commit 147514952f0d48b94f05474996b6ceb3a46f1be7 Author: Greg Kroah-Hartman Date: Thu Dec 18 09:13:59 2008 -0800 Linux 2.6.27.10 commit 2c37aaf6dd69675c4f2afd1264f871e699223b75 Author: Greg Kroah-Hartman Date: Sat Dec 6 21:10:51 2008 -0800 xilinx_hwicap: remove improper wording in license statement commit 09a35ce00fa6bbb8bd130a828807e237488aa7ea upstream. GPLv2 doesn't allow additional restrictions to be imposed on any code, so this wording needs to be removed from these files. Signed-off-by: Stephen Neuendorffer Signed-off-by: Greg Kroah-Hartman commit 42c17dd881fc3ebea2620fe879e18d84f141dd7f Author: Gerald Schaefer Date: Sat Oct 18 20:27:11 2008 -0700 setup_per_zone_pages_min(): take zone->lock instead of zone->lru_lock commit 1125b4e3949949b44a7c80b619507c6f61d62911 upstream. This replaces zone->lru_lock in setup_per_zone_pages_min() with zone->lock. There seems to be no need for the lru_lock anymore, but there is a need for zone->lock instead, because that function may call move_freepages() via setup_zone_migrate_reserve(). Signed-off-by: Gerald Schaefer Acked-by: KAMEZAWA Hiroyuki Tested-by: Yasunori Goto Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 0b634e9caabd8b62d5239b9e374ea00f8186b19d Author: Mauro Carvalho Chehab Date: Thu Nov 13 17:03:28 2008 -0300 V4L/DVB (9621): Avoid writing outside shadow.bytes[] array commit 494264379d186bf806613d27aafb7d88d42f4212 upstream. There were no check about the limits of shadow.bytes array. This offers a risk of writing values outside the limits, overriding other data areas. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit 7228fb2fa5e84db4b618b3e8ce7dab7577af37bc Author: Finn Thain Date: Tue Nov 18 20:40:40 2008 +0100 macfb: Do not overflow fb_fix_screeninfo.id commit 89c223a616cddd9eab792b860f61f99cec53c4e8 upstream. Don't overflow the 16-character fb_fix_screeninfo id string (fixes some console erasing and blanking artifacts). Have the ID default to "Unknown" on machines with no built-in video and no nubus devices. Check for fb_alloc_cmap failure. Signed-off-by: Finn Thain Signed-off-by: Geert Uytterhoeven Signed-off-by: Greg Kroah-Hartman commit 67e5a29906192829677442a7d48acb9c62f19a93 Author: Wilfried Klaebe Date: Wed Dec 3 20:57:19 2008 -0800 b1isa: fix b1isa_exit() to really remove registered capi controllers commit 1c594c05a75770ab53a329fc4eb99c797a4bc7d7 upstream. On "/etc/init.d/capiutils stop", this oops happened. The oops happens on reading /proc/capi/controllers because capi_ctrl->procinfo is called for the wrongly not unregistered controller, which points to b1isa_procinfo(), which was removed on module unload. b1isa_exit() did not call b1isa_remove() for its controllers because io[0] == 0 on module unload despite having been 0x340 on module load. Besides, just removing the controllers that where added on module load time and not those that were added later via b1isa_add_card() is wrong too - the place where all added cards are found is isa_dev[]. relevant dmesg lines: [ 0.000000] Linux version 2.6.27.4 (w@shubashi) (gcc version 4.3.2 (Debian 4.3.2-1) ) #3 Thu Oct 30 16:49:03 CET 2008 [ 67.403555] CAPI Subsystem Rev 1.1.2.8 [ 68.529154] capifs: Rev 1.1.2.3 [ 68.563292] capi20: Rev 1.1.2.7: started up with major 68 (middleware+capifs) [ 77.026936] b1: revision 1.1.2.2 [ 77.049992] b1isa: revision 1.1.2.3 [ 77.722655] kcapi: Controller [001]: b1isa-340 attached [ 77.722671] b1isa: AVM B1 ISA at i/o 0x340, irq 5, revision 255 [ 81.272669] b1isa-340: card 1 "B1" ready. [ 81.272683] b1isa-340: card 1 Protocol: DSS1 [ 81.272689] b1isa-340: card 1 Linetype: point to multipoint [ 81.272695] b1isa-340: B1-card (3.11-03) now active [ 81.272702] kcapi: card [001] "b1isa-340" ready. [ 153.721281] kcapi: card [001] down. [ 154.151889] BUG: unable to handle kernel paging request at e87af000 [ 154.152081] IP: [] [ 154.153292] *pde = 2655b067 *pte = 00000000 [ 154.153307] Oops: 0000 [#1] [ 154.153360] Modules linked in: rfcomm l2cap ppdev lp ipt_MASQUERADE tun capi capifs kernelcapi ac battery nfsd exportfs nfs lockd nfs_acl sunrpc sit tunnel4 bridge stp llc ipt_REJECT ipt_LOG xt_tcpudp