1. 09 Dec, 2010 1 commit
    • Sarah Sharp's avatar
      xhci: Fix issue with port array setup and buggy hosts. · f8bbeabc
      Sarah Sharp authored
      Fix two bugs with the port array setup.
      
      The first bug will only show up with broken xHCI hosts with Extended
      Capabilities registers that have duplicate port speed entries for the same
      port.  The idea with the original code was to set the port_array entry to
      -1 if the duplicate port speed entry said the port was a different speed
      than the original port speed entry.  That would mean that later, the port
      would not be exposed to the USB core. Unfortunately, I forgot a continue
      statement, and the port_array entry would just be overwritten in the next
      line.
      
      The second bug would happen if there are conflicting port speed registers
      (so that some entry in port_array is -1), or one of the hardware port
      registers was not described in the port speed registers (so that some
      entry in port_array is 0).  The code that sets up the usb2_ports array
      would accidentally claim those ports.  That wouldn't really cause any
      user-visible issues, but it is a bug.
      
      This patch should go into the stable trees that have the port array and
      USB 3.0 port disabling prevention patches.
      Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
      Cc: stable@kernel.org
      f8bbeabc
  2. 07 Dec, 2010 3 commits
  3. 06 Dec, 2010 10 commits
  4. 04 Dec, 2010 8 commits
    • Guy Martin's avatar
      parisc: Fix GSC PS/2 driver name for keyboard and mouse · 7bfbeae9
      Guy Martin authored
      Fix kernel warnings caused by the driver name of GSC PS/2 containing '/'.
      
      The following warnings are observed on a K410 system :
      
      [   10.700000] name 'GSC PS/2 keyboard'
      [   10.732000] ------------[ cut here ]------------
      [   10.772000] WARNING: at fs/proc/generic.c:323
      [   10.828000] Modules linked in:
      [   10.916000]
      [   10.916000]      YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
      [   10.936000] PSW: 00000000000001000000000000001111 Not tainted
      [   10.992000] r00-03  0004000f 104fe3e0 10201ea0 00000000
      [   11.060000] r04-07  4fc405c8 00000006 4fc405c8 4fc40694
      [   11.124000] r08-11  4fc40708 10438aa0 00000001 1043bfc8
      [   11.184000] r12-15  104ff2a0 104ff2a0 4fc38634 104ff2a0
      [   11.248000] r16-19  f0001570 10479af0 f000006c 1044fe50
      [   11.308000] r20-23  00000000 00000028 104cd858 00000000
      [   11.372000] r24-27  ffffffff 0000000e 1044fe10 1043bbe0
      [   11.436000] r28-31  0000002b 00000078 4fc40800 0000000d
      [   11.496000] sr00-03  00000000 00000000 00000000 00000000
      [   11.560000] sr04-07  00000000 00000000 00000000 00000000
      [   11.624000]
      [   11.688000] IASQ: 00000000 00000000 IAOQ: 10201ea0 10201ea4
      [   11.704000]  IIR: 03ffe01f    ISR: 00000000  IOR: 0000000d
      [   11.772000]  CPU:        0   CR30: 4fc40000 CR31: f01043b0
      [   11.836000]  ORIG_R28: 4fc40940
      [   11.904000]  IAOQ[0]: __xlate_proc_name+0x90/0xd0
      [   11.940000]  IAOQ[1]: __xlate_proc_name+0x94/0xd0
      [   11.996000]  RP(r2): __xlate_proc_name+0x90/0xd0
      [   12.052000] Backtrace:
      [   12.108000]  [<10257790>] vsnprintf+0x290/0x4f4
      [   12.136000]
      [   12.188000] ---[ end trace 91bf6ece17e322dd ]---
      [   12.208000] serio: GSC PS/2 keyboard port at 0x0001c000 irq 19 @ 10:12:7
      [   12.264000] name 'GSC PS/2 mouse'
      [   12.344000] ------------[ cut here ]------------
      [   12.384000] WARNING: at fs/proc/generic.c:323
      [   12.436000] Modules linked in:
      [   12.524000]
      [   12.528000]      YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
      [   12.544000] PSW: 00000000000001000000000000001111 Tainted: G        W
      [   12.600000] r00-03  0004000f 104fe3e0 10201ea0 00000000
      [   12.680000] r04-07  4fc405c8 00000006 4fc405c8 4fc40694
      [   12.740000] r08-11  4fc40708 10438aa0 00000001 1043bfc8
      [   12.804000] r12-15  104ff2a0 104ff2a0 4fc38634 104ff2a0
      [   12.868000] r16-19  f0001570 10479af0 f000006c 1044fe50
      [   12.928000] r20-23  00000000 00000025 104cd858 00000000
      [   12.992000] r24-27  ffffffff 0000000e 1044fe10 1043bbe0
      [   13.056000] r28-31  00000028 00000078 4fc40800 0000000d
      [   13.116000] sr00-03  00000000 00000000 00000000 00000000
      [   13.180000] sr04-07  00000000 00000000 00000000 00000000
      [   13.244000]
      [   13.308000] IASQ: 00000000 00000000 IAOQ: 10201ea0 10201ea4
      [   13.324000]  IIR: 03ffe01f    ISR: 00000000  IOR: 0000000d
      [   13.392000]  CPU:        0   CR30: 4fc40000 CR31: f01043b0
      [   13.456000]  ORIG_R28: 4fc40940
      [   13.524000]  IAOQ[0]: __xlate_proc_name+0x90/0xd0
      [   13.560000]  IAOQ[1]: __xlate_proc_name+0x94/0xd0
      [   13.616000]  RP(r2): __xlate_proc_name+0x90/0xd0
      [   13.672000] Backtrace:
      [   13.728000]  [<10257790>] vsnprintf+0x290/0x4f4
      [   13.756000]
      [   13.808000] ---[ end trace 91bf6ece17e322de ]---
      [   13.828000] serio: GSC PS/2 mouse port at 0x00020100 irq 19 @ 10:12:8
      Signed-off-by: default avatarGuy Martin <gmsoft@tuxicoman.be>
      Acked-by: default avatarHelge Deller <deller@gmx.de>
      Signed-off-by: default avatarKyle McMartin <kyle@mcmartin.ca>
      7bfbeae9
    • Guy Martin's avatar
      parisc: KittyHawk LCD fix · 79a04296
      Guy Martin authored
      K class aka KittyHawk don't have LED support on their LCD. Installing
      HP-UX confirmed this. The current led_wq fills the LCD with black
      characters each time it runs.
      
