Commit graph

276458 commits

Author SHA1 Message Date
Anton Blanchard
5cac98dd06 net: Fix corruption in /proc/*/net/dev_mcast
I just hit this during my testing. Isn't there another bug lurking?

BUG kmalloc-8: Redzone overwritten

INFO: 0xc0000000de9dec48-0xc0000000de9dec4b. First byte 0x0 instead of 0xcc
INFO: Allocated in .__seq_open_private+0x30/0xa0 age=0 cpu=5 pid=3896
	.__kmalloc+0x1e0/0x2d0
	.__seq_open_private+0x30/0xa0
	.seq_open_net+0x60/0xe0
	.dev_mc_seq_open+0x4c/0x70
	.proc_reg_open+0xd8/0x260
	.__dentry_open.clone.11+0x2b8/0x400
	.do_last+0xf4/0x950
	.path_openat+0xf8/0x480
	.do_filp_open+0x48/0xc0
	.do_sys_open+0x140/0x250
	syscall_exit+0x0/0x40

dev_mc_seq_ops uses dev_seq_start/next/stop but only allocates
sizeof(struct seq_net_private) of private data, whereas it expects
sizeof(struct dev_iter_state):

struct dev_iter_state {
	struct seq_net_private p;
	unsigned int pos; /* bucket << BUCKET_SPACE + offset */
};

Create dev_seq_open_ops and use it so we don't have to expose
struct dev_iter_state.

[ Problem added by commit f04565ddf5 (dev: use name hash for
  dev_seq_ops) -Eric ]

Signed-off-by: Anton Blanchard <anton@samba.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-11-28 18:07:29 -05:00
Mark Brown
fc07ecd851 ASoC: Error out if we can't generate a LRCLK at all for WM8994
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2011-11-28 22:10:05 +00:00
Linus Torvalds
a34815b96f Merge branch 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
* 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroup_freezer: fix freezing groups with stopped tasks
2011-11-28 13:55:59 -08:00
Linus Torvalds
9b5a4d4f65 Merge branch 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
* 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
  percpu: explain why per_cpu_ptr_to_phys() is more complicated than necessary
  percpu: fix chunk range calculation
  percpu: rename pcpu_mem_alloc to pcpu_mem_zalloc
2011-11-28 13:49:43 -08:00
Rafael J. Wysocki
f7bc83d87d PM: Update comments describing device power management callbacks
The comments describing device power management callbacks in
include/pm.h are outdated and somewhat confusing, so make them
reflect the reality more accurately.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2011-11-28 22:14:55 +01:00
Rafael J. Wysocki
fafba48d4d PM / Sleep: Update documentation related to system wakeup
The system wakeup section of Documentation/power/devices.txt is
outdated, so make it agree with the current code.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2011-11-28 22:14:45 +01:00
Rafael J. Wysocki
9075659219 PM / Runtime: Make documentation follow the new behavior of irq_safe
The runtime PM core code behavior related to the power.irq_safe
device flag has changed recently and the documentation should be
modified to reflect it.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2011-11-28 22:14:34 +01:00
Rafael J. Wysocki
fa8ce72393 PM / Sleep: Correct inaccurate information in devices.txt
The documentation file Documentation/power/devices.txt contains some
information that isn't correct any more due to code modifications
made after that file had been created (or updated last time).  Fix
this.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2011-11-28 22:14:27 +01:00
Rafael J. Wysocki
5841eb6402 PM / Domains: Document how PM domains are used by the PM core
The current power management documentation in Documentation/power/
either doesn't cover PM domains at all, or gives inaccurate
information about them, so update the relevant files in there to
follow the code.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
2011-11-28 22:14:19 +01:00
Mike Marciniszyn
8ee887d74b IB/qib: Fix over-scheduling of QSFP work
Don't over-schedule QSFP work on driver initialization.  It could end
up being run simultaneously on two different CPUs resulting in bad
EEPROM reads.  In combination with setting the physical IB link state
prior to the IBC being brought out of reset, this can cause the link
state machine to start training early with wrong settings.

Signed-off-by: Mitko Haralanov <mitko@qlogic.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@qlogic.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2011-11-28 12:17:33 -08:00
Kumar Sanghvi
01b225e18f RDMA/cxgb4: Fix retry with MPAv1 logic for MPAv2
Fix logic so that we don't retry with MPAv1 once we have done that
already.  Otherwise, we end up retrying with MPAv1 even when its not
needed on getting peer aborts - and this could lead to kernel panic.

Signed-off-by: Kumar Sanghvi <kumaras@chelsio.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2011-11-28 11:58:07 -08:00
Jonathan Lallinger
c34c97ad8c RDMA/cxgb4: Fix iw_cxgb4 count_rcqes() logic
Fix another place in the code where logic dealing with the t4_cqe was
using the wrong QID.  This fixes the counting logic so that it tests
against the SQ QID instead of the RQ QID when counting RCQES.

Signed-off by: Jonathan Lallinger <jonathan@ogc.us>
Signed-off by: Steve Wise <swise@ogc.us>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2011-11-28 11:53:05 -08:00
Linus Torvalds
cb3599926e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  pstore: pass allocated memory region back to caller
2011-11-28 11:27:57 -08:00
Tero Kristo
ba305e31e8 regulator: twl: fix twl4030 support for smps regulators
SMPS regulator voltage control differs from the one of the LDO ones.
Current TWL code was using LDO regulator ops for controlling the SMPS
regulators, which fails. This was fixed fixed by adding separate
regulator type which uses correct logic and calculations for the
voltage levels.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: stable@kernel.org
2011-11-28 18:58:31 +00:00
Emmanuel Grumbach
2a1e0fd175 mac80211: fix race between the AGG SM and the Tx data path
When a packet is supposed to sent be as an a-MPDU, mac80211 sets
IEEE80211_TX_CTL_AMPDU to let the driver know. On the other
hand, mac80211 configures the driver for aggregration with the
ampdu_action callback.
There is race between these two mechanisms since the following
scenario can occur when the BA agreement is torn down:

Tx softIRQ	 			drv configuration
==========				=================

check OPERATIONAL bit
Set the TX_CTL_AMPDU bit in the packet

					clear OPERATIONAL bit
					stop Tx AGG
Pass Tx packet to the driver.

In that case the driver would get a packet with TX_CTL_AMPDU set
although it has already been notified that the BA session has been
torn down.

To fix this, we need to synchronize all the Qdisc activity after we
cleared the OPERATIONAL bit. After that step, all the following
packets will be buffered until the driver reports it is ready to get
new packets for this RA / TID. This buffering allows not to run into
another race that would send packets with TX_CTL_AMPDU unset while
the driver hasn't been requested to tear down the BA session yet.

This race occurs in practice and iwlwifi complains with a WARN_ON
when it happens.

Cc: stable@kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-28 13:46:41 -05:00
Nikolay Martynov
d305a6557b mac80211: fix race condition caused by late addBA response
If addBA responses comes in just after addba_resp_timer has
expired mac80211 will still accept it and try to open the
aggregation session. This causes drivers to be confused and
in some cases even crash.

This patch fixes the race condition and makes sure that if
addba_resp_timer has expired addBA response is not longer
accepted and we do not try to open half-closed session.

Cc: stable@vger.kernel.org
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
[some adjustments]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-28 13:46:41 -05:00
Rafael J. Wysocki
a73228124b ath9k: Revert change that broke AR928X on Acer Ferrari One
Revert a hunk in drivers/net/wireless/ath/ath9k/hw.c introduced by
commit 2577c6e8f2 (ath9k_hw: Add
support for AR946/8x chipsets) that caused a nasty regression to
appear on my Acer Ferrari One (the box locks up entirely at random
times after the wireless has been started without any way to get
debug information out of it).

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-28 13:46:41 -05:00
Stanislaw Gruszka
e55b32c110 rtlwifi: fix lps_lock deadlock
rtl_lps_leave can be called from interrupt context, so we have to
disable interrupts when taking lps_lock.

Below is full lockdep info about deadlock:

[   93.815269] =================================
[   93.815390] [ INFO: inconsistent lock state ]
[   93.815472] 2.6.41.1-3.offch.fc15.x86_64.debug #1
[   93.815556] ---------------------------------
[   93.815635] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[   93.815743] swapper/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
[   93.815832]  (&(&rtlpriv->locks.lps_lock)->rlock){+.?...}, at: [<ffffffffa025dad6>] rtl_lps_leave+0x26/0x103 [rtlwifi]
[   93.815947] {SOFTIRQ-ON-W} state was registered at:
[   93.815947]   [<ffffffff8108e10d>] __lock_acquire+0x369/0xd0c
[   93.815947]   [<ffffffff8108efb3>] lock_acquire+0xf3/0x13e
[   93.815947]   [<ffffffff814e981d>] _raw_spin_lock+0x45/0x79
[   93.815947]   [<ffffffffa025de34>] rtl_swlps_rf_awake+0x5a/0x76 [rtlwifi]
[   93.815947]   [<ffffffffa025aec0>] rtl_op_config+0x12a/0x32a [rtlwifi]
[   93.815947]   [<ffffffffa01d614b>] ieee80211_hw_config+0x124/0x129 [mac80211]
[   93.815947]   [<ffffffffa01e0af3>] ieee80211_dynamic_ps_disable_work+0x32/0x47 [mac80211]
[   93.815947]   [<ffffffff81075aa5>] process_one_work+0x205/0x3e7
[   93.815947]   [<ffffffff81076753>] worker_thread+0xda/0x15d
[   93.815947]   [<ffffffff8107a119>] kthread+0xa8/0xb0
[   93.815947]   [<ffffffff814f3184>] kernel_thread_helper+0x4/0x10
[   93.815947] irq event stamp: 547822
[   93.815947] hardirqs last  enabled at (547822): [<ffffffff814ea1a7>] _raw_spin_unlock_irqrestore+0x45/0x61
[   93.815947] hardirqs last disabled at (547821): [<ffffffff814e9987>] _raw_spin_lock_irqsave+0x22/0x8e
[   93.815947] softirqs last  enabled at (547790): [<ffffffff810623ed>] _local_bh_enable+0x13/0x15
[   93.815947] softirqs last disabled at (547791): [<ffffffff814f327c>] call_softirq+0x1c/0x30
[   93.815947]
[   93.815947] other info that might help us debug this:
[   93.815947]  Possible unsafe locking scenario:
[   93.815947]
[   93.815947]        CPU0
[   93.815947]        ----
[   93.815947]   lock(&(&rtlpriv->locks.lps_lock)->rlock);
[   93.815947]   <Interrupt>
[   93.815947]     lock(&(&rtlpriv->locks.lps_lock)->rlock);
[   93.815947]
[   93.815947]  *** DEADLOCK ***
[   93.815947]
[   93.815947] no locks held by swapper/0.
[   93.815947]
[   93.815947] stack backtrace:
[   93.815947] Pid: 0, comm: swapper Not tainted 2.6.41.1-3.offch.fc15.x86_64.debug #1
[   93.815947] Call Trace:
[   93.815947]  <IRQ>  [<ffffffff814dfd00>] print_usage_bug+0x1e7/0x1f8
[   93.815947]  [<ffffffff8101a849>] ? save_stack_trace+0x2c/0x49
[   93.815947]  [<ffffffff8108d55c>] ? print_irq_inversion_bug.part.18+0x1a0/0x1a0
[   93.815947]  [<ffffffff8108dc8a>] mark_lock+0x106/0x220
[   93.815947]  [<ffffffff8108e099>] __lock_acquire+0x2f5/0xd0c
[   93.815947]  [<ffffffff810152af>] ? native_sched_clock+0x34/0x36
[   93.830125]  [<ffffffff810152ba>] ? sched_clock+0x9/0xd
[   93.830125]  [<ffffffff81080181>] ? sched_clock_local+0x12/0x75
[   93.830125]  [<ffffffffa025dad6>] ? rtl_lps_leave+0x26/0x103 [rtlwifi]
[   93.830125]  [<ffffffff8108efb3>] lock_acquire+0xf3/0x13e
[   93.830125]  [<ffffffffa025dad6>] ? rtl_lps_leave+0x26/0x103 [rtlwifi]
[   93.830125]  [<ffffffff814e981d>] _raw_spin_lock+0x45/0x79
[   93.830125]  [<ffffffffa025dad6>] ? rtl_lps_leave+0x26/0x103 [rtlwifi]
[   93.830125]  [<ffffffff81422467>] ? skb_dequeue+0x62/0x6d
[   93.830125]  [<ffffffffa025dad6>] rtl_lps_leave+0x26/0x103 [rtlwifi]
[   93.830125]  [<ffffffffa025f677>] _rtl_pci_ips_leave_tasklet+0xe/0x10 [rtlwifi]
[   93.830125]  [<ffffffff8106281f>] tasklet_action+0x8d/0xee
[   93.830125]  [<ffffffff810629ce>] __do_softirq+0x112/0x25a
[   93.830125]  [<ffffffff814f327c>] call_softirq+0x1c/0x30
[   93.830125]  [<ffffffff81010bf6>] do_softirq+0x4b/0xa1
[   93.830125]  [<ffffffff81062d7d>] irq_exit+0x5d/0xcf
[   93.830125]  [<ffffffff814f3b7e>] do_IRQ+0x8e/0xa5
[   93.830125]  [<ffffffff814ea533>] common_interrupt+0x73/0x73
[   93.830125]  <EOI>  [<ffffffff8108b825>] ? trace_hardirqs_off+0xd/0xf
[   93.830125]  [<ffffffff812bb6d5>] ? intel_idle+0xe5/0x10c
[   93.830125]  [<ffffffff812bb6d1>] ? intel_idle+0xe1/0x10c
[   93.830125]  [<ffffffff813f8d5e>] cpuidle_idle_call+0x11c/0x1fe
[   93.830125]  [<ffffffff8100e2ef>] cpu_idle+0xab/0x101
[   93.830125]  [<ffffffff814c6373>] rest_init+0xd7/0xde
[   93.830125]  [<ffffffff814c629c>] ? csum_partial_copy_generic+0x16c/0x16c
[   93.830125]  [<ffffffff81d4bbb0>] start_kernel+0x3dd/0x3ea
[   93.830125]  [<ffffffff81d4b2c4>] x86_64_start_reservations+0xaf/0xb3
[   93.830125]  [<ffffffff81d4b140>] ? early_idt_handlers+0x140/0x140
[   93.830125]  [<ffffffff81d4b3ca>] x86_64_start_kernel+0x102/0x111

Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=755154

Reported-by: vjain02@students.poly.edu
Reported-and-tested-by: Oliver Paukstadt <pstadt@sourcentral.org>
Cc: stable@vger.kernel.org
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-28 13:46:41 -05:00
Johannes Berg
24f50a9d16 mac80211: don't stop a single aggregation session twice
Nikolay noticed (by code review) that mac80211 can
attempt to stop an aggregation session while it is
already being stopped. So to fix it, check whether
stop is already being done and bail out if so.

Also move setting the STOPPING state into the lock
so things are properly atomic.

Cc: stable@vger.kernel.org
Reported-by: Nikolay Martynov <mar.kolya@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-28 13:46:41 -05:00
Eliad Peller
e007b857e8 nl80211: fix MAC address validation
MAC addresses have a fixed length. The current
policy allows passing < ETH_ALEN bytes, which
might result in reading beyond the buffer.

Cc: stable@vger.kernel.org
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-28 13:46:40 -05:00
Andiry Xu
df711fc996 xHCI: reset-on-resume quirk for NEC uPD720200
Julian Sikorski reports NEC uPD720200 does not work stable after suspend
and resume. Re-initialize the host in xhci_resume().

This should be backported to stable kernels as old as 2.6.37.  The
kernel will need to include
commit c877b3b2ad
"xhci: Add reset on resume quirk for asrock p67 host"
for this patch to work.

Signed-off-by: Andiry Xu <andiry.xu@amd.com>
Reported-by: Julian Sikorski <belegdol@gmail.com>
Tested-by: Julian Sikorski <belegdol@gmail.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
2011-11-28 10:22:26 -08:00
Linus Torvalds
4244cb482e Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/exynos: fixed wrong err ptr usage and destroy call in exeception
  drm/exynos: Add disable of manager
  drm/exynos: include linux/module.h
  drm/exynos: fix vblank bug.
  drm/exynos: changed buffer structure.
  drm/exynos: removed unnecessary variable.
  drm/exynos: use gem create function generically
  drm/exynos: checked for null pointer
  drm/exynos: added crtc dpms for disable crtc
  drm/exynos: removed meaningless parameter from fbdev update
  drm/exynos: restored kernel_fb_list when reiniting fb_helper
  drm/exynos: changed exynos_drm_display to exynos_drm_display_ops
  drm/exynos: added manager object to connector
  drm/exynos: fixed converting between display mode and timing
  drm/exynos: fixed connector flag with hpd and interlace scan for hdmi
  drm/exynos: added kms poll for handling hpd event
2011-11-28 09:05:23 -08:00
Linus Torvalds
f02877ce3c Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  SUNRPC: Ensure we return EAGAIN in xs_nospace if congestion is cleared
2011-11-28 08:59:11 -08:00
Linus Torvalds
3c512b193a Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (28 commits)
  ALSA: hda - Fix jack-detection control of VT1708
  ALSA: hda - cut and paste typo in cs420x_models[]
  ALSA: hda/realtek - Minor cleanup
  ALSA: hda/realtek - Fix missing inits of item indices for auto-mic
  ALSA: hda - Fix invalid pin and GPIO for Apple laptops with CS codecs
  ALSA: hda - Check subdevice mask in snd_hda_check_board_codec_sid_config()
  ALSA: hda - fail ELD reading early
  ALSA: lx6464es - fix device communication via command bus
  ALSA: lx6464es - command buffer API cleanup
  ALSA: hda - repoll ELD content for multiple times
  ALSA: hdspm - Fix PCI ID for PCIe RME MADI cards
  ASoC: Ensure WM8731 register cache is synced when resuming from disabled
  ALSA: cs5535 - Fix an endianness conversion
  ASoC: cs4271: Fix wrong mask parameter in some snd_soc_update_bits calls
  ASoC: wm_hubs: fix DB_RANGE size
  ASoC: wm9090: fix DB_RANGE size
  ASoC: wm8993: fix DB_RANGE size
  ASoC: wm8962: fix DB_RANGE size
  ASoC: sgtl5000: fix DB_RANGE size
  ASoC: rt5631: fix DB_RANGE size
  ...
2011-11-28 08:53:36 -08:00
Linus Torvalds
c28800a9c3 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  hrtimer: Fix extra wakeups from __remove_hrtimer()
  timekeeping: add arch_offset hook to ktime_get functions
  clocksource: Avoid selecting mult values that might overflow when adjusted
  time: Improve documentation of timekeeeping_adjust()
2011-11-28 08:43:52 -08:00
Linus Torvalds
ce8f55c2a0 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  genirq: Don't allow per cpu interrupts to be suspended
2011-11-28 08:43:32 -08:00
Edward Donovan
52553ddffa genirq: fix regression in irqfixup, irqpoll
Commit fa27271bc8d2("genirq: Fixup poll handling") introduced a
regression that broke irqfixup/irqpoll for some hardware configurations.

Amidst reorganizing 'try_one_irq', that patch removed a test that
checked for 'action->handler' returning IRQ_HANDLED, before acting on
the interrupt.  Restoring this test back returns the functionality lost
since 2.6.39.  In the current set of tests, after 'action' is set, it
must precede '!action->next' to take effect.

With this and my previous patch to irq/spurious.c, c75d720fca, all
IRQ regressions that I have encountered are fixed.

Signed-off-by: Edward Donovan <edward.donovan@numble.net>
Reported-and-tested-by: Rogério Brito <rbrito@ime.usp.br>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@kernel.org (2.6.39+)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-11-28 08:43:09 -08:00
Lothar Waßmann
58fb5cf5d1 regulator: fix use after free bug
This is caused by dereferencing 'rdev' after device_unregister() in
the regulator_unregister() function.  'rdev' is freed by
device_unregister(), so it must not be dereferenced after this call.

[Edited commit message for legibility -- broonie]

Signed-off-by: Lothar Waßmann <LW@KARO-electronics.de>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2011-11-28 14:44:38 +00:00
Dave Airlie
b7b996da27 Merge branch 'exynos-drm' of git://git.infradead.org/users/kmpark/linux-samsung into drm-fixes
* 'exynos-drm' of git://git.infradead.org/users/kmpark/linux-samsung:
  drm/exynos: fixed wrong err ptr usage and destroy call in exeception
  drm/exynos: Add disable of manager
  drm/exynos: include linux/module.h
  drm/exynos: fix vblank bug.
  drm/exynos: changed buffer structure.
  drm/exynos: removed unnecessary variable.
  drm/exynos: use gem create function generically
  drm/exynos: checked for null pointer
  drm/exynos: added crtc dpms for disable crtc
  drm/exynos: removed meaningless parameter from fbdev update
  drm/exynos: restored kernel_fb_list when reiniting fb_helper
  drm/exynos: changed exynos_drm_display to exynos_drm_display_ops
  drm/exynos: added manager object to connector
  drm/exynos: fixed converting between display mode and timing
  drm/exynos: fixed connector flag with hpd and interlace scan for hdmi
  drm/exynos: added kms poll for handling hpd event
2011-11-28 14:17:09 +00:00
Axel Lin
d4d6373c11 regulator: aat2870: Fix the logic of checking if no id is matched in aat2870_get_regulator
In current implementation, the pointer ri is not NULL if no id is matched.
Fix it by checking i == ARRAY_SIZE(aat2870_regulators) if no id is matched.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: stable@kernel.org
2011-11-28 11:48:15 +00:00
Aries Lee
c4860ba2e1 jme: PHY configuration for compatible issue
To perform PHY calibration and set a different EA value by chip ID,
Whenever the NIC chip power on, ie booting or resuming, we need to
force HW to calibrate PHY parameter again, and also set a proper EA
value which gather from experiment.

Those procedures help to reduce compatible issues(NIC is unable to link
up in some special case) in giga speed.

Signed-off-by: AriesLee <AriesLee@jmicron.com>
Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-11-27 19:21:09 -05:00
Linus Torvalds
401d0069cb Merge branch 'fbdev-for-linus' of git://github.com/schandinat/linux-2.6
* 'fbdev-for-linus' of git://github.com/schandinat/linux-2.6:
  viafb: correct sync polarity for OLPC DCON
  video:da8xx-fb: Disable and reset sequence on version2 of LCDC
  OMAPDSS: DISPC: skip scaling calculations when not scaling
  OMAPFB: fix compilation warnings due to missing include
  OMAPDSS: HDMI: fix returned HDMI pixel clock
2011-11-27 12:05:56 -08:00
Rafael J. Wysocki
06718f1511 ath9k: Revert change that broke AR928X on Acer Ferrari One
Revert a hunk in drivers/net/wireless/ath/ath9k/hw.c introduced by
commit 2577c6e8f2 ("ath9k_hw: Add support for AR946/8x chipsets") that
caused a nasty regression to appear on my Acer Ferrari One (the box
locks up entirely at random times after the wireless has been started
without any way to get debug information out of it).

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-11-27 11:47:34 -08:00
Xi Wang
dfd8ee92a9 Staging: comedi: fix integer overflow in do_insnlist_ioctl()
There is a potential integer overflow in do_insnlist_ioctl() if
userspace passes in a large insnlist.n_insns.  The call to kmalloc()
would allocate a small buffer, leading to a memory corruption.

The bug was reported by Dan Carpenter <dan.carpenter@oracle.com>
and Haogang Chen <haogangchen@gmail.com>.  The patch was suggested by
Ian Abbott <abbotti@mev.co.uk> and Lars-Peter Clausen <lars@metafoo.de>.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Haogang Chen <haogangchen@gmail.com>.
Cc: Ian Abbott <abbotti@mev.co.uk>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-28 04:38:45 +09:00
Greg Kroah-Hartman
06b446c8af Revert "Staging: comedi: integer overflow in do_insnlist_ioctl()"
This reverts commit e384a41141.
It's not the correct way to solve this issue.

Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-28 04:36:10 +09:00
Takashi Iwai
f339240dd8 Merge branch 'fix/hda' into for-linus 2011-11-27 17:59:07 +01:00
Takashi Iwai
187d333edc ALSA: hda - Fix jack-detection control of VT1708
VT1708 has no support for unsolicited events per jack-plug, the driver
implements the workq for polling the jack-detection.  The mixer element
"Jack Detect" was supposed to control this behavior on/off, but this
doesn't work properly as is now.  The workq is always started and the
HP automute is always enabled.

This patch fixes the jack-detect control behavior by triggering / stopping
the work appropriately at the state change.  Also the work checks the
internal state to continue scheduling or not.

Cc: <stable@kernel.org> [v3.1]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-11-27 17:56:17 +01:00
Dan Carpenter
92bb43e6aa ALSA: hda - cut and paste typo in cs420x_models[]
The CS420X_IMAC27 was copied from the line before but CS420X_APPLE
was clearly intented.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-11-27 17:56:07 +01:00
Mark Brown
5b895eec11 ASoC: Correct name of Speyside Main Speaker widget
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2011-11-27 16:03:51 +00:00
Dan Carpenter
8746c83d53 USB: whci-hcd: fix endian conversion in qset_clear()
qset->qh.link is an __le64 field and we should be using cpu_to_le64()
to fill it.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 19:56:48 -08:00
Qinglin Ye
cec28a5428 USB: usb-storage: unusual_devs entry for Kingston DT 101 G2
Kingston DT 101 G2 replies a wrong tag while transporting, add an
unusal_devs entry to ignore the tag validation.

Signed-off-by: Qinglin Ye <yestyle@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 19:56:47 -08:00
Veli-Pekka Peltola
ec0cd94d88 usb: option: add SIMCom SIM5218
Tested with SIM5218EVB-KIT evaluation kit.

Signed-off-by: Veli-Pekka Peltola <veli-pekka.peltola@bluegiga.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 19:56:47 -08:00
Dirk Nehring
46b1848360 usb: option: add Huawei E353 controlling interfaces
This patch creates the missing controlling devices for the Huawei E353
HSPA+ stick.

Signed-off-by: Dirk Nehring <dnehring@gmx.net>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 19:56:47 -08:00
Dan Carpenter
e384a41141 Staging: comedi: integer overflow in do_insnlist_ioctl()
There is an integer overflow here that could cause memory corruption
on 32 bit systems.

insnlist.n_insns could be a very high value size calculation for
kmalloc() could overflow resulting in a smaller "insns" than
expected.  In the for (i = 0; i < insnlist.n_insns; i++) {... loop
we would read past the end of the buffer, possibly corrupting memory
as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 18:34:15 -08:00
Federico Vaga
6a9ce6b654 Staging: comedi: fix signal handling in read and write
After sleeping on a wait queue, signal_pending(current) should be
checked (not before sleeping).

Acked-by: Alessandro Rubini <rubini@gnudd.com>
Signed-off-by: Federico Vaga <federico.vaga@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 18:34:15 -08:00
Federico Vaga
df30b21cb0 Staging: comedi: fix mmap_count
In comedi_fops, mmap_count is decremented at comedi_vm_ops->close but
it is not incremented at comedi_vm_ops->open. This may result in a negative
counter.  The patch introduces the open method to keep the counter
consistent.

The bug was triggerd by this sample code:

        mmap(0, ...., comedi_fd);
        fork();
        exit(0);

Acked-by: Alessandro Rubini <rubini@gnudd.com>
Signed-off-by: Federico Vaga <federico.vaga@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 18:34:14 -08:00
Bernd Porr
3ffab428f4 staging: comedi: fix oops for USB DAQ devices.
This fixes kernel oops when an USB DAQ device is plugged out while it's
communicating with the userspace software.

Signed-off-by: Bernd Porr <berndporr@f2s.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 18:34:14 -08:00
Bernd Porr
8b78607fc4 staging: comedi: usbduxsigma: Fixed wrong range for the analogue channel.
It's actually +/-2.65V/2 and not +/-2.65V.

Signed-off-by: Bernd Porr <berndporr@f2s.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 18:34:14 -08:00
wwang
f7364ba04b staging:rts_pstor:Complete scanning_done variable
Complete scanning_done variable if rtsx-scan thread created failed.

Signed-off-by: wwang <wei_wang@realsil.com.cn>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 17:37:39 -08:00
Bart Westgeest
438957f8d4 staging: usbip: bugfix for deadlock
Interrupts must be disabled prior to calling usb_hcd_unlink_urb_from_ep.
If interrupts are not disabled, it can potentially lead to a deadlock.
The deadlock is readily reproduceable on a slower (ARM based) device
such as the TI Pandaboard.

Signed-off-by: Bart Westgeest <bart@elbrys.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-26 17:37:38 -08:00