Commit graph

222194 commits

Author SHA1 Message Date
Jiri Olsa
e045fec489 tty: prevent DOS in the flush_to_ldisc
There's a small window inside the flush_to_ldisc function,
where the tty is unlocked and calling ldisc's receive_buf
function. If in this window new buffer is added to the tty,
the processing might never leave the flush_to_ldisc function.

This scenario will hog the cpu, causing other tty processing
starving, and making it impossible to interface the computer
via tty.

I was able to exploit this via pty interface by sending only
control characters to the master input, causing the flush_to_ldisc
to be scheduled, but never actually generate any output.

To reproduce, please run multiple instances of following code.

- SNIP
#define _XOPEN_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

int main(int argc, char **argv)
{
        int i, slave, master = getpt();
        char buf[8192];

        sprintf(buf, "%s", ptsname(master));
        grantpt(master);
        unlockpt(master);

        slave = open(buf, O_RDWR);
        if (slave < 0) {
                perror("open slave failed");
                return 1;
        }

        for(i = 0; i < sizeof(buf); i++)
                buf[i] = rand() % 32;

        while(1) {
                write(master, buf, sizeof(buf));
        }

        return 0;
}
- SNIP

The attached patch (based on -next tree) fixes this by checking on the
tty buffer tail. Once it's reached, the current work is rescheduled
and another could run.

Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Cc: stable <stable@kernel.org>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 15:02:02 -08:00
Mikulas Patocka
c9bd9d01db 8250: add support for Kouwell KW-L221N-2
Add support for Kouwell KW-L221N-2 card.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:58:06 -08:00
Alan Cox
68e29655cc nozomi: Fix warning from the previous TIOCGCOUNT changes
Just remove a now unused variable

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:49:38 -08:00
Andres Salomon
dc98d96508 tty: fix warning in synclink driver
During builds I see the following warning -

  CC [M]  drivers/char/pcmcia/synclink_cs.o
drivers/char/pcmcia/synclink_cs.c:2194: warning: ‘mgslpc_get_icount’ defined but not used

The function is a callback meant to be assigned to get_icount (added during 0587102cf).
Fix accordingly.

Signed-off-by: Andres Salomon <dilinger@queued.net>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:36:23 -08:00
Alan Cox
65f8e441ed tty: Fix formatting in tty.h
Someone added a new ldisc number and messed up the tabbing. Fix it before
anyone else copies it.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:36:23 -08:00
Joe Perches
31a9f47aa0 Staging: udlfb.c: Fix k.alloc switched arguments
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Bernie Thompson <bernie@plugable.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:05:24 -08:00
Daniel Lichtenberger
43f88d530e Staging: rtl8192e: fix IOMMU memory leak
Unmap the rx buffer before mapping the new one in rtl8192_rx.

Failing to do so quickly exhausts the IOMMU memory during downloads:

[...] DMA: Out of SW-IOMMU space for 9100 bytes at device ...

Using "iommu=off mem=4g" also fixes the problem because
then pci_map_single does not allocate memory.

Tested on my personal laptop with a RTL8192E device. Without this
patch the kernel quickly runs out of IOMMU memory (downloading 5 MB
of data is sufficient to trigger it), with this patch applied
I haven't experienced any issues so far.

Signed-off-by: Daniel Lichtenberger <daniel.lichtenberger@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:05:23 -08:00
Vasiliy Kulikov
eacd121c3d staging: vt6656: implement missing brackets
Identation says that copy_to_user() should be called only iff
wrq->u.essid.pointer is not zero.  Also it is useless to call copy_to_user(0, ...).

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:05:23 -08:00
Larry Finger
705059a670 staging: rt2870: Add new USB ID for Belkin F6D4050 v1
Add new USB ID for FT2870 for Belkin F6D4050 v1

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported- and Tested-by: James Long <crogonint@yahoo.com>
Cc: Stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:05:23 -08:00
Brett Rudley
0d58fef68c staging: brcm80211: Maintainer change
Nohee => Dowan

Signed-off-by: Brett Rudley <brudley@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:05:23 -08:00
Julia Lawall
4fd68ae1a5 drivers/staging/brcm80211/brcmfmac/dhd_linux.c: delete double assignment
Delete successive assignments to the same location.  dhd_ops_virt contains
a subset of the definitions of dhd_ops_pri.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression i;
@@

*i = ...;
 i = ...;
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:05:22 -08:00
Julia Lawall
61241d97db drivers/staging: delete double assignment
Delete successive assignments to the same location.  In three of the cases,
the two assignments are identical.  In the case of the file
rt2860/common/cmm_aes.c, the assigned variable i is never used, so both
assignments are dropped.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression i;
@@

*i = ...;
 i = ...;
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 14:05:22 -08:00
Hauke Mehrtens
22b4dc5917 Staging: ath6kl: Adapt API changes in cfg80211
The cfg80211 API changed in commit e31b82136d

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:33:27 -08:00
Randy Dunlap
32a0fdf27c Staging: ath6kl: ATH6KL_CFG80211 depends on CFG80211
ATH6KL_CFG80211 should depend on CFG80211 to fix build errors:

ERROR: "wiphy_free" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_inform_bss_frame" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "__ieee80211_get_channel" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_get_bss" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "wiphy_unregister" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_connect_result" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_michael_mic_failure" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_ibss_joined" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_roamed" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_put_bss" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "wiphy_new" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "wiphy_register" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_disconnected" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_scan_done" [drivers/staging/ath6kl/ath6kl.ko] undefined!

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Vipin Mehta <vmehta@atheros.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:33:04 -08:00
Dan Carpenter
eccbf04a90 Staging: bcm: use get_user() to access user pointers
This fixes some places that dereference user pointers directly instead
of using get_user().

Please especially check my changes to IOCTL_BCM_GET_CURRENT_STATUS.  The
original code modified the struct which "arg" was pointing to.  I think
this was a bug in the original code and that we only wanted to write to
the OutputBuffer. Also with the original code you could read as much
memory as you wanted so I had to put a cap on OutputLength.  The only
value of OutputLength that makes sense is sizeof(LINK_STATE) so now if
OutputLength is not sizeof(LINK_STATE) it returns -EINVAL.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:32:36 -08:00
Dan Carpenter
4fc718a4b0 Staging: sst: add some __user anotations
This silences all the sparse warnings in intel_sst_app_interface.c.
It was just a matter of adding __user annotations, I didn't find any
real bugs here.  Quite a few of these were needed for stuff I added
earlier, sorry about that.

I removed a couple casts to (void *) that caused a warning like:
	drivers/staging/intel_sst/intel_sst_app_interface.c:606:27:
		warning: cast removes address space of expression
For example sst_drv_ctx->mailbox is already declared as
"void __iomem *mailbox" so casting it to void pointer isn't necessary
and it makes sparse complain because it removes the __user attribute.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: Vinod Koul <vinod.koul@intel.com>
Cc: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:31:49 -08:00
Dan Carpenter
08da782b1a Staging: sst: user pointers in intel_sst_mmap_play_capture()
There were some places in intel_sst_mmap_play_capture() that
dereferenced user pointers instead of copying the data to the kernel.

I removed the BUG_ON(!mmap_buf) and BUG_ON(!buf_entry) since those are
never possible in the current code.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: Vinod Koul <vinod.koul@intel.com>
Cc: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:31:48 -08:00
Dan Carpenter
e9f25689a8 Staging: sst: fixups in SNDRV_SST_STREAM_DECODE
This is another patch about copying data to the kernel before using it.

SNDRV_SST_STREAM_DECODE is sort of tricky because we need to do a
copy_from_user() that gives us another two pointers and we have copy
those.  Those again give us some more pointers that we have to copy.

Besides those problems, the code had a stack overflow:
-	struct snd_sst_buff_entry ibuf_temp[param->ibufs->entries],
-		obuf_temp[param->obufs->entries];
param->ibufs->entries comes from the user.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:30:49 -08:00
Dan Carpenter
bc704e31ed Staging: sst: more dereferencing user pointers
This is another patch about making a copy of the data into kernel space
before using it.  It is easy to trigger a kernel oops in the original
code.  If you passed a NULL to SNDRV_SST_SET_TARGET_DEVICE then it
called BUG_ON().  And SNDRV_SST_DRIVER_INFO would let you write the
information to arbitrary memory locations which is a security violation.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:30:48 -08:00
Dan Carpenter
3b97eed201 Staging: sst: dereferencing user pointers
This code dereferences user supplied pointers directly instead of doing
a copy_from_user().  Some kernel configs put user and kernel memory in
different address spaces so this code isn't portable.  Also the user
memory could be swapped out or in this case the pointer could just be
NULL leading to an oops.

Another thing is that it makes permission tests like this sort of
meaningless.
	if (minor == STREAM_MODULE && rec_mute->stream_id == 0) {
		retval = -EPERM;
		break;
	}
The user could set stream_id to 1 for the test and then change it later.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:30:48 -08:00
Vasiliy Kulikov
ea07a9f255 staging: stradis: fix error handling and information leak to userland
configure_saa7146() didn't free irq on error.
saa_open() didn't decrease reference count of saa on error.
saa_ioctl() leaked information from the kernel stack to userland as it
didn't fill copied structs with zeros.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:24:13 -08:00
Vasiliy Kulikov
c888d4e7b2 staging: cpia: fix camera file owner in cpia_open()
Use effective UID instead of real UID for camera owner.
There is no need to check for pending signals just before successfull
return.  Exit in case of pending signal also leaved camera in open state.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 13:24:12 -08:00
Eric Dumazet
332dd96f7a net/dst: dst_dev_event() called after other notifiers
Followup of commit ef885afbf8 (net: use rcu_barrier() in
rollback_registered_many)

dst_dev_event() scans a garbage dst list that might be feeded by various
network notifiers at device dismantle time.

Its important to call dst_dev_event() after other notifiers, or we might
enter the infamous msleep(250) in netdev_wait_allrefs(), and wait one
second before calling again call_netdevice_notifiers(NETDEV_UNREGISTER,
dev) to properly remove last device references.

Use priority -10 to let dst_dev_notifier be called after other network
notifiers (they have the default 0 priority)

Reported-by: Ben Greear <greearb@candelatech.com>
Reported-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reported-by: Octavian Purdila <opurdila@ixiacom.com>
Reported-by: Benjamin LaHaise <bcrl@kvack.org>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-09 12:17:16 -08:00
Wey-Yi Guy
7379efeacb iwlwifi: dont use pci_dev before it being assign
In order to use build-in debugging macro, pci_dev in priv need to be
assigned first.

This fix iwl3945 driver oopsed at boot with 2.6.37-rc1

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-09 14:25:46 -05:00
Linus Torvalds
f6614b7bb4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  cifs: fix a memleak in cifs_setattr_nounix()
  cifs: make cifs_ioctl handle NULL filp->private_data correctly
2010-11-09 10:34:48 -08:00
Pekka Enberg
63bfd7384b perf_events: Fix perf_counter_mmap() hook in mprotect()
As pointed out by Linus, commit dab5855 ("perf_counter: Add mmap event hooks to
mprotect()") is fundamentally wrong as mprotect_fixup() can free 'vma' due to
merging. Fix the problem by moving perf_event_mmap() hook to
mprotect_fixup().

Note: there's another successful return path from mprotect_fixup() if old
flags equal to new flags. We don't, however, need to call
perf_event_mmap() there because 'perf' already knows the VMA is
executable.

Reported-by: Dave Jones <davej@redhat.com>
Analyzed-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@elte.hu>
Reviewed-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-11-09 10:19:38 -08:00
Andi Kleen
0059b2436a x86: Address gcc4.6 "set but not used" warnings in apic.h
native_apic_msr_read() and x2apic_enabled() use rdmsr(msr, low, high),
but only use the low part.

gcc4.6 complains about this:
.../apic.h:144:11: warning: variable 'high' set but not used [-Wunused-but-set-variable]

rdmsr() is just a wrapper around rdmsrl() which splits the 64bit value
into low and high, so using rdmsrl() directly solves this.

