Skip to content
Commits on Jan 6, 2010
  1. @gregkh


    gregkh committed Jan 6, 2010
  2. @dmonakhov @gregkh

    ext4: fix sleep inside spinlock issue with quota and dealloc (#14739)

    commit 39bc680 upstream.
    Unlock i_block_reservation_lock before vfs_dq_reserve_block().
    This patch fixes
    Cc: Theodore Ts'o <>
    Signed-off-by: Dmitry Monakhov <>
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
    dmonakhov committed with gregkh Dec 10, 2009
  3. @dmonakhov @gregkh

    ext4: Convert to generic reserved quota's space management.

    commit a9e7f44 upstream.
    This patch also fixes write vs chown race condition.
    Acked-by: "Theodore Ts'o" <>
    Signed-off-by: Dmitry Monakhov <>
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
    dmonakhov committed with gregkh Dec 14, 2009
  4. @dmonakhov @gregkh

    quota: decouple fs reserved space from quota reservation

    commit fd8fbfc upstream.
    Currently inode_reservation is managed by fs itself and this
    reservation is transfered on dquot_transfer(). This means what
    inode_reservation must always be in sync with
    dquot->dq_dqb.dqb_rsvspace. Otherwise dquot_transfer() will result
    in incorrect quota(WARN_ON in dquot_claim_reserved_space() will be
    This is not easy because of complex locking order issues
    for example
    The patch introduce quota reservation field for each fs-inode
    (fs specific inode is used in order to prevent bloating generic
    vfs inode). This reservation is managed by quota code internally
    similar to i_blocks/i_bytes and may not be always in sync with
    internal fs reservation.
    Also perform some code rearrangement:
    - Unify dquot_reserve_space() and dquot_reserve_space()
    - Unify dquot_release_reserved_space() and dquot_free_space()
    - Also this patch add missing warning update to release_rsv()
      dquot_release_reserved_space() must call flush_warnings() as
      dquot_free_space() does.
    Signed-off-by: Dmitry Monakhov <>
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
    dmonakhov committed with gregkh Dec 14, 2009
  5. @dmonakhov @gregkh

    Add unlocked version of inode_add_bytes() function

    commit b462707 upstream.
    Quota code requires unlocked version of this function. Off course
    we can just copy-paste the code, but copy-pasting is always an evil.
    Signed-off-by: Dmitry Monakhov <>
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
    dmonakhov committed with gregkh Dec 14, 2009
  6. @Codeblight @gregkh

    Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P

    This patch is not upstream. Since 2.6.32, there is an interface in
    /sys for handling the force_release events from userspace, so such
    quirk patches are no longer accepted upstream now. But this patch is
    valid for version 2.6.31 downwards.
        Moiseev Vladimir <>
        Alexander Huhlaev <>
    Signed-off-by: Keng-Yu Lin <>
    Cc: Moiseev Vladimir <>
    Cc: Alexander Huhlaev <>
    Signed-off-by: Greg Kroah-Hartman <>
    Codeblight committed with gregkh Dec 7, 2009
  7. @gregkh

    memcg: avoid oom-killing innocent task in case of use_hierarchy

    commit d31f56d upstream
    task_in_mem_cgroup(), which is called by select_bad_process() to check whether
    a task can be a candidate for being oom-killed from memcg's limit, checks
    "curr->use_hierarchy"("curr" is the mem_cgroup the task belongs to).
    But this check return true(it's false positive) when:
    	<some path>/00		use_hierarchy == 0	<- hitting limit
    	  <some path>/00/aa	use_hierarchy == 1	<- "curr"
    This leads to killing an innocent task in 00/aa. This patch is a fix for this
    bug. And this patch also fixes the arg for mem_cgroup_print_oom_info(). We
    should print information of mem_cgroup which the task being killed, not current,
    belongs to.
    Signed-off-by: Daisuke Nishimura <>
    Acked-by: KAMEZAWA Hiroyuki <>
    Reviewed-by: Balbir Singh <>
    Signed-off-by: Greg Kroah-Hartman <>
    Daisuke Nishimura committed with gregkh Jan 5, 2010
  8. @gregkh

    rt2x00: Disable powersaving for rt61pci and rt2800pci.

    commit 93b6bd2 upstream.
    We've had many reports of rt61pci failures with powersaving enabled.
    Therefore, as a stop-gap measure, disable powersaving of the rt61pci
    until we have found a proper solution.
    Also disable powersaving on rt2800pci as it most probably will show
    the same problem.
    Signed-off-by: Gertjan van Wingerde <>
    Acked-by: Ivo van Doorn <>
    Signed-off-by: John W. Linville <>
    Signed-off-by: Greg Kroah-Hartman <>
    Gertjan van Wingerde committed with gregkh Dec 14, 2009
  9. @gregkh

    generic_permission: MAY_OPEN is not write access

    commit 7ea6600 upstream.
    generic_permission was refusing CAP_DAC_READ_SEARCH-enabled
    processes from opening DAC-protected files read-only, because
    do_filp_open adds MAY_OPEN to the open mask.
    Ignore MAY_OPEN.  After this patch, CAP_DAC_READ_SEARCH is
    again sufficient to open(fname, O_RDONLY) on a file to which
    DAC otherwise refuses us read permission.
    Reported-by: Mike Kazantsev <>
    Signed-off-by: Serge E. Hallyn <>
    Tested-by: Mike Kazantsev <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
    Serge E. Hallyn committed with gregkh Dec 29, 2009
  10. @janekr @gregkh

    XFS bug in log recover with quota (bugzilla id 855)

    commit 8ec6dba upstream.
    I was hit by a bug in linux 2.6.31 when XFS is not able to recover the
    log after a crash if fs was mounted with quotas. Gory details in XFS
    It looks like wrong struct is used in buffer length check, and the following
    patch should fix the problem.
    xfs_dqblk_t has a size of 104+32 bytes, while xfs_disk_dquot_t is 104 bytes
    long, and this is exactly what I see in system logs - "XFS: dquot too small
    (104) in xlog_recover_do_dquot_trans."
    Signed-off-by: Jan Rekorajski <>
    Reviewed-by: Christoph Hellwig <>
    Signed-off-by: Alex Elder <>
    Cc: Simon Kirby <>
    Signed-off-by: Greg Kroah-Hartman <>
    janekr committed with gregkh Nov 16, 2009
  11. @torvalds @gregkh

    x86/ptrace: make genregs[32]_get/set more robust

    commit 04a1e62 upstream.
    The loop condition is fragile: we compare an unsigned value to zero, and
    then decrement it by something larger than one in the loop.  All the
    callers should be passing in appropriately aligned buffer lengths, but
    it's better to just not rely on it, and have some appropriate defensive
    loop limits.
    Acked-by: Roland McGrath <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
    torvalds committed with gregkh Dec 17, 2009
  12. @error27 @gregkh

    V4L/DVB (13596): ov511.c typo: lock => unlock

    commit 50e9d31 upstream.
    This was found with a static checker and has not been tested, but it seems
    pretty clear that the mutex_lock() was supposed to be mutex_unlock()
    Signed-off-by: Dan Carpenter <>
    Signed-off-by: Douglas Schilling Landgraf <>
    Signed-off-by: Mauro Carvalho Chehab <>
    Cc: Brandon Philips <>
    Signed-off-by: Greg Kroah-Hartman <>
    error27 committed with gregkh Dec 10, 2009
  13. @jankara @gregkh

    udf: Try harder when looking for VAT inode

    commit e971b0b upstream.
    Some disks do not contain VAT inode in the last recorded block as required
    by the standard but a few blocks earlier (or the number of recorded blocks
    is wrong). So look for the VAT inode a bit before the end of the media.
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
    jankara committed with gregkh Nov 30, 2009
  14. @gregkh

    S390: dasd: support DIAG access for read-only devices

    commit 22825ab upstream.
    When a DASD device is used with the DIAG discipline, the DIAG
    initialization will indicate success or error with a respective
    return code. So far we have interpreted a return code of 4 as error,
    but it actually means that the initialization was successful, but
    the device is read-only. To allow read-only devices to be used with
    DIAG we need to accept a return code of 4 as success.
    Re-initialization of the DIAG access is also part of the DIAG error
    recovery. If we find that the access mode of a device has been
    changed from writable to read-only while the device was in use,
    we print an error message.
    Signed-off-by: Stefan Weinhuber <>
    Signed-off-by: Martin Schwidefsky <>
    Cc: Stephen Powell <>
    Signed-off-by: Greg Kroah-Hartman <>
    Stefan Weinhuber committed with gregkh Dec 7, 2009
  15. @kaber @gregkh

    ipv6: reassembly: use seperate reassembly queues for conntrack and lo…

    …cal delivery
    commit 0b5ccb2 upstream.
    Currently the same reassembly queue might be used for packets reassembled
    by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
    as well as local delivery. This can cause "packet jumps" when the fragment
    completing a reassembled packet is queued from a different position in the
    stack than the previous ones.
    Add a "user" identifier to the reassembly queue key to seperate the queues
    of each caller, similar to what we do for IPv4.
    Signed-off-by: Patrick McHardy <>
    Signed-off-by: Greg Kroah-Hartman <>
    kaber committed with gregkh Dec 15, 2009
  16. @gregkh

    i2c/tsl2550: Fix lux value in extended mode

    commit 5f5bfb0 upstream.
    According to the TAOS Application Note 'Controlling a Backlight with
    the TSL2550 Ambient Light Sensor' (page 14), the actual lux value in
    extended mode should be obtained multiplying the calculated lux value
    by 5.
    Signed-off-by: Michele Jr De Candia <>
    Signed-off-by: Jean Delvare <>
    Signed-off-by: Greg Kroah-Hartman <>
    Michele Jr De Candia committed with gregkh Nov 26, 2009
  17. @gregkh

    hwmon: (sht15) Off-by-one error in array index + incorrect constants

    commit 4235f68 upstream.
    Fix an off-by-one error in array index + incorrect constants.
    Signed-off-by: Christoph Walser <>
    Signed-off-by: Jonathan Cameron <>
    Signed-off-by: Jean Delvare <>
    Signed-off-by: Greg Kroah-Hartman <>
    Jonathan Cameron committed with gregkh Dec 16, 2009
  18. @RoelKluin @gregkh

    hwmon: (fschmd) Fix check on unsigned in watchdog_write()

    commit c7702c3 upstream.
    If unsigned the watchdog_trigger() return value will not be
    checked correctly.
    Signed-off-by: Roel Kluin <>
    Acked-by: Andrew Morton <>
    Cc: Hans de Goede <>
    Signed-off-by: Jean Delvare <>
    Signed-off-by: Greg Kroah-Hartman <>
    RoelKluin committed with gregkh Oct 24, 2009
  19. @martin-decky @gregkh

    hostap: Revert a toxic part of the conversion to net_device_ops

    commit e484c16 upstream.
    As the hostap driver was converted to use net_device_ops, a mistake was
    made in hostap_main.c (commit 5ae4efb).
    Originally, the tx_queue_len was set to 0 for every other interface than
    HOSTAP_INTERFACE_MASTER, but the new fragment of code sets tx_queue_len to
    0 only for HOSTAP_INTERFACE_MASTER. The opposite of the previous
    behavior makes the driver to drop all packets in AP mode.
    Change the way 0 is assigned to tx_queue_len according to the original
    Signed-off-by: Martin Decky <>
    Signed-off-by: John W. Linville <>
    Signed-off-by: Greg Kroah-Hartman <>
    martin-decky committed with gregkh Sep 10, 2009
  20. @gregkh

    e100: Fix broken cbs accounting due to missing memset.

    commit 70abc8c upstream.
    Alan Stern noticed that e100 caused slab corruption.
    commit 98468ef changed
    the allocation of cbs to use dma pools that don't return zeroed memory,
    especially the cb->status field used to track which cb to clean, causing
    (the visible) double freeing of skbs and a wrong free cbs count.
    Now the cbs are explicitly zeroed at allocation time.
    Reported-by: Alan Stern <>
    Tested-by: Alan Stern <>
    Signed-off-by: Roger Oksanen <>
    Acked-by: Jesse Brandeburg <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
    Roger Oksanen committed with gregkh Dec 18, 2009
  21. @gregkh

    e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocatio…

    …n failure
    commit 98468ef upstream.
    pci_alloc_consistent uses GFP_ATOMIC allocation that may fail on some systems
    with limited memory (Bug #14265). pci_pool_alloc allows waiting with
    Tested-by: Karol Lewandowski <>
    Signed-off-by: Roger Oksanen <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
    Roger Oksanen committed with gregkh Nov 29, 2009
  22. @gregkh

    x86, cpuid: Add "volatile" to asm in native_cpuid()

    commit 45a94d7 upstream.
    xsave_cntxt_init() does something like:
    	cpuid(0xd, ..);	// find out what features FP/SSE/.. etc are supported
    	xsetbv();	// enable the features known to OS
    	cpuid(0xd, ..);	// find out the size of the context for features enabled
    Depending on what features get enabled in xsetbv(), value of the
    cpuid.eax=0xd.ecx=0.ebx changes correspondingly (representing the
    size of the context that is enabled).
    As we don't have volatile keyword for native_cpuid(), gcc 4.1.2
    optimizes away the second cpuid and the kernel continues to use
    the cpuid information obtained before xsetbv(), ultimately leading to kernel
    crash on processors supporting more state than the legacy FP/SSE.
    Add "volatile" for native_cpuid().
    Signed-off-by: Suresh Siddha <>
    LKML-Reference: <>
    Signed-off-by: H. Peter Anvin <>
    Signed-off-by: Greg Kroah-Hartman <>
    Suresh Siddha committed with gregkh Dec 16, 2009
  23. @donnykurnia @gregkh

    USB: option: support hi speed for modem Haier CE100

    commit c983202 upstream.
    I made this patch for usbserial driver to add the support for EVDO modem
    Haier CE100. The bugs report for this is here:
    This patch based on these post:
    I hope this patch can help other that have the Haier C100 modem, mostly in my country, Indonesia.
    Signed-off-by: Donny Kurnia <>
    Signed-off-by: Greg Kroah-Hartman <>
    donnykurnia committed with gregkh Dec 23, 2009
  24. @gregkh

    USB: musb: gadget_ep0: avoid SetupEnd interrupt

    commit 17be5c5 upstream.
    Gadget stalling a zero-length SETUP request results in this error message:
    SetupEnd came in a wrong ep0stage idle
    In order to avoid it, always set the CSR0.DataEnd bit after detecting a zero-
    length request.  Add the missing '\n' to the error message itself as well...
    Signed-off-by: Sergei Shtylyov <>
    Acked-by: Anand Gadiyar <>
    Signed-off-by: Felipe Balbi <>
    Signed-off-by: Greg Kroah-Hartman <>
    Sergei Shtylyov committed with gregkh Dec 15, 2009
  25. @panchoh @gregkh

    USB: Fix a bug on appledisplay.c regarding signedness

    commit 37e9066 upstream.
    brightness status is reported by the Apple Cinema Displays as an
    'unsigned char' (u8) value, but the code used 'char' instead.
    Note that he driver was developed on the PowerPC architecture,
    where the two types are synonymous, which is not always the case.
    Fixed that.  Otherwise the driver will interpret brightness
    levels > 127 as negative, and fail to load.
    Signed-off-by: pancho horrillo <>
    Signed-off-by: Greg Kroah-Hartman <>
    panchoh committed with gregkh Dec 23, 2009
  26. @cladisch @gregkh

    USB: emi62: fix crash when trying to load EMI 6|2 firmware

    commit ac06c06 upstream.
    While converting emi62 to use request_firmware(), the driver was also
    changed to use the ihex helper functions.  However, this broke the loading
    of the FPGA firmware because the code tries to access the addr field of
    the EOF record which works with a plain array that has an empty last
    record but not with the ihex helper functions where the end of the data is
    signaled with a NULL record pointer, resulting in:
    BUG: unable to handle kernel NULL pointer dereference at (null)
    IP: [<f80d248c>] emi62_load_firmware+0x33c/0x740 [emi62]
    This can be fixed by changing the loop condition to test the return value
    of ihex_next_binrec() directly (like in emi26.c).
    Signed-off-by: Clemens Ladisch <>
    Reported-and-tested-by: Der Mickster <>
    Acked-by: David Woodhouse <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Greg Kroah-Hartman <>
    cladisch committed with gregkh Dec 21, 2009
  27. @cladisch @gregkh

    sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer

    commit 3e85fd6 upstream.
    When allocating the PCM buffer, use vmalloc_user() instead of vmalloc().
    Otherwise, it would be possible for applications to play the previous
    contents of the kernel memory to the speakers, or to read it directly if
    the buffer is exported to userspace.
    Signed-off-by: Clemens Ladisch <>
    Signed-off-by: Takashi Iwai <>
    Signed-off-by: Greg Kroah-Hartman <>
    cladisch committed with gregkh Dec 18, 2009
  28. @mikechristie @gregkh

    SCSI: fc class: fix fc_transport_init error handling

    commit 48de68a upstream.
    If transport_class_register fails we should unregister any
    registered classes, or we will leak memory or other
    I did a quick modprobe of scsi_transport_fc to test the
    Signed-off-by: Mike Christie <>
    Signed-off-by: James Bottomley <>
    Signed-off-by: Greg Kroah-Hartman <>
    mikechristie committed with gregkh Nov 17, 2009
  29. @gregkh

    pata_hpt3x2n: fix clock turnaround

    commit 256ace9 upstream.
    The clock turnaround code still doesn't work for several reasons:
    - 'USE_DPLL' flag in 'ap->host->private_data' is never initialized
      or updated, so the driver can only set the chip to the DPLL clock
      mode, not the PCI mode;
    - the driver doesn't serialize access to the channels depending on
      the current clock mode like the vendor drivers, so the clock
      turnaround is only executed "optionally", not always as it should be;
    - the wrong ports are written to when hpt3x2n_set_clock() is called
      for the secondary channel;
    - hpt3x2n_set_clock() can inadvertently enable the disabled channels
      when resetting the channel state machines.
    Signed-off-by: Sergei Shtylyov <>
    Signed-off-by: Jeff Garzik <>
    Signed-off-by: Greg Kroah-Hartman <>
    Sergei Shtylyov committed with gregkh Dec 17, 2009
  30. @bzolnier @gregkh

    pata_cmd64x: fix overclocking of UDMA0-2 modes

    commit 509426b upstream.
    adev->dma_mode stores the transfer mode value not UDMA mode number
    so the condition in cmd64x_set_dmamode() is always true and the higher
    UDMA clock is always selected.  This can potentially result in data
    corruption when UDMA33 device is used, when 40-wire cable is used or
    when the error recovery code decides to lower the device speed down.
    The issue was introduced in the commit 6a40da0 ("libata cmd64x: whack
    into a shape that looks like the documentation") which goes back to
    kernel 2.6.20.
    Signed-off-by: Bartlomiej Zolnierkiewicz <>
    Signed-off-by: Jeff Garzik <>
    Signed-off-by: Greg Kroah-Hartman <>
    bzolnier committed with gregkh Dec 20, 2009
  31. @neilbrown @gregkh

    md: Fix unfortunate interaction with evms

    commit cbd1998 upstream.
    evms configures md arrays by:
      open device
      send ioctl
      close device
    for each different ioctl needed.
    Since 2.6.29, the device can disappear after the 'close'
    unless a significant configuration has happened to the device.
    The change made by "SET_ARRAY_INFO" can too minor to stop the device
    from disappearing, but important enough that losing the change is bad.
    So: make sure SET_ARRAY_INFO sets mddev->ctime, and keep the device
    active as long as ctime is non-zero (it gets zeroed with lots of other
    things when the array is stopped).
    This is suitable for -stable kernels since 2.6.29.
    Signed-off-by: NeilBrown <>
    Signed-off-by: Greg Kroah-Hartman <>
    neilbrown committed with gregkh Dec 30, 2009
  32. @zonque @gregkh

    Libertas: fix buffer overflow in lbs_get_essid()

    commit 45b2416 upstream.
    The libertas driver copies the SSID buffer back to the wireless core and
    appends a trailing NULL character for termination. This is
    a) unnecessary because the buffer is allocated with kzalloc and is hence
       already NULLed when this function is called, and
    b) for priv->curbssparams.ssid_len == 32, it writes back one byte too
       much which causes memory corruptions.
    Fix this by removing the extra write.
    Signed-off-by: Daniel Mack <>
    Cc: Stephen Hemminger <>
    Cc: Maithili Hinge <>
    Cc: Kiran Divekar <>
    Cc: Michael Hirsch <>
    Acked-by: Holger Schurig <>
    Acked-by: Dan Williams <>
    Signed-off-by: John W. Linville <>
    Signed-off-by: Greg Kroah-Hartman <>
    zonque committed with gregkh Dec 16, 2009
  33. @JuliaLawall @gregkh

    drivers/net/usb: Correct code taking the size of a pointer

    commit 6057912 upstream.
    sizeof(dev->dev_addr) is the size of a pointer.  A few lines above, the
    size of this field is obtained using netdev->addr_len for a call to memcpy,
    so do the same here.
    A simplified version of the semantic patch that finds this problem is as
    follows: (
    // <smpl>
    expression *x;
    expression f;
    type T;
    // </smpl>
    Signed-off-by: Julia Lawall <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
    JuliaLawall committed with gregkh Dec 13, 2009
  34. @noglitch @gregkh

    dma: at_hdmac: correct incompatible type for argument 1 of 'spin_lock…

    commit 4297a46 upstream.
    Correct a typo error in locking calls.
    Signed-off-by: Nicolas Ferre <>
    Signed-off-by: Dan Williams <>
    Signed-off-by: Greg Kroah-Hartman <>
    noglitch committed with gregkh Dec 16, 2009
  35. @gregkh

    clockevents: Prevent clockevent_devices list corruption on cpu hotplug

    commit bb6eddf upstream.
    Xiaotian Feng triggered a list corruption in the clock events list on
    CPU hotplug and debugged the root cause.
    If a CPU registers more than one per cpu clock event device, then only
    the active clock event device is removed on CPU_DEAD. The unused
    devices are kept in the clock events device list.
    On CPU up the clock event devices are registered again, which means
    that we list_add an already enqueued list_head. That results in list
    Resolve this by removing all devices which are associated to the dead
    CPU on CPU_DEAD.
    Reported-by: Xiaotian Feng <>
    Signed-off-by: Thomas Gleixner <>
    Tested-by: Xiaotian Feng <>
    Signed-off-by: Greg Kroah-Hartman <>
    Thomas Gleixner committed with gregkh Dec 10, 2009
Something went wrong with that request. Please try again.