1. 07 Jun, 2014 14 commits
  2. 18 May, 2014 10 commits
  3. 13 May, 2014 16 commits
    • Greg Kroah-Hartman's avatar
      Linux 3.4.90 · f39c8bf9
      Greg Kroah-Hartman authored
      f39c8bf9
    • Mike Snitzer's avatar
      dm thin: fix dangling bio in process_deferred_bios error path · 53b67ae8
      Mike Snitzer authored
      commit fe76cd88 upstream.
      
      If unable to ensure_next_mapping() we must add the current bio, which
      was removed from the @bios list via bio_list_pop, back to the
      deferred_bios list before all the remaining @bios.
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      Acked-by: default avatarJoe Thornber <ejt@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      53b67ae8
    • Giacomo Comes's avatar
      Skip intel_crt_init for Dell XPS 8700 · b4e472ed
      Giacomo Comes authored
      commit 10b6ee4a upstream.
      
      The Dell XPS 8700 has a onboard Display port and HDMI port and no VGA port.
      The call intel_crt_init freeze the machine, so skip such call.
      
      Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=73559
      Signed-off-by: Giacomo Comes <comes at naic.edu>
      Signed-off-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b4e472ed
    • Dan Carpenter's avatar
      mtd: sm_ftl: heap corruption in sm_create_sysfs_attributes() · 9a926913
      Dan Carpenter authored
      commit b4c23305 upstream.
      
      We always put a NUL terminator one space past the end of the "vendor"
      buffer.  Walter Harms also pointed out that this should just use
      kstrndup().
      
      Fixes: 7d17c02a ('mtd: Add new SmartMedia/xD FTL')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9a926913
    • Dan Carpenter's avatar
      mtd: nuc900_nand: NULL dereference in nuc900_nand_enable() · c3a47361
      Dan Carpenter authored
      commit c69dbbf3 upstream.
      
      Instead of writing to "nand->reg + REG_FMICSR" we write to "REG_FMICSR"
      which is NULL and not a valid register.
      
      Fixes: 8bff82cb ('mtd: add nand support for w90p910 (v2)')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c3a47361
    • Mikulas Patocka's avatar
      tgafb: fix data copying · fd9a5e6c
      Mikulas Patocka authored
      commit 6b0df682 upstream.
      
      The functions for data copying copyarea_foreward_8bpp and
      copyarea_backward_8bpp are buggy, they produce screen corruption.
      
      This patch fixes the functions and moves the logic to one function
      "copyarea_8bpp". For simplicity, the function only handles copying that
      is aligned on 8 pixes. If we copy an unaligned area, generic function
      cfb_copyarea is used.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fd9a5e6c
    • Marek Vasut's avatar
      gpio: mxs: Allow for recursive enable_irq_wake() call · 0e0dc735
      Marek Vasut authored
      commit a585f87c upstream.
      
      The scenario here is that someone calls enable_irq_wake() from somewhere
      in the code. This will result in the lockdep producing a backtrace as can
      be seen below. In my case, this problem is triggered when using the wl1271
      (TI WlCore) driver found in drivers/net/wireless/ti/ .
      
      The problem cause is rather obvious from the backtrace, but let's outline
      the dependency. enable_irq_wake() grabs the IRQ buslock in irq_set_irq_wake(),
      which in turns calls mxs_gpio_set_wake_irq() . But mxs_gpio_set_wake_irq()
      calls enable_irq_wake() again on the one-level-higher IRQ , thus it tries to
      grab the IRQ buslock again in irq_set_irq_wake() . Because the spinlock in
      irq_set_irq_wake()->irq_get_desc_buslock()->__irq_get_desc_lock() is not
      marked as recursive, lockdep will spew the stuff below.
      
      We know we can safely re-enter the lock, so use IRQ_GC_INIT_NESTED_LOCK to
      fix the spew.
      
