Skip to content
Commits on Aug 11, 2011
  1. Merge branch 'configs-3.0' into pf-3.0

    Oleksandr Natalenko committed Aug 11, 2011
  2. configs-3.0: update config for Dell Inspiron 1525 laptop

    Oleksandr Natalenko committed Aug 11, 2011
  3. Merge remote-tracking branch 'zen-kernel/bfq-3.0' into pf-3.0

    Oleksandr Natalenko committed Aug 11, 2011
  4. Merge branch 'ck-3.0' into pf-3.0

    Oleksandr Natalenko committed Aug 11, 2011
  5. ck-3.0: remove extra version info

    Oleksandr Natalenko committed Aug 11, 2011
  6. ck-3.0: add 3.0.0-ck1 patchset

    Oleksandr Natalenko committed Aug 11, 2011
Commits on Aug 5, 2011
  1. Merge remote-tracking branch 'tuxonice-3.0/combined' into pf-3.0

    Oleksandr Natalenko committed Aug 5, 2011
  2. fix merge conflict

    Oleksandr Natalenko committed Aug 5, 2011
  3. @NigelCunningham

    Fix faulty logic.

    NigelCunningham committed Aug 5, 2011
    The logic in do_prepare_image and toi_init was wonky. The final
    tests in toi_init return 1 instead of 0 in the non-error case,
    and we treat 1 (which should indicate an error!) as the normal
    and correct case in the caller. Urgh.
    
    Signed-off-by: Nigel Cunningham <nigel@tuxonice.net>
  4. @gregkh

    Linux 3.0.1

    gregkh committed Aug 4, 2011
  5. @kergon @gregkh

    dm: fix idr leak on module removal

    kergon committed with gregkh Aug 2, 2011
    commit d15b774 upstream.
    
    Destroy _minor_idr when unloading the core dm module.  (Found by kmemleak.)
    
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  6. @snitm @gregkh

    dm mpath: fix potential NULL pointer in feature arg processing

    snitm committed with gregkh Aug 2, 2011
    commit 286f367 upstream.
    
    Avoid dereferencing a NULL pointer if the number of feature arguments
    supplied is fewer than indicated.
    
    Signed-off-by: Mike Snitzer <snitzer@redhat.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  7. @gregkh

    dm snapshot: flush disk cache when merging

    Mikulas Patocka committed with gregkh Aug 2, 2011
    commit 762a80d upstream.
    
    This patch makes dm-snapshot flush disk cache when writing metadata for
    merging snapshot.
    
    Without cache flushing the disk may reorder metadata write and other
    data writes and there is a possibility of data corruption in case of
    power fault.
    
    Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  8. @gregkh

    dm io: flush cpu cache with vmapped io

    Mikulas Patocka committed with gregkh Aug 2, 2011
    commit bb91bc7 upstream.
    
    For normal kernel pages, CPU cache is synchronized by the dma layer.
    However, this is not done for pages allocated with vmalloc. If we do I/O
    to/from vmallocated pages, we must synchronize CPU cache explicitly.
    
    Prior to doing I/O on vmallocated page we must call
    flush_kernel_vmap_range to flush dirty cache on the virtual address.
    After finished read we must call invalidate_kernel_vmap_range to
    invalidate cache on the virtual address, so that accesses to the virtual
    address return newly read data and not stale data from CPU cache.
    
    This patch fixes metadata corruption on dm-snapshots on PA-RISC and
    possibly other architectures with caches indexed by virtual address.
    
    Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  9. @JuliaLawall @gregkh

    ALSA: sound/core/pcm_compat.c: adjust array index

    JuliaLawall committed with gregkh Jul 28, 2011
    commit ca9380f upstream.
    
    Convert array index from the loop bound to the loop index.
    
    A simplified version of the semantic patch that fixes this problem is as
    follows: (http://coccinelle.lip6.fr/)
    
    // <smpl>
    @@
    expression e1,e2,ar;
    @@
    
    for(e1 = 0; e1 < e2; e1++) { <...
      ar[
    - e2
    + e1
      ]
      ...> }
    // </smpl>
    
    Signed-off-by: Julia Lawall <julia@diku.dk>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  10. @gregkh

    watchdog: shwdt: fix usage of mod_timer

    David Engraf committed with gregkh Jul 20, 2011
    commit bea1906 upstream.
    
    Fix the usage of mod_timer() and make the driver usable. mod_timer() must
    be called with an absolute timeout in jiffies. The old implementation
    used a relative timeout thus the hardware watchdog was never triggered.
    
    Signed-off-by: David Engraf <david.engraf@sysgo.com>
    Signed-off-by: Paul Mundt <lethal@linux-sh.org>
    Signed-off-by: Wim Van sebroeck <wim@iguana.be>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  11. @swhiteho @gregkh

    GFS2: Fix mount hang caused by certain access pattern to sysfs files

    swhiteho committed with gregkh Jul 26, 2011
    commit 1923703 upstream.
    
    Depending upon the order of userspace/kernel during the
    mount process, this can result in a hang without the
    _all version of the completion.
    
    Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  12. @gregkh

    rt2x00: Add device ID for RT539F device.

    Gertjan van Wingerde committed with gregkh Jul 6, 2011
    commit 71e0b38 upstream.
    
    Reported-by: Wim Vander Schelden <wim@fixnum.org>
    Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
    Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  13. @utrace @gregkh

    oom: task->mm == NULL doesn't mean the memory was freed

    utrace committed with gregkh Jul 30, 2011
    commit c027a47 upstream.
    
    exit_mm() sets ->mm == NULL then it does mmput()->exit_mmap() which
    frees the memory.
    
    However select_bad_process() checks ->mm != NULL before TIF_MEMDIE,
    so it continues to kill other tasks even if we have the oom-killed
    task freeing its memory.
    
    Change select_bad_process() to check ->mm after TIF_MEMDIE, but skip
    the tasks which have already passed exit_notify() to ensure a zombie
    with TIF_MEMDIE set can't block oom-killer. Alternatively we could
    probably clear TIF_MEMDIE after exit_mmap().
    
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  14. @gregkh

    AppArmor: Fix masking of capabilities in complain mode

    John Johansen committed with gregkh Jun 25, 2011
    commit 25e75df upstream.
    
    AppArmor is masking the capabilities returned by capget against the
    capabilities mask in the profile.  This is wrong, in complain mode the
    profile has effectively all capabilities, as the profile restrictions are
    not being enforced, merely tested against to determine if an access is
    known by the profile.
    
    This can result in the wrong behavior of security conscience applications
    like sshd which examine their capability set, and change their behavior
    accordingly.  In this case because of the masked capability set being
    returned sshd fails due to DAC checks, even when the profile is in complain
    mode.
    
    Kernels affected: 2.6.36 - 3.0.
    
    Signed-off-by: John Johansen <john.johansen@canonical.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  15. @gregkh

    AppArmor: Fix reference to rcu protected pointer outside of rcu_read_…

    John Johansen committed with gregkh Jun 28, 2011
    …lock
    
    commit 04fdc09 upstream.
    
    The pointer returned from tracehook_tracer_task() is only valid inside
    the rcu_read_lock.  However the tracer pointer obtained is being passed
    to aa_may_ptrace outside of the rcu_read_lock critical section.
    
    Mover the aa_may_ptrace test into the rcu_read_lock critical section, to
    fix this.
    
    Kernels affected: 2.6.36 - 3.0
    
    Reported-by: Oleg Nesterov <oleg@redhat.com>
    Signed-off-by: John Johansen <john.johansen@canonical.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  16. @manfred-colorfu @gregkh

    ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID

    manfred-colorfu committed with gregkh Jul 25, 2011
    commit d694ad6 upstream.
    
    If a semaphore array is removed and in parallel a sleeping task is woken
    up (signal or timeout, does not matter), then the woken up task does not
    wait until wake_up_sem_queue_do() is completed.  This will cause crashes,
    because wake_up_sem_queue_do() will read from a stale pointer.
    
    The fix is simple: Regardless of anything, always call get_queue_result().
    This function waits until wake_up_sem_queue_do() has finished it's task.
    
    Addresses https://bugzilla.kernel.org/show_bug.cgi?id=27142
    
    Reported-by: Yuriy Yevtukhov <yuriy@ucoz.com>
    Reported-by: Harald Laabs <kernel@dasr.de>
    Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
    Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  17. @hbrueckner @gregkh

    hvc_console: Improve tty/console put_chars handling

    hbrueckner committed with gregkh Jul 5, 2011
    commit 8c2381a upstream.
    
    Currently, the hvc_console_print() function drops console output if the
    hvc backend's put_chars() returns 0.  This patch changes this behavior
    to allow a retry through returning -EAGAIN.
    
    This change also affects the hvc_push() function.  Both functions are
    changed to handle -EAGAIN and to retry the put_chars() operation.
    
    If a hvc backend returns -EAGAIN, the retry handling differs:
    
      - hvc_console_print() spins to write the complete console output.
      - hvc_push() behaves the same way as for returning 0.
    
    Now hvc backends can indirectly control the way how console output is
    handled through the hvc console layer.
    
    Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
    Acked-by: Anton Blanchard <anton@samba.org>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  18. @antonblanchard @gregkh

    powerpc/pseries/hvconsole: Fix dropped console output

    antonblanchard committed with gregkh Jul 5, 2011
    commit 51d3302 upstream.
    
    Return -EAGAIN when we get H_BUSY back from the hypervisor. This
    makes the hvc console driver retry, avoiding dropped printks.
    
    Signed-off-by: Anton Blanchard <anton@samba.org>
    Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  19. @ralfbaechle @gregkh

    SERIAL: SC26xx: Fix link error.

    ralfbaechle committed with gregkh Jun 27, 2011
    commit f2eb3cd upstream.
    
    Kconfig allows enabling console support for the SC26xx driver even when
    it's configured as a module resulting in a:
    
    ERROR: "uart_console_device" [drivers/tty/serial/sc26xx.ko] undefined!
    
    modpost error since the driver was merged in
    eea63e0 [SC26XX: New serial driver for
    SC2681 uarts] in 2.6.25.  Fixed by only allowing console support to be
    enabled if the driver is builtin.
    
    Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
    Cc: linux-serial@vger.kernel.org
    Cc: linux-kernel@vger.kernel.org
    Cc: linux-mips@linux-mips.org
    Acked-by: Alan Cox <alan@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  20. @swarren @gregkh

    tty/serial: Fix XSCALE serial ports, e.g. ce4100

    swarren committed with gregkh Jun 17, 2011
    commit 5568181 upstream.
    
    Commit 4539c24 "tty/serial: Add
    explicit PORT_TEGRA type" introduced separate flags describing the need
    for IER bits UUE and RTOIE. Both bits are required for the XSCALE port
    type. While that patch updated uart_config[] as required, the auto-probing
    code wasn't updated to set the RTOIE flag when an XSCALE port type was
    detected. This caused such ports to stop working. This patch rectifies
    that.
    
    Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Signed-off-by: Stephen Warren <swarren@nvidia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  21. @gregkh

    memcg: fix behavior of mem_cgroup_resize_limit()

    Daisuke Nishimura committed with gregkh Jul 26, 2011
    commit 108b6a7 upstream.
    
    Commit 22a668d ("memcg: fix behavior under memory.limit equals to
    memsw.limit") introduced "memsw_is_minimum" flag, which becomes true
    when mem_limit == memsw_limit.  The flag is checked at the beginning of
    reclaim, and "noswap" is set if the flag is true, because using swap is
    meaningless in this case.
    
    This works well in most cases, but when we try to shrink mem_limit,
    which is the same as memsw_limit now, we might fail to shrink mem_limit
    because swap doesn't used.
    
    This patch fixes this behavior by:
     - check MEM_CGROUP_RECLAIM_SHRINK at the begining of reclaim
     - If it is set, don't set "noswap" flag even if memsw_is_minimum is true.
    
    Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
    Cc: Balbir Singh <bsingharora@gmail.com>
    Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
    Cc: Michal Hocko <mhocko@suse.cz>
    Cc: Ying Han <yinghan@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  22. @gregkh

    cfg80211: really ignore the regulatory request

    Sven Neumann committed with gregkh Jul 12, 2011
    commit a203c2a upstream.
    
    At the beginning of wiphy_update_regulatory() a check is performed
    whether the request is to be ignored. Then the request is sent to
    the driver nevertheless. This happens even if last_request points
    to NULL, leading to a crash in the driver:
    
     [<bf01d864>] (lbs_set_11d_domain_info+0x28/0x1e4 [libertas]) from [<c03b714c>] (wiphy_update_regulatory+0x4d0/0x4f4)
     [<c03b714c>] (wiphy_update_regulatory+0x4d0/0x4f4) from [<c03b4008>] (wiphy_register+0x354/0x420)
     [<c03b4008>] (wiphy_register+0x354/0x420) from [<bf01b17c>] (lbs_cfg_register+0x80/0x164 [libertas])
     [<bf01b17c>] (lbs_cfg_register+0x80/0x164 [libertas]) from [<bf020e64>] (lbs_start_card+0x20/0x88 [libertas])
     [<bf020e64>] (lbs_start_card+0x20/0x88 [libertas]) from [<bf02cbd8>] (if_sdio_probe+0x898/0x9c0 [libertas_sdio])
    
    Fix this by returning early. Also remove the out: label as it is
    not any longer needed.
    
    Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
    Cc: linux-wireless@vger.kernel.org
    Cc: Johannes Berg <johannes@sipsolutions.net>
    Cc: Daniel Mack <daniel@zonque.org>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  23. @gregkh

    EHCI: fix direction handling for interrupt data toggles

    Alan Stern committed with gregkh Jul 19, 2011
    commit e04f5f7 upstream.
    
    This patch (as1480) fixes a rather obscure bug in ehci-hcd.  The
    qh_update() routine needs to know the number and direction of the
    endpoint corresponding to its QH argument.  The number can be taken
    directly from the QH data structure, but the direction isn't stored
    there.  The direction is taken instead from the first qTD linked to
    the QH.
    
    However, it turns out that for interrupt transfers, qh_update() gets
    called before the qTDs are linked to the QH.  As a result, qh_update()
    computes a bogus direction value, which messes up the endpoint toggle
    handling.  Under the right combination of circumstances this causes
    usb_reset_endpoint() not to work correctly, which causes packets to be
    dropped and communications to fail.
    
    Now, it's silly for the QH structure not to have direct access to all
    the descriptor information for the corresponding endpoint.  Ultimately
    it may get a pointer to the usb_host_endpoint structure; for now,
    adding a copy of the direction flag solves the immediate problem.
    
    This allows the Spyder2 color-calibration system (a low-speed USB
    device that sends all its interrupt data packets with the toggle set
    to 0 and hance requires constant use of usb_reset_endpoint) to work
    when connected through a high-speed hub.  Thanks to Graeme Gill for
    supplying the hardware that allowed me to track down this bug.
    
    Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
    Reported-by: Graeme Gill <graeme@argyllcms.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  24. @gregkh

    EHCI: only power off port if over-current is active

    Sergei Shtylyov committed with gregkh Jul 6, 2011
    commit 81463c1 upstream.
    
    MAX4967 USB power supply chip we use on our boards signals over-current when
    power is not enabled; once it's enabled, over-current signal returns to normal.
    That unfortunately caused the endless stream of "over-current change on port"
    messages. The EHCI root hub code reacts on every over-current signal change
    with powering off the port -- such change event is generated the moment the
    port power is enabled, so once enabled the power is immediately cut off.
    I think we should only cut off power when we're seeing the active over-current
    signal, so I'm adding such check to that code. I also think that the fact that
    we've cut off the port power should be reflected in the result of GetPortStatus
    request immediately, hence I'm adding a PORTSCn register readback after write...
    
    Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
    Acked-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  25. @gregkh

    n_gsm: fix the wrong FCS handling

    Du, Alek committed with gregkh Jul 7, 2011
    commit f086ced upstream.
    
    FCS could be GSM0_SOF, so will break state machine...
    
    [This byte isn't quoted in any way so a SOF here doesn't imply an error
     occurred.]
    
    Signed-off-by: Alek Du <alek.du@intel.com>
    Signed-off-by: Alan Cox <alan@linux.intel.com>
    [Trivial but best backported once its in 3.1rc I think]
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  26. @gregkh

    proc: fix a race in do_io_accounting()

    Vasiliy Kulikov committed with gregkh Jul 26, 2011
    commit 293eb1e upstream.
    
    If an inode's mode permits opening /proc/PID/io and the resulting file
    descriptor is kept across execve() of a setuid or similar binary, the
    ptrace_may_access() check tries to prevent using this fd against the
    task with escalated privileges.
    
    Unfortunately, there is a race in the check against execve().  If
    execve() is processed after the ptrace check, but before the actual io
    information gathering, io statistics will be gathered from the
    privileged process.  At least in theory this might lead to gathering
    sensible information (like ssh/ftp password length) that wouldn't be
    available otherwise.
    
    Holding task->signal->cred_guard_mutex while gathering the io
    information should protect against the race.
    
    The order of locking is similar to the one inside of ptrace_attach():
    first goes cred_guard_mutex, then lock_task_sighand().
    
    Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  27. @gregkh

    NFS: Fix spurious readdir cookie loop messages

    Trond Myklebust committed with gregkh Jul 30, 2011
    commit 0c03080 upstream.
    
    If the directory contents change, then we have to accept that the
    file->f_pos value may shrink if we do a 'search-by-cookie'. In that
    case, we should turn off the loop detection and let the NFS client
    try to recover.
    
    The patch also fixes a second loop detection bug by ensuring
    that after turning on the ctx->duped flag, we read at least one new
    cookie into ctx->dir_cookie before attempting to match with
    ctx->dup_cookie.
    
    Reported-by: Petr Vandrovec <petr@vandrovec.name>
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  28. @gregkh

    NFSv4: Don't use the delegation->inode in nfs_mark_return_delegation()

    Trond Myklebust committed with gregkh Jul 25, 2011
    commit ed1e621 upstream.
    
    nfs_mark_return_delegation() is usually called without any locking, and
    so it is not safe to dereference delegation->inode. Since the inode is
    only used to discover the nfs_client anyway, it makes more sense to
    have the callers pass a valid pointer to the nfs_server as a parameter.
    
    Reported-by: Ian Kent <raven@themaw.net>
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  29. @gregkh

    svcrpc: fix list-corrupting race on nfsd shutdown

    J. Bruce Fields committed with gregkh Jun 29, 2011
    commit ebc63e5 upstream.
    
    After commit 3262c81 "[PATCH] knfsd:
    split svc_serv into pools", svc_delete_xprt (then svc_delete_socket) no
    longer removed its xpt_ready (then sk_ready) field from whatever list it
    was on, noting that there was no point since the whole list was about to
    be destroyed anyway.
    
    That was mostly true, but forgot that a few svc_xprt_enqueue()'s might
    still be hanging around playing with the about-to-be-destroyed list, and
    could get themselves into trouble writing to freed memory if we left
    this xprt on the list after freeing it.
    
    (This is actually functionally identical to a patch made first by Ben
    Greear, but with more comments.)
    
    Cc: gnb@fmeh.org
    Reported-by: Ben Greear <greearb@candelatech.com>
    Tested-by: Ben Greear <greearb@candelatech.com>
    Signed-off-by: J. Bruce Fields <bfields@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Something went wrong with that request. Please try again.