aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-10-06[Bluetooth] Fix double frees on error paths of btusb and bpa10x driversMarcel Holtmann
The transfer buffer of an URB will be automatically freed when using the URB_FREE_BUFFER transfer_flag. So the extra calls to kfree() will cause a double free. Reported-by: Justin Mattock <justinmattock@gmail.com> Signed-off-by: Rabin Vincent <rabin@rab.in> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-10-06[MIPS] IP27: Fix build errors if CONFIG_MAPPED_KERNEL=yRalf Baechle
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2008-10-06[MIPS] Fix CMP Kconfig configuration and mark as broken.Ralf Baechle
Because sync-r4k.c doesn't build. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2008-10-05ide: workaround for bogus gcc warning in ide_sysfs_register_port()Bartlomiej Zolnierkiewicz
Reported-by: "Steven Noonan" <steven@uplinklabs.net> Suggested-by: "Elias Oltmanns" <eo@nebensachen.de> Cc: mingo@elte.hu Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-10-05ide-cd: Optiarc DVD RW AD-7200A does play audioBodo Eggert
The Optiarc DVD RW AD-7200A can play audio, but tells it could not. Signed-off-by: Bodo Eggert <7eggert@gmx.de> Tested-by: Nick Warne <nick@ukfsn.org> Received-from: Borislav Petkov <petkovbb@googlemail.com> [bart: keep "audio" quirks together] Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-10-05IDE: Fix platform device registration in Swarm IDE driver (v2)Ralf Baechle
The Swarm IDE driver uses a release method which is defined in the driver itself thus potentially oopsable. The simple fix would be to just leak the device but this patch goes the full length and moves the entire handling of the platform device in the platform code and retains only the platform driver code in drivers/ide/mips/swarm.c. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Cc: "Maciej W. Rozycki" <macro@linux-mips.org> Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> [bart: remove no longer needed BLK_DEV_IDE_SWARM from ide/Kconfig] Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-10-05ide-dma: fix ide_build_dmatable() for TRM290Sergei Shtylylov
Apparently, 'xcount' being 0 does not mean 0 bytes for TRM290; it means 4 bytes, judging from the code immediately preceding this check. So, we must never try to "split" the PRD for TRM290. This is probably never hit anyway -- with the DMA buffers aligned to at least 512 bytes and ATAPI DMA not being used for non block I/O commands... Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-10-05ide-cd: temporary tray close fixBorislav Petkov
This one fixes http://bugzilla.kernel.org/show_bug.cgi?id=11602. A more generic fix for drives which cannot autoclose tray will follow. Signed-off-by: Borislav Petkov <petkovbb@gmail.com> Cc: Jens Axboe <jens.axboe@oracle.com> [bart: add an extra parentheses for consistency with the rest of kernel code] Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-10-05x86: gart iommu have direct mapping when agp is present tooYinghai Lu
move init_memory_mapping() out of init_k8_gatt. for: http://bugzilla.kernel.org/show_bug.cgi?id=11676 2.6.27-rc2 to rc8, apgart fails, iommu=soft works, regression This is needed because we need to map the GART aperture even if the GATT is not initialized. Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-10-04V4L/DVB (9103): em28xx: HVR-900 B3C0 - fix audio clicking issueWiktor Grebla
Fixed audio clicking problem which could be heard when using analog tv or composite input Signed-off-by: Wiktor Grebla <greblus@gmail.com> Signed-off-by: Douglas Schilling Landgraf <dougsland@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9099): em28xx: Add detection for K-WORLD DVB-T 310UDarron Broad