[tglx: Changed the variables to u64 as suggested by Cyrill. It's less
       confusing and has no code impact as this is 64bit only anyway.
       Massaged changelog as well. ]

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Cc: x86@kernel.org
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
LKML-Reference: <1289251229-19589-1-git-send-email-andi@firstfloor.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2010-11-09 18:40:30 +01:00
Greg Kroah-Hartman
5c4dd2242a Merge branch 'musb-v2.6.37-rc2' of git://gitorious.org/usb/usb into work-linus 2010-11-09 09:28:51 -08:00
Kulikov Vasiliy
88f8a5e3e7 net: tipc: fix information leak to userland
Structure sockaddr_tipc is copied to userland with padding bytes after
"id" field in union field "name" unitialized.  It leads to leaking of
contents of kernel stack memory.  We have to initialize them to zero.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-09 09:25:46 -08:00
Sascha Hauer
6b101926f9 [media] soc-camera: Compile fixes for mx2-camera
mx2-camera got broken during the last merge window. This patch
fixes this and removes some unused variables.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 15:16:31 -02:00
Janusz Krzysztofik
d889eb1e0e [media] SoC Camera: ov6650: minor cleanups
This is a followup patch that addresses two minor issues left in the recently
added ov6650 sensor driver, as I've promised to the subsystem maintainer:
- remove a pair of extra brackets,
- drop useless case for not possible v4l2_mbus_pixelcode enum value of 0.

Created against linux-2.6.37-rc1.

Signed-off-by: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 15:16:07 -02:00
Janusz Krzysztofik
4b35e625da [media] SOC Camera: OMAP1: typo fix
Fix an outstanding typo in the recently added driver, as requested by
the subsystem maintainer.

Created against linux-2.6.37-rc1.

Signed-off-by: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 15:15:42 -02:00
Greg Kroah-Hartman
3da39bca44 tty: the development tree is now done in git
So properly mark it as such in the MAINTAINERS file.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 09:15:40 -08:00
Janusz Krzysztofik
8c66caebda [media] SoC Camera: OMAP1: update for recent videobuf changes
Recent locking related videobuf changes has not been incorporated into the new
OMAP1 camera driver. Fix it.

Created and tested against linux-2.6.37-rc1.

Signed-off-by: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 15:15:31 -02:00
Greg Kroah-Hartman
97b5519b08 Staging: the MAINTAINERS git location was incorrect
The tree has moved to "staging-2.6" not "staging-next-2.6" as all of the
staging development is now done in git, not just for the next tree.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 09:13:39 -08:00
Greg Kroah-Hartman
c9a7ec8e54 USB: the development of the usb tree is now in git
So change the MAINTAINERS file to properly reflect this.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-09 09:11:49 -08:00
Janusz Krzysztofik
352f5d250a [media] SoC Camera: OMAP1: update for recent framework changes
The recently added OMAP1 camera driver was not ready for one video queue per
device framework changes. Fix it.

Created and tested against linux-2.6.37-rc1.

Signed-off-by: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 15:07:39 -02:00
Sascha Hauer
a8de663579 [media] ARM mx3_camera: check for DMA engine type
We have two dma engines in MX3 systems: The IPU and the SDMA
engine. We have to check if we got a channel from the correct
engine before proceeding with a channel.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 15:07:28 -02:00
Stefan Ringel
4f52610e29 [media] tm6000: bugfix set tv standards
bugfix set tv standards

Signed-off-by: Stefan Ringel <stefan.ringel@arcor.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 15:03:20 -02:00
françois romieu
ea80907ff0 r8169: fix sleeping while holding spinlock.
As device_set_wakeup_enable can now sleep, move the call to outside
the critical section.

Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-09 08:26:43 -08:00
françois romieu
53f57357ff r8169: revert "Handle rxfifo errors on 8168 chips"
The original patch helps under obscure conditions (no pun) but
some 8168 do not like it. The change needs to be tightened with
a specific 8168 version.

This reverts commit 801e147cde
("r8169: Handle rxfifo errors on 8168 chips").

Regression at https://bugzilla.kernel.org/show_bug.cgi?id=20882

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Andreas Radke <a.radke@arcor.de>
Cc: Matthew Garrett <mjg@redhat.com>
Cc: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-09 08:26:42 -08:00
Eric Dumazet
18943d292f inet: fix ip_mc_drop_socket()
commit 8723e1b4ad (inet: RCU changes in inetdev_by_index())
forgot one call site in ip_mc_drop_socket()

We should not decrease idev refcount after inetdev_by_index() call,
since refcount is not increased anymore.

Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Reported-by: Miles Lane <miles.lane@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-09 08:26:42 -08:00
Daniel Drake
399d846556 [media] cafe_ccic: fix subdev configuration
For some reason, commit 1aafeb30104a is missing one change that was
included in the email submission.

The sensor configuration must be passed down to the ov7670 subdev.

Signed-off-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 13:18:04 -02:00
Suresh Jayaraman
3565bd46b1 cifs: fix a memleak in cifs_setattr_nounix()
Andrew Hendry reported a kmemleak warning in 2.6.37-rc1 while editing a
text file with gedit over cifs.

unreferenced object 0xffff88022ee08b40 (size 32):
  comm "gedit", pid 2524, jiffies 4300160388 (age 2633.655s)
  hex dump (first 32 bytes):
    5c 2e 67 6f 75 74 70 75 74 73 74 72 65 61 6d 2d  \.goutputstream-
    35 42 41 53 4c 56 00 de 09 00 00 00 2c 26 78 ee  5BASLV......,&x.
  backtrace:
    [<ffffffff81504a4d>] kmemleak_alloc+0x2d/0x60
    [<ffffffff81136e13>] __kmalloc+0xe3/0x1d0
    [<ffffffffa0313db0>] build_path_from_dentry+0xf0/0x230 [cifs]
    [<ffffffffa031ae1e>] cifs_setattr+0x9e/0x770 [cifs]
    [<ffffffff8115fe90>] notify_change+0x170/0x2e0
    [<ffffffff81145ceb>] sys_fchmod+0x10b/0x140
    [<ffffffff8100c172>] system_call_fastpath+0x16/0x1b
    [<ffffffffffffffff>] 0xffffffffffffffff

The commit 1025774c that removed inode_setattr() seems to have introduced this
memleak by returning early without freeing 'full_path'.

Reported-by: Andrew Hendry <andrew.hendry@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2010-11-09 15:17:53 +00:00
Dmitri Belimov
35bbe587d0 [media] saa7134: Fix autodetect for Behold A7 and H7 TV cards
The entries for those cards are after the generic entries,
so they don't work, in practice. Moving them to happen before the
generic entres fix the issue.

Signed-off-by: Beholder Intl. Ltd. Dmitry Belimov <d.belimov@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-11-09 10:12:47 -02:00
Anand Gadiyar
6e16edfe62 usb: musb: fail unaligned DMA transfers on v1.8 and above
The Inventra DMA engine in version 1.8 and later of the MUSB
controller cannot handle DMA addresses that are not aligned
to a 4 byte boundary. It ends up ignoring the last two bits
programmed in the DMA_ADDR register. This is a deliberate
design change in the controller and is documented in the
programming guide.

Earlier versions of the controller could handle these
accesses just fine.

Fail dma_channel_program if we see an unaligned address when
using the newer controllers, so that the caller can carry out
the transfer using PIO mode.
(Current callers already have this backup path in place).

Signed-off-by: Anand Gadiyar <gadiyar@ti.com>
Tested-by: Ming Lei <tom.leiming@gmail.com>
Cc: Ajay Kumar Gupta <ajay.gupta@ti.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2010-11-09 10:24:35 +02:00
Paul Mundt
5e3a3fbdb1 Merge branch 'rmobile/core' into rmobile-fixes-for-linus 2010-11-09 16:48:54 +09:00
Paul Mundt
99870bd784 sh: intc: Fix up initializers for gcc 4.5.
The _INTC_ARRAY() initializer presently does a NULL test which blows up
as a non-constant initializer under gcc 4.5. This switches over to a type
test to account for NULL initializers explicitly.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-11-09 16:38:20 +09:00
Alex Deucher
b2298fd271 drm/radeon/kms: fix thermal sensor reporting on rv6xx
Temperature is not shifted as on newer asics.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-11-09 13:44:18 +10:00
Tyson Whitehead
bdd91b2b57 drm/radeon/kms: fix bugs in ddc and cd path router code
This is a follow on to:
2b5b1d7da9583484b3a9e7e375a90ca0e8ca07c2
(drm/radeon/kms: add support for clock/data path routers)

That patch completed mux support for ddc and cd line routing
between connectors.  This patch fixes an indexing typo that was
resulting in the atom bios router objects not always being walked,
ensures the validity entries for the reused router structure are
reset for every connector object walked, and corrects the masking
operations used to update the mux control bits.

Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=31339

Signed-off-by: Tyson Whitehead <twhitehead@gmail.com>
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-11-09 13:43:43 +10:00