commit f1c84a5cb52ee2915457b481c756fcc1dfe6a471 Author: Greg Kroah-Hartman Date: Fri Apr 27 09:52:09 2012 -0700 Linux 3.0.30 commit ad24d0be9d68b8907bcdd170649214db4ce6a55c Author: Neal Cardwell Date: Sun Apr 22 09:45:47 2012 +0000 tcp: fix TCP_MAXSEG for established IPv6 passive sockets [ Upstream commit d135c522f1234f62e81be29cebdf59e9955139ad ] Commit f5fff5d forgot to fix TCP_MAXSEG behavior IPv6 sockets, so IPv6 TCP server sockets that used TCP_MAXSEG would find that the advmss of child sockets would be incorrect. This commit mirrors the advmss logic from tcp_v4_syn_recv_sock in tcp_v6_syn_recv_sock. Eventually this logic should probably be shared between IPv4 and IPv6, but this at least fixes this issue. Signed-off-by: Neal Cardwell Acked-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 28b78eb401b7e60c0984eacf3837cf09a2307253 Author: Eric W. Biederman Date: Wed Apr 18 16:11:23 2012 +0000 net ax25: Reorder ax25_exit to remove races. [ Upstream commit 3adadc08cc1e2cbcc15a640d639297ef5fcb17f5 ] While reviewing the sysctl code in ax25 I spotted races in ax25_exit where it is possible to receive notifications and packets after already freeing up some of the data structures needed to process those notifications and updates. Call unregister_netdevice_notifier early so that the rest of the cleanup code does not need to deal with network devices. This takes advantage of my recent enhancement to unregister_netdevice_notifier to send unregister notifications of all network devices that are current registered. Move the unregistration for packet types, socket types and protocol types before we cleanup any of the ax25 data structures to remove the possibilities of other races. Signed-off-by: Eric W. Biederman Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit d76556549e7a97c25269644afd0b1b18a6c42214 Author: Dan Carpenter Date: Thu Apr 19 10:00:19 2012 +0300 ksz884x: don't copy too much in netdev_set_mac_address() [ Upstream commit 716af4abd6e6370226f567af50bfaca274515980 ] MAX_ADDR_LEN is 32. ETH_ALEN is 6. mac->sa_data is a 14 byte array, so the memcpy() is doing a read past the end of the array. I asked about this on netdev and Ben Hutchings told me it's supposed to be copying ETH_ALEN bytes (thanks Ben). Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 0958c122f47f4ef2a1ae552fed56a8bf8502c32b Author: Julian Anastasov Date: Mon Apr 16 04:43:15 2012 +0000 netns: do not leak net_generic data on failed init [ Upstream commit b922934d017f1cc831b017913ed7d1a56c558b43 ] ops_init should free the net_generic data on init failure and __register_pernet_operations should not call ops_free when NET_NS is not enabled. Signed-off-by: Julian Anastasov Reviewed-by: "Eric W. Biederman" Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 6a0e69cea2ec1499224067989470d3c929dbd67e Author: Eric Dumazet Date: Mon Apr 16 23:28:07 2012 +0000 tcp: fix tcp_grow_window() for large incoming frames [ Upstream commit 4d846f02392a710f9604892ac3329e628e60a230 ] tcp_grow_window() has to grow rcv_ssthresh up to window_clamp, allowing sender to increase its window. tcp_grow_window() still assumes a tcp frame is under MSS, but its no longer true with LRO/GRO. This patch fixes one of the performance issue we noticed with GRO on. Signed-off-by: Eric Dumazet Cc: Neal Cardwell Cc: Tom Herbert Acked-by: Neal Cardwell Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 3286761923475d1b4a943e65a1dadda1caee7723 Author: Hiroaki SHIMODA Date: Sun Apr 15 13:26:01 2012 +0000 dummy: Add ndo_uninit(). [ Upstream commit 890fdf2a0cb88202d1427589db2cf29c1bdd3c1d ] In register_netdevice(), when ndo_init() is successful and later some error occurred, ndo_uninit() will be called. So dummy deivce is desirable to implement ndo_uninit() method to free percpu stats for this case. And, ndo_uninit() is also called along with dev->destructor() when device is unregistered, so in order to prevent dev->dstats from being freed twice, dev->destructor is modified to free_netdev(). Signed-off-by: Hiroaki SHIMODA Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit b447077dd43c927a5c5171956309cd849decd769 Author: Stephane Fillod Date: Sun Apr 15 11:38:29 2012 +0000 net: usb: smsc75xx: fix mtu [ Upstream commit a99ff7d0123b19ecad3b589480b6542716ab6b52 ] Make smsc75xx recalculate the hard_mtu after adjusting the hard_header_len. Without this, usbnet adjusts the MTU down to 1492 bytes, and the host is unable to receive standard 1500-byte frames from the device. Inspired by same fix on cdc_eem 78fb72f7936c01d5b426c03a691eca082b03f2b9. Tested on ARM/Omap3 with EVB-LAN7500-LC. Signed-off-by: Stephane Fillod Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 11e8e6af6ec119f354354f69cc9aade7c6a0bb42 Author: David Ward Date: Sun Apr 15 12:31:45 2012 +0000 net_sched: gred: Fix oops in gred_dump() in WRED mode [ Upstream commit 244b65dbfede788f2fa3fe2463c44d0809e97c6b ] A parameter set exists for WRED mode, called wred_set, to hold the same values for qavg and qidlestart across all VQs. The WRED mode values had been previously held in the VQ for the default DP. After these values were moved to wred_set, the VQ for the default DP was no longer created automatically (so that it could be omitted on purpose, to have packets in the default DP enqueued directly to the device without using RED). However, gred_dump() was overlooked during that change; in WRED mode it still reads qavg/qidlestart from the VQ for the default DP, which might not even exist. As a result, this command sequence will cause an oops: tc qdisc add dev $DEV handle $HANDLE parent $PARENT gred setup \ DPs 3 default 2 grio tc qdisc change dev $DEV