Tejun Heo [Wed, 23 Jan 2013 17:32:30 +0000 (09:32 -0800)]
async: use ULLONG_MAX for infinity cookie value
Currently, next_cookie is used as the infinity value. In most cases,
this should work fine but it theoretically could bring subtle behavior
difference between async_synchronize_full() and
async_synchronize_full_domain().
async_synchronize_full() keeps waiting until there's no registered
async_entry left regardless of what next_cookie was when the function
was called. It guarantees that the queue is completely drained at
least once before returning.
However, async_synchronize_full_domain() doesn't. It synchronizes
upto next_cookie and if further async jobs are queued after the
next_cookie value to synchronize is decided, they won't be waited for.
For unrelated async jobs, the behavior difference doesn't matter;
however, if async jobs which are related (nested or otherwise) to the
executing ones are queued while sychronization is in progress, the
resulting behavior difference could be problematic.
This can be easily fixed by using ULLONG_MAX as the infinity value
instead. Define ASYNC_COOKIE_MAX as ULLONG_MAX and use it as the
infinity value for synchronization. This makes
async_synchronize_full_domain() fully drain the domain at least once
before returning, making its behavior match async_synchronize_full().
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Dan Williams <djbw@fb.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Tejun Heo [Wed, 23 Jan 2013 17:32:30 +0000 (09:32 -0800)]
async: bring sanity to the use of words domain and running
In the beginning, running lists were literal struct list_heads. Later
on, struct async_domain was added. For some reason, while the
conversion substituted list_heads with async_domains, the variable
names weren't fully converted. In more places, "running" was used for
struct async_domain while other places adopted new "domain" name.
The situation is made much worse by having async_domain's running list
named "domain" and async_entry's field pointing to async_domain named
"running".
So, we end up with mix of "running" and "domain" for variable names
for async_domain, with the field names of async_domain and async_entry
swapped between "running" and "domain".
It feels almost intentionally made to be as confusing as possible.
Bring some sanity by
* Renaming all async_domain variables "domain".
* s/async_running/async_dfl_domain/
* s/async_domain->domain/async_domain->running/
* s/async_entry->running/async_entry->domain/
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Dan Williams <djbw@fb.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Tejun Heo [Wed, 23 Jan 2013 17:31:01 +0000 (09:31 -0800)]
Merge branch 'master' into for-3.9-async
To receive
f56c3196f251012de9b3ebaff55732a9074fdaae ("async: fix
__lowest_in_progress()").
Signed-off-by: Tejun Heo <tj@kernel.org>
Tejun Heo [Wed, 23 Jan 2013 00:48:03 +0000 (16:48 -0800)]
async, kmod: warn on synchronous request_module() from async workers
Synchronous requet_module() from an async worker can lead to deadlock
because module init path may invoke async_synchronize_full(). The
async worker waits for request_module() to complete and the module
loading waits for the async task to finish. This bug happened in the
block layer because of default elevator auto-loading.
Block layer has been updated not to do default elevator auto-loading
and it has been decided to disallow synchronous request_module() from
async workers.
Trigger WARN_ON_ONCE() on synchronous request_module() from async
workers.
For more details, please refer to the following thread.
http://thread.gmane.org/gmane.linux.kernel/1420814
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Alex Riesen <raa.lkml@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Tejun Heo [Wed, 23 Jan 2013 00:48:03 +0000 (16:48 -0800)]
block: don't request module during elevator init
Block layer allows selecting an elevator which is built as a module to
be selected as system default via kernel param "elevator=". This is
achieved by automatically invoking request_module() whenever a new
block device is initialized and the elevator is not available.
This led to an interesting deadlock problem involving async and module
init. Block device probing running off an async job invokes
request_module(). While the module is being loaded, it performs
async_synchronize_full() which ends up waiting for the async job which
is already waiting for request_module() to finish, leading to
deadlock.
Invoking request_module() from deep in block device init path is
already nasty in itself. It seems best to avoid these situations from
the beginning by moving on-demand module loading out of block init
path.
The previous patch made sure that the default elevator module is
loaded early during boot if available. This patch removes on-demand
loading of the default elevator from elevator init path. As the
module would have been loaded during boot, userland-visible behavior
difference should be minimal.
For more details, please refer to the following thread.
http://thread.gmane.org/gmane.linux.kernel/1420814
v2: The bool parameter was named @request_module which conflicted with
request_module(). This built okay w/ CONFIG_MODULES because
request_module() was defined as a macro. W/o CONFIG_MODULES, it
causes build breakage. Rename the parameter to @try_loading.
Reported by Fengguang.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alex Riesen <raa.lkml@gmail.com>
Cc: Fengguang Wu <fengguang.wu@intel.com>
Linus Torvalds [Wed, 23 Jan 2013 00:36:23 +0000 (16:36 -0800)]
Merge tag '3.8-pci-fixes-2' of git://git./linux/kernel/git/helgaas/pci
Pull PCI updates from Bjorn Helgaas:
"The most important is a fix for a pciehp deadlock that occurs when
unplugging a Thunderbolt adapter. We also applied the same fix to
shpchp, removed CONFIG_EXPERIMENTAL dependencies, fixed a
pcie_aspm=force problem, and fixed a refcount leak.
Details:
- Hotplug
PCI: pciehp: Use per-slot workqueues to avoid deadlock
PCI: shpchp: Make shpchp_wq non-ordered
PCI: shpchp: Handle push button event asynchronously
PCI: shpchp: Use per-slot workqueues to avoid deadlock
- Power management
PCI: Allow pcie_aspm=force even when FADT indicates it is unsupported
- Misc
PCI/AER: pci_get_domain_bus_and_slot() call missing required pci_dev_put()
PCI: remove depends on CONFIG_EXPERIMENTAL"
* tag '3.8-pci-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: remove depends on CONFIG_EXPERIMENTAL
PCI: Allow pcie_aspm=force even when FADT indicates it is unsupported
PCI: shpchp: Use per-slot workqueues to avoid deadlock
PCI: shpchp: Handle push button event asynchronously
PCI: shpchp: Make shpchp_wq non-ordered
PCI/AER: pci_get_domain_bus_and_slot() call missing required pci_dev_put()
PCI: pciehp: Use per-slot workqueues to avoid deadlock
Tejun Heo [Wed, 23 Jan 2013 00:15:15 +0000 (16:15 -0800)]
async: fix __lowest_in_progress()
Commit
083b804c4d3e ("async: use workqueue for worker pool") made it
possible that async jobs are moved from pending to running out-of-order.
While pending async jobs will be queued and dispatched for execution in
the same order, nothing guarantees they'll enter "1) move self to the
running queue" of async_run_entry_fn() in the same order.
Before the conversion, async implemented its own worker pool. An async
worker, upon being woken up, fetches the first item from the pending
list, which kept the executing lists sorted. The conversion to
workqueue was done by adding work_struct to each async_entry and async
just schedules the work item. The queueing and dispatching of such work
items are still in order but now each worker thread is associated with a
specific async_entry and moves that specific async_entry to the
executing list. So, depending on which worker reaches that point
earlier, which is non-deterministic, we may end up moving an async_entry
with larger cookie before one with smaller one.
This broke __lowest_in_progress(). running->domain may not be properly
sorted and is not guaranteed to contain lower cookies than pending list
when not empty. Fix it by ensuring sort-inserting to the running list
and always looking at both pending and running when trying to determine
the lowest cookie.
Over time, the async synchronization implementation became quite messy.
