Mike Snitzer [Thu, 31 May 2012 19:05:33 +0000 (15:05 -0400)]
[SCSI] scsi_lib: fix scsi_io_completion's SG_IO error propagation
The following v3.4-rc1 commit unmasked an existing bug in scsi_io_completion's
SG_IO error handling: 47ac56d [SCSI] scsi_error: classify some ILLEGAL_REQUEST
sense as a permanent TARGET_ERROR
Given that certain ILLEGAL_REQUEST are now properly categorized as
TARGET_ERROR the host_byte is being set (before host_byte wasn't ever
set for these ILLEGAL_REQUEST).
In scsi_io_completion, initialize req->errors with cmd->result _after_
the SG_IO block that calls __scsi_error_from_host_byte (which may
modify the host_byte).
Before this fix:
cdb to send: 12 01 01 00 00 00
ioctl(3, SG_IO, {'S', SG_DXFER_NONE, cmd[6]=[12, 01, 01, 00, 00, 00],
mx_sb_len=32, iovec_count=0, dxfer_len=0, timeout=20000, flags=0,
status=02, masked_status=01, sb[19]=[70, 00, 05, 00, 00, 00, 00, 0b,
00, 00, 00, 00, 24, 00, 00, 00, 00, 00, 00], host_status=0x10,
driver_status=0x8, resid=0, duration=0, info=0x1}) = 0
SCSI Status: Check Condition
Sense Information:
sense buffer empty
After:
cdb to send: 12 01 01 00 00 00
ioctl(3, SG_IO, {'S', SG_DXFER_NONE, cmd[6]=[12, 01, 01, 00, 00, 00],
mx_sb_len=32, iovec_count=0, dxfer_len=0, timeout=20000, flags=0,
status=02, masked_status=01, sb[19]=[70, 00, 05, 00, 00, 00, 00, 0b,
00, 00, 00, 00, 24, 00, 00, 00, 00, 00, 00], host_status=0,
driver_status=0x8, resid=0, duration=0, info=0x1}) = 0
SCSI Status: Check Condition
Sense Information:
Fixed format, current; Sense key: Illegal Request
Additional sense: Invalid field in cdb
Raw sense data (in hex):
70 00 05 00 00 00 00 0b 00 00 00 00 24 00 00 00
00 00 00
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Reviewed-by: Babu Moger <babu.moger@netapp.com>
Cc: stable@vger.kernel.org # 3.4
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Kashyap Desai [Wed, 18 Jul 2012 01:20:44 +0000 (18:20 -0700)]
[SCSI] megaraid_sas: Move poll_aen_lock initializer
The following patch moves the poll_aen_lock initializer from
megasas_probe_one() to megasas_init(). This prevents a crash when a user
loads the driver and tries to issue a poll() system call on the ioctl
interface with no adapters present.
Signed-off-by: Kashyap Desai <Kashyap.Desai@lsi.com>
Signed-off-by: Adam Radford <aradford@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
sreekanth.reddy@lsi.com [Tue, 17 Jul 2012 10:27:05 +0000 (15:57 +0530)]
[SCSI] mpt2sas: Fix for Driver oops, when loading driver with max_queue_depth command line option to a very small value
If the specified max_queue_depth setting is less than the
expected number of internal commands, then driver will calculate
the queue depth size to a negitive number. This negitive number
is actually a very large number because variable is unsigned
16bit integer. So, the driver will ask for a very large amount of
memory for message frames and resulting into oops as memory
allocation routines will not able to handle such a large request.
So, in order to limit this kind of oops, The driver need to set
the max_queue_depth to a scsi mid layer's can_queue value. Then
the overall message frames required for IO is minimum of either
(max_queue_depth plus internal commands) or the IOC global
credits.
Signed-off-by: Sreekanth Reddy <sreekanth.reddy@lsi.com>
Cc: <stable@kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Linus Torvalds [Wed, 22 Aug 2012 00:22:22 +0000 (17:22 -0700)]
Merge branch 'akpm' (Andrew's patch-bomb)
Merge fixes from Andrew Morton.
Random drivers and some VM fixes.
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (17 commits)
mm: compaction: Abort async compaction if locks are contended or taking too long
mm: have order > 0 compaction start near a pageblock with free pages
rapidio/tsi721: fix unused variable compiler warning
rapidio/tsi721: fix inbound doorbell interrupt handling
drivers/rtc/rtc-rs5c348.c: fix hour decoding in 12-hour mode
mm: correct page->pfmemalloc to fix deactivate_slab regression
drivers/rtc/rtc-pcf2123.c: initialize dynamic sysfs attributes
mm/compaction.c: fix deferring compaction mistake
drivers/misc/sgi-xp/xpc_uv.c: SGI XPC fails to load when cpu 0 is out of IRQ resources
string: do not export memweight() to userspace
hugetlb: update hugetlbpage.txt
checkpatch: add control statement test to SINGLE_STATEMENT_DO_WHILE_MACRO
mm: hugetlbfs: correctly populate shared pmd
cciss: fix incorrect scsi status reporting
Documentation: update mount option in filesystem/vfat.txt
mm: change nr_ptes BUG_ON to WARN_ON
cs5535-clockevt: typo, it's MFGPT, not MFPGT
Linus Torvalds [Tue, 21 Aug 2012 23:54:38 +0000 (16:54 -0700)]
Merge branch 'v4l_for_linus' of git://git./linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
"For bug fixes, at soc_camera, si470x, uvcvideo, iguanaworks IR driver,
radio_shark Kbuild fixes, and at the V4L2 core (radio fixes)."
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
[media] media: soc_camera: don't clear pix->sizeimage in JPEG mode
[media] media: mx2_camera: Fix clock handling for i.MX27
[media] video: mx2_camera: Use clk_prepare_enable/clk_disable_unprepare
[media] video: mx1_camera: Use clk_prepare_enable/clk_disable_unprepare
[media] media: mx3_camera: buf_init() add buffer state check
[media] radio-shark2: Only compile led support when CONFIG_LED_CLASS is set
[media] radio-shark: Only compile led support when CONFIG_LED_CLASS is set
[media] radio-shark*: Call cancel_work_sync from disconnect rather then release
[media] radio-shark*: Remove work-around for dangling pointer in usb intfdata
[media] Add USB dependency for IguanaWorks USB IR Transceiver
[media] Add missing logging for rangelow/high of hwseek
[media] VIDIOC_ENUM_FREQ_BANDS fix
[media] mem2mem_testdev: fix querycap regression
[media] si470x: v4l2-compliance fixes
[media] DocBook: Remove a spurious character
[media] uvcvideo: Reset the bytesused field when recycling an erroneous buffer
Linus Torvalds [Tue, 21 Aug 2012 23:46:08 +0000 (16:46 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking update from David Miller:
"A couple weeks of bug fixing in there. The largest chunk is all the
broken crap Amerigo Wang found in the netpoll layer."
1) netpoll and it's users has several serious bugs:
a) uses GFP_KERNEL with locks held
b) interfaces requiring interrupts disabled are called with them
enabled
c) and vice versa
d) VLAN tag demuxing, as per all other RX packet input paths, is not
applied
All from Amerigo Wang.
2) Hopefully cure the ipv4 mapped ipv6 address TCP early demux bugs for
good, from Neal Cardwell.
3) Unlike AF_UNIX, AF_PACKET sockets don't set a default credentials
when the user doesn't specify one explicitly during sendmsg().
Instead we attach an empty (zero) SCM credential block which is
definitely not what we want. Fix from Eric Dumazet.
4) IPv6 illegally invokes netdevice notifiers with RCU lock held, fix
from Ben Hutchings.
5) inet_csk_route_child_sock() checks wrong inet options pointer, fix
from Christoph Paasch.
6) When AF_PACKET is used for transmit, packet loopback doesn't behave
properly when a socket fanout is enabled, from Eric Leblond.
7) On bluetooth l2cap channel create failure, we leak the socket, from
Jaganath Kanakkassery.
8) Fix all the netprio file handling bugs found by Al Viro, from John
Fastabend.
9) Several error return and NULL deref bug fixes in networking drivers
from Julia Lawall.
10) A large smattering of struct padding et al. kernel memory leaks to
userspace found of Mathias Krause.
11) Conntrack expections in netfilter can access an uninitialized timer,
fix from Pablo Neira Ayuso.
12) Several netfilter SIP tracker bug fixes from Patrick McHardy.
13) IPSEC ipv6 routes are not initialized correctly all the time,
resulting in an OOPS in inet_putpeer(). Also from Patrick McHardy.
14) Bridging does rcu_dereference() outside of RCU protected area, from
Stephen Hemminger.
15) Fix routing cache removal performance regression when looking up
output routes that have a local destination. From Zheng Yan.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (87 commits)
af_netlink: force credentials passing [CVE-2012-3520]
ipv4: fix ip header ident selection in __ip_make_skb()
ipv4: Use newinet->inet_opt in inet_csk_route_child_sock()
tcp: fix possible socket refcount problem
net: tcp: move sk_rx_dst_set call after tcp_create_openreq_child()
net/core/dev.c: fix kernel-doc warning
netconsole: remove a redundant netconsole_target_put()
net: ipv6: fix oops in inet_putpeer()
net/stmmac: fix issue of clk_get for Loongson1B.
caif: Do not dereference NULL in chnl_recv_cb()
af_packet: don't emit packet on orig fanout group
drivers/net/irda: fix error return code
drivers/net/wan/dscc4.c: fix error return code
drivers/net/wimax/i2400m/fw.c: fix error return code
smsc75xx: add missing entry to MAINTAINERS
net: qmi_wwan: new devices: UML290 and K5006-Z
net: sh_eth: Add eth support for R8A7779 device
netdev/phy: skip disabled mdio-mux nodes
dt: introduce for_each_available_child_of_node, of_get_next_available_child
net: netprio: fix cgrp create and write priomap race
...
Mel Gorman [Tue, 21 Aug 2012 23:16:17 +0000 (16:16 -0700)]
mm: compaction: Abort async compaction if locks are contended or taking too long
Jim Schutt reported a problem that pointed at compaction contending
heavily on locks. The workload is straight-forward and in his own words;
The systems in question have 24 SAS drives spread across 3 HBAs,
running 24 Ceph OSD instances, one per drive. FWIW these servers
are dual-socket Intel 5675 Xeons w/48 GB memory. I've got ~160
Ceph Linux clients doing dd simultaneously to a Ceph file system
backed by 12 of these servers.
