commit 52c6b95f8a2edaff98b779f15b2f4d69b61b18b9 Author: Ben Hutchings Date: Sun May 20 22:56:54 2012 +0100 Linux 3.2.18 commit ef6bdf34a4d247f48a9c103375fd2927d7df91e7 Author: Eric Dumazet Date: Thu May 17 23:52:26 2012 +0000 pktgen: fix module unload for good commit d4b1133558e0d417342d5d2c49e4c35b428ff20d upstream. commit c57b5468406 (pktgen: fix crash at module unload) did a very poor job with list primitives. 1) list_splice() arguments were in the wrong order 2) list_splice(list, head) has undefined behavior if head is not initialized. 3) We should use the list_splice_init() variant to clear pktgen_threads list. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 03f3b8447061afb212e374e274b0b799c0776e3f Author: Eric Dumazet Date: Wed May 9 13:29:51 2012 +0000 pktgen: fix crash at module unload commit c57b54684060c8aced64a5b78ff69ff289af97b9 upstream. commit 7d3d43dab4e9 (net: In unregister_netdevice_notifier unregister the netdevices.) makes pktgen crashing at module unload. [ 296.820578] BUG: spinlock bad magic on CPU#6, rmmod/3267 [ 296.820719] lock: ffff880310c38000, .magic: ffff8803, .owner: /-1, .owner_cpu: -1 [ 296.820943] Pid: 3267, comm: rmmod Not tainted 3.4.0-rc5+ #254 [ 296.821079] Call Trace: [ 296.821211] [] spin_dump+0x8a/0x8f [ 296.821345] [] spin_bug+0x21/0x26 [ 296.821507] [] do_raw_spin_lock+0x131/0x140 [ 296.821648] [] _raw_spin_lock+0x1e/0x20 [ 296.821786] [] __pktgen_NN_threads+0x4d/0x140 [pktgen] [ 296.821928] [] pktgen_device_event+0x10d/0x1e0 [pktgen] [ 296.822073] [] unregister_netdevice_notifier+0x7f/0x100 [ 296.822216] [] pg_cleanup+0x48/0x73 [pktgen] [ 296.822357] [] sys_delete_module+0x17e/0x2a0 [ 296.822502] [] system_call_fastpath+0x16/0x1b Hold the pktgen_thread_lock while splicing pktgen_threads, and test pktgen_exiting in pktgen_device_event() to make unload faster. Signed-off-by: Eric Dumazet Cc: Eric W. Biederman Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 7338d50a12ca0b3af8460896c6aa554a33a731b8 Author: Stefan Roese Date: Tue Jan 10 01:47:40 2012 +0000 stmmac: Fix compilation error in mmc_core.c commit 1dd8117e3320fb42ec40ef2ace982871572d34ed upstream. Fix this error: CC drivers/net/ethernet/stmicro/stmmac/mmc_core.o drivers/net/ethernet/stmicro/stmmac/mmc_core.c: In function 'dwmac_mmc_ctrl': drivers/net/ethernet/stmicro/stmmac/mmc_core.c:143:2: error: implicit declaration of function 'pr_debug' [-Werror=implicit-function-declaration] Signed-off-by: Stefan Roese Cc: Giuseppe Cavallaro Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 70b1cd23192a9204f5c540c884c4a0c006f38c19 Author: Artem Bityutskiy Date: Fri Dec 30 18:28:01 2011 +0200 mtd: map.h: fix arm cross-build failure commit 4a42243886b87cd28a39b192161767c2af851a55 upstream. This patch fixes the following build failure: In file included from include/linux/mtd/qinfo.h:4:0, from include/linux/mtd/pfow.h:7, from drivers/mtd/lpddr/lpddr_cmds.c:27: include/linux/mtd/map.h: In function 'inline_map_read': include/linux/mtd/map.h:409:3: error: implicit declaration of function 'BUILD_BUG_ON' [-Werror=implicit-function-declaration] Signed-off-by: Artem Bityutskiy Signed-off-by: David Woodhouse Signed-off-by: Ben Hutchings commit 3a58107e4ed76e3a314002233a600234e0785aa1 Author: Tushar Dave Date: Thu May 17 01:04:50 2012 +0000 e1000: Prevent reset task killing itself. commit 8ce6909f77ba1b7bcdea65cc2388fd1742b6d669 upstream. Killing reset task while adapter is resetting causes deadlock. Only kill reset task if adapter is not resetting. Ref bug #43132 on bugzilla.kernel.org Signed-off-by: Tushar Dave Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit aa3edb47d5f969b63b42c5757c663b765d8a5d86 Author: Willy Tarreau Date: Thu May 17 11:14:14 2012 +0000 tcp: do_tcp_sendpages() must try to push data out on oom conditions commit bad115cfe5b509043b684d3a007ab54b80090aa1 upstream. Since recent changes on TCP splicing (starting with commits 2f533844 "tcp: allow splice() to build full TSO packets" and 35f9c09f "tcp: tcp_sendpages() should call tcp_push() once"), I started seeing massive stalls when forwarding traffic between two sockets using splice() when pipe buffers were larger than socket buffers. Latest changes (net: netdev_alloc_skb() use build_skb()) made the problem even more apparent. The reason seems to be that if do_tcp_sendpages() fails on out of memory condition without being able to send at least one byte, tcp_push() is not called and the buffers cannot be flushed. After applying the attached patch, I cannot reproduce the stalls at all and the data rate it perfectly stable and steady under any condition which previously caused the problem to be permanent. The issue seems to have been there since before the kernel migrated to git, which makes me think that the stalls I occasionally experienced with tux during stress-tests years ago were probably related to the same issue. This issue was first encountered on 3.0.31 and 3.2.17, so please backport to -stable. Signed-off-by: Willy Tarreau Acked-by: Eric Dumazet Signed-off-by: Ben Hutchings commit dc73d6c2c18e06f2b89401a12ad0a8976462901a Author: Nicholas Bellinger Date: Wed May 16 16:05:26 2012 -0700 target: Fix bug in handling of FILEIO + block_device resize ops commit cd9323fd68aee3c1c6b5b21e5746c9d1b586fb58 upstream. This patch fixes a bug in the handling of FILEIO w/ underlying block_device resize operations where the original fd_dev->fd_dev_size was incorrectly being used in fd_get_blocks() for READ_CAPACITY response payloads. This patch avoids using fd_dev->fd_dev_size for FILEIO devices with