handle $HANDLE gred DP 0 prio 8 $RED_OPTIONS tc qdisc change dev $DEV handle $HANDLE gred DP 1 prio 8 $RED_OPTIONS This fixes gred_dump() in WRED mode to use the values held in wred_set. Signed-off-by: David Ward Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 33e5a8b74671581e307aabc59c415190df0c121b Author: Davide Ciminaghi Date: Fri Apr 13 04:48:25 2012 +0000 net/ethernet: ks8851_mll fix rx frame buffer overflow [ Upstream commit 8a9a0ea6032186e3030419262678d652b88bf6a8 ] At the beginning of ks_rcv(), a for loop retrieves the header information relevant to all the frames stored in the mac's internal buffers. The number of pending frames is stored as an 8 bits field in KS_RXFCTR. If interrupts are disabled long enough to allow for more than 32 frames to accumulate in the MAC's internal buffers, a buffer overflow occurs. This patch fixes the problem by making the driver's frame_head_info buffer big enough. Well actually, since the chip appears to have 12K of internal rx buffers and the shortest ethernet frame should be 64 bytes long, maybe the limit could be set to 12*1024/64 = 192 frames, but 255 should be safer. Signed-off-by: Davide Ciminaghi Signed-off-by: Raffaele Recalcati Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 8b20a647671ec0f48a22bbd44a52b8e914914140 Author: Will Deacon Date: Thu Apr 12 05:54:09 2012 +0000 net: smsc911x: fix skb handling in receive path [ Upstream commit 3c5e979bd037888dd7d722da22da4b43659af485 ] The SMSC911x driver resets the ->head, ->data and ->tail pointers in the skb on the reset path in order to avoid buffer overflow due to packet padding performed by the hardware. This patch fixes the receive path so that the skb pointers are fixed up after the data has been read from the device, The error path is also fixed to use number of words consistently and prevent erroneous FIFO fastforwarding when skipping over bad data. Signed-off-by: Will Deacon Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 68b80be09c226e303e94241880b4a80248ee62ef Author: Jason Wang Date: Wed Apr 11 22:10:54 2012 +0000 8139cp: set intr mask after its handler is registered [ Upstream commit a8c9cb106fe79c28d6b7f1397652cadd228715ff ] We set intr mask before its handler is registered, this does not work well when 8139cp is sharing irq line with other devices. As the irq could be enabled by the device before 8139cp's hander is registered which may lead unhandled irq. Fix this by introducing an helper cp_irq_enable() and call it after request_irq(). Signed-off-by: Jason Wang Reviewed-by: Flavio Leitner Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit bb2f6102c815c14572642205191eb0fa883d8723 Author: Tony Zelenoff Date: Wed Apr 11 06:15:03 2012 +0000 atl1: fix kernel panic in case of DMA errors [ Upstream commit 03662e41c7cff64a776bfb1b3816de4be43de881 ] Problem: There was two separate work_struct structures which share one handler. Unfortunately getting atl1_adapter structure from work_struct in case of DMA error was done from incorrect offset which cause kernel panics. Solution: The useless work_struct for DMA error removed and handler name changed to more generic one. Signed-off-by: Tony Zelenoff Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 4a1abcbd24d856fe49029c3dc6f7fe8dc66ddaac Author: Neal Cardwell Date: Tue Apr 10 07:59:20 2012 +0000 tcp: fix tcp_rcv_rtt_update() use of an unscaled RTT sample [ Upstream commit 18a223e0b9ec8979320ba364b47c9772391d6d05 ] Fix a code path in tcp_rcv_rtt_update() that was comparing scaled and unscaled RTT samples. The intent in the code was to only use the 'm' measurement if it was a new minimum. However, since 'm' had not yet been shifted left 3 bits but 'new_sample' had, this comparison would nearly always succeed, leading us to erroneously set our receive-side RTT estimate to the 'm' sample when that sample could be nearly 8x too high to use. The overall effect is to often cause the receive-side RTT estimate to be significantly too large (up to 40% too large for brief periods in my tests). Signed-off-by: Neal Cardwell Acked-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 6d7946bd33e29b2659504ffb3b98aa9fdb2229d8 Author: Eric Dumazet Date: Fri Apr 6 10:49:10 2012 +0200 net: fix a race in sock_queue_err_skb() [ Upstream commit 110c43304db6f06490961529536c362d9ac5732f ] As soon as an skb is queued into socket error queue, another thread can consume it, so we are not allowed to reference skb anymore, or risk use after free. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 19a8321ccebc1db80a75d32d0235f2beb646d8f7 Author: Eric Dumazet Date: Thu Apr 5 22:17:46 2012 +0000 netlink: fix races after skb queueing [ Upstream commit 4a7e7c2ad540e54c75489a70137bf0ec15d3a127 ] As soon as an skb is queued into socket receive_queue, another thread can consume it, so we are not allowed to reference skb anymore, or risk use after free. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 589336f3c7731b608e860e984f753909b00efad7 Author: Phil Sutter Date: Mon Mar 26 09:01:30 2012 +0000 wimax: i2400m - prevent a possible kernel bug due to missing fw_name string [ Upstream commit 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80 ] This happened on a machine with a custom hotplug script calling nameif, probably due to slow firmware loading. At the time nameif uses ethtool to gather interface information, i2400m->fw_name is zero and so a null pointer dereference occurs from within i2400m_get_drvinfo(). Signed-off-by: Phil Sutter Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 53288841cc5e7cb81b5980a46462d8a357bc3387 Author: Veaceslav Falico Date: Thu Apr 5 03:47:43 2012 +0000 bonding: properly unset current_arp_slave on slave link up [ Upstream commit 5a4309746cd74734daa964acb02690c22b3c8911 ] When a slave comes up, we're unsetting the current_arp_slave without removing active flags from it, which can lead to situations where we have more than one slave with active flags in active-backup mode. To avoid this situation we must remove the active flags from a slave before removing it as a current_arp_slave. Signed-off-by: Veaceslav Falico Signed-off-by: Jay Vosburgh Signed-off-by: Andy Gospodarek Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 9acd6c30514c0801e94e1bb3fa4734e9e47ab560 Author: Sasha Levin Date: Thu Apr 5 12:07:45 2012 +0000 phonet: Check input from user before allocating [ Upstream commit bcf1b70ac6eb0ed8286c66e6bf37cb747cbaa04c ] A phonet packet is limited to USHRT_MAX bytes, this is never checked during tx which means that the user can specify any size he wishes, and the kernel will attempt to allocate that size. In the good case, it'll lead to the following warning, but it may also cause the kernel to kick in the OOM and kill a random task on the server. [ 8921.744094] WARNING: at mm/page_alloc.c:2255 __alloc_pages_slowpath+0x65/0x730() [ 8921.749770] Pid: 5081, comm: trinity Tainted: G W 3.4.0-rc1-next-20120402-sasha #46 [ 8921.756672] Call Trace: [ 8921.758185] [] warn_slowpath_common+0x87/0xb0 [ 8921.762868] [] warn_slowpath_null+0x15/0x20 [ 8921.765399] [] __alloc_pages_slowpath+0x65/0x730 [ 8921.769226] [] ? zone_watermark_ok+0x1a/0x20 [ 8921.771686] [] ? get_page_from_freelist+0x625/0x660 [ 8921.773919] [] __alloc_pages_nodemask+0x1f8/0x240 [ 8921.776248] [] kmalloc_large_node+0x70/0xc0 [ 8921.778294] [] __kmalloc_node_track_caller+0x34/0x1c0 [ 8921.780847] [] ? sock_alloc_send_pskb+0xbc/0x260 [ 8921.783179] [] __alloc_skb+0x75/0x170 [ 8921.784971] [] sock_alloc_send_pskb+0xbc/0x260 [ 8921.787111] [] ? release_sock+0x7e/0x90 [ 8921.788973] [] sock_alloc_send_skb+0x10/0x20 [ 8921.791052] [] pep_sendmsg+0x60/0x380 [ 8921.792931] [] ? pn_socket_bind+0x156/0x180 [ 8921.794917] [] ? pn_socket_autobind+0x3f/0x90 [ 8921.797053] [] pn_socket_sendmsg+0x4f/0x70 [ 8921.798992] [] sock_aio_write+0x187/0x1b0 [ 8921.801395] [] ? sub_preempt_count+0xae/0xf0 [ 8921.803501] [] ? __lock_acquire+0x42c/0x4b0 [ 8921.805505] [] ? __sock_recv_ts_and_drops+0x140/0x140 [ 8921.807860] [] do_sync_readv_writev+0xbc/0x110 [ 8921.809986] [] ? might_fault+0x97/0xa0 [ 8921.811998] [] ? security_file_permission+0x1e/0x90 [ 8921.814595] [] do_readv_writev+0xe2/0x1e0 [ 8921.816702] [] ? do_setitimer+0x1ac/0x200 [ 8921.818819] [] ? get_parent_ip+0x11/0x50 [ 8921.820863] [] ? sub_preempt_count+0xae/0xf0 [ 8921.823318] [] vfs_writev+0x46/0x60 [ 8921.825219] [] sys_writev+0x4f/0xb0 [ 8921.827127] [] system_call_fastpath+0x16/0x1b [ 8921.829384] ---[ end trace dffe390f30db9eb7 ]--- Signed-off-by: Sasha Levin Acked-by: Rémi Denis-Courmont Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 93deb00abf9ccfcd66060760df11061cc0b9f030 Author: RongQing.Li Date: Wed Apr 4 16:47:04 2012 +0000 ipv6: fix array index in ip6_mc_add_src() [ Upstream commit 78d50217baf36093ab320f95bae0d6452daec85c ] Convert array index from the loop bound to the loop index. And remove the void type conversion to ip6_mc_del1_src() return code, seem it is unnecessary, since ip6_mc_del1_src() does not use __must_check similar attribute, no compiler will report the warning when it is removed. v2: enrich the commit header Signed-off-by: RongQing.Li Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 4baf6fcf14c1c8e228dbf73bc3b5393c80ce6065 Author: Herbert Xu Date: Wed Apr 4 01:01:20 2012 +0000 bridge: Do not send queries on multicast group leaves [ Upstream commit 996304bbea3d2a094b7ba54c3bd65d3fffeac57b ] As it stands the bridge IGMP snooping system will respond to group leave messages with queries for remaining membership. This is both unnecessary and undesirable. First of all any multicast routers present should be doing this rather than us. What's more the queries that we send may end up upsetting other multicast snooping swithces in the system that are buggy. In fact, we can simply remove the code that send these queries because the existing membership expiry mechanism doesn't rely on them anyway. So this patch simply removes all code associated with group queries in response to group leave messages. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 3109ea06da8538ee3ded3489b26065a3be32f360 Author: Thomas Graf Date: Tue Apr 3 22:17:53 2012 +0000 sctp: Allow struct sctp_event_subscribe to grow without breaking binaries [ Upstream commit acdd5985364f8dc511a0762fab2e683f29d9d692 ] getsockopt(..., SCTP_EVENTS, ...) performs a length check and returns an error if the user provides less bytes than the size of struct sctp_event_subscribe. Struct sctp_event_subscribe needs to be extended by an u8 for every new event or notification type that is added. This obviously makes getsockopt fail for binaries that are compiled against an older versions of which do not contain all event types. This patch changes getsockopt behaviour to no longer return an error if not enough bytes are being provided by the user. Instead, it returns as much of sctp_event_subscribe as fits into the provided buffer. This leads to the new behavior that users see what they have been aware of at compile time. The setsockopt(..., SCTP_EVENTS, ...) API is already behaving like this. Signed-off-by: Thomas Graf Acked-by: Vlad Yasevich Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 8d2228dd95c656e5fc9af2e8776f9c95e269806f Author: Eric Dumazet Date: Tue Apr 24 22:12:06 2012 -0400 tcp: allow splice() to build full TSO packets [ This combines upstream commit 2f53384424251c06038ae612e56231b96ab610ee and the follow-on bug fix commit 35f9c09fe9c72eb8ca2b8e89a593e1c151f28fc2 ] vmsplice()/splice(pipe, socket) call do_tcp_sendpages() one page at a time, adding at most 4096 bytes to an skb. (assuming PAGE_SIZE=4096) The call to tcp_push() at the end of do_tcp_sendpages() forces an immediate xmit when pipe is not already filled, and tso_fragment() try to split these skb to MSS multiples. 