commit c5624f554600ab812fe235690665ee81413cebc3 Author: Greg Kroah-Hartman Date: Mon Aug 15 18:31:55 2011 -0700 Linux 3.0.2 commit 0db4b32c1f389165369b384fd13200277202cdd0 Author: Peter Zijlstra Date: Wed Jul 27 12:17:11 2011 +0200 mm: Fix fixup_user_fault() for MMU=n commit 5c723ba5b7886909b2e430f2eae454c33f7fe5c6 upstream. In commit 2efaca927f5c ("mm/futex: fix futex writes on archs with SW tracking of dirty & young") we forgot about MMU=n. This patch fixes that. Signed-off-by: Peter Zijlstra Acked-by: Benjamin Herrenschmidt Acked-by: David Howells Link: http://lkml.kernel.org/r/1311761831.24752.413.camel@twins Signed-off-by: Linus Torvalds Cc: Mike Frysinger Signed-off-by: Greg Kroah-Hartman commit 8af1028380467f993573b5eef904522b9e2f5951 Author: David S. Miller Date: Thu Aug 11 17:58:59 2011 -0700 sparc: Don't do hypervisor calls on non-sun4v in DS driver. commit c92761fd9efcbbcb59e7bf4db88e29ce03229889 upstream. Reported-by: Pieter-Paul Giesberts Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 05362c29b1639185999b695cdaa37e0c1c15444a Author: Alex Hacker Date: Thu Aug 4 13:47:32 2011 +0600 ath9k: fix a misprint which leads to incorrect calibration commit 118c9db51e7acaf8f16deae8311cce6588b83e31 upstream. This patch addresses an issue with incorrect HW register AR_PHY_TX_IQCAL_CORR_COEFF_B1 definition which leads to incorrect clibration. Signed-off-by: Alex Hacker Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 5b61b4c55862e0403795bc4f7a8348accc3ca987 Author: Rajkumar Manoharan Date: Fri Jul 29 17:38:15 2011 +0530 ath9k_hw: Fix incorrect Tx control power in AR9003 template commit 15052f81d255eac44e745bc630b36aa86779ad9d upstream. CTL power data incorrect in ctlPowerData_2G field of ar9300_eeprom. Setting incorrect CTL power in calibration is causing lower tx power. Tx power was reported as 3dBm while operating in channel 6 HT40+/ in channel 11 HT40- due to CTL powers in the calibration is set to zero. Signed-off-by: Rajkumar Manoharan Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit fa54ab17fd26a469755f36f81fd4dad9e33f4f66 Author: Richard Cochran Date: Sat Aug 6 21:03:04 2011 +0000 dp83640: increase receive time stamp buffer size commit 8028837d71ba9904b17281b40f94b93e947fbe38 upstream. The dp83640 buffers receive time stamps from special PHY status frames, matching them to received PTP packets in a work queue. Because the timeout for orphaned time stamps is so long and the buffer is so small, the driver can drop time stamps under moderate PTP traffic. This commit fixes the issue by decreasing the timeout to (at least) one timer tick and increasing the buffer size. Signed-off-by: Richard Cochran Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 716fa319182000c26521cb2bd4ea034256230f5d Author: Richard Cochran Date: Sat Aug 6 21:03:03 2011 +0000 gianfar: fix fiper alignment after resetting the time commit cbc056602c7c63620c86904c431ff6b61e029dcc upstream. After resetting the time, the PPS signals on the FIPER output channels are incorrectly offset from the clock time, as can be readily verified by a looping back the FIPER to the external time stamp input. Despite its name, setting the "Fiper Realignment Disable" bit seems to fix the problem, at least on the P2020. Also, following the example code from the Freescale BSP, it is not really necessary to disable and re-enable the timer in order to reprogram the FIPER. (The documentation is rather unclear on this point. It seems that writing to the alarm register also disables the FIPER.) Signed-off-by: Richard Cochran Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 716ae31687f2d778ff9a18e7286deca992dfa955 Author: Bruce Allan Date: Fri Jul 22 06:21:51 2011 +0000 e1000e: alternate MAC address does not work on device id 0x1060 commit c407bee8a56d874b91f3e4ee790660959ff1a25e upstream. This issue is present all the way back to 2.6.34 kernels. Signed-off-by: Bruce Allan Tested-by: Jeffrey Pieper Signed-off-by: Jeff Kirsher Signed-off-by: Greg Kroah-Hartman commit 8b180803c66ccc825d2969c1ea9929fcb7fba98e Author: Eric Sandeen Date: Thu Aug 11 09:54:31 2011 -0500 ext4: Properly count journal credits for long symlinks commit 8c20871998c082f6fbc963f1449a5ba5140ee39a upstream. Commit df5e6223407e ("ext4: fix deadlock in ext4_symlink() in ENOSPC conditions") recalculated the number of credits needed for a long symlink, in the process of splitting it into two transactions. However, the first credit calculation under-counted because if selinux is enabled, credits are needed to create the selinux xattr as well. Overrunning the reservation will result in an OOPS in jbd2_journal_dirty_metadata() due to this assert: J_ASSERT_JH(jh, handle->h_buffer_credits > 0); Fix this by increasing the reservation size. Signed-off-by: Eric Sandeen Reviewed-by: Jan Kara Acked-by: "Theodore Ts'o" Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 1ae2a2c0515870d784f1ea101b079bd0962b6cd5 Author: Eric Sandeen Date: Thu Aug 11 09:51:46 2011 -0500 ext3: Properly count journal credits for long symlinks commit d2db60df1e7eb39cf0f378dfc4dd8813666d46ef upstream. Commit ae54870a1dc9 ("ext3: Fix lock inversion in ext3_symlink()") recalculated the number of credits needed for a long symlink, in the process of splitting it into two transactions. However, the first credit calculation under-counted because if selinux is enabled, credits are needed to create the selinux xattr as well. Overrunning the reservation will result in an OOPS in journal_dirty_metadata() due to this assert: J_ASSERT_JH(jh, handle->h_buffer_credits > 0); Fix this by increasing the reservation size. Signed-off-by: Eric Sandeen Reviewed-by: Jan Kara Acked-by: "Theodore Ts'o" Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit f45a91a0ad6b2ed8938121cf7afd703ed3279854 Author: Anton Blanchard Date: Tue Jul 26 18:15:03 2011 +0000 powerpc: pseries: Fix kexec on machines with more than 4TB of RAM commit bed9a31527af8ff3dfbad62a1a42815cef4baab7 upstream. On a box with 8TB of RAM the MMU hashtable is 64GB in size. That means we have 4G PTEs. pSeries_lpar_hptab_clear was using a signed int to store the index which will overflow at 2G. Signed-off-by: Anton Blanchard Acked-by: Michael Neuling Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit fea59f95cf352d62255e86ec0b8d81c6bcf75622 Author: Anton Blanchard Date: Mon Jul 25 20:47:07 2011 +0000 powerpc: Fix device tree claim code commit 966728dd88b4026ec58fee169ccceaeaf56ef120 upstream. I have a box that fails in OF during boot with: DEFAULT CATCH!, exception-handler=fff00400 at %SRR0: 49424d2c4c6f6768 %SRR1: 800000004000b002 ie "IBM,Logh". OF got corrupted with a device tree string. Looking at make_room and alloc_up, we claim the first chunk (1 MB) but we never claim any more. mem_end is always set to alloc_top which is the top of our available address space, guaranteeing we will never call alloc_up and claim more memory. Also alloc_up wasn't setting alloc_bottom to the bottom of the available address space. This doesn't help the box to boot, but we at least fail with an obvious error. We could relocate the device tree in a future patch. Signed-off-by: Anton Blanchard Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit 9ad774d37c07c22629e9444b18e42fba08cecccb Author: Anton Blanchard Date: Mon Jul 25 01:46:32 2011 +0000 