commit 0f935cc75152be0398d392c60bfbbd7a08efe445 Author: Greg Kroah-Hartman Date: Thu Feb 12 09:51:15 2009 -0800 Linux 2.6.28.5 commit 8059205cb1764a590af6cb12108e6b8be465751d Author: Vlad Yasevich Date: Thu Jan 22 14:53:23 2009 -0800 sctp: Fix another socket race during accept/peeloff commit ae53b5bd77719fed58086c5be60ce4f22bffe1c6 upstream. There is a race between sctp_rcv() and sctp_accept() where we have moved the association from the listening socket to the accepted socket, but sctp_rcv() processing cached the old socket and continues to use it. The easy solution is to check for the socket mismatch once we've grabed the socket lock. If we hit a mis-match, that means that were are currently holding the lock on the listening socket, but the association is refrencing a newly accepted socket. We need to drop the lock on the old socket and grab the lock on the new one. A more proper solution might be to create accepted sockets when the new association is established, similar to TCP. That would eliminate the race for 1-to-1 style sockets, but it would still existing for 1-to-many sockets where a user wished to peeloff an association. For now, we'll live with this easy solution as it addresses the problem. Reported-by: Michal Hocko Reported-by: Karsten Keil Signed-off-by: Vlad Yasevich Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit e117993af63778e46f68ea7477ff502e90d1c552 Author: Pavel Machek Date: Thu Jan 15 13:51:03 2009 -0800 nbd: do not allow two clients at the same time commit c91192d66d6cea7878b8542c9d9f1873971aba92 upstream. Two nbd-clients at same time are bad idea, and cause WARN_ON from nbd in 2.6.28-rc7 from sysfs_add_one. This simply prevents that from happening. To reproduce: cat /dev/zero | head -c 10000000 > /tmp/delme.fstest.fs nbd-server 9100 -l /anyone.can.connect > /tmp/delme.fstest.fs & sleep 1 nbd-client localhost 9100 /dev/nd0 & nbd-client localhost 9100 /dev/nd0 & Signed-off-by: Pavel Machek Acked-by: Paul Clements Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit f5d7b376ef4ef7acde7049d2c0f6222ccfcd964c Author: JosephChan@via.com.tw Date: Fri Jan 16 19:44:55 2009 +0800 sata_via: Add VT8261 support commit 6813952021a7820a505002de260bda36978671f7 upstream. Signed-off-by: Joseph Chan Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman commit 31e532156153e38fb96922f1784472cad15482cb Author: Alan Stern Date: Wed Feb 4 15:48:03 2009 -0500 USB: usb-storage: add Pentax to the bad-vendor list commit 506e9469833c66ed6bb9acd902e208f7301b6adb upstream. This patch (as1202) adds Pentax to usb-storage's list of bad vendors whose devices always need the CAPACITY_HEURISTICS flag. This is in addition to the existing entries: Nokia, Nikon, and Motorola. Signed-off-by: Alan Stern Tested-by: Virgo Pärna Signed-off-by: Greg Kroah-Hartman commit ca4f6b2f58d6e222ca5ffdbb1dab8c23ce2810d5 Author: Oliver Neukum Date: Wed Feb 4 16:38:33 2009 +0100 USB: two more usb ids for ti_usb_3410_5052 commit 97dcf0416e390fc5c997d4ea60e6f975c7b7a1c3 upstream. This patch adds device IDs and balances the counts to make the hot ID additioning mechanism work. Signed-off-by: Oliver Neukum Cc: Chris Adams Signed-off-by: Greg Kroah-Hartman commit 1ae68c8d79bc563b8072a4bf12af63ddf17b10a6 Author: Oliver Neukum Date: Mon Jan 12 13:31:16 2009 +0100 USB: new id for ti_usb_3410_5052 driver commit 1a1fab513734b3a4fca1bee8229e5ff7e1cb873c upstream. This adds a new device id Signed-off-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman commit 7fe6a6a3304c330d1989f616438f7f44600342c0 Author: Dirk De Schepper Date: Fri Feb 6 20:48:34 2009 +0000 USB: option: New mobile broadband modems to be supported commit c200b9c9e8ec93cdd262cfa1699ad92e883d4876 upstream. - New Novatel and Dell mobile broadband modem products added - Dell pid variables used in stead of numerical PIDs for known products Signed-off-by: Dirk De Schepper Signed-off-by: Matthias Urlichs Signed-off-by: Greg Kroah-Hartman commit 9fa8a9476cd4342fc3246ed936245e737a9db6e4 Author: Greg Kroah-Hartman Date: Tue Feb 3 16:02:21 2009 -0800 Revert USB: option: add Pantech cards commit 6b40c0057a7935bcf63a38a924094c7e61d4731f upstream. Revert 8b6346ec899713a90890c9e832f7eff91ea73504 as these devices really work just fine with the cdc-acm driver, as they follow the spec properly. Thanks to Chuck Ebbert for pointing out the problem here. Cc: Chuck Ebbert Cc: Dan Williams Signed-off-by: Greg Kroah-Hartman commit ed9b1d5568deee0f1f07205259fb37553fe18eff Author: Lachlan McIlroy Date: Fri Dec 12 15:27:25 2008 +1100 XFS: set b_error from bio error in xfs_buf_bio_end_io commit cfbe52672fbc6f333892e8dde82c35e0a76aa5f5 upstream. Preserve any error returned by the bio layer. Reviewed-by: Eric Sandeen Reviewed-by: Tim Shimmin Signed-off-by: Lachlan McIlroy Cc: Neil Brown Signed-off-by: Greg Kroah-Hartman commit a2926858cfb4fd673618988f37a9dc26c5182377 Author: Helmut Schaa Date: Wed Dec 10 13:17:26 2008 +0100 ipw2200: fix scanning while associated commit 14a4dfe2ff8c353f59ae8324059ded1cfe22c7d9 upstream. This patch fixes sporadic firmware restarts when scanning while associated. The firmware will quietly cancel a scan (while associated) if the dwell time for a channel to be scanned is larger than the time it may stay away from the operating channel (because of DTIM catching). Unfortunately the driver is not notified about the canceled scan and therefore the scan watchdog timeout will be hit and the driver causes a firmware restart which results in disassociation. This mainly happens on passive channels which use a dwell time of 120 whereas a typical beacon interval is around 100. The patch changes the dwell time for passive channels to be slightly smaller than the actual beacon interval to work around the firmware issue. Furthermore the number of allowed beacon misses is increased from one to three as otherwise most scans (while associated) won't complete successfully. However scanning while associated will still fail in corner cases such as a beacon intervals below 30. Signed-off-by: Helmut Schaa Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 936574fd1687ea60a88a5070059e40c7dec7f414 Author: Zhang Rui Date: Thu Dec 11 16:24:52 2008 -0500 ACPI: video: Fix reversed brightness behavior on ThinkPad SL series commit 935e5f290ec1eb0f1c15004421f5fd3154380fd5 upstream. Section B.6.2 of ACPI 3.0b specification that defines _BCL method doesn't require the brightness levels returned to be sorted. At least ThinkPad SL300 (and probably all IdeaPads) returns the array reversed (i.e. bightest levels have lowest indexes), which causes the brightness management behave in completely reversed manner on these machines (brightness increases when the laptop is idle, while the display dims when used). Sorting the array by brightness level values after reading the list fixes the issue. http://bugzilla.kernel.org/show_bug.cgi?id=12037 Signed-off-by: Zhang Rui Tested-by: Lubomir Rintel Signed-off-by: Len Brown Signed-off-by: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit 54fe30373788fa3e968ade0481e08a6f13067b73 Author: Roland McGrath Date: Fri Feb 6 17:34:07 2009 -0800 elf core dump: fix get_user use commit 92dc07b1f988e8c237a38e23be660b9b8533e6fd upstream. The elf_core_dump() code does its work with set_fs(KERNEL_DS) in force, so vma_dump_size() needs to switch back with set_fs(USER_DS) to safely use get_user() for a normal user-space address. Checking for VM_READ optimizes out the case where get_user() would fail anyway. The vm_file check here was already superfluous given the control flow earlier in the function, so that is a cleanup/optimization unrelated to other changes but an obvious and trivial one. Reported-by: Gerald Schaefer Signed-off-by: Roland McGrath Signed-off-by: Greg Kroah-Hartman commit 7bf97ba5bb635e84e2092d4de4092dcf76ad82a0 Author: Hugh Dickins Date: Sun Feb 8 20:56:58 2009 +0000 mm: fix error case in mlock downgrade reversion commit d5b562330ec766292a3ac54ae5e0673610bd5b3d upstream. Commit 27421e211a39784694b597dbf35848b88363c248, Manually revert "mlock: downgrade mmap sem while populating mlocked regions", has introduced its own regression: __mlock_vma_pages_range() may report an error (for example, -EFAULT from trying to lock down pages from beyond EOF), but mlock_vma_pages_range() must hide that from its callers as before. Reported-by: Sami Farin Signed-off-by: Hugh Dickins Signed-off-by: Linus Torvalds commit 82bb8f277d0a486ab49559401227dd2755d7df0f Author: Michael Bramer Date: Tue Jan 27 11:51:16 2009 +0000 Add support for '8-port RS-232 MIC-3620 from advantech' commit 78d70d48132ce4c678a95b771ffa1af4fb5a03ec upstream. This Patch add the device information for the MIC-3620 8-port RS-232 cPCI card from Advantech Co. Ltd. Signed-off-by: Michael Bramer Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 6fa45923652b0f10c2ecf54e07d87a3143579b0b Author: Niels de Vos Date: Fri Jan 2 13:46:58 2009 +0000 serial: set correct baud_base for Oxford Semiconductor Ltd EXSYS EX-41092 Dual 16950 Serial adapter commit 39aced68d664291db3324d0fcf0985ab5626aac2 upstream. The PCI-card identified as "Oxford Semiconductor Ltd EXSYS EX-41092 Dual 16950 Serial adapter" is only usable with other devices (i.e. not the same card) after doing a "setserial /dev/ttyS baud_base 115200". This baud_base should be default for this card. Signed-off-by: Niels de Vos Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 02354e2daffe5ffed2b128824daf6eced0e13688 Author: Alexey Dobriyan Date: Fri Feb 6 00:30:05 2009 +0300 seq_file: fix big-enough lseek() + read() commit f01d1d546abb2f4028b5299092f529eefb01253a upstream. lseek() further than length of the file will leave stale ->index (second-to-last during iteration). Next seq_read() will not notice that ->f_pos is big enough to return 0, but will print last item as if ->f_pos is pointing to it. Introduced in commit cb510b8172602a66467f3551b4be1911f5a7c8c2 aka "seq_file: more atomicity in traverse()". Signed-off-by: Alexey Dobriyan Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 5dcb80816382aac7b3e79a003f520fb3c0821e42 Author: Eric Biederman Date: Wed Feb 4 15:12:25 2009 -0800 seq_file: move traverse so it can be used from seq_read commit 33da8892a2f9e7d4b2d9a35fc80833ba2d2b1aa6 upstream. In 2.6.25 some /proc files were converted to use the seq_file infrastructure. But seq_files do not correctly support pread(), which broke some usersapce applications. To handle pread correctly we can't assume that f_pos is where we left it in seq_read. So move traverse() so that we can eventually use it in seq_read and do thus some day support pread(). Signed-off-by: Eric Biederman Cc: Paul Turner Cc: Alexey Dobriyan Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 63f9bdba0ba2bfb1853a3e5883ec7ac6912b3c09 Author: Timothy S. Nelson Date: Fri Jan 30 06:12:47 2009 +1100 PCI: return error on failure to read PCI ROMs commit 97c44836cdec1ea713a15d84098a1a908157e68f upstream. This patch makes the ROM reading code return an error to user space if the size of the ROM read is equal to 0. The patch also emits a warnings if the contents of the ROM are invalid, and documents the effects of the "enable" file on ROM reading. Signed-off-by: Timothy S. Nelson Acked-by: Alex Villacis-Lasso Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit e5e2130ff639ed7927363c5e7f4a266f3ccded5b Author: Alex Chiang Date: Wed Jan 28 14:59:18 2009 -0700 PCI: properly clean up ASPM link state on device remove commit 3419c75e15f82c3ab09bd944fddbde72c9e4b3ea upstream. We only want to disable ASPM when the last function is removed from the parent's device list. We determine this by checking to see if the parent's device list is completely empty. Unfortunately, we never hit that code because the parent is considered an upstream port, and never had an ASPM link_state associated with it. The early check for !link_state causes us to return early, we never discover that our device list is empty, and thus we never remove the downstream ports' link_state nodes. Instead of checking to see if the parent's device list is empty, we can check to see if we are the last device on the list, and if so, then we know that we can clean up properly. Cc: Shaohua Li Signed-off-by: Alex Chiang Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit 293ddedcb292d7e4a9e1df077a4e6a0b84dd0b96 Author: Myron Stowe Date: Fri Jan 30 15:44:53 2009 -0700 ACPICA: Fix table entry truncation calculation commit 386e4a8358239f90275e1f93d5ad11cdc93c6453 upstream. During early boot, ACPI RSDT/XSDT table entries are gathered into the 'initial_tables[]' array. This array is currently statically defined (see ./drivers/acpi/tables.c). When there are more table entries than can be held in the 'initial_tables[]' array, the message "Truncating N table entries!" is output. As currently implemented, this message will always erroneously calculate N as 0. This patch fixes the calculation that determines how many table entries will be missing (truncated). This modification may be used under either the GPL or the BSD-style license used for Intel ACPI CA code. Signed-off-by: Myron Stowe Signed-off-by: Andrew Morton Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 8c3c08456a945fd3951b51525f901c5be3aca14d Author: Len Brown Date: Fri Feb 6 14:00:56 2009 -0500 ACPI: disable ACPI cleanly when bad RSDP found commit 9e3a9d1ed8cc8db93e5c53e9a5b09065bd95de8b upstream. When ACPI is disabled in the BIOS of this VIA C3 box, it invalidates the RSDP, which Linux notices: ACPI Error (tbxfroot-0218): A valid RSDP was not found [20080926] Bug Linux neglected to disable ACPI at that stage, and later scribbled on smp_found_config: ACPI: No APIC-table, disabling MPS But this box doesn't run well in legacy PIC mode, it needed IOAPIC mode to perform correctly: http://lkml.org/lkml/2009/2/5/39 So exit ACPI mode cleanly when we first detect that it is hopeless. Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 83fee7c6055707f2f2f1a45b76a8f9ce53925090 Author: Zhao Yakui Date: Mon Feb 2 22:55:01 2009 -0500 ACPI: proc_dir_entry 'video/VGA' already registered commit f3b39f1393d5cebe56f43a584ef47efbebd2702c upstream. eliminate the duplicate the name of "VGA" http://bugzilla.kernel.org/show_bug.cgi?id=12514 Signed-off-by: Zhao Yakui Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit d72c92a4e3c9f1ef8ee48196dcc3d8f54a816cb4 Author: Zhao Yakui Date: Mon Feb 2 11:33:41 2009 +0800 ACPI: Skip the first two elements in the _BCL package commit 0a3db1cec5d476804185114ff5d1845aed3936b3 upstream. According to the Spec the first two elements in the _BCL package won't be regarded as the available brightness level. The first is the brightness when full power is connected to the box(It means that the AC adapter is plugged). The second is the brightness level when the box is on battery. If the first two elements are still used while finding the next brightness level, it will fall back to the lowest level when keeping on