4096 bytes are usually split in a skb with 2 MSS, and a remaining sub-mss skb (assuming MTU=1500) This makes slow start suboptimal because many small frames are sent to qdisc/driver layers instead of big ones (constrained by cwnd and packets in flight of course) In fact, applications using sendmsg() (adding an additional memory copy) instead of vmsplice()/splice()/sendfile() are a bit faster because of this anomaly, especially if serving small files in environments with large initial [c]wnd. Call tcp_push() only if MSG_MORE is not set in the flags parameter. This bit is automatically provided by splice() internals but for the last page, or on all pages if user specified SPLICE_F_MORE splice() flag. In some workloads, this can reduce number of sent logical packets by an order of magnitude, making zero-copy TCP actually faster than one-copy :) Reported-by: Tom Herbert Cc: Nandita Dukkipati Cc: Neal Cardwell Cc: Tom Herbert Cc: Yuchung Cheng Cc: H.K. Jerry Chu Cc: Maciej Żenczykowski Cc: Mahesh Bandewar Cc: Ilpo Järvinen Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit d2491ed1e1c5bf2db6ab44eb5bfe38b48043b2d5 Author: David Woodhouse Date: Tue Apr 24 22:09:47 2012 -0400 ppp: Don't stop and restart queue on every TX packet [ This combines upstream commit e675f0cc9a872fd152edc0c77acfed19bf28b81e and follow-on bug fix commit 9a5d2bd99e0dfe9a31b3c160073ac445ba3d773f ] For every transmitted packet, ppp_start_xmit() will stop the netdev queue and then, if appropriate, restart it. This causes the TX softirq to run, entirely gratuitously. This is "only" a waste of CPU time in the normal case, but it's actively harmful when the PPP device is a TEQL slave — the wakeup will cause the offending device to receive the next TX packet from the TEQL queue, when it *should* have gone to the next slave in the list. We end up seeing large bursts of packets on just *one* slave device, rather than using the full available bandwidth over all slaves. This patch fixes the problem by *not* unconditionally stopping the queue in ppp_start_xmit(). It adds a return value from ppp_xmit_process() which indicates whether the queue should be stopped or not. It *doesn't* remove the call to netif_wake_queue() from ppp_xmit_process(), because other code paths (especially from ppp_output_wakeup()) need it there and it's messy to push it out to the other callers to do it based on the return value. So we leave it in place — it's a no-op in the case where the queue wasn't stopped, so it's harmless in the TX path. Signed-off-by: David Woodhouse Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 9740f1d824f30d9961ab406990e3a420299afb6f Author: Al Viro Date: Fri Apr 13 13:49:47 2012 -0400 lockd: fix the endianness bug commit e847469bf77a1d339274074ed068d461f0c872bc upstream. comparing be32 values for < is not doing the right thing... Signed-off-by: Al Viro Cc: "J. Bruce Fields" Cc: Trond Myklebust Signed-off-by: Greg Kroah-Hartman commit d434e3ec491683081ed1f56d0f51d04f1dee7d3a Author: Al Viro Date: Fri Apr 13 12:30:02 2012 -0400 ocfs2: ->e_leaf_clusters endianness breakage commit 72094e43e3af5020510f920321d71f1798fa896d upstream. le16, not le32... Signed-off-by: Al Viro Cc: Mark Fasheh Cc: Joel Becker Signed-off-by: Greg Kroah-Hartman commit ea6c7f23a16309304cb5345381e7e5f60b712b85 Author: Al Viro Date: Fri Apr 13 12:28:21 2012 -0400 ocfs2: ->rl_count endianness breakage commit 28748b325dc2d730ccc312830a91c4ae0c0d9379 upstream. le16, not le32... Signed-off-by: Al Viro Cc: Mark Fasheh Cc: Joel Becker Signed-off-by: Greg Kroah-Hartman commit bdd5904ce522e54aafe006c6dfe44a7a9a8804d4 Author: Al Viro Date: Fri Apr 13 12:27:11 2012 -0400 ocfs: ->rl_used breakage on big-endian commit e1bf4cc620fd143766ddfcee3b004a1d1bb34fd0 upstream. it's le16, not le32 or le64... Signed-off-by: Al Viro Cc: Mark Fasheh Cc: Joel Becker Signed-off-by: Greg Kroah-Hartman commit ee88fc68d677bef4de3195293dcafa77978631a7 Author: Al Viro Date: Fri Apr 13 12:22:00 2012 -0400 ocfs2: ->l_next_free_req breakage on big-endian commit 3a251f04fe97c3d335b745c98e4b377e3c3899f2 upstream. It's le16, not le32... Signed-off-by: Al Viro Cc: Mark Fasheh Cc: Joel Becker Signed-off-by: Greg Kroah-Hartman commit 025a55c8acd5b796af80305a800b343bb51c8f0c Author: Al Viro Date: Fri Apr 13 11:49:04 2012 -0400 btrfs: btrfs_root_readonly() broken on big-endian commit 6ed3cf2cdfce4c9f1d73171bd3f27d9cb77b734e upstream. ->root_flags is __le64 and all accesses to it go through the helpers that do proper conversions. Except for btrfs_root_readonly(), which checks bit 0 as in host-endian... Signed-off-by: Al Viro Cc: Chris Mason Signed-off-by: Greg Kroah-Hartman commit 5479e78788760d38de644620c3331a4ca576a4f5 Author: Al Viro Date: Fri Apr 13 00:32:14 2012 -0400 nfsd: fix compose_entry_fh() failure exits commit efe39651f08813180f37dc508d950fc7d92b29a8 upstream. Restore the original logics ("fail on mountpoints, negatives and in case of fh_compose() failures"). Since commit 8177e (nfsd: clean up readdirplus encoding) that got broken - rv = fh_compose(fhp, exp, dchild, &cd->fh); if (rv) goto out; if (!dchild->d_inode) goto out; rv = 0; out: is equivalent to rv = fh_compose(fhp, exp, dchild, &cd->fh); out: and the second check has no effect whatsoever... Signed-off-by: Al Viro Cc: "J. Bruce Fields" Signed-off-by: Greg Kroah-Hartman commit 28432d8aebb58b2b348e0b5172a173b5d2a747e6 Author: Gertjan van Wingerde Date: Wed Dec 28 01:53:18 2011 +0100 rt2x00: Identify rt2800usb chipsets. commit bc93eda7e903ff75cefcb6e247ed9b8e9f8e9783 upstream. According to the latest USB ID database these are all RT2770 / RT2870 / RT307x devices. Signed-off-by: Gertjan van Wingerde Acked-by: Ivo van Doorn Signed-off-by: John W. Linville Cc: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit e6c87c314b50aa5ab1f81b537cfd41fef4b7eba4 Author: Alan Cox Date: Mon Dec 19 21:07:33 2011 +0000 rt2800: Add support for the Fujitsu Stylistic Q550 commit 3ac44670ad0fca8b6c43b3e4d8494c67c419f494 upstream. Just another USB identifier. Signed-off-by: Alan Cox Acked-by: Gertjan van Wingerde Signed-off-by: John W. Linville Cc: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit 498950663547d6c020edd12d7c2fef8cad4872b8 Author: Gertjan van Wingerde Date: Sat Nov 12 19:10:43 2011 +0100 rt2x00: Add USB device ID of Buffalo WLI-UC-GNHP. commit c18b7806e4f3373b2f296a65fb19251a3b49a532 upstream. This is reported to be an RT3070 based device. Reported-by: Teika Kazura Signed-off-by: Gertjan van Wingerde Acked-by: Ivo van Doorn Signed-off-by: John W. Linville Cc: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit 61fbcd48482b3937e81b7cad7381c8d55bb07e79 Author: Eduardo Bacchi Kienetz Date: Sun Jul 10 17:05:14 2011 +0200 rt2800usb: Add new device ID for Belkin commit 43bf8c245237b8309153aa39d4e8f1586cf56af0 upstream. Belkin's Connect N150 Wireless USB Adapter, model F7D1101 version 2, uses ID 0x945b. Chipset info: rt: 3390, rf: 000b, rev: 3213. I have just bought one, which started to work perfectly after the ID was added through this patch. Signed-off-by: Eduardo Bacchi Kienetz Acked-by: Gertjan van Wingerde Signed-off-by: Ivo van Doorn Signed-off-by: John W. Linville Cc: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit 92031724a7b62417a3abfd59adf4daa463b8fcb3 Author: Gertjan van Wingerde Date: Wed Jul 6 22:59:19 2011 +0200 rt2x00: Properly identify rt2800usb devices. commit acb56120d2c386d6dd104a6515c1a15dabc1ef87 upstream. Sitecom WLA4000 (USB ID 0x0df6:0x0060) is an RT3072 chipset. Sitecom WLA5000 (USB ID 0x0df6:0x0062) is an RT3572 chipset. Signed-off-by: Gertjan van Wingerde Signed-off-by: Ivo van Doorn Signed-off-by: John W. Linville Cc: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit 32da4c5715b4200423c1cb8edf2ae68ecca43ebe Author: Laurent Pinchart Date: Mon Dec 12 01:15:06 2011 +0100 spi: Fix device unregistration when unregistering the bus master commit 178db7d30f94707efca1a189753c105ef69942ed upstream. Device are added as children of the bus master's parent device, but spi_unregister_master() looks for devices to unregister in the bus master's children. This results in the child devices not being unregistered. Fix this by registering devices as direct children of the bus master. Signed-off-by: Laurent Pinchart Signed-off-by: Grant Likely Cc: Takahiro AKASHI Signed-off-by: Greg Kroah-Hartman commit cf11afd6eb852988bc19813acdc62365fac1499d Author: Jason Baron Date: Fri Mar 16 16:34:03 2012 -0400 Don't limit non-nested epoll paths commit 93dc6107a76daed81c07f50215fa6ae77691634f upstream. Commit 28d82dc1c4ed ("epoll: limit paths") that I did to limit the number of possible wakeup paths in epoll is causing a few applications to longer work (dovecot for one). The original patch is really about limiting the amount of epoll nesting (since epoll fds can be attached to other fds). Thus, we probably can allow an unlimited number of paths of depth 1. My current patch limits it at 1000. And enforce the limits on paths that have a greater depth. This is captured in: https://bugzilla.redhat.com/show_bug.cgi?id=681578 Signed-off-by: Jason Baron Cc: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit d33bf16c0e06d79705615af0a2ff06dc1ca65194 Author: AceLan Kao Date: Wed Mar 28 10:25:36 2012 +0800 Bluetooth: Add support for Atheros [04ca:3005] commit 55ed7d4d1469eafbe3ad7e8fcd44f5af27845a81 upstream. Add another vendor specific ID for Atheros AR3012 device. This chip is wrapped by Lite-On Technology Corp. output of usb-devices: T: Bus=04 Lev=01 Prnt=01 Port=03 Cnt=01 Dev#= 2 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=04ca ProdID=3005 Rev=00.02 S: Manufacturer=Atheros Communications S: Product=Bluetooth USB Host Controller S: SerialNumber=Alaska Day 2006 C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb Signed-off-by: AceLan Kao Signed-off-by: Gustavo Padovan Signed-off-by: Greg Kroah-Hartman commit 4c88a16263381c429ae0ebdc213e3d1ba5710a75 Author: Al Viro Date: Thu Apr 12 20:32:25 2012 -0400 ext4: fix endianness breakage in ext4_split_extent_at() commit af1584f570b19b0285e4402a0b54731495d31784 upstream. ->ee_len is __le16, so assigning cpu_to_le32() to it is going to do Bad Things(tm) on big-endian hosts... Signed-off-by: Al Viro Cc: Ted Ts'o Signed-off-by: Greg Kroah-Hartman commit efc7bb83059be55362ef100c9642a091ede6f414 Author: Thomas Jarosch Date: Wed Dec 7 22:08:11 2011 +0100 PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs commit f67fd55fa96f7d7295b43ffbc4a97d8f55e473aa upstream. Some BIOS implementations leave the Intel GPU interrupts enabled, even though no one is handling them (f.e. i915 driver is never loaded). Additionally the interrupt destination is not set up properly and the interrupt ends up -somewhere-. These spurious interrupts are "sticky" and the kernel disables the (shared) interrupt line after 100.000+ generated