       =============================================
       [ INFO: possible recursive locking detected ]
       3.10.33-00012-gf06b763-dirty #61 Not tainted
       ---------------------------------------------
       kworker/0:1/18 is trying to acquire lock:
        (&irq_desc_lock_class){-.-...}, at: [<c00685f0>] __irq_get_desc_lock+0x48/0x88
      
       but task is already holding lock:
        (&irq_desc_lock_class){-.-...}, at: [<c00685f0>] __irq_get_desc_lock+0x48/0x88
      
       other info that might help us debug this:
        Possible unsafe locking scenario:
      
              CPU0
              ----
         lock(&irq_desc_lock_class);
         lock(&irq_desc_lock_class);
      
        *** DEADLOCK ***
      
        May be due to missing lock nesting notation
      
       3 locks held by kworker/0:1/18:
        #0:  (events){.+.+.+}, at: [<c0036308>] process_one_work+0x134/0x4a4
        #1:  ((&fw_work->work)){+.+.+.}, at: [<c0036308>] process_one_work+0x134/0x4a4
        #2:  (&irq_desc_lock_class){-.-...}, at: [<c00685f0>] __irq_get_desc_lock+0x48/0x88
      
       stack backtrace:
       CPU: 0 PID: 18 Comm: kworker/0:1 Not tainted 3.10.33-00012-gf06b763-dirty #61
       Workqueue: events request_firmware_work_func
       [<c0013eb4>] (unwind_backtrace+0x0/0xf0) from [<c0011c74>] (show_stack+0x10/0x14)
       [<c0011c74>] (show_stack+0x10/0x14) from [<c005bb08>] (__lock_acquire+0x140c/0x1a64)
       [<c005bb08>] (__lock_acquire+0x140c/0x1a64) from [<c005c6a8>] (lock_acquire+0x9c/0x104)
       [<c005c6a8>] (lock_acquire+0x9c/0x104) from [<c051d5a4>] (_raw_spin_lock_irqsave+0x44/0x58)
       [<c051d5a4>] (_raw_spin_lock_irqsave+0x44/0x58) from [<c00685f0>] (__irq_get_desc_lock+0x48/0x88)
       [<c00685f0>] (__irq_get_desc_lock+0x48/0x88) from [<c0068e78>] (irq_set_irq_wake+0x20/0xf4)
       [<c0068e78>] (irq_set_irq_wake+0x20/0xf4) from [<c027260c>] (mxs_gpio_set_wake_irq+0x1c/0x24)
       [<c027260c>] (mxs_gpio_set_wake_irq+0x1c/0x24) from [<c0068cf4>] (set_irq_wake_real+0x30/0x44)
       [<c0068cf4>] (set_irq_wake_real+0x30/0x44) from [<c0068ee4>] (irq_set_irq_wake+0x8c/0xf4)
       [<c0068ee4>] (irq_set_irq_wake+0x8c/0xf4) from [<c0310748>] (wlcore_nvs_cb+0x10c/0x97c)
       [<c0310748>] (wlcore_nvs_cb+0x10c/0x97c) from [<c02be5e8>] (request_firmware_work_func+0x38/0x58)
       [<c02be5e8>] (request_firmware_work_func+0x38/0x58) from [<c0036394>] (process_one_work+0x1c0/0x4a4)
       [<c0036394>] (process_one_work+0x1c0/0x4a4) from [<c0036a4c>] (worker_thread+0x138/0x394)
       [<c0036a4c>] (worker_thread+0x138/0x394) from [<c003cb74>] (kthread+0xa4/0xb0)
       [<c003cb74>] (kthread+0xa4/0xb0) from [<c000ee00>] (ret_from_fork+0x14/0x34)
       wlcore: loaded
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Acked-by: default avatarShawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0e0dc735
    • Larry Finger's avatar
      rtlwifi: rtl8192se: Fix too long disable of IRQs · f8f3dc1a
      Larry Finger authored
      commit 2610decd upstream.
      