Early in the test everything looks fine
procs -------------------memory------------------ ---swap-- -----io---- --system-- -----cpu-------
r b swpd free buff cache si so bi bo in cs us sy id wa st
31 15 0 287216 576
38606628 0 0 2 1158 2 14 1 3 95 0 0
27 15 0 225288 576
38583384 0 0 18 2222016 203357 134876 11 56 17 15 0
28 17 0 219256 576
38544736 0 0 11 2305932 203141 146296 11 49 23 17 0
6 18 0 215596 576
38552872 0 0 7 2363207 215264 166502 12 45 22 20 0
22 18 0 226984 576
38596404 0 0 3 2445741 223114 179527 12 43 23 22 0
and then it goes to pot
procs -------------------memory------------------ ---swap-- -----io---- --system-- -----cpu-------
r b swpd free buff cache si so bi bo in cs us sy id wa st
163 8 0 464308 576
36791368 0 0 11 22210 866 536 3 13 79 4 0
207 14 0 917752 576
36181928 0 0 712 1345376 134598 47367 7 90 1 2 0
123 12 0 685516 576
36296148 0 0 429 1386615 158494 60077 8 84 5 3 0
123 12 0 598572 576
36333728 0 0 1107 1233281 147542 62351 7 84 5 4 0
622 7 0 660768 576
36118264 0 0 557 1345548 151394 59353 7 85 4 3 0
223 11 0 283960 576
36463868 0 0 46 1107160 121846 33006 6 93 1 1 0
Note that system CPU usage is very high blocks being written out has
dropped by 42%. He analysed this with perf and found
perf record -g -a sleep 10
perf report --sort symbol --call-graph fractal,5
34.63% [k] _raw_spin_lock_irqsave
|
|--97.30%-- isolate_freepages
| compaction_alloc
| unmap_and_move
| migrate_pages
| compact_zone
| compact_zone_order
| try_to_compact_pages
| __alloc_pages_direct_compact
| __alloc_pages_slowpath
| __alloc_pages_nodemask
| alloc_pages_vma
| do_huge_pmd_anonymous_page
| handle_mm_fault
| do_page_fault
| page_fault
| |
| |--87.39%-- skb_copy_datagram_iovec
| | tcp_recvmsg
| | inet_recvmsg
| | sock_recvmsg
| | sys_recvfrom
| | system_call
| | __recv
| | |
| | --100.00%-- (nil)
| |
| --12.61%-- memcpy
--2.70%-- [...]
There was other data but primarily it is all showing that compaction is
contended heavily on the zone->lock and zone->lru_lock.
commit [
b2eef8c0: mm: compaction: minimise the time IRQs are disabled
while isolating pages for migration] noted that it was possible for
migration to hold the lru_lock for an excessive amount of time. Very
broadly speaking this patch expands the concept.
This patch introduces compact_checklock_irqsave() to check if a lock
is contended or the process needs to be scheduled. If either condition
is true then async compaction is aborted and the caller is informed.
The page allocator will fail a THP allocation if compaction failed due
to contention. This patch also introduces compact_trylock_irqsave()
which will acquire the lock only if it is not contended and the process
does not need to schedule.
Reported-by: Jim Schutt <jaschut@sandia.gov>
Tested-by: Jim Schutt <jaschut@sandia.gov>
Signed-off-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Tue, 21 Aug 2012 23:16:15 +0000 (16:16 -0700)]
mm: have order > 0 compaction start near a pageblock with free pages
Commit
7db8889ab05b ("mm: have order > 0 compaction start off where it
left") introduced a caching mechanism to reduce the amount work the free
page scanner does in compaction. However, it has a problem. Consider
two process simultaneously scanning free pages
C
Process A M S F
|---------------------------------------|
Process B M FS
C is zone->compact_cached_free_pfn
S is cc->start_pfree_pfn
M is cc->migrate_pfn
F is cc->free_pfn
In this diagram, Process A has just reached its migrate scanner, wrapped
around and updated compact_cached_free_pfn accordingly.
Simultaneously, Process B finishes isolating in a block and updates
compact_cached_free_pfn again to the location of its free scanner.
Process A moves to "end_of_zone - one_pageblock" and runs this check
if (cc->order > 0 && (!cc->wrapped ||
zone->compact_cached_free_pfn >
cc->start_free_pfn))
pfn = min(pfn, zone->compact_cached_free_pfn);
compact_cached_free_pfn is above where it started so the free scanner
skips almost the entire space it should have scanned. When there are
multiple processes compacting it can end in a situation where the entire
zone is not being scanned at all. Further, it is possible for two
processes to ping-pong update to compact_cached_free_pfn which is just
random.
Overall, the end result wrecks allocation success rates.
There is not an obvious way around this problem without introducing new
locking and state so this patch takes a different approach.
First, it gets rid of the skip logic because it's not clear that it
matters if two free scanners happen to be in the same block but with
racing updates it's too easy for it to skip over blocks it should not.
Second, it updates compact_cached_free_pfn in a more limited set of
circumstances.
If a scanner has wrapped, it updates compact_cached_free_pfn to the end
of the zone. When a wrapped scanner isolates a page, it updates
compact_cached_free_pfn to point to the highest pageblock it
can isolate pages from.
If a scanner has not wrapped when it has finished isolated pages it
checks if compact_cached_free_pfn is pointing to the end of the
zone. If so, the value is updated to point to the highest
pageblock that pages were isolated from. This value will not
be updated again until a free page scanner wraps and resets
compact_cached_free_pfn.
This is not optimal and it can still race but the compact_cached_free_pfn
will be pointing to or very near a pageblock with free pages.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexandre Bounine [Tue, 21 Aug 2012 23:16:12 +0000 (16:16 -0700)]
rapidio/tsi721: fix unused variable compiler warning
Fix unused variable compiler warning when built with CONFIG_RAPIDIO_DEBUG
option off.
This patch is applicable to kernel versions starting from v3.2
Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexandre Bounine [Tue, 21 Aug 2012 23:16:11 +0000 (16:16 -0700)]
rapidio/tsi721: fix inbound doorbell interrupt handling
Make sure that there is no doorbell messages left behind due to disabled
interrupts during inbound doorbell processing.
The most common case for this bug is loss of rionet JOIN messages in
systems with three or more rionet participants and MSI or MSI-X enabled.
As result, requests for packet transfers may finish with "destination
unreachable" error message.
This patch is applicable to kernel versions starting from v3.2.
Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Atsushi Nemoto [Tue, 21 Aug 2012 23:16:10 +0000 (16:16 -0700)]
drivers/rtc/rtc-rs5c348.c: fix hour decoding in 12-hour mode
Correct the offset by subtracting 20 from tm_hour before taking the
modulo 12.
[ "Why 20?" I hear you ask. Or at least I did.
Here's the reason why: RS5C348_BIT_PM is 32, and is - stupidly -
included in the RS5C348_HOURS_MASK define. So it's really subtracting
out that bit to get "hour+12". But then because it does things modulo
12, it needs to add the 12 in again afterwards anyway.
This code is confused. It would be much clearer if RS5C348_HOURS_MASK
just didn't include the RS5C348_BIT_PM bit at all, then it wouldn't
need to do the silly subtract either.
Whatever. It's all just math, the end result is the same. - Linus ]
Reported-by: James Nute <newten82@gmail.com>
Tested-by: James Nute <newten82@gmail.com>
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alex Shi [Tue, 21 Aug 2012 23:16:08 +0000 (16:16 -0700)]
mm: correct page->pfmemalloc to fix deactivate_slab regression
Commit
cfd19c5a9ecf ("mm: only set page->pfmemalloc when
ALLOC_NO_WATERMARKS was used") tried to narrow down page->pfmemalloc
setting, but it missed some places the pfmemalloc should be set.
So, in __slab_alloc, the unalignment pfmemalloc and ALLOC_NO_WATERMARKS
cause incorrect deactivate_slab() on our core2 server:
64.73% fio [kernel.kallsyms] [k] _raw_spin_lock
|
--- _raw_spin_lock
|
|---0.34%-- deactivate_slab
| __slab_alloc
| kmem_cache_alloc
| |
That causes our fio sync write performance to have a 40% regression.
Move the checking in get_page_from_freelist() which resolves this issue.
Signed-off-by: Alex Shi <alex.shi@intel.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Cc: David Miller <davem@davemloft.net
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Sage Weil <sage@inktank.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ilya Shchepetkov [Tue, 21 Aug 2012 23:16:06 +0000 (16:16 -0700)]
drivers/rtc/rtc-pcf2123.c: initialize dynamic sysfs attributes
Dynamically allocated sysfs attributes must be initialized using
sysfs_attr_init(), otherwise lockdep complains: BUG: key <address> not in
.data!
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Ilya Shchepetkov <shchepetkov@ispras.ru>
Cc: Chris Verges <chrisv@cyberswitching.com>
Cc: Christian Pellegrin <chripell@fsfe.org>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Minchan Kim [Tue, 21 Aug 2012 23:16:03 +0000 (16:16 -0700)]
mm/compaction.c: fix deferring compaction mistake
Commit
aff622495c9a ("vmscan: only defer compaction for failed order and
higher") fixed bad deferring policy but made mistake about checking
compact_order_failed in __compact_pgdat(). So it can't update
compact_order_failed with the new order. This ends up preventing
correct operation of policy deferral. This patch fixes it.
Signed-off-by: Minchan Kim <minchan@kernel.org>
Reviewed-by: Rik van Riel <riel@redhat.com>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Robin Holt [Tue, 21 Aug 2012 23:16:02 +0000 (16:16 -0700)]
drivers/misc/sgi-xp/xpc_uv.c: SGI XPC fails to load when cpu 0 is out of IRQ resources
On many of our larger systems, CPU 0 has had all of its IRQ resources
consumed before XPC loads. Worst cases on machines with multiple 10
GigE cards and multiple IB cards have depleted the entire first socket
of IRQs.
This patch makes selecting the node upon which IRQs are allocated (as
well as all the other GRU Message Queue structures) specifiable as a
module load param and has a default behavior of searching all nodes/cpus
for an available resources.