interrupts. Fix it by disabling the still enabled interrupts. This resolves crashes often seen on monitor unplug. Tested on the following boards: - Intel DH61CR: Affected - Intel DH67BL: Affected - Intel S1200KP server board: Affected - Asus P8H61-M LE: Affected, but system does not crash. Probably the IRQ ends up somewhere unnoticed. According to reports on the net, the Intel DH61WW board is also affected. Many thanks to Jesse Barnes from Intel for helping with the register configuration and to Intel in general for providing public hardware documentation. Signed-off-by: Thomas Jarosch Tested-by: Charlie Suffin Signed-off-by: Jesse Barnes Signed-off-by: Greg Kroah-Hartman commit 04b09f662db41a24c9e3e5d40340ad1c17dce347 Author: Shubhrajyoti D Date: Thu Mar 22 12:48:06 2012 +0530 usb: musb: omap: fix the error check for pm_runtime_get_sync commit ad579699c4f0274bf522a9252ff9b20c72197e48 upstream. pm_runtime_get_sync returns a signed integer. In case of errors it returns a negative value. This patch fixes the error check by making it signed instead of unsigned thus preventing register access if get_sync_fails. Also passes the error cause to the debug message. Cc: Kishon Vijay Abraham I Signed-off-by: Shubhrajyoti D Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 8a1f6b4eca816f6b186b125f72ef284ef7960b85 Author: Kishon Vijay Abraham I Date: Wed Mar 21 21:30:20 2012 +0530 usb: musb: omap: fix crash when musb glue (omap) gets initialized commit 3006dc8c627d738693e910c159630e4368c9e86c upstream. pm_runtime_enable is being called after omap2430_musb_init. Hence pm_runtime_get_sync in omap2430_musb_init does not have any effect (does not enable clocks) resulting in a crash during register access. It is fixed here. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 2ac8fc00b350ba1aead453c9c1feb1d23a433321 Author: Andrzej Pietrasiewicz Date: Wed Mar 28 09:30:50 2012 +0200 usb: gadget: eliminate NULL pointer dereference (bugfix) commit 92b0abf80c5c5f0e0d71d1309688a330fd74731b upstream. usb: gadget: eliminate NULL pointer dereference (bugfix) This patch fixes a bug which causes NULL pointer dereference in ffs_ep0_ioctl. The bug happens when the FunctionFS is not bound (either has not been bound yet or has been bound and then unbound) and can be reproduced with running the following commands: $ insmod g_ffs.ko $ mount -t functionfs func /dev/usbgadget $ ./null where null.c is: #include #include int main(void) { int fd = open("/dev/usbgadget/ep0", O_RDWR); ioctl(fd, FUNCTIONFS_CLEAR_HALT); return 0; } Signed-off-by: Andrzej Pietrasiewicz Signed-off-by: Kyungmin Park Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 5eb68e665cadf165741a04c695a71cff11e1d4f1 Author: Alan Stern Date: Tue Apr 17 15:22:39 2012 -0400 USB: fix deadlock in bConfigurationValue attribute method commit 8963c487a80b4688c9e68dcc504a90074aacc145 upstream. This patch (as154) fixes a self-deadlock that occurs when userspace writes to the bConfigurationValue sysfs attribute for a hub with children. The task tries to lock the bandwidth_mutex at a time when it already owns the lock: The attribute's method calls usb_set_configuration(), which calls usb_disable_device() with the bandwidth_mutex held. usb_disable_device() unregisters the existing interfaces, which causes the hub driver to be unbound. The hub_disconnect() routine calls hub_quiesce(), which calls usb_disconnect() for each of the hub's children. usb_disconnect() attempts to acquire the bandwidth_mutex around a call to usb_disable_device(). The solution is to make usb_disable_device() acquire the mutex for itself instead of requiring the caller to hold it. Then the mutex can cover only the bandwidth deallocation operation and not the region where the interfaces are unregistered. This has the potential to change system behavior slightly when a config change races with another config or altsetting change. Some of the bandwidth released from the old config might get claimed by the other config or altsetting, make it impossible to restore the old config in case of a failure. But since we don't try to recover from config-change failures anyway, this doesn't matter. [This should be marked for stable kernels that contain the commit fccf4e86200b8f5edd9a65da26f150e32ba79808 "USB: Free bandwidth when usb_disable_device is called." That commit was marked for stable kernels as old as 2.6.32.] Signed-off-by: Alan Stern Signed-off-by: Sarah Sharp Signed-off-by: Greg Kroah-Hartman commit 3599fbb407dfa09d1d8d1507961fa03088c3b695 Author: Alan Stern Date: Wed Apr 18 11:33:00 2012 -0400 EHCI: always clear the STS_FLR status bit commit 2fbe2bf1fd37f9d99950bd8d8093623cf22cf08b upstream. This patch (as1544) fixes a problem affecting some EHCI controllers. They can generate interrupts whenever the STS_FLR status bit is turned on, even though that bit is masked out in the Interrupt Enable register. Since the driver doesn't use STS_FLR anyway, the patch changes the interrupt routine to clear that bit whenever it is set, rather than leaving it alone. Signed-off-by: Alan Stern Reported-and-tested-by: Tomoya MORINAGA Signed-off-by: Greg Kroah-Hartman commit ebc3dcf800ccb59ab5834e33a96f5691eec39820 Author: Bjørn Mork Date: Tue Apr 17 21:37:29 2012 +0200 USB: sierra: avoid QMI/wwan interface on MC77xx commit 749541d19e70905e3971f2a08335a206a98e4d0c upstream. These devices have a number of non serial interfaces as well. Use the existing "Direct IP" blacklist to prevent binding to interfaces which are handled by other drivers. We also extend the "Direct IP" blacklist with with interfaces only seen in "QMI" mode, assuming that these devices use the same interface numbers for serial interfaces both in "Direct IP" and in "QMI" mode. Signed-off-by: Bjørn Mork Signed-off-by: Greg Kroah-Hartman commit 821dda4337d66b6e279e0ab6067b29a61c34e690 Author: Julia Lawall Date: Thu Apr 19 18:12:40 2012 +0200 drivers/tty/amiserial.c: add missing tty_unlock commit d3a7b83f865b46bb7b5e1ed18a129ce1af349db4 upstream. tty_unlock is used on all other exits from the function. Signed-off-by: Julia Lawall Acked-by: Jiri Slaby Signed-off-by: Greg Kroah-Hartman commit ddb289316dd9c6cf7498f4255e98e3bb7d7aee13 Author: Tomoya MORINAGA Date: Thu Apr 12 10:47:50 2012 +0900 pch_uart: Fix dma channel unallocated issue commit af6d17cdc8c89aeb3101f0d27cd32fc0592b40b2 upstream. This driver anticipates pch_uart_verify_port() is not called during installation. However, actually pch_uart_verify_port() is called during installation. As a result, memory access violation occurs like below. 0. initial value: use_dma=0 1. starup() - dma channel is not allocated because use_dma=0 2. pch_uart_verify_port() - Set use_dma=1 3. UART processing acts DMA mode because use_dma=1 - memory access violation occurs! This patch fixes the issue. Solution: Whenever pch_uart_verify_port() is called and then dma channel is not allocated, the channel should be allocated. Signed-off-by: Tomoya MORINAGA Signed-off-by: Greg Kroah-Hartman commit 387df9fcfed566401f2953887ccd3ce9314f4eb9 Author: Yuri Matylitski Date: Fri Apr 20 12:38:32 2012 +0300 USB: serial: cp210x: Fixed usb_control_msg timeout values commit 2d5733fcd33dd451022d197cb6b476e970519ca7 upstream. Fixed too small hardcoded timeout values for usb_control_msg in driver for SiliconLabs cp210x-based usb-to-serial adapters. Replaced with USB_CTRL_GET_TIMEOUT/USB_CTRL_SET_TIMEOUT. Signed-off-by: Yuri Matylitski Acked-by: Kirill A. Shutemov Signed-off-by: Greg Kroah-Hartman commit 7604ff9ce747b74ddff6ac5d118a442122fdcbd7 Author: Shaohua Li Date: Fri Apr 13 10:27:35 2012 +0800 jbd2: use GFP_NOFS for blkdev_issue_flush commit 99aa78466777083255b876293e9e83dec7cd809a upstream. flush request is issued in transaction commit code path, so looks using GFP_KERNEL to allocate memory for flush request bio falls into the classic deadlock issue. I saw btrfs and dm get it right, but ext4, xfs and md are using GFP. Signed-off-by: Shaohua Li Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 56bd028ddf6c29e44b87ce0bd79754fe944d1850 Author: Hugh Dickins Date: Mon Apr 23 11:14:50 2012 -0700 mm: fix s390 BUG by __set_page_dirty_no_writeback on swap commit aca50bd3b4c4bb5528a1878158ba7abce41de534 upstream. Mel reports a BUG_ON(slot == NULL) in radix_tree_tag_set() on s390 3.0.13: called from __set_page_dirty_nobuffers() when page_remove_rmap() tries to transfer dirty flag from s390 storage key to struct page and radix_tree. That would be because of reclaim's shrink_page_list() calling add_to_swap() on this page at the same time: first PageSwapCache is set (causing page_mapping(page) to appear as &swapper_space), then page->private set, then tree_lock taken, then page inserted into radix_tree - so there's an interval before taking the lock when the radix_tree slot is empty. We could fix this by moving __add_to_swap_cache()'s spin_lock_irq up before the SetPageSwapCache. But a better fix is simply to do what's five years overdue: Ken Chen introduced __set_page_dirty_no_writeback() (if !PageDirty TestSetPageDirty) for tmpfs to skip all the radix_tree overhead, and swap is just the same - it ignores the radix_tree tag, and does not participate in dirty page accounting, so should be using __set_page_dirty_no_writeback() too. s390 testing now confirms that this does indeed fix the problem. Reported-by: Mel Gorman Signed-off-by: Hugh Dickins Acked-by: Mel Gorman Cc: Andrew Morton Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: Rik van Riel Cc: Ken Chen Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 027e5d441e6a46ab6cfd5f0e27c5eebd533b8131 Author: Lukasz Kucharczyk Date: Wed Apr 11 14:55:10 2012 +0200 cfg80211: fix interface combinations check. commit e55a4046dab28c440c96890bdddcf02dc8981f2d upstream. Signed-off-by: Lukasz Kucharczyk Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 6df0d3bbc1954a274e41f084556f1313e288c80b Author: David Härdeman Date: Sun Apr 8 06:13:04 2012 -0300 media: rc-core: set mode for winbond-cir commit d9b786955f80fb306471fdb9ea24c6d03af6ca36 upstream. Setting the correct mode is required by rc-core or scancodes won't be generated (which isn't very user-friendly). This one-line fix should be suitable for 3.4-rc2. Signed-off-by: David Härdeman Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit 590999cbb260ae3a2907d4070bdd535c28e86868 Author: Christian Riesch Date: Mon Apr 16 04:35:25 2012 +0000 davinci_mdio: Fix MDIO timeout check commit 5b76d0600b2b08eef77f8e9226938b7b6bde3099 upstream. Under heavy load (flood ping) it is possible for the MDIO timeout to expire before the loop checks the GO bit again. This patch adds an additional check whether the operation was done before actually returning -ETIMEDOUT. To reproduce this bug, flood ping the device, e.g., ping -f -l 1000 After some time, a "timed out waiting for user access" warning may appear. And even worse, link may go down since the PHY reported a timeout. Signed-off-by: Christian Riesch Cc: Cyril Chemparathy Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit c85ed6a569612f2e35c4543fbb8228394aa20c61 Author: Oliver Neukum Date: Wed Apr 18 10:05:55 2012 +0200 uwb: fix error handling commit 5bd7b419ef2eb4989b207753e088c3437159618a upstream. Fatal errors such as a device disconnect must not trigger error handling. The error returns must be checked. Signed-off-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman commit e40b6d45d7dec827630e970d3e614408745c7384 Author: Oliver Neukum Date: Mon Apr 16 15:28:28 2012 +0200 uwb: fix use of del_timer_sync() in interrupt commit 9426cd05682745d1024dbabdec5631309bd2f480 upstream. del_timer_sync() cannot be used in interrupt. Replace it with del_timer() and a flag Signed-off-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman commit cb17a9920b2c6fdae11afde6a550c40c6968f615 Author: Tomoki Sekiyama Date: Fri Mar 30 08:51:36 2012 +0900 USB: yurex: Fix missing URB_NO_TRANSFER_DMA_MAP flag in urb commit 532f17b5d59bf0deb6f1ff9bc1fb27d5b5011c09 upstream. Current probing code is setting URB_NO_TRANSFER_DMA_MAP flag into a wrong urb structure, and this causes BUG_ON with some USB host implementations. This patch fixes the issue. Signed-off-by: Tomoki Sekiyama Signed-off-by: Greg Kroah-Hartman commit 2079aa84102f13a77d846b5e72c7cf2fa5bb0737 Author: Tomoki Sekiyama Date: Fri Mar 30 08:51:28 2012 +0900 USB: yurex: Remove allocation of coherent buffer for setup-packet buffer commit 523fc5c14f6cad283e5a266eba0e343aed6e73d5 upstream. Removes allocation of coherent buffer for the control-request setup-packet buffer from the yurex driver. Using coherent buffers for setup-packet is obsolete and does not work with some USB host implementations. Signed-off-by: Tomoki Sekiyama Signed-off-by: Greg Kroah-Hartman commit 06a3bbbe704048f4f8b08a0aea32418299c67555 Author: Konrad Rzeszutek Wilk Date: Tue Apr 17 22:21:38 2012 -0400 xen/xenbus: Add quirk to deal with misconfigured backends. commit 3066616ce23aad5719c23a0f21f32676402cb44b upstream. A rather annoying and common case is when booting a PVonHVM guest and exposing the PV KBD and PV VFB - as broken toolstacks don't always initialize the backends correctly. Normally The HVM guest is using the VGA driver and the emulated keyboard for this (though upstream version of QEMU implements PV KBD, but still uses a VGA driver). We provide a very basic two-stage wait mechanism - where we wait for 30 seconds for all devices, and then for 270 for all them except the two mentioned. That allows us to wait for the essential devices, like network or disk for the full 6 minutes. To trigger this, put this in your guest config: vfb = [ 'vnc=1, vnclisten=0.0.0.0 ,vncunused=1'] instead of this: vnc=1 vnclisten="0.0.0.0" Acked-by: Stefano Stabellini [v3: Split delay in non-essential (30 seconds) and essential devices per Ian and Stefano suggestion] [v4: Added comments per Stefano suggestion] Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Greg Kroah-Hartman commit 7e2ec6cfa0c831986c602f136b5c88ed4d252dfe Author: Stefano Stabellini Date: Tue Apr 3 18:05:47 2012 +0100 xen/gntdev: do not set VM_PFNMAP commit e8e937be971d706061dc56220ff3605ab77622a7 upstream. Since we are using the m2p_override we do have struct pages corresponding to the user vma mmap'ed by gntdev. Removing the VM_PFNMAP flag makes get_user_pages work on that vma. An example test case would be using a Xen userspace block backend (QDISK) on a file on NFS using O_DIRECT. Signed-off-by: Stefano Stabellini Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Greg Kroah-Hartman commit d9d0d9edd528ea9a30b6b469b230a45accd4f4ba Author: Alexander Shiyan Date: Tue Mar 27 12:22:49 2012 +0400 ARM: clps711x: serial driver hungs are a result of call disable_irq within ISR commit 7a6fbc9a887193a1e9f8658703881c528040afbc upstream. Since 2.6.30-rc1 clps711x serial driver hungs system. This is a result of call disable_irq from ISR. synchronize_irq waits for end of interrupt and goes to infinite loop. This patch fix this problem. Signed-off-by: Alexander Shiyan Signed-off-by: Greg Kroah-Hartman commit c7a17402276938793a8e97fe7eefe28eb39fe874 Author: Takashi Iwai Date: Thu Apr 19 15:15:25 2012 +0200 ALSA: hda/conexant - Don't set HP pin-control bit unconditionally commit ca3649de026ff95c6f2847e8d096cf2f411c02b3 upstream. Some output pins on Conexant chips have no HP control bit, but the auto-parser initializes these pins unconditionally with PIN_HP. Check the pin-capability and avoid the HP bit if not supported. Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman commit ee6c90f9e96bc7d334f626b6076817d57cf861a1 Author: Kent Yoder Date: Thu Apr 5 20:34:20 2012 +0800 crypto: sha512 - Fix byte counter overflow in SHA-512 commit 25c3d30c918207556ae1d6e663150ebdf902186b upstream. The current code only increments the upper 64 bits of the SHA-512 byte counter when the number of bytes hashed happens to hit 2^64 exactly. This patch increments the upper 64 bits whenever the lower 64 bits overflows. Signed-off-by: Kent Yoder Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit 26cf838583142c2f5c79f2edbad3331011438137 Author: Zeev Tarantov Date: Mon Apr 23 09:37:04 2012 +0300 Perf: fix build breakage [Patch not needed upstream as this is a backport build bugfix - gregkh gcc correctly complains: util/hist.c: In function ‘__hists__add_entry’: util/hist.c:240:27: error: invalid type argument of ‘->’ (have ‘struct hist_entry’) util/hist.c:241:23: error: invalid type argument of ‘->’ (have ‘struct hist_entry’) for this new code: + if (he->ms.map != entry->ms.map) { + he->ms.map = entry->ms.map; + if (he->ms.map) + he->ms.map->referenced = true; + } because "entry" is a "struct hist_entry", not a pointer to a struct. In mainline, "entry" is a pointer to struct passed as argument to the function. So this is broken during backporting. But obviously not compile tested. Signed-off-by: Zeev Tarantov Cc: Signed-off-by: David S. Miller Cc: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman