commit b0b3e41f6fe88a15bd27f73f6fabef48e0fea2f0
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date: Mon Aug 29 14:31:54 2011 -0700
Linux 2.6.32.46
commit 12361acf4d2ca536624e2b7237ce371b29704b30
Author: Carolyn Wyborny <carolyn.wyborny@intel.com>
Date: Sat Jun 25 13:18:12 2011 +0000
igb: Fix lack of flush after register write and before delay
commit 064b43304ed8ede8e13ff7b4338d09fd37bcffb1 upstream.
Register writes followed by a delay are required to have a flush
before the delay in order to commit the values to the register. Without
the flush, the code following the delay may not function correctly.
Reported-by: Tong Ho <tong.ho@ericsson.com>
Reported-by: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 7b1ef6c0a199bd93899f167f459627dd9421913a
Author: Miklos Szeredi <mszeredi@suse.cz>
Date: Wed Aug 24 10:20:17 2011 +0200
fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
commit c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae upstream.
FUSE_NOTIFY_INVAL_ENTRY didn't check the length of the write so the
message processing could overrun and result in a "kernel BUG at
fs/fuse/dev.c:629!"
Reported-by: Han-Wen Nienhuys <hanwenn@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 035fac5844e2cbc3bb485b6d274b4266c27aeeb2
Author: Marcin Slusarz <marcin.slusarz@gmail.com>
Date: Mon Aug 22 21:17:57 2011 +0000
drm/ttm: fix ttm_bo_add_ttm(user) failure path
commit 7c4c3960dff109bc5db4c35da481c212dadb5eb5 upstream.
ttm_tt_destroy kfrees passed object, so we need to nullify
a reference to it.
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 4d3b4b41f4e2dbd884ea275a40d784a4fdd780fc
Author: Jack Steiner <steiner@sgi.com>
Date: Fri Aug 5 09:09:00 2011 -0500
x86, UV: Remove UV delay in starting slave cpus
commit 05e33fc20ea5e493a2a1e7f1d04f43cdf89f83ed upstream.
Delete the 10 msec delay between the INIT and SIPI when starting
slave cpus. I can find no requirement for this delay. BIOS also
has similar code sequences without the delay.
Removing the delay reduces boot time by 40 sec. Every bit helps.
Signed-off-by: Jack Steiner <steiner@sgi.com>
Link: http://lkml.kernel.org/r/20110805140900.GA6774@sgi.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 2bbc3e27c16c993c5f4a1949879c288edec896bc
Author: H. Peter Anvin <hpa@linux.intel.com>
Date: Mon Aug 22 13:27:06 2011 -0700
x86-32, vdso: On system call restart after SYSENTER, use int $0x80
commit 7ca0758cdb7c241cb4e0490a8d95f0eb5b861daf upstream.
When we enter a 32-bit system call via SYSENTER or SYSCALL, we shuffle
the arguments to match the int $0x80 calling convention. This was
probably a design mistake, but it's what it is now. This causes
errors if the system call as to be restarted.
For SYSENTER, we have to invoke the instruction from the vdso as the
return address is hardcoded. Accordingly, we can simply replace the
jump in the vdso with an int $0x80 instruction and use the slower
entry point for a post-restart.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Link: http://lkml.kernel.org/r/CA%2B55aFztZ=r5wa0x26KJQxvZOaQq8s2v3u50wCyJcA-Sc4g8gQ@mail.gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit d64ec7bb4e2e4915e698e2b0dee3bc115f9ff273
Author: Shawn Bohrer <sbohrer@rgmadvisors.com>
Date: Thu Jun 30 11:21:32 2011 -0500
futex: Fix regression with read only mappings
commit 9ea71503a8ed9184d2d0b8ccc4d269d05f7940ae upstream.
commit 7485d0d3758e8e6491a5c9468114e74dc050785d (futexes: Remove rw
parameter from get_futex_key()) in 2.6.33 fixed two problems: First, It
prevented a loop when encountering a ZERO_PAGE. Second, it fixed RW
MAP_PRIVATE futex operations by forcing the COW to occur by
unconditionally performing a write access get_user_pages_fast() to get
the page. The commit also introduced a user-mode regression in that it
broke futex operations on read-only memory maps. For example, this
breaks workloads that have one or more reader processes doing a
FUTEX_WAIT on a futex within a read only shared file mapping, and a
writer processes that has a writable mapping issuing the FUTEX_WAKE.