Correct firmware type to MTS Correct audio routing for composite/s-video Add DVB-T detection. This patch uses the eeprom hash method for detection as the vendor/product ids are also used for the DIGIVOX_AD. This may be a clone of the same product. Explanatory text has been added prior to the hask look-up in anticipation that it may help others. The following has been tested to work: Analogue TV (PAL-I) Composite In DVB-T (UK Crystal Palace) USB AUDIO The following has not been tested but probably works: S-Video In Signed-off-by: Darron Broad <darron@kewl.org> Signed-off-by: Douglas Schilling Landgraf <dougsland@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9092): gspca: Bad init values for sonixj ov7660.Jean-Francois Moine
Signed-off-by: Jean-Francois Moine <moinejf@free.fr> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9080): gspca: Add a delay after writing to the sonixj sensors.Jean-Francois Moine
Signed-off-by: Jean-Francois Moine <moinejf@free.fr> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9075): gspca: Bad check of returned status in i2c_read() spca561.Shane
This makes auto gain functional on 04fc:0561. Signed-off-by: Shane <gnome42@gmail.com> Signed-off-by: Jean-Francois Moine <moinejf@free.fr> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9053): fix buffer overflow in uvc-videoRalph Loader
There is a buffer overflow in drivers/media/video/uvc/uvc_ctrl.c: INFO: 0xf2c5ce08-0xf2c5ce0b. First byte 0xa1 instead of 0xcc INFO: Allocated in uvc_query_v4l2_ctrl+0x3c/0x239 [uvcvideo] age=13 cpu=1 pid=4975 ... A fixed size 8-byte buffer is allocated, and a variable size field is read into it; there is no particular bound on the size of the field (it is dependent on hardware and configuration) and it can overflow [also verified by inserting printk's.] The patch attempts to size the buffer to the correctly. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Laurent Pinchart <laurent.pinchart@skynet.be> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9043): S5H1420: Fix size of shadow-array to avoid overflowPatrick Boettcher
The array size of 'shadow' still needs to be fixed in order to not overflow when reading register 0x00. Thanks to Oliver Endriss for pointing that out. Signed-off-by: Patrick Boettcher <pb@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9037): Fix support for Hauppauge Nova-S SEPatrick Boettcher
Different backends have different input busses (saa7146, flexcop). To reflect that a config-option to the s5h1420-driver was added which makes the output mode selectable. Furthermore the s5h1420-driver is now doing the same i2c-method as it was done before adding support for other i2c-users. This patch needs to go into the current release of the kernel, as this driver is currently broken. (Thanks to Eberhard Kaltenhaeuser for helping out to debug this issue.) Signed-off-by: Patrick Boettcher <pb@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (9029): Fix deadlock in demux codeAndreas Oberritter
The functions dvb_dmxdev_section_callback, dvb_dmxdev_ts_callback, dvb_dmx_swfilter_packet, dvb_dmx_swfilter_packets, dvb_dmx_swfilter and dvb_dmx_swfilter_204 may be called from both interrupt and process context. Therefore they need to be protected by spin_lock_irqsave() instead of spin_lock(). This fixes a deadlock discovered by lockdep. Signed-off-by: Andreas Oberritter <obi@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8979): sms1xxx: Add new USB product ID for Hauppauge WinTV MiniStickMichael Krufky
2040:5510 is the same hardware as 2040:5500 Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8978): sms1xxx: fix product name for Hauppauge WinTV MiniStickMichael Krufky
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8967): Use correct XC3028L firmware for AMD ATI TV Wonder 600Devin Heitmueller