      The patch prevents the led_wq workqueue and its proc entry to be
      created for KittyHawk machines.
      
      It also increase min_cmd_delay as currently, one character out of two
      is lost when a string is sent to the LCD.
      Signed-off-by: default avatarGuy Martin <gmsoft@tuxicoman.be>
      Signed-off-by: default avatarKyle McMartin <kyle@mcmartin.c>
      79a04296
    • James Bottomley's avatar
      parisc: convert the rest of the irq handlers to simple/percpu · 51890613
      James Bottomley authored
      The generic conversion eliminates the spurious no_ack and no_end
      routines, converts all the cascaded handlers to handle_simple_irq() and
      makes iosapic use a modified handle_percpu_irq() to become the same as
      the CPU irq's.  This isn't an essential change, but it eliminates the
      mask/unmask overhead of handle_level_irq().
      Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
      Tested-by: default avatarHelge Deller <deller@gmx.de>
      Signed-off-by: default avatarKyle McMartin <kyle@mcmartin.ca>
      51890613
    • James Bottomley's avatar
      parisc: fix dino/gsc interrupts · d16cd297
      James Bottomley authored
      The essential problem we're currently having is that dino (and gsc) is a
      cascaded CPU interrupt.  Under the old __do_IRQ() handler, our CPU
      interrupts basically did an ack followed by an end.  In the new scheme,
      we replaced them with level handlers which do a mask, an ack and then an
      unmask (but no end).  Instead, with the renaming of end to eoi, we
      actually want to call the percpu flow handlers, because they actually
      have all the characteristics we want.
      
      This patch does the conversion and gets my C360 booting again.
      Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
      Signed-off-by: default avatarKyle McMartin <kyle@mcmartin.ca>
      d16cd297
    • Rabin Vincent's avatar
      ARM: 6523/1: iop: ensure sched_clock() is notrace · a5542a0f
      Rabin Vincent authored
      Include sched.h to ensure sched_clock() has the notrace
      annotation, and mark any functions it calls as notrace
      too.
      Include sched.h to ensure sched_clock() has the notrace
      annotation, and mark any functions it calls as notrace
      too.
      Acked-by: default avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarRabin Vincent <rabin@rab.in>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      a5542a0f
    • Marcelo Roberto Jimenez's avatar
      ARM: 6456/1: Fix for building DEBUG with sa11xx_base.c as a module. · b9f515e3
      Marcelo Roberto Jimenez authored
      This patch fixes a compilation issue when compiling PCMCIA SA1100
      support as a module with PCMCIA_DEBUG enabled. The symbol
      soc_pcmcia_debug was not beeing exported.
      ARM: pcmcia: Fix for building DEBUG with sa11xx_base.c as a module.
      
      This patch fixes a compilation issue when compiling PCMCIA SA1100
      support as a module with PCMCIA_DEBUG enabled. The symbol
      soc_pcmcia_debug was not beeing exported.
      
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarMarcelo Roberto Jimenez <mroberto@cpti.cetuc.puc-rio.br>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      b9f515e3
    • Dave Martin's avatar
      ARM: 6519/1: kuser: Fix incorrect cmpxchg syscall in kuser helpers · 55afd264
      Dave Martin authored
      The existing code invokes the syscall with rubbish in r7,
      due to what looks like an incorrect literal load idiom.
      Reviewed-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarDave Martin <dave.martin@linaro.org>
      Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      55afd264
    • Tero Roponen's avatar
      slub: Fix a crash during slabinfo -v · 37d57443
      Tero Roponen authored
      Commit f7cb1933 ("SLUB: Pass active
      and inactive redzone flags instead of boolean to debug functions")
      missed two instances of check_object(). This caused a lot of warnings
      during 'slabinfo -v' finally leading to a crash:
      
        BUG ext4_xattr: Freepointer corrupt
        ...
        BUG buffer_head: Freepointer corrupt
        ...
        BUG ext4_alloc_context: Freepointer corrupt
        ...
        ...
        BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
        IP: [<ffffffff810a291f>] file_sb_list_del+0x1c/0x35
        PGD 79d78067 PUD 79e67067 PMD 0
        Oops: 0002 [#1] SMP
        last sysfs file: /sys/kernel/slab/:t-0000192/validate
      
      This patch fixes the problem by converting the two missed instances.
      Acked-by: default avatarChristoph Lameter <cl@linux.com>
      Signed-off-by: default avatarTero Roponen <tero.roponen@gmail.com>
      Signed-off-by: default avatarPekka Enberg <penberg@kernel.org>
      37d57443
  5. 03 Dec, 2010 13 commits
  6. 02 Dec, 2010 5 commits
    • Jeremy Fitzhardinge's avatar
      xen: prevent crashes with non-HIGHMEM 32-bit kernels with largeish memory · 2a4c92fa
      Jeremy Fitzhardinge authored
      If this is a non-HIGHMEM 32-bit kernel, then the page structures only go
      up to the limit of addressable memory, even if more memory is physically
      present.  Don't try to add that extra memory to the balloon.
      Signed-off-by: default avatarJeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
      2a4c92fa
    • Nelson Elhage's avatar
      do_exit(): make sure that we run with get_fs() == USER_DS · 33dd94ae
      Nelson Elhage authored
      If a user manages to trigger an oops with fs set to KERNEL_DS, fs is not
      otherwise reset before do_exit().  do_exit may later (via mm_release in
      fork.c) do a put_user to a user-controlled address, potentially allowing
      a user to leverage an oops into a controlled write into kernel memory.
      
      This is only triggerable in the presence of another bug, but this
      potentially turns a lot of DoS bugs into privilege escalations, so it's
      worth fixing.  I have proof-of-concept code which uses this bug along
      with CVE-2010-3849 to write a zero to an arbitrary kernel address, so
      I've tested that this is not theoretical.
      
      A more logical place to put this fix might be when we know an oops has
      occurred, before we call do_exit(), but that would involve changing
      every architecture, in multiple places.
      
      Let's just stick it in do_exit instead.
      
      [akpm@linux-foundation.org: update code comment]
      Signed-off-by: default avatarNelson Elhage <nelhage@ksplice.com>
      Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      33dd94ae
    • KOSAKI Motohiro's avatar
      ksm: annotate ksm_thread_mutex is no deadlock source · a0b0f58c
      KOSAKI Motohiro authored
      commit 62b61f61 ("ksm: memory hotremove migration only") caused the
      following new lockdep warning.
      
