commit c6f69a472db92993073d11e5cde047655aba0f2c Author: Greg Kroah-Hartman Date: Fri Aug 13 13:24:37 2010 -0700 Linux 2.6.32.19 commit 495b59364c67bc1f970a6229895ae15d1684d694 Author: Linus Torvalds Date: Fri Aug 13 09:49:20 2010 -0700 x86: don't send SIGBUS for kernel page faults commit 96054569190bdec375fe824e48ca1f4e3b53dd36 upstream. It's wrong for several reasons, but the most direct one is that the fault may be for the stack accesses to set up a previous SIGBUS. When we have a kernel exception, the kernel exception handler does all the fixups, not some user-level signal handler. Even apart from the nested SIGBUS issue, it's also wrong to give out kernel fault addresses in the signal handler info block, or to send a SIGBUS when a system call already returns EFAULT. Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit ab832422673d1774c4ce3941f2ac87743d73bded Author: Linus Torvalds Date: Fri Aug 13 09:24:04 2010 -0700 mm: fix missing page table unmap for stack guard page failure case commit 5528f9132cf65d4d892bcbc5684c61e7822b21e9 upstream. .. which didn't show up in my tests because it's a no-op on x86-64 and most other architectures. But we enter the function with the last-level page table mapped, and should unmap it at exit. Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 7e281afe24330aeea86113ac241eabdac8ba2311 Author: Linus Torvalds Date: Thu Aug 12 17:54:33 2010 -0700 mm: keep a guard page below a grow-down stack segment commit 320b2b8de12698082609ebbc1a17165727f4c893 upstream. This is a rather minimally invasive patch to solve the problem of the user stack growing into a memory mapped area below it. Whenever we fill the first page of the stack segment, expand the segment down by one page. Now, admittedly some odd application might _want_ the stack to grow down into the preceding memory mapping, and so we may at some point need to make this a process tunable (some people might also want to have more than a single page of guarding), but let's try the minimal approach first. Tested with trivial application that maps a single page just below the stack, and then starts recursing. Without this, we will get a SIGSEGV _after_ the stack has smashed the mapping. With this patch, we'll get a nice SIGBUS just as the stack touches the page just above the mapping. Requested-by: Keith Packard Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 46dc12d5f11adc21f0071f41d251f3e68869213d Author: KAMEZAWA Hiroyuki Date: Wed Aug 11 15:32:15 2010 -0700 mm: fix corruption of hibernation caused by reusing swap during image saving commit 966cca029f739716fbcc8068b8c6dfe381f86fc3 upstream. Since 2.6.31, swap_map[]'s refcounting was changed to show that a used swap entry is just for swap-cache, can be reused. Then, while scanning free entry in swap_map[], a swap entry may be able to be reclaimed and reused. It was caused by commit c9e444103b5e7a5 ("mm: reuse unused swap entry if necessary"). But this caused deta corruption at resume. The scenario is - Assume a clean-swap cache, but mapped. - at hibernation_snapshot[], clean-swap-cache is saved as clean-swap-cache and swap_map[] is marked as SWAP_HAS_CACHE. - then, save_image() is called. And reuse SWAP_HAS_CACHE entry to save image, and break the contents. After resume: - the memory reclaim runs and finds clean-not-referenced-swap-cache and discards it because it's marked as clean. But here, the contents on disk and swap-cache is inconsistent. Hance memory is corrupted. This patch avoids the bug by not reclaiming swap-entry during hibernation. This is a quick fix for backporting. Signed-off-by: KAMEZAWA Hiroyuki Cc: Rafael J. Wysocki Reported-by: Ondreg Zary Tested-by: Ondreg Zary Tested-by: Andrea Gelmini Signed-off-by: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 8c2b26e45cca45298627428a0bc8bf8a6423d9d1 Author: NeilBrown Date: Wed Mar 31 11:21:44 2010 +1100 md/raid1: delay reads that could overtake behind-writes. commit e555190d82c0f58e825e3cbd9e6ebe2e7ac713bd upstream. When a raid1 array is configured to support write-behind on some devices, it normally only reads from other devices. If all devices are write-behind (because the rest have failed) it is possible for a read request to be serviced before a behind-write request, which would appear as data corruption. So when forced to read from a WriteMostly device, wait for any write-behind to complete, and don't start any more behind-writes. Signed-off-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit 0c5210f73e4a4d2d63e0f94b204bea531b56c529 Author: Brian King Date: Tue Apr 20 14:21:35 2010 -0500 ibmvfc: Reduce error recovery timeout commit daa142d1773dd3a986f02a8a4da929608d24daaa upstream. If a command times out resulting in EH getting invoked, we wait for the aborted commands to come back after sending the abort. Shorten the amount of time we wait for these responses, to ensure we don't get stuck in EH for several minutes. Signed-off-by: Brian King Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit d006b64edff0fa5aea86696cec70fd3a56542b17 Author: Brian King Date: Tue Apr 20 14:21:33 2010 -0500 ibmvfc: Fix command completion handling commit f5832fa2f8dc39adcf3ae348d2d6383163235e79 upstream. Commands which are completed by the VIOS are placed on a CRQ in kernel memory for the ibmvfc driver to process. Each CRQ entry is 16 bytes. The ibmvfc driver reads the first 8 bytes to check if the entry is valid, then reads the next 8 bytes to get the handle, which is a pointer the completed command. This fixes an issue seen on Power 7 where the processor reordered the loads from memory, resulting in processing command completion with a stale handle. This could result in command timeouts, and also early completion of commands. Signed-off-by: Brian King Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit b92f44353fdc526df58a563a6c9279293eb607c7 Author: Hannes Reinecke Date: Fri Jan 15 13:07:34 2010 +0100 aic79xx: check for non-NULL scb in ahd_handle_nonpkt_busfree commit 534ef056db8a8fb6b9d50188d88ed5d1fbc66673 upstream. When removing several devices aic79xx will occasionally Oops in ahd_handle_nonpkt_busfree during rescan. Looking at the code I found that we're indeed not checking if the scb in question is NULL. So check for it before accessing it. Signed-off-by: Hannes Reinecke Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit bde7aceab9887be15a5df51d3369ccc95cc2f241 Author: Nikanth Karthikesan Date: Thu Apr 8 21:39:31 2010 +0200 loop: Update mtime when writing using aops commit 02246c41171097ceab3246f6dc251ac89de6004b upstream. Update mtime when writing to backing filesystem using the address space operations write_begin and write_end. Signed-off-by: Nikanth Karthikesan Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman commit 1fe6910cb27ef3512f96d4ff81c491eb322bd166 Author: Sachin Prabhu Date: Wed Mar 10 10:28:40 2010 -0500 Skip check for mandatory locks when unlocking commit ee860b6a650360c91f5d5f9a94262aad9be90015 upstream. ocfs2_lock() will skip locks on file which has mode set to 02666. This is a problem in cases where the mode of the file is changed after a process has obtained a lock on the file. ocfs2_lock() should skip the check for mandatory locks when unlocking a file. Signed-off-by: Sachin Prabhu Signed-off-by: Joel Becker Signed-off-by: Neil Brown Signed-off-by: Greg Kroah-Hartman commit bce8a761500acc6752aee26d9776bcaa6c812937 Author: Jan Kara Date: Thu Oct 15 14:54:05 2009 +0200 ocfs2: Set MS_POSIXACL on remount commit 57b09bb5e492c37c1e4273fe4e435ffd1d2ddbe0 upstream. We have to set MS_POSIXACL on remount as well. Otherwise VFS would not know we started supporting ACLs after remount and thus ACLs would not work. Signed-off-by: Jan Kara Signed-off-by: Joel Becker Signed-off-by: Mark Fasheh Signed-off-by: Greg Kroah-Hartman commit 7b2212b237085e2c16b889d2ce7f5e671e085081 Author: Tao Ma Date: Mon Nov 30 14:32:19 2009 +0800 ocfs2: Find proper end cpos for a leaf refcount block. commit 38a04e432768ec0b016f3c687b4de31ac111ae59 upstream. ocfs2 refcount tree is stored as an extent tree while the leaf ocfs2_refcount_rec points to a refcount block. The following step can trip a kernel panic. mkfs.ocfs2 -b 512 -C 1M --fs-features=refcount $DEVICE mount -t ocfs2 $DEVICE $MNT_DIR FILE_NAME=$RANDOM FILE_NAME_1=$RANDOM FILE_REF="${FILE_NAME}_ref" FILE_REF_1="${FILE_NAME}_ref_1" for((i=0;i<305;i++)) do # /mnt/1048576 is a file with 1048576 sizes. cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME_1 done for((i=0;i<3;i++)) do cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME done for((i=0;i<2;i++)) do cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME_1 done cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME for((i=0;i<11;i++)) do cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME cat /mnt/1048576 >> $MNT_DIR/$FILE_NAME_1 done reflink $MNT_DIR/$FILE_NAME $MNT_DIR/$FILE_REF # write_f is a program which will write some bytes to a file at offset. # write_f -f file_name -l offset -w write_bytes. ./write_f -f $MNT_DIR/$FILE_REF -l $[310*1048576] -w 4096 ./write_f -f $MNT_DIR/$FILE_REF -l $[306*1048576] -w 4096 ./write_f -f $MNT_DIR/$FILE_REF -l $[311*1048576] -w 4096 ./write_f -f $MNT_DIR/$FILE_NAME -l $[310*1048576] -w 4096 ./write_f -f $MNT_DIR/$FILE_NAME -l $[311*1048576] -w 4096 reflink $MNT_DIR/$FILE_NAME $MNT_DIR/$FILE_REF_1 ./write_f -f $MNT_DIR/$FILE_NAME -l $[311*1048576] -w 4096 #kernel panic here. The reason is that if the ocfs2_extent_rec is the last record in a leaf extent block, the old solution fails to find the suitable end cpos. So this patch try to walk through the b-tree, find the next sub root and get the c_pos the next sub-tree starts from. btw, I have runned tristan's test case against the patched kernel for several days and this type of kernel panic never happens again. Signed-off-by: Tao Ma Signed-off-by: Joel Becker Signed-off-by: Greg Kroah-Hartman commit 8b52a196f50ca16eb07abea00443ff74884d11f0 Author: David Teigland Date: Wed Feb 24 11:59:23 2010 -0600 dlm: send reply before bast commit cf6620acc0f6fac57968aafef79ab372bdcf6157 upstream. When the lock master processes a successful operation (request, convert, cancel, or unlock), it will process the effects of the change before sending the reply for the operation. The "effects" of the operation are: - blocking callbacks (basts) for any newly granted locks - waiting or converting locks that can now be granted The cast is queued on the local node when the reply from the lock master is received. This means that a lock holder can receive a bast for a lock mode that is doesn't yet know has been granted. Signed-off-by: David Teigland Signed-off-by: Greg Kroah-Hartman commit 6ce7a93b30612fd11301dbbafaac8ae01497054d Author: David Teigland Date: Wed Feb 24 11:08:18 2010 -0600 dlm: fix ordering of bast and cast commit 7fe2b3190b8b299409f13cf3a6f85c2bd371f8bb upstream. When both blocking and completion callbacks are queued for lock, the dlm would always deliver the completion callback (cast) first. In some cases the blocking callback (bast) is queued before the cast, though, and should be delivered first. This patch keeps track of the order in which they were queued and delivers them in that order. This patch also keeps track of the granted mode in the last cast and eliminates the following bast if the bast mode is compatible with the preceding cast mode. This happens when a remotely mastered lock is demoted, e.g. EX->NL, in which case the local node queues a cast immediately after sending the demote message. In this way a cast can be queued for a mode, e.g. NL, that makes an in-transit bast extraneous. Signed-off-by: David Teigland Signed-off-by: Greg Kroah-Hartman commit d53f591280e8ad6a3164534db63b8c511154c704 Author: David Teigland Date: Mon Nov 30 16:34:43 2009 -0600 dlm: always use GFP_NOFS commit 573c24c4af6664ffcd9aa7ba617a35fde2b95534 upstream. Replace all GFP_KERNEL and ls_allocation with GFP_NOFS. ls_allocation would be GFP_KERNEL for userland lockspaces and GFP_NOFS for file system lockspaces. It was discovered that any lockspaces on the system can affect all others by triggering memory reclaim in the file system which could in turn call back into the dlm to acquire locks, deadlocking dlm threads that were shared by all lockspaces, like dlm_recv. Signed-off-by: David Teigland Signed-off-by: Greg Kroah-Hartman commit bd91f592633c1a3ec88ac2dd55b81cde45955b1d Author: Jeff Mahoney Date: Tue Mar 23 13:35:38 2010 -0700 reiserfs: fix oops while creating privroot with selinux enabled commit 6cb4aff0a77cc0e6bae9475d62205319e3ebbf3f upstream. Commit 57fe60df ("reiserfs: add atomic addition of selinux attributes during inode creation") contains a bug that will cause it to oops when mounting a file system that didn't previously contain extended attributes on a system using security.* xattrs. The issue is that while creating the privroot during mount reiserfs_security_init calls reiserfs_xattr_jcreate_nblocks which dereferences the xattr root. The xattr root doesn't exist, so we get an oops. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=15309 Signed-off-by: Jeff Mahoney Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit ee0f79ddf59966d514dae5b6c9fcfca0aec46492 Author: Jeff Mahoney Date: Tue Mar 23 13:35:39 2010 -0700 reiserfs: properly honor read-only devices commit 3f8b5ee33293d43ca360771b535dfae8c57259dc upstream. The reiserfs journal behaves inconsistently when determining whether to allow a mount of a read-only device. This is due to the use of the continue_replay variable to short circuit the journal scanning. If it's set, it's assumed that there are transactions to replay, but there may not be. If it's unset, it's assumed that there aren't any, and that may not be the case either. I've observed two failure cases: 1) Where a clean file system on a read-only device refuses to mount 2) Where a clean file system on a read-only device passes the optimization and then tries writing the journal header to update the latest mount id. The former is easily observable by using a freshly created file system on a read-only loopback device. This patch moves the check into journal_read_transaction, where it can bail out before it's about to replay a transaction. That way it can go through and skip transactions where appropriate, yet still refuse to mount a file system with outstanding transactions. Signed-off-by: Jeff Mahoney Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 670a13a74e34d9fff0cd03df73d8a2b77f7decb7 Author: Eric Sandeen Date: Mon Feb 15 20:17:55 2010 -0500 ext4: Fix optional-arg mount options commit 15121c18a22ae483279f76dc9e554334b800d0f7 upstream. We have 2 mount options, "barrier" and "auto_da_alloc" which may or may not take a 1/0 argument. This causes the ext4 superblock mount code to subtract uninitialized pointers and pass the result to kmalloc, which results in very noisy failures. Per Ted's suggestion, initialize the args struct so that we know whether match_token() found an argument for the option, and skip match_int() if not. Also, return error (0) from parse_options if we thought we found an argument, but match_int() Fails. Reported-by: Michael S. Tsirkin Signed-off-by: Eric Sandeen Signed-off-by: "Theodore Ts'o" Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit c60ca6232164fc6abea21bcf3f58172607f491e5 Author: Theodore Ts'o Date: Wed Jun 2 22:04:39 2010 -0400 ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files commit 1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 upstream. Dan Roseberg has reported a problem with the MOVE_EXT ioctl. If the donor file is an append-only file, we should not allow the operation to proceed, lest we end up overwriting the contents of an append-only file. Signed-off-by: "Theodore Ts'o" Cc: Dan Rosenberg Signed-off-by: Greg Kroah-Hartman commit a234580f5c847eaa59e775469205734c5d94e846 Author: Darrick J. Wong Date: Thu Feb 18 10:28:20 2010 -0800 ACPI: Fix regression where _PPC is not read at boot even when ignore_ppc=0 commit 455c0d71d46e86b0b7ff2c9dcfc19bc162302ee9 upstream. Earlier, Ingo Molnar posted a patch to make it so that the kernel would avoid reading _PPC on his broken T60. Unfortunately, it seems that with Thomas Renninger's patch last July to eliminate _PPC evaluations when the processor driver loads, the kernel never actually reads _PPC at all! This is problematic if you happen to boot your non-T60 computer in a state where the BIOS _wants_ _PPC to be something other than zero. So, put the _PPC evaluation back into acpi_processor_get_performance_info if ignore_ppc isn't 1. Signed-off-by: Darrick J. Wong Signed-off-by: Len Brown Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 876c10addb8c8f064dae77b13f85d756df60bcf8 Author: Breno Leitao Date: Wed Feb 3 05:56:41 2010 +0000 powerpc/eeh: Fix a bug when pci structure is null commit 8d3d50bf1913561ef3b1f5b53115c5a481ba9b1e upstream. During a EEH recover, the pci_dev structure can be null, mainly if an eeh event is detected during cpi config operation. In this case, the pci_dev will not be known (and will be null) the kernel will crash with the following message: Unable to handle kernel paging request for data at address 0x000000a0 Faulting instruction address: 0xc00000000006b8b4 Oops: Kernel access of bad area, sig: 11 [#1] NIP [c00000000006b8b4] .eeh_event_handler+0x10c/0x1a0 LR [c00000000006b8a8] .eeh_event_handler+0x100/0x1a0 Call Trace: [c0000003a80dff00] [c00000000006b8a8] .eeh_event_handler+0x100/0x1a0 [c0000003a80dff90] [c000000000031f1c] .kernel_thread+0x54/0x70 The bug occurs because pci_name() tries to access a null pointer. This patch just guarantee that pci_name() is not called on Null pointers. Signed-off-by: Breno Leitao Signed-off-by: Linas Vepstas Signed-off-by: Benjamin Herrenschmidt Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit d0cddca762a554fc1eb86d38df33cf20bba21243 Author: Wu Fengguang Date: Wed Dec 16 12:19:58 2009 +0100 HWPOISON: abort on failed unmap commit 1668bfd5be9d8a52536c4865000fbbe065a3613b upstream. Don't try to isolate a still mapped page. Otherwise we will hit the BUG_ON(page_mapped(page)) in __remove_from_page_cache(). Signed-off-by: Wu Fengguang Signed-off-by: Andi Kleen Signed-off-by: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit b30604b9fd4b46527b7b8716534023941f4338a4 Author: Wu Fengguang Date: Wed Dec 16 12:19:57 2009 +0100 HWPOISON: remove the anonymous entry commit 9b9a29ecd75e310f75a9243e1c3538ad34598fcb upstream. (PG_swapbacked && !PG_lru) pages should not happen. Better to treat them as unknown pages. Signed-off-by: Wu Fengguang Signed-off-by: Andi Kleen Signed-off-by: Thomas Renninger Signed-off-by: Greg Kroah-Hartman commit b0cac0796de72b83a0691c662960c84ee16bcc8e Author: Eric W. Biederman Date: Sun Feb 28 01:06:34 2010 -0800 x86: Fix out of order of gsi commit fad539956c9e69749a03f7817d22d1bab87657bf upstream. Iranna D Ankad reported that IBM x3950 systems have boot problems after this commit: | | commit b9c61b70075c87a8612624736faf4a2de5b1ed30 | | x86/pci: update pirq_enable_irq() to setup io apic routing | The problem is that with the patch, the machine freezes when console=ttyS0,... kernel serial parameter is passed. It seem to freeze at DVD initialization and the whole problem seem to be DVD/pata related, but somehow exposed through the serial parameter. Such apic problems can expose really weird behavior: ACPI: IOAPIC (id[0x10] address[0xfecff000] gsi_base[0]) IOAPIC[0]: apic_id 16, version 0, address 0xfecff000, GSI 0-2 ACPI: IOAPIC (id[0x0f] address[0xfec00000] gsi_base[3]) IOAPIC[1]: apic_id 15, version 0, address 0xfec00000, GSI 3-38 ACPI: IOAPIC (id[0x0e] address[0xfec01000] gsi_base[39]) IOAPIC[2]: apic_id 14, version 0, address 0xfec01000, GSI 39-74 ACPI: INT_SRC_OVR (bus 0 bus_irq 1 global_irq 4 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 5 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 3 global_irq 6 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 4 global_irq 7 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 6 global_irq 9 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 7 global_irq 10 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 8 global_irq 11 low edge) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 12 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 12 global_irq 15 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 13 global_irq 16 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 14 global_irq 17 low edge) ACPI: INT_SRC_OVR (bus 0 bus_irq 15 global_irq 18 dfl dfl) It turns out that the system has three io apic controllers, but boot ioapic routing is in the second one, and that gsi_base is not 0 - it is using a bunch of INT_SRC_OVR... So these recent changes: 1. one set routing for first io apic controller 2. assume irq = gsi ... will break that system. So try to remap those gsis, need to seperate boot_ioapic_idx detection out of enable_IO_APIC() and call them early. So introduce boot_ioapic_idx, and remap_ioapic_gsi()... -v2: shift gsi with delta instead of gsi_base of boot_ioapic_idx -v3: double check with find_isa_irq_apic(0, mp_INT) to get right boot_ioapic_idx -v4: nr_legacy_irqs -v5: add print out for boot_ioapic_idx, and also make it could be applied for current kernel and previous kernel -v6: add bus_irq, in acpi_sci_ioapic_setup, so can get overwride for sci right mapping... -v7: looks like pnpacpi get irq instead of gsi, so need to revert them back... -v8: split into two patches -v9: according to Eric, use fixed 16 for shifting instead of remap -v10: still need to touch rsparser.c -v11: just revert back to way Eric suggest... anyway the ioapic in first ioapic is blocked by second... -v12: two patches, this one will add more loop but check apic_id and irq > 16 Reported-by: Iranna D Ankad Bisected-by: Iranna D Ankad Tested-by: Gary Hade Signed-off-by: Yinghai Lu Cc: Eric W. Biederman Cc: Thomas Renninger Cc: Eric W. Biederman Cc: Suresh Siddha Cc: len.brown@intel.com LKML-Reference: <4B8A321A.1000008@kernel.org> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 768cde06c7939b742603c52b26fccfbc65b308c2 Author: Shaohui Zheng Date: Tue Feb 2 13:44:16 2010 -0800 memory hotplug: fix a bug on /dev/mem for 64-bit kernels commit ea0854170c95245a258b386c7a9314399c949fe0 upstream. Newly added memory can not be accessed via /dev/mem, because we do not update the variables high_memory, max_pfn and max_low_pfn. Add a function update_end_of_memory_vars() to update these variables for 64-bit kernels. [akpm@linux-foundation.org: simplify comment] Signed-off-by: Shaohui Zheng Cc: Andi Kleen Cc: Li Haicheng Reviewed-by: Wu Fengguang Reviewed-by: KAMEZAWA Hiroyuki Cc: Ingo Molnar Cc: Thomas Gleixner Cc: "H. Peter Anvin" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 07049d16deb4ff91526619a471bdfb84b25db0d9 Author: Song Youquan Date: Wed Dec 23 19:45:20 2009 +0800 crypto: testmgr - Fix complain about lack test for internal used algorithm commit 863b557a88f8c033f7419fabafef4712a5055f85 upstream. When load aesni-intel and ghash_clmulni-intel driver,kernel will complain no test for some internal used algorithm. The strange information as following: alg: No test for __aes-aesni (__driver-aes-aesni) alg: No test for __ecb-aes-aesni (__driver-ecb-aes-aesni) alg: No test for __cbc-aes-aesni (__driver-cbc-aes-aesni) alg: No test for __ecb-aes-aesni (cryptd(__driver-ecb-aes-aesni) alg: No test for __ghash (__ghash-pclmulqdqni) alg: No test for __ghash (cryptd(__ghash-pclmulqdqni)) This patch add NULL test entries for these algorithm and driver. Signed-off-by: Song Youquan Signed-off-by: Hang Ying Signed-off-by: Herbert Xu Acked-by: Jiri Kosina Signed-off-by: Greg Kroah-Hartman commit 588809a6ee34603235a0101e41f116e998e0ea9e Author: FUJITA Tomonori Date: Tue Nov 17 14:44:35 2009 -0800 fix SBA IOMMU to handle allocation failure properly commit e2a465675dc089e9a56ba2fa2a5fbd9bd8844d18 upstream. It's possible that SBA IOMMU might fail to find I/O space under heavy I/Os. SBA IOMMU panics on allocation failure but it shouldn't; drivers can handle the failure. The majority of other IOMMU drivers don't panic on allocation failure. This patch fixes SBA IOMMU path to handle allocation failure properly. Signed-off-by: FUJITA Tomonori Cc: Fenghua Yu Signed-off-by: Andrew Morton Signed-off-by: Tony Luck Acked-by: Leonardo Chiquitto Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit f40bf5f2fcef9e3123faf09cb33a5b0066e55b2d Author: Benjamin Herrenschmidt Date: Fri Apr 16 23:20:00 2010 +0200 mutex: Don't spin when the owner CPU is offline or other weird cases commit 4b402210486c6414fe5fbfd85934a0a22da56b04 upstream. Due to recent load-balancer changes that delay the task migration to the next wakeup, the adaptive mutex spinning ends up in a live lock when the owner's CPU gets offlined because the cpu_online() check lives before the owner running check. This patch changes mutex_spin_on_owner() to return 0 (don't spin) in any case where we aren't sure about the owner struct validity or CPU number, and if the said CPU is offline. There is no point going back & re-evaluate spinning in corner cases like that, let's just go to sleep. Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Peter Zijlstra LKML-Reference: <1271212509.13059.135.camel@pasglop> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 19eb722b762e235458d912fa6621590fa9bd49ed Author: Hidetoshi Seto Date: Wed Dec 2 17:28:07 2009 +0900 sched, cputime: Introduce thread_group_times() commit 0cf55e1ec08bb5a22e068309e2d8ba1180ab4239 upstream. This is a real fix for problem of utime/stime values decreasing described in the thread: http://lkml.org/lkml/2009/11/3/522 Now cputime is accounted in the following way: - {u,s}time in task_struct are increased every time when the thread is interrupted by a tick (timer interrupt). - When a thread exits, its {u,s}time are added to signal->{u,s}time, after adjusted by task_times(). - When all threads in a thread_group exits, accumulated {u,s}time (and also c{u,s}time) in signal struct are added to c{u,s}time in signal struct of the group's parent. So {u,s}time in task struct are "raw" tick count, while {u,s}time and c{u,s}time in signal struct are "adjusted" values. And accounted values are used by: - task_times(), to get cputime of a thread: This function returns adjusted values that originates from raw {u,s}time and scaled by sum_exec_runtime that accounted by CFS. - thread_group_cputime(), to get cputime of a thread group: This function returns sum of all {u,s}time of living threads in the group, plus {u,s}time in the signal struct that is sum of adjusted cputimes of all exited threads belonged to the group. The problem is the return value of thread_group_cputime(), because it is mixed sum of "raw" value and "adjusted" value: group's {u,s}time = foreach(thread){{u,s}time} + exited({u,s}time) This misbehavior can break {u,s}time monotonicity. Assume that if there is a thread that have raw values greater than adjusted values (e.g. interrupted by 1000Hz ticks 50 times but only runs 45ms) and if it exits, cputime will decrease (e.g. -5ms). To fix this, we could do: group's {u,s}time = foreach(t){task_times(t)} + exited({u,s}time) But task_times() contains hard divisions, so applying it for every thread should be avoided. This patch fixes the above problem in the following way: - Modify thread's exit (= __exit_signal()) not to use task_times(). It means {u,s}time in signal struct accumulates raw values instead of adjusted values. As the result it makes thread_group_cputime() to return pure sum of "raw" values. - Introduce a new function thread_group_times(*task, *utime, *stime) that converts "raw" values of thread_group_cputime() to "adjusted" values, in same calculation procedure as task_times(). - Modify group's exit (= wait_task_zombie()) to use this introduced thread_group_times(). It make c{u,s}time in signal struct to have adjusted values like before this patch. - Replace some thread_group_cputime() by thread_group_times(). This replacements are only applied where conveys the "adjusted" cputime to users, and where already uses task_times() near by it. (i.e. sys_times(), getrusage(), and /proc//stat.) This patch have a positive side effect: - Before this patch, if a group contains many short-life threads (e.g. runs 0.9ms and not interrupted by ticks), the group's cputime could be invisible since thread's cputime was accumulated after adjusted: imagine adjustment function as adj(ticks, runtime), {adj(0, 0.9) + adj(0, 0.9) + ....} = {0 + 0 + ....} = 0. After this patch it will not happen because the adjustment is applied after accumulated. v2: - remove if()s, put new variables into signal_struct. Signed-off-by: Hidetoshi Seto Acked-by: Peter Zijlstra Cc: Spencer Candland Cc: Americo Wang Cc: Oleg Nesterov Cc: Balbir Singh Cc: Stanislaw Gruszka LKML-Reference: <4B162517.8040909@jp.fujitsu.com> Signed-off-by: Ingo Molnar Signed-off-by: Jiri Slaby Signed-off-by: Greg Kroah-Hartman commit 2b2513f387d62bee12ce95896e71b9f557634be1 Author: Hidetoshi Seto Date: Thu Nov 12 13:33:45 2009 +0900 sched: Fix granularity of task_u/stime() commit 761b1d26df542fd5eb348837351e4d2f3bc7bffe upstream. Originally task_s/utime() were designed to return clock_t but later changed to return cputime_t by following commit: commit efe567fc8281661524ffa75477a7c4ca9b466c63 Author: Christian Borntraeger Date: Thu Aug 23 15:18:02 2007 +0200 It only changed the type of return value, but not the implementation. As the result the granularity of task_s/utime() is still that of clock_t, not that of cputime_t. So using task_s/utime() in __exit_signal() makes values accumulated to the signal struct to be rounded and coarse grained. This patch removes casts to clock_t in task_u/stime(), to keep granularity of cputime_t over the calculation. v2: Use div_u64() to avoid error "undefined reference to `__udivdi3`" on some 32bit systems. Signed-off-by: Hidetoshi Seto Acked-by: Peter Zijlstra Cc: xiyou.wangcong@gmail.com Cc: Spencer Candland Cc: Oleg Nesterov Cc: Stanislaw Gruszka LKML-Reference: <4AFB9029.9000208@jp.fujitsu.com> Signed-off-by: Ingo Molnar Signed-off-by: Jiri Slaby Signed-off-by: Greg Kroah-Hartman commit 8aa3149405e33cec4f866cfe7f92c2b40d259613 Author: Lin Ming Date: Tue Nov 17 13:49:50 2009 +0800 timekeeping: Fix clock_gettime vsyscall time warp commit 0696b711e4be45fa104c12329f617beb29c03f78 upstream. Since commit 0a544198 "timekeeping: Move NTP adjusted clock multiplier to struct timekeeper" the clock multiplier of vsyscall is updated with the unmodified clock multiplier of the clock source and not with the NTP adjusted multiplier of the timekeeper. This causes user space observerable time warps: new CLOCK-warp maximum: 120 nsecs, 00000025c337c537 -> 00000025c337c4bf Add a new argument "mult" to update_vsyscall() and hand in the timekeeping internal NTP adjusted multiplier. Signed-off-by: Lin Ming Cc: "Zhang Yanmin" Cc: Martin Schwidefsky Cc: Benjamin Herrenschmidt Cc: Tony Luck LKML-Reference: <1258436990.17765.83.camel@minggr.sh.intel.com> Signed-off-by: Thomas Gleixner Signed-off-by: Kurt Garloff Signed-off-by: Greg Kroah-Hartman commit e66bb883118bf9db3b66f2ec3315be83d2b27aeb Author: Martin Schwidefsky Date: Tue Sep 29 14:25:15 2009 +0200 nohz: Reuse ktime in sub-functions of tick_check_idle. commit eed3b9cf3fe3fcc7a50238dfcab63a63914e8f42 upstream. On a system with NOHZ=y tick_check_idle calls tick_nohz_stop_idle and tick_nohz_update_jiffies. Given the right conditions (ts->idle_active and/or ts->tick_stopped) both function get a time stamp with ktime_get. The same time stamp can be reused if both function require one. On s390 this change has the additional benefit that gcc inlines the tick_nohz_stop_idle function into tick_check_idle. The number of instructions to execute tick_check_idle drops from 225 to 144 (without the ktime_get optimization it is 367 vs 215 instructions). before: 0) | tick_check_idle() { 0) | tick_nohz_stop_idle() { 0) | ktime_get() { 0) | read_tod_clock() { 0) 0.601 us | } 0) 1.765 us | } 0) 3.047 us | } 0) | ktime_get() { 0) | read_tod_clock() { 0) 0.570 us | } 0) 1.727 us | } 0) | tick_do_update_jiffies64() { 0) 0.609 us | } 0) 8.055 us | } after: 0) | tick_check_idle() { 0) | ktime_get() { 0) | read_tod_clock() { 0) 0.617 us | } 0) 1.773 us | } 0) | tick_do_update_jiffies64() { 0) 0.593 us | } 0) 4.477 us | } Signed-off-by: Martin Schwidefsky Cc: john stultz LKML-Reference: <20090929122533.206589318@de.ibm.com> Signed-off-by: Thomas Gleixner Acked-by: John Jolly Signed-off-by: Greg Kroah-Hartman commit 7bfa0a73b2723bf4cc8a154534c351f31f8a120f Author: Martin Schwidefsky Date: Tue Sep 29 14:25:16 2009 +0200 nohz: Introduce arch_needs_cpu commit 3c5d92a0cfb5103c0d5ab74d4ae6373d3af38148 upstream. Allow the architecture to request a normal jiffy tick when the system goes idle and tick_nohz_stop_sched_tick is called . On s390 the hook is used to prevent the system going fully idle if there has been an interrupt other than a clock comparator interrupt since the last wakeup. On s390 the HiperSockets response time for 1 connection ping-pong goes down from 42 to 34 microseconds. The CPU cost decreases by 27%. Signed-off-by: Martin Schwidefsky LKML-Reference: <20090929122533.402715150@de.ibm.com> Signed-off-by: Thomas Gleixner Acked-by: John Jolly Signed-off-by: Greg Kroah-Hartman commit 55f32f8ac693e2bb4081d7cec1144b0250182267 Author: Josef Bacik Date: Thu Feb 25 20:38:35 2010 +0000 Btrfs: kfree correct pointer during mount option parsing commit da495ecc0fb096b383754952a1c152147bc95b52 upstream. We kstrdup the options string, but then strsep screws with the pointer, so when we kfree() it, we're not giving it the right pointer. Tested-by: Andy Lutomirski Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit f827e15f9ff7f653a3fff45487faf1460edd7705 Author: Shaohua Li Date: Thu Feb 11 07:43:00 2010 +0000 Btrfs: btrfs_mark_extent_written uses the wrong slot commit 3f6fae9559225741c91f1320090b285da1413290 upstream. My test do: fallocate a big file and do write. The file is 512M, but after file write is done btrfs-debug-tree shows: item 6 key (257 EXTENT_DATA 0) itemoff 3516 itemsize 53 extent data disk byte 1103101952 nr 536870912 extent data offset 0 nr 399634432 ram 536870912 extent compression 0 Looks like a regression introducted by 6c7d54ac87f338c479d9729e8392eca3f76e11e1, where we set wrong slot. Signed-off-by: Shaohua Li Acked-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit b5763c0f3bb1ca5ca64d2b72d07e8b42ab624ab0 Author: Aneesh Kumar K.V Date: Thu Feb 4 11:33:03 2010 -0500 Btrfs: apply updated fallocate i_size fix commit 23b5c50945f2294add0137799400329c0ebba290 upstream. This version of the i_size fix for fallocate makes sure we only update the i_size when the current fallocate is really operating outside of i_size. Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 8fde9c08a05eeec46081864307877d361fdbaafa Author: Josef Bacik Date: Tue Feb 2 20:50:10 2010 +0000 Btrfs: do not try and lookup the file extent when finishing ordered io commit efd049fb26a162c3830fd3cb1001fdc09b147f3b upstream. When running the following fio job [torrent] filename=torrent-test rw=randwrite size=4g filesize=4g bs=4k ioengine=sync you would see long stalls where no work was being done. That is because we were doing all this extra work to read in the file extent outside of the transaction, however in the random io case this ends up hurting us because the file extents are not there to begin with. So axe this logic, since we end up reading in the file extent when we go to update it anyway. This took the fio job from 11 mb/s with several ~10 second stalls to 24 mb/s to a couple of 1-2 second stalls. Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit fa3c9782cdbb89ba2139e7c2edc1ae562582a6ba Author: Yan, Zheng Date: Mon Feb 1 02:41:17 2010 +0000 Btrfs: Fix oopsen when dropping empty tree. commit 7a7965f83e89f0be506a96769938a721e4e5ae50 upstream. When dropping a empty tree, walk_down_tree() skips checking extent information for the tree root. This will triggers a BUG_ON in walk_up_proc(). Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 4c324840d6c06406e1f05e12952c050c4e84ce95 Author: Miao Xie Date: Tue Feb 2 08:46:44 2010 +0000 Btrfs: remove BUG_ON() due to mounting bad filesystem commit d7ce5843bb28ada6845ab2ae8510ba3f12d33154 upstream. Mounting a bad filesystem caused a BUG_ON(). The following is steps to reproduce it. # mkfs.btrfs /dev/sda2 # mount /dev/sda2 /mnt # mkfs.btrfs /dev/sda1 /dev/sda2 (the program says that /dev/sda2 was mounted, and then exits. ) # umount /mnt # mount /dev/sda1 /mnt At the third step, mkfs.btrfs exited in the way of make filesystem. So the initialization of the filesystem didn't finish. So the filesystem was bad, and it caused BUG_ON() when mounting it. But BUG_ON() should be called by the wrong code, not user's operation, so I think it is a bug of btrfs. This patch fixes it. Signed-off-by: Miao Xie Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit caf32f2c7d0f78eead8cb38a86dfa1bff6ded600 Author: Roel Kluin Date: Fri Jan 29 10:42:11 2010 +0000 Btrfs: make error return negative in btrfs_sync_file() commit 014e4ac4f7d9c981750491fa40ea35efadc9ed49 upstream. It appears the error return should be negative Signed-off-by: Roel Kluin Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 85d0fbf78459afd67f19052fca86e804db8e1251 Author: Yan, Zheng Date: Thu Feb 4 08:46:56 2010 +0000 Btrfs: fix race between allocate and release extent buffer. commit f044ba7835b84e69c68b620ca8fa27e5ef67759d upstream. Increase extent buffer's reference count while holding the lock. Otherwise it can race with try_release_extent_buffer. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 95ec1a915f8c7730a5dffdd604c2b0498be15200 Author: Josef Bacik Date: Wed Jan 27 02:09:38 2010 +0000 Btrfs: check total number of devices when removing missing commit 035fe03a7ad56982b30ab3a522b7b08d58feccd0 upstream. If you have a disk failure in RAID1 and then add a new disk to the array, and then try to remove the missing volume, it will fail. The reason is the sanity check only looks at the total number of rw devices, which is just 2 because we have 2 good disks and 1 bad one. Instead check the total number of devices in the array to make sure we can actually remove the device. Tested this with a failed disk setup and with this test we can now run btrfs-vol -r missing /mount/point and it works fine. Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit b618d2a8d9e044caefeeb801375b458889961a06 Author: Josef Bacik Date: Wed Jan 27 02:09:00 2010 +0000 Btrfs: check return value of open_bdev_exclusive properly commit 7f59203abeaf18bf3497b308891f95a4489810ad upstream. Hit this problem while testing RAID1 failure stuff. open_bdev_exclusive returns ERR_PTR(), not NULL. So change the return value properly. This is important if you accidently specify a device that doesn't exist when trying to add a new device to an array, you will panic the box dereferencing bdev. Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 020009fcab2690bb6ecfdc75bcdeed1833d4c8f5 Author: Josef Bacik Date: Wed Jan 27 02:07:59 2010 +0000 Btrfs: do not mark the chunk as readonly if in degraded mode commit f48b90756bd834dda852ff514f2690d3175b1f44 upstream. If a RAID setup has chunks that span multiple disks, and one of those disks has failed, btrfs_chunk_readonly will return 1 since one of the disks in that chunk's stripes is dead and therefore not writeable. So instead if we are in degraded mode, return 0 so we can go ahead and allocate stuff. Without this patch all of the block groups in a RAID1 setup will end up read-only, which will mean we can't add new disks to the array since we won't be able to make allocations. Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 8766aeadf9ad4dbabfee5176eca09e38c950c191 Author: Josef Bacik Date: Tue Jan 26 14:30:53 2010 +0000 Btrfs: run orphan cleanup on default fs root commit e3acc2a6850efff647f1c5458524eb3a8bcba20a upstream. This patch revert's commit 6c090a11e1c403b727a6a8eff0b97d5fb9e95cb5 Since it introduces this problem where we can run orphan cleanup on a volume that can have orphan entries re-added. Instead of my original fix, Yan Zheng pointed out that we can just revert my original fix and then run the orphan cleanup in open_ctree after we look up the fs_root. I have tested this with all the tests that gave me problems and this patch fixes both problems. Thanks, Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit aeda1ce85788fe3a1dfa65d6b616c3d7c83dfc2d Author: Yang Hongyang Date: Tue Jan 26 00:48:23 2010 +0000 Btrfs: fix a memory leak in btrfs_init_acl commit f858153c367a397235d3e81136741e40e44faf1d upstream. In btrfs_init_acl() cloned acl is not released Signed-off-by: Yang Hongyang Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit ccfc4449f80353e46b624ea92dc72e3197a0a09b Author: Aneesh Kumar K.V Date: Wed Jan 20 07:28:54 2010 +0000 Btrfs: Use correct values when updating inode i_size on fallocate commit d1ea6a61454e7d7ff0873d0ad1ae27d5807da0d3 upstream. commit f2bc9dd07e3424c4ec5f3949961fe053d47bc825 Author: Aneesh Kumar K.V Date: Wed Jan 20 12:57:53 2010 +0530 Btrfs: Use correct values when updating inode i_size on fallocate Even though we allocate more, we should be updating inode i_size as per the arguments passed Signed-off-by: Aneesh Kumar K.V Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit fad9f7ba5e105ae770ac6b44e4b356445a1091b9 Author: Josef Bacik Date: Fri Nov 13 20:12:59 2009 +0000 Btrfs: fix possible panic on unmount commit 11dfe35a0108097f2df1f042c485fa7f758c2cdf upstream. We can race with the unmount of an fs and the stopping of a kthread where we will free the block group before we're done using it. The reason for this is because we do not hold a reference on the block group while its caching, since the allocator drops its reference once it exits or moves on to the next block group. This patch fixes the problem by taking a reference to the block group before we start caching and dropping it when we're done to make sure all accesses to the block group are safe. Thanks, Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit f7733c6a95d6406a55b6e29b2ff15ac22f741bc5 Author: Chris Mason Date: Sun Jan 17 20:36:18 2010 -0500 Btrfs: deal with NULL acl sent to btrfs_set_acl commit a9cc71a60c29a09174bee2fcef8f924c529fd4b7 upstream. It is legal for btrfs_set_acl to be sent a NULL acl. This makes sure we don't dereference it. A similar patch was sent by Johannes Hirte Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 3d31143c5687d5291aa8b43126a2befba84c03b4 Author: Josef Bacik Date: Fri Jan 15 20:08:22 2010 +0000 Btrfs: fix regression in orphan cleanup commit 6c090a11e1c403b727a6a8eff0b97d5fb9e95cb5 upstream. Currently orphan cleanup only ever gets triggered if we cross subvolumes during a lookup, which means that if we just mount a plain jane fs that has orphans in it, they will never get cleaned up. This results in panic's like these http://www.kerneloops.org/oops.php?number=1109085 where adding an orphan entry results in -EEXIST being returned and we panic. In order to fix this, we check to see on lookup if our root has had the orphan cleanup done, and if not go ahead and do it. This is easily reproduceable by running this testcase #include #include #include #include #include #include int main(int argc, char **argv) { char data[4096]; char newdata[4096]; int fd1, fd2; memset(data, 'a', 4096); memset(newdata, 'b', 4096); while (1) { int i; fd1 = creat("file1", 0666); if (fd1 < 0) break; for (i = 0; i < 512; i++) write(fd1, data, 4096); fsync(fd1); close(fd1); fd2 = creat("file2", 0666); if (fd2 < 0) break; ftruncate(fd2, 4096 * 512); for (i = 0; i < 512; i++) write(fd2, newdata, 4096); close(fd2); i = rename("file2", "file1"); unlink("file1"); } return 0; } and then pulling the power on the box, and then trying to run that test again when the box comes back up. I've tested this locally and it fixes the problem. Thanks to Tomas Carnecky for helping me track this down initially. Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit f0862ee9b00c842ccf5078ad734738671bfef608 Author: Yan, Zheng Date: Fri Jan 15 08:43:09 2010 +0000 Btrfs: Fix race in btrfs_mark_extent_written commit 6c7d54ac87f338c479d9729e8392eca3f76e11e1 upstream. Fix bug reported by Johannes Hirte. The reason of that bug is btrfs_del_items is called after btrfs_duplicate_item and btrfs_del_items triggers tree balance. The fix is check that case and call btrfs_search_slot when needed. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit ded3c4fede333390de3d5059c9a7aa8823203167 Author: Jiri Slaby Date: Wed Jan 6 16:57:22 2010 +0000 Btrfs, fix memory leaks in error paths commit 2423fdfb96e3f9ff3baeb6c4c78d74145547891d upstream. Stanse found 2 memory leaks in relocate_block_group and __btrfs_map_block. cluster and multi are not freed/assigned on all paths. Fix that. Signed-off-by: Jiri Slaby Cc: linux-btrfs@vger.kernel.org Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit e00818493b94468d30f5be73221e60d19ce85dd2 Author: Yan, Zheng Date: Mon Dec 28 05:01:58 2009 +0000 Btrfs: align offsets for btrfs_ordered_update_i_size commit a038fab0cb873c75d6675e2bcffce8a3935bdce7 upstream. Some callers of btrfs_ordered_update_i_size can now pass in a NULL for the ordered extent to update against. This makes sure we properly align the offset they pass in when deciding how much to bump the on disk i_size. Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 77033193e0499bdafc35be3035ab2bd361d75052 Author: Jan Engelhardt Date: Wed Dec 9 22:00:38 2009 +0000 btrfs: fix missing last-entry in readdir(3) commit 406266ab9ac8ed8b085c58aacd9e3161480dc5d5 upstream. parent 49313cdac7b34c9f7ecbb1780cfc648b1c082cd7 (v2.6.32-1-g49313cd) commit ff48c08e1c05c67e8348ab6f8a24de8034e0e34d Author: Jan Engelhardt Date: Wed Dec 9 22:57:36 2009 +0100 Btrfs: fix missing last-entry in readdir(3) When one does a 32-bit readdir(3), the last entry of a directory is missing. This is however not due to passing a large value to filldir, but it seems to have to do with glibc doing telldir or something quirky. In any case, this patch fixes it in practice. Signed-off-by: Jan Engelhardt Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 88a9a7cf4ca9e83187b395aabda95f17a6407ad6 Author: Chris Mason Date: Thu Dec 17 15:47:17 2009 -0500 Btrfs: make sure fallocate properly starts a transaction commit 3a1abec9f6880cf406593c392636199ea1c6c917 upstream. The recent patch to make fallocate enospc friendly would send down a NULL trans handle to the allocator. This moves the transaction start to properly fix things. Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit e4b2abc4322e89d1ce7e43c7ada5317acd80d6bc Author: Josef Bacik Date: Mon Dec 7 21:45:59 2009 +0000 Btrfs: make metadata chunks smaller commit 83d3c9696fed237a3d96fce18299e2fcf112109f upstream. This patch makes us a bit less zealous about making sure we have enough free metadata space by pearing down the size of new metadata chunks to 256mb instead of 1gb. Also, we used to try an allocate metadata chunks when allocating data, but that sort of thing is done elsewhere now so we can just remove it. With my -ENOSPC test I used to have 3gb reserved for metadata out of 75gb, now I have 1.7gb. Thanks, Signed-off-by: Josef Bacik Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 0ab44aac74dba93ef56be5d840c971766e67a227 Author: Matthew Wilcox Date: Mon Dec 14 22:01:12 2009 +0000 Btrfs: Show discard option in /proc/mounts commit 20a5239a5d0f340e29827a6a2d28a138001c44b8 upstream. Christoph's patch e244a0aeb6a599c19a7c802cda6e2d67c847b154 doesn't display the discard option in /proc/mounts, leading to some confusion for me. Here's the missing bit. Signed-off-by: Matthew Wilcox Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 8db426bbfeef206a8cd6002d6790f936f3071f0c Author: TARUISI Hiroaki Date: Thu Nov 12 07:14:26 2009 +0000 Btrfs: deny sys_link across subvolumes. commit 4a8be425a8fb8fbb5d881eb55fa6634c3463b9c9 upstream. I rebased Christian Parpart's patch to deny hard link across subvolumes. Original patch modifies also btrfs_rename, but I excluded it because we can move across subvolumes now and it make no problem. ----------------- Hard link across subvolumes should not allowed in Btrfs. btrfs_link checks root of 'to' directory is same as root of 'from' file. If not same, btrfs_link returns -EPERM. Signed-off-by: TARUISI Hiroaki Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit f09a3eb5f7c42159bfa53a03779741487b5336a7 Author: Sage Weil Date: Sat Nov 7 06:19:16 2009 +0000 Btrfs: fail mount on bad mount options commit a7a3f7cadd9bdee569243f7ead9550aa16b60e07 upstream. We shouldn't silently ignore unrecognized options. Signed-off-by: Sage Weil Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 755885f6c05c81b7260585f11d69db4dfe910b8a Author: Yan, Zheng Date: Thu Nov 26 09:31:11 2009 +0000 Btrfs: don't add extent 0 to the free space cache v2 commit 06b2331f8333ec6edf41662757ce8882cc1747d5 upstream. If block group 0 is completely free, btrfs_read_block_groups will add extent [0, BTRFS_SUPER_INFO_OFFSET) to the free space cache. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit feeeea7814620242d12186c91f877b883d0cf13f Author: Yan, Zheng Date: Thu Nov 12 09:36:50 2009 +0000 Btrfs: Fix per root used space accounting commit 86b9f2eca5e0984145e3c7698a7cd6dd65c2a93f upstream. The bytes_used field in root item was originally planned to trace the amount of used data and tree blocks. But it never worked right since we can't trace freeing of data accurately. This patch changes it to only trace the amount of tree blocks. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit c87afd35a28b2661a2626a1b28e9fd69adcad9f9 Author: Yan, Zheng Date: Thu Nov 12 09:36:44 2009 +0000 Btrfs: Fix btrfs_drop_extent_cache for skip pinned case commit 55ef68990029fcd8d04d42fc184aa7fb18cf309e upstream. The check for skip pinned case is wrong, it may breaks the while loop too soon. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit a5b2df73b868e2f8ad68674419d45f5e577bc0d4 Author: Yan, Zheng Date: Thu Nov 12 09:36:34 2009 +0000 Btrfs: Add delayed iput commit 24bbcf0442ee04660a5a030efdbb6d03f1c275cb upstream. iput() can trigger new transactions if we are dropping the final reference, so calling it in btrfs_commit_transaction may end up deadlock. This patch adds delayed iput to avoid the issue. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 6e423a0b564b2a5509c6bc0da6abb7865db4b2a7 Author: Yan, Zheng Date: Thu Nov 12 09:35:27 2009 +0000 Btrfs: Pass transaction handle to security and ACL initialization functions commit f34f57a3ab4e73304d78c125682f1a53cd3975f2 upstream. Pass transaction handle down to security and ACL initialization functions, so we can avoid starting nested transactions Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 6a5b99b6b6439f054084b7a8611ebf426e826a0c Author: Yan, Zheng Date: Thu Nov 12 09:35:36 2009 +0000 Btrfs: Make truncate(2) more ENOSPC friendly commit 8082510e7124cc50d728f1b875639cb4e22312cc upstream. truncating and deleting regular files are unbound operations, so it's not good to do them in a single transaction. This patch makes btrfs_truncate and btrfs_delete_inode start a new transaction after all items in a tree leaf are deleted. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 16fdd7c37a308318379ec5ecc3fa1c32716df411 Author: Yan, Zheng Date: Thu Nov 12 09:34:52 2009 +0000 Btrfs: Make fallocate(2) more ENOSPC friendly commit 5a303d5d4b8055d2e5a03e92d04745bfc5881a22 upstream. fallocate(2) may allocate large number of file extents, so it's not good to do it in a single transaction. This patch make fallocate(2) start a new transaction for each file extents it allocates. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 9202f1111ac52cfe02f3813352c1b0481394e1da Author: Yan, Zheng Date: Thu Nov 12 09:37:02 2009 +0000 Btrfs: Avoid orphan inodes cleanup during committing transaction commit 2e4bfab97055aa6acdd0637913bd705c2d6506d6 upstream. btrfs_lookup_dentry may trigger orphan cleanup, so it's not good to call it while committing a transaction. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit c4ba0bd9db5e8fd2664be0fd4ec01335fe3268eb Author: Yan, Zheng Date: Thu Nov 12 09:34:40 2009 +0000 Btrfs: Avoid orphan inodes cleanup while replaying log commit c71bf099abddf3e0fdc27f251ba76fca1461d49a upstream. We do log replay in a single transaction, so it's not good to do unbound operations. This patch cleans up orphan inodes cleanup after replaying the log. It also avoids doing other unbound operations such as truncating a file during replaying log. These unbound operations are postponed to the orphan inode cleanup stage. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit eb99c071ac2ec45c55713e5b9931b810cf0f1d2f Author: Yan, Zheng Date: Thu Nov 12 09:34:21 2009 +0000 Btrfs: Fix disk_i_size update corner case commit c216775458a2ee345d9412a2770c2916acfb5d30 upstream. There are some cases file extents are inserted without involving ordered struct. In these cases, we update disk_i_size directly, without checking pending ordered extent and DELALLOC bit. This patch extends btrfs_ordered_update_i_size() to handle these cases. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit c8e789da047e7a0bbc83eab66181faa90e0a286a Author: Yan, Zheng Date: Thu Nov 12 09:34:08 2009 +0000 Btrfs: Rewrite btrfs_drop_extents commit 920bbbfb05c9fce22e088d20eb9dcb8f96342de9 upstream. Rewrite btrfs_drop_extents by using btrfs_duplicate_item, so we can avoid calling lock_extent within transaction. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 8bf364c4ebe756cd32fc62a642e406b01c39d40c Author: Yan, Zheng Date: Thu Nov 12 09:33:58 2009 +0000 Btrfs: Add btrfs_duplicate_item commit ad48fd754676bfae4139be1a897b1ea58f9aaf21 upstream. btrfs_duplicate_item duplicates item with new key, guaranteeing the source item and the new items are in the same tree leaf and contiguous. It allows us to split file extent in place, without using lock_extent to prevent bookend extent race. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit 4a77a16b9fb8a17affc6963c97470514df2be56e Author: Yan, Zheng Date: Thu Nov 12 09:33:26 2009 +0000 Btrfs: Avoid superfluous tree-log writeout commit 8cef4e160d74920ad1725f58c89fd75ec4c4ac38 upstream. We allow two log transactions at a time, but use same flag to mark dirty tree-log btree blocks. So we may flush dirty blocks belonging to newer log transaction when committing a log transaction. This patch fixes the issue by using two flags to mark dirty tree-log btree blocks. Signed-off-by: Yan Zheng Signed-off-by: Chris Mason Acked-by: Jeff Mahoney Signed-off-by: Greg Kroah-Hartman commit f403905d43dd780060cb4d2334e0c79c8c8f8bb0 Author: Dave Müller Date: Fri Jun 4 16:39:59 2010 -0700 drm/i915: Use RSEN instead of HTPLG for tfp410 monitor detection. commit f458823b864c6def488f951a79986fa205aba4f1 upstream. Presence detection of a digital monitor seems not to be reliable using the HTPLG bit. Dave Müller Signed-off-by: Greg Kroah-Hartman commit c3d0780019022082d59759d4e162a22b5d437efc Author: Eric Sandeen Date: Sun Aug 1 17:33:29 2010 -0400 ext4: fix freeze deadlock under IO commit 437f88cc031ffe7f37f3e705367f4fe1f4be8b0f upstream. Commit 6b0310fbf087ad6 caused a regression resulting in deadlocks when freezing a filesystem which had active IO; the vfs_check_frozen level (SB_FREEZE_WRITE) did not let the freeze-related IO syncing through. Duh. Changing the test to FREEZE_TRANS should let the normal freeze syncing get through the fs, but still block any transactions from starting once the fs is completely frozen. I tested this by running fsstress in the background while periodically snapshotting the fs and running fsck on the result. I ran into occasional deadlocks, but different ones. I think this is a fine fix for the problem at hand, and the other deadlocky things will need more investigation. Reported-by: Phillip Susi Signed-off-by: Eric Sandeen Signed-off-by: "Theodore Ts'o" Signed-off-by: Greg Kroah-Hartman commit 7d9deb060ffb6c6b38414210f1f2589c524ad1d6 Author: Ian Campbell Date: Thu Jul 29 11:16:35 2010 +0100 xen: Do not suspend IPI IRQs. commit 4877c737283813bdb4bebfa3168c1585f6e3a8ca upstream. In general the semantics of IPIs are that they are are expected to continue functioning after dpm_suspend_noirq(). Specifically I have seen a deadlock between the callfunc IPI and the stop machine used by xen's do_suspend() routine. If one CPU has already called dpm_suspend_noirq() then there is a window where it can be sent a callfunc IPI before all the other CPUs have entered stop_cpu(). If this happens then the first CPU ends up spinning in stop_cpu() waiting for the other to rendezvous in state STOPMACHINE_PREPARE while the other is spinning in csd_lock_wait(). Signed-off-by: Ian Campbell Cc: Jeremy Fitzhardinge Cc: xen-devel@lists.xensource.com LKML-Reference: <1280398595-29708-4-git-send-email-ian.campbell@citrix.com> Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit 35822af390d203d980a2dbf44bba1868a3fee116 Author: Ian Campbell Date: Thu Jul 29 11:16:32 2010 +0100 irq: Add new IRQ flag IRQF_NO_SUSPEND commit 685fd0b4ea3f0f1d5385610b0d5b57775a8d5842 upstream. A small number of users of IRQF_TIMER are using it for the implied no suspend behaviour on interrupts which are not timer interrupts. Therefore add a new IRQF_NO_SUSPEND flag, rename IRQF_TIMER to __IRQF_TIMER and redefine IRQF_TIMER in terms of these new flags. Signed-off-by: Ian Campbell Cc: Jeremy Fitzhardinge Cc: Dmitry Torokhov Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Grant Likely Cc: xen-devel@lists.xensource.com Cc: linux-input@vger.kernel.org Cc: linuxppc-dev@ozlabs.org Cc: devicetree-discuss@lists.ozlabs.org LKML-Reference: <1280398595-29708-1-git-send-email-ian.campbell@citrix.com> Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit e053ffd9ffac4d312cb3b171a992aa09a678ec67 Author: David S. Miller Date: Mon May 31 00:28:35 2010 -0700 net: Fix NETDEV_NOTIFY_PEERS to not conflict with NETDEV_BONDING_DESLAVE. commit 38117d1495e587fbb10d6e55733139a27893cef5 upstream. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 14de30d50e5ea7ee70244bb9a17d71747b574e5d Author: Ian Campbell Date: Wed May 26 00:09:43 2010 +0000 xen: netfront: explicitly generate arp_notify event after migration. commit 592970675c9522bde588b945388c7995c8b51328 upstream. Use newly introduced netif_notify_peers() method to ensure a gratuitous ARP is generated after a migration. Signed-off-by: Ian Campbell Cc: Stephen Hemminger Cc: Jeremy Fitzhardinge Cc: David S. Miller Cc: netdev@vger.kernel.org Cc: xen-devel@lists.xensource.com Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit ac33b999caed81edf848948cde358920dff3f31f Author: Ian Campbell Date: Wed May 26 00:09:42 2010 +0000 arp_notify: allow drivers to explicitly request a notification event. commit 06c4648d46d1b757d6b9591a86810be79818b60c upstream. Currently such notifications are only generated when the device comes up or the address changes. However one use case for these notifications is to enable faster network recovery after a virtual machine migration (by causing switches to relearn their MAC tables). A migration appears to the network stack as a temporary loss of carrier and therefore does not trigger either of the current conditions. Rather than adding carrier up as a trigger (which can cause issues when interfaces a flapping) simply add an interface which the driver can use to explicitly trigger the notification. Signed-off-by: Ian Campbell Cc: Stephen Hemminger Cc: Jeremy Fitzhardinge Cc: David S. Miller Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit bdded112e09f6c94084fe6c69ebbfb561650a046 Author: Dave Kleikamp Date: Mon Aug 9 15:57:38 2010 -0500 jfs: don't allow os2 xattr namespace overlap with others commit aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 upstream. It's currently possible to bypass xattr namespace access rules by prefixing valid xattr names with "os2.", since the os2 namespace stores extended attributes in a legacy format with no prefix. This patch adds checking to deny access to any valid namespace prefix following "os2.". Signed-off-by: Dave Kleikamp Reported-by: Sergey Vlasov Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit fb384e34f912f6da79f048ea474e8125c76e272c Author: Cyril Lacoux Date: Wed Jul 14 10:29:27 2010 +0400 Bluetooth: Added support for controller shipped with iMac i5 commit 0a79f67445de50ca0a8dc1d34f3cc406d89c28b2 upstream. Device class is ff(vend.) instead of e0(wlcon). Output from command `usb-devices`: T: Bus=01 Lev=03 Prnt=03 Port=00 Cnt=01 Dev#= 6 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=05ac ProdID=8215 Rev=01.82 S: Manufacturer=Apple Inc. S: Product=Bluetooth USB Host Controller S: SerialNumber=7C6D62936607 C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=00 Driver=(none) Signed-off-by: Cyril Lacoux Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman commit 2b748daf1fe9d982e331c274a43c67d8e97ab05a Author: Adam Jackson Date: Wed Jul 28 07:40:32 2010 +1000 drm/edid: Fix the HDTV hack sync adjustment commit a4967de6cbb260ad0f6612a1d2035e119ef1578f upstream. We're adjusting horizontal timings only here, moving vsync was just a slavish translation of a typo in the X server. Signed-off-by: Adam Jackson Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 8ea208e908fc9bcaf08cbb1fa7d1a49af35bcd53 Author: Christian Lamparter Date: Tue Aug 3 02:32:28 2010 +0200 USB: fix thread-unsafe anchor utiliy routines commit b3e670443b7fb8a2d29831b62b44a039c283e351 upstream. This patch fixes a race condition in two utility routines related to the removal/unlinking of urbs from an anchor. If two threads are concurrently accessing the same anchor, both could end up with the same urb - thinking they are the exclusive owner. Alan Stern pointed out a related issue in usb_unlink_anchored_urbs: "The URB isn't removed from the anchor until it completes (as a by-product of completion, in fact), which might not be for quite some time after the unlink call returns. In the meantime, the subroutine will keep trying to unlink it, over and over again." Cc: Oliver Neukum Cc: Greg Kroah-Hartman Acked-by: Alan Stern Signed-off-by: Christian Lamparter Signed-off-by: Greg Kroah-Hartman commit df13d00a1a1b1212452c41561bcbf294782f4f18 Author: Ming Lei Date: Mon Aug 2 22:09:01 2010 +0800 USB: usbtest: avoid to free coherent buffer in atomic context commit e10e1bec8e6654de4591ef45ddd6a6d1e5b2591c upstream. This patch fixes the warning below: [30753.755998] ------------[ cut here ]------------ [30753.755998] WARNING: at /home/tom/git/linux-2.6/linux-2.6-next/arch/x86/include/asm/dma-mapping.h:155 hcd_buffer_free+0xb1/0xd4 [usbcore]() [30753.755998] Hardware name: 6475EK2 [30753.755998] Modules linked in: uvcvideo ehci_hcd usbtest cdc_ether usbnet vfat fat usb_storage nfsd lockd nfs_acl auth_rpcgss exportfs mii tun videodev v4l1_compat v4l2_compat_ioctl32 fuse bridge stp llc sunrpc ipv6 cpufreq_ondemand acpi_cpufreq freq_table mperf kvm_intel kvm arc4 ecb ath5k usbhid mac80211 snd_hda_codec_conexant ch341 usbserial ath cfg80211 thinkpad_acpi snd_hda_intel pcspkr wmi hwmon yenta_socket iTCO_wdt iTCO_vendor_support i2c_i801 e1000e snd_hda_codec snd_hwdep snd_pcm snd_timer snd soundcore snd_page_alloc pata_acpi uhci_hcd ohci_hcd usbcore i915 drm_kms_helper drm i2c_algo_bit i2c_core video output [last unloaded: uvcvideo] [30753.755998] Pid: 0, comm: swapper Tainted: G W 2.6.35-rc6-gkh-wl+ #49 [30753.755998] Call Trace: [30753.755998] [] warn_slowpath_common+0x80/0x98 [30753.755998] [] warn_slowpath_null+0x15/0x17 [30753.755998] [] hcd_buffer_free+0xb1/0xd4 [usbcore] [30753.755998] [] usb_free_coherent+0x1c/0x1e [usbcore] [30753.755998] [] simple_free_urb+0x23/0x2f [usbtest] [30753.755998] [] iso_callback+0xbb/0x10f [usbtest] [30753.755998] [] usb_hcd_giveback_urb+0x8c/0xc0 [usbcore] [30753.755998] [] ehci_urb_done+0x84/0x95 [ehci_hcd] [30753.755998] [] ehci_work+0x41a/0x7dd [ehci_hcd] [30753.755998] [] ehci_irq+0x33b/0x370 [ehci_hcd] [30753.755998] [] ? sched_clock+0x9/0xd [30753.755998] [] ? sched_clock_local+0x1c/0x82 [30753.755998] [] ? sched_clock_cpu+0xc3/0xce [30753.755998] [] ? trace_hardirqs_off+0xd/0xf [30753.755998] [] ? cpu_clock+0x43/0x5e [30753.755998] [] usb_hcd_irq+0x45/0xa1 [usbcore] [30753.755998] [] handle_IRQ_event+0x20/0xa5 [30753.755998] [] handle_fasteoi_irq+0x92/0xd2 [30753.755998] [] handle_irq+0x1f/0x2a [30753.755998] [] do_IRQ+0x57/0xbe [30753.755998] [] ret_from_intr+0x0/0x16 [30753.755998] [] ? acpi_idle_enter_bm+0x231/0x269 [30753.755998] [] ? acpi_idle_enter_bm+0x22a/0x269 [30753.755998] [] cpuidle_idle_call+0x99/0xce [30753.755998] [] cpu_idle+0x61/0xaa [30753.755998] [] start_secondary+0x1c2/0x1c6 [30753.755998] ---[ end trace 904cfaf7ab4cb1a2 ]--- Signed-off-by: Ming Lei Signed-off-by: Greg Kroah-Hartman commit 3772be62d2832152e0b638db63d1d239c096f305 Author: Alessio Igor Bogani Date: Tue Jul 27 23:05:14 2010 +0200 USB: cp210x: Add four new device IDs commit 356c5a4834a74c621715f7a7f16ded914eecbd3c upstream. Signed-off-by: Alessio Igor Bogani Signed-off-by: Greg Kroah-Hartman commit e0b216af909dfbbd6c2cc0087db60aa16913b4f3 Author: dranch@trinnet.net Date: Mon Jul 26 19:44:33 2010 -0700 USB: ftdi_sio: device id for Navitator commit b6180ef7c99574c3350bbffa2a3a9d675321543d upstream. This patch is to add a US Interface, Inc. "Navigator" USB device. Specifically, it's a HAM Radio USB sound modem that also incorporates three pairs of unique FTDI serial ports. The standard Linux FTDI serial driver will only recognize the first two serial ports of an unknown FDTI derived device and this patch adds in recognition to these specific new IDs. Signed-off-by: David A. Ranch Signed-off-by: Greg Kroah-Hartman commit ee49d78499c5326bbfa5d9f2581a2b20083a39b1 Author: Andrew Bird Date: Fri Jul 23 16:04:41 2010 +0100 USB: option: add huawei k3765 k4505 devices to work properly commit 0372a754be9aa43e19fd86c9bc04796d43b55e38 upstream. This patch adds the product IDs of Huawei's K3765 and K4505 mobile broadband usb modems to option.c. It also adds a quirk to the option probe function so that binding to the device's network interface(class 0xff) is avoided. This is necessary to allow another driver to bind to that, and to avoid programs like wvdial opening a nonfunctioning tty during modem discovery. Signed-off-by: Andrew Bird Signed-off-by: Greg Kroah-Hartman commit 2a0c499e3225717a084cce0c2bb93cd2fdc04d1f Author: Pavel Kazlou Date: Thu Jul 22 03:22:20 2010 +0300 USB: option: Huawei ETS 1220 support added commit b972302b0a13aaddc9e90da2b4b52722e5d0e776 upstream. The patch adds Huawei ETS 1220 product id into the list of supported devices in 'option' usb serial driver. Signed-off-by: Pavel Kazlou Signed-off-by: Greg Kroah-Hartman commit 16a9894d7ee6e56979c031fc8f72739dfbfd5dd6 Author: John G. Rogers Date: Sat Jul 24 09:50:52 2010 -0400 USB: serial: enabling support for Segway RMP in ftdi_sio commit afad19648f70c6493193e0a774bd754b7790b4a0 upstream. I have added the ProductID=0xe729 VendorID=FTDI_VID=0x0403 which will enable support for the Segway Robotic Mobility Platform (RMP200) in the ftdi_sio kernel module. Currently, users of the Segway RMP200 must use a RUN+="/sbin/modprobe -q ftdi-sio product=0xe729 vendor=0x0403 in a udev rule to get the ftdi_sio module to handle the usb interface and mount it on /dev/ttyXXX. This is not a good solution because some users will have multiple USB to Serial converters which will use the ftdi_sio module. Signed-off-by: John Rogers Signed-off-by: Greg Kroah-Hartman commit 739e7616fda378c0050fd4f2bcdfc1b81212013e Author: Phil Dibowitz Date: Thu Jul 22 00:05:01 2010 +0200 USB delay init quirk for logitech Harmony 700-series devices commit 93362a875fc69881ae69299efaf19a55a1f57db0 upstream. The Logitech Harmony 700 series needs an extra delay during initialization. This patch adds a USB quirk which enables such a delay and adds the device to the quirks list. Signed-off-by: Phil Dibowitz Signed-off-by: Greg Kroah-Hartman commit 1a9ee60e9ab43571686d1486f868ecd862cf8257 Author: Steven Robertson Date: Wed Jul 21 16:38:44 2010 -0400 USB: resizing usbmon binary interface buffer causes protection faults commit 33d973ad88ceb83ed1449592b7574b5b5bb33ac6 upstream. Enlarging the buffer size via the MON_IOCT_RING_SIZE ioctl causes general protection faults. It appears the culprit is an incorrect argument to mon_free_buff: instead of passing the size of the current buffer being freed, the size of the new buffer is passed. Use the correct size argument to mon_free_buff when changing the size of the buffer. Signed-off-by: Steven Robertson Acked-by: Pete Zaitcev Signed-off-by: Greg Kroah-Hartman commit ba4719835c88aaa7b059e3fe2055adebf3608aa3 Author: Uwe Kleine-König Date: Mon Aug 2 08:32:22 2010 +0100 ARM: 6280/1: imx: Fix build failure when including without commit 868003ca7ad17ac6c1606dc36101f10a7825b399 upstream. This is a follow up to 14cb0de (arm/imx/gpio: add spinlock protection) and fixes the following build failure: CC arch/arm/mach-imx/pcm970-baseboard.o In file included from arch/arm/include/asm/gpio.h:6, from include/linux/gpio.h:8, from arch/arm/mach-imx/pcm970-baseboard.c:20: arch/arm/plat-mxc/include/mach/gpio.h:40: error: expected specifier-qualifier-list before 'spinlock_t' Signed-off-by: Uwe Kleine-König Signed-off-by: Russell King commit 0b5795789cc19b2ecb27493586a2a75ce084282f Author: Will Deacon Date: Thu Aug 5 11:20:51 2010 +0100 ARM: 6299/1: errata: TLBIASIDIS and TLBIMVAIS operations can broadcast a faulty ASID commit cdf357f1e13a08a11261edacb3083746f65c1ed9 upstream. On versions of the Cortex-A9 prior to r2p0, performing TLB invalidations by ASID match can result in the incorrect ASID being broadcast to other CPUs. As a consequence of this, the targetted TLB entries are not invalidated across the system. This workaround changes the TLB flushing routines to invalidate entries regardless of the ASID. Tested-by: Rob Clark Acked-by: Catalin Marinas Signed-off-by: Will Deacon Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit 21c6c9de112c0ac07015d8e705fb4a7f7ef9d023 Author: Catalin Marinas Date: Mon Jul 19 13:36:21 2010 -0700 smsc911x: Add spinlocks around registers access commit 492c5d943d6a04b124ba3a719dc746dc36b14cfb upstream. On SMP systems, the SMSC911x registers may be accessed by multiple CPUs and this seems to put the chip in an inconsistent state. The patch adds spinlocks to the smsc911x_reg_read, smsc911x_reg_write, smsc911x_rx_readfifo and smsc911x_tx_writefifo functions. Signed-off-by: Catalin Marinas Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit e13fd0a2324283b00131c2e7a91bacd06e6f6810 Author: Nathan Lynch Date: Tue Aug 10 18:03:08 2010 -0700 signalfd: fill in ssi_int for posix timers and message queues commit a2a20c412c86e0bb46a9ab0dd31bcfe6d201b913 upstream. If signalfd is used to consume a signal generated by a POSIX interval timer or POSIX message queue, the ssi_int field does not reflect the data (sigevent->sigev_value) supplied to timer_create(2) or mq_notify(3). (The ssi_ptr field, however, is filled in.) This behavior differs from signalfd's treatment of sigqueue-generated signals -- see the default case in signalfd_copyinfo. It also gives results that differ from the case when a signal is handled conventionally via a sigaction-registered handler. So, set signalfd_siginfo->ssi_int in the remaining cases (__SI_TIMER, __SI_MESGQ) where ssi_ptr is set. akpm: a non-back-compatible change. Merge into -stable to minimise the number of kernels which are in the field and which miss this feature. Signed-off-by: Nathan Lynch Acked-by: Davide Libenzi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 146985cf78cb265f4bb9047c06ec825a6d5786c8 Author: Tejun Heo Date: Tue Aug 3 13:14:33 2010 +0200 bio, fs: update RWA_MASK, READA and SWRITE to match the corresponding BIO_RW_* bits commit aca27ba9618276dd2f777bcd5a1419589ccf1ca8 upstream. Commit a82afdf (block: use the same failfast bits for bio and request) moved BIO_RW_* bits around such that they match up with REQ_* bits. Unfortunately, fs.h hard coded RW_MASK, RWA_MASK, READ, WRITE, READA and SWRITE as 0, 1, 2 and 3, and expected them to match with BIO_RW_* bits. READ/WRITE didn't change but BIO_RW_AHEAD was moved to bit 4 instead of bit 1, breaking RWA_MASK, READA and SWRITE. This patch updates RWA_MASK, READA and SWRITE such that they match the BIO_RW_* bits again. A follow up patch will update the definitions to directly use BIO_RW_* bits so that this kind of breakage won't happen again. Neil also spotted missing RWA_MASK conversion. Stable: The offending commit a82afdf was released with v2.6.32, so this patch should be applied to all kernels since then but it must _NOT_ be applied to kernels earlier than that. Signed-off-by: Tejun Heo Reported-and-bisected-by: Vladislav Bolkhovitin Root-caused-by: Neil Brown Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman commit 160ce4e7efd0dc93e52bac453f6cddd485190b92 Author: Julia Lawall Date: Fri Aug 6 22:58:49 2010 +0200 fs/ecryptfs/file.c: introduce missing free commit ceeab92971e8af05c1e81a4ff2c271124b55bb9b upstream. The comments in the code indicate that file_info should be released if the function fails. This releasing is done at the label out_free, not out. The semantic match that finds this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // @r exists@ local idexpression x; statement S; expression E; identifier f,f1,l; position p1,p2; expression *ptr != NULL; @@ x@p1 = kmem_cache_zalloc(...); ... if (x == NULL) S <... when != x when != if (...) { <+...x...+> } ( x->f1 = E | (x->f1 == NULL || ...) | f(...,x->f1,...) ) ...> ( return <+...x...+>; | return@p2 ...; ) @script:python@ p1 << r.p1; p2 << r.p2; @@ print "* file: %s kmem_cache_zalloc %s" % (p1[0].file,p1[0].line) // Signed-off-by: Julia Lawall Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit dad6c1718407593186b140fab9ba73594e3f0be7 Author: Lino Sanfilippo Date: Thu Jul 29 13:01:36 2010 +0200 ecryptfs: release reference to lower mount if interpose fails commit 31f73bee3e170b7cabb35db9e2f4bf7919b9d036 upstream. In ecryptfs_lookup_and_interpose_lower() the lower mount is not decremented if allocation of a dentry info struct failed. As a result the lower filesystem cant be unmounted any more (since it is considered busy). This patch corrects the reference counting. Signed-off-by: Lino Sanfilippo Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit 3dc47cf2aa0ce318160c81e24b27cf3afea6decd Author: Tyler Hicks Date: Tue Nov 3 11:45:11 2009 -0600 eCryptfs: Handle ioctl calls with unlocked and compat functions commit c43f7b8fb03be8bcc579bfc4e6ab70eac887ab55 upstream. Lower filesystems that only implemented unlocked_ioctl weren't being passed ioctl calls because eCryptfs only checked for lower_file->f_op->ioctl and returned -ENOTTY if it was NULL. eCryptfs shouldn't implement ioctl(), since it doesn't require the BKL. This patch introduces ecryptfs_unlocked_ioctl() and ecryptfs_compat_ioctl(), which passes the calls on to the lower file system. https://bugs.launchpad.net/ecryptfs/+bug/469664 Reported-by: James Dupin Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit d8d83cbed1b90c46e20b7864449ccb78edfaa8d1 Author: Chris Wright Date: Tue Aug 10 18:02:55 2010 -0700 blkdev: cgroup whitelist permission fix commit b7300b78d1a87625975a799a109a2f98d77757c8 upstream. The cgroup device whitelist code gets confused when trying to grant permission to a disk partition that is not currently open. Part of blkdev_open() includes __blkdev_get() on the whole disk. Basically, the only ways to reliably allow a cgroup access to a partition on a block device when using the whitelist are to 1) also give it access to the whole block device or 2) make sure the partition is already open in a different context. The patch avoids the cgroup check for the whole disk case when opening a partition. Addresses https://bugzilla.redhat.com/show_bug.cgi?id=589662 Signed-off-by: Chris Wright Acked-by: Serge E. Hallyn Tested-by: Serge E. Hallyn Reported-by: Vivek Goyal Cc: Al Viro Cc: Christoph Hellwig Cc: "Daniel P. Berrange" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 509869c8695b0cb31acc62b0439f59fbad8ce8e0 Author: NeilBrown Date: Sat Aug 7 21:17:00 2010 +1000 md/raid10: fix deadlock with unaligned read during resync commit 51e9ac77035a3dfcb6fc0a88a0d80b6f99b5edb1 upstream. If the 'bio_split' path in raid10-read is used while resync/recovery is happening it is possible to deadlock. Fix this be elevating ->nr_waiting for the duration of both parts of the split request. This fixes a bug that has been present since 2.6.22 but has only started manifesting recently for unknown reasons. It is suitable for and -stable since then. Reported-by: Justin Bronder Tested-by: Justin Bronder Signed-off-by: NeilBrown Signed-off-by: Greg Kroah-Hartman commit e943138e4de074176e4c02909f4618cfd11a49d1 Author: Borislav Petkov Date: Mon Jul 5 21:23:52 2010 -0700 ide-cd: Do not access completed requests in the irq handler commit 110712828365ccafcc61a7f4db44c31ed4cf8793 upstream. ide_cd_error_cmd() can complete an erroneous request with leftover buffers. Signal this with its return value so that the request is not accessed after its completion in the irq handler and we oops. Signed-off-by: Borislav Petkov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 20ae44fa9a6384c5340193a75def7ef8a2a380ec Author: Peter Huewe Date: Mon Aug 9 17:18:23 2010 -0700 drivers/video/w100fb.c: ignore void return value / fix build failure commit fa260c00c1aa5c657793a7221e40d2400df5afd8 upstream. Fix a build failure "error: void value not ignored as it ought to be" by removing an assignment of a void return value. The functionality of the code is not changed. Signed-off-by: Peter Huewe Acked-by: Henrik Kretzschmar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit ee1dde6b44b7f8e150e17fdc7d6eea156f8783c5 Author: Miklos Szeredi Date: Tue Aug 3 12:48:50 2010 +0200 splice: fix misuse of SPLICE_F_NONBLOCK commit 6965031d331a642e31278fa1b5bd47f372ffdd5d upstream. SPLICE_F_NONBLOCK is clearly documented to only affect blocking on the pipe. In __generic_file_splice_read(), however, it causes an EAGAIN if the page is currently being read. This makes it impossible to write an application that only wants failure if the pipe is full. For example if the same process is handling both ends of a pipe and isn't otherwise able to determine whether a splice to the pipe will fill it or not. We could make the read non-blocking on O_NONBLOCK or some other splice flag, but for now this is the simplest fix. Signed-off-by: Miklos Szeredi Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman commit 0d2952b49bf8ce20c93da5e515e90841b4e66765 Author: David Woodhouse Date: Sat Aug 7 23:02:59 2010 -0700 solos-pci: Fix race condition in tasklet RX handling commit 1f6ea6e511e5ec730d8e88651da1b7b6e8fd1333 upstream. We were seeing faults in the solos-pci receive tasklet when packets arrived for a VCC which was currently being closed: [18842.727906] EIP: [] br2684_push+0x19/0x234 [br2684] SS:ESP 0068:dfb89d14 [18845.090712] [] ? do_page_fault+0x0/0x2e1 [18845.120042] [] ? br2684_push+0x19/0x234 [br2684] [18845.153530] [] solos_bh+0x28b/0x7c8 [solos_pci] [18845.186488] [] ? solos_irq+0x2d/0x51 [solos_pci] [18845.219960] [] ? handle_irq+0x3b/0x48 [18845.247732] [] ? irq_exit+0x34/0x57 [18845.274437] [] tasklet_action+0x42/0x69 [18845.303247] [] __do_softirq+0x8e/0x129 [18845.331540] [] do_softirq+0x25/0x2a [18845.358274] [] _local_bh_enable_ip+0x5e/0x6a [18845.389677] [] local_bh_enable+0xb/0xe [18845.417944] [] ppp_unregister_channel+0x32/0xbb [ppp_generic] [18845.458193] [] pppox_unbind_sock+0x18/0x1f [pppox] This patch uses an RCU-inspired approach to fix it. In the RX tasklet's find_vcc() function we first refuse to use a VCC which already has the ATM_VF_READY bit cleared. And in the VCC close function, we synchronise with the tasklet to ensure that it can't still be using the VCC before we continue and allow the VCC to be destroyed. Signed-off-by: David Woodhouse Tested-by: Nathan Williams Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit d2104f79407b5cae953aba1c7b13c3aab02c460e Author: Tejun Heo Date: Sun May 23 10:22:55 2010 +0200 PCI: disable MSI on VIA K8M800 commit 549e15611b4ac1de51ef0e0a79c2704f50a638a2 upstream. MSI delivery from on-board ahci controller doesn't work on K8M800. At this point, it's unclear whether the culprit is with the ahci controller or the host bridge. Given the track record and considering the rather minimal impact of MSI, disabling it seems reasonable. Signed-off-by: Tejun Heo Reported-by: Rainer Hurtado Navarro Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit 9103169260f53f065e976740f2a65f7276050b0b Author: Rafael J. Wysocki Date: Fri Jul 23 22:19:55 2010 +0200 PCI: Do not run NVidia quirks related to MSI with MSI disabled commit 3d2a531804d16cd8df6dbbb0429c6f143e756049 upstream. There is no reason to run NVidia-specific quirks related to HT MSI mappings with MSI disabled via pci=nomsi, so make __nv_msi_ht_cap_quirk() return immediately in that case. This allows at least one machine to boot 100% of the time with pci=nomsi (it still doesn't boot reliably without that). Addresses https://bugzilla.kernel.org/show_bug.cgi?id=16443 . Signed-off-by: Rafael J. Wysocki Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit 00895580dcfeea293c0a899a84fc9c01b7d00d6c Author: Peter Huewe Date: Wed Jul 7 04:52:16 2010 +0200 Staging: panel: Prevent double-calling of parport_release - fix oops. commit 060132ae42cce3f9d2fd34d9a17b98362b44b9f9 upstream. This patch prevents the code from calling parport_release and parport_unregister_device twice with the same arguments - and thus fixes an oops. Rationale: After the first call the parport is already released and the handle isn't valid anymore and calling parport_release and parport_unregister_device twice isn't a good idea. Signed-off-by: Peter Huewe Acked-by: Willy Tarreau Signed-off-by: Greg Kroah-Hartman commit 179a6b86cdee558883664fa9f063a8361ba63b79 Author: Randy Dunlap Date: Tue Jul 27 12:21:19 2010 -0700 Staging: line6: needs to select SND_PCM commit e928c077e5cdcd72ee762125b37232aec1ff49f3 upstream. line6 uses snd_pcm*() functions, so it should select SND_PCM. ERROR: "snd_pcm_period_elapsed" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_set_ops" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_lib_free_pages" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_lib_ioctl" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_lib_malloc_pages" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_hw_constraint_ratdens" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_format_physical_width" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_lib_preallocate_pages_for_all" [drivers/staging/line6/line6usb.ko] undefined! ERROR: "snd_pcm_new" [drivers/staging/line6/line6usb.ko] undefined! Signed-off-by: Randy Dunlap Cc: Markus Grabner Signed-off-by: Greg Kroah-Hartman commit 0c5a4a891317e9105cafa2ea842be886814f6b2a Author: Alok Kataria Date: Mon Aug 2 16:10:37 2010 -0700 x86, vmware: Preset lpj values when on VMware. commit 9f242dc10e0c3c1eb32d8c83c18650a35fd7f80d upstream. When running on VMware's platform, we have seen situations where the AP's try to calibrate the lpj values and fail to get good calibration runs becasue of timing issues. As a result delays don't work correctly on all cpus. The solutions is to set preset_lpj value based on the current tsc frequency value. This is similar to what KVM does as well. Signed-off-by: Alok N Kataria LKML-Reference: <1280790637.14933.29.camel@ank32.eng.vmware.com> Signed-off-by: H. Peter Anvin Signed-off-by: Greg Kroah-Hartman commit 8928a1924ad64ce3c564812ad2a418bed989a780 Author: H. Peter Anvin Date: Tue Jul 27 17:01:49 2010 -0700 x86: Add memory modify constraints to xchg() and cmpxchg() commit 113fc5a6e8c2288619ff7e8187a6f556b7e0d372 upstream. xchg() and cmpxchg() modify their memory operands, not merely read them. For some versions of gcc the "memory" clobber has apparently dealt with the situation, but not for all. Originally-by: Linus Torvalds Signed-off-by: H. Peter Anvin Cc: Glauber Costa Cc: Avi Kivity Cc: Peter Palfrader Cc: Greg KH Cc: Alan Cox Cc: Zachary Amsden Cc: Marcelo Tosatti LKML-Reference: <4C4F7277.8050306@zytor.com> Signed-off-by: Greg Kroah-Hartman commit 607398aa9fa5ad63546a1c6ef2c1cfd6cf7cd408 Author: H. Peter Anvin Date: Fri Dec 11 15:48:23 2009 -0800 nvram: Fix write beyond end condition; prove to gcc copy is safe commit a01c7800420d2c294ca403988488a635d4087a6d upstream. In nvram_write, first of all, correctly handle the case where the file pointer is already beyond the end; we should return EOF in that case. Second, make the logic a bit more explicit so that gcc can statically prove that the copy_from_user() is safe. Once the condition of the beyond-end filepointer is eliminated, the copy is safe but gcc can't prove it, causing build failures for i386 allyesconfig. Third, eliminate the entirely superfluous variable "len", and just use the passed-in variable "count" instead. Signed-off-by: H. Peter Anvin Cc: Arjan van de Ven Cc: Andrew Morton Cc: Wim Van Sebroeck Cc: Frederic Weisbecker LKML-Reference: Cc: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit 5f7cfdb44e65760a08fe557c5ebd079dc766eb00 Author: Sam Ravnborg Date: Mon Aug 2 20:47:48 2010 +0000 powerpc: fix build with make 3.82 commit e32e78c5ee8aadef020fbaecbe6fb741ed9029fd upstream. Thomas Backlund reported that the powerpc build broke with make 3.82. It failed with the following message: arch/powerpc/Makefile:183: *** mixed implicit and normal rules. Stop. The fix is to avoid mixing non-wildcard and wildcard targets. Reported-by: Thomas Backlund Tested-by: Thomas Backlund Cc: Michal Marek Signed-off-by: Sam Ravnborg Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit 876b3a81850fc237f643a065ea78ce2ad7665767 Author: Tejun Heo Date: Tue Jul 20 16:20:01 2010 +0200 ata_piix: fix locking around SIDPR access commit 213373cf974fe69e78ec894b07f45ae2f5a3a078 upstream. SIDPR window registers are shared across ports and as each access is done in two steps, accesses to different ports under EH may race. This primarily is caused by incorrect host locking in EH context and should be fixed by defining locking requirements for each EH operation which can be used during EH and enforcing them but for now work around the problem by adding a dedicated SIDPR lock and grabbing it for each SIDPR access. Signed-off-by: Tejun Heo Reported-by: Mark Knecht Reported-by: Paul Check Signed-off-by: Jeff Garzik Signed-off-by: Greg Kroah-Hartman