If a device exposes a sparsely populated configuration ROM,
firewire-core's sysfs interface and character device file interface
showed random data in the gaps between config ROM blocks.  Fix this by
zero-initialization of the config ROM reader's scratch buffer.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The stack size of 16 was artificially chosen and may be too small in
extreme cases.  A device won't be accessible then.

Since it doesn't really matter to the slab allocator whether we ask for
1088 bytes or 2048 bytes of scratch memory, just allocate 2048 bytes for
the sum of temporary config ROM image and stack, and we will never ever
overflow the stack (because there simply can't be more stack items than
ROM entries).
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

It never happened yet, but better safe than sorry:  If a device's config
ROM contains a block which overlaps the boundary at 0xfffff00007ff, just
ignore that one block instead of refusing to add the device
representation.  That way, upper layers (kernelspace or userspace
drivers) might still be able to use the device to some degree.

That's better than total inaccessibility of the device.  Worse, the core
would have logged only a generic "giving up on config rom" message which
could only be debugged by feeding a firewire-ohci debug logging session
through a config ROM interpreter, IOW would likely remain undiagnosed.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The Panasonic AG-DV2500 tape deck contains an invalid entry in its
configuration ROM root directory:  A leaf pointer with the undefined key
ID 0 and an offset that points way out of the standard config ROM area.
This caused firewire-core to dismiss the device with the generic log
message "giving up on config rom for node id...", after which it was of
course impossible to access the tape deck with dvgrab or any other
program.  https://bugzilla.redhat.com/show_bug.cgi?id=449252#c29

The fix is to simply ignore this invalid ROM entry and proceed to read
the valid rest of the ROM.  There is a catch though:  When the kernel
later iterates over the ROM, it would be nasty having to check again for
such too large ROM offsets.  Therefore we manipulate the defective or
unsupported ROM entry to become a harmless immediate entry that won't
have any side effects later (an entry with the value 0x00000000).

Reported-by: George Chriss
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The netif_wake_queue() is called correctly (i.e. only on !txfull
condition) from txdone routine.  So Unconditional call to the
netif_wake_queue() here is wrong.  This might cause calling of
start_xmit routine on txfull state and trigger BUG_ON.

This bug does not happen when NAPI disabled.  After txdone there
must be at least one free tx slot.  But with NAPI, this is not
true anymore and the BUG_ON can hits on heavy load.

In this driver NAPI was enabled on 2.6.33-rc1 so this is
regression from 2.6.32 kernel.
Reported-by: NRalf Roesch <ralf.roesch@rw-gmbh.de>
Signed-off-by: NAtsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch adds a new vid/pid to the cdc_ether whitelist.

Device added:
- Ericsson Mobile Broadband variant C3607w
Signed-off-by: NTorgny Johansson <torgny.johansson@gmail.com>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.htmlSigned-off-by: NDavid S. Miller <davem@davemloft.net>

Check for error return from pci_map_single/pci_map_page and clean up.

With this and the previous patch the driver was able to handle a significant
percentage of errors (I set the fault injection rate to 10% and could still
download large files at a reasonable speed).
Signed-off-by: NAnton Blanchard <anton@samba.org>
Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Intercept query commands and apply relocations to their guest pointers.
Signed-off-by: NThomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>

Commit 4410f391 ("fbdev: add support for
handoff from firmware to hw framebuffers") didn't add fb_destroy
operation to efifb.  Fix it and change aperture_size to match size
passed to request_mem_region.

Addresses http://bugzilla.kernel.org/show_bug.cgi?id=15151Signed-off-by: NMarcin Slusarz <marcin.slusarz@gmail.com>
Reported-by: NAlex Zhavnerchik <alex.vizor@gmail.com>
Tested-by: NAlex Zhavnerchik <alex.vizor@gmail.com>
Acked-by: NPeter Jones <pjones@redhat.com>
Cc: Huang Ying <ying.huang@intel.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

geode-mfgpt: restore previous behavior for selecting IRQ

The MFGPT IRQ used to be, in order of decreasing priority,
 * IRQ supplied by the user as a boot-time parameter,
 * IRQ previously set by the BIOS or another driver,
 * default IRQ given at compile time.

Return to this behavior, which got broken when splitting the
MFGPT/clocksource driver for 2.6.33-rc1.
Signed-off-by: NJens Rottmann <JRottmann@LiPPERTEmbedded.de>
Acked-by: NAndres Salomon <dilinger@collabora.co.uk>
Cc: Jordan Crouse <jordan.crouse@amd.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: john stultz <johnstul@us.ibm.com>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Signed-off-by: NBen Skeggs <bskeggs@redhat.com>

This also modifies the unused PRAMIN PT entries to be all zeroes, can't
really recall why I used 9/0 initially, just that it didn't work for
some reason.  It was likely masking a bug elsewhere that's since been
fixed.
Signed-off-by: NBen Skeggs <bskeggs@redhat.com>

This commit changes nouveau to construct PTEs which look very much like
the ones the binary driver creates.

I presume that filling multiple PTEs identically with length flags and
the physical address of the start of a block of VRAM is a hint to the
memory controller that it need not perform additional page table lookups
for that range of addresses.
Signed-off-by: NBen Skeggs <bskeggs@redhat.com>

Signed-off-by: NBen Skeggs <bskeggs@redhat.com>

GART is handled elsewhere, no reason to have the code for it here too.
Signed-off-by: NBen Skeggs <bskeggs@redhat.com>

Signed-off-by: NFrancisco Jerez <currojerez@riseup.net>
Signed-off-by: NBen Skeggs <bskeggs@redhat.com>

ACPI deep C-state entry had a long standing bug/missing feature, wherein we were sending
resched IPIs when an idle CPU is in mwait based deep C-state. Only mwait based C1 was using
the write to the monitored address to wake up mwait'ing CPU.

This patch changes the code to retain TS_POLLING bit if we are entering an mwait based
deep C-state.

The patch has been verified to reduce the number of resched IPIs in general and also
improves the performance/power on workloads with low system utilization (i.e., when mwait based
deep C-states are being used).

Fixes "netperf ~50% regression with 2.6.33-rc1, bisect to 1b9508f6"
http://marc.info/?l=linux-kernel&m=126441481427331&w=4Reported-by: NLin Ming <ming.m.lin@intel.com>
Tested-by: NAlex Shi <alex.shi@intel.com>
Signed-off-by: NVenkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: NLen Brown <len.brown@intel.com>

Commit 84b79f8d (drm/i915: Fix crash
while aborting hibernation) attempted to fix a regression introduced
by commit cbda12d7 (drm/i915:
implement new pm ops for i915), but it went too far trying to split
the freeze/suspend and resume/thaw parts of the code.  As a result,
it introduced another regression, which only is visible on some systems.

Fix the problem by merging i915_drm_suspend() with
i915_drm_freeze() and moving some code from i915_resume()
into i915_drm_thaw(), so that intel_opregion_free() and
intel_opregion_init() are also executed in the freeze and thaw code
paths, respectively.
Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
Reported-and-tested-by: NPedro Ribeiro <pedrib@gmail.com>
Tested-by: NTino Keitel <tino.keitel@tikei.de>
Acked-by: NEric Anholt <eric@anholt.net>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Check the frame control for ieee80211_is_data_qos() is true before
counting the number of tfds can be free, the tfds_in_queue only
increment when ieee80211_is_data_qos() is true before transmit; so it
should only decrement if the type match.

Remove ieee80211_is_data_qos check for frame_ctrl in tx_resp to avoid
invalid information pass from uCode.
Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: NWey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
CC: stable@kernel.org
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When receive reply_tx and ready to decrement the count for number of
tfds in queue, do error checking to prevent error condition and
tfds_in_queue become negative number.
Signed-off-by: NWey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
CC: stable@kernel.org
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Generaltouch protocol allows for coordinates in [0, 0xffff] range and
there are devices reporting coordinates as high as 0x7fff so let's update
the driver to reflect that.
Signed-off-by: NRoy Yin <yhch@generaltouch.com>
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>

Relying on overflow/wrap around isn't exact because if you wrap far
enough, you get back to "valid" values.
Reported-by: NThorsten Pohlmann <pohlmann@tetronik.com>
Signed-off-by: NMike Frysinger <vapier@gentoo.org>
Signed-off-by: NWim Van Sebroeck <wim@iguana.be>
Cc: stable <stable@kernel.org>

The current implementation of Bus_Time read access was buggy since it
did not ensure that Bus_Time.second_count_hi and second_count_lo came
from the same 128 seconds period.
Reported-by: NHåkan Johansson <f96hajo@chalmers.se>

Instead of a fix, remove Bus_Time register support altogether.  The spec
requires all cycle master capable nodes to implement this (all Linux
nodes are cycle master capable) while it also says that it "may" be
initialized by the bus manager or by the IRM standing in for a bus
manager.  (Neither Linux' firewire-core nor ieee1394 nodemgr implement
this.)

Since we cannot rely on Bus_Time having been initialized by a bus
manager, it is better to return an error instead of a nonsensical value
on a read request to Bus_Time.

Alternatively, we could fix the Bus_Time read integrity bug _and_
implement (a) cycle master's write support of the register as well as
(b) bus manager's Bus_Time initialization service, i.e. preservation of
the Bus_Time when the cycle master node of a bus changes.  However, that
would be quite some code for a feature that is unreliable to begin with
and very likely unused in practice.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

ohci:  Break out of the retry loop if too many attempts were necessary.
This may theoretically happen if the chip is fatally defective or if the
get_cycle_timer ioctl was performed after a CardBus controller was
ejected.

Also micro-optimize the loop by re-using the last two register reads in
the next iteration, remove a questionable inline keyword, and shuffle a
comment around.

core:  ioctl_get_cycle_timer() is always called with interrupts on,
therefore local_irq_save() can be replaced by local_irq_disable().
Disabled local IRQs imply disabled preemption, hence preempt_disable()
can be removed.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

When polled input device is opened and closed and there are no other
users of polled device, the workqueue is created and destroyed in
every open / close operation. It is probable that at some point
dynamic allocation of internal parts of the workqueue cause changes to the
workqueue.

When a work is queued to the workqueue the work struct contains pointers
to the workqueue data. If the workqueue has been changed and the work
has never been queued to the new workqueue, work-struct contains pointers
to the non-existing workqueue. This will cause crash at the work
cancellation during device close since cancellation of a work assumes
that the workqueue exists.

To prevent that, work struct is cleaned up at device close. This keeps
work struct clean for the next use.
Signed-off-by: NSamu Onkalo <samu.p.onkalo@nokia.com>
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>

The temperature and voltage limits currently set on these boards are
too conservative and will cause the driver to stop the net device
erroneously in some systems.

Based on a review of the chip datasheets and advice from the designer
of these boards:

- Raise the maximum board temperatures to the specified maximum ambient
  temperatures for their PHYs plus the expected temperature bias of the
  board
- Raise the maximum controller temperature to 90 degrees
- Lower the minimum temperatures to 0 degrees
- Widen the voltage tolerances to at least +/- 10%
Signed-off-by: NBen Hutchings <bhutchings@solarflare.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

efx_mcdi_poll() uses positive error numbers, matching the MCDI
protocol.  It must negate the result of efx_mcdi_poll_reboot() which
returns the usual negative error numbers.
Signed-off-by: NBen Hutchings <bhutchings@solarflare.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This lets UMS userspace know the rv740 fix is in. For KMS we can
consider the kernel release to be the v2.0.0 release so we don't need the
bump there.
Signed-off-by: NDave Airlie <airlied@redhat.com>

If at IB free time fence wasn't emited that means the IB wasn't
scheduled because an error occured somewhere, thus we can free
then fence and mark the IB as free.
Signed-off-by: NJerome Glisse <jglisse@redhat.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>

http://bugzilla.kernel.org/show_bug.cgi?id=15328

This fixes a serious regression on AGP/non-PAT systems, where
pages were ending up in the wrong state and slowing down the
whole system.

[airlied: taken this from the bug as the other option is to revert
the change which caused it].

Tested-by: John W. Linville (in bug).
Signed-off-by: NDave Airlie <airlied@redhat.com>

This patch fixes occlusion queries and rendering errors
on rv740 boards. Hardcoding the backend map is not an optimal
solution, but a better fix is being worked on.
Signed-off-by: NAlex Deucher <alexdeucher@gmail.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>

Just compare the i2c id since the i2c structs
may be slighly different.

Fixes fdo bug 26616.
Signed-off-by: NAlex Deucher <alexdeucher@gmail.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>

rs600 board lists DVI port as HDMI.

Fixes fdo bug 26605
Signed-off-by: NAlex Deucher <alexdeucher@gmail.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>

Commit 77c1ff39 fixed the userspace
pointer dereference, but introduced another bug pointed out by Eugene Teo
in RH bug #564264. Instead of comparing the point we were at in the string,
we instead compared the beginning of the string to "default".
Signed-off-by: NKyle McMartin <kyle@redhat.com>
Reported-by: NEugene Teo <eteo@redhat.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>

It looks like this patch -

commit 7b2519af
Author: Yang, Bo <Bo.Yang@lsi.com>
Date:   Tue Oct 6 14:52:20 2009 -0600

    [SCSI] megaraid_sas: fix 64 bit sense pointer truncation

has caused a problem for 32bit programs with 64bit os -

http://bugzilla.kernel.org/show_bug.cgi?id=15001

fix by converting the user space 32bit pointer to a 64 bit one when
needed.

[jejb: fix up some 64 bit warnings]
Signed-off-by: NTomas Henzl <thenzl@redhat.com>
Cc: Bo Yang <Bo.Yang@lsi.com>
Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>

The HT extension channel settings require priv->staging_rxon.channel to be
accurate. However, iwl_set_rxon_ht was being called before iwl_set_rxon_channel
and thus HT40 could be broken unless another call to iwl_mac_config came in.

This problem was recently introduced by "iwlwifi: Fix to set correct ht
configuration"

The particular setting in which I noticed this was monitor mode:

	iwconfig wlan0 mode monitor
	ifconfig wlan0 up
	./iw wlan0 set channel 64 HT40-
	#./iw wlan0 set channel 64 HT40-
	tcpdump -i wlan0 -y IEEE802_11_RADIO

would only catch HT40 packets if I issued the IW command twice.

From visual inspection, iwl_set_rxon_channel does not depend on
iwl_set_rxon_ht, so simply swapping them should be safe and fixes this problem.
Signed-off-by: NDaniel Halperin <dhalperi@cs.washington.edu>
Acked-by: NWey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
CC: stable@kernel.org
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Discussed in "read_cycle_timer backwards for sub-cycle 0000, 0001",
http://thread.gmane.org/gmane.linux.kernel.firewire.devel/13704

Known bad controllers:
  ALi M5271, listed by lspci as M5253 [10b9:5253]
  NEC OrangeLink [1033:00cd] (rev 03)
  NEC uPD72874 [1033:00f2] (rev 01)
  VIA VT6306 [1106:3044] (rev 46)
  VIA VT6308P, listed by lspci as rev c0
Reported-by: NPieter Palmers <pieterp@joow.be>
Reported-by: NHåkan Johansson <f96hajo@chalmers.se>
Reported-by: NClemens Ladisch <clemens@ladisch.de>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

VIA controllers sometimes return an inconsistent value when reading the
isochronous cycle timer register.  To work around this, read the
register multiple times and add consistency checks.
Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
Reported-by: NPieter Palmers <pieterp@joow.be>
Reported-by: NHåkan Johansson <f96hajo@chalmers.se>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Earlier, Ingo Molnar posted a patch to make it so that the kernel would avoid
reading _PPC on his broken T60.  Unfortunately, it seems that with Thomas
Renninger's patch last July to eliminate _PPC evaluations when the processor
driver loads, the kernel never actually reads _PPC at all!  This is problematic
if you happen to boot your non-T60 computer in a state where the BIOS _wants_
_PPC to be something other than zero.

So, put the _PPC evaluation back into acpi_processor_get_performance_info if
ignore_ppc isn't 1.
Signed-off-by: NDarrick J. Wong <djwong@us.ibm.com>
Signed-off-by: NLen Brown <len.brown@intel.com>

Set the backlight to use the current brightness when loaded, rather than
always resetting the backlight to maximum brightness.

Fixes kernel bugzilla #14207
Signed-off-by: NCarlos Corbacho <carlos@strangeworlds.co.uk>
Reported-by: NDenis Mukhin <denis_mukhin@yahoo.com>
Signed-off-by: NLen Brown <len.brown@intel.com>