xt_state iptable_filter iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack ip_tables x_tables nls_utf8 isofs nls_base zlib_inflate loop ipv6 netconsole snd_via82xx dvb_usb_dib0700 gameport dib7000p dib7000m dvb_usb snd_ac97_codec ac97_bus dvb_core mt2266 snd_pcm tuner_xc2028 dib3000mc dibx000_common mt2060 dib0070 snd_page_alloc snd_mpu401_uart snd_seq_midi snd_seq_midi_event btusb snd_rawmidi bluetooth snd_seq snd_timer snd_seq_device snd via686a i2c_viapro soundcore i2c_core parport_pc parport button dm_mirror dm_log dm_snapshot floppy sg ohci1394 uhci_hcd ehci_hcd 8139too mii ieee1394 usbcore sr_mod cdrom sd_mod thermal processor fan [last unloaded: b1] [ 154.153360] [ 154.153360] Pid: 4132, comm: capiinit Not tainted (2.6.27.4 #3) [ 154.153360] EIP: 0060:[] EFLAGS: 00010286 CPU: 0 [ 154.153360] EIP is at 0xe87af000 [ 154.153360] EAX: e6b9ccc8 EBX: e6b9ccc8 ECX: e87a0c67 EDX: e87af000 [ 154.153360] ESI: e142bbc0 EDI: e87a56e0 EBP: e0505f0c ESP: e0505ee4 [ 154.153360] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 [ 154.153360] Process capiinit (pid: 4132, ti=e0504000 task=d1196cf0 task.ti=e0504000) [ 154.153360] Stack: e879f650 00000246 e0505ef4 c01472eb e0505f0c 00000246 e7001780 fffffff4 [ 154.153360] fffffff4 e142bbc0 e0505f48 c01a56c6 00000400 b805e000 d102dc80 e142bbe0 [ 154.153360] 00000000 e87a56e0 00000246 e12617ac 00000000 00000000 e1261760 fffffffb [ 154.153360] Call Trace: [ 154.153360] [] ? controller_show+0x20/0x90 [kernelcapi] [ 154.153360] [] ? trace_hardirqs_on+0xb/0x10 [ 154.153360] [] ? seq_read+0x126/0x2f0 [ 154.153360] [] ? seq_read+0x0/0x2f0 [ 154.153360] [] ? proc_reg_read+0x5c/0x90 [ 154.153360] [] ? vfs_read+0x99/0x140 [ 154.153360] [] ? proc_reg_read+0x0/0x90 [ 154.153360] [] ? sys_read+0x3d/0x70 [ 154.153360] [] ? sysenter_do_call+0x12/0x35 [ 154.153360] ======================= [ 154.153360] Code: Bad EIP value. [ 154.153360] EIP: [] 0xe87af000 SS:ESP 0068:e0505ee4 [ 154.153360] ---[ end trace 23750b6c2862de94 ]--- Signed-off-by: Wilfried Klaebe Signed-off-by: Andrew Morton Acked-by: Karsten Keil Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit a0f04d0096bd7edb543576c55f7a0993628f924a Author: Trond Myklebust Date: Thu Nov 20 16:06:21 2008 -0500 SUNRPC: Fix a performance regression in the RPC authentication code commit 23918b03060f6e572168fdde1798a905679d2e06 upstream. Fix a regression reported by Max Kellermann whereby kernel profiling showed that his clients were spending 45% of their time in rpcauth_lookup_credcache. It turns out that although his processes had identical uid/gid/groups, generic_match() was failing to detect this, because the task->group_info pointers were not shared. This again lead to the creation of a huge number of identical credentials at the RPC layer. The regression is fixed by comparing the contents of task->group_info if the actual pointers are not identical. Signed-off-by: Trond Myklebust Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit a5330d7ca215757e9949e31f0bb88214f41fd413 Author: Stefan Richter Date: Tue Dec 16 20:35:13 2008 +0100 ieee1394: add quirk fix for Freecom HDD commit 25a41b280083259d05d68f61633194344a1f8a9f upstream. According to http://bugzilla.kernel.org/show_bug.cgi?id=12206, Freecom FireWire Hard Drive 1TB reports max_rom=2 but returns garbage if block read requests are used to read the config ROM. Force max_rom=0 to limit them to quadlet read requests. Reported-by: Christian Mueller Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman commit bc7c91468b80aab044dd9dd61c3492cf57dffabb Author: Stefan Richter Date: Tue Dec 16 20:34:23 2008 +0100 firewire: fw-ohci: fix IOMMU resource exhaustion commit 1d1dc5e83f3299c108a4e44d58cc4bfef48c876a upstream. There is a DMA map/ unmap imbalance whenever a block write request packet is sent and then dequeued with ohci_cancel_packet. The latter may happen frequently if the AR resp tasklet is executed before the AT req tasklet for the same transaction. Add the missing dma_unmap_single. This fixes https://bugzilla.redhat.com/show_bug.cgi?id=475156 Reported-by: Emmanuel Kowalski Tested-by: Emmanuel