The AMD ATI TV Wonder 600 has an XC3028L and *not* an XC3028, so we need to load the proper firmware to prevent the device from overheating. Signed-off-by: Devin Heitmueller <devin.heitmueller@gmail.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8963): s2255drv field count fixDean Anderson
Fixes videobuf field_count Signed-off-by: Dean Anderson <dean@sensoray.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8961): zr36067: Fix RGBR pixel formatJean Delvare
The zr36067 driver is improperly declaring pixel format RGBP twice, once as "16-bit RGB LE" and once as "16-bit RGB BE". The latter is actually RGBR. Fix the code to properly map both pixel formats. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Trent Piepho <xyzzy@speakeasy.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8960): drivers/media/video/cafe_ccic.c needs mm.hAndrew Morton
sparc32 allmodconfig: drivers/media/video/cafe_ccic.c: In function 'cafe_setup_siobuf': drivers/media/video/cafe_ccic.c:1192: error: implicit declaration of function 'PAGE_ALIGN' drivers/media/video/cafe_ccic.c: At top level: drivers/media/video/cafe_ccic.c:1430: error: variable 'cafe_v4l_vm_ops' has initializer but incomplete type drivers/media/video/cafe_ccic.c:1431: error: unknown field 'open' specified in initializer drivers/media/video/cafe_ccic.c:1431: warning: excess elements in struct initializer drivers/media/video/cafe_ccic.c:1431: warning: (near initialization for 'cafe_v4l_vm_ops') drivers/media/video/cafe_ccic.c:1432: error: unknown field 'close' specified in initializer drivers/media/video/cafe_ccic.c:1433: warning: excess elements in struct initializer drivers/media/video/cafe_ccic.c:1433: warning: (near initialization for 'cafe_v4l_vm_ops') drivers/media/video/cafe_ccic.c: In function 'cafe_v4l_mmap': drivers/media/video/cafe_ccic.c:1444: error: 'VM_WRITE' undeclared (first use in this function) drivers/media/video/cafe_ccic.c:1444: error: (Each undeclared identifier is reported only once drivers/media/video/cafe_ccic.c:1444: error: for each function it appears in.) drivers/media/video/cafe_ccic.c:1444: error: 'VM_SHARED' undeclared (first use in this function) drivers/media/video/cafe_ccic.c:1461: error: 'VM_DONTEXPAND' undeclared (first use in this function) This build breakage is caused by some header file shuffle in linux-next. But I suggest that this patch be merged ahead of linux-next to avoid bisection breakage. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8958): zr36067: Return proper bytes-per-line valueJean Delvare
The zr36067 driver should return the actual bytes-per-line value when queried with ioctl VIDIOC_G_FMT, instead of 0. Otherwise user-space applications can get confused. Likewise, with ioctl VIDIOC_S_FMT, we are supposed to fill the bytes-per-line value. And we shouldn't fail if the caller sets the initial value to something different from 0. This is perfectly valid for applications to pre-fill this field with the value they expect. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8957): zr36067: Restore the default pixel formatJean Delvare
Restore the default pixel format to YUYV as it used to be before kernel 2.6.23. It was accidentally changed to BGR3 by commit 603d6f2c8f9f3604f9c6c1f8903efc2df30a000f. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8955): bttv: Prevent NULL pointer dereference in radio_openJean Delvare
Fix the following crash in the bttv driver: BUG: unable to handle kernel NULL pointer dereference at 000000000000036c IP: [<ffffffffa037860a>] radio_open+0x3a/0x170 [bttv] This happens because radio_open assumes that all present bttv devices have a radio function. If a bttv device without radio and one with radio are installed on the same system, and the one without radio is registered first, then radio_open checks for the radio device number of a bttv device that has no radio function, and this breaks. All we have to do to fix it is to skip bttv devices without a radio function. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8935): em28xx-cards: Remove duplicate entry ↵Douglas Schilling Landgraf
