the hardware before using it.
David Daney [Fri, 2 Apr 2010 01:17:54 +0000 (18:17 -0700)]
NET: mdio-octeon: Enable the hardware before using it.

In some cases the mdio bus is not enabled at the time of probing.
This prevents anything from working, so we will enable it before
trying to use it, and disable it when the driver is removed.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-mips@linux-mips.org
To: netdev@vger.kernel.org
To: gregkh@suse.de
Patchwork: http://patchwork.linux-mips.org/patch/1090/
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoI2C: Fix section mismatch errors in i2c-octeon.c
David Daney [Mon, 8 Mar 2010 19:04:21 +0000 (11:04 -0800)]
I2C: Fix section mismatch errors in i2c-octeon.c

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-i2c@vger.kernel.org
To: ben-linux@fluff.org
To: khali@linux-fr.org
Cc: linux-mips@linux-mips.org
Cc: rade.bozic.ext@nsn.com
Patchwork: http://patchwork.linux-mips.org/patch/1037/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Loongson: Fix LOONGSON_ADDRWIN_CFG macro.
Arnaud Patard [Thu, 29 Apr 2010 09:58:51 +0000 (11:58 +0200)]
MIPS: Loongson: Fix LOONGSON_ADDRWIN_CFG macro.

There's a typo in the LOONGSON_ADDRWIN_CFG macro. The cpu window mmap
register address should contain the destination parameters not the
source one.  This has not been noticed because the code is only using
source = destination.

Signed-off-by: Arnaud Patard <apatard@mandriva.com>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1162/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Loongson: Fix phys_mem_access_prot() check
Arnaud Patard [Thu, 29 Apr 2010 09:58:49 +0000 (11:58 +0200)]
MIPS: Loongson: Fix phys_mem_access_prot() check

The check used to determine if uncached accelerated should be used or not
is wrong. The parenthesis are misplaced and making the test fail.

Signed-off-by: Arnaud Patard <apatard@mandriva.com>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1161/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Loongson: Fix find_vga_mem_init()
Richard LIU [Thu, 29 Apr 2010 09:58:47 +0000 (11:58 +0200)]
MIPS: Loongson: Fix find_vga_mem_init()

This allows to use all display device for instance DISPLAY_OTHER like SM501.

Signed-off-by: Arnaud Patard <apatard@mandriva.com>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1160/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Loongson: Fix typo in gdium mach type string.
Arnaud Patard [Thu, 29 Apr 2010 09:58:46 +0000 (11:58 +0200)]
MIPS: Loongson: Fix typo in gdium mach type string.

It's not "gidum" but "gdium".

Signed-off-by: Arnaud Patard <apatard@mandriva.com>
Cc: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1159/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Use CKSEG1ADDR for uncached handler
Sebastian Andrzej Siewior [Tue, 27 Apr 2010 20:53:30 +0000 (22:53 +0200)]
MIPS: Use CKSEG1ADDR for uncached handler

"MIPS: Calculate proper ebase value for 64-bit kernels"
9af43ea080dd5d6c7b34f38261780e5dd43537bc (lmo) rsp.
f6be75d03c8870be91e6e2a195648ece04b6bb16 (kernel.org) broke some 64-bit
MIPS systems.

Before this we were using XKPHYS/cached as ebase and computed the uncached
xphsys/unchached address for that area. After that commit ebase became a
32-bit compat address and convert does not work anymore.  We now should use
CKSEG1 for this. CKSEG1ADDR does just that in 32-bit and 64-bit.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: Ralf Baechle <ralf@linux-mips.org>
Patchwork: http://patchwork.linux-mips.org/patch/1149/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Check for accesses beyond the end of the PGD.
David Daney [Wed, 28 Apr 2010 19:16:18 +0000 (12:16 -0700)]
MIPS: Check for accesses beyond the end of the PGD.

For some combinations of PAGE_SIZE and vmbits, it is possible to have
userspace access that are beyond what is covered by the PGD, but within
vmbits.  Such an access would cause the TLB refill handler to load garbage
values for PMD and PTE potentially giving userspace access to parts of the
physical address space to which it is not entitled.

In the TLB refill hot path, we add a single dsrl instruction so we can
check if any bits outside of the range covered by the PGD are set.  In
the vmalloc side we then separate the bad case from the normal vmalloc
case and call tlb_do_page_fault_0 if warranted.  This slows us down a
bit, but has the benefit of yielding deterministic behavior.

[Ralf: Fixed build error for 32-bit kernels.]
[Ralf: Folded lmo commit c8c0e22b2aa3982852b44279638ef37f9aa31b7d into this
 commit.]

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1152/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
---

14 years agoMIPS: Use uasm_i_ds{r,l}l_safe() instead of uasm_i_ds{r,l}l() in tlbex.c
David Daney [Wed, 28 Apr 2010 19:16:17 +0000 (12:16 -0700)]
MIPS: Use uasm_i_ds{r,l}l_safe() instead of uasm_i_ds{r,l}l() in tlbex.c

This makes the code somewhat cleaner while reducing the risk of shift
amount overflows when various page table related options are changed.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1154/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Add uasm_i_dsrl_safe() and uasm_i_dsll_safe() to uasm.
David Daney [Wed, 28 Apr 2010 19:16:16 +0000 (12:16 -0700)]
MIPS: Add uasm_i_dsrl_safe() and uasm_i_dsll_safe() to uasm.

This allows us to clean up the code by not having to explicitly code
checks for shift amounts greater than 32.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1153/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>