commit 1897bf2760645d17dc996a3638cb5f5e9bfd3617 Author: Greg Kroah-Hartman Date: Mon Feb 13 11:29:11 2012 -0800 Linux 2.6.32.57 commit a77912b9bce47661279f4f1a5be10b15d40b402d Author: Eric Dumazet Date: Mon May 31 23:44:05 2010 -0700 net: sock_queue_err_skb() dont mess with sk_forward_alloc commit b1faf5666438090a4dc4fceac8502edc7788b7e3 upstream. Correct sk_forward_alloc handling for error_queue would need to use a backlog of frames that softirq handler could not deliver because socket is owned by user thread. Or extend backlog processing to be able to process normal and error packets. Another possibility is to not use mem charge for error queue, this is what I implemented in this patch. Note: this reverts commit 29030374 (net: fix sk_forward_alloc corruptions), since we dont need to lock socket anymore. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Cc: 单卫 Signed-off-by: Greg Kroah-Hartman commit 956a79d503998a763dd71847f2f9eb19349c2aba Author: Eric Dumazet Date: Sat May 29 00:20:48 2010 -0700 net: fix sk_forward_alloc corruptions commit 2903037400a26e7c0cc93ab75a7d62abfacdf485 upstream. As David found out, sock_queue_err_skb() should be called with socket lock hold, or we risk sk_forward_alloc corruption, since we use non atomic operations to update this field. This patch adds bh_lock_sock()/bh_unlock_sock() pair to three spots. (BH already disabled) 1) skb_tstamp_tx() 2) Before calling ip_icmp_error(), in __udp4_lib_err() 3) Before calling ipv6_icmp_error(), in __udp6_lib_err() Reported-by: Anton Blanchard Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Cc: 单卫 Signed-off-by: Greg Kroah-Hartman commit aa4ba12335659a1afd79d430f038114ce1434690 Author: Axel Lin Date: Wed Feb 1 12:31:47 2012 +0800 mmc: cb710 core: Add missing spin_lock_init for irq_lock of struct cb710_chip commit b5266ea675c5a041e2852c7ccec4cf2d4f5e0cf4 upstream. Signed-off-by: Axel Lin Acked-by: Michał Mirosław Signed-off-by: Greg Kroah-Hartman commit 6abb713c677597ba21b235cf53e51e4867537f77 Author: Milan Kocian Date: Fri Feb 3 14:28:00 2012 +0100 USB: usbserial: add new PID number (0xa951) to the ftdi driver commit 90451e6973a5da155c6f315a409ca0a8d3ce6b76 upstream. Signed-off-by: Milan Kocian Signed-off-by: Greg Kroah-Hartman commit 6da6c702a675b75f7c4bcc23ca3befcd25bb07e4 Author: Jayachandran C Date: Fri Jan 27 20:27:32 2012 +0530 usb: Skip PCI USB quirk handling for Netlogic XLP commit e4436a7c17ac2b5e138f93f83a541cba9b311685 upstream. The Netlogic XLP SoC's on-chip USB controller appears as a PCI USB device, but does not need the EHCI/OHCI handoff done in usb/host/pci-quirks.c. The pci-quirks.c is enabled for all vendors and devices, and is enabled if USB and PCI are configured. If we do not skip the qurik handling on XLP, the readb() call in ehci_bios_handoff() will cause a crash since byte access is not supported for EHCI registers in XLP. Signed-off-by: Jayachandran C Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman commit a86c3948b06007b3befd1b796598e46527ccea9a Author: Timo Juhani Lindfors Date: Sun Jan 29 16:12:13 2012 +0200 usb: gadget: zero: fix bug in loopback autoresume handling commit 683da59d7b8ae04891636d4b59893cd4e9b0b7e5 upstream. ab943a2e125b (USB: gadget: gadget zero uses new suspend/resume hooks) introduced a copy-paste error where f_loopback.c writes to a variable declared in f_sourcesink.c. This prevents one from creating gadgets that only have a loopback function. Signed-off-by: Timo Juhani Lindfors Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 992dc3393662b00527480b49b5076bdda0e86327 Author: Arve Hjønnevåg Date: Wed Feb 1 15:29:13 2012 -0800 Staging: android: binder: Fix crashes when sharing a binder file between processes commit bd1eff9741af27378b241b347041c724bb28e857 upstream. Opening the binder driver and sharing the file returned with other processes (e.g. by calling fork) can crash the kernel. Prevent these crashes with the following changes: - Add a mutex to protect against two processes mmapping the same binder_proc. - After locking mmap_sem, check that the vma we want to access (still) points to the same mm_struct. - Use proc->tsk instead of current to get the files struct since this is where we get the rlimit from. Signed-off-by: Arve Hjønnevåg Signed-off-by: Greg Kroah-Hartman commit 038044951a5b58411446428629594e67320549e5 Author: Arve Hjønnevåg Date: Fri Jan 20 19:56:21 2012 -0800 Staging: android: binder: Don't call dump_stack in binder_vma_open commit 3c1b86f17068cf6476fb2d022b9c8b44dedea2e5 upstream. If user-space partially unmaps the driver, binder_vma_open would dump the kernel stack. This is not a kernel bug however and will be treated as if the whole area was unmapped once binder_vma_close gets called. Signed-off-by: Arve Hjønnevåg Signed-off-by: Greg Kroah-Hartman commit 76058ae1c7386da3de3ad6ebd8fce5d4fc5ae59d Author: Pekka Paalanen Date: Sun Jan 22 16:33:46 2012 +0200 Staging: asus_oled: fix image processing commit 635032cb397b396241372fa0ff36ae758e658b23 upstream. Programming an image was broken, because odev->buf_offs was not advanced for val == 0 in append_values(). This regression was introduced in: commit 1ff12a4aa354bed093a0240d5e6347b1e27601bc Author: Kevin A. Granade Date: Sat Sep 5 01:03:39 2009 -0500 Staging: asus_oled: Cleaned up checkpatch issues. Fix the image processing by special-casing val == 0. I have tested this change on an Asus G50V laptop only. Cc: Jakub Schmidtke Cc: Kevin A. Granade Signed-off-by: Pekka Paalanen Signed-off-by: Greg Kroah-Hartman commit 0361185a6c75eaff5f4ddb747f54a23b94f6bcd6 Author: Hubert Feurstein Date: Mon Jan 9 17:23:57 2012 +0100 atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume commit 9f1065032ceb7e86c7c9f16bb86518857e88a172 upstream. An error was existing in the saving of CONTRAST_CTR register across suspend/resume. Signed-off-by: Hubert Feurstein Signed-off-by: Nicolas Ferre Acked-by: Jean-Christophe PLAGNIOL-VILLARD Signed-off-by: Florian Tobias Schandinat Signed-off-by: Greg Kroah-Hartman commit e065d6f4f4453db007d4fb22ebb937e38922cb4b Author: Li Wang Date: Thu Jan 19 09:44:36 2012 +0800 eCryptfs: Infinite loop due to overflow in ecryptfs_write() commit 684a3ff7e69acc7c678d1a1394fe9e757993fd34 upstream. ecryptfs_write() can enter an infinite loop when truncating a file to a size larger than 4G. This only happens on architectures where size_t is represented by 32 bits. This was caused by a size_t overflow due to it incorrectly being used to store the result of a calculation which uses potentially large values of type loff_t. [tyhicks@canonical.com: rewrite subject and commit message] Signed-off-by: Li Wang Signed-off-by: Yunchuan Wen Reviewed-by: Cong Wang Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit 23145ac5c650072d73beab2fee839d6129a22e72 Author: Rodrigo Vivi Date: Wed Dec 14 21:10:06 2011 -0200 drm/i915: Fix