Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 2, 2009
  1. @gregkh


    gregkh authored
  2. @jirislaby @gregkh

    relay: fix lock imbalance in relay_late_setup_files

    jirislaby authored gregkh committed
    commit b786c6a upstream.
    One fail path in relay_late_setup_files() omits
    Add it.
    Signed-off-by: Jiri Slaby <>
    Signed-off-by: Ingo Molnar <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @jirislaby @gregkh

    NET: net_namespace, fix lock imbalance

    jirislaby authored gregkh committed
    commit 357f5b0 upstream.
    register_pernet_gen_subsys omits mutex_unlock in one fail path.
    Fix it.
    Signed-off-by: Jiri Slaby <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @yuri-tikhonov @gregkh

    dmaengine: fix dependency chaining

    yuri-tikhonov authored gregkh committed
    commit dd59b85 upstream
     ASYNC_TX: fix dependency chaining
     In ASYNC_TX we track the dependencies between the descriptors
    using the 'next' pointers of the structures. These pointers are
    set to NULL as soon as the corresponding descriptor has been
    submitted to the channel (in async_tx_run_dependencies()).
     But, the first 'next' in chain still remains set, regardless
    the fact, that tx->next is already submitted. This may lead to
    multiple submisions of the same descriptor. This patch fixes this.
    Signed-off-by: Yuri Tikhonov <>
    Signed-off-by: Dan Williams <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @jirislaby @gregkh

    PCI hotplug: fix lock imbalance in pciehp

    jirislaby authored gregkh committed
    commit c2fdd36 upstream.
    set_lock_status omits mutex_unlock in fail path. Add the omitted
    As a result a lockup caused by this can be triggered from userspace
    by writing 1 to /sys/bus/pci/slots/.../lock often enough.
    Signed-off-by: Jiri Slaby <>
    Reviewed-by: Kenji Kaneshige <>
    Signed-off-by: Jesse Barnes <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @gregkh

    x86, pat: fix PTE corruption issue while mapping RAM using /dev/mem

    Suresh Siddha authored gregkh committed
    commit 9597134 upstream.
    Beschorner Daniel reported:
    > hwinfo problem since 2.6.28, showing this in the oops:
    >   Corrupted page table at address 7fd04de3ec00
    Also, PaX Team reported a regression with this commit:
    >   commit 9542ada
    >   Author: Suresh Siddha <>
    >   Date:   Wed Sep 24 08:53:33 2008 -0700
    >       x86: track memtype for RAM in page struct
    This commit breaks mapping any RAM page through /dev/mem, as the
    reserve_memtype() was not initializing the return attribute type and as such
    corrupting the PTE entry that was setup with the return attribute type.
    Because of this bug, application mapping this RAM page through /dev/mem
    will die with "Corrupted page table at address xxxx" message in the kernel
    log and also the kernel identity mapping which maps the underlying RAM
    page gets converted to UC.
    Fix this by initializing the return attribute type before calling
    Reported-by: PaX Team <>
    Reported-and-tested-by: Beschorner Daniel <>
    Tested-and-Acked-by: PaX Team <>
    Signed-off-by: Suresh Siddha <>
    Signed-off-by: Venkatesh Pallipadi <>
    Signed-off-by: Ingo Molnar <>
    Signed-off-by: Greg Kroah-Hartman <>
  7. @gregkh

    x86, pat: fix reserve_memtype() for legacy 1MB range

    Suresh Siddha authored gregkh committed
    commit 5cca0cf upstream
    Thierry Vignaud reported:
    > On P4 with an SiS motherboard (video card is a SiS 651)
    > X server fails to start with error:
    > xf86MapVidMem: Could not mmap framebuffer (0x00000000,0x2000) (Invalid
    > argument)
    Here X is trying to map first 8KB of memory using /dev/mem. Existing
    code treats first 0-4KB of memory as non-RAM and 4KB-8KB as RAM. Recent
    code changes don't allow to map memory with different attributes
    at the same time.
    Fix this by treating the first 1MB legacy region as special and always
    track the attribute requests with in this region using linear linked
    list (and don't bother if the range is RAM or non-RAM or mixed)
    Reported-and-tested-by: Thierry Vignaud <>
    Signed-off-by: Suresh Siddha <>
    Signed-off-by: Venkatesh Pallipadi <>
    Signed-off-by: Ingo Molnar <>
    Signed-off-by: Greg Kroah-Hartman <>
  8. @jarodwilson @gregkh