[akpm@linux-foundation.org: fix build: include cpu.h and module.h]
Signed-off-by: Robin Holt <holt@sgi.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
WANG Cong [Tue, 21 Aug 2012 23:16:00 +0000 (16:16 -0700)]
string: do not export memweight() to userspace
Fix the following warning:
usr/include/linux/string.h:8: userspace cannot reference function or variable defined in the kernel
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
Acked-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Zhouping Liu [Tue, 21 Aug 2012 23:15:57 +0000 (16:15 -0700)]
hugetlb: update hugetlbpage.txt
Commit
f0f57b2b1488 ("mm: move hugepage test examples to
tools/testing/selftests/vm") moved map_hugetlb.c, hugepage-shm.c and
hugepage-mmap.c tests into tools/testing/selftests/vm/ directory, but it
didn't update hugetlbpage.txt
Signed-off-by: Zhouping Liu <sanweidaying@gmail.com>
Acked-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Tue, 21 Aug 2012 23:15:53 +0000 (16:15 -0700)]
checkpatch: add control statement test to SINGLE_STATEMENT_DO_WHILE_MACRO
Commit
b13edf7ff2dd ("checkpatch: add checks for do {} while (0) macro
misuses") added a test that is overly simplistic for single statement
macros.
Macros that start with control tests should be enclosed in a do {} while
(0) loop.
Add the necessary control tests to the check.
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
Tested-by: Franz Schrober <franzschrober@yahoo.de>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michal Hocko [Tue, 21 Aug 2012 23:15:52 +0000 (16:15 -0700)]
mm: hugetlbfs: correctly populate shared pmd
Each page mapped in a process's address space must be correctly
accounted for in _mapcount. Normally the rules for this are
straightforward but hugetlbfs page table sharing is different. The page
table pages at the PMD level are reference counted while the mapcount
remains the same.
If this accounting is wrong, it causes bugs like this one reported by
Larry Woodman:
kernel BUG at mm/filemap.c:135!
invalid opcode: 0000 [#1] SMP
CPU 22
Modules linked in: bridge stp llc sunrpc binfmt_misc dcdbas microcode pcspkr acpi_pad acpi]
Pid: 18001, comm: mpitest Tainted: G W 3.3.0+ #4 Dell Inc. PowerEdge R620/07NDJ2
RIP: 0010:[<
ffffffff8112cfed>] [<
ffffffff8112cfed>] __delete_from_page_cache+0x15d/0x170
Process mpitest (pid: 18001, threadinfo
ffff880428972000, task
ffff880428b5cc20)
Call Trace:
delete_from_page_cache+0x40/0x80
truncate_hugepages+0x115/0x1f0
hugetlbfs_evict_inode+0x18/0x30
evict+0x9f/0x1b0
iput_final+0xe3/0x1e0
iput+0x3e/0x50
d_kill+0xf8/0x110
dput+0xe2/0x1b0
__fput+0x162/0x240
During fork(), copy_hugetlb_page_range() detects if huge_pte_alloc()
shared page tables with the check dst_pte == src_pte. The logic is if
the PMD page is the same, they must be shared. This assumes that the
sharing is between the parent and child. However, if the sharing is
with a different process entirely then this check fails as in this
diagram:
parent
|
------------>pmd
src_pte----------> data page
^
other--------->pmd--------------------|
^
child-----------|
dst_pte
For this situation to occur, it must be possible for Parent and Other to
have faulted and failed to share page tables with each other. This is
possible due to the following style of race.
PROC A PROC B
copy_hugetlb_page_range copy_hugetlb_page_range
src_pte == huge_pte_offset src_pte == huge_pte_offset
!src_pte so no sharing !src_pte so no sharing
(time passes)
hugetlb_fault hugetlb_fault
huge_pte_alloc huge_pte_alloc
huge_pmd_share huge_pmd_share
LOCK(i_mmap_mutex)
find nothing, no sharing
UNLOCK(i_mmap_mutex)
LOCK(i_mmap_mutex)
find nothing, no sharing
UNLOCK(i_mmap_mutex)
pmd_alloc pmd_alloc
LOCK(instantiation_mutex)
fault
UNLOCK(instantiation_mutex)
LOCK(instantiation_mutex)
fault
UNLOCK(instantiation_mutex)
These two processes are not poing to the same data page but are not
sharing page tables because the opportunity was missed. When either
process later forks, the src_pte == dst pte is potentially insufficient.
As the check falls through, the wrong PTE information is copied in
(harmless but wrong) and the mapcount is bumped for a page mapped by a
shared page table leading to the BUG_ON.
This patch addresses the issue by moving pmd_alloc into huge_pmd_share
which guarantees that the shared pud is populated in the same critical
section as pmd. This also means that huge_pte_offset test in
huge_pmd_share is serialized correctly now which in turn means that the
success of the sharing will be higher as the racing tasks see the pud
and pmd populated together.
Race identified and changelog written mostly by Mel Gorman.
{akpm@linux-foundation.org: attempt to make the huge_pmd_share() comment comprehensible, clean up coding style]
Reported-by: Larry Woodman <lwoodman@redhat.com>
Tested-by: Larry Woodman <lwoodman@redhat.com>
Reviewed-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Ken Chen <kenchen@google.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Stephen M. Cameron [Tue, 21 Aug 2012 23:15:49 +0000 (16:15 -0700)]
cciss: fix incorrect scsi status reporting
Delete code which sets SCSI status incorrectly as it's already been set
correctly above this incorrect code. The bug was introduced in 2009 by
commit
b0e15f6db111 ("cciss: fix typo that causes scsi status to be
lost.")
Signed-off-by: Stephen M. Cameron <scameron@beardog.cce.hp.com>
Reported-by: Roel van Meer <roel.vanmeer@bokxing.nl>
Tested-by: Roel van Meer <roel.vanmeer@bokxing.nl>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Namjae Jeon [Tue, 21 Aug 2012 23:15:46 +0000 (16:15 -0700)]
Documentation: update mount option in filesystem/vfat.txt
Update two mount options(discard, nfs) in vfat.txt.
Signed-off-by: Namjae Jeon <linkinjeon@gmail.com>
Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins [Tue, 21 Aug 2012 23:15:45 +0000 (16:15 -0700)]
mm: change nr_ptes BUG_ON to WARN_ON
Occasionally an isolated BUG_ON(mm->nr_ptes) gets reported, indicating
that not all the page tables allocated could be found and freed when
exit_mmap() tore down the user address space.
There's usually nothing we can say about it, beyond that it's probably a
sign of some bad memory or memory corruption; though it might still
indicate a bug in vma or page table management (and did recently reveal a
race in THP, fixed a few months ago).
But one overdue change we can make is from BUG_ON to WARN_ON.
It's fairly likely that the system will crash shortly afterwards in some
other way (for example, the BUG_ON(page_mapped(page)) in
__delete_from_page_cache(), once an inode mapped into the lost page tables
gets evicted); but might tell us more before that.
Change the BUG_ON(page_mapped) to WARN_ON too? Later perhaps: I'm less
eager, since that one has several times led to fixes.
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jens Rottmann [Tue, 21 Aug 2012 23:15:43 +0000 (16:15 -0700)]
cs5535-clockevt: typo, it's MFGPT, not MFPGT
Signed-off-by: Jens Rottmann <JRottmann@LiPPERTEmbedded.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Dumazet [Tue, 21 Aug 2012 06:21:17 +0000 (06:21 +0000)]
af_netlink: force credentials passing [CVE-2012-3520]
Pablo Neira Ayuso discovered that avahi and
potentially NetworkManager accept spoofed Netlink messages because of a
kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data
to the receiver if the sender did not provide such data, instead of not
including any such data at all or including the correct data from the
peer (as it is the case with AF_UNIX).
This bug was introduced in commit
16e572626961
(af_unix: dont send SCM_CREDENTIALS by default)
This patch forces passing credentials for netlink, as
before the regression.
Another fix would be to not add SCM_CREDENTIALS in
netlink messages if not provided by the sender, but it
might break some programs.
With help from Florian Weimer & Petr Matousek
This issue is designated as CVE-2012-3520
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 20 Aug 2012 07:26:45 +0000 (07:26 +0000)]
ipv4: fix ip header ident selection in __ip_make_skb()
Christian Casteyde reported a kmemcheck 32-bit read from uninitialized
memory in __ip_select_ident().
It turns out that __ip_make_skb() called ip_select_ident() before
properly initializing iph->daddr.
This is a bug uncovered by commit
1d861aa4b3fb (inet: Minimize use of
cached route inetpeer.)
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=46131
Reported-by: Christian Casteyde <casteyde.christian@free.fr>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Christoph Paasch [Mon, 20 Aug 2012 02:52:09 +0000 (02:52 +0000)]
ipv4: Use newinet->inet_opt in inet_csk_route_child_sock()
Since
0e734419923bd ("ipv4: Use inet_csk_route_child_sock() in DCCP and
TCP."), inet_csk_route_child_sock() is called instead of
inet_csk_route_req().
However, after creating the child-sock in tcp/dccp_v4_syn_recv_sock(),
ireq->opt is set to NULL, before calling inet_csk_route_child_sock().
Thus, inside inet_csk_route_child_sock() opt is always NULL and the
SRR-options are not respected anymore.
Packets sent by the server won't have the correct destination-IP.
This patch fixes it by accessing newinet->inet_opt instead of ireq->opt
inside inet_csk_route_child_sock().
Reported-by: Luca Boccassi <luca.boccassi@gmail.com>
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 20 Aug 2012 00:22:46 +0000 (00:22 +0000)]
tcp: fix possible socket refcount problem
Commit
6f458dfb40 (tcp: improve latencies of timer triggered events)
added bug leading to following trace :
[ 2866.131281] IPv4: Attempt to release TCP socket in state 1
ffff880019ec0000
[ 2866.131726]
[ 2866.132188] =========================
[ 2866.132281] [ BUG: held lock freed! ]
[ 2866.132281] 3.6.0-rc1+ #622 Not tainted
[ 2866.132281] -------------------------
[ 2866.132281] kworker/0:1/652 is freeing memory
ffff880019ec0000-
ffff880019ec0a1f, with a lock still held there!