TV Out refresh rate. commit 23bd15ec662344dc10e9918fdd0dbc58bc71526d upstream. TV Out refresh rate was half of the specification for almost all modes. Due to this reason pixel clock was so low for some modes causing flickering screen. Signed-off-by: Rodrigo Vivi Reviewed-by: Jesse Barnes Signed-off-by: Keith Packard Signed-off-by: Eugeni Dodonov Signed-off-by: Greg Kroah-Hartman commit c005218328597211008a4d33a91e2952798e3556 Author: Jan Kara Date: Fri Dec 23 11:53:07 2011 +0100 udf: Mark LVID buffer as uptodate before marking it dirty commit 853a0c25baf96b028de1654bea1e0c8857eadf3d upstream. When we hit EIO while writing LVID, the buffer uptodate bit is cleared. This then results in an anoying warning from mark_buffer_dirty() when we write the buffer again. So just set uptodate flag unconditionally. Reviewed-by: Namjae Jeon Signed-off-by: Jan Kara Cc: Dave Jones Signed-off-by: Greg Kroah-Hartman commit 607ca4f51d6c4e7bec6d78f0a211476dae5552fc Author: Bian Naimeng Date: Mon Mar 8 14:49:01 2010 +0800 rpc client can not deal with ENOSOCK, so translate it into ENOCONN commit 5fe46e9d733f19a880ef7e516002bd4c2b833e14 upstream. If NFSv4 client send a request before connect, or the old connection was broken because a ETIMEOUT error catched by call_status, ->send_request will return ENOSOCK, but rpc layer can not deal with it, so make sure ->send_request can translate ENOSOCK into ENOCONN. Signed-off-by: Bian Naimeng Signed-off-by: Trond Myklebust Cc: Chuck Lever Signed-off-by: Greg Kroah-Hartman commit 3f81517baeb07ebfbbf9f1d73adc106a12e5cb3e Author: Trond Myklebust Date: Mon Oct 4 17:59:08 2010 -0400 NFSv4: Fix open recovery commit b0ed9dbc24f1fd912b2dd08b995153cafc1d5b1c upstream. NFSv4 open recovery is currently broken: since we do not clear the state->flags states before attempting recovery, we end up with the 'can_open_cached()' function triggering. This again leads to no OPEN call being put on the wire. Reported-by: Sachin Prabhu Signed-off-by: Trond Myklebust Cc: Chuck Lever Signed-off-by: Greg Kroah-Hartman commit ef53a562f5a168923aaa000655a8f3da935aff07 Author: Trond Myklebust Date: Thu Dec 3 15:53:21 2009 -0500 NFSv4: Handle NFS4ERR_GRACE when recovering an expired lease. commit a9ed2e2583747fb3139a764c317fac58893b968f upstream. If our lease expires, and the server reboots while we're recovering, we need to be able to wait until the grace period is over. Signed-off-by: Trond Myklebust Cc: Chuck Lever Signed-off-by: Greg Kroah-Hartman commit 1852b028a976ec97e75dbf17fe693f6d5ceeb906 Author: Trond Myklebust Date: Thu Dec 3 15:53:21 2009 -0500 NFSv4: Ensure the state manager handles NFS4ERR_NO_GRACE correctly commit c8b7ae3d3221536228260757444ee10c6d71793f upstream. Signed-off-by: Trond Myklebust Cc: Chuck Lever Signed-off-by: Greg Kroah-Hartman commit 065f8f7a00dbc4b41f81564679fac7312d0971c8 Author: Trond Myklebust Date: Thu Dec 3 15:53:20 2009 -0500 NFSv4: The state manager shouldn't exit on errors that were handled commit 4f7cdf18e14f81860b856ef7694ef58eb1a751c0 upstream. nfs4_recovery_handle_error() will correctly handle errors such as NFS4ERR_CB_PATH_DOWN, however because they are still passed back to the main loop in nfs4_state_manager(), they can cause the latter to exit prematurely. Fix this by letting nfs4_recovery_handle_error() change the error value in cases where there is no action required by the caller. Signed-off-by: Trond Myklebust Cc: Chuck Lever Signed-off-by: Greg Kroah-Hartman commit fe6077930e9cab73db89a236447c0fe918854798 Author: Trond Myklebust Date: Thu Dec 3 15:52:41 2009 -0500 NFSv4: Fix up the callers of nfs4_state_end_reclaim_reboot commit e345e88a774875cec26e097ea3ff2dc40c4f9da2 upstream. In practice, we need to ensure that we call nfs4_state_end_reclaim_reboot in 2 cases: - If we lose the lease while we were reclaiming state OR - After we're done with reboot recovery Signed-off-by: Trond Myklebust Cc: Chuck Lever Signed-off-by: Greg Kroah-Hartman commit 09948a33e414f5745823d838d43ed0a77213e928 Author: Carsten Otte Date: Fri Feb 3 15:37:14 2012 -0800 mm/filemap_xip.c: fix race condition in xip_file_fault() commit 99f02ef1f18631eb0a4e0ea0a3d56878dbcb4b90 upstream. Fix a race condition that shows in conjunction with xip_file_fault() when two threads of the same user process fault on the same memory page. In this case, the race winner will install the page table entry and the unlucky loser will cause an oops: xip_file_fault calls vm_insert_pfn (via vm_insert_mixed) which drops out at this check: retval = -EBUSY; if (!pte_none(*pte)) goto out_unlock; The resulting -EBUSY return value will trigger a BUG_ON() in xip_file_fault. This fix simply considers the fault as fixed in this case, because the race winner has successfully installed the pte. [akpm@linux-foundation.org: use conventional (and consistent) comment layout] Reported-by: David Sadler Signed-off-by: Carsten Otte Reported-by: Louis Alex Eisner Cc: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 6e6be14cc711f7162585ffa33dd829f2a2268eec Author: Jack Morgenstein Date: Thu Jan 26 16:41:33 2012 +0200 IB/mlx4: pass SMP vendor-specific attribute MADs to firmware commit a6f7feae6d19e84253918d88b04153af09d3a243 upstream. In the current code, vendor-specific MADs (e.g with the FDR-10 attribute) are silently dropped by the driver, resulting in timeouts at the sending side and inability to query/configure the relevant feature. However, the ConnectX firmware is able to handle such MADs. For unsupported attributes, the firmware returns a GET_RESPONSE MAD containing an error status. For example, for a FDR-10 node with LID 11: # ibstat mlx4_0 1 CA: 'mlx4_0' Port 1: State: Active Physical state: LinkUp Rate: 40 (FDR10) Base lid: 11 LMC: 0 SM lid: 24 Capability mask: 0x02514868 Port GUID: 0x0002c903002e65d1 Link layer: InfiniBand Extended Port Query (EPI) vendor mad timeouts before the patch: # smpquery MEPI 11 -d ibwarn: [4196] smp_query_via: attr 0xff90 mod 0x0 route Lid 11 ibwarn: [4196] _do_madrpc: retry 1 (timeout 1000 ms) ibwarn: [4196] _do_madrpc: retry 2 (timeout 1000 ms) ibwarn: [4196] _do_madrpc: timeout after 3 retries, 3000 ms ibwarn: [4196] mad_rpc: _do_madrpc failed; dport (Lid 11) smpquery: iberror: [pid 4196] main: failed: operation EPI: ext port info query failed EPI query works OK with the patch: # smpquery MEPI 11 -d ibwarn: [6548] smp_query_via: attr 0xff90 mod 0x0 route Lid 11 ibwarn: [6548] mad_rpc: data offs 64 sz 64 mad data 0000 0000 0000 0001 0000 0001 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 # Ext Port info: Lid 11 port 0 StateChangeEnable:...............0x00 LinkSpeedSupported:..............0x01 LinkSpeedEnabled:................0x01 LinkSpeedActive:.................0x01 Signed-off-by: Jack Morgenstein Signed-off-by: Or Gerlitz Acked-by: Ira Weiny Signed-off-by: Roland Dreier Signed-off-by: Greg Kroah-Hartman