We better restructure it such that each async_entry is linked to two
lists - one global and one per domain - and not move it when execution
starts. There's no reason to distinguish pending and running. They
behave the same for synchronization purposes.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 22 Jan 2013 22:32:07 +0000 (14:32 -0800)]
Merge tag 'perf-urgent-for-mingo' of git://git./linux/kernel/git/acme/linux
Pull perf/urgent fixes from Arnaldo Carvalho de Melo:
. revert 20b279 - require exclude_guest to use PEBS - kernel side, now
older binaries will continue working for things like cycles:pp
without needing to pass extra modifiers, from David Ahern.
. Fix building from 'make perf-*-src-pkg' tarballs, broken by UAPI,
from Sebastian Andrzej Siewior
[ Pulling directly, Ingo would normally pull but has been unresponsive ]
* tag 'perf-urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
perf tools: Fix building from 'make perf-*-src-pkg' tarballs
perf x86: revert 20b279 - require exclude_guest to use PEBS - kernel side
Linus Torvalds [Tue, 22 Jan 2013 22:30:35 +0000 (14:30 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
"Improve the stability of the linux kernel on the parisc architecture"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: sigaltstack doesn't round ss.ss_sp as required
parisc: improve ptrace support for gdb single-step
parisc: don't claim cpu irqs more than once
parisc: avoid undefined shift in cnv_float.h
Linus Torvalds [Tue, 22 Jan 2013 19:53:19 +0000 (11:53 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mszeredi/fuse
Pull fuse fixes from Miklos Szeredi:
"This contain a bugfix for CUSE and miscellaneous small fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: remove unused variable in fuse_try_move_page()
fuse: make fuse_file_fallocate() static
fuse: Move CUSE Kconfig entry from fs/Kconfig into fs/fuse/Kconfig
cuse: fix uninitialized variable warnings
cuse: do not register multiple devices with identical names
cuse: use mutex as registration lock instead of spinlocks
Linus Torvalds [Tue, 22 Jan 2013 19:52:23 +0000 (11:52 -0800)]
Merge tag 'fixes-for-v3.8-rc4' of git://git./linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Here are some GPIO fixes I stacked up in my GPIO tree:
- Remove a bad #include from the Samsung driver
- Some Kconfig hazzle for the Samsungs
- Skip gpiolib registration on EXYNOS5440
- Don't free the MVEBU label"
* tag 'fixes-for-v3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: mvebu: Don't free chip label memory
gpio: samsung: skip gpio lib registration for EXYNOS5440
gpio: samsung: silent build warning for EXYNOS5 SoCs
gpio: samsung: fix pinctrl condition for exynos and exynos5440
gpio: samsung: remove inclusion <mach/regs-clock.h>
Linus Torvalds [Tue, 22 Jan 2013 18:33:17 +0000 (10:33 -0800)]
Merge tag 'f2fs-for-3.8-rc5' of git://git./linux/kernel/git/jaegeuk/f2fs
Pull f2fs fixes from Jaegeuk Kim:
o Support swap file and link generic_file_remap_pages
o Enhance the bio streaming flow and free section control
o Major bug fix on recovery routine
o Minor bug/warning fixes and code cleanups
* tag 'f2fs-for-3.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (22 commits)
f2fs: use _safe() version of list_for_each
f2fs: add comments of start_bidx_of_node
f2fs: avoid issuing small bios due to several dirty node pages
f2fs: support swapfile
f2fs: add remap_pages as generic_file_remap_pages
f2fs: add __init to functions in init_f2fs_fs
f2fs: fix the debugfs entry creation path
f2fs: add global mutex_lock to protect f2fs_stat_list
f2fs: remove the blk_plug usage in f2fs_write_data_pages
f2fs: avoid redundant time update for parent directory in f2fs_delete_entry
f2fs: remove redundant call to set_blocksize in f2fs_fill_super
f2fs: move f2fs_balance_fs to punch_hole
f2fs: add f2fs_balance_fs in several interfaces
f2fs: revisit the f2fs_gc flow
f2fs: check return value during recovery
f2fs: avoid null dereference in f2fs_acl_from_disk
f2fs: initialize newly allocated dnode structure
f2fs: update f2fs partition info about SIT/NAT layout
f2fs: update f2fs document to reflect SIT/NAT layout correctly
f2fs: remove unneeded INIT_LIST_HEAD at few places
...
Linus Torvalds [Tue, 22 Jan 2013 18:31:57 +0000 (10:31 -0800)]
Merge tag 'vfio-for-v3.8-rc5' of git://github.com/awilliam/linux-vfio
Pull vfio fix from Alex Williamson.
"vfio-pci: Fix buffer overfill"
* tag 'vfio-for-v3.8-rc5' of git://github.com/awilliam/linux-vfio:
vfio-pci: Fix buffer overfill
Linus Torvalds [Tue, 22 Jan 2013 18:30:49 +0000 (10:30 -0800)]
Merge tag 'trace-3.8-rc4-fix' of git://git./linux/kernel/git/rostedt/linux-trace
Pull ftrace fix from Steven Rostedt:
"Kprobes now uses the function tracer if it can. That is, if a probe
is placed on a function mcount/nop location, and the arch supports it,
instead of adding a breakpoint, kprobes will register a function
callback as that is much more efficient.
The function tracer requires to update modules before they run, and
uses the module notifier to do so. But if something else in the
module notifiers registers a kprobe at one of these locations, before
ftrace can get to it, then the system could fail.
The function tracer must be initialized early, otherwise module
notifiers that probe will only work by chance."
* tag 'trace-3.8-rc4-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ftrace: Be first to run code modification on modules
Linus Torvalds [Tue, 22 Jan 2013 18:10:34 +0000 (10:10 -0800)]
Merge tag 'upstream-linus' of git://git./linux/kernel/git/jgarzik/libata-dev
Pull libata fixes from Jeff Garzik:
1) ahci: Fix typo that caused erronenous error handling.
Thought: I wonder if sparse could have caught this, somehow.
2) ahci: support a slightly odd Enmotus variant
3) core: fix a drive detection problem by correcting the logic by which
the DevSlp timing variables are obtained and used.
* tag 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[libata] replace sata_settings with devslp_timing
[libata] ahci: Add support for Enmotus Bobcat device.
[libata] ahci: Fix lack of command retry after a success error handler.
Linus Torvalds [Tue, 22 Jan 2013 18:10:10 +0000 (10:10 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/linux-security
Pull security subsystem bugfixes from James Morris.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
security/device_cgroup: lock assert fails in dev_exception_clean()
evm: checking if removexattr is not a NULL
Oleg Nesterov [Mon, 21 Jan 2013 19:48:17 +0000 (20:48 +0100)]
wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task
wake_up_process() should never wakeup a TASK_STOPPED/TRACED task.
Change it to use TASK_NORMAL and add the WARN_ON().
TASK_ALL has no other users, probably can be killed.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Oleg Nesterov [Mon, 21 Jan 2013 19:48:00 +0000 (20:48 +0100)]
ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
putreg() assumes that the tracee is not running and pt_regs_access() can
safely play with its stack. However a killed tracee can return from
ptrace_stop() to the low-level asm code and do RESTORE_REST, this means
that debugger can actually read/modify the kernel stack until the tracee
does SAVE_REST again.
set_task_blockstep() can race with SIGKILL too and in some sense this
race is even worse, the very fact the tracee can be woken up breaks the
logic.
As Linus suggested we can clear TASK_WAKEKILL around the arch_ptrace()
call, this ensures that nobody can ever wakeup the tracee while the
debugger looks at it. Not only this fixes the mentioned problems, we
can do some cleanups/simplifications in arch_ptrace() paths.
Probably ptrace_unfreeze_traced() needs more callers, for example it
makes sense to make the tracee killable for oom-killer before
access_process_vm().
While at it, add the comment into may_ptrace_stop() to explain why
ptrace_stop() still can't rely on SIGKILL and signal_pending_state().