[ 2866.132281] (sk_lock-AF_INET-RPC){+.+...}, at: [<
ffffffff81903619>] tcp_sendmsg+0x29/0xcc6
[ 2866.132281] 4 locks held by kworker/0:1/652:
[ 2866.132281] #0: (rpciod){.+.+.+}, at: [<
ffffffff81083567>] process_one_work+0x1de/0x47f
[ 2866.132281] #1: ((&task->u.tk_work)){+.+.+.}, at: [<
ffffffff81083567>] process_one_work+0x1de/0x47f
[ 2866.132281] #2: (sk_lock-AF_INET-RPC){+.+...}, at: [<
ffffffff81903619>] tcp_sendmsg+0x29/0xcc6
[ 2866.132281] #3: (&icsk->icsk_retransmit_timer){+.-...}, at: [<
ffffffff81078017>] run_timer_softirq+0x1ad/0x35f
[ 2866.132281]
[ 2866.132281] stack backtrace:
[ 2866.132281] Pid: 652, comm: kworker/0:1 Not tainted 3.6.0-rc1+ #622
[ 2866.132281] Call Trace:
[ 2866.132281] <IRQ> [<
ffffffff810bc527>] debug_check_no_locks_freed+0x112/0x159
[ 2866.132281] [<
ffffffff818a0839>] ? __sk_free+0xfd/0x114
[ 2866.132281] [<
ffffffff811549fa>] kmem_cache_free+0x6b/0x13a
[ 2866.132281] [<
ffffffff818a0839>] __sk_free+0xfd/0x114
[ 2866.132281] [<
ffffffff818a08c0>] sk_free+0x1c/0x1e
[ 2866.132281] [<
ffffffff81911e1c>] tcp_write_timer+0x51/0x56
[ 2866.132281] [<
ffffffff81078082>] run_timer_softirq+0x218/0x35f
[ 2866.132281] [<
ffffffff81078017>] ? run_timer_softirq+0x1ad/0x35f
[ 2866.132281] [<
ffffffff810f5831>] ? rb_commit+0x58/0x85
[ 2866.132281] [<
ffffffff81911dcb>] ? tcp_write_timer_handler+0x148/0x148
[ 2866.132281] [<
ffffffff81070bd6>] __do_softirq+0xcb/0x1f9
[ 2866.132281] [<
ffffffff81a0a00c>] ? _raw_spin_unlock+0x29/0x2e
[ 2866.132281] [<
ffffffff81a1227c>] call_softirq+0x1c/0x30
[ 2866.132281] [<
ffffffff81039f38>] do_softirq+0x4a/0xa6
[ 2866.132281] [<
ffffffff81070f2b>] irq_exit+0x51/0xad
[ 2866.132281] [<
ffffffff81a129cd>] do_IRQ+0x9d/0xb4
[ 2866.132281] [<
ffffffff81a0a3ef>] common_interrupt+0x6f/0x6f
[ 2866.132281] <EOI> [<
ffffffff8109d006>] ? sched_clock_cpu+0x58/0xd1
[ 2866.132281] [<
ffffffff81a0a172>] ? _raw_spin_unlock_irqrestore+0x4c/0x56
[ 2866.132281] [<
ffffffff81078692>] mod_timer+0x178/0x1a9
[ 2866.132281] [<
ffffffff818a00aa>] sk_reset_timer+0x19/0x26
[ 2866.132281] [<
ffffffff8190b2cc>] tcp_rearm_rto+0x99/0xa4
[ 2866.132281] [<
ffffffff8190dfba>] tcp_event_new_data_sent+0x6e/0x70
[ 2866.132281] [<
ffffffff8190f7ea>] tcp_write_xmit+0x7de/0x8e4
[ 2866.132281] [<
ffffffff818a565d>] ? __alloc_skb+0xa0/0x1a1
[ 2866.132281] [<
ffffffff8190f952>] __tcp_push_pending_frames+0x2e/0x8a
[ 2866.132281] [<
ffffffff81904122>] tcp_sendmsg+0xb32/0xcc6
[ 2866.132281] [<
ffffffff819229c2>] inet_sendmsg+0xaa/0xd5
[ 2866.132281] [<
ffffffff81922918>] ? inet_autobind+0x5f/0x5f
[ 2866.132281] [<
ffffffff810ee7f1>] ? trace_clock_local+0x9/0xb
[ 2866.132281] [<
ffffffff8189adab>] sock_sendmsg+0xa3/0xc4
[ 2866.132281] [<
ffffffff810f5de6>] ? rb_reserve_next_event+0x26f/0x2d5
[ 2866.132281] [<
ffffffff8103e6a9>] ? native_sched_clock+0x29/0x6f
[ 2866.132281] [<
ffffffff8103e6f8>] ? sched_clock+0x9/0xd
[ 2866.132281] [<
ffffffff810ee7f1>] ? trace_clock_local+0x9/0xb
[ 2866.132281] [<
ffffffff8189ae03>] kernel_sendmsg+0x37/0x43
[ 2866.132281] [<
ffffffff8199ce49>] xs_send_kvec+0x77/0x80
[ 2866.132281] [<
ffffffff8199cec1>] xs_sendpages+0x6f/0x1a0
[ 2866.132281] [<
ffffffff8107826d>] ? try_to_del_timer_sync+0x55/0x61
[ 2866.132281] [<
ffffffff8199d0d2>] xs_tcp_send_request+0x55/0xf1
[ 2866.132281] [<
ffffffff8199bb90>] xprt_transmit+0x89/0x1db
[ 2866.132281] [<
ffffffff81999bcd>] ? call_connect+0x3c/0x3c
[ 2866.132281] [<
ffffffff81999d92>] call_transmit+0x1c5/0x20e
[ 2866.132281] [<
ffffffff819a0d55>] __rpc_execute+0x6f/0x225
[ 2866.132281] [<
ffffffff81999bcd>] ? call_connect+0x3c/0x3c
[ 2866.132281] [<
ffffffff819a0f33>] rpc_async_schedule+0x28/0x34
[ 2866.132281] [<
ffffffff810835d6>] process_one_work+0x24d/0x47f
[ 2866.132281] [<
ffffffff81083567>] ? process_one_work+0x1de/0x47f
[ 2866.132281] [<
ffffffff819a0f0b>] ? __rpc_execute+0x225/0x225
[ 2866.132281] [<
ffffffff81083a6d>] worker_thread+0x236/0x317
[ 2866.132281] [<
ffffffff81083837>] ? process_scheduled_works+0x2f/0x2f
[ 2866.132281] [<
ffffffff8108b7b8>] kthread+0x9a/0xa2
[ 2866.132281] [<
ffffffff81a12184>] kernel_thread_helper+0x4/0x10
[ 2866.132281] [<
ffffffff81a0a4b0>] ? retint_restore_args+0x13/0x13
[ 2866.132281] [<
ffffffff8108b71e>] ? __init_kthread_worker+0x5a/0x5a
[ 2866.132281] [<
ffffffff81a12180>] ? gs_change+0x13/0x13
[ 2866.308506] IPv4: Attempt to release TCP socket in state 1
ffff880019ec0000
[ 2866.309689] =============================================================================
[ 2866.310254] BUG TCP (Not tainted): Object already free
[ 2866.310254] -----------------------------------------------------------------------------
[ 2866.310254]
The bug comes from the fact that timer set in sk_reset_timer() can run
before we actually do the sock_hold(). socket refcount reaches zero and
we free the socket too soon.
timer handler is not allowed to reduce socket refcnt if socket is owned
by the user, or we need to change sk_reset_timer() implementation.
We should take a reference on the socket in case TCP_DELACK_TIMER_DEFERRED
or TCP_DELACK_TIMER_DEFERRED bit are set in tsq_flags
Also fix a typo in tcp_delack_timer(), where TCP_WRITE_TIMER_DEFERRED
was used instead of TCP_DELACK_TIMER_DEFERRED.
For consistency, use same socket refcount change for TCP_MTU_REDUCED_DEFERRED,
even if not fired from a timer.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Tested-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 21 Aug 2012 19:25:24 +0000 (12:25 -0700)]
Merge branch 'audit-fixes' of git://git./linux/kernel/git/mszeredi/vfs
Pull audit-tree fixes from Miklos Szeredi:
"The audit subsystem maintainers (Al and Eric) are not responding to
repeated resends. Eric did ack them a while ago, but no response
since then. So I'm sending these directly to you."
* 'audit-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
audit: clean up refcounting in audit-tree
audit: fix refcounting in audit-tree
audit: don't free_chunk() after fsnotify_add_mark()
Linus Torvalds [Tue, 21 Aug 2012 17:08:39 +0000 (10:08 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/gerg/m68knommu
Pull m68knommu arch fixes from Greg Ungerer:
"This contains 2 fixes. One fixes compilation of ColdFire clk code,
the other makes sure we use the generic atomic64 support on all m68k
targets."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k: select CONFIG_GENERIC_ATOMIC64 for all m68k CPU types
m68knommu: select CONFIG_HAVE_CLK for ColdFire CPU types
Linus Torvalds [Tue, 21 Aug 2012 17:07:41 +0000 (10:07 -0700)]
Merge tag 'pinctrl-fixes-v3.6-rc3' of git://git./linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
- Fixed Nomadik errorpath
- Fixed documentation spelling errors
- Forward-declare struct device in a header file
- Remove some extraneous code lines when getting pinctrl states
- Correct the i.MX51 configure register number
- Fix the Nomadik keypad function group list
* tag 'pinctrl-fixes-v3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl/nomadik: add kp_b_2 keyboard function group list
pinctrl: imx51: fix .conf_reg of MX51_PAD_SD2_CMD__CSPI_MOSI
trivial: pinctrl core: remove extraneous code lines
pinctrl: header: trivial: declare struct device
Documentation/pinctrl.txt: Fix some misspelled macros
pinctrl/nomadik: fix null in irqdomain errorpath
Linus Torvalds [Tue, 21 Aug 2012 16:17:05 +0000 (09:17 -0700)]
Merge tag 'sound-3.6' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"This update became slightly bigger than usual for rc3, but most of the
commits are small and trivial. A large chunk is found for HD-audio
ca0132 codec, which is mostly a clean up of the specific code, to make
SPDIF working properly, and also in the new ASoC Arizona driver.
One important fix is for usb-audio Oops fix since 3.5. We still see
some EHCI related bandwidth problem, but usb-audio should be more
stabilized now.
Other than that, a Kconfig fix is spread over files, and various
HD-audio and ASoC fixes as usual, in addition to Julia's error path
fixes."
* tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (42 commits)
ALSA: snd-als100: fix suspend/resume
ALSA: hda - Fix leftover codec->power_transition
ALSA: hda - don't create dysfunctional mixer controls for ca0132
ALSA: sound/ppc/snd_ps3.c: fix error return code
ALSA: sound/pci/rme9652/hdspm.c: fix error return code
ALSA: sound/pci/sis7019.c: fix error return code
ALSA: sound/pci/ctxfi/ctatc.c: fix error return code
ALSA: sound/atmel/ac97c.c: fix error return code
ALSA: sound/atmel/abdac.c: fix error return code
ALSA: fix pcm.h kernel-doc warning and notation
sound: oss/sb_audio: prevent divide by zero bug
ASoC: wm9712: Fix inverted capture volume
ASoC: wm9712: Fix microphone source selection
ASoC: wm5102: Remove DRC2
ALSA: hda - Don't send invalid volume knob command on IDT 92hd75bxx
ALSA: usb-audio: Fix scheduling-while-atomic bug in PCM capture stream
ALSA: lx6464es: Add a missing error check
ALSA: hda - Fix 'Beep Playback Switch' with no underlying mute switch
ASoC: jack: Always notify full jack status
ASoC: wm5110: Add missing input PGA routes
...
Eric Dumazet [Tue, 21 Aug 2012 13:05:14 +0000 (15:05 +0200)]
task_work: add a scheduling point in task_work_run()
It seems commit
4a9d4b024a31 ("switch fput to task_work_add") re-
introduced the problem addressed in
944be0b22472 ("close_files(): add
scheduling point")
If a server process with a lot of files (say 2 million tcp sockets) is
killed, we can spend a lot of time in task_work_run() and trigger a soft
lockup.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dave Airlie [Tue, 21 Aug 2012 06:40:07 +0000 (16:40 +1000)]
fbcon: fix race condition between console lock and cursor timer
So we've had a fair few reports of fbcon handover breakage between
efi/vesafb and i915 surface recently, so I dedicated a couple of
days to finding the problem.
Essentially the last thing we saw was the conflicting framebuffer
message and that was all.
So after much tracing with direct netconsole writes (printks
under console_lock not so useful), I think I found the race.
Thread A (driver load) Thread B (timer thread)
unbind_con_driver -> |
bind_con_driver -> |
vc->vc_sw->con_deinit -> |
fbcon_deinit -> |
console_lock() |
| |
| fbcon_flashcursor timer fires
| console_lock() <- blocked for A
|
|
fbcon_del_cursor_timer ->
del_timer_sync
(BOOM)
Of course because all of this is under the console lock,
we never see anything, also since we also just unbound the active
console guess what we never see anything.
Hopefully this fixes the problem for anyone seeing vesafb->kms
driver handoff.
Signed-off-by: David Airlie <airlied@redhat.com>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: stable@vger.kernel.org
Tested-by: Josh Boyer <jwboyer@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ondrej Zary [Mon, 20 Aug 2012 19:50:13 +0000 (21:50 +0200)]
ALSA: snd-als100: fix suspend/resume
snd_card_als100_probe() does not set pcm field in struct snd_sb.
As a result, PCM is not suspended and applications don't know that they need
to resume the playback.
Tested with Labway A381-F20 card (ALS120).
Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Linus Torvalds [Mon, 20 Aug 2012 23:42:41 +0000 (16:42 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/helgaas/pci
Pull PCI fixes from Bjorn Helgaas:
"Here are two patches from Rafael Wysocki.
One fixes an EHCI-related hibernation crash on ASUS boxes. We fixed a
similar suspend issue in v3.6-rc1, and this applies the same fix to
the hibernate path.
The other fixes D3/D3cold/D4 messages related to the D3cold support we
merged in v3.6-rc1."
(Removed redundant top non-fast-forward merge commit from pulled branch)
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: EHCI: Fix crash during hibernation on ASUS computers
PCI / PM: Fix D3/D3cold/D4 messages printed by acpi_pci_set_power_state()
Linus Torvalds [Mon, 20 Aug 2012 22:26:28 +0000 (15:26 -0700)]
Merge tag 'please-pull-ia64-fixes' of git://git./linux/kernel/git/aegl/linux
Pull config cleanup for ia64 from Tony Luck:
"Clean out references to dead CONFIG_MISC_DEVICES option"
* tag 'please-pull-ia64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
[IA64] defconfig: Remove CONFIG_MISC_DEVICES
Linus Torvalds [Mon, 20 Aug 2012 20:14:22 +0000 (13:14 -0700)]
Merge tag 'usb-3.6-rc3' of git://git./linux/kernel/git/gregkh/usb
Pull more USB patches from Greg Kroah-Hartman:
"Here are 10 more USB patches for 3.6-rc3. They all fix reported
problems (build problems for one of them, and easily repeatable oopses
for the others.)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'usb-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
gpu/mfd/usb: Fix USB randconfig problems
USB: CDC ACM: Fix NULL pointer dereference
USB: emi62: remove __devinit* from the struct usb_device_id table
USB: winbond: remove __devinit* from the struct usb_device_id table
USB: vt6656: remove __devinit* from the struct usb_device_id table
USB: rtl8187: remove __devinit* from the struct usb_device_id table
USB: p54usb: remove __devinit* from the struct usb_device_id table
USB: spca506: remove __devinit* from the struct usb_device_id table
USB: jl2005bcd: remove __devinit* from the struct usb_device_id table
USB: smsusb: remove __devinit* from the struct usb_device_id table
Linus Torvalds [Mon, 20 Aug 2012 20:13:47 +0000 (13:13 -0700)]
Merge tag 'driver-core-3.6-rc3' of git://git./linux/kernel/git/gregkh/driver-core
Pull one more driver core fix from Greg Kroah-Hartman:
"Here is one fix for the dmesg line corruption problem that the
previous set of patches caused.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'driver-core-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
dyndbg: fix for SOH in logging messages
Linus Torvalds [Mon, 20 Aug 2012 20:12:41 +0000 (13:12 -0700)]
Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
Pull x86 platform driver update from Matthew Garrett:
"Some small updates for a few drivers, and some hardware enablement for
new Ideapads and the gmux hardware in the latest Macs.
This code won't run on older devices and has been well tested on new
ones, so low risk of regressions."
* 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86:
ideapad: add Lenovo IdeaPad Z570 support (part 3)
ideapad: add Lenovo IdeaPad Z570 support (part 2)
ideapad: add Lenovo IdeaPad Z570 support (part 1)
classmate-laptop: always call input_sync() after input_report_switch()
thinkpad-acpi: recognize latest V-Series using DMI_BIOS_VENDOR
dell-laptop: Fixed typo in touchpad LED quirk
vga_switcheroo: Don't require handler init callback
vga_switcheroo: Remove assumptions about registration/unregistration ordering
apple-gmux: Add display mux support
apple-gmux: Fix kconfig dependencies
asus-wmi: record wlan status while controlled by userapp
apple_gmux: Fix ACPI video unregister
apple_gmux: Add support for newer hardware
gmux: Add generic write32 function
Linus Torvalds [Mon, 20 Aug 2012 20:11:00 +0000 (13:11 -0700)]
Merge tag 'hwmon-for-linus' of git://git./linux/kernel/git/groeck/linux-staging
Pull a hwmon fix from Guenter Roeck:
"One patch with section conflict fixes."
* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
sections: Fix section conflicts in drivers/hwmon
Linus Torvalds [Mon, 20 Aug 2012 20:05:27 +0000 (13:05 -0700)]
Merge tag 'spi-3.6' of git://git./linux/kernel/git/broonie/misc
Pull spi fixes from Mark Brown:
"Grant is still away so another pull request with some fairly minor
fixes, the most notable of which are several fixes for some common
error patterns with the reference counting spi_master_get/put do."
* tag 'spi-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc:
spi/coldfire-qspi: Drop extra calls to spi_master_get in suspend/resume functions
spi: spi-coldfire-qspi: Drop extra spi_master_put in device remove function
spi/pl022: fix spi-pl022 pm enable at probe
spi/bcm63xx: Ensure that memory is freed only after it is no longer used
spi: omap2-mcspi: Fix the error handling in probe
spi/s3c64xx: Add missing static storage class specifiers
Fabio Estevam [Sat, 18 Aug 2012 16:23:49 +0000 (13:23 -0300)]
[IA64] defconfig: Remove CONFIG_MISC_DEVICES
commit
7c5763b845 (drivers:misc: Remove MISC_DEVICES config option) removed
CONFIG_MISC_DEVICES option, so remove the occurrences from the config files
as well.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Linus Torvalds [Mon, 20 Aug 2012 19:59:51 +0000 (12:59 -0700)]
Merge tag 'regulator-3.6' of git://git./linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A bunch of fixes which are a combination of minor fixes that have been
shaken down due to greater testing exposure, the biggest block of
which are for the Palmas driver which hadn't had all the changes
required for mainline properly tested when it was merged."
* tag 'regulator-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: twl-regulator: fix up VINTANA1/VINTANA2
regulator: core: request only valid gpio pins for regulator enable
regulator: twl: Remove references to the twl4030 regulator
regulator: gpio-regulator: Split setting of voltages and currents
regulator: ab3100: add missing voltage table
regulator: anatop: Fix wrong mask used in anatop_get_voltage_sel
regulator: tps6586x: correct vin pin for sm0/sm1/sm2
regulator: palmas: Fix palmas_probe error handling
regulator: palmas: Call palmas_ldo_[read|write] in palmas_ldo_init
regulator: palmas: Fix regmap offsets for PALMAS_REG_SMPS10 vsel_reg
regulator: palmas: Fix calculating selector in palmas_map_voltage_ldo
Linus Torvalds [Mon, 20 Aug 2012 19:59:08 +0000 (12:59 -0700)]
Merge tag 'iommu-fixes-v3.6-rc2' of git://git./linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
"Two fixes are necessary. One patch fixes a boot crash on MacBook Air
with interrupt remapping enabled and the other patch fixes a
regression (which causes a boot crash on AMD IOMMUv2 systems too) in
the init code of the AMD IOMMU driver."
* tag 'iommu-fixes-v3.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/amd: Fix wrong check for ARRAY_SIZE()
irq_remap: disable IRQ remapping if any IOAPIC lacks an IOMMU
Takashi Iwai [Mon, 20 Aug 2012 19:25:22 +0000 (21:25 +0200)]
ALSA: hda - Fix leftover codec->power_transition
When the codec turn-on operation is canceled by the immediate
power-on, the driver left the power_transition flag as is.
This caused the persistent avoidance of power-save behavior.
Cc: <stable@vger.kernel.org> [v3.5+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai [Mon, 20 Aug 2012 19:26:04 +0000 (21:26 +0200)]
Merge tag 'asoc-3.6' of git://git./linux/kernel/git/broonie/sound into for-linus
ASoC: Additional updates for 3.6
A batch more bugfixes, all driver-specific and fairly small and
unremarkable in a global context. The biggest batch are for the newly
added Arizona drivers.