    crypto: ccm - Fix handling of null assoc data

    jarodwilson authored gregkh committed
    commit 516280e upstream.
    Its a valid use case to have null associated data in a ccm vector, but
    this case isn't being handled properly right now.
    The following ccm decryption/verification test vector, using the
    rfc4309 implementation regularly triggers a panic, as will any
    other vector with null assoc data:
    * key: ab2f8a74b71cd2b1ff802e487d82f8b9
    * iv: c6fb7d800d13abd8a6b2d8
    * Associated Data: [NULL]
    * Tag Length: 8
    * input: d5e8939fc7892e2b
    The resulting panic looks like so:
    Unable to handle kernel paging request at ffff810064ddaec0 RIP:
     [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
    PGD 8063 PUD 0
    Oops: 0002 [1] SMP
    last sysfs file: /module/libata/version
    CPU 0
    Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a
    lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_
    tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg
    snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p
    c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h
    cd ohci_hcd ehci_hcd
    Pid: 12844, comm: crypto-tester Tainted: G      2.6.18-128.el5.fips1 #1
    RIP: 0010:[<ffffffff8864c4d7>]  [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6
    RSP: 0018:ffff8100134434e8  EFLAGS: 00010246
    RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10
    RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0
    RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000
    R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858
    R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000
    FS:  00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0
    Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860)
    Stack:  ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000
     0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858
     0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634
    Call Trace:
     [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140
     [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a
     [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559
    The above is from a RHEL5-based kernel, but upstream is susceptible too.
    The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains
    whatever was in memory when pctx was allocated if assoclen is 0. The tested
    fix is to simply add an else clause setting pctx->ilen to 0 for the
    assoclen == 0 case, so that get_data_to_compute() doesn't try doing
    things its not supposed to.
    Signed-off-by: Jarod Wilson <>
    Acked-by: Neil Horman <>
    Signed-off-by: Herbert Xu <>
    Signed-off-by: Greg Kroah-Hartman <>
  9. @herbertx @gregkh

    crypto: authenc - Fix zero-length IV crash

    herbertx authored gregkh committed
    commit 29b37f4 upstream.
    As it is if an algorithm with a zero-length IV is used (e.g.,
    NULL encryption) with authenc, authenc may generate an SG entry
    of length zero, which will trigger a BUG check in the hash layer.
    This patch fixes it by skipping the IV SG generation if the IV
    size is zero.
    Signed-off-by: Herbert Xu <>
    Signed-off-by: Greg Kroah-Hartman <>
  10. @gregkh

    ALSA: hda - Add quirk for HP DV6700 laptop

    Joerg Schirottke authored gregkh committed
    commit aa9d823 upstream.
    Added the matching model=laptop for HP DV6700 laptop.
    Signed-off-by: Joerg Schirottke <>
    Signed-off-by: Takashi Iwai <>
    Signed-off-by: Greg Kroah-Hartman <>
  11. @gregkh

    ALSA: hda - add another MacBook Pro 4, 1 subsystem ID

    Luke Yelavich authored gregkh committed
    commit 2a88464 upstream.
    Add another MacBook Pro 4,1 SSID (106b:3800). It seems that latter revisions,
    (at least mine), have different IDs to earlier revisions.
    Signed-off-by: Luke Yelavich <>
    Signed-off-by: Takashi Iwai <>
    Signed-off-by: Greg Kroah-Hartman <>
  12. @tiwai @gregkh

    ALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs

    tiwai authored gregkh committed
    commit 00a602d upstream.
    The reference NID for the analog outputs of STAC/IDT codecs is set
    to a fixed number 0x02.  But this isn't always correct and in many
    codecs it points to a non-existing NID.
    This patch fixes the initialization of the PCM reference NID taken
    from the actually probed DAC list.
    Signed-off-by: Takashi Iwai <>
    Signed-off-by: Greg Kroah-Hartman <>
  13. @bharrosh @gregkh

    include/linux: Add bsg.h to the Kernel exported headers

    bharrosh authored gregkh committed
    commit a229fc6 upstream.
    bsg.h in current form is perfectly suitable for user-mode
    consumption. It is needed together with scsi/sg.h for applications
    that want to interface with the bsg driver.
    Currently the few projects that use it would copy it over into
    the projects. But that is not acceptable for projects that need
    to provide source and devel packages for distros.
    This should also be submitted to stable 2.6.28 and 2.6.27 since bsg had
    a stable API since these Kernels and distro users will need the header
    for these kernels a swell
    Signed-off-by: Boaz Harrosh <>
    Acked-by: FUJITA Tomonori <>
    Signed-off-by: Jens Axboe <>
    Signed-off-by: Greg Kroah-Hartman <>
  14. @gregkh

    sgi-xpc: ensure flags are updated before bte_copy

    Robin Holt authored gregkh committed
    commit 69b3bb6 upstream.
    The clearing of the msg->flags needs a barrier between it and the notify
    of the channel threads that the messages are cleaned and ready for use.
    Signed-off-by: Robin Holt <>
    Signed-off-by: Dean Nelson <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  15. @gregkh

    sgi-xpc: Remove NULL pointer dereference.

    Robin Holt authored gregkh committed
    commit 17e2161 upstream.
    If the bte copy fails, the attempt to retrieve payloads merely returns a
    null pointer deref and not NULL as was expected.
    Signed-off-by: Robin Holt <>
    Signed-off-by: Dean Nelson <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  16. @gregkh

    gpiolib: fix request related issue

    Magnus Damm authored gregkh committed
    commit 7460db5 upstream.
    Fix request-already-requested handling in gpio_request().
    Signed-off-by: Magnus Damm <>
    Acked-by: David Brownell <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  17. @davidel @gregkh

    epoll: drop max_user_instances and rely only on max_user_watches

    davidel authored gregkh committed
    commit 9df04e1 upstream.
    Linus suggested to put limits where the money is, and max_user_watches
    already does that w/out the need of max_user_instances.  That has the
    advantage to mitigate the potential DoS while allowing pretty generous
    default behavior.
    Allowing top 4% of low memory (per user) to be allocated in epoll watches,
    we have:
    LOMEM    MAX_WATCHES (per user)
    512MB    ~178000
    1GB      ~356000
    2GB      ~712000
    A box with 512MB of lomem, will meet some challenge in hitting 180K
    watches, socket buffers math teaches us.  No more max_user_instances
    limits then.
    Signed-off-by: Davide Libenzi <>
    Cc: Willy Tarreau <>
    Cc: Michael Kerrisk <>
    Cc: Bron Gondwana <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  18. @lwfinger @gregkh

    rtl8187: Fix error in setting OFDM power settings for RTL8187L

    lwfinger authored gregkh committed
    commit eb83bbf upstream.
    After reports of poor performance, a review of the latest vendor driver
    (rtl8187_linux_26.1025.0328.2007) for RTL8187L devices was undertaken.
    A difference was found in the code used to index the OFDM power tables. When
    the Linux driver was changed, my unit works at a much greater range than
    before. I think this fixes Bugzilla #12380 and has been tested by at least
    two other users.
    Signed-off-by: Larry Finger <>
    Tested-by: Martín Ernesto Barreyro <>
    Signed-off-by: John W. Linville <>
    Signed-off-by: Greg Kroah-Hartman <>
  19. @tytso @gregkh