        =======================================================
        [ INFO: possible circular locking dependency detected ]
        -------------------------------------------------------
        bash/1621 is trying to acquire lock:
         ((memory_chain).rwsem){.+.+.+}, at: [<ffffffff81079339>]
        __blocking_notifier_call_chain+0x69/0xc0
      
        but task is already holding lock:
         (ksm_thread_mutex){+.+.+.}, at: [<ffffffff8113a3aa>]
        ksm_memory_callback+0x3a/0xc0
      
        which lock already depends on the new lock.
      
        the existing dependency chain (in reverse order) is:
      
        -> #1 (ksm_thread_mutex){+.+.+.}:
             [<ffffffff8108b70a>] lock_acquire+0xaa/0x140
             [<ffffffff81505d74>] __mutex_lock_common+0x44/0x3f0
             [<ffffffff81506228>] mutex_lock_nested+0x48/0x60
             [<ffffffff8113a3aa>] ksm_memory_callback+0x3a/0xc0
             [<ffffffff8150c21c>] notifier_call_chain+0x8c/0xe0
             [<ffffffff8107934e>] __blocking_notifier_call_chain+0x7e/0xc0
             [<ffffffff810793a6>] blocking_notifier_call_chain+0x16/0x20
             [<ffffffff813afbfb>] memory_notify+0x1b/0x20
             [<ffffffff81141b7c>] remove_memory+0x1cc/0x5f0
             [<ffffffff813af53d>] memory_block_change_state+0xfd/0x1a0
             [<ffffffff813afd62>] store_mem_state+0xe2/0xf0
             [<ffffffff813a0bb0>] sysdev_store+0x20/0x30
             [<ffffffff811bc116>] sysfs_write_file+0xe6/0x170
             [<ffffffff8114f398>] vfs_write+0xc8/0x190
             [<ffffffff8114fc14>] sys_write+0x54/0x90
             [<ffffffff810028b2>] system_call_fastpath+0x16/0x1b
      
        -> #0 ((memory_chain).rwsem){.+.+.+}:
             [<ffffffff8108b5ba>] __lock_acquire+0x155a/0x1600
             [<ffffffff8108b70a>] lock_acquire+0xaa/0x140
             [<ffffffff81506601>] down_read+0x51/0xa0
             [<ffffffff81079339>] __blocking_notifier_call_chain+0x69/0xc0
             [<ffffffff810793a6>] blocking_notifier_call_chain+0x16/0x20
             [<ffffffff813afbfb>] memory_notify+0x1b/0x20
             [<ffffffff81141f1e>] remove_memory+0x56e/0x5f0
             [<ffffffff813af53d>] memory_block_change_state+0xfd/0x1a0
             [<ffffffff813afd62>] store_mem_state+0xe2/0xf0
             [<ffffffff813a0bb0>] sysdev_store+0x20/0x30
             [<ffffffff811bc116>] sysfs_write_file+0xe6/0x170
             [<ffffffff8114f398>] vfs_write+0xc8/0x190
             [<ffffffff8114fc14>] sys_write+0x54/0x90
             [<ffffffff810028b2>] system_call_fastpath+0x16/0x1b
      
      But it's a false positive.  Both memory_chain.rwsem and ksm_thread_mutex
      have an outer lock (mem_hotplug_mutex).  So they cannot deadlock.
      
      Thus, This patch annotate ksm_thread_mutex is not deadlock source.
      
      [akpm@linux-foundation.org: update comment, from Hugh]
      Signed-off-by: default avatarKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a0b0f58c
    • KOSAKI Motohiro's avatar
      mem-hotplug: introduce {un}lock_memory_hotplug() · 20d6c96b
      KOSAKI Motohiro authored
      Presently hwpoison is using lock_system_sleep() to prevent a race with
      memory hotplug.  However lock_system_sleep() is a no-op if
      CONFIG_HIBERNATION=n.  Therefore we need a new lock.
      Signed-off-by: default avatarKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Suggested-by: default avatarHugh Dickins <hughd@google.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      20d6c96b
    • Andrew Morton's avatar
      Documentation/filesystems/vfs.txt: fix ->repeasepage() description · 4fe65cab
      Andrew Morton authored
      ->releasepage() does not remove the page from the mapping.
      Acked-by: default avatarNeil Brown <neilb@suse.de>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4fe65cab