Guenter Roeck [Mon, 20 Aug 2012 18:23:16 +0000 (11:23 -0700)]
gpu/mfd/usb: Fix USB randconfig problems
Fix config warning:
warning: ( ... && DRM_USB) selects USB which has unmet direct dependencies
(USB_SUPPORT && USB_ARCH_HAS_HCD)
and build error:
ERROR: "usb_speed_string" [drivers/usb/core/usbcore.ko] undefined!
by adding the missing dependency on USB_ARCH_HAS_HCD to DRM_UDL and DRM_USB.
This exposes:
drivers/video/Kconfig:36:error: recursive dependency detected!
drivers/video/Kconfig:36: symbol FB is selected by DRM_KMS_HELPER
drivers/gpu/drm/Kconfig:28: symbol DRM_KMS_HELPER is selected by DRM_UDL
drivers/gpu/drm/udl/Kconfig:1: symbol DRM_UDL depends on USB_ARCH_HAS_HCD
drivers/usb/Kconfig:78: symbol USB_ARCH_HAS_HCD depends on USB_ARCH_HAS_OHCI
drivers/usb/Kconfig:16: symbol USB_ARCH_HAS_OHCI depends on I2C
drivers/i2c/Kconfig:5: symbol I2C is selected by FB_DDC
drivers/video/Kconfig:86: symbol FB_DDC is selected by FB_CYBER2000_DDC
drivers/video/Kconfig:385: symbol FB_CYBER2000_DDC depends on FB_CYBER2000
drivers/video/Kconfig:373: symbol FB_CYBER2000 depends on FB
which is due to drivers/usb/Kconfig:
config USB_ARCH_HAS_OHCI
...
default y if ARCH_PNX4008 && I2C
Fix by dropping I2C from the above dependency; logic is that this is not a
platform dependency but a configuration dependency: the _architecture_ still
supports USB even is I2C is not selected.
This exposes:
drivers/video/Kconfig:36:error: recursive dependency detected!
drivers/video/Kconfig:36: symbol FB is selected by DRM_KMS_HELPER
drivers/gpu/drm/Kconfig:28: symbol DRM_KMS_HELPER is selected by DRM_UDL
drivers/gpu/drm/udl/Kconfig:1: symbol DRM_UDL depends on USB_ARCH_HAS_HCD
drivers/usb/Kconfig:78: symbol USB_ARCH_HAS_HCD depends on USB_ARCH_HAS_OHCI
drivers/usb/Kconfig:17: symbol USB_ARCH_HAS_OHCI depends on MFD_TC6393XB
drivers/mfd/Kconfig:396: symbol MFD_TC6393XB depends on GPIOLIB
drivers/gpio/Kconfig:35: symbol GPIOLIB is selected by FB_VIA
drivers/video/Kconfig:1560: symbol FB_VIA depends on FB
which can be fixed by having MFD_TC6393XB select GPIOLIB instead of depending on
it.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Mon, 20 Aug 2012 17:36:18 +0000 (10:36 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar.
A x32 socket ABI fix with a -stable backport tag among other fixes.
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x32: Use compat shims for {g,s}etsockopt
Revert "x86-64/efi: Use EFI to deal with platform wall clock"
x86, apic: fix broken legacy interrupts in the logical apic mode
x86, build: Globally set -fno-pic
x86, avx: don't use avx instructions with "noxsave" boot param
Linus Torvalds [Mon, 20 Aug 2012 17:35:05 +0000 (10:35 -0700)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar.
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched: Fix migration thread runtime bogosity
sched,rt: fix isolated CPUs leaving root_task_group indefinitely throttled
sched,cgroup: Fix up task_groups list
sched: fix divide by zero at {thread_group,task}_times
sched, cgroup: Reduce rq->lock hold times for large cgroup hierarchies
Linus Torvalds [Mon, 20 Aug 2012 17:34:21 +0000 (10:34 -0700)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 perf fixes from Ingo Molnar.
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86: disable PEBS on a guest entry.
perf/x86: Add Intel Westmere-EX uncore support
perf/x86: Fixes for Nehalem-EX uncore driver
perf, x86: Fix uncore_types_exit section mismatch
Linus Torvalds [Mon, 20 Aug 2012 17:30:57 +0000 (10:30 -0700)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull a mutex fix from Ingo Molnar.
Fix the fastpath_lock failure contention flag for xchg-based mutexes.
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
mutex: Place lock in contended state after fastpath_lock failure
Al Viro [Mon, 20 Aug 2012 14:28:00 +0000 (15:28 +0100)]
vfs: missed source of ->f_pos races
compat_sys_{read,write}v() need the same "pass a copy of file->f_pos" thing
as sys_{read,write}{,v}().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Maxim Mikityanskiy [Fri, 6 Jul 2012 08:08:11 +0000 (16:08 +0800)]
ideapad: add Lenovo IdeaPad Z570 support (part 3)
The patch adds support for Lenovo IdeaPad Z570 laptop. It makes all special
keys working, adds possibility to control fan like Windows does, controls
Touchpad Disabled LED, toggles touchpad state via keyboard controller and
corrects touchpad behavior on resume from suspend. It is new, modified
version of patch. Now it does not depend on psmouse and does not need patching
of input subsystem.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
This is the part 3 for fan control
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Maxim Mikityanskiy [Fri, 6 Jul 2012 08:08:00 +0000 (16:08 +0800)]
ideapad: add Lenovo IdeaPad Z570 support (part 2)
The patch adds support for Lenovo IdeaPad Z570 laptop. It makes all special
keys working, adds possibility to control fan like Windows does, controls
Touchpad Disabled LED, toggles touchpad state via keyboard controller and
corrects touchpad behavior on resume from suspend. It is new, modified
version of patch. Now it does not depend on psmouse and does not need patching
of input subsystem.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
This is part 2 for touchpad toggle
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Maxim Mikityanskiy [Fri, 6 Jul 2012 08:07:50 +0000 (16:07 +0800)]
ideapad: add Lenovo IdeaPad Z570 support (part 1)
The patch adds support for Lenovo IdeaPad Z570 laptop. It makes all special
keys working, adds possibility to control fan like Windows does, controls
Touchpad Disabled LED, toggles touchpad state via keyboard controller and
corrects touchpad behavior on resume from suspend. It is new, modified
version of patch. Now it does not depend on psmouse and does not need patching
of input subsystem.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
This is part 1 for special button handling.
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Neal Cardwell [Sun, 19 Aug 2012 03:30:38 +0000 (03:30 +0000)]
net: tcp: move sk_rx_dst_set call after tcp_create_openreq_child()
This commit removes the sk_rx_dst_set calls from
tcp_create_openreq_child(), because at that point the icsk_af_ops
field of ipv6_mapped TCP sockets has not been set to its proper final
value.
Instead, to make sure we get the right sk_rx_dst_set variant
appropriate for the address family of the new connection, we have
tcp_v{4,6}_syn_recv_sock() directly call the appropriate function
shortly after the call to tcp_create_openreq_child() returns.
This also moves inet6_sk_rx_dst_set() to avoid a forward declaration
with the new approach.
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Reported-by: Artem Savkov <artem.savkov@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Randy Dunlap [Sat, 18 Aug 2012 14:36:44 +0000 (14:36 +0000)]
net/core/dev.c: fix kernel-doc warning
Fix kernel-doc warning:
Warning(net/core/dev.c:5745): No description found for parameter 'dev'
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Amerigo Wang [Sat, 18 Aug 2012 07:02:20 +0000 (07:02 +0000)]
netconsole: remove a redundant netconsole_target_put()
This netconsole_target_put() is obviously redundant, and it
causes a kernel segfault when removing a bridge device which has
netconsole running on it.
This is caused by:
commit
8d8fc29d02a33e4bd5f4fa47823c1fd386346093
Author: Amerigo Wang <amwang@redhat.com>
Date: Thu May 19 21:39:10 2011 +0000
netpoll: disable netpoll when enslave a device
Cc: David Miller <davem@davemloft.net>
(for all 3.x stable releases)
Cc: stable@vger.kernel.org
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Mon, 20 Aug 2012 09:56:56 +0000 (02:56 -0700)]
net: ipv6: fix oops in inet_putpeer()
Commit
97bab73f (inet: Hide route peer accesses behind helpers.) introduced
a bug in xfrm6_policy_destroy(). The xfrm_dst's _rt6i_peer member is not
initialized, causing a false positive result from inetpeer_ptr_is_peer(),
which in turn causes a NULL pointer dereference in inet_putpeer().
Pid: 314, comm: kworker/0:1 Not tainted 3.6.0-rc1+ #17 To Be Filled By O.E.M. To Be Filled By O.E.M./P4S800D-X
EIP: 0060:[<
c03abf93>] EFLAGS:
00010246 CPU: 0
EIP is at inet_putpeer+0xe/0x16
EAX:
00000000 EBX:
f3481700 ECX:
00000000 EDX:
000dd641
ESI:
f3481700 EDI:
c05e949c EBP:
f551def4 ESP:
f551def4
DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
CR0:
8005003b CR2:
00000070 CR3:
3243d000 CR4:
00000750
DR0:
00000000 DR1:
00000000 DR2:
00000000 DR3:
00000000
DR6:
ffff0ff0 DR7:
00000400
f551df04 c0423de1 00000000 f3481700 f551df18 c038d5f7 f254b9f8 f551df28
f34f85d8 f551df20 c03ef48d f551df3c c0396870 f30697e8 f24e1738 c05e98f4
f5509540 c05cd2b4 f551df7c c0142d2b c043feb5 f5509540 00000000 c05cd2e8
[<
c0423de1>] xfrm6_dst_destroy+0x42/0xdb
[<
c038d5f7>] dst_destroy+0x1d/0xa4
[<
c03ef48d>] xfrm_bundle_flo_delete+0x2b/0x36
[<
c0396870>] flow_cache_gc_task+0x85/0x9f
[<
c0142d2b>] process_one_work+0x122/0x441
[<
c043feb5>] ? apic_timer_interrupt+0x31/0x38
[<
c03967eb>] ? flow_cache_new_hashrnd+0x2b/0x2b
[<
c0143e2d>] worker_thread+0x113/0x3cc
Fix by adding a init_dst() callback to struct xfrm_policy_afinfo to
properly initialize the dst's peer pointer.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kelvin Cheung [Sat, 18 Aug 2012 00:16:23 +0000 (00:16 +0000)]
net/stmmac: fix issue of clk_get for Loongson1B.
When getting clock, give a chance to the CPUs without DT support,
which use Common Clock Framework, such as Loongson1B.
Signed-off-by: Kelvin Cheung <keguang.zhang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl [Fri, 17 Aug 2012 10:33:12 +0000 (10:33 +0000)]
caif: Do not dereference NULL in chnl_recv_cb()
In net/caif/chnl_net.c::chnl_recv_cb() we call skb_header_pointer()
which may return NULL, but we do not check for a NULL pointer before
dereferencing it.
This patch adds such a NULL check and properly free's allocated memory
and return an error (-EINVAL) on failure - much better than crashing..
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 20 Aug 2012 09:44:29 +0000 (02:44 -0700)]
Merge git://1984.lsi.us.es/nf
Pable Neira Ayuso says:
====================
The following five patches contain fixes for 3.6-rc, they are:
* Two fixes for message parsing in the SIP conntrack helper, from
Patrick McHardy.
* One fix for the SIP helper introduced in the user-space cthelper
infrastructure, from Patrick McHardy.
* fix missing appropriate locking while modifying one conntrack entry
from the nfqueue integration code, from myself.
* fix possible access to uninitiliazed timer in the nf_conntrack
expectation infrastructure, from myself.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Takashi Iwai [Mon, 20 Aug 2012 09:38:31 +0000 (11:38 +0200)]
Merge branch 'topic/ca0132-fix' into for-linus
This is a series of fixes for CA0132, especially the missing SPDIF I/O
and the mixer build errors.
Eric Leblond [Thu, 16 Aug 2012 22:02:58 +0000 (22:02 +0000)]
af_packet: don't emit packet on orig fanout group
If a packet is emitted on one socket in one group of fanout sockets,
it is transmitted again. It is thus read again on one of the sockets
of the fanout group. This result in a loop for software which
generate packets when receiving one.
This retransmission is not the intended behavior: a fanout group
must behave like a single socket. The packet should not be
transmitted on a socket if it originates from a socket belonging
to the same fanout group.
This patch fixes the issue by changing the transmission check to
take fanout group info account.
Reported-by: Aleksandr Kotov <a1k@mail.ru>
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David Henningsson [Mon, 20 Aug 2012 09:17:00 +0000 (11:17 +0200)]
ALSA: hda - don't create dysfunctional mixer controls for ca0132
It's possible that these amps are settable somehow, e g through
secret codec verbs, but for now, don't create the controls (as
they won't be working anyway, and cause errors in amixer).
Cc: stable@kernel.org
BugLink: https://bugs.launchpad.net/bugs/1038651
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Julia Lawall [Thu, 16 Aug 2012 21:46:58 +0000 (21:46 +0000)]
drivers/net/irda: fix error return code
Convert a nonnegative error return code to a negative one, as returned
elsewhere in the function.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
identifier ret;
expression e1,e2;
@@
if (ret < 0)
{ ... return ret; }
... when != ret = e1
when forall
*if(...)
{
... when != ret = e2
* return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julia Lawall [Thu, 16 Aug 2012 21:46:57 +0000 (21:46 +0000)]
drivers/net/wan/dscc4.c: fix error return code
Move up the initialization of rc so that failure of pci_alloc_consistent
returns -ENOMEM as well.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
identifier ret;
expression e1,e2;
@@
if (ret < 0)
{ ... return ret; }
... when != ret = e1
when forall
*if(...)
{
... when != ret = e2
* return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julia Lawall [Thu, 16 Aug 2012 21:46:56 +0000 (21:46 +0000)]
drivers/net/wimax/i2400m/fw.c: fix error return code
Convert a nonnegative error return code to a negative one, as returned
elsewhere in the function.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
identifier ret;
expression e1,e2;
@@
if (ret < 0)
{ ... return ret; }
... when != ret = e1
when forall
*if(...)
{
... when != ret = e2
* return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steve Glendinning [Wed, 15 Aug 2012 21:53:38 +0000 (21:53 +0000)]
smsc75xx: add missing entry to MAINTAINERS
Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Wed, 15 Aug 2012 03:42:57 +0000 (03:42 +0000)]
net: qmi_wwan: new devices: UML290 and K5006-Z
Newer firmware versions for the Pantech UML290 use a different
subclass ID. The Windows driver match on both IDs, so we do
that as well.
The ZTE (Vodafone) K5006-Z is a new device.
Cc: Dan Williams <dcbw@redhat.com>
Cc: Thomas Schäfer <tschaefer@t-online.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Phil Edworthy [Tue, 14 Aug 2012 20:33:29 +0000 (20:33 +0000)]
net: sh_eth: Add eth support for R8A7779 device
Signed-off-by: Phil Edworthy <phil.edworthy@renesas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Timur Tabi [Tue, 14 Aug 2012 13:20:24 +0000 (13:20 +0000)]
netdev/phy: skip disabled mdio-mux nodes
The mdio-mux driver scans all child mdio nodes, without regard to whether
the node is actually used. Some device trees include all possible
mdio-mux nodes and rely on the boot loader to disable those that are not
present, based on some run-time configuration. Those nodes need to be
skipped.
Signed-off-by: Timur Tabi <timur@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Timur Tabi [Tue, 14 Aug 2012 13:20:23 +0000 (13:20 +0000)]
dt: introduce for_each_available_child_of_node, of_get_next_available_child
Macro for_each_child_of_node() makes it easy to iterate over all of the
children for a given device tree node, including those nodes that are
marked as unavailable (i.e. status = "disabled").
Introduce for_each_available_child_of_node(), which is like
for_each_child_of_node(), but it automatically skips unavailable nodes.
This also requires the introduction of helper function
of_get_next_available_child(), which returns the next available child
node.
Signed-off-by: Timur Tabi <timur@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julia Lawall [Sun, 19 Aug 2012 07:02:59 +0000 (09:02 +0200)]
ALSA: sound/ppc/snd_ps3.c: fix error return code
Initialize ret before returning on failure, as done elsewhere in the
function.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
(
if@p1 (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Julia Lawall [Sun, 19 Aug 2012 07:02:54 +0000 (09:02 +0200)]
ALSA: sound/pci/rme9652/hdspm.c: fix error return code
Convert a nonnegative error return code to a negative one, as returned
elsewhere in the function.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
(
if@p1 (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Julia Lawall [Sun, 19 Aug 2012 07:02:55 +0000 (09:02 +0200)]
ALSA: sound/pci/sis7019.c: fix error return code
Initialize rc before returning on failure, as done elsewhere in the
function.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
(
if@p1 (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Julia Lawall [Sun, 19 Aug 2012 07:02:56 +0000 (09:02 +0200)]
ALSA: sound/pci/ctxfi/ctatc.c: fix error return code
Initialize err before returning on failure, as done elsewhere in the
function.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
(
if@p1 (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Julia Lawall [Sun, 19 Aug 2012 07:02:57 +0000 (09:02 +0200)]
ALSA: sound/atmel/ac97c.c: fix error return code
In the first case, the second test of whether retval is negative is
redundant. It is dropped and the previous and subsequent tests are
combined.
In the second case, add an initialization of retval on failure of ioremap.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
(
if@p1 (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Julia Lawall [Sun, 19 Aug 2012 07:02:58 +0000 (09:02 +0200)]
ALSA: sound/atmel/abdac.c: fix error return code
Initialize retval before returning from a failed call to ioremap.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
(
if@p1 (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret@p1 = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Randy Dunlap [Sun, 19 Aug 2012 00:43:05 +0000 (17:43 -0700)]
ALSA: fix pcm.h kernel-doc warning and notation
Fix kernel-doc warning in <sound/pcm.h> and add function name to make
the kernel-doc notation complete.
Warning(include/sound/pcm.h:1081): No description found for parameter 'substream'
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Dan Carpenter [Sat, 18 Aug 2012 15:55:15 +0000 (18:55 +0300)]
sound: oss/sb_audio: prevent divide by zero bug
Speed comes from get_user() in audio_ioctl(). We use it to set the "s"
variable before clamping it to valid values so it could lead to a divide
by zero bug.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Linus Torvalds [Sun, 19 Aug 2012 15:41:29 +0000 (08:41 -0700)]
Merge branch 'alpha' (alpha architecture patches)
Merge alpha architecture update from Michael Cree:
"The Alpha Maintainer, Matt Turner, is currently unavailable, so I have
collected up patches that have been posted to the linux-alpha mailing
list over the last couple of months, and are forwarding them to you in
the hope that you are prepared to accept them via me.
The patches by Al Viro and myself I have been running against kernels
for two months now so have had quite a bit of testing. All except one
patch were intended for the 3.5 kernel but because of Matt's
unavailability never got forwarded to you."
* emailed patches from Michael Cree <mcree@orcon.net.nz>: (9 commits)
alpha: Fix fall-out from disintegrating asm/system.h
Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts
alpha: fix fpu.h usage in userspace
alpha/mm/fault.c: Port OOM changes to do_page_fault
alpha: take kernel_execve() out of entry.S
alpha: take a bunch of syscalls into osf_sys.c
alpha: Use new generic strncpy_from_user() and strnlen_user()
alpha: Wire up cross memory attach syscalls
alpha: Don't export SOCK_NONBLOCK to user space.
Michael Cree [Sun, 19 Aug 2012 02:41:04 +0000 (14:41 +1200)]
alpha: Fix fall-out from disintegrating asm/system.h
Commit
ec2212088c42 ("Disintegrate asm/system.h for Alpha") removed
asm/system.h however arch/alpha/oprofile/common.c requires definitions
that were shifted from asm/system.h to asm/special_insns.h. Include
that.
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Sun, 19 Aug 2012 02:41:03 +0000 (14:41 +1200)]
Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts
The following build error occurred during an alpha build:
net/core/sock.c:274:36: error: initializer element is not constant
Dave Anglin says:
> Here is the line in sock.i:
>
> struct static_key memalloc_socks = ((struct static_key) { .enabled =
> ((atomic_t) { (0) }) });
The above line contains two compound literals. It also uses a designated
initializer to initialize the field enabled. A compound literal is not a
constant expression.
The location of the above statement isn't fully clear, but if a compound
literal occurs outside the body of a function, the initializer list must
consist of constant expressions.
Cc: <stable@vger.kernel.org>
Signed-off-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mike Frysinger [Sun, 19 Aug 2012 02:41:02 +0000 (14:41 +1200)]
alpha: fix fpu.h usage in userspace
After commit
ec2212088c42 ("Disintegrate asm/system.h for Alpha"), the
fpu.h header which we install for userland started depending on
special_insns.h which is not installed.
However, fpu.h only uses that for __KERNEL__ code, so protect the
inclusion the same way to avoid build breakage in glibc:
/usr/include/asm/fpu.h:4:31: fatal error: asm/special_insns.h: No such file or directory
Cc: stable@vger.kernel.org
Reported-by: Matt Turner <mattst88@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kautuk Consul [Sun, 19 Aug 2012 02:41:01 +0000 (14:41 +1200)]
alpha/mm/fault.c: Port OOM changes to do_page_fault
Commit
d065bd810b6d ("mm: retry page fault when blocking on disk
transfer") and
37b23e0525d3 ("x86,mm: make pagefault killable")
introduced changes into the x86 pagefault handler for making the page
fault handler retryable as well as killable.
These changes reduce the mmap_sem hold time, which is crucial during OOM
killer invocation.
Port these changes to ALPHA.
Signed-off-by: Mohd. Faris <mohdfarisq2010@gmail.com>
Signed-off-by: Kautuk Consul <consul.kautuk@gmail.com>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Sun, 19 Aug 2012 02:41:00 +0000 (14:41 +1200)]
alpha: take kernel_execve() out of entry.S
Signed-off-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Sun, 19 Aug 2012 02:40:59 +0000 (14:40 +1200)]
alpha: take a bunch of syscalls into osf_sys.c
New helper: current_thread_info(). Allows to do a bunch of odd syscalls
in C. While we are at it, there had never been a reason to do
osf_getpriority() in assembler. We also get "namespace"-aware (read:
consistent with getuid(2), etc.) behaviour from getx?id() syscalls now.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michael Cree [Sun, 19 Aug 2012 02:40:58 +0000 (14:40 +1200)]
alpha: Use new generic strncpy_from_user() and strnlen_user()
Similar to x86/sparc/powerpc implementations except:
1) we implement an extremely efficient has_zero()/find_zero()
sequence with both prep_zero_mask() and create_zero_mask()
no-operations.
2) Our output from prep_zero_mask() differs in that only the
lowest eight bits are used to represent the zero bytes
nevertheless it can be safely ORed with other similar masks
from prep_zero_mask() and forms input to create_zero_mask(),
the two fundamental properties prep_zero_mask() must satisfy.
Tests on EV67 and EV68 CPUs revealed that the generic code is
essentially as fast (to within 0.5% of CPU cycles) of the old
Alpha specific code for large quadword-aligned strings, despite
the 30% extra CPU instructions executed. In contrast, the
generic code for unaligned strings is substantially slower (by
more than a factor of 3) than the old Alpha specific code.
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michael Cree [Sun, 19 Aug 2012 02:40:57 +0000 (14:40 +1200)]
alpha: Wire up cross memory attach syscalls
Add sys_process_vm_readv and sys_process_vm_writev to Alpha.
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michael Cree [Sun, 19 Aug 2012 02:40:56 +0000 (14:40 +1200)]
alpha: Don't export SOCK_NONBLOCK to user space.
Currently we export SOCK_NONBLOCK to user space but that conflicts with
the definition from glibc leading to compilation errors in user programs
(e.g. see Debian bug #658460).
The generic socket.h restricts the definition of SOCK_NONBLOCK to the
kernel, as does the MIPS specific socket.h, so let's do the same on
Alpha.
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Matt Turner <mattst88@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Markus Trippelsdorf [Sun, 19 Aug 2012 00:35:51 +0000 (18:35 -0600)]
dyndbg: fix for SOH in logging messages
commit
af7f2158fde was done against master, and clashed with structured
logging's change of KERN_LEVEL to SOH.
Bisected and fixed by Markus Trippelsdorf.
Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jason Baron <jbaron@redhat.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Sat, 18 Aug 2012 23:20:05 +0000 (16:20 -0700)]
Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM fixes from Russell King:
"The largest thing in this set of changes is bringing back some of the
ARMv3 code to fix a compile problem noticed on RiscPC, which we still
support, even though we only support ARMv4 there.
(The reason is that the system bus doesn't support ARMv4 half-word
accesses, so we need the ARMv3 library code for this platform.)
The rest are all quite minor fixes."
* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7490/1: Drop duplicate select for GENERIC_IRQ_PROBE
ARM: Bring back ARMv3 IO and user access code
ARM: 7489/1: errata: fix workaround for erratum #720789 on UP systems
ARM: 7488/1: mm: use 5 bits for swapfile type encoding
ARM: 7487/1: mm: avoid setting nG bit for user mappings that aren't present
ARM: 7486/1: sched_clock: update epoch_cyc on resume
ARM: 7484/1: Don't enable GENERIC_LOCKBREAK with ticket spinlocks
ARM: 7483/1: vfp: only advertise VFPv4 in hwcaps if CONFIG_VFPv3 is enabled
ARM: 7482/1: topology: fix section mismatch warning for init_cpu_topology
Andi Kleen [Sat, 18 Aug 2012 17:30:05 +0000 (10:30 -0700)]
sections: Fix section conflicts in drivers/hwmon
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Linus Torvalds [Sat, 18 Aug 2012 21:39:19 +0000 (14:39 -0700)]
Merge tag 'pm-for-3.6-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael J. Wysocki:
- Fixes for three obscure problems in the runtime PM core code found
recently.
- Two fixes for the new "coupled" cpuidle code from Colin Cross and Jon
Medhurst.
- intel_idle driver fix from Konrad Rzeszutek Wilk.
* tag 'pm-for-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing it.
cpuidle: Prevent null pointer dereference in cpuidle_coupled_cpu_notify
cpuidle: coupled: fix sleeping while atomic in cpu notifier
PM / Runtime: Check device PM QoS setting before "no callbacks" check
PM / Runtime: Clear power.deferred_resume on success in rpm_suspend()
PM / Runtime: Fix rpm_resume() return value for power.no_callbacks set
Mike Frysinger [Sat, 18 Aug 2012 20:11:37 +0000 (16:11 -0400)]
x32: Use compat shims for {g,s}etsockopt
Some of the arguments to {g,s}etsockopt are passed in userland pointers.
If we try to use the 64bit entry point, we end up sometimes failing.
For example, dhcpcd doesn't run in x32:
# dhcpcd eth0
dhcpcd[1979]: version 5.5.6 starting
dhcpcd[1979]: eth0: broadcasting for a lease
dhcpcd[1979]: eth0: open_socket: Invalid argument
dhcpcd[1979]: eth0: send_raw_packet: Bad file descriptor
The code in particular is getting back EINVAL when doing:
struct sock_fprog pf;
setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf));
Diving into the kernel code, we can see:
include/linux/filter.h:
struct sock_fprog {
unsigned short len;
struct sock_filter __user *filter;
};
net/core/sock.c:
case SO_ATTACH_FILTER:
ret = -EINVAL;
if (optlen == sizeof(struct sock_fprog)) {
struct sock_fprog fprog;
ret = -EFAULT;
if (copy_from_user(&fprog, optval, sizeof(fprog)))
break;
ret = sk_attach_filter(&fprog, sk);
}
break;
arch/x86/syscalls/syscall_64.tbl:
54 common setsockopt sys_setsockopt
55 common getsockopt sys_getsockopt
So for x64, sizeof(sock_fprog) is 16 bytes. For x86/x32, it's 8 bytes.
This comes down to the pointer being 32bit for x32, which means we need
to do structure size translation. But since x32 comes in directly to
sys_setsockopt, it doesn't get translated like x86.
After changing the syscall table and rebuilding glibc with the new kernel
headers, dhcp runs fine in an x32 userland.
Oddly, it seems like Linus noted the same thing during the initial port,
but I guess that was missed/lost along the way:
https://lkml.org/lkml/2011/8/26/452
[ hpa: tagging for -stable since this is an ABI fix. ]
Bugzilla: https://bugs.gentoo.org/423649
Reported-by: Mads <mads@ab3.no>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Link: http://lkml.kernel.org/r/1345320697-15713-1-git-send-email-vapier@gentoo.org
Cc: H. J. Lu <hjl.tools@gmail.com>
Cc: <stable@vger.kernel.org> v3.4..v3.5
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Linus Torvalds [Sat, 18 Aug 2012 17:02:17 +0000 (10:02 -0700)]
Merge branch 'vfs-fixes' of git://git./linux/kernel/git/mszeredi/vfs
Pull vfs fixes from Miklos Szeredi.
This mainly fixes some confusion about whether the open 'mode' variable
passed around should contain the full file type (S_IFREG etc)
information or just the permission mode. In particular, the lack of
proper file type information had confused fuse.
* 'vfs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
vfs: fix propagation of atomic_open create error on negative dentry
fuse: check create mode in atomic open
vfs: pass right create mode to may_o_create()
vfs: atomic_open(): fix create mode usage
vfs: canonicalize create mode in build_open_flags()
Sven Schnelle [Fri, 17 Aug 2012 19:43:43 +0000 (21:43 +0200)]
USB: CDC ACM: Fix NULL pointer dereference
If a device specifies zero endpoints in its interface descriptor,
the kernel oopses in acm_probe(). Even though that's clearly an
invalid descriptor, we should test wether we have all endpoints.
This is especially bad as this oops can be triggered by just
plugging a USB device in.
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Sat, 18 Aug 2012 00:48:41 +0000 (17:48 -0700)]
USB: emi62: remove __devinit* from the struct usb_device_id table
This structure needs to always stick around, even if CONFIG_HOTPLUG
is disabled, otherwise we can oops when trying to probe a device that
was added after the structure is thrown away.
Thanks to Fengguang Wu and Bjørn Mork for tracking this issue down.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Reported-by: Bjørn Mork <bjorn@mork.no>
Cc: stable <stable@vger.kernel.org>
CC: Paul Gortmaker <paul.gortmaker@windriver.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Sat, 18 Aug 2012 00:48:37 +0000 (17:48 -0700)]
USB: winbond: remove __devinit* from the struct usb_device_id table
This structure needs to always stick around, even if CONFIG_HOTPLUG
is disabled, otherwise we can oops when trying to probe a device that
was added after the structure is thrown away.
Thanks to Fengguang Wu and Bjørn Mork for tracking this issue down.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Reported-by: Bjørn Mork <bjorn@mork.no>
Cc: stable <stable@vger.kernel.org>
CC: Pavel Machek <pavel@ucw.cz>
CC: Paul Gortmaker <paul.gortmaker@windriver.com>
CC: "John W. Linville" <linville@tuxdriver.com>
CC: Eliad Peller <eliad@wizery.com>
CC: Devendra Naga <devendra.aaru@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>