      In commit f78bccd7 entitled "rtlwifi:
      rtl8192ce: Fix too long disable of IRQs", Olivier Langlois
      <olivier@trillion01.com> fixed a problem caused by an extra long disabling
      of interrupts. This patch makes the same fix for rtl8192se.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f8f3dc1a
    • Larry Finger's avatar
      rtlwifi: rtl8192cu: Fix too long disable of IRQs · 04dbe2b4
      Larry Finger authored
      commit a53268be upstream.
      
      In commit f78bccd7 entitled "rtlwifi:
      rtl8192ce: Fix too long disable of IRQs", Olivier Langlois
      <olivier@trillion01.com> fixed a problem caused by an extra long disabling
      of interrupts. This patch makes the same fix for rtl8192cu.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      04dbe2b4
    • Jeff Layton's avatar
      locks: allow __break_lease to sleep even when break_time is 0 · 08f36d9d
      Jeff Layton authored
      commit 4991a628 upstream.
      
      A fl->fl_break_time of 0 has a special meaning to the lease break code
      that basically means "never break the lease". knfsd uses this to ensure
      that leases don't disappear out from under it.
      
      Unfortunately, the code in __break_lease can end up passing this value
      to wait_event_interruptible as a timeout, which prevents it from going
      to sleep at all. This causes __break_lease to spin in a tight loop and
      causes soft lockups.
      
      Fix this by ensuring that we pass a minimum value of 1 as a timeout
      instead.
      
      Cc: J. Bruce Fields <bfields@fieldses.org>
      Reported-by: default avatarTerry Barnaby <terry1@beam.ltd.uk>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      08f36d9d
    • Dan Williams's avatar
      libata/ahci: accommodate tag ordered controllers · e45d91ae
      Dan Williams authored
      commit 8a4aeec8 upstream.
      
      The AHCI spec allows implementations to issue commands in tag order
      rather than FIFO order:
      
      	5.3.2.12 P:SelectCmd
      	HBA sets pSlotLoc = (pSlotLoc + 1) mod (CAP.NCS + 1)
      	or HBA selects the command to issue that has had the
      	PxCI bit set to '1' longer than any other command
      	pending to be issued.
      
      The result is that commands posted sequentially (time-wise) may play out
      of sequence when issued by hardware.
      
      This behavior has likely been hidden by drives that arrange for commands
      to complete in issue order.  However, it appears recent drives (two from
      different vendors that we have found so far) inflict out-of-order
      completions as a matter of course.  So, we need to take care to maintain
      ordered submission, otherwise we risk triggering a drive to fall out of
      sequential-io automation and back to random-io processing, which incurs
      large latency and degrades throughput.
      
      This issue was found in simple benchmarks where QD=2 seq-write
      performance was 30-50% *greater* than QD=32 seq-write performance.
      
      Tagging for -stable and making the change globally since it has a low
      risk-to-reward ratio.  Also, word is that recent versions of an unnamed
      OS also does it this way now.  So, drives in the field are already
      experienced with this tag ordering scheme.
      
      Cc: Dave Jiang <dave.jiang@intel.com>
      Cc: Ed Ciechanowski <ed.ciechanowski@intel.com>
      Reviewed-by: default avatarMatthew Wilcox <matthew.r.wilcox@intel.com>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e45d91ae
    • Rafał Miłecki's avatar
      b43: Fix machine check error due to improper access of B43_MMIO_PSM_PHY_HDR · b9fbc576
      Rafał Miłecki authored
      commit 12cd43c6 upstream.
      
      Register B43_MMIO_PSM_PHY_HDR is 16 bit one, so accessing it with 32b
      functions isn't safe. On my machine it causes delayed (!) CPU exception:
      
      Disabling lock debugging due to kernel taint
      mce: [Hardware Error]: CPU 0: Machine Check Exception: 4 Bank 4: b200000000070f0f
      mce: [Hardware Error]: TSC 164083803dc
      mce: [Hardware Error]: PROCESSOR 2:20fc2 TIME 1396650505 SOCKET 0 APIC 0 microcode 0
      mce: [Hardware Error]: Run the above through 'mcelog --ascii'
      mce: [Hardware Error]: Machine check: Processor context corrupt
      Kernel panic - not syncing: Fatal machine check on current CPU
      Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
      Signed-off-by: default avatarRafał Miłecki <zajec5@gmail.com>
      Acked-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b9fbc576
    • Mikulas Patocka's avatar
      mach64: fix cursor when character width is not a multiple of 8 pixels · 34dc182b
      Mikulas Patocka authored
      commit 43751a1b upstream.
      
      This patch fixes the hardware cursor on mach64 when font width is not a
      multiple of 8 pixels.
      
      If you load such a font, the cursor is expanded to the next 8-byte
      boundary and a part of the next character after the cursor is not
      visible.
      For example, when you load a font with 12-pixel width, the cursor width
      is 16 pixels and when the cursor is displayed, 4 pixels of the next
      character are not visible.
      
      The reason is this: atyfb_cursor is called with proper parameters to
      load an image that is 12-pixel wide. However, the number is aligned on
      the next 8-pixel boundary on the line
      "unsigned int width = (cursor->image.width + 7) >> 3;" and the whole
      function acts as it is was loading a 16-pixel image.
      
      This patch fixes it so that the value written to the framebuffer is
      padded with 0xaaaa (the transparent pattern) when the image size it not
      a multiple of 8 pixels. The transparent pattern causes that the cursor
      will not interfere with the next character.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      34dc182b
    • Mikulas Patocka's avatar
      mach64: use unaligned access · caf6f524
      Mikulas Patocka authored
      commit c29dd869 upstream.
      
      This patch fixes mach64 to use unaligned access to the font bitmap.
      
      This fixes unaligned access warning on sparc64 when 14x8 font is loaded.
      
      On x86(64), unaligned access is handled in hardware, so both functions
      le32_to_cpup and get_unaligned_le32 perform the same operation.
      
      On RISC machines, unaligned access is not handled in hardware, so we
      better use get_unaligned_le32 to avoid the unaligned trap and warning.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      caf6f524
    • Mikulas Patocka's avatar
      matroxfb: restore the registers M_ACCESS and M_PITCH · 7ea30442
      Mikulas Patocka authored
      commit a772d473 upstream.
      
      When X11 is running and the user switches back to console, the card
      modifies the content of registers M_MACCESS and M_PITCH in periodic
      intervals.
      
      This patch fixes it by restoring the content of these registers before
      issuing any accelerator command.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7ea30442
    • Mikulas Patocka's avatar
      framebuffer: fix cfb_copyarea · 8b26a7a7
      Mikulas Patocka authored
      commit 00a9d699 upstream.
      
      The function cfb_copyarea is buggy when the copy operation is not aligned on
      long boundary (4 bytes on 32-bit machines, 8 bytes on 64-bit machines).
      
      How to reproduce:
      - use x86-64 machine
      - use a framebuffer driver without acceleration (for example uvesafb)
      - set the framebuffer to 8-bit depth
      	(for example fbset -a 1024x768-60 -depth 8)
      - load a font with character width that is not a multiple of 8 pixels
      	note: the console-tools package cannot load a font that has
      	width different from 8 pixels. You need to install the packages
      	"kbd" and "console-terminus" and use the program "setfont" to
      	set font width (for example: setfont Uni2-Terminus20x10)
      - move some text left and right on the bash command line and you get a
      	screen corruption
      
      To expose more bugs, put this line to the end of uvesafb_init_info:
      info->flags |= FBINFO_HWACCEL_COPYAREA | FBINFO_READS_FAST;
      - Now framebuffer console will use cfb_copyarea for console scrolling.
      You get a screen corruption when console is scrolled.
      
      This patch is a rewrite of cfb_copyarea. It fixes the bugs, with this
      patch, console scrolling in 8-bit depth with a font width that is not a
      multiple of 8 pixels works fine.
      
      The cfb_copyarea code was very buggy and it looks like it was written
      and never tried with non-8-pixel font.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8b26a7a7