Reported-by: Salman Qazi <sqazi@google.com>
Reported-by: Suleiman Souhlal <suleiman@google.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Oleg Nesterov [Mon, 21 Jan 2013 19:47:41 +0000 (20:47 +0100)]
ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
Cleanup and preparation for the next change.
signal_wake_up(resume => true) is overused. None of ptrace/jctl callers
actually want to wakeup a TASK_WAKEKILL task, but they can't specify the
necessary mask.
Turn signal_wake_up() into signal_wake_up_state(state), reintroduce
signal_wake_up() as a trivial helper, and add ptrace_signal_wake_up()
which adds __TASK_TRACED.
This way ptrace_signal_wake_up() can work "inside" ptrace_request()
even if the tracee doesn't have the TASK_WAKEKILL bit set.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Carpenter [Sun, 20 Jan 2013 15:02:58 +0000 (18:02 +0300)]
f2fs: use _safe() version of list_for_each
This is calling list_del() inside a loop which is a problem when we try
move to the next item on the list. I've converted it to use the _safe
version. And also, as a cleanup, I've converted it to use
list_for_each_entry instead of list_for_each.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Jaegeuk Kim [Mon, 21 Jan 2013 08:34:21 +0000 (17:34 +0900)]
f2fs: add comments of start_bidx_of_node
The caller of start_bidx_of_node() should give proper node offsets which
point only direct node blocks. Otherwise, it is a caller's bug.
This patch adds comments to make it clear.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Jaegeuk Kim [Fri, 18 Jan 2013 05:54:13 +0000 (14:54 +0900)]
f2fs: avoid issuing small bios due to several dirty node pages
If some small bios of dirty node pages are supposed to be issued during the
sequential data writes, there-in well-produced consecutive data bios are able
to be split by the small node bios, resulting in performance degradation.
So, let's collect a number of dirty node pages until reaching a threshold.
And, by default, I set the threshold as 2MB, a segment size.
This improves sequential write performance on i5, 512GB SSD (830 w/ SATA2) as
follows.
Before: 231 MB/s -> After: 255 MB/s
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Reviewed-by: Namjae Jeon <namjae.jeon@samsung.com>
Jaegeuk Kim [Thu, 17 Jan 2013 11:30:23 +0000 (20:30 +0900)]
f2fs: support swapfile
This patch adds f2fs_bmap operation to the data address space.
This enables f2fs to support swapfile.
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Jaegeuk Kim [Thu, 17 Jan 2013 09:37:41 +0000 (18:37 +0900)]
f2fs: add remap_pages as generic_file_remap_pages
This was added for all the file systems before.
See the following commit.
commit id:
0b173bc4daa8f8ec03a85abf5e47b23502ff80af
[PATCH] mm: kill vma flag VM_CAN_NONLINEAR
This patch moves actual ptes filling for non-linear file mappings
into special vma operation: ->remap_pages().
File system must implement this method to get non-linear mappings support,
if it uses filemap_fault() then generic_file_remap_pages() can be used.
Now device drivers can implement this method and obtain nonlinear vma support."
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Namjae Jeon [Wed, 16 Jan 2013 15:08:30 +0000 (00:08 +0900)]
f2fs: add __init to functions in init_f2fs_fs
Add __init to functions in init_f2fs_fs for code consistency.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Steven Rostedt [Fri, 14 Dec 2012 14:48:15 +0000 (09:48 -0500)]
ftrace: Be first to run code modification on modules
If some other kernel subsystem has a module notifier, and adds a kprobe
to a ftrace mcount point (now that kprobes work on ftrace points),
when the ftrace notifier runs it will fail and disable ftrace, as well
as kprobes that are attached to ftrace points.
Here's the error:
WARNING: at kernel/trace/ftrace.c:1618 ftrace_bug+0x239/0x280()
Hardware name: Bochs
Modules linked in: fat(+) stap_56d28a51b3fe546293ca0700b10bcb29__8059(F) nfsv4 auth_rpcgss nfs dns_resolver fscache xt_nat iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack lockd sunrpc ppdev parport_pc parport microcode virtio_net i2c_piix4 drm_kms_helper ttm drm i2c_core [last unloaded: bid_shared]
Pid: 8068, comm: modprobe Tainted: GF 3.7.0-0.rc8.git0.1.fc19.x86_64 #1
Call Trace:
[<
ffffffff8105e70f>] warn_slowpath_common+0x7f/0xc0
[<
ffffffff81134106>] ? __probe_kernel_read+0x46/0x70
[<
ffffffffa0180000>] ? 0xffffffffa017ffff
[<
ffffffffa0180000>] ? 0xffffffffa017ffff
[<
ffffffff8105e76a>] warn_slowpath_null+0x1a/0x20
[<
ffffffff810fd189>] ftrace_bug+0x239/0x280
[<
ffffffff810fd626>] ftrace_process_locs+0x376/0x520
[<
ffffffff810fefb7>] ftrace_module_notify+0x47/0x50
[<
ffffffff8163912d>] notifier_call_chain+0x4d/0x70
[<
ffffffff810882f8>] __blocking_notifier_call_chain+0x58/0x80
[<
ffffffff81088336>] blocking_notifier_call_chain+0x16/0x20
[<
ffffffff810c2a23>] sys_init_module+0x73/0x220
[<
ffffffff8163d719>] system_call_fastpath+0x16/0x1b
---[ end trace
9ef46351e53bbf80 ]---
ftrace failed to modify [<
ffffffffa0180000>] init_once+0x0/0x20 [fat]
actual: cc:bb:d2:4b:e1
A kprobe was added to the init_once() function in the fat module on load.
But this happened before ftrace could have touched the code. As ftrace
didn't run yet, the kprobe system had no idea it was a ftrace point and
simply added a breakpoint to the code (0xcc in the cc:bb:d2:4b:e1).
Then when ftrace went to modify the location from a call to mcount/fentry
into a nop, it didn't see a call op, but instead it saw the breakpoint op
and not knowing what to do with it, ftrace shut itself down.
The solution is to simply give the ftrace module notifier the max priority.
This should have been done regardless, as the core code ftrace modification
also happens very early on in boot up. This makes the module modification
closer to core modification.
Link: http://lkml.kernel.org/r/20130107140333.593683061@goodmis.org
Cc: stable@vger.kernel.org
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Reported-by: Frank Ch. Eigler <fche@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Jerry Snitselaar [Thu, 17 Jan 2013 08:04:14 +0000 (01:04 -0700)]
security/device_cgroup: lock assert fails in dev_exception_clean()
devcgroup_css_free() calls dev_exception_clean() without the devcgroup_mutex being locked.
