Wrong MPP configuration would cause <cpu>_mpp_conf loop infinitely
because the mpp list iterator would not be incremented.
Signed-off-by: NMike Rapoport <mike@compulab.co.il>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

The type was IORESOURCE_IO which is not what is expected by
plat_nand_probe(). This device has not worked since 2d098a72
("mtd: plat_nand: request memory resource before doing ioremap").
Signed-off-by: NMichael Spang <mspang@csclub.uwaterloo.ca>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

Commit 21f0ba90 "orion/kirkwood: reset PCIe unit on boot" made the
reset of the PCIe unit unconditional.  While this may fix problems on some
targets, this also causes problems on other targets.

Saeed Bishara <saeed@marvell.com> said about the original problem: "We
couln't pinpoint the root cause of this issue, actually we failed to
reproduce that issue."

So let's restrict the reset of the PCIe unit only to the target where
the original problem was observed.
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Acked-by: NLennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

According to the Marvell LSP, the Sample at Reset regiter bit 21 can be
used to detect TCLK on 6281 and 6282 devices.

This patch has only been tested on LaCie boards.
Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Acked-by: NLennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

This patch add a LED class driver for LEDs found on the LaCie 2Big and
5Big Network v2 boards. The LEDs are wired to a CPLD and are controlled
through a GPIO extension bus.
Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

dev_set_drvdata() can't be used to set the driver private data pointer.
This would overwrite the led classdev object previously registered by
led_classdev_register().

Note that despite this mistake, the driver work fine because led_dat and
led_dat->cdev are at the same memory address.
Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

This patch adds support for the Seagate FreeAgent DockStar,
a Marvell SheevaPlug variant.
Signed-off-by: NEric Cooper <ecc@cmu.edu>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

This patch enables users to choose either the SDIO interface or UART1
(RS232/RS485). The selection can be done through kernel parameter.

By default the port would be used for SDIO interface. Passing the string
"kw_openrd_init_uart1=232" or "kw_openrd_init_uart1=485" enables either
the RS-232 or RS-485 port respectively; disabling the SDIO interface.
Anything else selects the default SDIO interface.

"kw_openrd_init_uart1=485" is ignored on OpenRD-Base as it doesn't
have RS485 port.
Signed-off-by: NTanmay Upadhyay <tanmay.upadhyay@einfochips.com>
Acked-by: NAlexander Clouter <alex@digriz.org.uk>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

This patch replace all the lock functions with the irq safe variant.
The ns2_led_{set,get}_mode() functions must be safe in all context.

For example, the trigger timer call led_set_brightness() in a softirq
context.
Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

Signed-off-by: NEric Miao <eric.miao@canonical.com>
Acked-by: NSaeed Bishara <saeed@marvell.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

When using simultaneously the two DMA channels on a same engine, some
transfers are never completed. For example, an endless lock can occur
while writing heavily on a RAID5 array (with async-tx offload support
enabled).

Note that this issue can also be reproduced by using the DMA test
client.

On a same engine, the interrupt cause register is shared between two
DMA channels. This patch make sure that the cause bit is only cleared
for the requested channel.
Signed-off-by: NSimon Guinot <sguinot@lacie.com>
Tested-by: NLuc Saillard <luc@saillard.org>
Acked-by: NSaeed Bishara <saeed@marvell.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>

The support for the 2 pcie port of the 6282 has broken i/o port by switching
*_IO_PHYS_BASE and *_IO_BUS_BASE. In fact, the patches reintroduced the same
bug solved by commit 35f029e2.
So, I'm adding back *_IO_BUS_BASE in resource declaration and fix definition
of KIRKWOOD_PCIE1_IO_BUS_BASE. With this change, the xgi card on my t5325 is
working again.
Signed-off-by: NArnaud Patard <arnaud.patard@rtp-net.org>
Acked-by: NSaeed Bishara <saeed@marvell.com>
Signed-off-by: NNicolas Pitre <nico@fluxnic.net>
Cc: stable@kernel.org

Fix docbook templates that reference files that do not contain the
expected kernel-doc notation.

Fixes these warnings:

  Warning(arch/x86/include/asm/unaligned.h): no structured comments found
  Warning(lib/vsprintf.c): no structured comments found

These cause errors in the generated html output, like below, so drop
these lines.

  Name
  arch/x86/include/asm/unaligned.h - Document generation inconsistency
  Oops
  Warning
  The template for this document tried to insert the structured comment from the file arch/x86/include/asm/unaligned.h at this point, but none was found. This dummy section is inserted to allow generation to continue.
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

When you don't use !E or !I but only !F, then it's very easy to miss
including some functions, structs etc.  in documentation.  To help
finding which ones were missed, allow printing out the unused ones as
warnings.

For example, using this on mac80211 yields a lot of warnings like this:

  Warning: didn't use docs for DOC: mac80211 workqueue
  Warning: didn't use docs for ieee80211_max_queues
  Warning: didn't use docs for ieee80211_bss_change
  Warning: didn't use docs for ieee80211_bss_conf

when generating the documentation for it.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

There are valid attributes that could have upper case letters, but we
still want to remove, like for example
	__attribute__((aligned(NETDEV_ALIGN)))
as encountered in the wireless code.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
  PM / Hibernate: Avoid hitting OOM during preallocation of memory
  PM QoS: Correct pr_debug() misuse and improve parameter checks
  PM: Prevent waiting forever on asynchronous resume after failing suspend

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] fix use-after-free in scsi_init_io()
  [SCSI] sd: fix medium-removal bug
  [SCSI] qla2xxx: Update version number to 8.03.04-k0.
  [SCSI] qla2xxx: Check for empty slot in request queue before posting Command type 6 request.
  [SCSI] qla2xxx: Cover UNDERRUN case where SCSI status is set.
  [SCSI] qla2xxx: Correctly set fw hung and complete only waiting mbx.
  [SCSI] qla2xxx: Reset seconds_since_last_heartbeat correctly.
  [SCSI] qla2xxx: make rport deletions explicit during vport removal
  [SCSI] qla2xxx: Fix vport delete issues
  [SCSI] sd, sym53c8xx: Remove warnings after vsprintf %pV introducation.
  [SCSI] Fix warning: zero-length gnu_printf format string
  [SCSI] hpsa: disable doorbell reset on reset_devices
  [SCSI] be2iscsi: Fix for Login failure
  [SCSI] fix bio.bi_rw handling

There is a problem in hibernate_preallocate_memory() that it calls
preallocate_image_memory() with an argument that may be greater than
the total number of available non-highmem memory pages.  If that's
the case, the OOM condition is guaranteed to trigger, which in turn
can cause significant slowdown to occur during hibernation.

To avoid that, make preallocate_image_memory() adjust its argument
before calling preallocate_image_pages(), so that the total number of
saveable non-highem pages left is not less than the minimum size of
a hibernation image.  Change hibernate_preallocate_memory() to try to
allocate from highmem if the number of pages allocated by
preallocate_image_memory() is too low.

Modify free_unnecessary_pages() to take all possible memory
allocation patterns into account.
Reported-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
Tested-by: NM. Vefa Bicakci <bicave@superonline.com>

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (28 commits)
  ipheth: remove incorrect devtype to WWAN
  MAINTAINERS: Add CAIF
  sctp: fix test for end of loop
  KS8851: Correct RX packet allocation
  udp: add rehash on connect()
  net: blackhole route should always be recalculated
  ipv4: Suppress lockdep-RCU false positive in FIB trie (3)
  niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
  ipvs: fix active FTP
  gro: Re-fix different skb headrooms
  via-velocity: Turn scatter-gather support back off.
  ipv4: Fix reverse path filtering with multipath routing.
  UNIX: Do not loop forever at unix_autobind().
  PATCH: b44 Handle RX FIFO overflow better (simplified)
  irda: off by one
  3c59x: Fix deadlock in vortex_error()
  netfilter: discard overlapping IPv6 fragment
  ipv6: discard overlapping fragment
  net: fix tx queue selection for bridged devices implementing select_queue
  bonding: Fix jiffies overflow problems (again)
  ...

Fix up trivial conflicts due to the same cgroup API thinko fix going
through both Andrew and the networking tree.  However, there were small
differences between the two, with Andrew's version generally being the
nicer one, and the one I merged first. So pick that one.

Conflicts in: include/linux/cgroup.h and kernel/cgroup.c

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  sparc: Kill all BKL usage.

Merge branch 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86, tsc: Fix a preemption leak in restore_sched_clock_state()
  sched: Move sched_avg_update() to update_cpu_load()

Doh, a real life genuine preemption leak..

This caused a suspend failure.

Reported-bisected-and-tested-by-the-invaluable: Jeff Chua <jeff.chua.linux@gmail.com>
Acked-by: NSuresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Nico Schottelius <nico-linux-20100709@schottelius.org>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Florian Pritz <flo@xssn.at>
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Len Brown <lenb@kernel.org>
Cc: <stable@kernel.org> # Greg, please apply after: cd7240c0 ("x86, tsc, sched: Recompute cyc2ns_offset's during resume from")
sleep states
LKML-Reference: <1284150773.402.122.camel@laptop>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ickle/drm-intel:
  drm/i915: don't enable self-refresh on Ironlake
  drm/i915: Double check that the wait_request is not pending before warning
  Revert "drm/i915: Warn if we run out of FIFO space for a mode"
  Revert "drm/i915: Allow LVDS on pipe A on gen4+"
  Revert "drm/i915: Enable RC6 on Ironlake."

* 'for-linus' of git://oss.sgi.com/xfs/xfs:
  xfs: log IO completion workqueue is a high priority queue
  xfs: prevent reading uninitialized stack memory

A real life genuine preemption leak..
Reported-and-tested-by: NJeff Chua <jeff.chua.linux@gmail.com>
Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: NSuresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Correct some pr_debug() misuse and add a stronger parameter check to
pm_qos_write() for the ASCII hex value case.  Thanks to Dan Carpenter
for pointing out the problem!
Signed-off-by: Nmark gross <markgross@thegnar.org>
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>

The workqueue implementation in 2.6.36-rcX has changed, resulting
in the workqueues no longer having dedicated threads for work
processing. This has caused severe livelocks under heavy parallel
create workloads because the log IO completions have been getting
held up behind metadata IO completions.  Hence log commits would
stall, memory allocation would stall because pages could not be
cleaned, and lock contention on the AIL during inode IO completion
processing was being seen to slow everything down even further.

By making the log Io completion workqueue a high priority workqueue,
they are queued ahead of all data/metadata IO completions and
processed before the data/metadata completions. Hence the log never
gets stalled, and operations needed to clean memory can continue as
quickly as possible. This avoids the livelock conditions and allos
the system to keep running under heavy load as per normal.
Signed-off-by: NDave Chinner <dchinner@redhat.com>
Reviewed-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NAlex Elder <aelder@sgi.com>

An execve with a very large total of argument/environment strings
can take a really long time in the execve system call.  It runs
uninterruptibly to count and copy all the strings.  This change
makes it abort the exec quickly if sent a SIGKILL.

Note that this is the conservative change, to interrupt only for
SIGKILL, by using fatal_signal_pending().  It would be perfectly
correct semantics to let any signal interrupt the string-copying in
execve, i.e. use signal_pending() instead of fatal_signal_pending().
We'll save that change for later, since it could have user-visible
consequences, such as having a timer set too quickly make it so that
an execve can never complete, though it always happened to work before.
Signed-off-by: NRoland McGrath <roland@redhat.com>
Reviewed-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

This adds a preemption point during the copying of the argument and
environment strings for execve, in copy_strings().  There is already
a preemption point in the count() loop, so this doesn't add any new
points in the abstract sense.

When the total argument+environment strings are very large, the time
spent copying them can be much more than a normal user time slice.
So this change improves the interactivity of the rest of the system
when one process is doing an execve with very large arguments.
Signed-off-by: NRoland McGrath <roland@redhat.com>
Reviewed-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

The CONFIG_STACK_GROWSDOWN variant of setup_arg_pages() does not
check the size of the argument/environment area on the stack.
When it is unworkably large, shift_arg_pages() hits its BUG_ON.
This is exploitable with a very large RLIMIT_STACK limit, to
create a crash pretty easily.

Check that the initial stack is not too large to make it possible
to map in any executable.  We're not checking that the actual
executable (or intepreter, for binfmt_elf) will fit.  So those
mappings might clobber part of the initial stack mapping.  But
that is just userland lossage that userland made happen, not a
kernel problem.
Signed-off-by: NRoland McGrath <roland@redhat.com>
Reviewed-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: Perform hardware_enable in CPU_STARTING callback
  KVM: i8259: fix migration
  KVM: fix i8259 oops when no vcpus are online
  KVM: x86 emulator: fix regression with cmpxchg8b on i386 hosts

Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  tracing: t_start: reset FTRACE_ITER_HASH in case of seek/pread
  perf symbols: Fix multiple initialization of symbol system
  perf: Fix CPU hotplug
  perf, trace: Fix module leak
  tracing/kprobe: Fix handling of C-unlike argument names
  tracing/kprobes: Fix handling of argument names
  perf probe: Fix handling of arguments names
  perf probe: Fix return probe support
  tracing/kprobe: Fix a memory leak in error case
  tracing: Do not allow llseek to set_ftrace_filter

Fix a bug in keyctl_session_to_parent() whereby it tries to check the ownership
of the parent process's session keyring whether or not the parent has a session
keyring [CVE-2010-2960].

This results in the following oops:

  BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0
  IP: [<ffffffff811ae4dd>] keyctl_session_to_parent+0x251/0x443
  ...
  Call Trace:
   [<ffffffff811ae2f3>] ? keyctl_session_to_parent+0x67/0x443
   [<ffffffff8109d286>] ? __do_fault+0x24b/0x3d0
   [<ffffffff811af98c>] sys_keyctl+0xb4/0xb8
   [<ffffffff81001eab>] system_call_fastpath+0x16/0x1b

if the parent process has no session keyring.

If the system is using pam_keyinit then it mostly protected against this as all
processes derived from a login will have inherited the session keyring created
by pam_keyinit during the log in procedure.

To test this, pam_keyinit calls need to be commented out in /etc/pam.d/.
Reported-by: NTavis Ormandy <taviso@cmpxchg8b.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Acked-by: NTavis Ormandy <taviso@cmpxchg8b.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

There's an protected access to the parent process's credentials in the middle
of keyctl_session_to_parent().  This results in the following RCU warning:

  ===================================================
  [ INFO: suspicious rcu_dereference_check() usage. ]
  ---------------------------------------------------
  security/keys/keyctl.c:1291 invoked rcu_dereference_check() without protection!

  other info that might help us debug this:

  rcu_scheduler_active = 1, debug_locks = 0
  1 lock held by keyctl-session-/2137:
   #0:  (tasklist_lock){.+.+..}, at: [<ffffffff811ae2ec>] keyctl_session_to_parent+0x60/0x236

  stack backtrace:
  Pid: 2137, comm: keyctl-session- Not tainted 2.6.36-rc2-cachefs+ #1
  Call Trace:
   [<ffffffff8105606a>] lockdep_rcu_dereference+0xaa/0xb3
   [<ffffffff811ae379>] keyctl_session_to_parent+0xed/0x236
   [<ffffffff811af77e>] sys_keyctl+0xb4/0xb6
   [<ffffffff81001eab>] system_call_fastpath+0x16/0x1b

The code should take the RCU read lock to make sure the parents credentials
don't go away, even though it's holding a spinlock and has IRQ disabled.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  block: Range check cpu in blk_cpu_to_group
  scatterlist: prevent invalid free when alloc fails
  writeback: Fix lost wake-up shutting down writeback thread
  writeback: do not lose wakeup events when forking bdi threads
  cciss: fix reporting of max queue depth since init
  block: switch s390 tape_block and mg_disk to elevator_change()
  block: add function call to switch the IO scheduler from a driver
  fs/bio-integrity.c: return -ENOMEM on kmalloc failure
  bio-integrity.c: remove dependency on __GFP_NOFAIL
  BLOCK: fix bio.bi_rw handling
  block: put dev->kobj in blk_register_queue fail path
  cciss: handle allocation failure
  cfq-iosched: Documentation help for new tunables
  cfq-iosched: blktrace print per slice sector stats
  cfq-iosched: Implement tunable group_idle
  cfq-iosched: Do group share accounting in IOPS when slice_idle=0
  cfq-iosched: Do not idle if slice_idle=0
  cciss: disable doorbell reset on reset_devices
  blkio: Fix return code for mkdir calls