pressing hotkey. (On some boxes the brightness will be changed twice when hotkey is pressed once. One is in the ACPI video driver. The other is changed by sys I/F. In the ACPI video driver the first two elements will be used while changing the brightness. But the first two elements is skipped while using sys I/F. In such case there exists the inconsistency). So he first two elements had better be skipped while showing the available brightness or finding the next brightness level. http://bugzilla.kernel.org/show_bug.cgi?id=12450 Signed-off-by: Zhao Yakui Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit ec778e2c921546e55e914033b3fe112b33708381 Author: Roel Kluin Date: Sat Jan 17 15:51:27 2009 +0100 panasonic-laptop: fix X[ ARRAY_SIZE(X) ] commit 2b190e76def5233c542f6025b4a133b1d4bd1a37 upstream. Ensure pcc->keymap[ ARRAY_SIZE(pcc->keymap) ] does not occur. Signed-off-by: Roel Kluin Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit c30a0b087efa03642c639d4a485991d6b7454338 Author: Corentin Chary Date: Tue Jan 20 16:17:41 2009 +0100 asus_acpi: Add R1F support commit 1021e2119eb33a990a2b9ff1410805dd9bdf7997 upstream. Add R1F support Signed-off-by: Corentin Chary Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit ef98a303252826c2d80f5ba8a77b63f03b40b394 Author: Takashi Iwai Date: Fri Feb 6 12:45:52 2009 +0100 ALSA: hda - Add missing initialization for ALC272 commit c6e8f2daadc6d61a32b7486a1058c8f1f9baa499 upstream. ALC272 needs EAPD for speaker outputs as well as other similar ALC codecs. Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 461be641bda481770179d8dce7775caa6882535d Author: Takashi Iwai Date: Fri Feb 6 12:46:59 2009 +0100 ALSA: hda - Add missing COEF initialization for ALC887 commit 4a5a4c56b443a213fa9c2ad27984a8681a3d7087 upstream. Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit f3871847b70b2a8d0c8001360188e2a2acbfe8b5 Author: Takashi Iwai Date: Wed Feb 4 23:30:19 2009 +0100 ALSA: hda - Add quirk for FSC Amilo Xi2550 commit f67d8176ba9a3dbc33454cd67057184b2ef5ee31 upstream. Added model=fujisu-pi2515 for FSC Amilo Xi2550 with ALC883 codec. Refernece: Novell bnc#450979 https://bugzilla.novell.com/show_bug.cgi?id=450979 Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 4f0729a87c9f16249520d693d31683e4a299089f Author: Eric Anholt Date: Mon Dec 22 18:56:27 2008 -0800 agp/intel: Fix broken ® symbol in device name. commit b854b2ab959e8175d75e01cf8ed452ed2624d0c8 upstream. Signed-off-by: Eric Anholt Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit a09afae7b873ab425e41453b384ed95b6159a202 Author: Zhenyu Wang Date: Mon Nov 17 14:39:00 2008 +0800 agp/intel: add support for G41 chipset commit a50ccc6c6623ab0e64f2109881e07c176b2d876f upstream. Signed-off-by: Zhenyu Wang Signed-off-by: Eric Anholt Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit df19ea14c317dafc61cde95f918a5783ac56a593 Author: Karsten Keil Date: Tue Feb 3 15:18:01 2009 -0800 e1000: Fix PCI enable to honor the need_ioport flag commit 4d7155b932b8129c72e2f2714890e20b2a05e0b7 upstream. On machine were no IO ports are assigned the call to pci_enable_device() will fail, even if need_ioport is false, we need to use pci_enable_device_mem() here. Signed-off-by: Karsten Keil Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit c784f619619bec525d7791f8b527cc363d708c16 Author: Jesse Brandeburg Date: Tue Jan 27 16:41:58 2009 -0800 e1000: fix bug with shared interrupt during reset commit 15b2bee22a0390d951301b53e83df88d0350c499 upstream. A nasty bug was found where an MTU change (or anything else that caused a reset) could race with the interrupt code. The interrupt code was entered by a shared interrupt during the MTU change. This change prevents the interrupt code from running while the driver is in the middle of its reset path. Signed-off-by: Jesse Brandeburg Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 157bf23d6a74aa526dbe1ae3b193e7b64d33f355 Author: Matthew Garrett Date: Tue Jan 20 16:17:46 2009 +0100 eeepc-laptop: Add support for extended hotkeys commit b5f6f26550700445dcc125bbf75b9104e779d353 upstream. Newer Eees have extra hotkeys above the function keys. This patch adds support for sending them through the input layer. Signed-off-by: Matthew Garrett Signed-off-by: Corentin Chary Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 97a97aaf1d374238d5e02d7a39d41983b6877c49 Author: Darren Salt Date: Sat Feb 7 01:02:07 2009 -0500 eeepc-laptop: fix oops when changing backlight brightness during eeepc-laptop init commit 7695fb04aca62e2d8a7ca6ede50f6211e1d71e53 upstream. I got the following oops while changing the backlight brightness during startup. When it happens, it prevents use of the hotkeys, Fn-Fx, and the lid button. It's a clear use-before-init, as I verified by testing with an appropriately-placed "else printk". BUG: unable to handle kernel NULL pointer dereference at 00000000 *pde = 00000000 Oops: 0002 [#1] PREEMPT SMP Pid: 160, comm: kacpi_notify Not tainted (2.6.28.1-eee901 #4) 