Kowalski Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman commit 123cd635a810bea55c41f09c09e4d6dc1f493876 Author: Alexey Dobriyan Date: Fri Oct 31 16:41:26 2008 -0700 key: fix setkey(8) policy set breakage commit 920da6923cf03c8a78fbaffa408f8ab37f6abfc1 upstream. Steps to reproduce: #/usr/sbin/setkey -f flush; spdflush; add 192.168.0.42 192.168.0.1 ah 24500 -A hmac-md5 "1234567890123456"; add 192.168.0.42 192.168.0.1 esp 24501 -E 3des-cbc "123456789012123456789012"; spdadd 192.168.0.42 192.168.0.1 any -P out ipsec esp/transport//require ah/transport//require; setkey: invalid keymsg length Policy dump will bail out with the same message after that. -recv(4, "\2\16\0\0\32\0\3\0\0\0\0\0\37\r\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208 +recv(4, "\2\16\0\0\36\0\3\0\0\0\0\0H\t\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208 Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller Cc: Kadianakis George Signed-off-by: Greg Kroah-Hartman commit fa5c9e490836ada4cd4bcd97cc44da3696811c7d Author: Johannes Berg Date: Tue Nov 18 01:47:21 2008 +0100 iwlagn: fix RX skb alignment commit 4018517a1a69a85c3d61b20fa02f187b80773137 upstream. So I dug deeper into the DMA problems I had with iwlagn and a kind soul helped me in that he said something about pci-e alignment and mentioned the iwl_rx_allocate function to check for crossing 4KB boundaries. Since there's 8KB A-MPDU support, crossing 4k boundaries didn't seem like something the device would fail with, but when I looked into the function for a minute anyway I stumbled over this little gem: BUG_ON(rxb->dma_addr & (~DMA_BIT_MASK(36) & 0xff)); Clearly, that is a totally bogus check, one would hope the compiler removes it entirely. (Think about it) After fixing it, I obviously ran into it, nothing guarantees the alignment the way you want it, because of the way skbs and their headroom are allocated. I won't explain that here nor double-check that I'm right, that goes beyond what most of the CC'ed people care about. So then I came up with the patch below, and so far my system has survived minutes with 64K pages, when it would previously fail in seconds. And I haven't seen a single instance of the TX bug either. But when you see the patch it'll be pretty obvious to you why. This should fix the following reported kernel bugs: http://bugzilla.kernel.org/show_bug.cgi?id=11596 http://bugzilla.kernel.org/show_bug.cgi?id=11393 http://bugzilla.kernel.org/show_bug.cgi?id=11983 I haven't checked if there are any elsewhere, but I suppose RHBZ will have a few instances too... I'd like to ask anyone who is CC'ed (those are people I know ran into the bug) to try this patch. I am convinced that this patch is correct in spirit, but I haven't understood why, for example, there are so many unmap calls. I'm not entirely convinced that this is the only bug leading to the TX reply errors. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 41085614ef74686f194520c76b5941b6941c882f Author: Ingo Brueckl Date: Wed Dec 10 23:35:00 2008 +0100 console ASCII glyph 1:1 mapping commit 1c55f18717304100a5f624c923f7cb6511b4116d upstream. For the console, there is a 1:1 mapping of glyphs which cannot be found in the current font. This seems to be meant as a kind of 'emergency fallback' for fonts without unicode mapping which otherwise would display nothing readable on the screen. At the moment it affects all chars for which no substitution character is defined. In particular this means that for all chars (>= 128) where there is no iso88591-1/unicode character (e.g. control character area) you'll get the very strange 1:1 mapping of the (cp437) graphics card glyphs. I'm pretty sure that the 1:1 mapping should only affect strict ASCII code characters, i.e. chars < 128. The patch limits the mapping as it probably was meant anyway. Signed-off-by: Ingo Brueckl Acked-by: H. Peter Anvin Cc: Egmont Koblinger Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit e0489938ae272d46a27dfa3ce235a169f2d1a524 Author: Ingo Brueckl Date: Wed Dec 10 23:34:00 2008 +0100 unicode table for cp437 commit f75bc06e5d00a827d3ec5d57bbb5b73a4adec855 upstream. There is a major bug in the cp437 to unicode translation table. Char 0x7c is mapped to U+00a5 which is the Yen sign and wrong. The right mapping is U+00a6 (broken bar). Furthermore, a mapping for U+00b4 (a widely used character) is missing even though easily possible. The patch fixes these, as well as it provides a few other useful mappings. The changes are as follows: 0x0f (enhancement) enables a sort of currency symbol 0x27 (bug) enables a sort of acute accent which is a widely used character 0x44 (enhancement) enables a sort of icelandic capital letter eth 0x7c (major bug) corrects mapping 0xeb (enhancement) enables a sort of icelandic small letter eth 0xee (enhancement) enables a sort of math 'element of' Signed-off-by: Ingo Brueckl Acked-by: H. Peter Anvin Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit d79c98afbdd27d20777d9b7558240db66d69ca37 Author: Stephen Hemminger Date: Fri Dec 12 10:27:08 2008 -0800 net: eliminate warning from NETIF_F_UFO on bridge Based on commit b63365a2d60268a3988285d6c3c6003d7066f93a upstream, but drastically cut down for 2.6.27.y The bridge device always causes a warning because when it is first created it has the no checksum flag set along with all the segmentation/fragmentation offload bits. The code in register_netdevice incorrectly checks for only hardware checksum bit and ignores no checksum bit. Similar code is already in 2.6.28: commit b63365a2d60268a3988285d6c3c6003d7066f93a net: Fix disjunct computation of netdev features Signed-off-by: Stephen Hemminger Cc: David Miller Cc: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit d3bbe24b08edbfb28f68dea0187933b6908d4d85 Author: Tomas Winkler Date: Tue Nov 25 23:29:03 2008 +0200 iwlwifi: clean key table in iwl_clear_stations_table function commit 40a9a8299116297429298e8fcee08235134883f7 upstream. This patch cleans uCode key table bit map iwl_clear_stations_table since all stations are cleared also the key table must be. Since the keys are not removed properly on suspend by mac80211 this may result in exhausting key table on resume leading to memory corruption during removal This patch also fixes a memory corruption problem reported in http://marc.info/?l=linux-wireless&m=122641417231586&w=2 and tracked in http://bugzilla.kernel.org/show_bug.cgi?id=12040. When the key is removed a second time the offset is set to 255 - this index is not valid for the ucode_key_table and corrupts the eeprom pointer (which is 255 bits from ucode_key_table). Signed-off-by: Tomas Winkler Signed-off-by: Zhu Yi Reported-by: Carlos R. Mafra Reported-by: Lukas Hejtmanek Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 26c5652a335bdf4a4476c9d23a0b381eaa3e2073 Author: Oliver Hartkopp Date: Thu Dec 4 15:01:08 2008 -0800 can: omit received RTR frames for single ID filter lists commit f706644d55f90e8306d87060168fef33804d6dd9 upstream. Since commit d253eee20195b25e298bf162a6e72f14bf4803e5 the single CAN identifier filter lists handle only non-RTR CAN frames. So we need to omit the check of these filter lists when receiving RTR CAN frames. Signed-off-by: Oliver Hartkopp Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit ded40f69197fcdb5a223aef09cb3b382eaa36b85 Author: Oliver Hartkopp Date: Wed Dec 3 15:52:35 2008 -0800 can: Fix CAN_(EFF|RTR)_FLAG handling in can_filter commit d253eee20195b25e298bf162a6e72f14bf4803e5 upstream. Due to a wrong safety check in af_can.c it was not possible to filter for SFF frames with a specific CAN identifier without getting the same selected CAN identifier from a received EFF frame also. This fix has a minimum (but user visible) impact on the CAN filter API and therefore the CAN version is set to a new date. Indeed the 'old' API is still working as-is. But when now setting CAN_(EFF|RTR)_FLAG in can_filter.can_mask you might get less traffic than before - but still the stuff that you expected to get for your defined filter ... Thanks to Kurt Van Dijck for pointing at this issue and for the review. Signed-off-by: Oliver Hartkopp Acked-by: Kurt Van Dijck Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit d3d1dd2ac58c1ffe0311f25a4eac8f26fca72a62 Author: Jeff Kirsher Date: Thu Dec 11 21:28:11 2008 -0800 e1000e: fix double release of mutex commit 30bb0e0dce78427f3e5cb728d6b5ea73acbefffa upstream. During a reset, releasing the swflag after it failed to be acquired would cause a double unlock of the mutex. Instead, test whether acquisition of the swflag was successful and if not, do not release the swflag. The reset must still be done to bring the device to a quiescent state. This resolves [BUG 12200] BUG: bad unlock balance detected! e1000e http://bugzilla.kernel.org/show_bug.cgi?id=12200 Signed-off-by: Jeff Kirsher Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 21f38438e2d63830c4243340efcb8216757ac74b Author: Tejun Heo Date: Thu Dec 11 13:42:42 2008 +0900 libata: fix Seagate NCQ+FLUSH blacklist commit d10d491f842243e2e3bf5a2714020f9d649e1e38 upstream. Due to miscommunication, P/N was mistaken as firmware revision strings. Update it. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit b543708755a23b1de7ba140061b93bb17a5e22e4 Author: Manfred Spraul Date: Wed Dec 10 18:17:06 2008 +0100 lib/idr.c: Fix bug introduced by RCU fix commit 711a49a07f84f914aac26a52143f6e7526571143 upstream. The last patch to lib/idr.c caused a bug if idr_get_new_above() was called on an empty idr. Usually, nodes stay on the same layer. New layers are added to the top of the tree. The exception is idr_get_new_above() on an empty tree: In this case, the new root node is first added on layer 0, then moved upwards. p->layer was not updated. As usual: You shall never rely on the source code comments, they will only mislead you. Signed-off-by: Manfred Spraul Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit feb374144807f9d83d48930c3bae32005441230f Author: Zachary Amsden Date: Sat Dec 13 12:36:58 2008 -0800 x86 Fix VMI crash on boot in 2.6.28-rc8 commit ae8d04e2ecbb233926860e9ce145eac19c7835dc upstream. VMI initialiation can relocate the fixmap, causing early_ioremap to malfunction if it is initialized before the relocation. To fix this, VMI activation is split into two phases; the detection, which must happen before setting up ioremap, and the activation, which must happen after parsing early boot parameters. This fixes a crash on boot when VMI is enabled under VMware. Signed-off-by: Zachary Amsden Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit d9a888b061f55534016d2d86a21639948312a117 Author: Linus Torvalds Date: Sun Dec 14 15:46:01 2008 -0800 Revert "sched_clock: prevent scd->clock from moving backwards" commit ca7e716c7833aeaeb8fedd6d004c5f5d5e14d325 upstream. This reverts commit 5b7dba4ff834259a5623e03a565748704a8fe449, which caused a regression in hibernate, reported by and bisected by Fabio Comolli. This revert fixes http://bugzilla.kernel.org/show_bug.cgi?id=12155 http://bugzilla.kernel.org/show_bug.cgi?id=12149 Bisected-by: Fabio Comolli Requested-by: Rafael J. Wysocki Acked-by: Dave Kleikamp Cc: Peter Zijlstra Cc: Ingo Molnar Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit a552aa81bff628f609dd2df579af703646b1a80c Author: Jay Vosburgh Date: Thu Oct 30 17:41:14 2008 -0700 bonding: fix miimon failure counter commit fba4acda35f3119328bcba28aacefae14245d2bb upstream. During the rework of the mii monitor for: commit f0c76d61779b153dbfb955db3f144c62d02173c2 Author: Jay Vosburgh Date: Wed Jul 2 18:21:58 2008 -0700 bonding: refactor mii monitor I left out the increment of the link failure counter. This patch corrects that omission. Signed-off-by: Jay Vosburgh Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 771b8e4021178328d9c431d0b3ee7a5246fad856 Author: Joerg Roedel Date: Mon Nov 17 15:09:20 2008 +0100 AMD IOMMU: enable device isolation per default commit 3ce1f93c6d53c3f91c3846cf66b018276c8ac2e7 upstream. Impact: makes device isolation the default for AMD IOMMU Some device drivers showed double-free bugs of DMA memory while testing them with AMD IOMMU. If all devices share the same protection domain this can lead to data corruption and data loss. Prevent this by putting each device into its own protection domain per default. Signed-off-by: Joerg Roedel Signed-off-by: Greg Kroah-Hartman