    ext3: Add sanity check to make_indexed_dir

    tytso authored gregkh committed
    commit a21102b upstream.
    Make sure the rec_len field in the '..' entry is sane, lest we overrun
    the directory block and cause a kernel oops on a purposefully
    corrupted filesystem.
    This fixes a bug related to a bug originally reported by Sami Liedes
    for ext4 at:
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: Greg Kroah-Hartman <>
  20. @gregkh

    bnx2x: Block nvram access when the device is inactive

    Eilon Greenstein authored gregkh committed
    commit 2add3ac upstream.
    Don't dump eeprom when bnx2x adapter is down.  Running ethtool -e causes an eeh
    without it when the device is down
    Signed-off-by: Paul Larson <>
    Signed-off-by: Eilon Greenstein <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  21. @gregkh

    Fix OOPS in mmap_region() when merging adjacent VM_LOCKED file segments

    Andrew Morton authored gregkh committed
    This patch differs from the upstream commit
    de33c8d written by Linus, as it aims to
    only prevent the oops from happening, not attempt to change anything
    The problem was introduced by commit
    which added new references to *vma after we've potentially freed it.
    From: Andrew Morton <>
    Reported-by: Maksim Yevmenkin <>
    Tested-by: Maksim Yevmenkin <>
    Cc: Lee Schermerhorn <>
    Cc: Nick Piggin <>
    Cc: Andrew Morton <>
    Cc: Rik van Riel <>
    Cc: Hugh Dickins <>
    Cc: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  22. @anholt @gregkh

    drm: stash AGP include under the do-we-have-AGP ifdef

    anholt authored gregkh committed
    commit 1bb88ed upstream.
    This fixes the MIPS with DRM build.
    Signed-off-by: Eric Anholt <>
    Tested-by: Martin Michlmayr <>
    Signed-off-by: Dave Airlie <>
    Signed-off-by: Greg Kroah-Hartman <>
  23. @fleitner @gregkh

    serial_8250: support for Sealevel Systems Model 7803 COMM+8

    fleitner authored gregkh committed
    commit e65f0f8 upstream.
    Add support for Sealevel Systems Model 7803 COMM+8
    Signed-off-by: Flavio Leitner <>
    Signed-off-by: Alan Cox <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  24. @gregkh

    libata: pata_via: support VX855, future chips whose IDE controller us… authored gregkh committed
    …e 0x0571
    commit e4d866c upstream.
    It supports VX855 and future chips whose IDE controller uses PCI ID 0x0571.
    Signed-off-by: Joseph Chan <>
    Acked-by: Tejun Heo <>
    Signed-off-by: Jeff Garzik <>
    Signed-off-by: Greg Kroah-Hartman <>
  25. @philips @gregkh

    it821x: Add ultra_mask quirk for Vortex86SX

    philips authored gregkh committed
    commit b94b898 upstream.
    On Vortex86SX with IDE controller revision 0x11 ultra DMA must be
    disabled. This patch was tested by DMP and seems to work.
    It is a cleaned up version of their older Kernel patch:
    Tested-by: Shawn Lin <>
    Signed-off-by: Brandon Philips <>
    Cc: Alan Cox <>
    Signed-off-by: Bartlomiej Zolnierkiewicz <>
    Signed-off-by: Greg Kroah-Hartman <>
  26. @lwfinger @gregkh

    rtl8187: Add termination packet to prevent stall

    lwfinger authored gregkh committed
    commit 2fcbab0 upstream.
    The RTL8187 and RTL8187B devices can stall unless an explicit termination
    packet is sent.
    Signed-off-by: Larry Finger <>
    Signed-off-by: John W. Linville <>
    Signed-off-by: Greg Kroah-Hartman <>
  27. @fenrus75 @gregkh

    resources: skip sanity check of busy resources

    fenrus75 authored gregkh committed
    commit 3ac5266 upstream.
    Impact: reduce false positives in iomem_map_sanity_check()
    Some drivers (vesafb) only map/reserve a portion of a resource.
    If then some other driver comes in and maps the whole resource,
    the current code WARN_ON's. This is not the intent of the checks
    in iomem_map_sanity_check(); rather these checks want to
    warn when crossing *hardware* resources only.
    This patch skips BUSY resources as suggested by Linus.
    Note: having two drivers talk to the same hardware at the same
    time is obviously not optimal behavior, but that's a separate story.
    Signed-off-by: Arjan van de Ven <>
    Signed-off-by: Ingo Molnar <>
    Signed-off-by: Kyle McMartin <>
    Signed-off-by: Greg Kroah-Hartman <>
  28. @gregkh

    alpha: fix vmalloc breakage

    Ivan Kokshaysky authored gregkh committed
    commit 822c18f upstream.
    On alpha, we have to map some stuff in the VMALLOC space very early in the
    boot process (to make SRM console callbacks work and so on, see
    arch/alpha/mm/init.c).  For old VM allocator, we just manually placed a
    vm_struct onto the global vmlist and this worked for ages.
    Unfortunately, the new allocator isn't aware of this, so it constantly
    tries to allocate the VM space which is already in use, making vmalloc on
    alpha defunct.
    This patch forces KVA to import vmlist entries on init.
    [ remove unneeded check (per Johannes)]
    Signed-off-by: Ivan Kokshaysky <>
    Cc: Nick Piggin <>
    Cc: Johannes Weiner <>
    Cc: Richard Henderson <>
    Cc: Johannes Weiner <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  29. @gregkh

    alpha: nautilus - fix compile failure with gcc-4.3

    Ivan Kokshaysky authored gregkh committed
    commit 70b66cb upstream.
    init_srm_irq() deals with irq's #16 and above, but size of irq_desc
    array on nautilus and some other system types is 16. So gcc-4.3
    complains that "array subscript is above array bounds", even though
    this function is never called on those systems.
    This adds a check for NR_IRQS <= 16, which effectively optimizes
    init_srm_irq() code away on problematic platforms.
    Thanks to Daniel Drake <> for detailed analysis
    of the problem.
    Signed-off-by: Ivan Kokshaysky <>
    Cc: Richard Henderson <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Cc: Tobias Klausmann <>
    Signed-off-by: Greg Kroah-Hartman <>
  30. @gregkh

    USB: storage: add unusual devs entry

    Oliver Neukum authored gregkh committed
    commit b90de8a upstream.
    This adds an unusual devs entry for 2116:0320
    Signed-off-by: Oliver Neukum <>
    Signed-off-by: Greg Kroah-Hartman <>
  31. @gregkh

    USB: fix char-device disconnect handling

    Alan Stern authored gregkh committed
    commit 501950d upstream.
    This patch (as1198) fixes a conceptual bug: Somewhere along the line
    we managed to confuse USB class devices with USB char devices.  As a
    result, the code to send a disconnect signal to userspace would not be
    The usb_fs_classdev_common_remove() routine has been renamed to
    usbdev_remove() and it is now called whenever any USB device is
    removed, not just when a class device is unregistered.  The notifier
    registration and unregistration calls are no longer conditionally
    compiled.  And since the common removal code will always be called as
    part of the char device interface, there's no need to call it again as
    part of the usbfs interface; thus the invocation of
    usb_fs_classdev_common_remove() has been taken out of
    Signed-off-by: Alan Stern <>
    Reported-by: Alon Bar-Lev <>
    Tested-by: Alon Bar-Lev <>
    Signed-off-by: Greg Kroah-Hartman <>
  32. @gregkh

    USB: usbmon: Implement compat_ioctl

    Pete Zaitcev authored gregkh committed
    commit 7abce6b upstream.
    Running a 32-bit usbmon(8) on 2.6.28-rc9 produces the following:
    ioctl32(usbmon:28563): Unknown cmd fd(3) cmd(400c9206){t:ffffff92;sz:12} arg(ffd3f458) on /dev/usbmon0
    It happens because the compatibility mode was implemented for 2.6.18
    and not updated for the fsops.compat_ioctl API.
    This patch relocates the pieces from under #ifdef CONFIG_COMPAT into
    compat_ioctl with no other changes except one new whitespace.
    Signed-off-by: Pete Zaitcev <>
    Signed-off-by: Greg Kroah-Hartman <>
  33. @cladisch @gregkh

    sound: virtuoso: enable UART on Xonar HDAV1.3

    cladisch authored gregkh committed
    commit 22c7337 upstream.
    This hardware has a better chance of working correctly if we don't
    forget to enable it.
    Signed-off-by: Clemens Ladisch <>
    Signed-off-by: Takashi Iwai <>
    Signed-off-by: Greg Kroah-Hartman <>
  34. @gregkh

    USB: fix toggle mismatch in disable_endpoint paths

    Alan Stern authored gregkh committed
    commit ddeac4e upstream.
    This patch (as1200) finishes some fixes that were left incomplete by
    an earlier patch.
    Although nobody has addressed this issue in the past, it turns out
    that we need to distinguish between two different modes of disabling
    and enabling endpoints.  In one mode only the data structures in
    usbcore are affected, and in the other mode the host controller and
    device hardware states are affected as well.
    The earlier patch added an extra argument to the routines in the
    enable_endpoint pathways to reflect this difference.  This patch adds
    corresponding arguments to the disable_endpoint pathways.  Without
    this change, the endpoint toggle state can get out of sync between
    the host and the device.  The exact mechanism depends on the details
    of the host controller (whether or not it stores its own copy of the
    toggle values).
    Signed-off-by: Alan Stern <>
    Reported-by: Dan Streetman <>
    Tested-by: Dan Streetman <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: Greg Kroah-Hartman <>
  35. @gregkh

    x86: fix page attribute corruption with cpa()

    Suresh Siddha authored gregkh committed
    commit a1e4621 upstream.
    Impact: fix sporadic slowdowns and warning messages
    This patch fixes a performance issue reported by Linus on his
    Nehalem system. While Linus reverted the PAT patch (commit
    58dab91) which exposed the issue,
    existing cpa() code can potentially still cause wrong(page attribute
    corruption) behavior.
    This patch also fixes the "WARNING: at arch/x86/mm/pageattr.c:560" that
    various people reported.
    In 64bit kernel, kernel identity mapping might have holes depending
    on the available memory and how e820 reports the address range
    covering the RAM, ACPI, PCI reserved regions. If there is a 2MB/1GB hole
    in the address range that is not listed by e820 entries, kernel identity
    mapping will have a corresponding hole in its 1-1 identity mapping.
    If cpa() happens on the kernel identity mapping which falls into these holes,
    existing code fails like this:
    			returns 0 because of if (!kpte). But doesn't
    			set cpa->numpages and cpa->pfn.
    			uses uninitialized cpa->pfn (random value)
    			which can potentially lead to changing the page
    			attribute of kernel text/data, kernel identity
    			mapping of RAM pages etc. oops!
    This bug was easily exposed by another PAT patch which was doing
    cpa() more often on kernel identity mapping holes (physical range between
    max_low_pfn_mapped and 4GB), where in here it was setting the
    cache disable attribute(PCD) for kernel identity mappings aswell.
    Fix cpa() to handle the kernel identity mapping holes. Retain
    the WARN() for cpa() calls to other not present address ranges
    (kernel-text/data, ioremap() addresses)
    Signed-off-by: Suresh Siddha <>
    Signed-off-by: Venkatesh Pallipadi <>
    Signed-off-by: Ingo Molnar <>
    Signed-off-by: Greg Kroah-Hartman <>
Something went wrong with that request. Please try again.