an underlying block_device, and instead changes fd_get_blocks() to get the sector count directly from i_size_read() as recommended by hch. Reported-by: Christoph Hellwig Signed-off-by: Nicholas Bellinger Signed-off-by: Ben Hutchings commit ad87af4331c0b242788fbf668eefe2e311f2cd7f Author: Jonathan Brassow Date: Wed May 16 04:06:14 2012 -0500 MD: Add del_timer_sync to mddev_suspend (fix nasty panic) commit 0d9f4f135eb6dea06bdcb7065b1e4ff78274a5e9 upstream. Use del_timer_sync to remove timer before mddev_suspend finishes. We don't want a timer going off after an mddev_suspend is called. This is especially true with device-mapper, since it can call the destructor function immediately following a suspend. This results in the removal (kfree) of the structures upon which the timer depends - resulting in a very ugly panic. Therefore, we add a del_timer_sync to mddev_suspend to prevent this. Signed-off-by: NeilBrown Signed-off-by: Ben Hutchings commit e3b9dca169250b65f4dbe2460bcf7efe7098f1b7 Author: Chris Metcalf Date: Wed May 16 14:54:20 2012 -0400 arch/tile: apply commit 74fca9da0 to the compat signal handling as well commit a134d228298c6aa9007205c6b81cae0cac0acb5d upstream. This passes siginfo and mcontext to tilegx32 signal handlers that don't have SA_SIGINFO set just as we have been doing for tilegx64. Signed-off-by: Chris Metcalf Signed-off-by: Ben Hutchings commit 6d4e481b77c311118d1cab9356e781ba56047f16 Author: Russell King Date: Wed May 16 15:19:20 2012 +0100 ARM: prevent VM_GROWSDOWN mmaps extending below FIRST_USER_ADDRESS commit 9b61a4d1b2064dbd0c9e61754305ac852170509f upstream. Reported-by: Al Viro Signed-off-by: Russell King Signed-off-by: Ben Hutchings commit b31a26af02788341aa8b9b1490ca30fb0bc47389 Author: Dan Williams Date: Mon May 7 04:24:51 2012 +0000 cdc_ether: add Novatel USB551L device IDs for FLAG_WWAN commit 4e6304b8420aba5311ba21fd68dab2924ae4d91a upstream. Needs to be tagged with FLAG_WWAN, which since it has generic descriptors, won't happen if we don't override the generic driver info. Cc: Oliver Neukum Signed-off-by: Dan Williams Acked-by: Oliver Neukum Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit d2636838e87a2eb7bb40e25864cc3a090d0df11b Author: Ming Lei Date: Thu Apr 26 11:33:46 2012 +0800 usbnet: fix skb traversing races during unlink(v2) commit 5b6e9bcdeb65634b4ad604eb4536404bbfc62cfa upstream. Commit 4231d47e6fe69f061f96c98c30eaf9fb4c14b96d(net/usbnet: avoid recursive locking in usbnet_stop()) fixes the recursive locking problem by releasing the skb queue lock before unlink, but may cause skb traversing races: - after URB is unlinked and the queue lock is released, the refered skb and skb->next may be moved to done queue, even be released - in skb_queue_walk_safe, the next skb is still obtained by next pointer of the last skb - so maybe trigger oops or other problems This patch extends the usage of entry->state to describe 'start_unlink' state, so always holding the queue(rx/tx) lock to change the state if the referd skb is in rx or tx queue because we need to know if the refered urb has been started unlinking in unlink_urbs. The other part of this patch is based on Huajun's patch: always traverse from head of the tx/rx queue to get skb which is to be unlinked but not been started unlinking. Signed-off-by: Huajun Li Signed-off-by: Ming Lei Cc: Oliver Neukum Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 18c6348bb249e786f0f76abcfdddab33889ee0ef Author: Mark Brown Date: Tue May 15 18:13:00 2012 +0100 ASoC: wm8994: Fix AIF2ADC power down commit c7f5f2389377b66028bc129890aa653deafe8d39 upstream. Signed-off-by: Mark Brown Signed-off-by: Ben Hutchings commit 2fa3402bf29ec154815e2dbc6aff6d442c1e02c7 Author: Takashi Iwai Date: Tue May 15 08:07:31 2012 +0200 ALSA: hda/idt - Fix power-map for speaker-pins with some HP laptops commit b0791dda813c179e539b0fc1ecd3f5f30f2571e2 upstream. BIOS on some HP laptops don't set the speaker-pins as fixed but expose as jacks, and this confuses the driver as if these pins are jack-detectable. As a result, the machine doesn't get sounds from speakers because the driver prepares the power-map update via jack unsol events which never come up in reality. The bug was introduced in some time in 3.2 for enabling the power-mapping feature. This patch fixes the problem by replacing the check of the persistent power-map bits with a proper is_jack_detectable() call. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=43240 Signed-off-by: Takashi Iwai Signed-off-by: Ben Hutchings commit cf4a6e0aa93d53aefc749e008c120bac44401765 Author: Alexander Clouter Date: Sat May 12 09:45:08 2012 +0100 crypto: mv_cesa requires on CRYPTO_HASH to build commit 1ebfefcf37a6e308266a8d786e8cfea0a454058c upstream. Without CRYPTO_HASH being selected, mv_cesa has a lot of hooks into undefined exports. ---- MODPOST 81 modules Kernel: arch/arm/boot/Image is ready AS arch/arm/boot/compressed/head.o GZIP arch/arm/boot/compressed/piggy.gzip CC arch/arm/boot/compressed/misc.o CC arch/arm/boot/compressed/decompress.o ERROR: "crypto_ahash_type" [drivers/crypto/mv_cesa.ko] undefined! ERROR: "crypto_shash_final" [drivers/crypto/mv_cesa.ko] undefined! ERROR: "crypto_register_ahash" [drivers/crypto/mv_cesa.ko] undefined! ERROR: "crypto_unregister_ahash" [drivers/crypto/mv_cesa.ko] undefined! ERROR: "crypto_shash_update" [drivers/crypto/mv_cesa.ko] undefined! ERROR: "crypto_shash_digest" [drivers/crypto/mv_cesa.ko] undefined! ERROR: "crypto_shash_setkey" [drivers/crypto/mv_cesa.ko] undefined! ERROR: "crypto_alloc_shash" [drivers/crypto/mv_cesa.ko] undefined! make[1]: *** [__modpost] Error 1 make: *** [modules] Error 2 make: *** Waiting for unfinished jobs.... ---- Signed-off-by: Alexander Clouter Signed-off-by: Jason Cooper Signed-off-by: Ben Hutchings commit 1601be1f76779ab23b7d04f86a231ede6bd90edc Author: Bernhard Kohl Date: Sun May 13 23:39:37 2012 +0200 target: Fix SPC-2 RELEASE bug for multi-session iSCSI client setups commit edc318d9fea6854df752ec8c645b960b0d5a1d23 upstream. This patch addresses a bug in a special case for target core SPC-2 RELEASE logic where the same physical client (eg: iSCSI InitiatorName) with differing iSCSI session identifiers (ISID) is allowed to incorrectly release the same client's SPC-2 reservation from the non reservation holding path. Note this bug is specific to iscsi-target w/ SPC-2 reservations, and with the default enforce_pr_isids=1 device attr setting in target-core controls if a InitiatorName + different ISID reservations are handled the same as a single iSCSI client entity. Signed-off-by: Bernhard Kohl Signed-off-by: Nicholas Bellinger Signed-off-by: Ben Hutchings commit f5dd890ef7c905ac61c3d3be1569df06849f74a3 Author: Will Deacon Date: Fri May 11 17:42:37 2012 +0100 ARM: 7417/1: vfp: ensure preemption is disabled when enabling VFP access commit 998de4acb2ba188d20768d1065658377a2e7d29b upstream. The vfp_enable function enables access to the VFP co-processor register space (cp10 and cp11) on the current CPU and must be called with preemption disabled. Unfortunately, the vfp_init late initcall does not disable preemption and can lead to an oops during boot if thread migration occurs at the wrong time and we end up attempting to access the FPSID on a CPU with VFP access disabled. This patch fixes the initcall to call vfp_enable from a non-preemptible context on each CPU and adds a BUG_ON(preemptible) to ensure that any similar problems are easily spotted in the future. Reported-by: Hyungwoo Yang Signed-off-by: Hyungwoo Yang Signed-off-by: Will Deacon Signed-off-by: Russell King Signed-off-by: Ben Hutchings commit 3af384d0469065da1646d275efffb7dbbe0e435c Author: Arend van Spriel Date: Thu Feb 9 21:08:58 2012 +0100 brcm80211: smac: fix endless retry of A-MPDU transmissions commit 5e379203c7788b7af01150bfadbc74d2797a2ef4 upstream. The A-MPDU code checked against a retry limit, but it was using the wrong variable to do so. This patch fixes this to assure proper retry mechanism. This problem had a side-effect causing the mac80211 flush callback to remain waiting forever as well. That side effect has been fixed by commit by Stanislaw Gruszka: commit f96b08a7e6f69c0f0a576554df3df5b1b519c479 Date: Tue Jan 17 12:38:50 2012 +0100 brcmsmac: fix tx queue flush infinite loop Reference: https://bugzilla.kernel.org/show_bug.cgi?id=42576 Cc: Stanislaw Gruszka Reviewed-by: Pieter-Paul Giesberts Reviewed-by: Alwin Beukers Signed-off-by: Arend van Spriel Signed-off-by: John W. Linville Signed-off-by: Ben Hutchings commit 9d93206b405c43dc56dcdd0f2be878635135a3a0 Author: Émeric Maschino Date: Mon Jan 9 12:55:10 2012 -0800 ia64: Add accept4() syscall commit 65cc21b4523e94d5640542a818748cd3be8cd6b4 upstream. While debugging udev > 170 failure on Debian Wheezy (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648325), it appears that the issue was in fact due to missing accept4() in ia64. This patch simply adds accept4() to ia64. Signed-off-by: Émeric Maschino Signed-off-by: Tony Luck Signed-off-by: Ben Hutchings commit 19bac81b86a91cbd2b8ff857401ecd37205890f7 Author: Eric Sandeen Date: Mon Feb 20 23:06:18 2012 -0500 ext4: avoid deadlock on sync-mounted FS w/o journal commit c1bb05a657fb3d8c6179a4ef7980261fae4521d7 upstream. Processes hang forever on a sync-mounted ext2 file system that is mounted with the ext4 module (default in Fedora 16). I can reproduce this reliably by mounting an ext2 partition with "-o sync" and opening a new file an that partition with vim. vim will hang in "D" state forever. The same happens on ext4 without a journal. I am attaching a small patch here that solves this issue for me. In the sync mounted case without a journal, ext4_handle_dirty_metadata() may call sync_dirty_buffer(), which can't be called with buffer lock held. Also move mb_cache_entry_release inside lock to avoid race fixed previously by 8a2bfdcb ext[34]: EA block reference count racing fix Note too that ext2 fixed this same problem in 2006 with b2f49033 [PATCH] fix deadlock in ext2 Signed-off-by: Martin.Wilck@ts.fujitsu.com [sandeen@redhat.com: move mb_cache_entry_release before unlock, edit commit msg] Signed-off-by: Eric Sandeen Signed-off-by: "Theodore Ts'o" Signed-off-by: Ben Hutchings commit 44a3b6fa776f99aa592ad2659263ba17063fa09c Author: Tomoya MORINAGA Date: Fri Dec 9 13:13:29 2011 +0900 spi-topcliff-pch: add recovery processing in case wait-event timeout commit 0f57e168aa109775430c76cc663fb64909813d84 upstream. Currently, pch_spi_start_transfer failure is not anticipated. This patch adds the processing. Signed-off-by: Tomoya MORINAGA Signed-off-by: Grant Likely Signed-off-by: Ben Hutchings commit 8ec5bd153809968f7e10fe58079fa2a1ed476d57 Author: Tomoya MORINAGA Date: Fri Dec 9 13:13:28 2011 +0900 spi-topcliff-pch: supports a spi mode setup and bit order setup by IO control commit f258b44e22e07f5e98ac2260c70acff5784791b6 upstream. This patch supports a spi mode setup and bit order setup by IO control. spi mode: mode 0 to mode 3 bit order: LSB first, MSB first Signed-off-by: Tomoya MORINAGA Signed-off-by: Grant Likely Signed-off-by: Ben Hutchings commit 958bb6de7a6ba061024629488418dc23d160fde9 Author: Tomoya MORINAGA Date: Fri Dec 9 13:13:27 2011 +0900 spi-topcliff-pch: Fix issue for transmitting over 4KByte commit 7d05b3e868ee0f9231baf40cb77be3df5dd1f18c upstream. Currently, when spi-topcliff-pch receives transmit request over 4KByte, this driver can't process correctly. This driver needs to divide the data into 4Kbyte unit. This patch fixes the issue. Signed-off-by: Tomoya MORINAGA Signed-off-by: Grant Likely Signed-off-by: Ben Hutchings commit 046f0433b57a5a9ef7890818646d2af1cc8b7418 Author: Tomoya MORINAGA Date: Fri Dec 9 13:11:42 2011 +0900 spi-topcliff-pch: Modify pci-bus number dynamically to get DMA device info commit ee2ece5261a639b89f194d141444b03b4c923179 upstream. Signed-off-by: Tomoya MORINAGA Signed-off-by: Grant Likely Signed-off-by: Ben Hutchings commit 347e3c6d3ed876bb5c36189265be02e952679e09 Author: Axel Lin Date: Wed Feb 1 10:50:05 2012 +0800 gpio: Add missing spin_lock_init in gpio-ml-ioh driver commit 7e3a70fb7bccada029c188c89bfbf3c0a63c1500 upstream. This bug was introduced by commit 54be5663 "gpio-ml-ioh: Support interrupt function" which adds a spinlock to struct ioh_gpio but never init the spinlock. Signed-off-by: Axel Lin Signed-off-by: Grant Likely Signed-off-by: Ben Hutchings commit 8369f66fc249ab872a370b0dc849e9a47a9f4921 Author: David S. Miller Date: Thu May 10 11:00:46 2012 -0700 sparc64: Do not clobber %g2 in xcall_fetch_glob_regs(). [ Upstream commit a5a737e090e25981e99d69f01400e3a80356581c ] %g2 is meant to hold the CPUID number throughout this routine, since at the very beginning, and at the very end, we use %g2 to calculate indexes into per-cpu arrays. However we erroneously clobber it in order to hold the %cwp register value mid-stream. Fix this code to use %g3 for the %cwp read and related calulcations instead. Reported-by: Meelis Roos Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit f6fa1ed89c2778e9755c9d1081bdb7cab38fbfb4 Author: Mike Snitzer Date: Sat May 12 01:43:21 2012 +0100 dm mpath: check if scsi_dh module already loaded before trying to load commit 510193a2d3d2e03ae53b95c0ae4f33cdff02cbf8 upstream. If the requested scsi_dh module is already loaded then skip request_module(). Multipath table loads can hang in an unnecessary __request_module. Reported-by: Ben Marzinski Signed-off-by: Mike Snitzer Signed-off-by: Alasdair G Kergon Signed-off-by: Ben Hutchings commit ab13af236947f28b3245591f4c2c20085ec9e91e Author: Sylwester Nawrocki Date: Sat Apr 21 18:46:30 2012 -0300 s5p-fimc: Fix locking in subdev set_crop op commit e985dbf7d93e2a3e114b4525413e50f83613e0cb upstream. When setting TRY crop on the sub-device the mutex was erroneously acquired rather than released on exit path. This bug is present in kernels starting from v3.2. Signed-off-by: Sylwester Nawrocki Signed-off-by: Kyungmin Park Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Ben Hutchings commit 5a6cc206dfa8de733e848590b43d30706216733c Author: Josh Cartwright Date: Thu Mar 29 19:34:53 2012 -0400 jffs2: Fix lock acquisition order bug in gc path commit 226bb7df3d22bcf4a1c0fe8206c80cc427498eae upstream. The locking policy is such that the erase_complete_block spinlock is nested within the alloc_sem mutex. This fixes a case in which the acquisition order was erroneously reversed. This issue was caught by the following lockdep splat: ======================================================= [ INFO: possible circular locking dependency detected ] 3.0.5 #1 ------------------------------------------------------- jffs2_gcd_mtd6/299 is trying to acquire lock: (&c->alloc_sem){+.+.+.}, at: [] jffs2_garbage_collect_pass+0x314/0x890 but task is already holding lock: (&(&c->erase_completion_lock)->rlock){+.+...}, at: [] jffs2_garbage_collect_pass+0x308/0x890 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&(&c->erase_completion_lock)->rlock){+.+...}: [] validate_chain+0xe6c/0x10bc [] __lock_acquire+0x54c/0xba4 [] lock_acquire+0xa4/0x114 [] _raw_spin_lock+0x3c/0x4c [] jffs2_garbage_collect_pass+0x4c/0x890 [] jffs2_garbage_collect_thread+0x1b4/0x1cc [] kthread+0x98/0xa0 [] kernel_thread_exit+0x0/0x8 -> #0 (&c->alloc_sem){+.+.+.}: [] print_circular_bug+0x70/0x2c4 [] validate_chain+0x1034/0x10bc [] __lock_acquire+0x54c/0xba4 [] lock_acquire+0xa4/0x114 [] mutex_lock_nested+0x74/0x33c [] jffs2_garbage_collect_pass+0x314/0x890 [] jffs2_garbage_collect_thread+0x1b4/0x1cc [] kthread+0x98/0xa0 [] kernel_thread_exit+0x0/0x8 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&c->erase_completion_lock)->rlock); lock(&c->alloc_sem); lock(&(&c->erase_completion_lock)->rlock); lock(&c->alloc_sem); *** DEADLOCK *** 1 lock held by jffs2_gcd_mtd6/299: #0: (&(&c->erase_completion_lock)->rlock){+.+...}, at: [] jffs2_garbage_collect_pass+0x308/0x890 stack backtrace: [] (unwind_backtrace+0x0/0x100) from [] (dump_stack+0x20/0x24) [] (dump_stack+0x20/0x24) from [] (print_circular_bug+0x1c8/0x2c4) [] (print_circular_bug+0x1c8/0x2c4) from [] (validate_chain+0x1034/0x10bc) [] (validate_chain+0x1034/0x10bc) from [] (__lock_acquire+0x54c/0xba4) [] (__lock_acquire+0x54c/0xba4) from [] (lock_acquire+0xa4/0x114) [] (lock_acquire+0xa4/0x114) from [] (mutex_lock_nested+0x74/0x33c) [] (mutex_lock_nested+0x74/0x33c) from [] (jffs2_garbage_collect_pass+0x314/0x890) [] (jffs2_garbage_collect_pass+0x314/0x890) from [] (jffs2_garbage_collect_thread+0x1b4/0x1cc) [] (jffs2_garbage_collect_thread+0x1b4/0x1cc) from [] (kthread+0x98/0xa0) [] (kthread+0x98/0xa0) from [] (kernel_thread_exit+0x0/0x8) This was introduce in '81cfc9f jffs2: Fix serious write stall due to erase'. Signed-off-by: Josh Cartwright Signed-off-by: Artem Bityutskiy Signed-off-by: David Woodhouse [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings commit b324755c58b3b982cce5dba55e0e83d97d7e6a0a Author: Bjørn Mork Date: Thu Apr 26 02:35:10 2012 +0000 cdc_ether: Ignore bogus union descriptor for RNDIS devices commit 6eddcb4c82883451aec3be1240f17793370fa62f upstream. Some RNDIS devices include a bogus CDC Union descriptor pointing to non-existing interfaces. The RNDIS code is already prepared to handle devices without a CDC Union descriptor by hardwiring the driver to use interfaces 0 and 1, which is correct for the devices with the bogus descriptor as well. So we can reuse the existing workaround. Cc: Markus Kolb Cc: Iker Salmón San Millán Cc: Jonathan Nieder Cc: Oliver Neukum Cc: 655387@bugs.debian.org Signed-off-by: Bjørn Mork Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 584f5ceeea1df933a89ceb18592b0e28349fd4fe Author: Luis Henriques Date: Sat Apr 21 12:25:21 2012 -0300 rc: Postpone ISR registration commit 9ef449c6b31bb6a8e6dedc24de475a3b8c79be20 upstream. An early registration of an ISR was causing a crash to several users (for example, with the ite-cir driver: http://bugs.launchpad.net/bugs/972723). The reason was that IRQs were being triggered before a driver initialisation was completed. This patch fixes this by moving the invocation to request_irq() and to request_region() to a later stage on the driver probe function. Signed-off-by: Luis Henriques Acked-by: Jarod Wilson Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Ben Hutchings commit 6f00c2014c321fcb7574583b4df796ca40e5ddcf Author: Jonathan Corbet Date: Fri Apr 20 12:22:50 2012 -0300 marvell-cam: fix an ARM build error commit 9967232f1be5bab10c7b7a8dcf51ff5c3c1a6d77 upstream. One of the OLPC changes lost a little in its translation to mainline, leading to build errors on the ARM architecture. Remove the offending line, and all will be well. Reported-by: Mathieu Poirier Signed-off-by: Jonathan Corbet Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Ben Hutchings commit 0e62760a18f44b03e081d260501640ae08474973 Author: Nicholas Bellinger Date: Thu May 10 22:05:49 2012 -0700 target: Drop incorrect se_lun_acl release for dynamic -> explict ACL conversion commit cfebf8f42f47327fa54cf05c19b98f4bd5236a26 upstream. This patch removes some potentially problematic legacy code within core_clear_initiator_node_from_tpg() that was originally intended to release left over se_lun_acl setup during dynamic NodeACL+MappedLUN generate when running with TPG demo-mode operation. Since we now only ever expect to allocate and release se_lun_acl from within target_core_fabric_configfs.c:target_fabric_make_mappedlun() and target_fabric_drop_mappedlun() context respectively, this code for demo-mode release is incorrect and needs to be removed. Cc: Christoph Hellwig Cc: Andy Grover Signed-off-by: Nicholas Bellinger Signed-off-by: Ben Hutchings commit 0bd1b8babc872666e6096c0c0477725a2304ed49 Author: Jonathan Nieder Date: Fri May 11 04:20:20 2012 -0500 NFSv4: Revalidate uid/gid after open This is a shorter (and more appropriate for stable kernels) analog to the following upstream commit: commit 6926afd1925a54a13684ebe05987868890665e2b Author: Trond Myklebust Date: Sat Jan 7 13:22:46 2012 -0500 NFSv4: Save the owner/group name string when doing open ...so that we can do the uid/gid mapping outside the asynchronous RPC context. This fixes a bug in the current NFSv4 atomic open code where the client isn't able to determine what the true uid/gid fields of the file are, (because the asynchronous nature of the OPEN call denies it the ability to do an upcall) and so fills them with default values, marking the inode as needing revalidation. Unfortunately, in some cases, the VFS will do some additional sanity checks on the file, and may override the server's decision to allow the open because it sees the wrong owner/group fields. Signed-off-by: Trond Myklebust Without this patch, logging into two different machines with home directories mounted over NFS4 and then running "vim" and typing ":q" in each reliably produces the following error on the second machine: E137: Viminfo file is not writable: /users/system/rtheys/.viminfo This regression was introduced by 80e52aced138 ("NFSv4: Don't do idmapper upcalls for asynchronous RPC calls", merged during the 2.6.32 cycle) --- after the OPEN call, .viminfo has the default values for st_uid and st_gid (0xfffffffe) cached because we do not want to let rpciod wait for an idmapper upcall to fill them in. The fix used in mainline is to save the owner and group as strings and perform the upcall in _nfs4_proc_open outside the rpciod context, which takes about 600 lines. For stable, we can do something similar with a one-liner: make open check for the stale fields and make a (synchronous) GETATTR call to fill them when needed. Trond dictated the patch, I typed it in, and Rik tested it. Addresses http://bugs.debian.org/659111 and https://bugzilla.redhat.com/789298 Reported-by: Rik Theys Explained-by: David Flyn Signed-off-by: Jonathan Nieder Tested-by: Rik Theys Signed-off-by: Ben Hutchings commit 1782d68fba6e18d3674c1d23172929cae6788542 Author: Srinivas Kandagatla Date: Mon Apr 2 00:02:09 2012 +0000 phy:icplus:fix Auto Power Saving in ip101a_config_init. [ Upstream commit b3300146aa8efc5d3937fd33f3cfdc580a3843bc ] This patch fixes Auto Power Saving configuration in ip101a_config_init which was broken as there is no phy register write followed after setting IP101A_APS_ON flag. This patch also fixes the return value of ip101a_config_init. Without this patch ip101a_config_init returns 2 which is not an error accroding to IS_ERR and the mac driver will continue accessing 2 as valid pointer to phy_dev resulting in memory fault. Signed-off-by: Srinivas Kandagatla Signed-off-by: David S. Miller Signed-off-by: Jonathan Nieder Signed-off-by: Ben Hutchings commit 7f2595b65b39999f10347c871cd5146f7bc17532 Author: Jonathan Nieder Date: Fri May 11 19:35:33 2012 -0500 brcm80211: smac: pass missing argument to 'brcms_b_mute' [Not needed upstream --- this bug is specific to 3.2.y.] Commit c6c44893c864, which removes the flag argument from brcms_b_mute, is not part of 3.2.y, and we forgot to adjust a new call accordingly when applying commit badc4f07622f ("brcm80211: smac: resume transmit fifo upon receiving frames"). drivers/net/wireless/brcm80211/brcmsmac/main.c: In function 'brcms_c_recvctl': drivers/net/wireless/brcm80211/brcmsmac/main.c:7882:4: error: too few arguments to function 'brcms_b_mute' drivers/net/wireless/brcm80211/brcmsmac/main.c:2538:13: note: declared here Earlier build tests missed this because they didn't include this driver due to 'depends on BCMA=n'. Reported-by: Ben Hutchings Signed-off-by: Jonathan Nieder Signed-off-by: Ben Hutchings commit 4b9b05fd95c502521eaef111ba0f83c58b391587 Author: Eric Dumazet Date: Wed May 2 02:28:41 2012 +0000 tcp: change tcp_adv_win_scale and tcp_rmem[2] [ Upstream commit b49960a05e32121d29316cfdf653894b88ac9190 ] tcp_adv_win_scale default value is 2, meaning we expect a good citizen skb to have skb->len / skb->truesize ratio of 75% (3/4) In 2.6 kernels we (mis)accounted for typical MSS=1460 frame : 1536 + 64 + 256 = 1856 'estimated truesize', and 1856 * 3/4 = 1392. So these skbs were considered as not bloated. With recent truesize fixes, a typical MSS=1460 frame truesize is now the more precise : 2048 + 256 = 2304. But 2304 * 3/4 = 1728. So these skb are not good citizen anymore, because 1460 < 1728 (GRO can escape this problem because it build skbs with a too low truesize.) This also means tcp advertises a too optimistic window for a given allocated rcvspace : When receiving frames, sk_rmem_alloc can hit sk_rcvbuf limit and we call tcp_prune_queue()/tcp_collapse() too often, especially when application is slow to drain its receive queue or in case of losses (netperf is fast, scp is slow). This is a major latency source. We should adjust the len/truesize ratio to 50% instead of 75% This patch : 1) changes tcp_adv_win_scale default to 1 instead of 2 2) increase tcp_rmem[2] limit from 4MB to 6MB to take into account better truesize tracking and to allow autotuning tcp receive window to reach same value than before. Note that same amount of kernel memory is consumed compared to 2.6 kernels. Signed-off-by: Eric Dumazet Cc: Neal Cardwell Cc: Tom Herbert Cc: Yuchung Cheng Acked-by: Neal Cardwell Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit b713f6c7d317c136f03c132203d0900f4a0de084 Author: Yuchung Cheng Date: Mon Apr 30 06:00:18 2012 +0000 tcp: fix infinite cwnd in tcp_complete_cwr() [ Upstream commit 1cebce36d660c83bd1353e41f3e66abd4686f215 ] When the cwnd reduction is done, ssthresh may be infinite if TCP enters CWR via ECN or F-RTO. If cwnd is not undone, i.e., undo_marker is set, tcp_complete_cwr() falsely set cwnd to the infinite ssthresh value. The correct operation is to keep cwnd intact because it has been updated in ECN or F-RTO. Signed-off-by: Yuchung Cheng Acked-by: Neal Cardwell Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 63abb972410a091c02fdebc9d50287b79f1ea293 Author: Matt Carlson Date: Tue Apr 24 13:37:01 2012 +0000 tg3: Avoid panic from reserved statblk field access [ Upstream commit f891ea1634ce41f5f47ae40d8594809f4cd2ca66 ] When RSS is enabled, interrupt vector 0 does not receive any rx traffic. The rx producer index fields for vector 0's status block should be considered reserved in this case. This patch changes the code to respect these reserved fields, which avoids a kernel panic when these fields take on non-zero values. Signed-off-by: Matt Carlson Signed-off-by: Michael Chan Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 9dd8816dbc51731902518c28e08e3f279e4f0731 Author: Gerard Lledo Date: Sat Apr 28 08:52:37 2012 +0000 sungem: Fix WakeOnLan [ Upstream commit 5a8887d39e1ba5ee2d4ccb94b14d6f2dce5ddfca ] WakeOnLan was broken in this driver because gp->asleep_wol is a 1-bit bitfield and it was being assigned WAKE_MAGIC, which is (1 << 5). gp->asleep_wol remains 0 and the machine never wakes up. Fixed by casting gp->wake_on_lan to bool. Tested on an iBook G4. Signed-off-by: Gerard Lledo Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 2599c5942675bd800a9b97a15c30611cd2559a42 Author: stephen hemminger Date: Mon Apr 30 06:47:37 2012 +0000 sky2: fix receive length error in mixed non-VLAN/VLAN traffic [ Upstream commit e072b3fad5f3915102c94628b4971f52ff99dd05 ] Bug: The VLAN bit of the MAC RX Status Word is unreliable in several older supported chips. Sometimes the VLAN bit is not set for valid VLAN packets and also sometimes the VLAN bit is set for non-VLAN packets that came after a VLAN packet. This results in a receive length error when VLAN hardware tagging is enabled. Fix: Variation on original fix proposed by Mirko. The VLAN information is decoded in the status loop, and can be applied to the received SKB there. This eliminates the need for the separate tag field in the interface data structure. The tag has to be copied and cleared if packet is copied. This version checked out with vlan and normal traffic. Note: vlan_tx_tag_present should be renamed vlan_tag_present, but that is outside scope of this. Reported-by: Mirko Lindner Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit d035ead85c6b765d5138a3a2cd8290e8966c74d5 Author: stephen hemminger Date: Mon Apr 30 05:49:45 2012 +0000 sky2: propogate rx hash when packet is copied [ Upstream commit 3f42941b5d1d13542b1a755a9e4f633aa72e4d3e ] When a small packet is received, the driver copies it to a new skb to allow reusing the full size Rx buffer. The copy was propogating the checksum offload but not the receive hash information. The bug is impact was mostly harmless and therefore not observed until reviewing this area of code. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 7b9c691febb4325f17a793fce9f86a1e90e37283 Author: Sasha Levin Date: Wed May 2 03:58:43 2012 +0000 net: l2tp: unlock socket lock before returning from l2tp_ip_sendmsg [ Upstream commit 84768edbb2721637620b2d84501bb0d5aed603f1 ] l2tp_ip_sendmsg could return without releasing socket lock, making it all the way to userspace, and generating the following warning: [ 130.891594] ================================================ [ 130.894569] [ BUG: lock held when returning to user space! ] [ 130.897257] 3.4.0-rc5-next-20120501-sasha #104 Tainted: G W [ 130.900336] ------------------------------------------------ [ 130.902996] trinity/8384 is leaving the kernel with locks still held! [ 130.906106] 1 lock held by trinity/8384: [ 130.907924] #0: (sk_lock-AF_INET){+.+.+.}, at: [] l2tp_ip_sendmsg+0x2f/0x550 Introduced by commit 2f16270 ("l2tp: Fix locking in l2tp_ip.c"). Signed-off-by: Sasha Levin Acked-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 4b3bd838fd1c301fe29c07ac1ac4ca555e1b8119 Author: Eric W. Biederman Date: Fri Apr 6 15:33:35 2012 +0000 net: In unregister_netdevice_notifier unregister the netdevices. [ Upstream commit 7d3d43dab4e978d8d9ad1acf8af15c9b1c4b0f0f ] We already synthesize events in register_netdevice_notifier and synthesizing events in unregister_netdevice_notifier allows to us remove the need for special case cleanup code. This change should be safe as it adds no new cases for existing callers of unregiser_netdevice_notifier to handle. Signed-off-by: Eric W. Biederman Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit fd3cb5c9a9849761ae9830a098d414ef29ada82c Author: Eric Dumazet Date: Sun Apr 29 09:08:22 2012 +0000 netem: fix possible skb leak [ Upstream commit 116a0fc31c6c9b8fc821be5a96e5bf0b43260131 ] skb_checksum_help(skb) can return an error, we must free skb in this case. qdisc_drop(skb, sch) can also be feeded with a NULL skb (if skb_unshare() failed), so lets use this generic helper. Signed-off-by: Eric Dumazet Cc: Stephen Hemminger Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit 3a7052c220cdbfe4e03baed0a5f32f97cbbb7ad7 Author: Ingo van Lil Date: Mon Apr 23 22:05:38 2012 +0000 asix: Fix tx transfer padding for full-speed USB [ Upstream commit 2a5809499e35b53a6044fd34e72b242688b7a862 ] The asix.c USB Ethernet driver avoids ending a tx transfer with a zero- length packet by appending a four-byte padding to transfers whose length is a multiple of maxpacket. However, the hard-coded 512 byte maxpacket length is valid for high-speed USB only; full-speed USB uses 64 byte packets. Signed-off-by: Ingo van Lil Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings commit eceb33799bdb35305f9af781d07caa10d05958fe Author: Russ Anderson Date: Thu May 10 13:01:46 2012 -0700 mm: nobootmem: fix sign extend problem in __free_pages_memory() commit 6bc2e853c6b46a6041980d58200ad9b0a73a60ff upstream. Systems with 8 TBytes of memory or greater can hit a problem where only the the first 8 TB of memory shows up. This is due to "int i" being smaller than "unsigned long start_aligned", causing the high bits to be dropped. The fix is to change `i' to unsigned long to match start_aligned and end_aligned. Thanks to Jack Steiner for assistance tracking this down. Signed-off-by: Russ Anderson Cc: Jack Steiner Cc: Johannes Weiner Cc: Tejun Heo Cc: David S. Miller Cc: Yinghai Lu Cc: Gavin Shan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Ben Hutchings commit 97a2373e32df28a6e59de89b725d4dbe58076a8d Author: Mike Galbraith Date: Thu May 10 13:01:45 2012 -0700 namespaces, pid_ns: fix leakage on fork() failure commit 5e2bf0142231194d36fdc9596b36a261ed2b9fe7 upstream. Fork() failure post namespace creation for a child cloned with CLONE_NEWPID leaks pid_namespace/mnt_cache due to proc being mounted during creation, but not unmounted during cleanup. Call pid_ns_release_proc() during cleanup. Signed-off-by: Mike Galbraith Acked-by: Oleg Nesterov Reviewed-by: "Eric W. Biederman" Cc: Pavel Emelyanov Cc: Cyrill Gorcunov Cc: Louis Rilling Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Ben Hutchings commit a9760061391e46f56fb6a8636142dab39f345e9b Author: Chris Metcalf Date: Thu May 10 13:01:44 2012 -0700 hugetlb: prevent BUG_ON in hugetlb_fault() -> hugetlb_cow() commit 4998a6c0edce7fae9c0a5463f6ec3fa585258ee7 upstream. Commit 66aebce747eaf ("hugetlb: fix race condition in hugetlb_fault()") added code to avoid a race condition by elevating the page refcount in hugetlb_fault() while calling hugetlb_cow(). However, one code path in hugetlb_cow() includes an assertion that the page count is 1, whereas it may now also have the value 2 in this path. The consensus is that this BUG_ON has served its purpose, so rather than extending it to cover both cases, we just remove it. Signed-off-by: Chris Metcalf Acked-by: Mel Gorman Acked-by: Hillf Danton Acked-by: Hugh Dickins Cc: Michal Hocko Cc: KAMEZAWA Hiroyuki Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Ben Hutchings commit 8a2f7257ae6a7d1e1c87dd1ef146bd3e9c04e903 Author: Tejun Heo Date: Fri Apr 27 08:42:53 2012 -0700 percpu: pcpu_embed_first_chunk() should free unused parts after all allocs are complete commit 42b64281453249dac52861f9b97d18552a7ec62b upstream. pcpu_embed_first_chunk() allocates memory for each node, copies percpu data and frees unused portions of it before proceeding to the next group. This assumes that allocations for different nodes doesn't overlap; however, depending on memory topology, the bootmem allocator may end up allocating memory from a different node than the requested one which may overlap with the portion freed from one of the previous percpu areas. This leads to percpu groups for different nodes overlapping which is a serious bug. This patch separates out copy & partial free from the allocation loop such that all allocations are complete before partial frees happen. This also fixes overlapping frees which could happen on allocation failure path - out_free_areas path frees whole groups but the groups could have portions freed at that point. Signed-off-by: Tejun Heo Reported-by: "Pavel V. Panteleev" Tested-by: "Pavel V. Panteleev" LKML-Reference: Signed-off-by: Ben Hutchings commit 1eafe98560a3bf53d3b2e92fbbdfd6ac09166c11 Author: David Henningsson Date: Fri May 4 11:05:55 2012 +0200 ALSA: HDA: Lessen CPU usage when waiting for chip to respond commit 32cf4023e689ad5b3a81a749d8cc99d7f184cb99 upstream. When an IRQ for some reason gets lost, we wait up to a second using udelay, which is CPU intensive. This patch improves the situation by waiting about 30 ms in the CPU intensive mode, then stepping down to using msleep(2) instead. In essence, we trade some granularity in exchange for less CPU consumption when the waiting time is a bit longer. As a result, PulseAudio should no longer be killed by the kernel for taking up to much RT-prio CPU time. At least not for *this* reason. Signed-off-by: David Henningsson Tested-by: Arun Raghavan Signed-off-by: Takashi Iwai Signed-off-by: Ben Hutchings commit 7032ddada0b19778f97d97cbd17fc67257b36054 Author: Ben Hutchings Date: Sun Apr 8 05:18:53 2012 +0100 ARM: orion5x: Fix GPIO enable bits for MPP9 commit 48d99f47a81a66bdd61a348c7fe8df5a7afdf5f3 upstream. Commit 554cdaefd1cf7bb54b209c4e68c7cec87ce442a9 ('ARM: orion5x: Refactor mpp code to use common orion platform mpp.') seems to have accidentally inverted the GPIO valid bits for MPP9 (only). For the mv2120 platform which uses MPP9 as a GPIO LED device, this results in the error: [ 12.711476] leds-gpio: probe of leds-gpio failed with error -22 Reported-by: Henry von Tresckow References: http://bugs.debian.org/667446 Signed-off-by: Ben Hutchings Tested-by: Hans Henry von Tresckow Signed-off-by: Jason Cooper commit fc978118a015af70354ea6e2178398629c88478e Author: Mark Hills Date: Mon Apr 30 19:39:22 2012 +0100 ALSA: echoaudio: Remove incorrect part of assertion commit c914f55f7cdfafe9d7d5b248751902c7ab57691e upstream. This assertion seems to imply that chip->dsp_code_to_load is a pointer. It's actually an integer handle on the actual firmware, and 0 has no special meaning. The assertion prevents initialisation of a Darla20 card, but would also affect other models. It seems it was introduced in commit dd7b254d. ALSA sound/pci/echoaudio/echoaudio.c:2061 Echoaudio driver starting... ALSA sound/pci/echoaudio/echoaudio.c:1969 chip=ebe4e000 ALSA sound/pci/echoaudio/echoaudio.c:2007 pci=ed568000 irq=19 subdev=0010 Init hardware... ALSA sound/pci/echoaudio/darla20_dsp.c:36 init_hw() - Darla20 ------------[ cut here ]------------ WARNING: at sound/pci/echoaudio/echoaudio_dsp.c:478 init_hw+0x1d1/0x86c [snd_darla20]() Hardware name: Dell DM051 BUG? (!chip->dsp_code_to_load || !chip->comm_page) Signed-off-by: Mark Hills Signed-off-by: Takashi Iwai Signed-off-by: Ben Hutchings commit 2d2500b6676a92416098a8a75add9a7b633e918e Author: Archit Taneja Date: Thu Apr 19 17:39:16 2012 +0530 ARM: OMAP: Revert "ARM: OMAP: ctrl: Fix CONTROL_DSIPHY register fields" commit 08ca7444f589bedf9ad5d82883e5d0754852d73b upstream. This reverts commit 46f8c3c7e95c0d30d95911e7975ddc4f93b3e237. The commit above swapped the DSI1_PPID and DSI2_PPID register fields in CONTROL_DSIPHY to be in sync with the newer public OMAP TRMs(after version V). With this commit, contention errors were reported on DSI lanes some OMAP4 SDPs. After probing the DSI lanes on OMAP4 SDP, it was seen that setting bits in the DSI2_PPID field was pulling up voltage on DSI1 lanes, and DSI1_PPID field was pulling up voltage on DSI2 lanes. This proves that the current version of OMAP4 TRM is incorrect, swap the position of register fields according to the older TRM versions as they were correct. Acked-by: Tomi Valkeinen Signed-off-by: Archit Taneja Signed-off-by: Tony Lindgren Signed-off-by: Ben Hutchings commit 42d66f95429ec18ea8d505fc1b90a32aa7d894e4 Author: Axel Lin Date: Wed Apr 11 20:53:58 2012 +0800 regulator: Fix the logic to ensure new voltage setting in valid range commit f55205f4d4a8823a11bb8b37ef2ecbd78fb09463 upstream. I think this is a typo. To ensure new voltage setting won't greater than desc->max, the equation should be desc->min + desc->step * new_val <= desc->max. Signed-off-by: Axel Lin Signed-off-by: Mark Brown Signed-off-by: Ben Hutchings