commit a2febcd43d859a48672ad922990bd27e5628271f Author: Greg Kroah-Hartman Date: Fri Jan 22 15:23:21 2010 -0800 Linux 2.6.32.5 commit af55a3da5049fb26a84ba562c7c8b55b910ff234 Author: OGAWA Hirofumi Date: Wed Jan 13 21:14:09 2010 +0900 vfs: Fix vmtruncate() regression commit cedabed49b39b4319bccc059a63344b6232b619c upstream. If __block_prepare_write() was failed in block_write_begin(), the allocated blocks can be outside of ->i_size. But new truncate_pagecache() in vmtuncate() does nothing if new < old. It means the above usage is not working anymore. So, this patch fixes it by removing "new < old" check. It would need more cleanup/change. But, now -rc and truncate working is in progress, so, this tried to fix it minimum change. Acked-by: Nick Piggin Signed-off-by: OGAWA Hirofumi Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 26931397cc71bcac187efdcd2fc43ce0d41e4eb0 Author: Peter Zijlstra Date: Fri Dec 4 09:59:02 2009 +0100 sched: Fix task priority bug commit 57785df5ac53c70da9fb53696130f3c551bfe1f9 upstream. 83f9ac removed a call to effective_prio() in wake_up_new_task(), which leads to tasks running at MAX_PRIO. This is caused by the idle thread being set to MAX_PRIO before forking off init. O(1) used that to make sure idle was always preempted, CFS uses check_preempt_curr_idle() for that so we can savely remove this bit of legacy code. Reported-by: Mike Galbraith Tested-by: Mike Galbraith Signed-off-by: Peter Zijlstra LKML-Reference: <1259754383.4003.610.camel@laptop> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit fdc360e9cd88b119fa978cc812d1f0be69087f9a Author: Ping Date: Fri Jan 15 17:01:07 2010 -0800 serial/8250_pnp: add a new Fujitsu Wacom Tablet PC device commit 3018aa4b1a46946dfd0ee73a533038f24e390539 upstream. This is a new two finger touch Fujitsu Wacom Tablet PC. Signed-off-by: Ping Cheng Cc: Alan Cox Cc: Dmitry Torokhov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 2d22b3821b34d2dec1e263820ffa0b43311d92d2 Author: Wolfram Sang Date: Sat Jan 16 20:43:13 2010 +0100 i2c/pca: Don't use *_interruptible commit 22f8b2695eda496026623020811cae34590ee3d7 upstream. Unexpected signals can disturb the bus-handling and lock it up. Don't use interruptible in 'wait_event_*' and 'wake_*' as in commits dc1972d02747d2170fb1d78d114801f5ecb27506 (for cpm), 1ab082d7cbd0f34e39a5396cc6340c00bc5d66ef (for mpc), b7af349b175af45f9d87b3bf3f0a221e1831ed39 (for omap). Signed-off-by: Wolfram Sang Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman commit c1f77a7025d7802dc29ca1a8fe84e416973525ed Author: Thadeu Lima de Souza Cascardo Date: Sat Jan 16 20:43:13 2010 +0100 i2c: Do not use device name after device_unregister commit c556752109794a5ff199b80a1673336b4df8433a upstream. dev_dbg outputs dev_name, which is released with device_unregister. This bug resulted in output like this: i2c Xy2�0: adapter [SMBus I801 adapter at 1880] unregistered The right output would be: i2c i2c-0: adapter [SMBus I801 adapter at 1880] unregistered Signed-off-by: Thadeu Lima de Souza Cascardo Signed-off-by: Jean Delvare Signed-off-by: Greg Kroah-Hartman commit 4bff5fff57875872c813022bfa3a523b88196c98 Author: David S. Miller Date: Mon Jan 4 23:16:03 2010 -0800 sparc64: Fix Niagara2 perf event handling. [ Upstream commit e04ed38d4e0cd32141f723560efcc8252b0241e2 ] For chips like Niagara2 that have true overflow indications in the %pcr (which we don't actually need and don't use) the interrupt signal persists until the overflow bits are cleared by an explicit %pcr write. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 9d6567c5369d439440ad96e8b402919d4480e2c6 Author: David S. Miller Date: Mon Jan 4 15:37:04 2010 -0800 sparc64: Fix NMI programming when perf events are active. [ Upstream commit 8183e2b38480672a1f61d416812ac078ce94b67b ] If perf events are active, we should not reset the %pcr to PCR_PIC_PRIV. That perf events code does the management. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 896fb0d2fb2f6ba691eeac7fc6fde604629d0b59 Author: David Miller Date: Sun Dec 13 18:25:02 2009 -0800 sched: Fix cpu_clock() in NMIs, on !CONFIG_HAVE_UNSTABLE_SCHED_CLOCK commit b9f8fcd55bbdb037e5332dbdb7b494f0b70861ac upstream. Relax stable-sched-clock architectures to not save/disable/restore hardirqs in cpu_clock(). The background is that I was trying to resolve a sparc64 perf issue when I discovered this problem. On sparc64 I implement pseudo NMIs by simply running the kernel at IRQ level 14 when local_irq_disable() is called, this allows performance counter events to still come in at IRQ level 15. This doesn't work if any code in an NMI handler does local_irq_save() or local_irq_disable() since the "disable" will kick us back to cpu IRQ level 14 thus letting NMIs back in and we recurse. The only path which that does that in the perf event IRQ handling path is the code supporting frequency based events. It uses cpu_clock(). cpu_clock() simply invokes sched_clock() with IRQs disabled. And that's a fundamental bug all on it's own, particularly for the HAVE_UNSTABLE_SCHED_CLOCK case. NMIs can thus get into the sched_clock() code interrupting the local IRQ disable code sections of it. Furthermore, for the not-HAVE_UNSTABLE_SCHED_CLOCK case, the IRQ disabling done by cpu_clock() is just pure overhead and completely unnecessary. So the core problem is that sched_clock() is not NMI safe, but we are invoking it from NMI contexts in the perf events code (via cpu_clock()). A less important issue is the overhead of IRQ disabling when it isn't necessary in cpu_clock(). CONFIG_HAVE_UNSTABLE_SCHED_CLOCK architectures are not affected by this patch. Signed-off-by: David S. Miller Acked-by: Peter Zijlstra Cc: Mike Galbraith LKML-Reference: <20091213.182502.215092085.davem@davemloft.net> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 9fc68ca0778831d6901fc9bcfa65db214770f97f Author: Ike Panhc Date: Thu Dec 3 07:45:11 2009 +0000 asus-laptop: add Lenovo SL hotkey support commit 14f8af311e7d3e4198cbaade84a34f86505dcb37 upstream. Lenovo SL series laptop has a very similar DSDT with Asus laptops. We can easily have the extra ACPI function support with little modification in asus-laptop.c Here is the hotkey enablement for Lenovo SL series laptop. This patch will enable the following hotkey: - Volumn Up - Volumn Down - Mute - Screen Lock (Fn+F2) - Battery Status (Fn+F3) - WLAN switch (Fn+F5) - Video output switch (Fn+F7) - Touchpad switch (Fn+F8) - Screen Magnifier (Fn+Space) The following function of Lenovo SL laptop is still need to be enabled: - Hotkey: KEY_SUSPEND (Fn+F4), KEY_SLEEP (Fn+F12), Dock Eject (Fn+F9) - Rfkill for bluetooth and wlan - LenovoCare LED - Hwmon for fan speed - Fingerprint scanner - Active Protection System Signed-off-by: Ike Panhc Signed-off-by: Len Brown Signed-off-by: Greg Kroah-Hartman commit 2196ca4e67b04a1e083337aae825c381df0a919c Author: Tai-hwa Liang Date: Wed Jan 13 00:16:27 2010 -0800 Input: pmouse - move Sentelic probe down the list commit 4a18b3ab6ed537b055e3fcfca64ab870b4f9acf0 upstream. Sentelic probes confuse IBM trackpoints so they stop responding to TP_READ_ID command. See: http://bugzilla.kernel.org/show_bug.cgi?id=14970 Let's move FSP detection lower so it is probed after trackpoint and others, just before we strat probing for Intellimouse Explorer. Signed-off-by: Tai-hwa Liang Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman commit 94249e60370f0094831ba673881222252d799257 Author: Bryn M. Reeves Date: Thu Nov 12 18:31:54 2009 +0000 megaraid_sas: remove sysfs poll_mode_io world writeable permissions commit bb7d3f24c71e528989501617651b669fbed798cb upstream. /sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being world-writable, which seems bad (letting any user affect kernel driver behavior). This turns off group and user write permissions, so that on typical production systems only root can write to it. Signed-off-by: Bryn M. Reeves Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 2db740cb364a38b6bf50e1c61dc6d9615bfe390c Author: Benjamin Herrenschmidt Date: Tue Jan 19 12:42:19 2010 +0100 PCI/cardbus: Add a fixup hook and fix powerpc commit 2d1c861871d767153538a77c498752b36d4bb4b8 upstream The cardbus code creates PCI devices without ever going through the necessary fixup bits and pieces that normal PCI devices go through. There's in fact a commented out call to pcibios_fixup_bus() in there, it's commented because ... it doesn't work. I could make pcibios_fixup_bus() do the right thing on powerpc easily but I felt it cleaner instead to provide a specific hook pci_fixup_cardbus for which a weak empty implementation is provided by the PCI core. This fixes cardbus on powerbooks and probably all other PowerPC platforms which was broken completely for ever on some platforms and since 2.6.31 on others such as PowerBooks when we made the DMA ops mandatory (since those are setup by the fixups). Acked-by: Dominik Brodowski Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Jesse Barnes Signed-off-by: Stefan Bader Acked-by: Benjamin Herrenschmidt Acked-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit eecd8a9ec6488e6b5c43c1c12368d6fdb8aa9430 Author: Christian Schuerer-Waldheim Date: Wed Jan 6 14:49:57 2010 +0100 HID: add device IDs for new model of Apple Wireless Keyboard commit 23aeb61e7e1f02fb0f3b8f9e798e75537ca1731d upstream. Added device IDs for the new model of the Apple Wireless Keyboard (November 2009). Signed-off-by: Christian Schuerer-Waldheim Signed-off-by: Jiri Kosina Signed-off-by: Greg Kroah-Hartman commit 781d5c42490436e4e0b6b624088b109695cf6b00 Author: Jan Kara Date: Thu Dec 17 15:27:06 2009 -0800 reiserfs: truncate blocks not used by a write commit ec8e2f7466ca370f5e09000ca40a71759afc9ac8 upstream. It can happen that write does not use all the blocks allocated in write_begin either because of some filesystem error (like ENOSPC) or because page with data to write has been removed from memory. We truncate these blocks so that we don't have dangling blocks beyond i_size. Cc: Jeff Mahoney Signed-off-by: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 56a7f72d020e86c33b3c829c9a89d33f8c359305 Author: Roel Kluin Date: Fri Dec 18 12:22:43 2009 -0300 V4L/DVB (13868): gspca - sn9c20x: Fix test of unsigned. commit c60503c1db76bd46577cc7ff4fafa033b675e0e5 upstream. Signed-off-by: Roel Kluin Signed-off-by: Jean-Francois Moine Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit fe52cee99c5cf51c38c4d150fbc8a84fb8ed97d6 Author: Takashi Iwai Date: Thu Jan 14 12:39:02 2010 +0100 ALSA: hda - Fix missing capture mixer for ALC861/660 codecs commit c7a8eb103248a110cdbe0530d8c5ce987f099eee upstream. The capture-related mixer elements are missing with ALC861/ALC660 codecs when quirks are present, due to missing call of set_capture_mixer(). Reference: Novell bnc#567340 http://bugzilla.novell.com/show_bug.cgi?id=567340 Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 34e7aa0779b24f22d38b31a804bca700a0d38ea1 Author: Mark Brown Date: Mon Jan 4 18:05:00 2010 +0000 mfd: Correct WM835x ISINK ramp time defines commit 9dffe2a32b0deef52605d50527c0d240b15cabf7 upstream. The constants used to specify ISINK ramp times for WM835x had the wrong shifts so that the on times applied to the off ramp and vice versa. The masks for the bitfields are correct. Signed-off-by: Mark Brown Signed-off-by: Samuel Ortiz Signed-off-by: Greg Kroah-Hartman commit 33faa3c2d01eaff106a231a3fb01f9f532e9821b Author: Mark Brown Date: Thu Jan 7 16:16:14 2010 +0000 mfd: WM835x GPIO direction register is not locked commit 8e6ba2dfa2d6c4691a83a63e211990a8bd7b788b upstream. No need to set the security key when writing to it. Signed-off-by: Mark Brown Signed-off-by: Samuel Ortiz Signed-off-by: Greg Kroah-Hartman commit 7f08f93d08ac8363a0c73b98ec3e2f24e952ea8a Author: Mike Travis Date: Fri Jan 8 12:13:54 2010 -0800 x86: SGI UV: Fix mapping of MMIO registers commit fcfbb2b5facd65efa7284cc315225bfe3d1856c2 upstream. This fixes the problem of the initialization code not correctly mapping the entire MMIO space on a UV system. A side effect is the map_high() interface needed to be changed to accommodate different address and size shifts. Signed-off-by: Mike Travis Reviewed-by: Mike Habeck Cc: Jack Steiner Cc: Linus Torvalds LKML-Reference: <4B479202.7080705@sgi.com> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 7f40c6b6ad3b97dc8aceb3ce73d4d6ed335a8d6d Author: Tamas Vincze Date: Fri Jan 15 17:01:10 2010 -0800 edac: i5000_edac critical fix panic out of bounds commit 118f3e1afd5534c15f9701f33514186cfc841a27 upstream. EDAC MC0: INTERNAL ERROR: channel-b out of range (4 >= 4) Kernel panic - not syncing: EDAC MC0: Uncorrected Error (XEN) Domain 0 crashed: 'noreboot' set - not rebooting. This happens because FERR_NF_FBD bit 28 is not updated on i5000. Due to that, both bits 28 and 29 may be equal to one, returning channel = 3. As this value is invalid, EDAC core generates the panic. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=14568 Signed-off-by: Tamas Vincze Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Doug Thompson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 25d5699981856908986c5afb712481a4c917e00b Author: Suresh Siddha Date: Mon Jan 18 12:10:48 2010 -0800 x86, apic: use physical mode for IBM summit platforms commit dfea91d5a7c795fd6f4e1a97489a98e4e767463e upstream. Chris McDermott from IBM confirmed that hurricane chipset in IBM summit platforms doesn't support logical flat mode. Irrespective of the other things like apic_id's, total number of logical cpu's, Linux kernel should default to physical mode for this system. The 32-bit kernel does so using the OEM checks for the IBM summit platform. Add a similar OEM platform check for the 64bit kernel too. Otherwise the linux kernel boot can hang on this platform under certain bios/platform settings. Signed-off-by: Suresh Siddha Tested-by: Ananth N Mavinakayanahalli Cc: Chris McDermott Cc: Yinghai Lu Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit c91ab0438c6700e4be078d64cfb01879986e3bde Author: KOSAKI Motohiro Date: Fri Jan 15 17:01:18 2010 -0800 page allocator: update NR_FREE_PAGES only when necessary commit 6ccf80eb15ccaca4d3f1ab5162b9ded5eecd9971 upstream. commit f2260e6b (page allocator: update NR_FREE_PAGES only as necessary) made one minor regression. if __rmqueue() was failed, NR_FREE_PAGES stat go wrong. this patch fixes it. Signed-off-by: KOSAKI Motohiro Cc: Mel Gorman Reviewed-by: Minchan Kim Reported-by: Huang Shijie Reviewed-by: Christoph Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit d4c893f20758ff549e4aaa4a02a79e563deaebb9 Author: KOSAKI Motohiro Date: Tue Jan 5 16:32:43 2010 +0900 futexes: Remove rw parameter from get_futex_key() commit 7485d0d3758e8e6491a5c9468114e74dc050785d upstream. Currently, futexes have two problem: A) The current futex code doesn't handle private file mappings properly. get_futex_key() uses PageAnon() to distinguish file and anon, which can cause the following bad scenario: 1) thread-A call futex(private-mapping, FUTEX_WAIT), it sleeps on file mapping object. 2) thread-B writes a variable and it makes it cow. 3) thread-B calls futex(private-mapping, FUTEX_WAKE), it wakes up blocked thread on the anonymous page. (but it's nothing) B) Current futex code doesn't handle zero page properly. Read mode get_user_pages() can return zero page, but current futex code doesn't handle it at all. Then, zero page makes infinite loop internally. The solution is to use write mode get_user_page() always for page lookup. It prevents the lookup of both file page of private mappings and zero page. Performance concerns: Probaly very little, because glibc always initialize variables for futex before to call futex(). It means glibc users never see the overhead of this patch. Compatibility concerns: This patch has few compatibility issues. After this patch, FUTEX_WAIT require writable access to futex variables (read-only mappings makes EFAULT). But practically it's not a problem, glibc always initalizes variables for futexes explicitly - nobody uses read-only mappings. Reported-by: Hugh Dickins Signed-off-by: KOSAKI Motohiro Acked-by: Peter Zijlstra Acked-by: Darren Hart Cc: Linus Torvalds Cc: KAMEZAWA Hiroyuki Cc: Nick Piggin Cc: Ulrich Drepper LKML-Reference: <20100105162633.45A2.A69D9226@jp.fujitsu.com> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 8410b13cced2fa9aee301d4722a5ce751fcc253a Author: Cyrill Gorcunov Date: Mon Dec 14 17:56:34 2009 +0900 x86, mce: Thermal monitoring depends on APIC being enabled commit 485a2e1973fd9f98c2c6776e66ac4721882b69e0 upstream. Add check if APIC is not disabled since thermal monitoring depends on it. As only apic gets disabled we should not try to install "thermal monitor" vector, print out that thermal monitoring is enabled and etc... Note that "Intel Correct Machine Check Interrupts" already has such a check. Also I decided to not add cpu_has_apic check into mcheck_intel_therm_init since even if it'll call apic_read on disabled apic -- it's safe here and allow us to save a few code bytes. Reported-by: Thomas Gleixner Signed-off-by: Cyrill Gorcunov Signed-off-by: Hidetoshi Seto LKML-Reference: <4B25FDC2.3020401@jp.fujitsu.com> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 1bd24fdff4b0bd7f0a50f330165a82be690a919c Author: Martin K. Petersen Date: Fri Jan 15 01:55:07 2010 -0500 block: Fix incorrect reporting of partition alignment commit 81744ee44ab2845c16ffd7d6f762f7b4a49a4750 upstream queue_sector_alignment_offset returned the wrong value which caused partitions to report an incorrect alignment_offset. Since offset calculation is needed several places it has been split into a separate helper function. Signed-off-by: Martin K. Petersen Tested-by: Mike Snitzer Cc: Jens Axboe Signed-off-by: Greg Kroah-Hartman commit 8a9c3f5c34a93fd4635aa739810280c4752eaa6e Author: Zou Nan hai Date: Fri Jan 15 10:29:06 2010 +0800 drm/i915: remove loop in Ironlake interrupt handler commit c7c85101afd0cb8ce497456d12ee1cad4aad152f upstream. On Ironlake, there is an interrupt master control bit. With the bit disabled before clearing IIR, we do not need to handle extra interrupt in a loop. This patch removes the loop in Ironlake interrupt handler. It fixed irq lost issue on some Ironlake platforms. Signed-off-by: Zou Nan hai Signed-off-by: Zhenyu Wang Signed-off-by: Eric Anholt Signed-off-by: Greg Kroah-Hartman commit 4334ab76da3dc18a531948882ff6247764d96ea8 Author: Daisuke Nishimura Date: Fri Jan 15 17:01:30 2010 -0800 memcg: ensure list is empty at rmdir commit fce66477578d081f19aef5ea218664ff7758c33a upstream. Current mem_cgroup_force_empty() only ensures mem->res.usage == 0 on success. But this doesn't guarantee memcg's LRU is really empty, because there are some cases in which !PageCgrupUsed pages exist on memcg's LRU. For example: - Pages can be uncharged by its owner process while they are on LRU. - race between mem_cgroup_add_lru_list() and __mem_cgroup_uncharge_common(). So there can be a case in which the usage is zero but some of the LRUs are not empty. OTOH, mem_cgroup_del_lru_list(), which can be called asynchronously with rmdir, accesses the mem_cgroup, so this access can cause a problem if it races with rmdir because the mem_cgroup might have been freed by rmdir. Actually, I saw a bug which seems to be caused by this race. [1530745.949906] BUG: unable to handle kernel NULL pointer dereference at 0000000000000230 [1530745.950651] IP: [] mem_cgroup_del_lru_list+0x30/0x80 [1530745.950651] PGD 3863de067 PUD 3862c7067 PMD 0 [1530745.950651] Oops: 0002 [#1] SMP [1530745.950651] last sysfs file: /sys/devices/system/cpu/cpu7/cache/index1/shared_cpu_map [1530745.950651] CPU 3 [1530745.950651] Modules linked in: configs ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp nfsd nfs_acl auth_rpcgss exportfs autofs4 hidp rfcomm l2cap crc16 bluetooth lockd sunrpc ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i cnic uio ipv6 cxgb3i cxgb3 mdio libiscsi_tcp libiscsi scsi_transport_iscsi dm_mirror dm_multipath scsi_dh video output sbs sbshc battery ac lp kvm_intel kvm sg ide_cd_mod cdrom serio_raw tpm_tis tpm tpm_bios acpi_memhotplug button parport_pc parport rtc_cmos rtc_core rtc_lib e1000 i2c_i801 i2c_core pcspkr dm_region_hash dm_log dm_mod ata_piix libata shpchp megaraid_mbox sd_mod scsi_mod megaraid_mm ext3 jbd uhci_hcd ohci_hcd ehci_hcd [last unloaded: freq_table] [1530745.950651] Pid: 19653, comm: shmem_test_02 Tainted: G M 2.6.32-mm1-00701-g2b04386 #3 Express5800/140Rd-4 [N8100-1065] [1530745.950651] RIP: 0010:[] [] mem_cgroup_del_lru_list+0x30/0x80 [1530745.950651] RSP: 0018:ffff8803863ddcb8 EFLAGS: 00010002 [1530745.950651] RAX: 00000000000001e0 RBX: ffff8803abc02238 RCX: 00000000000001e0 [1530745.950651] RDX: 0000000000000000 RSI: ffff88038611a000 RDI: ffff8803abc02238 [1530745.950651] RBP: ffff8803863ddcc8 R08: 0000000000000002 R09: ffff8803a04c8643 [1530745.950651] R10: 0000000000000000 R11: ffffffff810c7333 R12: 0000000000000000 [1530745.950651] R13: ffff880000017f00 R14: 0000000000000092 R15: ffff8800179d0310 [1530745.950651] FS: 0000000000000000(0000) GS:ffff880017800000(0000) knlGS:0000000000000000 [1530745.950651] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [1530745.950651] CR2: 0000000000000230 CR3: 0000000379d87000 CR4: 00000000000006e0 [1530745.950651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1530745.950651] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [1530745.950651] Process shmem_test_02 (pid: 19653, threadinfo ffff8803863dc000, task ffff88038612a8a0) [1530745.950651] Stack: [1530745.950651] ffffea00040c2fe8 0000000000000000 ffff8803863ddd98 ffffffff810c739a [1530745.950651] <0> 00000000863ddd18 000000000000000c 0000000000000000 0000000000000000 [1530745.950651] <0> 0000000000000002 0000000000000000 ffff8803863ddd68 0000000000000046 [1530745.950651] Call Trace: [1530745.950651] [] release_pages+0x142/0x1e7 [1530745.950651] [] ? pagevec_move_tail+0x6e/0x112 [1530745.950651] [] pagevec_move_tail+0xfd/0x112 [1530745.950651] [] lru_add_drain+0x76/0x94 [1530745.950651] [] exit_mmap+0x6e/0x145 [1530745.950651] [] mmput+0x5e/0xcf [1530745.950651] [] exit_mm+0x11c/0x129 [1530745.950651] [] ? audit_free+0x196/0x1c9 [1530745.950651] [] do_exit+0x1f5/0x6b7 [1530745.950651] [] ? up_read+0x2b/0x2f [1530745.950651] [] ? lockdep_sys_exit_thunk+0x35/0x67 [1530745.950651] [] do_group_exit+0x83/0xb0 [1530745.950651] [] sys_exit_group+0x17/0x1b [1530745.950651] [] system_call_fastpath+0x16/0x1b [1530745.950651] Code: 54 53 0f 1f 44 00 00 83 3d cc 29 7c 00 00 41 89 f4 75 63 eb 4e 48 83 7b 08 00 75 04 0f 0b eb fe 48 89 df e8 18 f3 ff ff 44 89 e2 <48> ff 4c d0 50 48 8b 05 2b 2d 7c 00 48 39 43 08 74 39 48 8b 4b [1530745.950651] RIP [] mem_cgroup_del_lru_list+0x30/0x80 [1530745.950651] RSP [1530745.950651] CR2: 0000000000000230 [1530745.950651] ---[ end trace c3419c1bb8acc34f ]--- [1530745.950651] Fixing recursive fault but reboot is needed! The problem here is pages on LRU may contain pointer to stale memcg. To make res->usage to be 0, all pages on memcg must be uncharged or moved to another(parent) memcg. Moved page_cgroup have already removed from original LRU, but uncharged page_cgroup contains pointer to memcg withou PCG_USED bit. (This asynchronous LRU work is for improving performance.) If PCG_USED bit is not set, page_cgroup will never be added to memcg's LRU. So, about pages not on LRU, they never access stale pointer. Then, what we have to take care of is page_cgroup _on_ LRU list. This patch fixes this problem by making mem_cgroup_force_empty() visit all LRUs before exiting its loop and guarantee there are no pages on its LRU. Signed-off-by: Daisuke Nishimura Acked-by: KAMEZAWA Hiroyuki Cc: Balbir Singh Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 70f800ff2289dce1ecb0f941dc2f08e706d9d1ad Author: Mark Brown Date: Fri Jan 15 17:01:40 2010 -0800 revert "drivers/video/s3c-fb.c: fix clock setting for Samsung SoC Framebuffer" commit eb29a5cc0b601c458bae9df2f6c3696d75c2d383 upstream. Fix divide by zero and broken output. Commit 600ce1a0fa ("fix clock setting for Samsung SoC Framebuffer") introduced a mandatory refresh parameter to the platform data for the S3C framebuffer but did not introduce any validation code, causing existing platforms (none of which have refresh set) to divide by zero whenever the framebuffer is configured, generating warnings and unusable output. Ben Dooks noted several problems with the patch: - The platform data supplies the pixclk directly and should already have taken care of the refresh rate. - The addition of a window ID parameter doesn't help since only the root framebuffer can control the pixclk. - pixclk is specified in picoseconds (rather than Hz) as the patch assumed. and suggests reverting the commit so do that. Without fixing this no mainline user of the driver will produce output. [akpm@linux-foundation.org: don't revert the correct bit] Signed-off-by: Mark Brown Cc: InKi Dae Cc: Kyungmin Park Cc: Krzysztof Helt Cc: Marek Szyprowski Cc: Ben Dooks Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 800c02837ef72e60fd0d61ed3c791263d9d0dc36 Author: Eric Paris Date: Fri Jan 15 12:12:25 2010 -0500 inotify: only warn once for inotify problems commit 976ae32be45a736acd49215a7e4771ff91f161c3 upstream. inotify will WARN() if it finds that the idr and the fsnotify internals somehow got out of sync. It was only supposed to do this once but due to this stupid bug it would warn every single time a problem was detected. Signed-off-by: Eric Paris Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit cec3ad600c2395d2d018332dadea9b2fe33e6169 Author: Eric Paris Date: Fri Jan 15 12:12:24 2010 -0500 inotify: do not reuse watch descriptors commit 9e572cc9877ee6c43af60778f6b8d5ba0692d935 upstream. Since commit 7e790dd5fc937bc8d2400c30a05e32a9e9eef276 ("inotify: fix error paths in inotify_update_watch") inotify changed the manor in which it gave watch descriptors back to userspace. Previous to this commit inotify acted like the following: inotify_add_watch(X, Y, Z) = 1 inotify_rm_watch(X, 1); inotify_add_watch(X, Y, Z) = 2 but after this patch inotify would return watch descriptors like so: inotify_add_watch(X, Y, Z) = 1 inotify_rm_watch(X, 1); inotify_add_watch(X, Y, Z) = 1 which I saw as equivalent to opening an fd where open(file) = 1; close(1); open(file) = 1; seemed perfectly reasonable. The issue is that quite a bit of userspace apparently relies on the behavior in which watch descriptors will not be quickly reused. KDE relies on it, I know some selinux packages rely on it, and I have heard complaints from other random sources such as debian bug 558981. Although the man page implies what we do is ok, we broke userspace so this patch almost reverts us to the old behavior. It is still slightly racey and I have patches that would fix that, but they are rather large and this will fix it for all real world cases. The race is as follows: - task1 creates a watch and blocks in idr_new_watch() before it updates the hint. - task2 creates a watch and updates the hint. - task1 updates the hint with it's older wd - task removes the watch created by task2 - task adds a new watch and will reuse the wd originally given to task2 it requires moving some locking around the hint (last_wd) but this should solve it for the real world and be -stable safe. As a side effect this patch papers over a bug in the lib/idr code which is causing a large number WARN's to pop on people's system and many reports in kerneloops.org. I'm working on the root cause of that idr bug seperately but this should make inotify immune to that issue. Signed-off-by: Eric Paris Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman