commit 162ef3c054ec26e619f0ef983f6bdd3c1c99abfb Author: Greg Kroah-Hartman Date: Thu Feb 24 15:09:00 2011 -0800 Linux 2.6.37.2 commit 27e7cd1457ce8320739b73db543f46000a640803 Author: Greg Kroah-Hartman Date: Tue Feb 22 12:12:27 2011 -0800 Revert: tpm_tis: Use timeouts returned from TPM This is a revert of commit 9b29050f8f75916f974a2d231ae5d3cd59792296 upstream which has been found to prevent suspend from working on a number of systems. Thanks to Jiri Slaby for tracing this down. Cc: Jiri Slaby Cc: Rafael Wysocki Cc: Stefan Berger Cc: Guillaume Chazarain Cc: Rajiv Andrade Signed-off-by: Greg Kroah-Hartman commit 9f0cf44ce4d2dc472c2303d87af7be6765ac93c7 Author: Vasiliy Kulikov Date: Fri Feb 4 15:24:03 2011 +0300 platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial files commit 8a6a142c1286797978e4db266d22875a5f424897 upstream. Don't allow everybody to change WMI settings. Signed-off-by: Vasiliy Kulikov Signed-off-by: Matthew Garrett Signed-off-by: Greg Kroah-Hartman commit b84f59ca53030995f495a3cd1721f2d3859684bd Author: Vasiliy Kulikov Date: Fri Feb 4 15:23:59 2011 +0300 platform: x86: asus_acpi: world-writable procfs files commit 8040835760adf0ef66876c063d47f79f015fb55d upstream. Don't allow everybody to change ACPI settings. The comment says that it is done deliberatelly, however, the comment before disp_proc_write() says that at least one of these setting is experimental. Signed-off-by: Vasiliy Kulikov Signed-off-by: Matthew Garrett Signed-off-by: Greg Kroah-Hartman commit 745b0953ec4af6e71ab82e858e928645d6fca819 Author: Vasiliy Kulikov Date: Fri Feb 4 15:23:56 2011 +0300 platform: x86: acer-wmi: world-writable sysfs threeg file commit b80b168f918bba4b847e884492415546b340e19d upstream. Don't allow everybody to write to hardware registers. Signed-off-by: Vasiliy Kulikov Signed-off-by: Matthew Garrett Signed-off-by: Greg Kroah-Hartman commit bd518567d945f7964742bf128def2dd01d89c303 Author: Vasiliy Kulikov Date: Fri Feb 4 02:23:53 2011 +0000 net: can: janz-ican3: world-writable sysfs termination file commit 1e6d93e45b231b3ae87c01902ede2315aacfe976 upstream. Don't allow everybody to set terminator via sysfs. Signed-off-by: Vasiliy Kulikov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 2a43030626d1cba4cd0e7ead34d71be30ecee1bd Author: Stephen Warren Date: Thu Feb 10 15:37:14 2011 -0700 ASoC: WM8903: Fix mic detection enable logic commit 3088e3b4963d26d6f6f54987f595b974ed6d48d8 upstream. The mic detection HW should be enabled when either mic or short detection is required, not when only both are required. Signed-off-by: Stephen Warren Acked-by: Liam Girdwood Signed-off-by: Mark Brown Signed-off-by: Greg Kroah-Hartman commit e922e3380b4b02babff5feade9b1428945429a69 Author: Peter Zijlstra Date: Tue Feb 15 22:26:07 2011 +0100 perf: Fix throttle logic commit 4fe757dd48a9e95e1a071291f15dda5421dacb66 upstream. It was possible to call pmu::start() on an already running event. In particular this lead so some wreckage as the hrtimer events would re-initialize active timers. This was due to throttled events being activated again by scheduling. Scheduling in a context would add and force start events, resulting in running events with a possible throttle status. The next tick to hit that task will then try to unthrottle the event and call ->start() on an already running event. Reported-by: Jeff Moyer Signed-off-by: Peter Zijlstra LKML-Reference: Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit d68e33163fe5801ce882824968fd4ec261d47af0 Author: Thomas Gleixner Date: Fri Feb 18 23:27:23 2011 +0100 genirq: Disable the SHIRQ_DEBUG call in request_threaded_irq for now commit 6d83f94db95cfe65d2a6359cccdf61cf087c2598 upstream. With CONFIG_SHIRQ_DEBUG=y we call a newly installed interrupt handler in request_threaded_irq(). The original implementation (commit a304e1b8) called the handler _BEFORE_ it was installed, but that caused problems with handlers calling disable_irq_nosync(). See commit 377bf1e4. It's braindead in the first place to call disable_irq_nosync in shared handlers, but .... Moving this call after we installed the handler looks innocent, but it is very subtle broken on SMP. Interrupt handlers rely on the fact, that the irq core prevents reentrancy. Now this debug call violates that promise because we run the handler w/o the IRQ_INPROGRESS protection - which we cannot apply here because that would result in a possibly forever masked interrupt line. A concurrent real hardware interrupt on a different CPU results in handler reentrancy and can lead to complete wreckage, which was unfortunately observed in reality and took a fricking long time to debug. Leave the code here for now. We want this debug feature, but that's not easy to fix. We really should get rid of those disable_irq_nosync() abusers and remove that function completely. Signed-off-by: Thomas Gleixner Cc: Anton Vorontsov Cc: David Woodhouse Cc: Arjan van de Ven Signed-off-by: Greg Kroah-Hartman commit 761870db432d30bef879da1df276a388b949ffc6 Author: Thomas Gleixner Date: Thu Feb 17 17:45:15 2011 +0100 genirq: Prevent access beyond allocated_irqs bitmap commit c1ee6264280e740a9d3ff3feef38642cf0a57013 upstream. Lars-Peter Clausen pointed out: I stumbled upon this while looking through the existing archs using SPARSE_IRQ. Even with SPARSE_IRQ the NR_IRQS is still the upper limit for the number of IRQs. Both PXA and MMP set NR_IRQS to IRQ_BOARD_START, with IRQ_BOARD_START being the number of IRQs used by the core. In various machine files the nr_irqs field of the ARM machine defintion struct is then set to "IRQ_BOARD_START + NR_BOARD_IRQS". As a result "nr_irqs" will greater then NR_IRQS which then again causes the "allocated_irqs" bitmap in the core irq code to be accessed beyond its size overwriting unrelated data. The core code really misses a sanity check there. This went unnoticed so far as by chance the compiler/linker places data behind that bitmap which gets initialized later on those affected platforms. So the obvious fix would be to add a sanity check in early_irq_init() and break all affected platforms. Though that check wants to be backported to stable as well, which will require to fix all known problematic platforms and probably some more yet not known ones as well. Lots of churn. A way simpler solution is to allocate a slightly larger bitmap and avoid the whole churn w/o breaking anything. Add a few warnings when an arch returns utter crap. Reported-by: Lars-Peter Clausen Signed-off-by: Thomas Gleixner Cc: Haojian Zhuang Cc: Eric Miao Cc: Peter Zijlstra Signed-off-by: Greg Kroah-Hartman commit 92ce54e8eebffce1e71eac17fd6822708ff46fe9 Author: Tyler Hicks Date: Tue Jan 11 12:43:42 2011 -0600 eCryptfs: Copy up lower inode attrs in getattr commit 55f9cf6bbaa682958a7dd2755f883b768270c3ce upstream. The lower filesystem may do some type of inode revalidation during a getattr call. eCryptfs should take advantage of that by copying the lower inode attributes to the eCryptfs inode after a call to vfs_getattr() on the lower inode. I originally wrote this fix while working on eCryptfs on nfsv3 support, but discovered it also fixed an eCryptfs on ext4 nanosecond timestamp bug that was reported. https://bugs.launchpad.net/bugs/613873 Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit 74347222f2effb0efffa7e39e9f5edb8681aa64e Author: Dominik Brodowski Date: Sat Feb 19 12:35:15 2011 +0100 pcmcia: re-enable Zoomed Video support commit 33619f0d3ff715a2a5499520967d526ad931d70d upstream. Allow drivers to enable Zoomed Video support. Currently, this is only used by out-of-tree drivers (L64020 DVB driver in particular). Signed-off-by: Dominik Brodowski Signed-off-by: Greg Kroah-Hartman commit 7be6fcff981d1e1c018da4612f68fb733f89a590 Author: Matthew Garrett Date: Wed Feb 9 16:39:40 2011 -0500 acer-wmi: Fix capitalisation of GUID commit bbb706079abe955a9e3f208f541de97d99449236 upstream. 6AF4F258-B401-42fd-BE91-3D4AC2D7C0D3 needs to be 6AF4F258-B401-42FD-BE91-3D4AC2D7C0D3 to match the hardware alias. Signed-off-by: Matthew Garrett Acked-by: Carlos Corbacho Signed-off-by: Greg Kroah-Hartman commit 0b7ae56ea809b35607ea608b960ac7afcace2856 Author: Shirish Pargaonkar Date: Thu Feb 17 14:38:31 2011 -0600 cifs: Fix regression in LANMAN (LM) auth code commit 5e640927a597a7c3e72b61e8bce74c22e906de65 upstream. LANMAN response length was changed to 16 bytes instead of 24 bytes. Revert it back to 24 bytes. Signed-off-by: Shirish Pargaonkar Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 288cfb1763afea7a7ddb4c4d9a2868070fbab4a3 Author: Jeff Layton Date: Wed Feb 16 09:34:16 2011 -0500 cifs: fix handling of scopeid in cifs_convert_address commit 9616125611ee47693186533d76e403856a36b3c8 upstream. The code finds, the '%' sign in an ipv6 address and copies that to a buffer allocated on the stack. It then ignores that buffer, and passes 'pct' to simple_strtoul(), which doesn't work right because we're comparing 'endp' against a completely different string. Fix it by passing the correct pointer. While we're at it, this is a good candidate for conversion to strict_strtoul as well. Cc: David Howells Reported-by: Björn JACKE Signed-off-by: Jeff Layton Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 9c7fa067fc9e25a086a8039192b20059c6d7d293 Author: Russell King Date: Mon Feb 21 10:13:36 2011 +0000 ARM: Keep exit text/data around for SMP_ON_UP commit a9ad21fed09cb95d34af9474be0831525b30c4c6 upstream. When SMP_ON_UP is used and the spinlocks are inlined, we end up with inline spinlocks in the exit code, with references from the SMP alternatives section to the exit sections. This causes link time errors. Avoid this by placing the exit sections in the init-discarded region. Tested-by: Dave Martin Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit 854ea584c38a037f90fc9f7edcce0cd81232001f Author: Russell King Date: Sun Feb 20 12:22:52 2011 +0000 ARM: Ensure predictable endian state on signal handler entry commit 53399053eb505cf541b2405bd9d9bca5ecfb96fb upstream. Ensure a predictable endian state when entering signal handlers. This avoids programs which use SETEND to momentarily switch their endian state from having their signal handlers entered with an unpredictable endian state. Acked-by: Dave Martin Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit aad60faebc3896cdf1432c9915de3dc3203e2699 Author: Geert Uytterhoeven Date: Sun Jan 16 10:09:13 2011 -0300 radio-aimslab.c needs #include commit 2400982a2e8a8e4e95f0a0e1517bbe63cc88038f upstream. Commit e3c92215198cb6aa00ad38db2780faa6b72e0a3f ("[media] radio-aimslab.c: Fix gcc 4.5+ bug") removed the include, but introduced new callers of msleep(): | drivers/media/radio/radio-aimslab.c: In function ‘rt_decvol’: | drivers/media/radio/radio-aimslab.c:76: error: implicit declaration of function ‘msleep’ Signed-off-by: Geert Uytterhoeven Signed-off-by: Mauro Carvalho Chehab Cc: dann frazier Signed-off-by: Greg Kroah-Hartman commit ec2e8ab605d6a5d17f9b4c8db86f9594b2453280 Author: Pablo Neira Ayuso Date: Mon Jan 24 19:01:07 2011 +0100 netfilter: ctnetlink: fix missing refcount increment during dumps commit c71caf4114a0e1da3451cc92fba6a152929cd4c2 upstream. In 13ee6ac netfilter: fix race in conntrack between dump_table and destroy, we recovered spinlocks to protect the dump of the conntrack table according to reports from Stephen and acknowledgments on the issue from Eric. In that patch, the refcount bump that allows to keep a reference to the current ct object was removed. However, we still decrement the refcount for that object in the output path of ctnetlink_dump_table(): if (last) nf_ct_put(last) Cc: Stephen Hemminger Signed-off-by: Pablo Neira Ayuso Acked-by: Eric Dumazet Signed-off-by: Patrick McHardy Signed-off-by: Greg Kroah-Hartman commit 5f72ca2a4c4b60e69b07e6ceecc505e47aba060a Author: Stephen Hemminger Date: Tue Jan 11 23:54:42 2011 +0100 netfilter: fix race in conntrack between dump_table and destroy commit 13ee6ac579574a2a95e982b19920fd2495dce8cd upstream. The netlink interface to dump the connection tracking table has a race when entries are deleted at the same time. A customer reported a crash and the backtrace showed thatctnetlink_dump_table was running while a conntrack entry was being destroyed. (see https://bugzilla.vyatta.com/show_bug.cgi?id=6402). According to RCU documentation, when using hlist_nulls the reader must handle the case of seeing a deleted entry and not proceed further down the linked list. The old code would continue which caused the scan to walk into the free list. This patch uses locking (rather than RCU) for this operation which is guaranteed safe, and no longer requires getting reference while doing dump operation. Signed-off-by: Stephen Hemminger Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman commit 53b9575ce4ac028c83c4b3ed944e8941cf984257 Author: Clemens Ladisch Date: Wed Feb 16 08:02:38 2011 -0500 hwmon: (jc42) do not allow writing to locked registers commit 2c6315da6a1657a49e03970a4084dc3d1958ad70 upstream. On systems where the temperature sensor is actually used, the BIOS is likely to have locked the alarm registers. In that case, all writes through the corresponding sysfs files would be silently ignored. To prevent this, detect the locks and make the affected sysfs files read-only. Signed-off-by: Clemens Ladisch Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit 12e9bb0276725726bb316e706c48d856f9664f32 Author: Clemens Ladisch Date: Wed Feb 16 08:02:08 2011 -0500 hwmon: (jc42) more helpful documentation commit d5622f5b6c4671d1588ccc9056705366d4eb312a upstream. The documentation lists standard numbers and chip names in excruciating detail, but that's all it does. To help mere mortals in deciding whether to enable this driver, mention what this sensor is for and in which systems it might be found. Also add a link to the actual JC 42.4 specification. Signed-off-by: Clemens Ladisch Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit e45ffee7a0c73fee79dba1b0d579ea8a8c1025ba Author: Clemens Ladisch Date: Wed Feb 16 08:01:49 2011 -0500 hwmon: (jc42) fix type mismatch commit e866729605a43a739fc56023a8530b07a93d3458 upstream. In set_temp_crit_hyst(), make the variable 'val' have the correct type for strict_strtoul(). Signed-off-by: Clemens Ladisch Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit 1ae2a2335f3fd9ae2c582ab9f16932b939f60967 Author: Clemens Ladisch Date: Thu Feb 17 03:22:40 2011 -0500 hwmon: (k10temp) add support for AMD Family 12h/14h CPUs commit aa4790a6287818078ca968164a5f0d0870326602 upstream. Add the PCI ID to support the internal temperature sensor of the AMD "Llano" and "Brazos" processor families. Signed-off-by: Clemens Ladisch Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit 929be874297eef50b8c474e7c24981dedbab54be Author: Robert Richter Date: Thu Jan 6 17:51:07 2011 +0100 x86, AMD, PCI: Add AMD northbridge PCI device id for CPU families 12h and 14h commit ca86828ccd3128513f6d4e200b437deac95408db upstream. This patch adds the PCI northbridge device id for AMD CPU families 12h and 14h. Both families have implemented the same PCI northbridge device. There are some future use cases that use this PCI device and we would like to clarify its naming. Signed-off-by: Robert Richter Cc: xen-devel@lists.xensource.com Cc: Keir Fraser Cc: Jan Beulich LKML-Reference: <20110106165107.GL4739@erda.amd.com> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit db178cf9b4e0764441fdc708c26b80cad7abc6af Author: Jan Beulich Date: Fri Feb 18 03:18:26 2011 -0500 hwmon: (lm85) extend to support EMC6D103 chips commit f065a93e168299569078bc6f52128b57f602fff3 upstream. The interface is identical EMC6D102, so all that needs to be added are some definitions and their uses. Registers apparently missing in EMC6D103S/EMC6D103:A2 compared to EMC6D103:A0, EMC6D103:A1, and EMC6D102 (according to the data sheets), but used unconditionally in the driver: 62[5:7], 6D[0:7], and 6E[0:7]. For that reason, EMC6D103S chips don't get enabled for the time being. Signed-off-by: Jan Beulich (Guenter Roeck: Replaced EMC6D103_A2 with EMC6D103S per EMC6D103S datasheet) Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit 8125c6ef5149f1dc4829670e6385b794cb559bd2 Author: David Henningsson Date: Wed Feb 16 21:34:04 2011 +0100 ALSA: HDA: Do not announce false surround in Conexant auto commit 89724958e5d596bb91328644c97dd80399443e87 upstream. Without this patch, one line-out and one speaker and Conexant's auto parser would announce (non-working) surround capabilities. BugLink: http://bugs.launchpad.net/bugs/721126 Signed-off-by: David Henningsson Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit bb75e9ef1a4644081bddb36b75dbdc34b75ab879 Author: Takashi Iwai Date: Mon Feb 14 22:45:59 2011 +0100 ALSA: caiaq - Fix possible string-buffer overflow commit eaae55dac6b64c0616046436b294e69fc5311581 upstream. Use strlcpy() to assure not to overflow the string array sizes by too long USB device name string. Reported-by: Rafa Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 04b064d169075198ad41fde2d9bd0e64958c7768 Author: David Henningsson Date: Mon Feb 14 20:27:44 2011 +0100 ALSA: HDA: Add position_fix quirk for an Asus device commit b540afc2b3d6e4cd1d1f137ef6d9e9c78d67fecd upstream. The bug reporter claims that position_fix=1 is needed for his microphone to work. The controller PCI vendor-id is [1002:4383] (rev 40). Reported-by: Kjell L. BugLink: http://bugs.launchpad.net/bugs/718402 Signed-off-by: David Henningsson Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 436559bead38897e5d9e50f4a4708728de4c38f6 Author: Stanislaw Gruszka Date: Wed Feb 9 08:46:06 2011 +0100 iwl3945: remove plcp check commit c91d01556f52255a31575be0cb1981c92a2a5028 upstream. Patch fixes: https://bugzilla.redhat.com/show_bug.cgi?id=654599 Many users report very low speed problem on 3945 devices, this patch fixes problem, but only for some of them. For unknown reason, sometimes after hw scanning, device is not able to receive frames at high rate. Since plcp health check may request hw scan to "reset radio", performance problem start to be observable after update kernel to .35, where plcp check was introduced. Bug reporter confirmed that removing plcp check fixed problem for him. Reported-and-tested-by: SilvioTO Signed-off-by: Stanislaw Gruszka Acked-by: Wey-Yi Guy Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 55c48bd74dd4566ff00f2161e6f70fc8a6d970a2 Author: Eric Dumazet Date: Thu Feb 17 22:59:19 2011 +0000 net: deinit automatic LIST_HEAD commit ceaaec98ad99859ac90ac6863ad0a6cd075d8e0e upstream. commit 9b5e383c11b08784 (net: Introduce unregister_netdevice_many()) left an active LIST_HEAD() in rollback_registered(), with possible memory corruption. Even if device is freed without touching its unreg_list (and therefore touching the previous memory location holding LISTE_HEAD(single), better close the bug for good, since its really subtle. (Same fix for default_device_exit_batch() for completeness) Reported-by: Michal Hocko Tested-by: Michal Hocko Reported-by: Eric W. Biderman Tested-by: Eric W. Biderman Signed-off-by: Linus Torvalds Signed-off-by: Eric Dumazet CC: Ingo Molnar CC: Octavian Purdila Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 142d511242fd3dbb10afe036baf2c810b021a2ac Author: Tejun Heo Date: Wed Feb 16 18:10:19 2011 +0100 workqueue: make sure MAYDAY_INITIAL_TIMEOUT is at least 2 jiffies long commit 3233cdbd9fa347a6d6897a94cc6ed0302ae83c4f upstream. MAYDAY_INITIAL_TIMEOUT is defined as HZ / 100 and depending on configuration may end up 0 or 1. Even when it's 1, depending on when the mayday timer is added in the current jiffy interval, it may expire way before a jiffy has passed. Make sure MAYDAY_INITIAL_TIMEOUT is at least two to guarantee that at least a full jiffy has passed before calling rescuers. Signed-off-by: Tejun Heo Reported-by: Ray Jui Signed-off-by: Greg Kroah-Hartman commit 1257389b28b59639173c961b49fefe06820f6fb6 Author: Tejun Heo Date: Mon Feb 14 14:04:46 2011 +0100 workqueue: wake up a worker when a rescuer is leaving a gcwq commit 7576958a9d5a4a677ad7dd40901cdbb6c1110c98 upstream. After executing the matching works, a rescuer leaves the gcwq whether there are more pending works or not. This may decrease the concurrency level to zero and stall execution until a new work item is queued on the gcwq. Make rescuer wake up a regular worker when it leaves a gcwq if there are more works to execute, so that execution isn't stalled. Signed-off-by: Tejun Heo Reported-by: Ray Jui Signed-off-by: Greg Kroah-Hartman commit d72ffd63dfec63e7998533b867b5e27a0cb19ed7 Author: Timo Warns Date: Thu Feb 17 22:27:40 2011 +0100 fs/partitions: Validate map_count in Mac partition tables commit fa7ea87a057958a8b7926c1a60a3ca6d696328ed upstream. Validate number of blocks in map and remove redundant variable. Signed-off-by: Timo Warns Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 1dcbc193b364720e9bbc6d4b168e625bc9426c27 Author: Alex Deucher Date: Wed Feb 16 21:17:04 2011 -0500 drm/radeon/kms: add missing frac fb div flag for dce4+ commit 9f4283f49f0a96a64c5a45fe56f0f8c942885eef upstream. The fixed ref/post dividers are set by the AdjustPll table rather than the ss info table on dce4+. Make sure we enable the fractional feedback dividers when using a fixed post or ref divider on them as well. Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=29272 Signed-off-by: Alex Deucher Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 7401529300ced9e10bf396aa3bffd60970d002a7 Author: Stanislaw Gruszka Date: Sat Feb 12 21:06:51 2011 +0100 PM / Hibernate: Return error code when alloc_image_page() fails commit 2e725a065b0153f0c449318da1923a120477633d upstream. Currently we return 0 in swsusp_alloc() when alloc_image_page() fails. Fix that. Also remove unneeded "error" variable since the only useful value of error is -ENOMEM. [rjw: Fixed up the changelog and changed subject.] Signed-off-by: Stanislaw Gruszka Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit 8cc8e3f986fcb39f707e32f68d12a896f673dba0 Author: Jacob Pan Date: Thu Feb 17 16:58:21 2011 -0800 x86, mrst: Set correct APB timer IRQ affinity for secondary cpu This is a backport for 2.6.37 stable. The original commit ID is 6550904ddbc3c286798a87edf95eeebcc62bc58a Offlining the secondary CPU causes the timer irq affinity to be set to CPU 0. When the secondary CPU is back online again, the wrong irq affinity will be used. This patch ensures secondary per CPU timer always has the correct IRQ affinity when enabled. Signed-off-by: Jacob Pan LKML-Reference: <1294963604-18111-1-git-send-email-jacob.jun.pan@linux.intel.com> Signed-off-by: H. Peter Anvin Signed-off-by: Greg Kroah-Hartman commit 780a56a9ead19b8605dc6a67cf3e1160eb780a04 Author: Martin Schwidefsky Date: Tue Feb 15 09:43:32 2011 +0100 s390: remove task_show_regs commit 261cd298a8c363d7985e3482946edb4bfedacf98 upstream. task_show_regs used to be a debugging aid in the early bringup days of Linux on s390. /proc//status is a world readable file, it is not a good idea to show the registers of a process. The only correct fix is to remove task_show_regs. Reported-by: Al Viro Signed-off-by: Martin Schwidefsky Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 4ac3a3e2845648ddbfdf62dde6eb5e50eb1b4a8c Author: Borislav Petkov Date: Thu Feb 17 14:57:02 2011 +0100 x86, hotplug: Fix powersavings with offlined cores on AMD Upstream commits: 93789b32dbf355e70f18b17a82e8661677a7f7fb, 1c9d16e35911090dee3f9313e6af13af623d66ee ea53069231f9317062910d6e772cca4ce93de8c8 made a CPU use monitor/mwait when offline. This is not the optimal choice for AMD wrt to powersavings and we'd prefer our cores to halt (i.e. enter C1) instead. For this, the same selection whether to use monitor/mwait has to be used as when we select the idle routine for the machine. With this patch, offlining cores 1-5 on a X6 machine allows core0 to boost again. [ hpa: putting this in urgent since it is a (power) regression fix ] Reported-by: Andreas Herrmann Cc: H. Peter Anvin Cc: Arjan van de Ven Cc: Len Brown Cc: Venkatesh Pallipadi Cc: Peter Zijlstra Signed-off-by: Borislav Petkov LKML-Reference: <1295534572-10730-1-git-send-email-bp@amd64.org> Signed-off-by: H. Peter Anvin Signed-off-by: Greg Kroah-Hartman commit 1b461f1d7997b56e27d43ceda8bddbdee2071cc4 Author: NeilBrown Date: Wed Feb 16 13:08:35 2011 +1100 nfsd: correctly handle return value from nfsd_map_name_to_* commit 47c85291d3dd1a51501555000b90f8e281a0458e upstream. These functions return an nfs status, not a host_err. So don't try to convert before returning. This is a regression introduced by 3c726023402a2f3b28f49b9d90ebf9e71151157d; I fixed up two of the callers, but missed these two. Reported-by: Herbert Poetzl Signed-off-by: NeilBrown Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman commit 640ac0ff9c192e857f939f8ac7d5a3e5f174f93a Author: Rafael J. Wysocki Date: Thu Feb 17 10:34:41 2011 +0100 ACPI / Wakeup: Enable button GPEs unconditionally during initialization This is a backport of mainline kernel commit 2a5d24286e8bdafdc272b37ec5bdd9e977b3767c. Commit 9630bdd (ACPI: Use GPE reference counting to support shared GPEs) introduced a suspend regression where boxes resume immediately after being suspended due to the lid or sleep button wakeup status not being cleared properly. This happens if the GPEs corresponding to those devices are not enabled all the time, which apparently is expected by some BIOSes. To fix this problem, enable button and lid GPEs unconditionally during initialization and keep them enabled all the time, regardless of whether or not the ACPI button driver is used. References: https://bugzilla.kernel.org/show_bug.cgi?id=27372 Reported-and-tested-by: Ferenc Wágner Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit ba5e8f48f799e61d865adb2830bb78fce3267762 Author: Chris Wright Date: Mon Feb 14 17:21:49 2011 -0800 pci: use security_capable() when checking capablities during config space read commit a628e7b87e100befac9702aa0c3b9848a7685e49 upstream. This reintroduces commit 47970b1b which was subsequently reverted as f00eaeea. The original change was broken and caused X startup failures and generally made privileged processes incapable of reading device dependent config space. The normal capable() interface returns true on success, but the LSM interface returns 0 on success. This thinko is now fixed in this patch, and has been confirmed to work properly. So, once again...Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file open to read device dependent config space") caused the capability check to bypass security modules and potentially auditing. Rectify this by calling security_capable() when checking the open file's capabilities for config space reads. Reported-by: Eric Paris Tested-by: Dave Young Acked-by: James Morris Cc: Dave Airlie Cc: Alex Riesen Cc: Sedat Dilek Cc: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman commit 50194161bee65819784a08b5b7d4f2a2320ed8c2 Author: Chris Wright Date: Wed Feb 9 22:11:51 2011 -0800 security: add cred argument to security_capable() commit 6037b715d6fab139742c3df8851db4c823081561 upstream. Expand security_capable() to include cred, so that it can be usable in a wider range of call sites. Signed-off-by: Chris Wright Acked-by: Serge Hallyn Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman commit dcf2ef88e48b7257b23aa13b9358779c72609a2c Author: Tetsuo Handa Date: Mon Feb 7 13:36:16 2011 +0000 CRED: Fix memory and refcount leaks upon security_prepare_creds() failure commit fb2b2a1d37f80cc818fd4487b510f4e11816e5e1 upstream. In prepare_kernel_cred() since 2.6.29, put_cred(new) is called without assigning new->usage when security_prepare_creds() returned an error. As a result, memory for new and refcount for new->{user,group_info,tgcred} are leaked because put_cred(new) won't call __put_cred() unless old->usage == 1. Fix these leaks by assigning new->usage (and new->subscribers which was added in 2.6.32) before calling security_prepare_creds(). Signed-off-by: Tetsuo Handa Signed-off-by: David Howells Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 4c96bf3813d214d511fc8d14287868ec9f06ab9b Author: Tetsuo Handa Date: Mon Feb 7 13:36:10 2011 +0000 CRED: Fix BUG() upon security_cred_alloc_blank() failure commit 2edeaa34a6e3f2c43b667f6c4f7b27944b811695 upstream. In cred_alloc_blank() since 2.6.32, abort_creds(new) is called with new->security == NULL and new->magic == 0 when security_cred_alloc_blank() returns an error. As a result, BUG() will be triggered if SELinux is enabled or CONFIG_DEBUG_CREDENTIALS=y. If CONFIG_DEBUG_CREDENTIALS=y, BUG() is called from __invalid_creds() because cred->magic == 0. Failing that, BUG() is called from selinux_cred_free() because selinux_cred_free() is not expecting cred->security == NULL. This does not affect smack_cred_free(), tomoyo_cred_free() or apparmor_cred_free(). Fix these bugs by (1) Set new->magic before calling security_cred_alloc_blank(). (2) Handle null cred->security in creds_are_invalid() and selinux_cred_free(). Signed-off-by: Tetsuo Handa Signed-off-by: David Howells Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 05b3244cf2cfabcb523583cd3c1161d870e70898 Author: Dan Rosenberg Date: Mon Feb 14 16:04:23 2011 -0500 btrfs: prevent heap corruption in btrfs_ioctl_space_info() commit 51788b1bdd0d68345bab0af4301e7fa429277228 upstream. Commit bf5fc093c5b625e4259203f1cee7ca73488a5620 refactored btrfs_ioctl_space_info() and introduced several security issues. space_args.space_slots is an unsigned 64-bit type controlled by a possibly unprivileged caller. The comparison as a signed int type allows providing values that are treated as negative and cause the subsequent allocation size calculation to wrap, or be truncated to 0. By providing a size that's truncated to 0, kmalloc() will return ZERO_SIZE_PTR. It's also possible to provide a value smaller than the slot count. The subsequent loop ignores the allocation size when copying data in, resulting in a heap overflow or write to ZERO_SIZE_PTR. The fix changes the slot count type and comparison typecast to u64, which prevents truncation or signedness errors, and also ensures that we don't copy more data than we've allocated in the subsequent loop. Note that zero-size allocations are no longer possible since there is already an explicit check for space_args.space_slots being 0 and truncation of this value is no longer an issue. Signed-off-by: Dan Rosenberg Signed-off-by: Josef Bacik Reviewed-by: Josef Bacik Signed-off-by: Chris Mason Signed-off-by: Greg Kroah-Hartman commit f1b2cebcf9af845be13bbb8e4ad3df883579cb11 Author: Tetsuo Handa Date: Fri Feb 4 18:13:24 2011 +0000 CRED: Fix kernel panic upon security_file_alloc() failure. commit 78d2978874e4e10e97dfd4fd79db45bdc0748550 upstream. In get_empty_filp() since 2.6.29, file_free(f) is called with f->f_cred == NULL when security_file_alloc() returned an error. As a result, kernel will panic() due to put_cred(NULL) call within RCU callback. Fix this bug by assigning f->f_cred before calling security_file_alloc(). Signed-off-by: Tetsuo Handa Signed-off-by: David Howells Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 698b53e4e019a739b4e5a8f8807f3a2f77a2304f Author: Benjamin Tissoires Date: Sat Jan 8 12:15:42 2011 +0100 HID: Switch turbox/mosart touchscreen to hid-mosart commit c64f6f934c7490faff76faf96217066a1b3570a0 upstream. This device used the MULTI_INPUT quirk whereas it could be used with hid-mosart instead to support the multitouch part. Reference: https://bugs.launchpad.net/ubuntu/+bug/620609/ Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina Signed-off-by: Greg Kroah-Hartman commit 3f70e4bd11caf51bd85bc8e375c7ca911acd9fd5 Author: Benjamin Tissoires Date: Sat Jan 8 12:15:41 2011 +0100 HID: add Add Cando touch screen 10.1-inch product id commit bc5ab083a68bfec212780281f8e57d871d8882a0 upstream. This device has been reported to be an hid-cando one. Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina Signed-off-by: Greg Kroah-Hartman commit 4b4c00442a5b15db619feb2b0d0b841b5ba748d8 Author: Dave Chinner Date: Fri Jan 28 11:20:46 2011 +1100 xfs: fix dquot shaker deadlock commit 0fbca4d1c3932c27c4794bf5c2b5fc961cf5a54f upstream. Commit 368e136 ("xfs: remove duplicate code from dquot reclaim") fails to unlock the dquot freelist when the number of loop restarts is exceeded in xfs_qm_dqreclaim_one(). This causes hangs in memory reclaim. Rework the loop control logic into an unwind stack that all the different cases jump into. This means there is only one set of code that processes the loop exit criteria, and simplifies the unlocking of all the items from different points in the loop. It also fixes a double increment of the restart counter from the qi_dqlist_lock case. Reported-by: Malcolm Scott Signed-off-by: Dave Chinner Reviewed-by: Alex Elder Cc: Arkadiusz Miskiewicz Signed-off-by: Greg Kroah-Hartman commit add80d75112c7884beedb9f4fe839a7399405075 Author: Dan Carpenter Date: Fri Jan 7 16:41:54 2011 -0300 av7110: check for negative array offset commit cb26a24ee9706473f31d34cc259f4dcf45cd0644 upstream. info->num comes from the user. It's type int. If the user passes in a negative value that would cause memory corruption. Signed-off-by: Dan Carpenter Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit b28e91f84d37743741afae8b2d7b75a09910e702 Author: Stefan Bader Date: Thu Jan 27 10:03:14 2011 -0500 xen/p2m: Mark INVALID_P2M_ENTRY the mfn_list past max_pfn. commit cf04d120d9413de581437cf9a29f138ec1178f65 upstream. In case the mfn_list does not have enough entries to fill a p2m page we do not want the entries from max_pfn up to the boundary to be filled with unknown values. Hence set them to INVALID_P2M_ENTRY. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Stefan Bader Signed-off-by: Greg Kroah-Hartman commit 73e33bd8bd1d5291b317a67c5a8a3fc487056dbe Author: Stefan Bader Date: Thu Jan 20 15:38:23 2011 +0100 xen: p2m: correctly initialize partial p2m leaf commit 8e1b4cf2108488ccfb9a3e7ed7cd85a435e01d4b upstream. After changing the p2m mapping to a tree by commit 58e05027b530ff081ecea68e38de8d59db8f87e0 xen: convert p2m to a 3 level tree and trying to boot a DomU with 615MB of memory, the following crash was observed in the dump: kernel direct mapping tables up to 26f00000 @ 1ec4000-1fff000 BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] xen_set_pte+0x27/0x60 *pdpt = 0000000000000000 *pde = 0000000000000000 Adding further debug statements showed that when trying to set up pfn=0x26700 the returned mapping was invalid. pfn=0x266ff calling set_pte(0xc1fe77f8, 0x6b3003) pfn=0x26700 calling set_pte(0xc1fe7800, 0x3) Although the last_pfn obtained from the startup info is 0x26700, which should in turn not be hit, the additional 8MB which are added as extra memory normally seem to be ok. This lead to looking into the initial p2m tree construction, which uses the smaller value and assuming that there is other code handling the extra memory. When the p2m tree is set up, the leaves are directly pointed to the array which the domain builder set up. But if the mapping is not on a boundary that fits into one p2m page, this will result in the last leaf being only partially valid. And as the invalid entries are not initialized in that case, things go badly wrong. I am trying to fix that by checking whether the current leaf is a complete map and if not, allocate a completely new page and copy only the valid pointers there. This may not be the most efficient or elegant solution, but at least it seems to allow me booting DomUs with memory assignments all over the range. BugLink: http://bugs.launchpad.net/bugs/686692 [v2: Redid a bit of commit wording and fixed a compile warning] Signed-off-by: Stefan Bader Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Greg Kroah-Hartman commit 7511217f502665d704985c4face6bea882648ffc Author: Jesse Barnes Date: Wed Jan 5 14:45:24 2011 -0800 drm/i915: make DP training try a little harder commit 37f809755845cc3e18e8216c04525bdb885fa13b upstream. When trying to do channel equalization, we need to make sure we still have clock recovery on all lanes while training. We also need to try clock recovery again if we lose the clock or if channel eq fails 5 times. We'll try clock recovery up to 5 more times before giving up entirely. Gets suspend/resume working on my Vaio again and brings us back into compliance with the DP training sequence spec. Signed-off-by: Jesse Barnes Signed-off-by: Chris Wilson Signed-off-by: Greg Kroah-Hartman commit c2fa42bddd9caa19f0e3fa336da3899f1403b2bc Author: Brian Gerst Date: Mon Jan 17 07:32:10 2011 -0500 x86: Clear irqstack thread_info commit 7b698ea377e10b074ceef0d79218e6622d618421 upstream. Mathias Merz reported that v2.6.37 failed to boot on his system. Make sure that the thread_info part of the irqstack is initialized to zeroes. Reported-and-Tested-by: Matthias Merz Signed-off-by: Brian Gerst Acked-by: Pekka Enberg Cc: Arjan van de Ven Cc: Linus Torvalds LKML-Reference: Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit b7fad097644503bacafb8727df0cf9c7c6e37625 Author: Thomas Renninger Date: Mon Jan 3 17:50:45 2011 +0100 perf timechart: Adjust perf timechart to the new power events commit 20c457b8587bee4644d998331d9e13be82e05b4c upstream. [This patch is part of mainline git commit 20c457b8587bee4644d9. This should fix: http://www.mail-archive.com/linux-perf-users@vger.kernel.org/msg00057.html The regression was introduced by git commit: 4c21adf26f8fcf86a755b9b9f55c2e9fd241e1fb] builtin-timechart must only pass -e power:xy events if they are supported by the running kernel, otherwise try to fetch the old power:power{start,end} events. For this I added the tiny helper function: int is_valid_tracepoint(const char *event_string) to parse-events.[hc], which could be more generic as an interface and support hardware/software/... events, not only tracepoints, but someone else could extend that if needed... Signed-off-by: Thomas Renninger Acked-by: Arjan van de Ven Acked-by: Jean Pihet LKML-Reference: <1294073445-14812-4-git-send-email-trenn@suse.de> Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman commit 8e6b41c76c5b8a27b2abd7b9f6ed0877987fd11b Author: Chase Douglas Date: Tue Jan 11 19:37:50 2011 +0100 HID: magicmouse: Don't report REL_{X, Y} for Magic Trackpad [ Linus' tree commit 6a66bbd693c12f71697c61207aa18bc5a12da0ab ] With the recent switch to having the hid layer handle standard axis initialization, the Magic Trackpad now reports relative axes. This would be fine in the normal mode, but the driver puts the device in multitouch mode where no relative events are generated. Also, userspace software depends on accurate axis information for device type detection. Thus, ignoring the relative axes from the Magic Trackpad is best. Signed-off-by: Chase Douglas Signed-off-by: Jiri Kosina Signed-off-by: Greg Kroah-Hartman commit 922d5699248b22e97a45b175966f19c8f77fe6d3 Author: Jochen Friedrich Date: Mon Jan 3 12:09:05 2011 +0100 ARM: 6606/1: sa1100: Fix platform device registration commit 4f444e2b59dd4255d121b57ec41a4a8c5d6bce46 upstream. Since commit 7a5b4e16c880f8350d255dc188f81622905618c1, simpad devices don't boot anymore, since platform devices are registered too early. Fix by moving the registration from map_io to arch_initcall as done on other sa1100 boards. Signed-off-by: Jochen Friedrich Acked-by: Kristoffer Ericson Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit 385979a2a621ab3c0d740d552ad243f82697cd48 Author: Dave Airlie Date: Fri Jan 7 09:57:41 2011 +1000 vt: fix issue when fbcon wants to takeover a second time. commit c55c63c6539499379ab4a7e8a5c0f857351fb946 upstream. With framebuffer handover and multiple GPUs, we get into a position where the fbcon unbinds the vesafb framebuffer for GPU 1, but we still have a radeon framebuffer bound from GPU 0, so we don't unregister the console driver. Then when we tried to bind the new radeon framebuffer for GPU1 we never get to the bind call as we fail due to the console being registered already. This changes the return value to -EBUSY when the driver is already registered and continues to bind for -EBUSY. Signed-off-by: Dave Airlie Cc: Alan Cox Signed-off-by: Greg Kroah-Hartman commit 91c7f5956bb12cc73d7f31c2f9abdcedced5af9f Author: Ben Hutchings Date: Sat Dec 25 16:17:32 2010 +0000 drm/nouveau: Only select ACPI_VIDEO if its dependencies are met commit c42988012ad9c1807b7c7a5ff855cd630094989b upstream. CONFIG_ACPI_VIDEO depends on more than just CONFIG_ACPI, so add those dependencies to the Kconfig select condition. The case where some dependencies fail to be satisfied should be handled correctly, because in that case the ACPI_VIDEO symbols we use are converted into static-inline stubs. Signed-off-by: Ben Hutchings Signed-off-by: Francisco Jerez Signed-off-by: Ben Skeggs Cc: Nick Bowler Signed-off-by: Greg Kroah-Hartman commit 94a99842f0e2738d338e5256a7cca4b8e30adf94 Author: Alex Deucher Date: Mon Feb 14 11:43:11 2011 -0500 drm/radeon/kms: hopefully fix pll issues for real (v3) commit 5b40ddf888398ce4cccbf3b9d0a18d90149ed7ff upstream. The problematic boards have a recommended reference divider to be used when spread spectrum is enabled on the laptop panel. Enable the use of the recommended reference divider along with the new pll algo. v2: testing options v3: When using the fixed reference divider with LVDS, prefer min m to max p and use fractional feedback dividers. Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=28852 https://bugzilla.kernel.org/show_bug.cgi?id=24462 https://bugzilla.kernel.org/show_bug.cgi?id=26552 MacbookPro issues reported by Justin Mattock Signed-off-by: Alex Deucher Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 554ca65be6aeb633ad49dc458ddb727b2b59f54c Author: Alex Deucher Date: Mon Feb 14 11:43:10 2011 -0500 drm/radeon/kms: add bounds checking to avivo pll algo commit a4b40d5d97f5c9ad0b7f4bf2818291ca184bb433 upstream. Prevent divider overflow. Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=28932 Signed-off-by: Alex Deucher Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 3fadd4eaba1c84a917e99643e8a352f24388a703 Author: Alex Deucher Date: Sun Feb 13 18:42:41 2011 -0500 drm/radeon/kms: improve 6xx/7xx CS error output commit c2049b3d29f47ed3750226dc51251a3404c85876 upstream. Makes debugging CS rejections much easier. Signed-off-by: Alex Deucher Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit e9eb2c297f918be46e36dd86b7e88cabdc3e22df Author: Alex Deucher Date: Mon Feb 7 13:15:28 2011 -0500 drm/radeon/kms: add connector table for mac g5 9600 commit 9fad321ac6bedd96f449754a1a25289ea1789a49 upstream. PPC Mac cards do not provide connector tables in their vbios. Their connector/encoder configurations must be hardcoded in the driver. verified by nyef on #radeon Signed-off-by: Alex Deucher Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 67568e388b203c7e9b1d5716799a9895a4177926 Author: Dave Airlie Date: Mon Feb 7 12:00:51 2011 +1000 drm/radeon: fix memory debugging since d961db75ce86a84f1f04e91ad1014653ed7d9f46 commit 16f9fdcbcce74102bed9a4b7ccc1fb05b5dd6ca3 upstream. The old code dereferenced a value, the new code just needs to pass the ptr. fixes an oops looking at files in debugfs. Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 0e1e47198c03442db45e7287b890c9acc7dce084 Author: Alex Deucher Date: Sun Feb 6 14:23:26 2011 -0500 drm/radeon/kms: fix interlaced modes on dce4+ commit c9417bdd4c6b1b92a21608c07e83afa419c7bb62 upstream. - set scaler table clears the interleave bit, need to reset it in encoder quirks, this was already done for pre-dce4. - remove the interleave settings from set_base() functions this is now handled in the encoder quirks functions, and isn't technically part of the display base setup. - rename evergreen_do_set_base() to dce4_do_set_base() since it's used on both evergreen and NI asics. Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=28182 Signed-off-by: Alex Deucher Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 72dbf48873c4bfaf68e400096941e30366fbb6e1 Author: Chris Wilson Date: Wed Feb 9 20:01:16 2011 +0000 drm/i915/sdvo: If we have an EDID confirm it matches the mode of the connection commit 139467433e50926d22338e9dc754feaaf94b9db0 upstream. If we have an EDID for a digital panel, but we are probing a non-TMDS connector then we know that this is a false detection, and vice versa. This should reduce the number of bogus outputs on multi-function adapters that report the same output on multiple connectors. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=34101 Reported-by: Sebastien Caty Tested-by: Sebastien Caty Signed-off-by: Chris Wilson Signed-off-by: Greg Kroah-Hartman commit da0ec09d40f661a82cf803f48d4cbc76dc15c715 Author: Kashyap, Desai Date: Thu Feb 10 11:53:44 2011 +0530 mptfusion: Fix Incorrect return value in mptscsih_dev_reset commit bcfe42e98047f1935c5571c8ea77beb2d43ec19d upstream. There's a branch at the end of this function that is supposed to normalize the return value with what the mid-layer expects. In this one case, we get it wrong. Also increase the verbosity of the INFO level printk at the end of mptscsih_abort to include the actual return value and the scmd->serial_number. The reason being success or failure is actually determined by the state of the internal tag list when a TMF is issued, and not the return value of the TMF cmd. The serial_number is also used in this decision, thus it's useful to know for debugging purposes. Reported-by: Peter M. Petrakis Signed-off-by: Kashyap Desai Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit 1f5a5cc0c277059f208133895327297ce1492f06 Author: Kashyap, Desai Date: Thu Feb 10 11:52:21 2011 +0530 mptfusion: mptctl_release is required in mptctl.c commit 84857c8bf83e8aa87afc57d2956ba01f11d82386 upstream. Added missing release callback for file_operations mptctl_fops. Without release callback there will be never freed. It remains on mptctl's eent list even after the file is closed and released. Relavent RHEL bugzilla is 660871 Signed-off-by: Kashyap Desai Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit a8ebfc0286ec46f4367d77a4f02938c611bbc3bd Author: Konstantin Khorenko Date: Tue Feb 1 17:16:29 2011 +0300 NFSD: memory corruption due to writing beyond the stat array commit 3aa6e0aa8ab3e64bbfba092c64d42fd1d006b124 upstream. If nfsd fails to find an exported via NFS file in the readahead cache, it should increment corresponding nfsdstats counter (ra_depth[10]), but due to a bug it may instead write to ra_depth[11], corrupting the following field. In a kernel with NFSDv4 compiled in the corruption takes the form of an increment of a counter of the number of NFSv4 operation 0's received; since there is no operation 0, this is harmless. In a kernel with NFSDv4 disabled it corrupts whatever happens to be in the memory beyond nfsdstats. Signed-off-by: Konstantin Khorenko Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman commit af9a4eb329e0f6cf580218205d2f0c2d76587c62 Author: Greg Kroah-Hartman Date: Thu Feb 24 10:17:04 2011 -0800 Revert "USB: prevent buggy hubs from crashing the USB stack" This reverts commit de3e365127bc56dd0b1f8d684b184d43efcd50b4 as it breaks the musb host controller. This patch will come back after the musb fix goes upstream to Linus's tree. Cc: Alan Stern Cc: Perry Neben Cc: Felipe Balbi Cc: Alexander Holler Signed-off-by: Greg Kroah-Hartman