This fixes the regression for valid futex operations on RO mappings by
trying a RO get_user_pages_fast() when the RW get_user_pages_fast()
fails. This change makes it necessary to also check for invalid use
cases, such as anonymous RO mappings (which can never change) and the
ZERO_PAGE which the commit referenced above was written to address.
This patch does restore the original behavior with RO MAP_PRIVATE
mappings, which have inherent user-mode usage problems and don't really
make sense. With this patch performing a FUTEX_WAIT within a RO
MAP_PRIVATE mapping will be successfully woken provided another process
updates the region of the underlying mapped file. However, the mmap()
man page states that for a MAP_PRIVATE mapping:
It is unspecified whether changes made to the file after
the mmap() call are visible in the mapped region.
So user-mode users attempting to use futex operations on RO MAP_PRIVATE
mappings are depending on unspecified behavior. Additionally a
RO MAP_PRIVATE mapping could fail to wake up in the following case.
Thread-A: call futex(FUTEX_WAIT, memory-region-A).
get_futex_key() return inode based key.
sleep on the key
Thread-B: call mprotect(PROT_READ|PROT_WRITE, memory-region-A)
Thread-B: write memory-region-A.
COW happen. This process's memory-region-A become related
to new COWed private (ie PageAnon=1) page.
Thread-B: call futex(FUETX_WAKE, memory-region-A).
get_futex_key() return mm based key.
IOW, we fail to wake up Thread-A.
Once again doing something like this is just silly and users who do
something like this get what they deserve.
While RO MAP_PRIVATE mappings are nonsensical, checking for a private
mapping requires walking the vmas and was deemed too costly to avoid a
userspace hang.
This Patch is based on Peter Zijlstra's initial patch with modifications to
only allow RO mappings for futex operations that need VERIFY_READ access.
Reported-by: David Oliver <david@rgmadvisors.com>
Signed-off-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: peterz@infradead.org
Cc: eric.dumazet@gmail.com
Cc: zvonler@rgmadvisors.com
Cc: hughd@google.com
Link: http://lkml.kernel.org/r/1309450892-30676-1-git-send-email-sbohrer@rgmadvisors.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 3d854ed83c020d229df63d9247523ac3610694e5
Author: Daniel T Chen <crimsun@ubuntu.com>
Date: Sun Aug 14 22:43:01 2011 -0400
ALSA: ac97: Add HP Compaq dc5100 SFF(PT003AW) to Headphone Jack Sense whitelist
commit eade7b281c9fc18401b989c77d5e5e660b25a3b7 upstream.
BugLink: https://bugs.launchpad.net/bugs/826081
The original reporter needs 'Headphone Jack Sense' enabled to have
audible audio, so add his PCI SSID to the whitelist.
Reported-and-tested-by: Muhammad Khurram Khan
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 9089b3bdfdc2f07dc3adcc6feb4236db4a6ab289
Author: Daniel Mack <zonque@gmail.com>
Date: Sun Aug 14 11:31:16 2011 +0200
ALSA: snd_usb_caiaq: track submitted output urbs
commit da6094ea7d3c2295473d8f5134279307255d6ebf upstream.
The snd_usb_caiaq driver currently assumes that output urbs are serviced
in time and doesn't track when and whether they are given back by the
USB core. That usually works fine, but due to temporary limitations of
the XHCI stack, we faced that urbs were submitted more than once with
this approach.
As it's no good practice to fire and forget urbs anyway, this patch
introduces a proper bit mask to track which requests have been submitted
and given back.
That alone however doesn't make the driver work in case the host
controller is broken and doesn't give back urbs at all, and the output
stream will stop once all pre-allocated output urbs are consumed. But
it does prevent crashes of the controller stack in such cases.
See http://bugzilla.kernel.org/show_bug.cgi?id=40702 for more details.
Signed-off-by: Daniel Mack <zonque@gmail.com>
Reported-and-tested-by: Matej Laitl <matej@laitl.cz>
Cc: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 0af48fa3a0be99117e19b952c6878ce5409112e4
Author: Timo Warns <Warns@pre-sense.de>
Date: Wed Aug 17 17:59:56 2011 +0200
befs: Validate length of long symbolic links.
commit 338d0f0a6fbc82407864606f5b64b75aeb3c70f2 upstream.
Signed-off-by: Timo Warns <warns@pre-sense.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 098c4cab3a9eaf734d7d99feb55a521be90da37d
Author: Timo Warns <Warns@pre-sense.de>
Date: Thu May 26 16:25:57 2011 -0700
fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops
commit 3eb8e74ec72736b9b9d728bad30484ec89c91dde upstream.
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating GUID partitions (in fs/partitions/efi.c) contains
a bug that causes a kernel oops on certain corrupted GUID partition
tables.
This bug has security impacts, because it allows, for example, to
prepare a storage device that crashes a kernel subsystem upon connecting
the device (e.g., a "USB Stick of (Partial) Death").
crc = efi_crc32((const unsigned char *) (*gpt), le32_to_cpu((*gpt)->header_size));
computes a CRC32 checksum over gpt covering (*gpt)->header_size bytes.
There is no validation of (*gpt)->header_size before the efi_crc32 call.
A corrupted partition table may have large values for (*gpt)->header_size.
In this case, the CRC32 computation access memory beyond the memory
allocated for gpt, which may cause a kernel heap overflow.
Validate value of GUID partition table header size.
[akpm@linux-foundation.org: fix layout and indenting]
Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: Matt Domsch <Matt_Domsch@dell.com>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Cc: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[dannf: backported to Debian's 2.6.32]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit b871297c35fbf85aeaa1f2776bd37c666089da26
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Fri Aug 5 18:58:38 2011 +0200
perf tools: do not look at ./config for configuration
commit aba8d056078e47350d85b06a9cabd5afcc4b72ea upstream.
In addition to /etc/perfconfig and $HOME/.perfconfig, perf looks for
configuration in the file ./config, imitating git which looks at
$GIT_DIR/config. If ./config is not a perf configuration file, it
fails, or worse, treats it as a configuration file and changes behavior
in some unexpected way.
"config" is not an unusual name for a file to be lying around and perf
does not have a private directory dedicated for its own use, so let's
just stop looking for configuration in the cwd. Callers needing
context-sensitive configuration can use the PERF_CONFIG environment
variable.
Requested-by: Christian Ohm <chr.ohm@gmx.net>
Cc: 632923@bugs.debian.org
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Christian Ohm <chr.ohm@gmx.net>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/20110805165838.GA7237@elie.gateway.2wire.net
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 14b9d5c8e798cd4b101ed17ba84dff20a6609849
Author: Clemens Ladisch <clemens@ladisch.de>
Date: Tue Jun 21 22:09:50 2011 +0200
mm: fix wrong vmap address calculations with odd NR_CPUS values
commit f982f91516fa4cfd9d20518833cd04ad714585be upstream.
Commit db64fe02258f ("mm: rewrite vmap layer") introduced code that does
address calculations under the assumption that VMAP_BLOCK_SIZE is a
power of two. However, this might not be true if CONFIG_NR_CPUS is not
set to a power of two.
Wrong vmap_block index/offset values could lead to memory corruption.
However, this has never been observed in practice (or never been
diagnosed correctly); what caught this was the BUG_ON in vb_alloc() that
checks for inconsistent vmap_block indices.
To fix this, ensure that VMAP_BLOCK_SIZE always is a power of two.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=31572
Reported-by: Pavel Kysilka <goldenfish@linuxsoft.cz>
Reported-by: Matias A. Fonzo <selk@dragora.org>
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 6d05cd302c104ace56a7314deec12f181a92c434
Author: Daniel Mack <zonque@gmail.com>
Date: Fri Aug 5 13:49:52 2011 +0200
ALSA: snd-usb-caiaq: Correct offset fields of outbound iso_frame_desc
commit 15439bde3af7ff88459ea2b5520b77312e958df2 upstream.
This fixes faulty outbount packets in case the inbound packets
received from the hardware are fragmented and contain bogus input
iso frames. The bug has been there for ages, but for some strange
reasons, it was only triggered by newer machines in 64bit mode.
Signed-off-by: Daniel Mack <zonque@gmail.com>
Reported-and-tested-by: William Light <wrl@illest.net>
Reported-by: Pedro Ribeiro <pedrib@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 3ca969416e0fda795c58508d3fa918572326783d
Author: Julia Lawall <julia@diku.dk>
Date: Tue Aug 9 11:10:56 2011 -0400
hwmon: (ibmaem) add missing kfree
commit 66a89b2164e2d30661edbd1953eacf0594d8203a upstream.
rs_resp is dynamically allocated in aem_read_sensor(), so it should be freed
before exiting in every case. This collects the kfree and the return at
the end of the function.
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit ae2690d07d6f898892ea2427d4757fe21c64435d
Author: Chas Williams <chas@cmf.nrl.navy.mil>
Date: Mon Aug 1 17:56:14 2011 -0700
atm: br2864: sent packets truncated in VC routed mode
commit a08af810cdc29d2ca930e8a869d3d01744c392d8 upstream.
Reported-by: Pascal Hambourg <pascal@plouf.fr.eu.org>
Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 4bb900a7e9540ea5413cb7ee1eec87442a2a802f
Author: Vijay Chavan <vijaychavan007@gmail.com>
Date: Tue Aug 9 02:41:12 2011 +0530
USB: Serial: Added device ID for Qualcomm Modem in Sagemcom's HiLo3G
commit e468561739fffb972d486b98f66c723936335136 upstream.
A new device ID pair is added for Qualcomm Modem present in Sagemcom's HiLo3G module.
Signed-off-by: Vijay Chavan <VijayChavan007@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit d1a6653bef92c315d798422959d02fde90e77296
Author: Nick Bowler <nbowler@elliptictech.com>
Date: Wed Jul 13 11:40:09 2011 -0400
USB: usb-storage: unusual_devs entry for ARM V2M motherboard.
commit a871e4f5519d8c52430052e1d340dd5710eb5ad6 upstream.
Connecting the V2M to a Linux host results in a constant stream of
errors spammed to the console, all of the form
sd 1:0:0:0: ioctl_internal_command return code = 8070000
: Sense Key : 0x4 [current]
: ASC=0x0 ASCQ=0x0
The errors appear to be otherwise harmless. Add an unusual_devs entry
which eliminates all of the error messages.
Signed-off-by: Nick Bowler <nbowler@elliptictech.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 36a357ee13a526d890f9e0f639ec4b8e6f800142
Author: Maxim Nikulin <m.a.nikulin@gmail.com>
Date: Sat Jul 9 23:44:44 2011 +0700
USB: assign instead of equal in usbtmc.c
commit 4f1a7a3e78037721496283ea3e87cfefc64d99c7 upstream.
Assign operator instead of equality test in the usbtmc_ioctl_abort_bulk_in() function.
Signed-off-by: Maxim A. Nikulin <M.A.Nikulin@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit b6708a1c905318749d1d51037c000fcf883b41b1
Author: JiSheng Zhang <jszhang3@gmail.com>
Date: Sat Jul 16 11:04:19 2011 +0800
USB: xhci: fix OS want to own HC
commit 6768458b17f9bf48a4c3a34e49b20344091b5f7e upstream.
Software should set XHCI_HC_OS_OWNED bit to request ownership of xHC.
This patch should be backported to kernels as far back as 2.6.31.
Signed-off-by: JiSheng Zhang <jszhang3@gmail.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>