(EM2800_BOARD_KWORLD_USB2800) Removed duplicated entry for EM2800_BOARD_KWORLD_USB2800 Signed-off-by: Douglas Schilling Landgraf <dougsland@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8933): gspca: Disable light frquency for zc3xx cs2102 Kokom.Costantino Leandro
CS2102K stop streaming on setlightfreq (50Hz & 60Hz). Disable it for now until a correct solution is found. Signed-off-by: Costantino Leandro <le_costantino@pixartargentina.com.ar> Signed-off-by: Jean-Francois Moine <moinejf@free.fr> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8926): gspca: Bad fix of leak memory (changeset 43d2ead315b1).Jean-Francois Moine
Signed-off-by: Jean-Francois Moine <moinejf@free.fr> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04V4L/DVB (8919): cx18: Fix tuner audio input for Compro H900 cardsHans Verkuil
Earlier fixes to get the tuner audio working correctly broke the audio on the Compro VideoMate H900 cards. This is now fixed. Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2008-10-04Merge branch 'timers-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: clockevents: check broadcast tick device not the clock events device
2008-10-04Merge branch 'x86-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86 setup: correct segfault in generation of 32-bit reloc kernel
2008-10-04clockevents: check broadcast tick device not the clock events deviceThomas Gleixner
Impact: jiffies increment too fast. Hugh Dickins noted that with NOHZ=n and HIGHRES=n jiffies get incremented too fast. The reason is a wrong check in the broadcast enter/exit code, which keeps the local apic timer in periodic mode when the switch happens. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-10-03Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: selinux: Fix an uninitialized variable BUG/panic in selinux_secattr_to_sid()
2008-10-03ACPI: Make /proc/acpi/wakeup interface handle PCI devices (again)Rafael J. Wysocki
Make the ACPI /proc/acpi/wakeup interface set the appropriate wake-up bits of physical devices corresponding to the ACPI devices and make those bits be set initially for devices that are enabled to wake up by default. This is needed to restore the 2.6.26 and earlier behavior for the PCI devices that were previously handled correctly with the help of the /proc/acpi/wakeup interface. Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Len Brown <lenb@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03leds-pca955x: add proper error handling and fix bogus memory handlingSven Wegener
Check the return value of led_classdev_register and unregister all registered devices, if registering one device fails. Also the dynamic memory handling is totally bogus. You can't allocate multiple chunks via kzalloc() and expect them to be in order later. I wonder how this ever worked. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Nate Case <ncase@xes-inc.com> Tested-by: Nate Case <ncase@xes-inc.com> Acked-by: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03leds-fsg: change order of initialization and deinitializationSven Wegener
On initialization, we first do the ioremap and then register the led devices. On deinitialization, we do it in reverse order. This prevents someone calling into the brightness_set functions with an invalid latch_address. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Rod Whitby <rod@whitby.id.au> Acked-by: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03dw_dmac: fix copy/paste bug in taskletHaavard Skinnemoen
The tasklet checks RAW.BLOCK twice, and does not check RAW.XFER. This is obviously wrong, and could theoretically cause the driver to hang. Reported-by: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: Haavard Skinnemoen <haavard.skinnemoen@atmel.com> Acked-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03Documentation/HOWTO: info about interface changes should CC linux-api@vgerMichael Kerrisk
The "Documentation" section of this file mentions that when an interface change is made, I should be CCed with info about the change (so that man-pages can document it). Additionally request that this info be CCed to the new linux-api@vger.kernel.org list. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03SubmitChecklist: interfaces changes should CC linux-api@Michael Kerrisk
Mention that patches that change the kernel-userland interface should be CCed to the new list linux-api@vger.kernel.org. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03MAINTAINERS: add mailing list for man-pagesMichael Kerrisk
Nowadays, man-pages has an associated mailing list. Mention that list in MAINTAINERS. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03cpusets: remove pj from cpuset maintainersPaul Jackson
Remove myself from the kernel MAINTAINERS file for cpusets. I am leaving SGI and probably will not be active in Linux kernel work. I can be reached at <pj@usa.net>. Contact Derek Fults <dfults@sgi.com> for future SGI+cpuset related issues. I'm off to the next chapter of this good life. Signed-off-by: Paul Jackson <pj@sgi.com> Cc: Paul Menage <menage@google.com> Cc: Derek Fults <dfults@sgi.com> Cc: John Hesterberg <jh@sgi.com> Cc: Paul Jackson <pj@usa.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03include/linux/stacktrace.h: declare struct task_structAndrew Morton
include/linux/stacktrace.h:13: warning: 'struct task_struct' declared inside parameter list (This might be a hard error on sparc64, which uses this header and has -Werror) Reported-by: "Randy.Dunlap" <rdunlap@xenotime.net> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03orion_spi: fix handling of default transfer speedLennert Buytenhek
Accept zero (the default!) as a per-transfer clock speed override. Signed-off-by: Lennert Buytenhek <buytenh@marvell.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03fbdev: fix recursive notifier and locking when fbdev console is blankedKrzysztof Helt
Fix infinite recursive notifier in the fbdev layer. This causes recursive locking. Dmitry Baryshkov found the problem and confirmed that the patch fixes the bug. After doing # echo 1 > /sys/class/graphics/fb0/blank I got the following in my kernel log: ============================================= [ INFO: possible recursive locking detected ] 2.6.27-rc6-00086-gda63874-dirty #97 --------------------------------------------- echo/1564 is trying to acquire lock: ((fb_notifier_list).rwsem){..--}, at: [<c005a384>] __blocking_notifier_call_chain+0x38/0x6c but task is already holding lock: ((fb_notifier_list).rwsem){..--}, at: [<c005a384>] __blocking_notifier_call_chain+0x38/0x6c other info that might help us debug this: 2 locks held by echo/1564: #0: (&buffer->mutex){--..}, at: [<c00ddde0>] sysfs_write_file+0x30/0x80 #1: ((fb_notifier_list).rwsem){..--}, at: [<c005a384>] __blocking_notifier_call_chain+0x38/0x6c stack backtrace: [<c0029fe4>] (dump_stack+0x0/0x14) from [<c0060ce0>] (print_deadlock_bug+0xa4/0xd0) [<c0060c3c>] (print_deadlock_bug+0x0/0xd0) from [<c0060e54>] (check_deadlock+0x148/0x17c) r6:c397a1e0 r5:c397a530 r4:c04fcf98 [<c0060d0c>] (check_deadlock+0x0/0x17c) from [<c00637e8>] (validate_chain+0x3c4/0x4f0) [<c0063424>] (validate_chain+0x0/0x4f0) from [<c0063efc>] (__lock_acquire+0x5e8/0x6b4) [<c0063914>] (__lock_acquire+0x0/0x6b4) from [<c006402c>] (lock_acquire+0x64/0x78) [<c0063fc8>] (lock_acquire+0x0/0x78) from [<c0316ca8>] (down_read+0x4c/0x60) r7:00000009 r6:ffffffff r5:c0427a40 r4:c005a384 [<c0316c5c>] (down_read+0x0/0x60) from [<c005a384>] (__blocking_notifier_call_chain+0x38/0x6c) r5:c0427a40 r4:c0427a74 [<c005a34c>] (__blocking_notifier_call_chain+0x0/0x6c) from [<c005a3d8>] (blocking_notifier_call_chain+0x20/0x28) r8:00000009 r7:c086d640 r6:c3967940 r5:00000000 r4:c38984b8 [<c005a3b8>] (blocking_notifier_call_chain+0x0/0x28) from [<c014baa0>] (fb_notifier_call_chain+0x1c/0x24) [<c014ba84>] (fb_notifier_call_chain+0x0/0x24) from [<c014c18c>] (fb_blank+0x64/0x70) [<c014c128>] (fb_blank+0x0/0x70) from [<c0155978>] (fbcon_blank+0x114/0x1bc) r5:00000001 r4:c38984b8 [<c0155864>] (fbcon_blank+0x0/0x1bc) from [<c0170ea8>] (do_blank_screen+0x1e0/0x2a0) [<c0170cc8>] (do_blank_screen+0x0/0x2a0) from [<c0154024>] (fbcon_fb_blanked+0x74/0x94) r5:c3967940 r4:00000001 [<c0153fb0>] (fbcon_fb_blanked+0x0/0x94) from [<c0154228>] (fbcon_event_notify+0x100/0x12c) r5:fffffffe r4:c39bc194 [<c0154128>] (fbcon_event_notify+0x0/0x12c) from [<c005a0d4>] (notifier_call_chain+0x38/0x7c) [<c005a09c>] (notifier_call_chain+0x0/0x7c) from [<c005a3a0>] (__blocking_notifier_call_chain+0x54/0x6c) r8:c3b51ea0 r7:00000009 r6:ffffffff r5:c0427a40 r4:c0427a74 [<c005a34c>] (__blocking_notifier_call_chain+0x0/0x6c) from [<c005a3d8>] (blocking_notifier_call_chain+0x20/0x28) r8:00000001 r7:c3a7e000 r6:00000000 r5:00000000 r4:c38984b8 [<c005a3b8>] (blocking_notifier_call_chain+0x0/0x28) from [<c014baa0>] (fb_notifier_call_chain+0x1c/0x24) [<c014ba84>] (fb_notifier_call_chain+0x0/0x24) from [<c014c18c>] (fb_blank+0x64/0x70) [<c014c128>] (fb_blank+0x0/0x70) from [<c014e450>] (store_blank+0x54/0x7c) r5:c38984b8 r4:c3b51ec4 [<c014e3fc>] (store_blank+0x0/0x7c) from [<c017981c>] (dev_attr_store+0x28/0x2c) r8:00000001 r7:c042bf80 r6:c39eba10 r5:c3967c30 r4:c38e0140 [<c01797f4>] (dev_attr_store+0x0/0x2c) from [<c00ddaac>] (flush_write_buffer+0x54/0x68) [<c00dda58>] (flush_write_buffer+0x0/0x68) from [<c00dde08>] (sysfs_write_file+0x58/0x80) r8:c3b51f78 r7:c3bcb070 r6:c39eba10 r5:00000001 r4:00000001 [<c00dddb0>] (sysfs_write_file+0x0/0x80) from [<c009de04>] (vfs_write+0xb8/0x148) [<c009dd4c>] (vfs_write+0x0/0x148) from [<c009e384>] (sys_write+0x44/0x70) r7:00000004 r6:c3bcb070 r5:00000000 r4:00000000 [<c009e340>] (sys_write+0x0/0x70) from [<c0025d00>] (ret_fast_syscall+0x0/0x2c) r6:4001b000 r5:00000001 r4:401dc658 Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl> Reported-by: Dmitry Baryshkov <dbaryshkov@gmail.com> Testted-by: Dmitry Baryshkov <dbaryshkov@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-03rtc: fix kernel panic on second use of SIGIO nofiticationMarcin Slusarz
When userspace uses SIGIO notification and forgets to disable it before closing file descriptor, rtc->async_queue contains stale pointer to struct file. When user space enables again SIGIO notification in different process, kernel dereferences this (poisoned) pointer and crashes. So disable SIGIO notification on close. Kernel panic: (second run of qemu (requires echo 1024 > /sys/class/rtc/rtc0/max_user_freq)) general protection fault: 0000 [1] PREEMPT CPU 0 Modules linked in: af_packet snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq usbhid tuner tea5767 tda8290 tuner_xc2028 xc5000 tda9887 tuner_simple tuner_types mt20xx tea5761 tda9875 uhci_hcd ehci_hcd usbcore bttv snd_via82xx snd_ac97_codec ac97_bus snd_pcm snd_timer ir_common compat_ioctl32 snd_page_alloc videodev v4l1_compat snd_mpu401_uart snd_rawmidi v4l2_common videobuf_dma_sg videobuf_core snd_seq_device snd btcx_risc soundcore tveeprom i2c_viapro Pid: 5781, comm: qemu-system-x86 Not tainted 2.6.27-rc6 #363 RIP: 0010:[<ffffffff8024f891>] [<ffffffff8024f891>] __lock_acquire+0x3db/0x73f RSP: 0000:ffffffff80674cb8 EFLAGS: 00010002 RAX: ffff8800224c62f0 RBX: 0000000000000046 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800224c62f0 RBP: ffffffff80674d08 R08: 0000000000000002 R09: 0000000000000001 R10: ffffffff80238941 R11: 0000000000000001 R12: 0000000000000000 R13: 6b6b6b6b6b6b6b6b R14: ffff88003a450080 R15: 0000000000000000 FS: 00007f98b69516f0(0000) GS:ffffffff80623200(0000) knlGS:00000000f7cc86d0 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000a87000 CR3: 0000000022598000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process qemu-system-x86 (pid: 5781, threadinfo ffff880028812000, task ffff88003a450080) Stack: ffffffff80674cf8 0000000180238440 0000000200000002 0000000000000000 ffff8800224c62f0 0000000000000046 0000000000000000 0000000000000002 0000000000000002 0000000000000000 ffffffff80674d68 ffffffff8024fc7a Call Trace: <IRQ> [<ffffffff8024fc7a>] lock_acquire+0x85/0xa9 [<ffffffff8029cb62>] ? send_sigio+0x2a/0x184 [<ffffffff80491d1f>] _read_lock+0x3e/0x4a [<ffffffff8029cb62>] ? send_sigio+0x2a/0x184 [<ffffffff8029cb62>] send_sigio+0x2a/0x184 [<ffffffff8024fb97>] ? __lock_acquire+0x6e1/0x73f [<ffffffff8029cd4d>] ? kill_fasync+0x2c/0x4e [<ffffffff8029cd10>] __kill_fasync+0x54/0x65 [<ffffffff8029cd5b>] kill_fasync+0x3a/0x4e [<ffffffff80402896>] rtc_update_irq+0x9c/0xa5 [<ffffffff80404640>] cmos_interrupt+0xae/0xc0 [<ffffffff8025d1c1>] handle_IRQ_event+0x25/0x5a [<ffffffff8025e5e4>] handle_edge_irq+0xdd/0x123 [<ffffffff8020da34>] do_IRQ+0xe4/0x144 [<ffffffff8020bad6>] ret_from_intr+0x0/0xf <EOI> [<ffffffff8026fdc2>] ? __alloc_pages_internal+0xe7/0x3ad [<ffffffff8033fe67>] ? clear_page_c+0x7/0x10 [<ffffffff8026fc10>] ? get_page_from_freelist+0x385/0x450 [<ffffffff8026fdc2>] ? __alloc_pages_internal+0xe7/0x3ad [<ffffffff80280aac>] ? anon_vma_prepare+0x2e/0xf6 [<ffffffff80279400>] ? handle_mm_fault+0x227/0x6a5 [<ffffffff80494716>] ? do_page_fault+0x494/0x83f [<ffffffff8049251d>] ? error_exit+0x0/0xa9 Code: cc 41 39 45 28 74 24 e8 5e 1d 0f 00 85 c0 0f 84 6a 03 00 00 83 3d 8f a9 aa 00 00 be 47 03 00 00 0f 84 6a 02 00 00 e9 53 03 00 00 <41> ff 85 38 01 00 00 45 8b be 90 06 00 00 41 83 ff 2f 76 24 e8 RIP [<ffffffff8024f891>] __lock_acquire+0x3db/0x73f RSP <ffffffff80674cb8> ---[ end trace 431877d860448760 ]--- Kernel panic - not syncing: Aiee, killing interrupt handler! Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Alessandro Zummo <alessandro.zummo@towertech.it> Acked-by: David Brownell <dbrownell@users.sourceforge.net> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-04selinux: Fix an uninitialized variable BUG/panic in selinux_secattr_to_sid()Paul Moore
At some point during the 2.6.27 development cycle two new fields were added to the SELinux context structure, a string pointer and a length field. The code in selinux_secattr_to_sid() was not modified and as a result these two fields were left uninitialized which could result in erratic behavior, including kernel panics, when NetLabel is used. This patch fixes the problem by fully initializing the context in selinux_secattr_to_sid() before use and reducing the level of direct context manipulation done to help prevent future problems. Please apply this to the 2.6.27-rcX release stream. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
2008-10-03Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] SMTC: Fix SMTC dyntick support. [MIPS] SMTC: Close tiny holes in the SMTC IPI replay system. [MIPS] SMTC: Fix holes in SMTC and FPU affinity support. [MIPS] SMTC: Build fix: Fix filename in Makefile [MIPS] Build fix: Fix irq flags type
2008-10-03Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: [S390] qdio: prevent stack clobber [S390] nohz: Fix __udelay.