powerpc/pseries: Fix kexec on recent firmware versions commit b1301797f30370c430244979671978fc232f4533 upstream. Recent versions of firmware will fail to unmap the virtual processor area if we have a dispatch trace log registered. This causes kexec to fail. If a trace log is registered this patch unregisters it before the SLB shadow and virtual processor areas, fixing the problem. The address argument is ignored by firmware on unregister so we may as well remove it. Signed-off-by: Anton Blanchard Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman commit 8c9729a2ca6291a80c4d0473ae64f2b7a547cc9e Author: Tyler Hicks Date: Thu Aug 4 22:58:51 2011 -0500 eCryptfs: Return error when lower file pointer is NULL commit f61500e000eedc0c7a0201200a7f00ba5529c002 upstream. When an eCryptfs inode's lower file has been closed, and the pointer has been set to NULL, return an error when trying to do a lower read or write rather than calling BUG(). https://bugzilla.kernel.org/show_bug.cgi?id=37292 Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit ed60157d262ebc0a032362013c58665d490edeee Author: John Johansen Date: Fri Jul 22 08:14:15 2011 -0700 Ecryptfs: Add mount option to check uid of device being mounted = expect uid commit 764355487ea220fdc2faf128d577d7f679b91f97 upstream. Close a TOCTOU race for mounts done via ecryptfs-mount-private. The mount source (device) can be raced when the ownership test is done in userspace. Provide Ecryptfs a means to force the uid check at mount time. Signed-off-by: John Johansen Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit feeb796dfb00a08971120bcc8e71bcaf6a9bf150 Author: David S. Miller Date: Sat Aug 6 05:26:35 2011 -0700 sparc: Fix build with DEBUG_PAGEALLOC enabled. [ Upstream commit 0785a8e87be0202744d8681363aecbd4ffbb5f5a ] arch/sparc/mm/init_64.c:1622:22: error: unused variable '__swapper_4m_tsb_phys_patch_end' [-Werror=unused-variable] arch/sparc/mm/init_64.c:1621:22: error: unused variable '__swapper_4m_tsb_phys_patch' [-Werror=unused-variable] Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 9333a4681b17e19c4e6f6780ec209aff165fd968 Author: David S. Miller Date: Fri Aug 5 02:38:27 2011 -0700 sparc: Size mondo queues more sanely. [ Upstream commit 961f65fc41cdc1f9099a6075258816c0db98e390 ] There is currently no upper limit on the mondo queue sizes we'll use, which guarentees that we'll eventually his page allocation limits, and thus allocation failures, due to MAX_ORDER. Cap the sizes sanely, current limits are: CPU MONDO 2 * max_possible_cpus DEV MONDO 256 (basically NR_IRQS) RES MONDO 128 NRES MONDO 4 Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit b548d908c7c625ae97679f1a8d86960fbe649e10 Author: David S. Miller Date: Fri Aug 5 00:53:57 2011 -0700 sparc: Access kernel TSB using physical addressing when possible. [ Upstream commit 9076d0e7e02b98f7a65df10d1956326c8d8ba61a ] On sun4v this is basically required since we point the hypervisor and the TSB walking hardware at these tables using physical addressing too. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 27ff2c083e9b0e719983eebda886775a5cea5cdd Author: David S. Miller Date: Tue Aug 2 20:23:34 2011 -0700 sparc: Use popc when possible for ffs/__ffs/ffz. [ Upstream commit 56d205cc5c0a3032a605121d4253e111193bf923 ] Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit e6aefcf11c97220fecacddbad36335461b486ec9 Author: David S. Miller Date: Mon Aug 1 23:27:17 2011 -0700 sparc: Set reboot-cmd using reboot data hypervisor call if available. [ Upstream commit ea5e7447ea9d555558e0f13798f5143dd51a915a ] Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 7508c959a81a93997e5d8cf6e75168ef8bb3f93e Author: David S. Miller Date: Mon Aug 1 22:45:18 2011 -0700 sparc: Add some missing hypervisor API groups. [ Upstream commit e2eb9f8158ead43a88c0f0b4d74257b1be938a18 ] Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit c099e6a534f275f4e8aa0a4e62572b63c3689355 Author: David S. Miller Date: Mon Aug 1 19:41:12 2011 -0700 sparc: Use hweight64() in popc emulation. [ Upstream commit d600cbed0fe8fceec04500824f638dfe4996c653 ] Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 0975b446b4e724570a63dfa001e1a2c0f2808724 Author: David S. Miller Date: Fri Jul 29 09:42:07 2011 -0700 sparc: Use popc if possible for hweight routines. [ Upstream commit ef7c4d4675d2a9206f913f26ca1a5cd41bff9d41 ] Just like powerpc, we code patch at boot time. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 11d6ad9ef5921c0b811f9bf96f8cba481e755195 Author: David S. Miller Date: Mon Aug 1 18:18:57 2011 -0700 sparc: Minor tweaks to Niagara page copy/clear. [ Upstream commit e95ade083939dcb4b0c51c1a2c8504ea9ef3d6ef ] Don't use floating point on Niagara2, use the traditional plain Niagara code instead. Unroll Niagara loops to 128 bytes for copy, and 256 bytes for clear. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit f1b7f4b6d299fcad9b6bb84d86cef2094613ea75 Author: David S. Miller Date: Thu Jul 28 23:31:26 2011 -0700 sparc: Sanitize cpu feature detection and reporting. [ Upstream commit ac85fe8b21248054851e05bfaa352562e5b06dd3 ] Instead of evaluating the cpu features for ELF_HWCAP every exec, calculate it once at boot time. Add AV_SPARC_* capability flag bits, compatible with what Solaris reports to applications. Report these capabilities once in the kernel log, and also via /proc/cpuinfo in a new "cpucaps" entry. If available, fetch the cpu features from the machine description 'hwcap-list' property of the 'cpu' node. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit b25f76a8fe3230786712d18a83c7a57b7abc6624 Author: David S. Miller Date: Wed Jul 27 21:06:16 2011 -0700 sparc: Detect and handle UltraSPARC-T3 cpu types. [ Upstream commit 4ba991d3eb379fbaa22049e7002341e97a673685 ] The cpu compatible string we look for is "SPARC-T3". As far as memset/memcpy optimizations go, we treat this chip the same as Niagara-T2/T2+. Use cache initializing stores for memset, and use perfetch, FPU block loads, cache initializing stores, and block stores for copies. We use the Niagara-T2 perf support, since T3 is a close relative in this regard. Later we'll add support for the new events T3 can report, plus enable T3's new "sample" mode. For now I haven't added any new ELF hwcap flags. We probably need to add a couple, for example: T2 and T3 both support the population count instruction in hardware. T3 supports VIS3 instructions, including support (finally) for partitioned shift. One can also now move directly between float and integer registers. T3 supports instructions meant to help with Galois Field and other HPC calculations, such as XOR multiply. Also there are "OP and negate" instructions, for example "fnmul" which is multiply-and-negate. T3 recognizes the transactional memory opcodes, however since transactional memory isn't supported: 1) 'commit' behaves as a NOP and 2) 'chkpt' always branches 3) 'rdcps' returns all zeros and 4) 'wrcps' behaves as a NOP. So we'll need about 3 new elf capability flags in the end to represent all of these things. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit ce840177aaadf72f7d0fc7619bcbc12e4e8129bf Author: David S. Miller Date: Wed Jul 27 20:46:25 2011 -0700 sparc: Don't do expensive hypervisor PCR write unless necessary. [ Upstream commit 314ff52727fe94dfbe07f3a9a489ab3ca8d8df5a ] The hypervisor call is only necessary if hypervisor events are being requested. So if we're not tracking hypervisor events, simply do a direct register write. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 7cc3d70509d05b40ae926b8f6c886abab7ace827 Author: David S. Miller Date: Wed Jul 27 20:42:51 2011 -0700 sparc: Add T3 sun4v cpu type and hypervisor group defines. [ Upstream commit 15e3608d7c273947dbf2eadbcaa66e51143928fb ] Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 29ad8f6f0b0e6e4c918040286572fffb662a5f88 Author: David S. Miller Date: Wed Jul 27 20:25:57 2011 -0700 sparc: Don't leave sparc_pmu_type NULL on sun4v. [ Upstream commit facfddef2c76110b8e321921f7e54518c3dd1579 ] Otherwise we'll crash in the sparc perf init code. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit fb07bb91081d60b29b3eb1372fc0e61ded2be352 Author: Kashyap, Desai Date: Tue Jun 14 10:54:56 2011 +0530 mpt2sas: Fixed Big Indian Issues on 32 bit PPC commit c97951ec46d4b076c2236b77db34eeed6dddb8eb upstream. This patch addresses many endian issues solved by runing sparse with the option __CHECK_ENDIAN__ turned on. Signed-off-by: Kashyap Desai Signed-off-by: James Bottomley Cc: David Miller Signed-off-by: Greg Kroah-Hartman commit 3e244baaa667ffb2bf7aa8f7d165d40e4899517d Author: Wey-Yi Guy Date: Mon Aug 8 20:53:58 2011 -0600 iwlagn: 5000 do not support idle mode commit f35291082294ca6737953bbe4e9491ede04ab822 upstream. 5000 series has issue supporting power save idle mode: commit 9dc2153315650eae220898668b6aa56a25c130be iwlwifi: always support idle mode for agn devices For agn devices, always support idle mode which help power consumption in idle unassociated state. the above changes cause 5000 become not stable when power management is "on" http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2312 Reported-by: Devin J. Pohly Signed-off-by: Wey-Yi Guy Signed-off-by: John W. Linville Signed-off-by: Devin J. Pohly Signed-off-by: Greg Kroah-Hartman commit 06e67267adf0e3b9a25a78250a1c7caefd36f843 Author: xeb@mail.ru Date: Fri Jul 22 20:49:40 2011 +0000 gre: fix improper error handling [ Upstream commit 559fafb94ad9e4cd8774f39241917c57396f9fc5 ] Fix improper protocol err_handler, current implementation is fully unapplicable and may cause kernel crash due to double kfree_skb. Signed-off-by: Dmitry Kozlov Acked-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit cb737cb02933192dcbb141480e3dc8153b89be48 Author: Julian Anastasov Date: Sat Jul 23 02:00:41 2011 +0000 ipv4: use RT_TOS after some rt_tos conversions [ Upstream commit b0fe4a31849063fcac0bdc93716ca92615e93f57 ] rt_tos was changed to iph->tos but it must be filtered by RT_TOS Signed-off-by: Julian Anastasov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit c8656c500dd6e88d427547abe2859213a916a3ea Author: stephen hemminger Date: Fri Jul 22 12:53:56 2011 +0000 net: allow netif_carrier to be called safely from IRQ [ Upstream commit 1821f7cd65ad9ea56580b830ac79bf4c4fef59cb ] As reported by Ben Greer and Froncois Romieu. The code path in the netif_carrier code leads it to try and disable a late workqueue to reenable it immediately netif_carrier_on -> linkwatch_fire_event -> linkwatch_schedule_work -> cancel_delayed_work -> del_timer_sync If __cancel_delayed_work is used instead then there is no problem of waiting for running linkwatch_event. There is a race between linkwatch_event running re-scheduling but it is harmless to schedule an extra scan of the linkwatch queue. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 7106159f8bd33bd5e5b0ea2c87e499117fc22c69 Author: Lennart Sorensen Date: Thu Jul 28 13:18:11 2011 +0000 r8169: Add support for D-Link 530T rev C1 (Kernel Bug 38862) [ Upstream commit 93a3aa25933461d76141179fc94aa32d5f9d954a ] The D-Link DGE-530T rev C1 is a re-badged Realtek 8169 named DLG10028C, unlike the previous revisions which were skge based. It is probably the same as the discontinued DGE-528T (0x4300) other than the PCI ID. The PCI ID is 0x1186:0x4302. Adding it to r8169.c where 0x1186:0x4300 is already found makes the card be detected and work. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=38862 Signed-off-by: Len Sorensen Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 04124c684acdab48c4d990235d5f16343e55d088 Author: Klement Fish Date: Thu Jul 28 06:03:22 2011 +0000 sis190: Rx filter init is needed for MAC address change. [ Upstream commit fe66101f14813b77d84f6450d51772a2af2b81a1 ] Addresses https://bugzilla.kernel.org/show_bug.cgi?id=34552 Signed-off-by: Klement Fish Acked-by: Francois Romieu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 3b9dfc69a292c4397815756bb404f2cda44ae7de Author: Tushar Gohad Date: Thu Jul 28 10:36:20 2011 +0000 xfrm: Fix key lengths for rfc3686(ctr(aes)) [ Upstream commit 4203223a1aed862b4445fdcd260d6139603a51d9 ] Fix the min and max bit lengths for AES-CTR (RFC3686) keys. The number of bits in key spec is the key length (128/256) plus 32 bits of nonce. This change takes care of the "Invalid key length" errors reported by setkey when specifying 288 bit keys for aes-ctr. Signed-off-by: Tushar Gohad Acked-by: Herbert Xu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit d98630f19f4880bfdb170231ef9f0ba781ecc850 Author: Chris Clayton Date: Tue Jul 26 12:20:22 2011 +0000 Fix cdc-phonet build [ Upstream commit a0295a3b6775ab88f5883684e14bbda8d287822d ] Try to send to correct address this time! ---------- Forwarded Message ---------- Subject: [PATCH] Fix cdc-phonet build Date: Saturday 23 Jul 2011 From: Chris Clayton To: linux-net@vger.kernel.org cdc-phonet does not presently build on linux-3.0 because there is no entry for it in drivers/net/Makefile. This patch adds that entry. Signed-off-by: Chris Clayton Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 247460c92c3a5d58496c6d65c4b4604ca0e2ff0e Author: Andy Gospodarek Date: Tue Jul 26 11:12:27 2011 +0000 bonding: fix string comparison errors [ Upstream commit f4bb2e9c4fa9e5fdddf90589703613fd1a9c519f ] When a bond contains a device where one name is the subset of another (eth1 and eth10, for example), one cannot properly set the primary device or the currently active device. This was reported and based on work by Takuma Umeya. I also verified the problem and tested that this fix resolves it. V2: A few did not like the the current code or my changes, so I refactored bonding_store_primary and bonding_store_active_slave to be a bit cleaner, dropped the use of strnicmp since we did not really need the comparison to be case insensitive, and formatted the input string from sysfs so a comparison to IFNAMSIZ could be used. I also discovered an error in bonding_store_active_slave that would modify bond->primary_slave rather than bond->curr_active_slave before forcing the bonding driver to choose a new active slave. V3: Actually sending the proper patch.... Signed-off-by: Andy Gospodarek Reported-by: Takuma Umeya Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 9cf81e790a0d8709cbadbaff73ee40aa944e2ea1 Author: Neil Horman Date: Tue Jul 26 06:05:38 2011 +0000 net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared [ Upstream commit 550fd08c2cebad61c548def135f67aba284c6162 ] After the last patch, We are left in a state in which only drivers calling ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers touching real hardware call ether_setup for their net_devices and don't hold any state in their skbs. There are a handful of drivers that violate this assumption of course, and need to be fixed up. This patch identifies those drivers, and marks them as not being able to support the safe transmission of skbs by clearning the IFF_TX_SKB_SHARING flag in priv_flags Signed-off-by: Neil Horman CC: Karsten Keil CC: "David S. Miller" CC: Jay Vosburgh CC: Andy Gospodarek CC: Patrick McHardy CC: Krzysztof Halasa CC: "John W. Linville" CC: Greg Kroah-Hartman CC: Marcel Holtmann CC: Johannes Berg Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 60f17a7798369bec34f171ca126f8247c773763b Author: Neil Horman Date: Tue Jul 26 06:05:37 2011 +0000 net: add IFF_SKB_TX_SHARED flag to priv_flags [ Upstream commit d8873315065f1f527c7c380402cf59b1e1d0ae36 ] Pktgen attempts to transmit shared skbs to net devices, which can't be used by some drivers as they keep state information in skbs. This patch adds a flag marking drivers as being able to handle shared skbs in their tx path. Drivers are defaulted to being unable to do so, but calling ether_setup enables this flag, as 90% of the drivers calling ether_setup touch real hardware and can handle shared skbs. A subsequent patch will audit drivers to ensure that the flag is set properly Signed-off-by: Neil Horman Reported-by: Jiri Pirko CC: Robert Olsson CC: Eric Dumazet CC: Alexey Dobriyan CC: David S. Miller Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 711ae7c7a810eb8bc92cac46041c996eb66dbd54 Author: Zoltan Kiss Date: Sun Jul 24 13:09:30 2011 +0000 IPv4: Send gratuitous ARP for secondary IP addresses also [ Upstream commit b76d0789c92a816a5539dc14232a700b8d62a53a ] If a device event generates gratuitous ARP messages, only primary address is used for sending. This patch iterates through the whole list. Tested with 2 IP addresses configuration on bonding interface. Signed-off-by: Zoltan Kiss Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 956c35400bfa51940de15ff7c31b7bba298f1dfe Author: Eric Dumazet Date: Fri Jul 29 19:22:42 2011 +0000 sch_sfq: fix sfq_enqueue() [ Upstream commit e1738bd9cecc5c867b0e2996470c1ff20f66ba79 ] commit 8efa88540635 (sch_sfq: avoid giving spurious NET_XMIT_CN signals) forgot to call qdisc_tree_decrease_qlen() to signal upper levels that a packet (from another flow) was dropped, leading to various problems. With help from Michal Soltys and Michal Pokrywka, who did a bisection. Bugzilla ref: https://bugzilla.kernel.org/show_bug.cgi?id=39372 Debian ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631945 Reported-by: Lucas Bocchi Reported-and-bisected-by: Michal Pokrywka Signed-off-by: Eric Dumazet CC: Michal Soltys Acked-by: Patrick McHardy Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit b1d3755791db359c3827c59248d9aa5f5f430931 Author: Julia Lawall Date: Thu Jul 28 02:46:03 2011 +0000 drivers/net/niu.c: adjust array index [ Upstream commit 956837f7c954443f426a82ba6f17b33488cf9a0c ] Convert array index from the loop bound to the loop index. A simplified version of the semantic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression e1,e2,ar; @@ for(e1 = 0; e1 < e2; e1++) { <... ar[ - e2 + e1 ] ...> } // Signed-off-by: Julia Lawall Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit d9399f30d1bf0bc5fdcbea1cbdda25a2e549f895 Author: Julia Lawall Date: Thu Jul 28 02:46:01 2011 +0000 net: adjust array index [ Upstream commit a1889c0d2039a53ae04abb9f20c62500bd312bf3 ] Convert array index from the loop bound to the loop index. A simplified version of the semantic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression e1,e2,ar; @@ for(e1 = 0; e1 < e2; e1++) { <... ar[ - e2 + e1 ] ...> } // Signed-off-by: Julia Lawall Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 88fd1eabecdffea04af6b0bc2aa56a5dfccb6a6e Author: Simon Horman Date: Thu May 19 21:32:57 2011 +0900 IPVS: Free resources on module removal [ Upstream commit 7676e345824f162191b1fe2058ad948a6cf91c20 ] This resolves a panic on module removal. Reported-by: Dave Jones Acked-by: Julian Anastasov Signed-off-by: Hans Schillstrom Signed-off-by: Simon Horman Signed-off-by: Greg Kroah-Hartman commit 44a41f45fb2609b37ff81dcbce186dc3f7f95fcb Author: Julian Anastasov Date: Sun Aug 7 22:20:20 2011 -0700 ipv4: fix the reusing of routing cache entries [ Upstream commit d547f727df86059104af2234804fdd538e112015 ] compare_keys and ip_route_input_common rely on rt_oif for distinguishing of input and output routes with same keys values. But sometimes the input route has also same hash chain (keyed by iif != 0) with the output routes (keyed by orig_oif=0). Problem visible if running with small number of rhash_entries. Fix them to use rt_route_iif instead. By this way input route can not be returned to users that request output route. The patch fixes the ip_rt_bug errors that were reported in ip_local_out context, mostly for 255.255.255.255 destinations. Signed-off-by: Julian Anastasov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 4339267bcded2540782c8f7587bc59434b89420c Author: Bill Sommerfeld Date: Tue Jul 19 15:22:33 2011 +0000 ipv4: Constrain UFO fragment sizes to multiples of 8 bytes [ Upstream commit d9be4f7a6f5a8da3133b832eca41c3591420b1ca ] Because the ip fragment offset field counts 8-byte chunks, ip fragments other than the last must contain a multiple of 8 bytes of payload. ip_ufo_append_data wasn't respecting this constraint and, depending on the MTU and ip option sizes, could create malformed non-final fragments. Google-Bug-Id: 5009328 Signed-off-by: Bill Sommerfeld Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 0671b3017cad5944fb2b63b5285802eeabb2cdd5 Author: David S. Miller Date: Fri Jul 22 06:22:10 2011 -0700 icmp: Fix regression in nexthop resolution during replies. [ Upstream commit 415b3334a21aa67806c52d1acf4e72e14f7f402f ] icmp_route_lookup() uses the wrong flow parameters if the reverse session route lookup isn't used. So do not commit to the re-decoded flow until we actually make a final decision to use a real route saved in 'rt2'. Reported-by: Florian Westphal Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit ef81bb40bf15f350fe865f31fa42f1082772a576 Author: Eric Dumazet Date: Mon Aug 8 23:44:00 2011 -0700 ipv6: make fragment identifications less predictable [ Backport of upstream commit 87c48fa3b4630905f98268dde838ee43626a060c ] Fernando Gont reported current IPv6 fragment identification generation was not secure, because using a very predictable system-wide generator, allowing various attacks. IPv4 uses inetpeer cache to address this problem and to get good performance. We'll use this mechanism when IPv6 inetpeer is stable enough in linux-3.1 For the time being, we use jhash on destination address to provide less predictable identifications. Also remove a spinlock and use cmpxchg() to get better SMP performance. Reported-by: Fernando Gont Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit eb473dd5ad8785d35142966cdcd6896d8dff5a22 Author: Clemens Ladisch Date: Thu Aug 4 16:17:42 2011 +0200 ALSA: snd-usb: Accept UAC2 FORMAT_TYPE descriptors with bLength > 6 commit 824818b148db42173446707df4cbd61cd7133272 upstream. The Focusrite Scarlett 18i6 USB has them that way, which is probably a bug. Anyway, the driver should simply ignore this fact. Signed-off-by: Daniel Mack Reported-by: Nicolai Krakowiak Signed-off-by: Clemens Ladisch Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 3ddef47156a5b3a005c1536b8d64ea6edff133aa Author: Daniel Mack Date: Thu Aug 4 15:56:28 2011 +0200 ALSA: snd-usb: operate on given mixer interface only commit 1faa5d07a93fc5b0a4a5254fc940a79e20b55540 upstream. When creating the mixers for an USB audio device, the current code looks at the host interface stored in mixer->chip->ctrl_if. Change this and rather keep a local pointer to the interface that was given when snd_usb_create_mixer() was called. Signed-off-by: Daniel Mack Reported-by: Nicolai Krakowiak Reported-by: Lean-Yves LENHOF Acked-by: Clemens Ladisch Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit e565b49adb0dc11ac644e4af63936012c6ab2f43 Author: Nicolai Krakowiak Date: Thu Aug 4 15:56:27 2011 +0200 ALSA: snd-usb: avoid dividing by zero on invalid input commit 60c961a9e1ed879a4d151df6076bf1203f595f73 upstream. Signed-off-by: Nicolai Krakowiak Acked-by: Daniel Mack Acked-by: Clemens Ladisch Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 818e2eaed9807b1816381856a10473cb58ca56e5 Author: Daniel Mack Date: Sat Aug 6 09:13:08 2011 +0200 ALSA: snd-usb-caiaq: Fix keymap for RigKontrol3 commit f4389489b5cbe60b3441869c68bb4afe760969c4 upstream. Signed-off-by: Daniel Mack Reported-by: Renato Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 9ef4ce3c5f9f8960ef347ad85a90ccb9e11fb482 Author: Takashi Iwai Date: Mon Aug 8 12:24:46 2011 +0200 ALSA: timer - Fix Oops at closing slave timer commit 0584ffa548b6e59aceb027112f23a55f0133400e upstream. A slave-timer instance has no timer reference, and this results in NULL-dereference at stopping the timer, typically called at closing the device. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=40682 Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit 4c1f50da71cc26a4074ec4b1cb748869a6279f39 Author: Wolfram Sang Date: Tue Aug 2 19:42:19 2011 +0200 ASoC: sgtl5000: fix cache handling commit 151798f872d6b386d82cd1707ad703e981fef8f2 upstream. Cache handling in this driver is broken. The chip has 16-bit registers, yet the register numbers also increase by 2 per register, i.e. there are only even-numbered registers. The cache in this driver, though, simply increments register numbers, so it does need some mapping as seen in sgtl5000_restore_regs(), note the '>> 1': snd_soc_write(codec, SGTL5000_CHIP_LINREG_CTRL, cache[SGTL5000_CHIP_LINREG_CTRL >> 1]); That, of course, won't work with snd_soc_update_bits(). (Thus, we won't even notice the missing register 0x1c in the default regs which shifted all follwing registers to wrong values.) Noticed on the MX28EVK where enabling the regulators simply locked up the chip. Refactor the routines and use a properly sized default_regs array which matches the register layout of the underlying chip, i.e. create a truly flat cache. This also saves some code which should make up for the bigger array a little. When soc-core will somewhen have another cache type which handles a step size, this conversion will also ease the transition. Signed-off-by: Wolfram Sang Tested-by: Dong Aisheng Tested-by: Shawn Guo Acked-by: Liam Girdwood Signed-off-by: Mark Brown Signed-off-by: Greg Kroah-Hartman commit 407529f61453bf0e683aa4584bfe2a5b864f1525 Author: Jeff Layton Date: Fri Aug 5 10:28:01 2011 -0400 cifs: convert prefixpath delimiters in cifs_build_path_to_root commit f9e8c45002cacad536b338dfa9e910e341a49c31 upstream. Regression from 2.6.39... The delimiters in the prefixpath are not being converted based on whether posix paths are in effect. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=727834 Reported-and-Tested-by: Iain Arnell Reported-by: Patrick Oltmann Cc: Pavel Shilovsky Signed-off-by: Jeff Layton Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit cae28d950cc7319a7e88deccbb0c4492f0830e6e Author: Jeff Layton Date: Fri Aug 5 09:02:40 2011 -0400 cifs: cope with negative dentries in cifs_get_root commit 80975d21aae2136ccae1ce914a1602dc1d8b0795 upstream. The loop around lookup_one_len doesn't handle the case where it might return a negative dentry, which can cause an oops on the next pass through the loop. Check for that and break out of the loop with an error of -ENOENT if there is one. Fixes the panic reported here: https://bugzilla.redhat.com/show_bug.cgi?id=727927 Reported-by: TR Bentley Reported-by: Iain Arnell Cc: Al Viro Signed-off-by: Jeff Layton Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 6fd70fafa11fd88d5beee360395f4c0b28d7af43 Author: Pavel Shilovsky Date: Wed Aug 3 23:12:18 2011 +0400 CIFS: Fix missing a decrement of inFlight value commit 0193e072268fe62c4b19ad4b05cd0d4b23c43bb9 upstream. if we failed on getting mid entry in cifs_call_async. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit edf400e549fa34a2004612d9eee543747d73cb48 Author: Corentin Chary Date: Fri Jul 1 11:34:38 2011 +0200 asus-wmi: return proper value in store_cpufv() commit 3df5fdadf6400373a696bb14e27d4771e5f6afb3 upstream. Signed-off-by: Corentin Chary Signed-off-by: Matthew Garrett Signed-off-by: Greg Kroah-Hartman commit 2c4ee7699067b5f9d65e8d97d153daa5d0590365 Author: Corentin Chary Date: Fri Jul 1 11:34:26 2011 +0200 asus-wmi: fix hwmon/pwm1 commit 49979d091d1847823c064301da1ec173619ddd92 upstream. The code was completly broken, and should never had been sent to the kernel. That's what happens when you write code without hardware to test it. Signed-off-by: Corentin Chary Signed-off-by: Matthew Garrett Signed-off-by: Greg Kroah-Hartman commit e997d47bff5a467262ef224b4cf8cbba2d3eceea Author: David S. Miller Date: Wed Aug 3 20:50:44 2011 -0700 net: Compute protocol sequence numbers and fragment IDs using MD5. Computers have become a lot faster since we compromised on the partial MD4 hash which we use currently for performance reasons. MD5 is a much safer choice, and is inline with both RFC1948 and other ISS generators (OpenBSD, Solaris, etc.) Furthermore, only having 24-bits of the sequence number be truly unpredictable is a very serious limitation. So the periodic regeneration and 8-bit counter have been removed. We compute and use a full 32-bit sequence number. For ipv6, DCCP was found to use a 32-bit truncated initial sequence number (it needs 43-bits) and that is fixed here as well. Reported-by: Dan Kaminsky Tested-by: Willy Tarreau Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 2468b895fc7dcbc436cb02f0707ab8d7cb2f0aa7 Author: David S. Miller Date: Wed Aug 3 19:45:10 2011 -0700 crypto: Move md5_transform to lib/md5.c We are going to use this for TCP/IP sequence number and fragment ID generation. Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit c1c741511cbe9fe55257959a83d1fa4361afc5dd Author: Keith Packard Date: Thu Jul 28 15:31:19 2011 -0700 drm/i915: Fixup for 'Hold mode_config->mutex during hotplug' commit 40ee3381dd1010432acc13e907329029096c5bfc upstream. drm_helper_hpd_irq_event queues another work proc to go and deliver the user-space event, and that function also wants to hold the config mutex, so we shouldn't hold the mutex across the drm_helper_hpd_irq_event call. Signed-off-by: Keith Packard Signed-off-by: Greg Kroah-Hartman commit 8b01249b9fe0697eb66e8d0bf41a714d91d039ce Author: Keith Packard Date: Mon Jul 25 10:04:56 2011 -0700 drm/i915: Hold mode_config->mutex during hotplug processing commit a65e34c79c88895766ab1f8a5afa451eed26622b upstream. Hotplug detection is a mode setting operation and must hold the struct_mutex or risk colliding with other mode setting operations. In particular, the display port hotplug function attempts to re-train the link if the monitor is supposed to be running when plugged back in. If that happens while mode setting is underway, the link will get scrambled, leaving it in an inconsistent state. This is a special case -- usually the driver mode setting entry points are covered by the upper level DRM code, but in this case the function is invoked as a work function not under the control of DRM. Signed-off-by: Keith Packard Reviewed-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit 3f6846490d30a4b6e127bc522615db58721a8cdc Author: Keith Packard Date: Fri Jul 22 10:44:39 2011 -0700 drm/i915: Initialize RCS ring status page address in intel_render_ring_init_dri commit f3234706a77bd6e1592ae71fb3268e04cb030dba upstream. Physically-addressed hardware status pages are initialized early in the driver load process by i915_init_phys_hws. For UMS environments, the ring structure is not initialized until the X server starts. At that point, the entire ring structure is re-initialized with all new values. Any values set in the ring structure (including ring->status_page.page_addr) will be lost when the ring is re-initialized. This patch moves the initialization of the status_page.page_addr value to intel_render_ring_init_dri. Signed-off-by: Keith Packard Signed-off-by: Greg Kroah-Hartman commit 9ae352371ad759dba1053a284625a2dee785353f Author: Ole Henrik Jahren Date: Fri Jul 22 15:56:01 2011 +0200 drm/i915: Fix typo in DRM_I915_OVERLAY_PUT_IMAGE ioctl define commit 842d452985300f4ec14c68cb86046e8a1a3b7251 upstream. Because of a typo, calling ioctl with DRM_IOCTL_I915_OVERLAY_PUT_IMAGE is broken if the macro is used directly. When using libdrm the bug is not hit, since libdrm handles the ioctl encoding internally. The typo also leads to the .cmd and .cmd_drv fields of the drm_ioctl structure for DRM_I915_OVERLAY_PUT_IMAGE having inconsistent content. Signed-off-by: Ole Henrik Jahren Acked-by: Daniel Vetter Signed-off-by: Keith Packard Signed-off-by: Greg Kroah-Hartman commit c7b53ef3876b12a225039b930088eec77234661f Author: Jesse Barnes Date: Wed Jun 15 23:32:33 2011 +0200 drm/i915: load the LUT before pipe enable on ILK+ commit 9c54c0dd948d715ccfd79e97d852f80eeb53254a upstream. Per the specs and to address https://bugs.freedesktop.org/show_bug.cgi?id=36888. Signed-off-by: Jesse Barnes Signed-off-by: Keith Packard Signed-off-by: Greg Kroah-Hartman commit 715245b55733d3a3ca1f336dd0682f83836c7625 Author: Adam Jackson Date: Wed Jul 13 16:32:32 2011 -0400 drm/i915/pch: Fix integer math bugs in panel fitting commit 302983e9059e9ef5de3ca7671918eeb237c5971e upstream. Consider a 1600x900 panel, upscaling a 1360x768 mode, full-aspect. The old math would give you: scaled_width = 1600 * 768; /* 1228800 */ scaled_height = 1360 * 900; /* 1224000 */ if (scaled_width > scaled_height) { /* pillarbox, and true */ width = 1224000 / 768; /* int(1593.75) = 1593 */ x = (1600 - 1593 + 1) / 2; /* 4 */ y = 0; height = 768; } /* ... */ This is broken. The total width of scanout would then be 1593 + 4 + 4, or 1601, which is wider than the panel itself. The hardware very dutifully implements this, and you end up with a black 45° diagonal from the top-left corner to the bottom edge of the screen. It's a cool effect and all, but not what you wanted. Similar things happen for the letterbox case. The problem is that you have an integer number of pixels, which means it's usually impossible to upscale equally on both axes. 1360/768 is 1.7708, 1600/900 is 1.7777. Since we're constrained on the one axis, the other one wants to come out as an even number of pixels (the panel is almost certainly even on both axes, and the x/y offsets will be applied on both sides). In the math above, if 'width' comes out even, rounding down is correct; if it's odd, you'd rather round up. So just increment width/height in those cases. Tested on a Lenovo T500 (Ironlake). Signed-off-by: Adam Jackson Tested-By: Daniel Manrique Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=38851 Reviewed-by: Chris Wilson Signed-off-by: Keith Packard Signed-off-by: Greg Kroah-Hartman commit ed1c13cc2ce278a002f11fe6ce480d717d1f6784 Author: Thomas Reim Date: Fri Jul 29 14:28:59 2011 +0000 drm/radeon: Log Subsystem Vendor and Device Information commit d522d9cc5bdd41214084383fc3e6d882f6916a78 upstream. Log PCI subsystem vendor and subsystem device ID in addition to PCI vendor and device ID during kernel mode initialisation. This helps to better identify radeon devices of third-party vendors, e. g. for bug analysis. Tested for kernel 2.6.35, 2.6.38 and 3.0 on Asus M2A-VM HDMI board Signed-off-by: Thomas Reim Reviewed-by: Alex Deucher Acked-by: Stephen Michaels Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 3e7ecfafba28507306979576bb71dd30cc13e2d3 Author: Thomas Reim Date: Fri Jul 29 14:29:00 2011 +0000 drm/radeon: Extended DDC Probing for ECS A740GM-M DVI-D Connector commit a81b31e9fc98e067b7e7f1244861c97e44268e2d upstream. ECS A740GM-M with ATI RADEON 2100 sends data to i2c bus for a DVI connector that is not implemented/existent on the board. Fix by applying extented DDC probing for this connector. Requires [PATCH] drm/radeon: Extended DDC Probing for Connectors with Improperly Wired DDC Lines Tested for kernel 2.6.38 on Asus ECS A740GM-M board BugLink: http://bugs.launchpad.net/bugs/810926 Signed-off-by: Thomas Reim Reviewed-by: Alex Deucher Acked-by: Stephen Michaels Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit 3567503899af0be5f8df3c5f048d453f7eb0e172 Author: Thomas Reim Date: Fri Jul 29 14:28:58 2011 +0000 drm/radeon: Extended DDC Probing for Connectors with Improperly Wired DDC Lines (here: Asus M2A-VM HDMI) commit e384fab8c6f3ca88600bcb2ebdf0eb2f90864fab upstream. Some integrated ATI Radeon chipset implementations with add-on HDMI card (e. g. Asus M2A-VM HDMI) indicate the availability of a DDC even when the add-on card is not plugged in or HDMI is disabled in BIOS setup. In this case, drm_get_edid() and drm_edid_block_valid() periodically dump data and kernel errors into system log files and onto terminals. For these connectors DDC probing is extended by a check for a correct EDID header. Only in case a valid EDID header is also found, the (HDMI or DVI) connector will be used by the Radeon driver. This prevents the kernel driver from useless flooding of logs and terminal sessions with EDID dumps and error messages. This patch adds a flag 'requires_extended_probe' to the radeon_connector structure. In function radeon_connector_needs_extended_probe() this flag can be set on a chipset family/vendor/connector type specific basis. In addition, function radeon_ddc_probe() has been adapted to perform extended DDC probing if required by the connector's flag. Requires function drm_edid_header_is_valid() in DRM module provided by [PATCH] drm: Separate EDID Header Check from EDID Block Check. Tested for kernel 2.6.35, 2.6.38 and 3.0 on Asus M2A-VM HDMI board BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=668196 BugLink: http://bugs.launchpad.net/bugs/7228066 Signed-off-by: Thomas Reim Reviewed-by: Alex Deucher Acked-by: Stephen Michaels Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit ca0acca0f0382ed27f2c64d5db4e8b82b8ff1169 Author: Thomas Reim Date: Fri Jul 29 14:28:57 2011 +0000 drm: Separate EDID Header Check from EDID Block Check commit 051963d4832ed61e5ae74f5330b0a94489e101b9 upstream. Provides function drm_edid_header_is_valid() for EDID header check and replaces EDID header check part of function drm_edid_block_valid() by a call of drm_edid_header_is_valid(). This is a prerequisite to extend DDC probing, e. g. in function radeon_ddc_probe() for Radeon devices, by a central EDID header check. Tested for kernel 2.6.35, 2.6.38 and 3.0 Signed-off-by: Thomas Reim Reviewed-by: Alex Deucher Acked-by: Stephen Michaels Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit a18696ca2b7699c1949ac3f606bd28264e48f8dd Author: Jeremy Fitzhardinge Date: Tue May 31 10:50:10 2011 -0400 xen: allow enable use of VGA console on dom0 commit c2419b4a4727f67af2fc2cd68b0d878b75e781bb upstream. Get the information about the VGA console hardware from Xen, and put it into the form the bootloader normally generates, so that the rest of the kernel can deal with VGA as usual. [ Impact: make VGA console work in dom0 ] Signed-off-by: Jeremy Fitzhardinge [v1: Rebased on 2.6.39] [v2: Removed incorrect comments and fixed compile warnings] Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Greg Kroah-Hartman commit 5b47b8038f183b44d2d8ff1c7d11a5c1be706b34 Author: Tetsuo Handa Date: Thu Aug 4 14:07:40 2011 +0000 net: Fix security_socket_sendmsg() bypass problem. commit c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a upstream. The sendmmsg() introduced by commit 228e548e "net: Add sendmmsg socket system call" is capable of sending to multiple different destination addresses. SMACK is using destination's address for checking sendmsg() permission. However, security_socket_sendmsg() is called for only once even if multiple different destination addresses are passed to sendmmsg(). Therefore, we need to call security_socket_sendmsg() for each destination address rather than only the first destination address. Since calling security_socket_sendmsg() every time when only single destination address was passed to sendmmsg() is a waste of time, omit calling security_socket_sendmsg() unless destination address of previous datagram and that of current datagram differs. Signed-off-by: Tetsuo Handa Acked-by: Anton Blanchard Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 91f620f98412f866b385b16681d5e59b7e62e343 Author: Anton Blanchard Date: Thu Aug 4 14:07:39 2011 +0000 net: Cap number of elements for sendmmsg commit 98382f419f32d2c12d021943b87dea555677144b upstream. To limit the amount of time we can spend in sendmmsg, cap the number of elements to UIO_MAXIOV (currently 1024). For error handling an application using sendmmsg needs to retry at the first unsent message, so capping is simpler and requires less application logic than returning EINVAL. Signed-off-by: Anton Blanchard Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 365f1cd4cadc46455db97d0b568ea7ad3af106be Author: Anton Blanchard Date: Thu Aug 4 14:07:38 2011 +0000 net: sendmmsg should only return an error if no messages were sent commit 728ffb86f10873aaf4abd26dde691ee40ae731fe upstream. sendmmsg uses a similar error return strategy as recvmmsg but it turns out to be a confusing way to communicate errors. The current code stores the error code away and returns it on the next sendmmsg call. This means a call with completely valid arguments could get an error from a previous call. Change things so we only return an error if no datagrams could be sent. If less than the requested number of messages were sent, the application must retry starting at the first failed one and if the problem is persistent the error will be returned. This matches the behaviour of other syscalls like read/write - it is not an error if less than the requested number of elements are sent. Signed-off-by: Anton Blanchard Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit c82ac94469ab54ca57b05fd85ce709530d44002f Author: Stanislaw Gruszka Date: Fri Jul 29 15:59:08 2011 +0200 ath9k: skip ->config_pci_powersave() if PCIe port has ASPM disabled commit d4930086bdd0c08a8b3a4d66a9c702297cb74a99 upstream. We receive many bug reports about system hang during suspend/resume when ath9k driver is in use. Adrian Chadd remarked that this problem happens on systems that have ASPM disabled. To do not hit the bug, skip doing ->config_pci_powersave magic if PCIe downstream port device, which ath9k device is connected to, has ASPM disabled. Bug was introduced by: commit 53bc7aa08b48e5cd745f986731cc7dc24eef2a9f Author: Vivek Natarajan Date: Mon Apr 5 14:48:04 2010 +0530 ath9k: Add support for newer AR9285 chipsets. Patch should address: https://bugzilla.kernel.org/show_bug.cgi?id=37462 https://bugzilla.kernel.org/show_bug.cgi?id=37082 https://bugzilla.redhat.com/show_bug.cgi?id=697157 however I did not receive confirmation about that, except from Camilo Mesias, whose system stops hang regularly with this patch (but still hangs from time to time, but this is probably some other bug). Tested-by: Camilo Mesias Signed-off-by: Stanislaw Gruszka Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit cbd1db4bb30ca684d811f4b5bf5dc099aa582445 Author: Felix Fietkau Date: Wed Jul 27 15:01:02 2011 +0200 ath9k: initialize tx chainmask before testing channel tx power values commit c1227340ca65c2069222a956a68b6842d460c4f4 upstream. With an uninitialized chainmask, the per-channel power will only contain the power limits for a single chain instead of the combined tx power. Signed-off-by: Felix Fietkau Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 965045249af402d12228f659cb12a8aead05bbe2 Author: Stanislaw Gruszka Date: Wed Jul 27 15:37:43 2011 +0200 iwlegacy: set tx power after rxon_assoc commit 17e859a899712d16c3e70b045d61ad9e02c53f8a upstream. If settings of tx power was deferred during scan or changing channel we have to setup them during commit rxon. Fix problem on 3945 (4965 already has this fix). Optimize code to apply tx settings only when tx power was actually changed. Signed-off-by: Stanislaw Gruszka Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit b7d9c861aec35bba7e809eef5b6a79fe3ff8b695 Author: Larry Finger Date: Fri Jul 29 10:53:12 2011 -0500 rtlwifi: Fix kernel oops on ARM SOC commit b6b67df3f24c45af0012ee3c8af2f62ca083ae18 upstream. This driver uses information from the self member of the pci_bus struct to get information regarding the bridge to which the PCIe device is attached. Unfortunately, this member is not established on all architectures, which leads to a kernel oops. Skipping the entire block that uses the self member to determine the bridge vendor will only affect RTL8192DE devices as that driver sets the ASPM support flag differently when the bridge vendor is Intel. If the self member is available, there is no functional change. This patch fixes Bugzilla No. 40212. Reported-by: Hubert Liao Signed-off-by: Larry Finger Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 07e1a60a732bbd4142d068302d09470d8441d1dc Author: Stanislaw Gruszka Date: Tue Aug 2 13:29:02 2011 +0200 rt2x00: fix usage of NULL queue commit 00898a47269ae5e6dda04defad00234b96692d95 upstream. We may call rt2x00queue_pause_queue(queue) with queue == NULL. Bug was introduced by commit 62fe778412b36791b7897cfa139342906fbbf07b "rt2x00: Fix stuck queue in tx failure case" . Signed-off-by: Stanislaw Gruszka Acked-by: Ivo van Doorn Acked-by: Gertjan van Wingerde Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit e10eea625f8c07e5c9ec205cf2c6854d9c536b67 Author: Stanislaw Gruszka Date: Sat Jul 30 13:32:56 2011 +0200 rt2x00: rt2800: fix zeroing skb structure commit b52398b6e4522176dd125722c72c301015d24520 upstream. We should clear skb->data not skb itself. Bug was introduced by: commit 0b8004aa12d13ec750d102ba4082a95f0107c649 "rt2x00: Properly reserve room for descriptors in skbs". Signed-off-by: Stanislaw Gruszka Acked-by: Gertjan van Wingerde Acked-by: Ivo van Doorn Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit d4cf3443f9b390ae5b076a902059db190e980186 Author: John David Anglin Date: Sat Jun 11 14:42:06 2011 -0400 fix return type of __atomic64_add_return commit 548c210fbffdb008a80fa41ff0cb3965f185583d upstream. The return type of __atomic64_add_return of should be s64 or long, not int. This fixes the atomic64 test failure that I previously reported. Signed-off-by: John David Anglin Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit ec36ea64e4b31f4eba07f75bcce0a6124923d733 Author: Carlos O'Donell Date: Fri Jul 8 17:27:00 2011 -0400 Fix futex support commit d9ba5fe76d604514444b1ea0a19f38c6196a46e3 upstream. Implements futex op support and makes futex cmpxchg atomic. Tested on 64-bit SMP kernel running on 2 x PA8700s. [jejb: checkpatch fixes] Signed-off-by: Carlos O'Donell Tested-by: John David Anglin Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit 6985fbb2fd41fa001e4926b4507798d9593f1b9f Author: James Bottomley Date: Fri Jul 29 18:37:02 2011 +0400 wire up sendmmsg syscall commit 205e9a2106b934ea39049bab28f0896c17a2cb30 upstream. Signed-off-by: James Bottomley Signed-off-by: Greg Kroah-Hartman commit 3169336d0e0e6a41049b6798404a6ec1eb3ca80d Author: Shawn Bohrer Date: Thu Jun 30 11:21:32 2011 -0500 futex: Fix regression with read only mappings commit 9ea71503a8ed9184d2d0b8ccc4d269d05f7940ae upstream. commit 7485d0d3758e8e6491a5c9468114e74dc050785d (futexes: Remove rw parameter from get_futex_key()) in 2.6.33 fixed two problems: First, It prevented a loop when encountering a ZERO_PAGE. Second, it fixed RW MAP_PRIVATE futex operations by forcing the COW to occur by unconditionally performing a write access get_user_pages_fast() to get the page. The commit also introduced a user-mode regression in that it broke futex operations on read-only memory maps. For example, this breaks workloads that have one or more reader processes doing a FUTEX_WAIT on a futex within a read only shared file mapping, and a writer processes that has a writable mapping issuing the FUTEX_WAKE. This fixes the regression for valid futex operations on RO mappings by trying a RO get_user_pages_fast() when the RW get_user_pages_fast() fails. This change makes it necessary to also check for invalid use cases, such as anonymous RO mappings (which can never change) and the ZERO_PAGE which the commit referenced above was written to address. This patch does restore the original behavior with RO MAP_PRIVATE mappings, which have inherent user-mode usage problems and don't really make sense. With this patch performing a FUTEX_WAIT within a RO MAP_PRIVATE mapping will be successfully woken provided another process updates the region of the underlying mapped file. However, the mmap() man page states that for a MAP_PRIVATE mapping: It is unspecified whether changes made to the file after the mmap() call are visible in the mapped region. So user-mode users attempting to use futex operations on RO MAP_PRIVATE mappings are depending on unspecified behavior. Additionally a RO MAP_PRIVATE mapping could fail to wake up in the following case. Thread-A: call futex(FUTEX_WAIT, memory-region-A). get_futex_key() return inode based key. sleep on the key Thread-B: call mprotect(PROT_READ|PROT_WRITE, memory-region-A) Thread-B: write memory-region-A. COW happen. This process's memory-region-A become related to new COWed private (ie PageAnon=1) page. Thread-B: call futex(FUETX_WAKE, memory-region-A). get_futex_key() return mm based key. IOW, we fail to wake up Thread-A. Once again doing something like this is just silly and users who do something like this get what they deserve. While RO MAP_PRIVATE mappings are nonsensical, checking for a private mapping requires walking the vmas and was deemed too costly to avoid a userspace hang. This Patch is based on Peter Zijlstra's initial patch with modifications to only allow RO mappings for futex operations that need VERIFY_READ access. Reported-by: David Oliver Signed-off-by: Shawn Bohrer Acked-by: Peter Zijlstra Signed-off-by: Darren Hart Cc: KOSAKI Motohiro Cc: peterz@infradead.org Cc: eric.dumazet@gmail.com Cc: zvonler@rgmadvisors.com Cc: hughd@google.com Link: http://lkml.kernel.org/r/1309450892-30676-1-git-send-email-sbohrer@rgmadvisors.com Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit 2020455efc64a6ac564e30407dc060f69b300493 Author: WANG Cong Date: Wed Aug 3 16:21:15 2011 -0700 cris: add missing declaration of kgdb_init() and breakpoint() commit 1646ec9db75e151b0479dbfaf972f741d0476ec7 upstream. Fix: arch/cris/arch-v10/kernel/irq.c:239: error: implicit declaration of function 'kgdb_init' arch/cris/arch-v10/kernel/irq.c:240: error: implicit declaration of function 'breakpoint' Declare these two functions. Reported-by: Geert Uytterhoeven Signed-off-by: WANG Cong Cc: Mikael Starvik Cc: Jesper Nilsson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 8ab2e3a2ae06bdd02b2a7269ef6ed896540a6170 Author: WANG Cong Date: Wed Aug 3 16:21:14 2011 -0700 cris: fix the prototype of sync_serial_ioctl() commit b4bc281266e84e9a432b588ebdcef5fb94dc8ecb upstream. Fix: arch/cris/arch-v10/drivers/sync_serial.c:961: error: conflicting types for 'sync_serial_ioctl' Reported-by: Geert Uytterhoeven Signed-off-by: WANG Cong Cc: Mikael Starvik Cc: Jesper Nilsson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit a2708fa28f668db0b9103fc051b9c464695840a8 Author: WANG Cong Date: Wed Aug 3 16:21:14 2011 -0700 cris: fix a build error in sync_serial_open() commit 4b851d88192c22cf77418a0b4c45b5c789276837 upstream. Fix: arch/cris/arch-v10/drivers/sync_serial.c:628: error: 'ret' undeclared (first use in this function) 'ret' should be 'err'. Reported-by: Geert Uytterhoeven Signed-off-by: WANG Cong Cc: Mikael Starvik Cc: Jesper Nilsson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit f5508a09533496f60e96b09c6cf318999051cf79 Author: WANG Cong Date: Wed Aug 3 16:21:12 2011 -0700 cris: fix a build error in kernel/fork.c commit d4969213f9e75ec1bfa6ea65c279c64cab7d1bd6 upstream. Fix this error: kernel/fork.c:267: error: implicit declaration of function 'alloc_thread_info_node' This is due to renaming alloc_thread_info() to alloc_thread_info_node(). [akpm@linux-foundation.org: coding-style fixes] Reported-by: Geert Uytterhoeven Signed-off-by: WANG Cong Cc: Mikael Starvik Cc: Jesper Nilsson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman