The new implementation of bd_link_disk_holder() added by 49731baa41
(block: restore multiple bd_link_disk_holder() support) didn't get an
extra reference for the holder_dir kobject of the slave bdev; however,
bdev kills holder_dir on removal, not release, so if the slave bdev is
removed while there are holder links, the holder_dir will be destroyed
while there still are holder links, which leads to oops later when
bd_unlink_disk_order() tries to remove those links.
Make bd_link_disk_holder() grab an extra reference for the slave's
holder_dir and put it in bd_unlink_disk_holder().
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: "Hawrylewicz Czarnowski, Przemyslaw" <przemyslaw.hawrylewicz.czarnowski@intel.com>
Tested-by: "Hawrylewicz Czarnowski, Przemyslaw" <przemyslaw.hawrylewicz.czarnowski@intel.com>
Cc: Neil Brown <neilb@suse.de>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Grab a reference to bdev before calling blkdev_get(), which expects
the refcount to be already incremented and either returns success or
decrements the refcount and returns an error.
The bug was introduced by e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Adam Kovari and others reported that disconnecting an USB drive with
an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
be triggered.
The BUG could be traced back to ioctl(BLKBSZSET), which would
erroneously decrement the refcount on the bdev. This is because
blkdev_get() expects the refcount to be already incremented and either
returns success or decrements the refcount and returns an error.
The bug was introduced by e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().
This fixes
https://bugzilla.kernel.org/show_bug.cgi?id=29202
(and likely 29792 too)
Reported-by: Adam Kovari <kovariadam@gmail.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
By the commit
b3e19d9 2011-01-07 fs: scale mntget/mntput
vfsmount_lock was introduced around testing mnt_count.
Fix the mis-typed 'unlock'
Signed-off-by: J. R. Okajima <hooanon05@yahoo.co.jp>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Robert Swiecki reported a BUG_ON(page_mapped) from a fuzzer, punching
a hole with madvise(,, MADV_REMOVE). That path is under mutex, and
cannot be explained by lack of serialization in unmap_mapping_range().
Reviewing the code, I found one place where vm_truncate_count handling
should have been updated, when I switched at the last minute from one
way of managing the restart_addr to another: mremap move changes the
virtual addresses, so it ought to adjust the restart_addr.
But rather than exporting the notion of restart_addr from memory.c, or
converting to restart_pgoff throughout, simply reset vm_truncate_count
to 0 to force a rescan if mremap move races with preempted truncation.
We have no confirmation that this fixes Robert's BUG,
but it is a fix that's worth making anyway.
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michael Leun reported that running parallel opens on a fuse filesystem
can trigger a "kernel BUG at mm/truncate.c:475"
Gurudas Pai reported the same bug on NFS.
The reason is, unmap_mapping_range() is not prepared for more than
one concurrent invocation per inode. For example:
thread1: going through a big range, stops in the middle of a vma and
stores the restart address in vm_truncate_count.
thread2: comes in with a small (e.g. single page) unmap request on
the same vma, somewhere before restart_address, finds that the
vma was already unmapped up to the restart address and happily
returns without doing anything.
Another scenario would be two big unmap requests, both having to
restart the unmapping and each one setting vm_truncate_count to its
own value. This could go on forever without any of them being able to
finish.
Truncate and hole punching already serialize with i_mutex. Other
callers of unmap_mapping_range() do not, and it's difficult to get
i_mutex protection for all callers. In particular ->d_revalidate(),
which calls invalidate_inode_pages2_range() in fuse, may be called
with or without i_mutex.
This patch adds a new mutex to 'struct address_space' to prevent
running multiple concurrent unmap_mapping_range() on the same mapping.
[ We'll hopefully get rid of all this with the upcoming mm
preemptibility series by Peter Zijlstra, the "mm: Remove i_mmap_mutex
lockbreak" patch in particular. But that is for 2.6.39 ]
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Reported-by: Michael Leun <lkml20101129@newton.leun.net>
Reported-by: Gurudas Pai <gurudas.pai@oracle.com>
Tested-by: Gurudas Pai <gurudas.pai@oracle.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This reverts commit 556ea928f7.
Jeff Chua reports that it can cause some bluetooth devices (he mentions
an Bluetooth Intermec scanner) to just stop responding after a while
with messages like
[ 4533.361959] btusb 8-1:1.0: no reset_resume for driver btusb?
[ 4533.361964] btusb 8-1:1.1: no reset_resume for driver btusb?
from the kernel. See also
https://bugzilla.kernel.org/show_bug.cgi?id=26182
for other reports.
Reported-by: Jeff Chua <jeff.chua.linux@gmail.com>
Reported-by: Andrew Meakovski <meako@bigmir.net>
Reported-by: Jim Faulkner <jfaulkne@ccs.neu.edu>
Acked-by: Greg KH <gregkh@suse.de>
Acked-by: Matthew Garrett <mjg@redhat.com>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Cc: stable@kernel.org (for 2.6.37)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (33 commits)
Added support for usb ethernet (0x0fe6, 0x9700)
r8169: fix RTL8168DP power off issue.
r8169: correct settings of rtl8102e.
r8169: fix incorrect args to oob notify.
DM9000B: Fix PHY power for network down/up
DM9000B: Fix reg_save after spin_lock in dm9000_timeout
net_sched: long word align struct qdisc_skb_cb data
sfc: lower stack usage in efx_ethtool_self_test
bridge: Use IPv6 link-local address for multicast listener queries
bridge: Fix MLD queries' ethernet source address
bridge: Allow mcast snooping for transient link local addresses too
ipv6: Add IPv6 multicast address flag defines
bridge: Add missing ntohs()s for MLDv2 report parsing
bridge: Fix IPv6 multicast snooping by correcting offset in MLDv2 report
bridge: Fix IPv6 multicast snooping by storing correct protocol type
p54pci: update receive dma buffers before and after processing
fix cfg80211_wext_siwfreq lock ordering...
rt2x00: Fix WPA TKIP Michael MIC failures.
ath5k: Fix fast channel switching
tcp: undo_retrans counter fixes
...
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
amd64-agp: fix crash at second module load
drm/radeon: fix regression with AA resolve checking
drm: drop commented out code and preceding comment
drm/vblank: Enable precise vblank timestamps for interlaced and doublescan modes.
drm/vblank: Use memory barriers optimized for atomic_t instead of generics.
drm/vblank: Use abs64(diff_ns) for s64 diff_ns instead of abs(diff_ns)
drm/radeon/kms: align height of fb allocation.
Revert "drm/radeon/kms: switch back to min->max pll post divider iteration"
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
xfs: check if device support discard in xfs_ioc_trim()
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
The device is very similar to (0x0fe6, 0x8101),
And works well with dm9601 driver.
Signed-off-by: Shahar Havivi <shaharh@redhat.com>
Acked-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
- fix the RTL8111DP turn off the power when DASH is enabled.
- RTL_GIGA_MAC_VER_27 must wait for tx finish before reset.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Adjust and remove certain settings of RTL8102E which are for previous chips.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Acked-off-by: Francois Romieu <romieu@fr.zoreil.com>
It results in the wrong point address and influences RTL8168DP.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
DM9000 revision B needs 1 ms delay after PHY power-on.
PHY must be powered on by writing 0 into register DM9000_GPR before
all other settings will change (see Davicom spec and example code).
Remember, that register DM9000_GPR was not changed by reset sequence.
Without this fix the FIFO is out of sync and sends wrong data after
sequence of "ifconfig ethX down ; ifconfig ethX up".
Signed-off-by: David S. Miller <davem@davemloft.net>
netem_skb_cb() does :
return (struct netem_skb_cb *)qdisc_skb_cb(skb)->data;
Unfortunatly struct qdisc_skb_cb data is not long word aligned, so
access to psched_time_t time_to_send uses a non aligned access.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 8ee294cd9d converted serio
subsystem event handling from using a dedicated thread to using
common workqueue. Unfortunately, this regressed our boot times,
due to the fact that serio jobs take long time to execute. While
the new concurrency managed workqueue code manages long-playing
works just fine and schedules additional workers as needed, such
works wreck havoc among remaining users of flush_scheduled_work().
To solve this problem let's move serio/gameport works from system_wq
to system_long_wq which nobody tries to flush.
Reported-and-tested-by: Hernando Torque <pantherchen@versanet.de>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Since Synaptics technical writers department is a bit slow releasing updated
Synaptics interface guide, let's add some new bits (with their blessing)
to the code so that they don't get lost.
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
The __param section is already brought in by RODATA above.
Signed-off-by: Jesper Nilsson <jesper.nilsson@axis.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The module forgot to sometimes unregister some resources.
This fixes Bug #22882.
[Patch updated to 2.6.38-rc3 by Randy Dunlap.]
Tested-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Florian Mickler <florian@mickler.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
* 'for-2639-rc4/i2c-fixes' of git://git.fluff.org/bjdooks/linux:
i2c-omap: fixup commit cb527ede1b whitespace
i2c-omap: Double clear of ARDY status in IRQ handler
i2c-omap: fix build for !CONFIG_SUSPEND
i2c-omap: fix static suspend vs. runtime suspend
i2c-stu300: make sure adapter-name is terminated
This errata occurs when the ARDY interrupt generation is enabled.
At the begining of every new transaction the ARDY interrupt is cleared.
On continuous i2c transactions where after clearing the ARDY bit from
I2C_STAT register (clearing the interrupt), the IRQ line is reasserted and the
I2C_STAT[ARDY] bit set again on 1. In fact, the ARDY status bit is not cleared
at the write access to I2C_STAT[ARDY] and only the IRQ line is deasserted and
then reasserted. This is not captured in the usual errata documents.
The workaround is to have a double clear of ARDY status in irq handler.
Signed-off-by: Richard woodruff <r-woodruff2@ti.com>
Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Some userspaces can emit a whole packet without disabling AA resolve
by the looks of it, so we have to deal with them.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Tested-by: Jorg Otte <jrg.otte@googlemail.com>
r100_gpu_init() was dropped in 90aca4d ("drm/radeon/kms: simplify &
improve GPU reset V2") but here it was only commented out.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Testing showed the current code can already handle doublescan
video modes just fine. A trivial tweak makes it work for interlaced
scanout as well.
Tested and shown to be precise on Radeon rv530, r600 and
Intel 945-GME.
Signed-off-by: Mario Kleiner <mario.kleiner@tuebingen.mpg.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Documentation/atomic_ops.txt tells us that there are memory
barriers optimized for atomic_inc and other atomic_t ops.
Use these instead of smp_wmb(), and also to make the required
memory barriers around vblank counter increments more explicit.
Signed-off-by: Mario Kleiner <mario.kleiner@tuebingen.mpg.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Use of abs() wrongly wrapped diff_ns to 32 bit, which gives a 1/4000
probability of a missed vblank increment at each vblank irq reenable
if the kms driver doesn't support high precision vblank timestamping.
Not a big deal in practice, but let's make it nice.
Signed-off-by: Mario Kleiner <mario.kleiner@tuebingen.mpg.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
this aligns the height of the fb allocation so it doesn't trip
over the size checks later when we use this from userspace to
copy the buffer at X start.
Signed-off-by: Dave Airlie <airlied@redhat.com>
This reverts commit a6f9761743.
Remove this commit as it is no longer necessary. The relevant bugs
were fixed properly in:
drm/radeon/kms: hopefully fix pll issues for real (v3)
5b40ddf888
drm/radeon/kms: add missing frac fb div flag for dce4+
9f4283f49f
This commit also broke certain ~5 Mhz modes on old arcade monitors,
so reverting this commit fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=29502
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
When runtime PM is enabled, each OMAP i2c device is suspended after
each i2c xfer. However, there are two cases when the static suspend
methods must be used to ensure the devices are suspended:
1) runtime PM is disabled, either at compile time or dynamically
via /sys/devices/.../power/control.
2) an i2c client driver uses i2c during it's suspend callback, thus
leaving the i2c driver active (NOTE: runtime suspend transitions are
disabled during system suspend, so i2c activity during system
suspend will runtime resume the device, but not runtime (re)suspend it.)
Since the actual work to suspend the device is handled by the
subsytem, call the bus methods to take care of it.
NOTE: This takes care of a known suspend problem on OMAP3 where the
TWL RTC driver does i2c xfers during its suspend path leaving the i2c
driver in an active state (since runtime suspend transistions are
disabled.)
Signed-off-by: Kevin Hilman <khilman@ti.com>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Use strlcpy instead of strncpy.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Cc: Linus Walleij <linus.walleij@stericsson.com>
Cc: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Right now we, are relying on the fact that when we attempt to
actually do the discard, blkdev_issue_discar() returns -EOPNOTSUPP
and the user is informed that the device does not support discard.
However, in the case where the we do not hit any suitable free
extent to trim in FITRIM code, it will finish without any error.
This is very confusing, because it seems that FITRIM was successful
even though the device does not actually supports discard.
Solution: Check for the discard support before attempt to search for
free extents.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
xfs_fs_geometry() with a version number of 3. This code path does not
fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
the leaking of four bytes of uninitialized stack data to potentially
unprivileged callers.
v2 switches to memset() to avoid future issues if structure members
change, on suggestion of Dave Chinner.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.org>
Signed-off-by: Alex Elder <aelder@sgi.com>
drivers/net/sfc/ethtool.c: In function ‘efx_ethtool_self_test’:
drivers/net/sfc/ethtool.c:613: warning: the frame size of 1200 bytes
is larger than 1024 bytes
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently the bridge multicast snooping feature periodically issues
IPv6 general multicast listener queries to sense the absence of a
listener.
For this, it uses :: as its source address - however RFC 2710 requires:
"To be valid, the Query message MUST come from a link-local IPv6 Source
Address". Current Linux kernel versions seem to follow this requirement
and ignore our bogus MLD queries.
With this commit a link local address from the bridge interface is being
used to issue the MLD query, resulting in other Linux devices which are
multicast listeners in the network to respond with a MLD response (which
was not the case before).
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Map the IPv6 header's destination multicast address to an ethernet
source address instead of the MLD queries multicast address.
For instance for a general MLD query (multicast address in the MLD query
set to ::), this would wrongly be mapped to 33:33:00:00:00:00, although
an MLD queries destination MAC should always be 33:33:00:00:00:01 which
matches the IPv6 header's multicast destination ff02::1.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently the multicast bridge snooping support is not active for
link local multicast. I assume this has been done to leave
important multicast data untouched, like IPv6 Neighborhood Discovery.
In larger, bridged, local networks it could however be desirable to
optimize for instance local multicast audio/video streaming too.
With the transient flag in IPv6 multicast addresses we have an easy
way to optimize such multimedia traffic without tempering with the
high priority multicast data from well-known addresses.
This patch alters the multicast bridge snooping for IPv6, to take
effect for transient multicast addresses instead of non-link-local
addresses.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit adds the missing IPv6 multicast address flag defines to
complement the already existing multicast address scope defines and to
be able to check these flags nicely in the future.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
The nsrcs number is 2 Byte wide, therefore we need to call ntohs()
before using it.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
We actually want a pointer to the grec_nsrcr and not the following
field. Otherwise we can get very high values for *nsrcs as the first two
bytes of the IPv6 multicast address are being used instead, leading to
a failing pskb_may_pull() which results in MLDv2 reports not being
parsed.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
The protocol type for IPv6 entries in the hash table for multicast
bridge snooping is falsely set to ETH_P_IP, marking it as an IPv4
address, instead of setting it to ETH_P_IPV6, which results in negative
look-ups in the hash table later.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6:
pcmcia: re-enable Zoomed Video support
cm4000_cs: Fix undefined ops warning
pcmcia vs. MECR on pxa25x/sa1111
drivers/char/pcmcia/ipwireless/main.c: Convert release_resource to release_region/release_mem_region