901 EIP: 0060:[] [] eeepc_hotk_notify+26/da EFLAGS: 00010246 CPU: 1 Using defaults from ksymoops -t elf32-i386 -a i386 EAX: 00000009 EBX: 00000000 ECX: 00000009 EDX: f70dbf64 ESI: 00000029 EDI: f7335188 EBP: c02112c9 ESP: f70dbf80 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 f70731e0 f73acd50 c02164ac f7335180 f70aa040 c02112e6 f733518c c012b62f f70aa044 f70aa040 c012bdba f70aa04c 00000000 c012be6e 00000000 f70bdf80 c012e198 f70dbfc4 f70dbfc4 f70aa040 c012bdba 00000000 c012e0c9 c012e091 Call Trace: [] ? acpi_ev_notify_dispatch+4c/55 [] ? acpi_os_execute_deferred+1d/25 [] ? run_workqueue+71/f1 [] ? worker_thread+0/bf [] ? worker_thread+b4/bf [] ? autoremove_wake_function+0/2b [] ? worker_thread+0/bf [] ? kthread+38/5f [] ? kthread+0/5f [] ? kernel_thread_helper+7/10 Code: 00 00 00 00 c3 83 3d 60 5c 50 c0 00 56 89 d6 53 0f 84 c4 00 00 00 8d 42 e0 83 f8 0f 77 0f 8b 1d 68 5c 50 c0 89 d8 e8 a9 fa ff ff <89> 03 8b 1d 60 5c 50 c0 89 f2 83 e2 7f 0f b7 4c 53 10 8d 41 01 Signed-off-by: Darren Salt Signed-off-by: Andrew Morton Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 2c49b9d83e2b4776ae1b59f67a02a7e21c2ec01b Author: Borislav Petkov Date: Tue Feb 3 16:24:22 2009 +0100 x86: APIC: enable workaround on AMD Fam10h CPUs commit 858770619debfb9269add63e4ba8b7c6b5538dd1 upstream. Impact: fix to enable APIC for AMD Fam10h on chipsets with a missing/b0rked ACPI MP table (MADT) Booting a 32bit kernel on an AMD Fam10h CPU running on chipsets with missing/b0rked MP table leads to a hang pretty early in the boot process due to the APIC not being initialized. Fix that by falling back to the default APIC base address in 32bit code, as it is done in the 64bit codepath. Signed-off-by: Borislav Petkov Signed-off-by: H. Peter Anvin Signed-off-by: Greg Kroah-Hartman commit be147dc023d5023c0b979b18a762d6663f3d9a38 Author: Andy Whitcroft Date: Fri Jan 2 13:49:04 2009 +0000 serial: RS485 ioctl structure uses __u32 include linux/types.h commit 60c20fb8c00a2b23308ae4517f145383bc66d291 upstream. In the commit below a new struct serial_rs485 was introduced for a new ioctl: commit c26c56c0f40e200e61d1390629c806f6adaffbcc Author: Alan Cox Date: Mon Oct 13 10:37:48 2008 +0100 tty: Cris has a nice RS485 ioctl so we should steal it This structure uses the __u32 types for some of its members, which leads to the following compile error: $ cc -I.../include -c X.c In file included from X.c:2: .../include/linux/serial.h:185: error: expected specifier-qualifier-list before ‘__u32’ $ It seems that these types are appropriate for this structure as it is to be exposed to userspace. These types are available via linux/types.h so move the include of that outside the __KERNEL__ section. Signed-off-by: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Alan Cox Signed-off-by: Linus Torvalds Cc: Matthew Burgess Signed-off-by: Greg Kroah-Hartman commit dec125f42f7dcfa7d327d467485f4ea8ef8ab0df Author: Rusty Russell Date: Sat Feb 7 18:15:56 2009 +1030 module: remove over-zealous check in __module_get() commit 7f9a50a5b89b87f8e754f59ae9968da28be618a5 upstream. Impact: fix spurious BUG_ON() triggered under load module_refcount() isn't reliable outside stop_machine(), as demonstrated by Karsten Keil , networking can trigger it under load (an inc on one cpu and dec on another while module_refcount() is tallying can give false results, for example). Almost noone should be using __module_get, but that's another issue. Cc: Karsten Keil Signed-off-by: Rusty Russell Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 7590496e9c5ad30e25359aba1b1cc32ddbadd834 Author: Stefan Richter Date: Sat Feb 7 13:06:06 2009 +0100 ieee1394: sbp2: add workarounds for 2nd and 3rd generation iPods Commit 1448d7c6a2ff96d3b52ecae49e2d0f046a097fe0 upstream. As per https://bugs.launchpad.net/bugs/294391. These got one sample of each iPod generation going. However there still occurred I/O stalls with the 3rd generation iPod which remain undiagnosed at the time of this writing. Acked-by: Jarod Wilson Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman commit cde5e3d406dd27395f835f9addaf93e1a9fec414 Author: Stefan Richter Date: Sat Feb 7 13:05:25 2009 +0100 firewire: sbp2: add workarounds for 2nd and 3rd generation iPods Commit c8c4707cf7ca8ff7dcc1653447e48cb3de0bf114 upstream. According to https://bugs.launchpad.net/bugs/294391 - 3rd generation iPods need the "fix capacity" workaround after all (apparently they crash after the last sector was accessed), - 2nd generation iPods need the "128 kB maximum request size" workaround. Alas both iPod generations feature the same model ID in the config ROM, hence we can only define a shared quirks list entry for them. Luckily the fix capacity workaround did not show a negative effect in Jarod's tests with 2nd gen. iPod. A side note: Apple computers in target mode (or at least an x86 Mac mini) don't have firmware_version and model_id, hence none of the iPod quirks list entries is active for them. Tested-by: Jarod Wilson Acked-by: Jarod Wilson Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman commit 8424d975b12c8e4ff4efaf92834a2da7d5d66593 Author: Stefan Richter Date: Sat Feb 7 13:04:45 2009 +0100 firewire: sbp2: fix DMA mapping leak on the failure path Commit 5e2125677fd72d36396cc537466e07ffcbbd4b2b upstream. Reported-by: FUJITA Tomonori who also provided a first version of the fix. Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman commit 00a3a8d6daf77f5f2df3ec3d164a5077abb8d2d3 Author: Stefan Richter Date: Sat Feb 7 13:04:09 2009 +0100 firewire: ohci: increase AT req. retries, fix ack_busy_X from Panasonic camcorders and others Commit 8b7b6afaa84708d08139daa08538ca3e56c351f1 upstream. Camcorders have a tendency to fail read requests to their config ROM and write request to their FCP command register with ack_busy_X. This has become a problem with newer kernels and especially Panasonic camcorders, causing AV/C in dvgrab and kino to fail. Dvgrab for example frequently logs "send oops"; kino reports loss of AV/C control. I suspect that lower CPU scheduling latencies in newer kernels made this issue more prominent now. According to https://sourceforge.net/tracker/?func=detail&atid=114103&aid=2492640&group_id=14103 this can be fixed by configuring the FireWire controller for more hardware retries for request transmission; these retries are evidently more successful than libavc1394's own retry loop (typically 3 tries on top of hardware retries). Presumably the same issue has been reported at https://bugzilla.redhat.com/show_bug.cgi?id=449252 and https://bugzilla.redhat.com/show_bug.cgi?id=477279 . In a quick test with a JVC camcorder (which didn't malfunction like the reported camcorders), this change decreased the number of ack_busy_X from 16 in three runs of dvgrab to 4 in three runs of the same capture duration. Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman commit 437a9be5ddd9b1487a52f2e400b471c741ac82fd Author: Stefan Richter Date: Sat Feb 7 13:03:22 2009 +0100 ieee1394: ohci1394: increase AT req. retries, fix ack_busy_X from Panasonic camcorders and others Commit 64c634ef83991b390ec0503e61f16efb0ba3c60b upstream. Camcorders have a tendency to fail read requests to their config ROM and write request to their FCP command register with ack_busy_X. This has become a problem with newer kernels and especially Panasonic camcorders, causing AV/C in dvgrab and kino to fail. Dvgrab for example frequently logs "send oops"; kino reports loss of AV/C control. I suspect that lower CPU scheduling latencies in newer kernels made this issue more prominent now. According to https://sourceforge.net/tracker/?func=detail&atid=114103&aid=2492640&group_id=14103 this can be fixed by configuring the FireWire controller for more hardware retries for request transmission; these retries are evidently more successful than libavc1394's own retry loop (typically 3 tries on top of hardware retries). Presumably the same issue has been reported at https://bugzilla.redhat.com/show_bug.cgi?id=449252 and https://bugzilla.redhat.com/show_bug.cgi?id=477279 . Tested-by: Mathias Beilstein Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman commit b444b2b8819f20b7abd92939c7418ccc375cf732 Author: Holger Macht Date: Tue Jan 20 12:18:24 2009 +0100 ACPI: dock: Don't eval _STA on every show_docked sysfs read commit fc5a9f8841ee87d93376ada5d73117d4d6a373ea upstream. Some devices trigger a DEVICE_CHECK on every evalutation of _STA. This can also be seen in commit 8b59560a3baf2e7c24e0fb92ea5d09eca92805db (ACPI: dock: avoid check _STA method). If an undock is processed, the dock driver sends a uevent and userspace might read the show_docked property in sysfs. This causes an evaluation of _STA of the particular device which causes the dock driver to immediately dock again. In any case, evaluation of _STA (show_docked) does not necessarily mean that we are docked, so check with the internal device structure. http://bugzilla.kernel.org/show_bug.cgi?id=12360 Signed-off-by: Holger Macht Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 232d80938847060e01e894e6404ce162d4924954 Author: Pallipadi, Venkatesh Date: Mon Feb 2 11:57:18 2009 -0800 ACPI: Enable bit 11 in _PDC to advertise hw coord commit d96f94c604453f87fe24154b87e1e9a3a72511f8 upstream. Bit 11 in intel PDC definitions is meant for OS capability to handle hardware coordination of P-states. In Linux we have always supported hwardware coordination of P-states. Just let the BIOSes know that we support it, by setting this bit. Some BIOSes use this bit to choose between hardware or software coordination and without this change below, BIOSes switch to software coordination, which is not very optimal in terms of power consumption and extra wakeups from idle. Signed-off-by: Venkatesh Pallipadi Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 9078d8ddd431e0f8da2cfeda18453ed55dde9a51 Author: Andre Noll Date: Fri Feb 6 15:10:52 2009 +1100 md: Fix a bug in linear.c causing which_dev() to return the wrong device. commit 852c8bf484a0e17ee27f413ef26e87f522af5607 upstream. ab5bd5cbc8d4b868378d062eed3d4240930fbb86 introduced the following bug in linear software raid for large arrays on 32 bit machines: which_dev() computes the device holding a given sector by shifting down the sector number to a 32 bit range, dividing by the array spacing and looking up the resulting index in the hash table of the array. Because the computed index might be slightly too small, a loop at the end of which_dev() increases the index until the given sector actually falls into the range of the device associated with that index. The changes of the above mentioned commit caused this loop to check whether the _index_ rather than the sector number is small enough, effectively bypassing the loop and thus possibly returning the wrong device. As reported by Simon Kirby, this leads to errors such as linear_make_request: Sector 2340486136 out of bounds on dev sdi: 156301312 sectors, offset 2109870464 Fix this bug by introducing a local variable for the index so that the variable containing the passed sector is left unchanged. Signed-off-by: Andre Noll Signed-off-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 7e451afdc1e2ce92bba911c5a9cda1728006dd2b Author: NeilBrown Date: Fri Feb 6 18:02:46 2009 +1100 md: Ensure an md array never has too many devices. commit de01dfadf25bf83cfe3d85c163005c4320532658 upstream. Each different metadata format supported by md supports a different maximum number of devices. We really should be enforcing this maximum in the kernel, but we aren't quite doing that properly. We currently only enforce it at the 'hot_add' point, which is an older interface which is not used by current userspace. We need to also enforce it at 'add_new_disk' time for active arrays and at 'do_md_run' time when starting a new array. So move the test from 'hot_add' into 'bind_rdev_to_array' which is called from both 'hot_add' and 'add_new_disk, and add a new test in 'analyse_sbs' which is called from 'do_md_run'. This bug (or missing feature) has been around "forever" and so the patch is suitable for any -stable that is currently maintained. Signed-off-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 0e900a8736163bb7c078c815c2c96fac6106d2fd Author: Clemens Ladisch Date: Fri Feb 6 08:13:07 2009 +0100 sound: usb-audio: handle wMaxPacketSize for FIXED_ENDPOINT devices commit 894dcd78782842924527598b0b764c9b4e679e21 upstream. For audio devices that do not have proper audio descriptors (e.g., Edirol UA-20), we use hardcoded parameters from our quirks list. However, we must still read the maximum packet size from the standard endpoint descriptor; otherwise, we might use packets that are too big and therefore rejected by the USB core. Signed-off-by: Clemens Ladisch Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 5f1d5882000a8d13f244165ae8747029958ab3df Author: Masami Hiramatsu Date: Thu Feb 5 17:12:39 2009 -0500 prevent kprobes from catching spurious page faults commit 9be260a646bf76fa418ee519afa10196b3164681 upstream. Prevent kprobes from catching spurious faults which will cause infinite recursive page-fault and memory corruption by stack overflow. Signed-off-by: Masami Hiramatsu Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit ad649a5df5b1d4e1feb3f03fc452d05ad217e339 Author: Andrew Morton Date: Wed Feb 4 15:12:06 2009 -0800 revert "rlimit: permit setting RLIMIT_NOFILE to RLIM_INFINITY" commit 60fd760fb9ff7034360bab7137c917c0330628c2 upstream. Revert commit 0c2d64fb6cae9aae480f6a46cfe79f8d7d48b59f because it causes (arguably poorly designed) existing userspace to spend interminable periods closing billions of not-open file descriptors. We could bring this back, with some sort of opt-in tunable in /proc, which defaults to "off". Peter's alanysis follows: : I spent several hours trying to get to the bottom of a serious : performance issue that appeared on one of our servers after upgrading to : 2.6.28. In the end it's what could be considered a userspace bug that : was triggered by a change in 2.6.28. Since this might also affect other : people I figured I'd at least document what I found here, and maybe we : can even do something about it: : : : So, I upgraded some of debian.org's machines to 2.6.28.1 and immediately : the team maintaining our ftp archive complained that one of their : scripts that previously ran in a few minutes still hadn't even come : close to being done after an hour or so. Downgrading to 2.6.27 fixed : that. : : Turns out that script is forking a lot and something in it or python or : whereever closes all the file descriptors it doesn't want to pass on. : That is, it starts at zero and goes up to ulimit -n/RLIMIT_NOFILE and : closes them all with a few exceptions. : : Turns out that takes a long time when your limit -n is now 2^20 (1048576). : : With 2.6.27.* the ulimit -n was the standard 1024, but with 2.6.28 it is : now a thousand times that. : : 2.6.28 included a patch titled "rlimit: permit setting RLIMIT_NOFILE to : RLIM_INFINITY" (0c2d64fb6cae9aae480f6a46cfe79f8d7d48b59f)[1] that : allows, as the title implies, to set the limit for number of files to : infinity. : : Closer investigation showed that the broken default ulimit did not apply : to "system" processes (like stuff started from init). In the end I : could establish that all processes that passed through pam_limit at one : point had the bad resource limit. : : Apparently the pam library in Debian etch (4.0) initializes the limits : to some default values when it doesn't have any settings in limit.conf : to override them. Turns out that for nofiles this is RLIM_INFINITY. : Commenting out "case RLIMIT_NOFILE" in pam_limit.c:267 of our pam : package version 0.79-5 fixes that - tho I'm not sure what side effects : that has. : : Debian lenny (the upcoming 5.0 version) doesn't have this issue as it : uses a different pam (version). Reported-by: Peter Palfrader Cc: Adam Tkac Cc: Michael Kerrisk Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 05dc727926f3fdff4cabd368aaf36812cb9ce01a Author: Tony Battersby Date: Wed Feb 4 15:12:04 2009 -0800 shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM commit a68e61e8ff2d46327a37b69056998b47745db6fa upstream. shm_get_stat() assumes that the inode is a "struct shmem_inode_info", which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c: ramfs_get_inode() vs. mm/shmem.c: shmem_get_inode()). This bad assumption can cause shmctl(SHM_INFO) to lockup when shm_get_stat() tries to spin_lock(&info->lock). Users of !CONFIG_SHMEM may encounter this lockup simply by invoking the 'ipcs' command. Reported by Jiri Olsa back in February 2008: http://lkml.org/lkml/2008/2/29/74 Signed-off-by: Tony Battersby Cc: Jiri Kosina Reported-by: Jiri Olsa Cc: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 12585ca5d984a0b27baf6a397cd6d59d9e82ef4c Author: Johannes Weiner Date: Wed Feb 4 15:12:14 2009 -0800 wait: prevent exclusive waiter starvation commit 777c6c5f1f6e757ae49ecca2ed72d6b1f523c007 upstream. With exclusive waiters, every process woken up through the wait queue must ensure that the next waiter down the line is woken when it has finished. Interruptible waiters don't do that when aborting due to a signal. And if an aborting waiter is concurrently woken up through the waitqueue, noone will ever wake up the next waiter. This has been observed with __wait_on_bit_lock() used by lock_page_killable(): the first contender on the queue was aborting when the actual lock holder woke it up concurrently. The aborted contender didn't acquire the lock and therefor never did an unlock followed by waking up the next waiter. Add abort_exclusive_wait() which removes the process' wait descriptor from the waitqueue, iff still queued, or wakes up the next waiter otherwise. It does so under the waitqueue lock. Racing with a wake up means the aborting process is either already woken (removed from the queue) and will wake up the next waiter, or it will remove itself from the queue and the concurrent wake up will apply to the next waiter after it. Use abort_exclusive_wait() in __wait_event_interruptible_exclusive() and __wait_on_bit_lock() when they were interrupted by other means than a wake up through the queue. [akpm@linux-foundation.org: coding-style fixes] Reported-by: Chris Mason Signed-off-by: Johannes Weiner Mentored-by: Oleg Nesterov Cc: Peter Zijlstra Cc: Matthew Wilcox Cc: Chuck Lever Cc: Nick Piggin Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 8c47f86fb53485e298ed154eb5c0ca0a89b85a24 Author: Carsten Otte Date: Wed Feb 4 15:12:16 2009 -0800 do_wp_page: fix regression with execute in place commit ab92661d5d9514647346047f30f67a7f35ffea67 upstream. Fix do_wp_page for VM_MIXEDMAP mappings. In the case where pfn_valid returns 0 for a pfn at the beginning of do_wp_page and the mapping is not shared writable, the code branches to label `gotten:' with old_page == NULL. In case the vma is locked (vma->vm_flags & VM_LOCKED), lock_page, clear_page_mlock, and unlock_page try to access the old_page. This patch checks whether old_page is valid before it is dereferenced. The regression was introduced by "mlock: mlocked pages are unevictable" (commit b291f000393f5a0b679012b39d79fbc85c018233). Signed-off-by: Carsten Otte Cc: Nick Piggin Cc: Heiko Carstens Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 3bb90b5b5c86949bc3be417eea1eb85f10263098 Author: Dean Nelson Date: Wed Feb 4 15:12:24 2009 -0800 sgi-xp: fix writing past the end of kzalloc()'d space commit 361916a943cd9dbda1c0b00879d0225cc919d868 upstream. A missing type cast results in writing way beyond the end of a kzalloc()'d memory segment resulting in slab corruption. But it seems like the better solution is to define ->recv_msg_slots as a 'void *' rather than a 'struct xpc_notify_mq_msg_uv *' and add the type cast. Signed-off-by: Dean Nelson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman