| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
VF Driver should use mailbox command timeout specified in t4fw_interface.h
rather than hard-coded value of 500ms.
Signed-off-by: Casey Leedom <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
When a Virtual Machine is rebooted, KVM currently fails to issue a Function
Level Reset against any "Attached PCI Devices" (AKA "PCI Passthrough"). In
addition to leaving the attached device in a random state in the next booted
kernel (which sort of violates the entire idea of a reboot reseting hardware
state), this leaves our peer thinking that the link is still up. (Note that
a bug has been filed with the KVM folks, #25332, but there's been no
response on that as of yet.) So, we add a "->shutdown()" method for the
Virtual Function PCI Device to handle administrative shutdowns like a
reboot.
Signed-off-by: Casey Leedom <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
When CONFIG_DEBUG_FS we get "ERR_PTR()"s back from the debugfs routines
instead of NULL. Use the right predicates to check for this.
Signed-off-by: Casey Leedom <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Check module parameter validity in the module initialization routine instead
of the PCI Device Probe routine.
Signed-off-by: Casey Leedom <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The problematic boards have a recommended reference divider
to be used when spread spectrum is enabled on the laptop panel.
Enable the use of the recommended reference divider along with
the new pll algo.
v2: testing options
v3: When using the fixed reference divider with LVDS, prefer
min m to max p and use fractional feedback dividers.
Fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=28852
https://bugzilla.kernel.org/show_bug.cgi?id=24462
https://bugzilla.kernel.org/show_bug.cgi?id=26552
MacbookPro issues reported by Justin Mattock <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
Signed-off-by: Dave Airlie <[email protected]>
|
|
Prevent divider overflow.
Fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=28932
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
Signed-off-by: Dave Airlie <[email protected]>
|
|
A few wrong usages of drm_device, which should be drm_driver.
Signed-off-by: Xiao Jiang <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
* 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm:
ARM: 6657/1: hw_breakpoint: fix ptrace breakpoint advertising on unsupported arch
ARM: 6656/1: hw_breakpoint: avoid UNPREDICTABLE behaviour when reading DBGDSCR
ARM: 6658/1: collie: do actually pass locomo_info to locomo driver
ARM: 6659/1: Thumb-2: Make CONFIG_OABI_COMPAT depend on !CONFIG_THUMB2_KERNEL
ARM: 6654/1: perf/oprofile: fix off-by-one in stack check
ARM: fixup SMP alternatives in modules
ARM: make SWP emulation explicit on !CPU_USE_DOMAINS
ARM: Avoid building unsafe kernels on OMAP2 and MX3
ARM: pxa: Properly configure PWM period for palm27x
ARM: pxa: only save/restore registers when pm functions are defined
ARM: pxa/colibri: use correct SD detect pin
ARM: pxa: fix mfpr_sync to read from valid offset
|
|
The bug reporter claims that position_fix=1 is needed for his
microphone to work. The controller PCI vendor-id is [1002:4383] (rev 40).
Reported-by: Kjell L.
BugLink: http://bugs.launchpad.net/bugs/718402
Cc: [email protected]
Signed-off-by: David Henningsson <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Use strlcpy() to assure not to overflow the string array sizes by
too long USB device name string.
Reported-by: Rafa <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
With the specification of hardware,
the processing at the time of driver starting was modified.
This device write automatically the MAC address read from serial ROM
into a MAC Adress1A/1B register at the time of power on reset.
However, when stable clock is not supplied,
the writing of MAC Adress1A/1B register may not be completed.
In this case, it is necessary to load MAC address to MAC Address1A/1B register
by the MAC Address1 load register.
This patch always does the above processing,
in order not to be dependent on system environment.
Signed-off-by: Toshiharu Okada <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Fixes this build warning:
drivers/net/wireless/iwlwifi/iwl-3945.c:411:13: warning: 'iwl3945_good_plcp_health' defined but not used
As per Johannes Berg.
Signed-off-by: David S. Miller <[email protected]>
|
|
I add the check on the return value of alloc_extent_map() to several places.
In addition, alloc_extent_map() returns only the address or NULL.
Therefore, check by IS_ERR() is unnecessary. So, I remove IS_ERR() checking.
Signed-off-by: Tsutomu Itoh <[email protected]>
Signed-off-by: Chris Mason <[email protected]>
|
|
Memory allocated by calling kstrdup() should be freed.
Signed-off-by: Ilya Dryomov <[email protected]>
Signed-off-by: Chris Mason <[email protected]>
|
|
Commit bf5fc093c5b625e4259203f1cee7ca73488a5620 refactored
btrfs_ioctl_space_info() and introduced several security issues.
space_args.space_slots is an unsigned 64-bit type controlled by a
possibly unprivileged caller. The comparison as a signed int type
allows providing values that are treated as negative and cause the
subsequent allocation size calculation to wrap, or be truncated to 0.
By providing a size that's truncated to 0, kmalloc() will return
ZERO_SIZE_PTR. It's also possible to provide a value smaller than the
slot count. The subsequent loop ignores the allocation size when
copying data in, resulting in a heap overflow or write to ZERO_SIZE_PTR.
The fix changes the slot count type and comparison typecast to u64,
which prevents truncation or signedness errors, and also ensures that we
don't copy more data than we've allocated in the subsequent loop. Note
that zero-size allocations are no longer possible since there is already
an explicit check for space_args.space_slots being 0 and truncation of
this value is no longer an issue.
Signed-off-by: Dan Rosenberg <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
Reviewed-by: Josef Bacik <[email protected]>
Signed-off-by: Chris Mason <[email protected]>
|
|
Mark the cloned backref_node as checked in clone_backref_node()
Signed-off-by: Yan, Zheng <[email protected]>
Signed-off-by: Chris Mason <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
|
|
The statement 'select CAN_SOFTING' may ignore the dependancies
for CAN_SOFTING while selecting CAN_SOFTING_CS, as is therefore a bad choice.
Signed-off-by: Kurt Van Dijck <[email protected]>
Acked-by: Randy Dunlap <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
|
|
* 'devicetree/merge' of git://git.secretlab.ca/git/linux-2.6:
Revert "dt: add documentation of ARM dt boot interface"
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'rtc-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
RTC: Fix minor compile warning
RTC: Convert rtc drivers to use the alarm_irq_enable method
RTC: Fix rtc driver ioctl specific shortcutting
|
|
Btrfs tracks uptodate state in an rbtree as well as in the
page bits. This is supposed to enable us to use block sizes other than
the page size, but there are a few parts still missing before that
completely works.
But, our readpage routine trusts this additional range based tracking
of uptodateness, much in the same way the buffer head up to date bits
are trusted for the other filesystems.
The problem is that sometimes we need to allocate memory in order to
split records in the rbtree, even when we are just clearing bits. This
can be difficult when our clearing function is called GFP_ATOMIC, which
can happen in the releasepage path.
So, what happens today looks like this:
releasepage called with GFP_ATOMIC
btrfs_releasepage calls clear_extent_bit
clear_extent_bit fails to allocate ram, leaving the up to date bit set
btrfs_releasepage returns success
The end result is the page being gone, but btrfs thinking the range is
up to date. Later on if someone tries to read that same page, the
btrfs readpage code will return immediately thinking the page is already
up to date.
This commit fixes things to fail the releasepage when we can't clear the
extent state bits. It covers both data pages and metadata tree blocks.
Signed-off-by: Chris Mason <[email protected]>
|
|
There is a race where btrfs_releasepage can drop the
page->private contents just as alloc_extent_buffer is setting
up pages for metadata. Because of how the Btrfs page flags work,
this results in us skipping the crc on the page during IO.
This patch sovles the race by waiting until after the extent buffer
is inserted into the radix tree before it sets page private.
Signed-off-by: Chris Mason <[email protected]>
|
|
As noticed by Eric, nf_iterate doesn't use RCU correctly by
accessing the prev pointer of a RCU protected list element when
a verdict of NF_REPEAT is issued.
Fix by jumping backwards to the hook invocation directly instead
of loading the previous list element before continuing the list
iteration.
Reported-by: Eric Dumazet <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Signed-off-by: Patrick McHardy <[email protected]>
|
|
Signed-off-by: Raymond Yau <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
4795bb37effb7b8fe77e2d2034545d062d3788a8 "nfsd: break lease on unlink,
link, and rename", only broke the lease on the file that was being
renamed, and didn't handle the case where the target path refers to an
already-existing file that will be unlinked by a rename--in that case
the target file should have any leases broken as well.
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
Instead of acquiring one lease each time another client opens a file,
nfsd can acquire just one lease to represent all of them, and reference
count it to determine when to release it.
This fixes a regression introduced by
c45821d263a8a5109d69a9e8942b8d65bcd5f31a "locks: eliminate fl_mylease
callback": after that patch, only the struct file * is used to determine
who owns a given lease. But since we recently converted the server to
share a single struct file per open, if we acquire multiple leases on
the same file from nfsd, it then becomes impossible on unlocking a lease
to determine which of those leases (all of whom share the same struct
file *) we meant to remove.
Thanks to Takashi Iwai <[email protected]> for catching a bug in a previous
version of this patch.
Tested-by: Takashi Iwai <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
Modify fi_delegations only under the recall_lock, allowing us to use
that list on lease breaks.
Also some trivial cleanup to simplify later changes.
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
These aren't all that useful, and get in the way of the next steps.
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
Splitting some code into a separate function which we'll be adding some
more to.
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
Also share some common exit code.
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
We'll be adding some more code here soon.
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
If nfsd fails to find an exported via NFS file in the readahead cache, it
should increment corresponding nfsdstats counter (ra_depth[10]), but due to a
bug it may instead write to ra_depth[11], corrupting the following field.
In a kernel with NFSDv4 compiled in the corruption takes the form of an
increment of a counter of the number of NFSv4 operation 0's received; since
there is no operation 0, this is harmless.
In a kernel with NFSDv4 disabled it corrupts whatever happens to be in the
memory beyond nfsdstats.
Signed-off-by: Konstantin Khorenko <[email protected]>
Cc: [email protected]
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
Bugs introduced in 85a56480191ca9f08fc775c129b9eb5c8c1f2c05
"NFSD: Update XDR decoders in NFSv4 callback client"
Cc: Chuck Lever <[email protected]>
Signed-off-by: Benny Halevy <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
The exit cleanup isn't quite right here.
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
This reverts commit 9830fcd6f6a4781d8b46d2b35c13b39f30915c63.
The ARM dt support has not been merged yet; this documentation update
was premature.
Signed-off-by: Grant Likely <[email protected]>
|
|
After executing the matching works, a rescuer leaves the gcwq whether
there are more pending works or not. This may decrease the
concurrency level to zero and stall execution until a new work item is
queued on the gcwq.
Make rescuer wake up a regular worker when it leaves a gcwq if there
are more works to execute, so that execution isn't stalled.
Signed-off-by: Tejun Heo <[email protected]>
Reported-by: Ray Jui <[email protected]>
Cc: [email protected]
|
|
We use it in non __cpuinit code now too so drop marker.
Signed-off-by: Borislav Petkov <[email protected]>
LKML-Reference: <20110211171754.GA21047@aftab>
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Slave-dma has become the predominant usage model for dmaengine and needs
special attention. Memory-to-memory dma usage cases will continue to be
maintained by Dan.
Cc: Alan Cox <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
|
|
Currently when two or more buffers are queued by the camera driver
and so the double buffering is enabled in the idmac, we lose one
frame comming from CSI since the reporting of arrival of the first
frame is deferred by the DMAIC_7_EOF interrupt handler and reporting
of the arrival of the last frame is not done at all. So when requesting
N frames from the image sensor we actually receive N - 1 frames in
user space.
The reason for this behaviour is that the DMAIC_7_EOF interrupt
handler misleadingly assumes that the CUR_BUF flag is pointing to the
buffer used by the IDMAC. Actually it is not the case since the
CUR_BUF flag will be flipped by the FSU when the FSU is sending the
<TASK>_NEW_FRM_RDY signal when new frame data is delivered by the CSI.
When sending this singal, FSU updates the DMA_CUR_BUF and the
DMA_BUFx_RDY flags: the DMA_CUR_BUF is flipped, the DMA_BUFx_RDY
is cleared, indicating that the frame data is beeing written by
the IDMAC to the pointed buffer. DMA_BUFx_RDY is supposed to be
set to the ready state again by the MCU, when it has handled the
received data. DMAIC_7_CUR_BUF flag won't be flipped here by the
IPU, so waiting for this event in the EOF interrupt handler is wrong.
Actually there is no spurious interrupt as described in the comments,
this is the valid DMAIC_7_EOF interrupt indicating reception of the
frame from CSI.
The patch removes code that waits for flipping of the DMAIC_7_CUR_BUF
flag in the DMAIC_7_EOF interrupt handler. As the comment in the
current code denotes, this waiting doesn't help anyway. As a result
of this removal the reporting of the first arrived frame is not
deferred to the time of arrival of the next frame and the drivers
software flag 'ichan->active_buffer' is in sync with DMAIC_7_CUR_BUF
flag, so the reception of all requested frames works.
This has been verified on the hardware which is triggering the
image sensor by the programmable state machine, allowing to
obtain exact number of frames. On this hardware we do not tolerate
losing frames.
This patch also removes resetting the DMA_BUFx_RDY flags of
all channels in ipu_disable_channel() since transfers on other
DMA channels might be triggered by other running tasks and the
buffers should always be ready for data sending or reception.
Signed-off-by: Anatolij Gustschin <[email protected]>
Reviewed-by: Guennadi Liakhovetski <[email protected]>
Tested-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
git://git.linaro.org/people/jstultz/linux into timers/urgent
|
|
This PCH_GBE driver had an issue that the receiving data is not normal.
This driver had not removed correctly the padding data
which the DMA include in receiving data.
This patch fixed this issue.
Signed-off-by: Toshiharu Okada <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This patch enables it by default when the driver starts.
This has been required by many people and seems to actually be
useful on STB.
At any rate, the WoL modes can be selected and turned-on/off
by using the ethtool at run-time by users.
Signed-off-by: Giuseppe Cavallaro <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
alloc_skb() interact badly.
If alloc_skb() fails to allocate memory and returns NULL then we want to
return -ENOMEM from drivers/atm/solos-pci.c::popen() regardless of the
value of net_ratelimit(). The way the code is today, we may not return if
net_ratelimit() returns 0, then we'll proceed to pass a NULL pointer to
skb_put() which will blow up in our face.
This patch ensures that we always return -ENOMEM on alloc_skb() failure
and only let the dev_warn() be controlled by the value of net_ratelimit().
Signed-off-by: Jesper Juhl <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
In drivers/net/usb/hso.c::hso_create_bulk_serial_device() we have this
code:
...
serial = kzalloc(sizeof(*serial), GFP_KERNEL);
if (!serial)
goto exit;
...
exit:
hso_free_tiomget(serial);
...
hso_free_tiomget() directly dereferences its argument, which in the
example above is a NULL pointer, ouch.
I could just add a 'if (serial)' test at the 'exit' label, but since most
freeing functions in the kernel accept NULL pointers (and it seems like
this was also assumed here) I opted to instead change 'hso_free_tiomget()'
so that it is safe to call it with a NULL argument. I also modified the
function to get rid of a pointles conditional before the call to
'usb_free_urb()' since that function already tests for NULL itself -
besides fixing the NULL deref this change also buys us a few bytes in
size.
Before:
$ size drivers/net/usb/hso.o
text data bss dec hex filename
32200 592 9960 42752 a700 drivers/net/usb/hso.o
After:
$ size drivers/net/usb/hso.o
text data bss dec hex filename
32196 592 9960 42748 a6fc drivers/net/usb/hso.o
Signed-off-by: Jesper Juhl <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Commit c0e69a5bbc6f ("klist.c: bit 0 in pointer can't be used as flag")
intended to make sure that all klist objects were at least pointer size
aligned, but used the constant "4" which only works on 32-bit.
Use "sizeof(void *)" which is correct in all cases.
Signed-off-by: David S. Miller <[email protected]>
Acked-by: Jesper Nilsson <[email protected]>
Cc: stable <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Jesper Juhl noticed that l2_pull_iqueue() does not
check to see if alloc_skb() fails.
Fix this by first trying to reallocate the headroom
if necessary, rather than later after we've made hard
to undo state changes.
Reported-by: Jesper Juhl <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|