Shutting down a kvm virt was giving me the following trace:
[36280.732764] ------------[ cut here ]------------
[36280.732778] WARNING: at /home/snits/dev/linux/security/device_cgroup.c:172 dev_exception_clean+0xa9/0xc0()
[36280.732782] Hardware name: Studio XPS 8100
[36280.732785] Modules linked in: xt_REDIRECT fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_CHECKSUM iptable_mangle bridge stp llc nf_conntrack_ipv4 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter it87 hwmon_vid xt_state nf_conntrack ip6_tables snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq coretemp snd_seq_device crc32c_intel snd_pcm snd_page_alloc snd_timer snd broadcom tg3 serio_raw i7core_edac edac_core ptp pps_core lpc_ich pcspkr mfd_core soundcore microcode i2c_i801 nfsd auth_rpcgss nfs_acl lockd vhost_net sunrpc tun macvtap macvlan kvm_intel kvm uinput binfmt_misc autofs4 usb_storage firewire_ohci firewire_core crc_itu_t radeon drm_kms_helper ttm
[36280.732921] Pid: 933, comm: libvirtd Tainted: G W 3.8.0-rc3-00307-g4c217de #1
[36280.732922] Call Trace:
[36280.732927] [<
ffffffff81044303>] warn_slowpath_common+0x93/0xc0
[36280.732930] [<
ffffffff8104434a>] warn_slowpath_null+0x1a/0x20
[36280.732932] [<
ffffffff812deaf9>] dev_exception_clean+0xa9/0xc0
[36280.732934] [<
ffffffff812deb2a>] devcgroup_css_free+0x1a/0x30
[36280.732938] [<
ffffffff810ccd76>] cgroup_diput+0x76/0x210
[36280.732941] [<
ffffffff8119eac0>] d_delete+0x120/0x180
[36280.732943] [<
ffffffff81195cff>] vfs_rmdir+0xef/0x130
[36280.732945] [<
ffffffff81195e47>] do_rmdir+0x107/0x1c0
[36280.732949] [<
ffffffff8132d17e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[36280.732951] [<
ffffffff81198646>] sys_rmdir+0x16/0x20
[36280.732954] [<
ffffffff8173bd82>] system_call_fastpath+0x16/0x1b
[36280.732956] ---[ end trace
ca39dced899a7d9f ]---
Signed-off-by: Jerry Snitselaar <jerry.snitselaar@oracle.com>
Cc: stable@kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Dmitry Kasatkin [Fri, 18 Jan 2013 21:56:39 +0000 (23:56 +0200)]
evm: checking if removexattr is not a NULL
The following lines of code produce a kernel oops.
fd = socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
fchmod(fd, 0666);
[ 139.922364] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 139.924982] IP: [< (null)>] (null)
[ 139.924982] *pde =
00000000
[ 139.924982] Oops: 0000 [#5] SMP
[ 139.924982] Modules linked in: fuse dm_crypt dm_mod i2c_piix4 serio_raw evdev binfmt_misc button
[ 139.924982] Pid: 3070, comm: acpid Tainted: G D 3.8.0-rc2-kds+ #465 Bochs Bochs
[ 139.924982] EIP: 0060:[<
00000000>] EFLAGS:
00010246 CPU: 0
[ 139.924982] EIP is at 0x0
[ 139.924982] EAX:
cf5ef000 EBX:
cf5ef000 ECX:
c143d600 EDX:
c15225f2
[ 139.924982] ESI:
cf4d2a1c EDI:
cf4d2a1c EBP:
cc02df10 ESP:
cc02dee4
[ 139.924982] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 139.924982] CR0:
80050033 CR2:
00000000 CR3:
0c059000 CR4:
000006d0
[ 139.924982] DR0:
00000000 DR1:
00000000 DR2:
00000000 DR3:
00000000
[ 139.924982] DR6:
ffff0ff0 DR7:
00000400
[ 139.924982] Process acpid (pid: 3070, ti=
cc02c000 task=
d7705340 task.ti=
cc02c000)
[ 139.924982] Stack:
[ 139.924982]
c1203c88 00000000 cc02def4 cf4d2a1c ae21eefa 471b60d5 1083c1ba c26a5940
[ 139.924982]
e891fb5e 00000041 00000004 cc02df1c c1203964 00000000 cc02df4c c10e20c3
[ 139.924982]
00000002 00000000 00000000 22222222 c1ff2222 cf5ef000 00000000 d76efb08
[ 139.924982] Call Trace:
[ 139.924982] [<
c1203c88>] ? evm_update_evmxattr+0x5b/0x62
[ 139.924982] [<
c1203964>] evm_inode_post_setattr+0x22/0x26
[ 139.924982] [<
c10e20c3>] notify_change+0x25f/0x281
[ 139.924982] [<
c10cbf56>] chmod_common+0x59/0x76
[ 139.924982] [<
c10e27a1>] ? put_unused_fd+0x33/0x33
[ 139.924982] [<
c10cca09>] sys_fchmod+0x39/0x5c
[ 139.924982] [<
c13f4f30>] syscall_call+0x7/0xb
[ 139.924982] Code: Bad EIP value.
This happens because sockets do not define the removexattr operation.
Before removing the xattr, verify the removexattr function pointer is
not NULL.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Linus Torvalds [Mon, 21 Jan 2013 04:55:49 +0000 (20:55 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"A bunch of intel and radeon fixes, along with two fixes to TTM code.
The correct fix for the Intel ironlake failure is in this, and should
make things more stable, along with some misc radeon fixes."
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
ttm: on move memory failure don't leave a node dangling
ttm: don't destroy old mm_node on memcpy failure
Revert "drm/radeon: do not move bo to different placement at each cs"
drm/i915: fix FORCEWAKE posting reads
drm/i915: Invalidate the relocation presumed_offsets along the slow path
drm/i915/eDP: do not write power sequence registers for ghost eDP
drm/radeon: improve semaphore debugging on lockup
drm/radeon: allow FP16 color clear registers on r500
drm/radeon: clear reset flags if engines are idle
drm/i915: Record DERRMR, FORCEWAKE and RING_CTL in error-state
Linus Torvalds [Mon, 21 Jan 2013 04:22:58 +0000 (20:22 -0800)]
module: fix missing module_mutex unlock
Commit
1fb9341ac348 ("module: put modules in list much earlier") moved
some of the module initialization code around, and in the process
changed the exit paths too. But for the duplicate export symbol error
case the change made the ddebug_cleanup path jump to after the module
mutex unlock, even though it happens with the mutex held.
Rusty has some patches to split this function up into some helper
functions, hopefully the mess of complex goto targets will go away
eventually.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dave Airlie [Wed, 16 Jan 2013 05:58:34 +0000 (15:58 +1000)]
ttm: on move memory failure don't leave a node dangling
if we have a move notify callback, when moving fails, we call move notify
the opposite way around, however this ends up with *mem containing the mm_node
from the bo, which means we double free it. This is a follow on to the previous
fix.
Reviewed-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave Airlie [Wed, 16 Jan 2013 04:25:44 +0000 (14:25 +1000)]
ttm: don't destroy old mm_node on memcpy failure
When we are using memcpy to move objects around, and we fail to memcpy
due to lack of memory to populate or failure to finish the copy, we don't
want to destroy the mm_node that has been copied into old_copy.
While working on a new kms driver that uses memcpy, if I overallocated bo's
up to the memory limits, and eviction failed, then machine would oops soon
after due to having an active bo with an already freed drm_mm embedded in it,
freeing it a second time didn't end well.
Reviewed-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave Airlie [Mon, 21 Jan 2013 03:25:30 +0000 (13:25 +1000)]
Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-next
More important fixes for 3.9:
- error_state improvements to help debug the new scanline wait code added
for gen6+ - bug reports started popping up :( patch from Chris Wilson.
- fix a panel power sequence confusion between the eDP and lvds detection
code resulting in black screens - regression introduce in 3.8 (Jani
Nikula)
- Chris fixed the root-cause of the ilk relocation vs. evict bug.
- Another piece of cargo-culted rc6 lore from Jani, fixes up a regression
where a system refused to go into rc6 after suspend sometimes.
* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
drm/i915: fix FORCEWAKE posting reads
drm/i915: Invalidate the relocation presumed_offsets along the slow path
drm/i915/eDP: do not write power sequence registers for ghost eDP
drm/i915: Record DERRMR, FORCEWAKE and RING_CTL in error-state
Dave Airlie [Mon, 21 Jan 2013 03:24:12 +0000 (13:24 +1000)]
Merge branch 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux into drm-next
A number of fixes, and one revert for a patch having some wierd side effects.
* 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux:
Revert "drm/radeon: do not move bo to different placement at each cs"
drm/radeon: improve semaphore debugging on lockup
drm/radeon: allow FP16 color clear registers on r500
drm/radeon: clear reset flags if engines are idle
Linus Torvalds [Mon, 21 Jan 2013 00:44:28 +0000 (16:44 -0800)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/rusty/linux
Pull module fixes and a virtio block fix from Rusty Russell:
"Various minor fixes, but a slightly more complex one to fix the
per-cpu overload problem introduced recently by kvm id changes."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
module: put modules in list much earlier.
module: add new state MODULE_STATE_UNFORMED.
module: prevent warning when finit_module a 0 sized file
virtio-blk: Don't free ida when disk is in use
Linus Torvalds [Sun, 20 Jan 2013 21:58:48 +0000 (13:58 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/signal
Pull misc syscall fixes from Al Viro:
- compat syscall fixes (discussed back in December)
- a couple of "make life easier for sigaltstack stuff by reducing
inter-tree dependencies"
- fix up compiler/asmlinkage calling convention disagreement of
sys_clone()
- misc
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
sys_clone() needs asmlinkage_protect
make sure that /linuxrc has std{in,out,err}
x32: fix sigtimedwait
x32: fix waitid()
switch compat_sys_wait4() and compat_sys_waitid() to COMPAT_SYSCALL_DEFINE
switch compat_sys_sigaltstack() to COMPAT_SYSCALL_DEFINE
CONFIG_GENERIC_SIGALTSTACK build breakage with asm-generic/syscalls.h
Ensure that kernel_init_freeable() is not inlined into non __init code
Oleg Nesterov [Sun, 20 Jan 2013 19:25:47 +0000 (20:25 +0100)]
ia64: kill thread_matches(), unexport ptrace_check_attach()
The ia64 function "thread_matches()" has no users since commit
e868a55c2a8c ("[IA64] remove find_thread_for_addr()"). Remove it.
This allows us to make ptrace_check_attach() static to kernel/ptrace.c,
which is good since we'll need to change the semantics of it and fix up
all the callers.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Sun, 20 Jan 2013 03:13:34 +0000 (22:13 -0500)]
sys_clone() needs asmlinkage_protect
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 19 Jan 2013 18:29:54 +0000 (13:29 -0500)]
make sure that /linuxrc has std{in,out,err}
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Linus Torvalds [Fri, 18 Jan 2013 22:06:29 +0000 (14:06 -0800)]
Merge tag 'usb-3.8-rc4' of git://git./linux/kernel/git/gregkh/usb
Pull USB fixes from Greg Kroah-Hartman:
"Here are 3 USB patches for 3.8-rc4. Two of them are new device id
patches, and the third fixes a reported oops in the io_ti USB serial
driver"
* tag 'usb-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: io_ti: Fix NULL dereference in chase_port()
USB: option: add TP-LINK HSUPA Modem MA180
USB: option: blacklist network interface on ONDA MT8205 4G LTE
Linus Torvalds [Fri, 18 Jan 2013 22:05:59 +0000 (14:05 -0800)]
Merge tag 'tty-3.8-rc4' of git://git./linux/kernel/git/gregkh/tty
Pull tty/serial fixes from Greg Kroah-Hartman:
"Here are a few tty/serial driver fixes for 3.8-rc4 that resolve a
number of problems that people have been having, including the ptys
ioctl issue that is a regression fix"
* tag 'tty-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
8250/16?50: Add support for Broadcom TruManage redirected serial port
pty: return EINVAL for TIOCGPTN for BSD ptys
serial:ifx6x60:Keep word size accordance with SPI controller
tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler
serial: samsung: remove redundant setting of line config during port reset
serial:ifx6x60:Delete SPI timer when shut down port
tty/8250: The correct device id for this card is 0x0022
tty/8250: pbn_b0_8_1152000_200 is supposed to be an 8 port definition
tty: serial: vt8500: fix return value check in vt8500_serial_probe()
serial: mxs-auart: Index is unsigned
mxs: uart: fix setting RTS from software
Tejun Heo [Fri, 18 Jan 2013 22:05:56 +0000 (14:05 -0800)]
init, block: try to load default elevator module early during boot
This patch adds default module loading and uses it to load the default
block elevator. During boot, it's called right after initramfs or
initrd is made available and right before control is passed to
userland. This ensures that as long as the modules are available in
the usual places in initramfs, initrd or the root filesystem, the
default modules are loaded as soon as possible.
This will replace the on-demand elevator module loading from elevator
init path.
v2: Fixed build breakage when !CONFIG_BLOCK. Reported by kbuild test
robot.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alex Riesen <raa.lkml@gmail.com>
Cc: Fengguang We <fengguang.wu@intel.com>
Tejun Heo [Fri, 18 Jan 2013 22:05:56 +0000 (14:05 -0800)]
workqueue: implement current_is_async()
This function queries whether %current is an async worker executing an
async item. This will be used to implement warning on synchronous
request_module() from async workers.
Signed-off-by: Tejun Heo <tj@kernel.org>
Tejun Heo [Fri, 18 Jan 2013 22:05:55 +0000 (14:05 -0800)]
workqueue: move struct worker definition to workqueue_internal.h
This will be used to implement an inline function to query whether
%current is a workqueue worker and, if so, allow determining which
work item it's executing.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Tejun Heo [Fri, 18 Jan 2013 22:05:55 +0000 (14:05 -0800)]
workqueue: rename kernel/workqueue_sched.h to kernel/workqueue_internal.h
Workqueue wants to expose more interface internal to kernel/. Instead
of adding a new header file, repurpose kernel/workqueue_sched.h.
Rename it to workqueue_internal.h and add include protector.
This patch doesn't introduce any functional changes.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Linus Torvalds [Fri, 18 Jan 2013 22:05:25 +0000 (14:05 -0800)]
Merge tag 'staging-3.8-rc4' of git://git./linux/kernel/git/gregkh/staging
Pull staging driver bugfixes from Greg Kroah-Hartman:
"Here are some bugfixes for the drivers/staging tree for 3.8-rc4.
Nothing major, just a number of small fixes for problems that people
have reported, including finally tracking down the root of the 64/32
bit problem with the vt6656 that has been driving people crazy for a
while"
* tag 'staging-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging/sb105x: PARPORT config is not good enough must use PARPORT_PC
staging: wlan-ng: Fix clamping of returned SSID length
staging: vt6656: Fix inconsistent structure packing
staging:iio:adis16080: Perform sign extension
iio: mxs-lradc: indexes are unsigned
Linus Torvalds [Fri, 18 Jan 2013 22:04:50 +0000 (14:04 -0800)]
Merge tag 'char-misc-3.8-rc4' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg Kroah-Hartman:
"Here are two hyperv patches for 3.8-rc4 that fix some reported
problems hv_balloon driver"
* tag 'char-misc-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
Drivers: hv: balloon: Fix a memory leak
Drivers: hv: balloon: Fix a bug in the definition of struct dm_info_msg
Linus Torvalds [Fri, 18 Jan 2013 20:02:52 +0000 (12:02 -0800)]
Merge tag 'stable/for-linus-3.8-rc3-tag' of git://git./linux/kernel/git/konrad/xen
Pull Xen fixes from Konrad Rzeszutek Wilk:
- CVE-2013-0190/XSA-40 (or stack corruption for 32-bit PV kernels)
- Fix racy vma access spotted by Al Viro
- Fix mmap batch ioctl potentially resulting in large O(n) page allcations.
- Fix vcpu online/offline BUG:scheduling while atomic..
- Fix unbound buffer scanning for more than 32 vCPUs.
- Fix grant table being incorrectly initialized
- Fix incorrect check in pciback
- Allow privcmd in backend domains.
Fix up whitespace conflict due to ugly merge resolution in Xen tree in
arch/arm/xen/enlighten.c
* tag 'stable/for-linus-3.8-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
Revert "xen/smp: Fix CPU online/offline bug triggering a BUG: scheduling while atomic."
xen/gntdev: remove erronous use of copy_to_user
xen/gntdev: correctly unmap unlinked maps in mmu notifier
xen/gntdev: fix unsafe vma access
xen/privcmd: Fix mmap batch ioctl.
Xen: properly bound buffer access when parsing cpu/*/availability
xen/grant-table: correctly initialize grant table version 1
x86/xen : Fix the wrong check in pciback
xen/privcmd: Relax access control in privcmd_ioctl_mmap
Linus Torvalds [Fri, 18 Jan 2013 19:58:10 +0000 (11:58 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/gerg/m68knommu
Pull m68knommu arch fixes from Greg Ungerer:
"This contains a couple of fixes, both affecting compilation of non-mmu
m68k targets."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k: fix conditional use of init_pointer_table
m68knommu: add KMAP definitions for non-MMU definitions
Kirill A. Shutemov [Wed, 26 Dec 2012 00:19:55 +0000 (03:19 +0300)]
asm-generic, mm: pgtable: convert my_zero_pfn() to macros to fix build
Commit
816422ad7647 ("asm-generic, mm: pgtable: consolidate zero page
helpers") broke the compile on MIPS if SPARSEMEM is enabled. We get
this:
In file included from arch/mips/include/asm/pgtable.h:552,
from include/linux/mm.h:44,
from arch/mips/kernel/asm-offsets.c:14:
include/asm-generic/pgtable.h: In function 'my_zero_pfn':
include/asm-generic/pgtable.h:466: error: implicit declaration of function 'page_to_section'
In file included from arch/mips/kernel/asm-offsets.c:14:
include/linux/mm.h: At top level:
include/linux/mm.h:738: error: conflicting types for 'page_to_section'
include/asm-generic/pgtable.h:466: note: previous implicit declaration of 'page_to_section' was here
Due header files inter-dependencies, the only way I see to fix it is
convert my_zero_pfn() for __HAVE_COLOR_ZERO_PAGE to macros.
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Acked-by: David Daney <david.daney@cavium.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 18 Jan 2013 03:25:45 +0000 (19:25 -0800)]
Linux 3.8-rc4
Wolfgang Frisch [Thu, 17 Jan 2013 00:07:02 +0000 (01:07 +0100)]
USB: io_ti: Fix NULL dereference in chase_port()
The tty is NULL when the port is hanging up.
chase_port() needs to check for this.
This patch is intended for stable series.
The behavior was observed and tested in Linux 3.2 and 3.7.1.
Johan Hovold submitted a more elaborate patch for the mainline kernel.
[ 56.277883] usb 1-1: edge_bulk_in_callback - nonzero read bulk status received: -84
[ 56.278811] usb 1-1: USB disconnect, device number 3
[ 56.278856] usb 1-1: edge_bulk_in_callback - stopping read!
[ 56.279562] BUG: unable to handle kernel NULL pointer dereference at
00000000000001c8
[ 56.280536] IP: [<
ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[ 56.281212] PGD
1dc1b067 PUD
1e0f7067 PMD 0
[ 56.282085] Oops: 0002 [#1] SMP
[ 56.282744] Modules linked in:
[ 56.283512] CPU 1
[ 56.283512] Pid: 25, comm: khubd Not tainted 3.7.1 #1 innotek GmbH VirtualBox/VirtualBox
[ 56.283512] RIP: 0010:[<
ffffffff8144e62a>] [<
ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[ 56.283512] RSP: 0018:
ffff88001fa99ab0 EFLAGS:
00010046
[ 56.283512] RAX:
0000000000000046 RBX:
00000000000001c8 RCX:
0000000000640064
[ 56.283512] RDX:
0000000000010000 RSI:
ffff88001fa99b20 RDI:
00000000000001c8
[ 56.283512] RBP:
ffff88001fa99b20 R08:
0000000000000000 R09:
0000000000000000
[ 56.283512] R10:
0000000000000000 R11:
ffffffff812fcb4c R12:
ffff88001ddf53c0
[ 56.283512] R13:
0000000000000000 R14:
00000000000001c8 R15:
ffff88001e19b9f4
[ 56.283512] FS:
0000000000000000(0000) GS:
ffff88001fd00000(0000) knlGS:
0000000000000000
[ 56.283512] CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
[ 56.283512] CR2:
00000000000001c8 CR3:
000000001dc51000 CR4:
00000000000006e0
[ 56.283512] DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
[ 56.283512] DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
[ 56.283512] Process khubd (pid: 25, threadinfo
ffff88001fa98000, task
ffff88001fa94f80)
[ 56.283512] Stack:
[ 56.283512]
0000000000000046 00000000000001c8 ffffffff810578ec ffffffff812fcb4c
[ 56.283512]
ffff88001e19b980 0000000000002710 ffffffff812ffe81 0000000000000001
[ 56.283512]
ffff88001fa94f80 0000000000000202 ffffffff00000001 0000000000000296
[ 56.283512] Call Trace:
[ 56.283512] [<
ffffffff810578ec>] ? add_wait_queue+0x12/0x3c
[ 56.283512] [<
ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
[ 56.283512] [<
ffffffff812ffe81>] ? chase_port+0x84/0x2d6
[ 56.283512] [<
ffffffff81063f27>] ? try_to_wake_up+0x199/0x199
[ 56.283512] [<
ffffffff81263a5c>] ? tty_ldisc_hangup+0x222/0x298
[ 56.283512] [<
ffffffff81300171>] ? edge_close+0x64/0x129
[ 56.283512] [<
ffffffff810612f7>] ? __wake_up+0x35/0x46
[ 56.283512] [<
ffffffff8106135b>] ? should_resched+0x5/0x23
[ 56.283512] [<
ffffffff81264916>] ? tty_port_shutdown+0x39/0x44
[ 56.283512] [<
ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
[ 56.283512] [<
ffffffff8125d38c>] ? __tty_hangup+0x307/0x351
[ 56.283512] [<
ffffffff812e6ddc>] ? usb_hcd_flush_endpoint+0xde/0xed
[ 56.283512] [<
ffffffff8144e625>] ? _raw_spin_lock_irqsave+0x14/0x35
[ 56.283512] [<
ffffffff812fd361>] ? usb_serial_disconnect+0x57/0xc2
[ 56.283512] [<
ffffffff812ea99b>] ? usb_unbind_interface+0x5c/0x131
[ 56.283512] [<
ffffffff8128d738>] ? __device_release_driver+0x7f/0xd5
[ 56.283512] [<
ffffffff8128d9cd>] ? device_release_driver+0x1a/0x25
[ 56.283512] [<
ffffffff8128d393>] ? bus_remove_device+0xd2/0xe7
[ 56.283512] [<
ffffffff8128b7a3>] ? device_del+0x119/0x167
[ 56.283512] [<
ffffffff812e8d9d>] ? usb_disable_device+0x6a/0x180
[ 56.283512] [<
ffffffff812e2ae0>] ? usb_disconnect+0x81/0xe6
[ 56.283512] [<
ffffffff812e4435>] ? hub_thread+0x577/0xe82
[ 56.283512] [<
ffffffff8144daa7>] ? __schedule+0x490/0x4be
[ 56.283512] [<
ffffffff8105798f>] ? abort_exclusive_wait+0x79/0x79
[ 56.283512] [<
ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
[ 56.283512] [<
ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
[ 56.283512] [<
ffffffff810570b4>] ? kthread+0x81/0x89
[ 56.283512] [<
ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
[ 56.283512] [<
ffffffff8145387c>] ? ret_from_fork+0x7c/0xb0
[ 56.283512] [<
ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
[ 56.283512] Code: 8b 7c 24 08 e8 17 0b c3 ff 48 8b 04 24 48 83 c4 10 c3 53 48 89 fb 41 50 e8 e0 0a c3 ff 48 89 04 24 e8 e7 0a c3 ff ba 00 00 01 00
<f0> 0f c1 13 48 8b 04 24 89 d1 c1 ea 10 66 39 d1 74 07 f3 90 66
[ 56.283512] RIP [<
ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
[ 56.283512] RSP <
ffff88001fa99ab0>
[ 56.283512] CR2:
00000000000001c8
[ 56.283512] ---[ end trace
49714df27e1679ce ]---
Signed-off-by: Wolfgang Frisch <wfpub@roembden.net>
Cc: Johan Hovold <jhovold@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bjørn Mork [Tue, 15 Jan 2013 09:29:49 +0000 (10:29 +0100)]
USB: option: add TP-LINK HSUPA Modem MA180
The driver description files gives these names to the vendor specific
functions on this modem:
Diagnostics VID_2357&PID_0201&MI_00
NMEA VID_2357&PID_0201&MI_01
Modem VID_2357&PID_0201&MI_03
Networkcard VID_2357&PID_0201&MI_04
Reported-by: Thomas Schäfer <tschaefer@t-online.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bjørn Mork [Thu, 17 Jan 2013 14:14:22 +0000 (15:14 +0100)]
USB: option: blacklist network interface on ONDA MT8205 4G LTE
The driver description files gives these names to the vendor specific
functions on this modem:
Diag VID_19D2&PID_0265&MI_00
NMEA VID_19D2&PID_0265&MI_01
AT cmd VID_19D2&PID_0265&MI_02
Modem VID_19D2&PID_0265&MI_03
Net VID_19D2&PID_0265&MI_04
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tejun Heo [Fri, 18 Jan 2013 01:16:24 +0000 (17:16 -0800)]
workqueue: set PF_WQ_WORKER on rescuers
PF_WQ_WORKER is used to tell scheduler that the task is a workqueue
worker and needs wq_worker_sleeping/waking_up() invoked on it for
concurrency management. As rescuers never participate in concurrency
management, PF_WQ_WORKER wasn't set on them.
There's a need for an interface which can query whether %current is
executing a work item and if so which. Such interface requires a way
to identify all tasks which may execute work items and PF_WQ_WORKER
will be used for that. As all normal workers always have PF_WQ_WORKER
set, we only need to add it to rescuers.
As rescuers start with WORKER_PREP but never clear it, it's always
NOT_RUNNING and there's no need to worry about it interfering with
concurrency management even if PF_WQ_WORKER is set; however, unlike
normal workers, rescuers currently don't have its worker struct as
kthread_data(). It uses the associated workqueue_struct instead.
This is problematic as wq_worker_sleeping/waking_up() expect struct
worker at kthread_data().
This patch adds worker->rescue_wq and start rescuer kthreads with
worker struct as kthread_data and sets PF_WQ_WORKER on rescuers.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Steven Rostedt [Sat, 12 Jan 2013 01:17:01 +0000 (20:17 -0500)]
staging/sb105x: PARPORT config is not good enough must use PARPORT_PC
The sb105x driver calls parport_pc_probe_port() which isn't defined if
PARPORT_PC isn't enabled. Protecting it with CONFIG_PARPORT is not good
enough, must protect it with CONFIG_PARPORT_PC.
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tormod Volden [Wed, 9 Jan 2013 21:23:32 +0000 (22:23 +0100)]
staging: wlan-ng: Fix clamping of returned SSID length
Commit
2e254212 broke listing of available network names, since it
clamped the length of the returned SSID to WLAN_BSSID_LEN (6) instead of
WLAN_SSID_MAXLEN (32).
https://bugzilla.kernel.org/show_bug.cgi?id=52501
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
Cc: stable <stable@vger.kernel.org> # 3.4+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Fri, 18 Jan 2013 00:34:33 +0000 (16:34 -0800)]
Merge tag 'iio-fixes-for-3.8b' of git://git./linux/kernel/git/jic23/iio into staging-linus
Jonathan writes:
Second round of fixes for IIO post 3.8-rc1
Two tiny fixes
* A build warning fix due to signed / unsigned comparison
* Missing sign extension in adis16080
Kees Cook [Thu, 17 Jan 2013 02:53:48 +0000 (18:53 -0800)]
PCI: remove depends on CONFIG_EXPERIMENTAL
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Stephen Hurd [Thu, 17 Jan 2013 22:14:53 +0000 (14:14 -0800)]
8250/16?50: Add support for Broadcom TruManage redirected serial port
Add support for the UART device present in Broadcom TruManage capable
NetXtreme chips (ie: 5761m 5762, and 5725).
This implementation has a hidden transmit FIFO, so running in single-byte
interrupt mode results in too many interrupts. The UART_CAP_HFIFO
capability was added to track this. It continues to reload the THR as long
as the THRE and TSRE bits are set in the LSR up to a specified limit (1024
is used here).
Signed-off-by: Stephen Hurd <shurd@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jiri Slaby [Fri, 11 Jan 2013 11:06:27 +0000 (12:06 +0100)]
pty: return EINVAL for TIOCGPTN for BSD ptys
Commit
bbb63c514a3464342967237a51a21ea8f61ab951 (drivers:tty:fix up
ENOIOCTLCMD error handling) changed the default return value from tty
ioctl to be ENOTTY and not EINVAL. This is appropriate.
But in case of TIOCGPTN for the old BSD ptys glibc started failing
because it expects EINVAL to be returned. Only then it continues to
obtain the pts name the other way around.
So fix this case by explicit return of EINVAL in this case.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-by: Florian Westphal <fw@strlen.de>
Cc: Alan Cox <alan@linux.intel.com>
Cc: stable <stable@vger.kernel.org> # 3.7+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ben Hutchings [Mon, 14 Jan 2013 01:29:17 +0000 (01:29 +0000)]
staging: vt6656: Fix inconsistent structure packing
vt6656 has several headers that use the #pragma pack(1) directive to
enable structure packing, but never disable it. The layout of
structures defined in other headers can then depend on which order the
various headers are included in, breaking the One Definition Rule.
In practice this resulted in crashes on x86_64 until the order of header
inclusion was changed for some files in commit
11d404cb56ecd ('staging:
vt6656: fix headers and add cfg80211.'). But we need a proper fix that
won't be affected by future changes to the order of inclusion.
This removes the #pragma pack(1) directives and adds __packed to the
structure definitions for which packing appears to have been intended.
Reported-and-tested-by: Malcolm Priestley <tvboxspy@gmail.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
K. Y. Srinivasan [Tue, 11 Dec 2012 19:07:17 +0000 (11:07 -0800)]
Drivers: hv: balloon: Fix a memory leak
The send buffer was being leaked; fix it.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reported-by: Jason Wang <jasowang@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
K. Y. Srinivasan [Thu, 6 Dec 2012 19:06:54 +0000 (11:06 -0800)]
Drivers: hv: balloon: Fix a bug in the definition of struct dm_info_msg
There is bug in the definition of struct dm_info_msg. This patch fixes
the definition of this structure and makes the corresponding adjustments.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alex Deucher [Thu, 17 Jan 2013 18:10:50 +0000 (13:10 -0500)]
Revert "drm/radeon: do not move bo to different placement at each cs"
This reverts commit
d025e9e2b890db679f1246037bf65bd4be512627.
This causes corruption for a number of users and needs further
investigation in the next cycle.
https://bugzilla.kernel.org/show_bug.cgi?id=52491
https://bugs.freedesktop.org/show_bug.cgi?id=58659
http://lists.freedesktop.org/archives/dri-devel/2013-January/032961.html
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Linus Torvalds [Thu, 17 Jan 2013 16:56:30 +0000 (08:56 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull more s390 patches from Martin Schwidefsky:
"A couple of bug fixes: one of the transparent huge page primitives is
broken, the sched_clock function overflows after 417 days, the XFS
module has grown too large for -fpic and the new pci code has broken
normal channel subsystem notifications."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/chsc: fix SEI usage
s390/time: fix sched_clock() overflow
s390: use -fPIC for module compile
s390/mm: fix pmd_pfn() for thp
Wei Yongjun [Thu, 18 Oct 2012 14:51:25 +0000 (22:51 +0800)]
fuse: remove unused variable in fuse_try_move_page()
The variables mapping,index are initialized but never used
otherwise, so remove the unused variables.
dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Miklos Szeredi [Sat, 10 Nov 2012 15:55:56 +0000 (16:55 +0100)]
fuse: make fuse_file_fallocate() static
Fix the following sparse warning:
fs/fuse/file.c:2249:6: warning: symbol 'fuse_file_fallocate' was not declared. Should it be static?
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Robert P. J. Day [Wed, 29 Aug 2012 21:51:51 +0000 (17:51 -0400)]
fuse: Move CUSE Kconfig entry from fs/Kconfig into fs/fuse/Kconfig
Given that CUSE depends on FUSE, it only makes sense to move its
Kconfig entry into the FUSE Kconfig file. Also, add a few grammatical
and semantic touchups.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Miklos Szeredi [Tue, 15 Jan 2013 11:24:46 +0000 (12:24 +0100)]
cuse: fix uninitialized variable warnings
Fix the following compiler warnings:
fs/fuse/cuse.c: In function 'cuse_process_init_reply':
fs/fuse/cuse.c:288:24: warning: 'val' may be used uninitialized in this function [-Wmaybe-uninitialized]
fs/fuse/cuse.c:272:14: note: 'val' was declared here
fs/fuse/cuse.c:284:10: warning: 'key' may be used uninitialized in this function [-Wmaybe-uninitialized]
fs/fuse/cuse.c:272:8: note: 'key' was declared here
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
David Herrmann [Sat, 17 Nov 2012 11:45:48 +0000 (12:45 +0100)]
cuse: do not register multiple devices with identical names
Sysfs doesn't allow two devices with the same name, but we register a
sysfs entry for each cuse device without checking for name collisions.
This extends the registration to first check whether the name was already
registered.
To avoid race-conditions between the name-check and linking the device, we
need to protect the whole registration with a mutex.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
David Herrmann [Sat, 17 Nov 2012 11:45:47 +0000 (12:45 +0100)]
cuse: use mutex as registration lock instead of spinlocks
We need to check for name-collisions during cuse-device registration. To
avoid race-conditions, this needs to be protected during the whole device
registration. Therefore, replace the spinlocks by mutexes first so we can
safely extend the locked regions to include more expensive or sleeping
code paths.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Thierry Reding [Mon, 14 Jan 2013 10:53:20 +0000 (11:53 +0100)]
gpio: mvebu: Don't free chip label memory
The gpio_chip.label field is a const char * and assigned the value of a
call to dev_name(). Memory obtained from dev_name() should not be freed
by drivers.
Acked-by: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: Thierry Reding <thierry.reding@avionic-design.de>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Kukjin Kim [Thu, 20 Dec 2012 19:08:57 +0000 (11:08 -0800)]
gpio: samsung: skip gpio lib registration for EXYNOS5440
Since exynos5440 can support pinctrl so skip the legacy
gpiolib registration. If not, happens following.
WARNING: at drivers/gpio/gpio-samsung.c:3102 samsung_gpiolib_init+0x68/0x8c()
Unknown SoC in gpio-samsung, no GPIOs added
Acked-by: Thomas Abraham <thomas.ab@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Jani Nikula [Thu, 17 Jan 2013 08:24:09 +0000 (10:24 +0200)]
drm/i915: fix FORCEWAKE posting reads
We stopped reading FORCEWAKE for posting reads in
commit
8dee3eea3ccd3b6c00a8d3a08dd715d6adf737dd
Author: Ben Widawsky <ben@bwidawsk.net>
Date: Sat Sep 1 22:59:50 2012 -0700
drm/i915: Never read FORCEWAKE
and started using something from the same cacheline instead. On the
bug reporter's machine this broke entering rc6 states after a
suspend/resume cycle. It turns out reading ECOBUS as posting read
worked fine, while GTFIFODBG did not, preventing RC6 states after
suspend/resume per the bug report referenced below. It's not entirely
clear why, but clearly GTFIFODBG was nowhere near the same cacheline
or address range as FORCEWAKE.
Trying out various registers for posting reads showed that all tested
registers for which NEEDS_FORCE_WAKE() (in i915_drv.c) returns true
work. Conversely, most (but not quite all) registers for which
NEEDS_FORCE_WAKE() returns false do not work. Details in the referenced
bug.
Based on the above, add posting reads on ECOBUS where GTFIFODBG was
previously relied on.
In true cargo cult spirit, add posting reads for FORCEWAKE_VLV writes as
well, but instead of ECOBUS, use FORCEWAKE_ACK_VLV which is in the same
address range as FORCEWAKE_VLV.
v2: Add more details to the commit message. No functional changes.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=52411
Reported-and-tested-by: Alexander Bersenev <bay@hackerdom.ru>
CC: Ben Widawsky <ben@bwidawsk.net>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: stable@vger.kernel.org
[danvet: add cc: stable and make the commit message a bit clearer that
this is a regression fix and what exactly broke.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Kukjin Kim [Thu, 27 Dec 2012 18:12:30 +0000 (10:12 -0800)]
gpio: samsung: silent build warning for EXYNOS5 SoCs
This patch fixes following warning:
drivers/gpio/gpio-samsung.c:450:32: warning: 'exynos_gpio_cfg' defined but not used [-Wunused-variable]
drivers/gpio/gpio-samsung.c:2450:33: warning: 'exynos5_gpios_1' defined but not used [-Wunused-variable]
drivers/gpio/gpio-samsung.c:2618:33: warning: 'exynos5_gpios_2' defined but not used [-Wunused-variable]
drivers/gpio/gpio-samsung.c:2679:33: warning: 'exynos5_gpios_3' defined but not used [-Wunused-variable]
drivers/gpio/gpio-samsung.c:2715:33: warning: 'exynos5_gpios_4' defined but not used [-Wunused-variable]
Because current gpio-samsung is valid only on EXYNOS5250.
Cc: Thomas Abraham <thomas.ab@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Kukjin Kim [Thu, 27 Dec 2012 18:11:10 +0000 (10:11 -0800)]
gpio: samsung: fix pinctrl condition for exynos and exynos5440
Since EXYNOS5440 can select PINCTRL_EXYNOS5440 without PINCTRL_SAMSUNG,
it should be fixed. In detail, PINCTRL_SAMSUNG is a kind of frame work
for supporting pinctrl on most Samsung SoCs including S3C, S5P as well
except EXYNOS5440 so PINCTRL_EXYNOS5440 has been implemented separated.
Cc: Thomas Abraham <thomas.ab@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Linus Torvalds [Thu, 17 Jan 2013 00:19:54 +0000 (16:19 -0800)]
Merge tag 'for-linus-v3.8-rc4' of git://oss.sgi.com/xfs/xfs
Pull xfs bugfixes from Ben Myers:
- fix(es) for compound buffers
- fix for dquot soft timer asserts due to overflow of d_blk_softlimit
- fix for regression in dir v2 code introduced in commit
20f7e9f3726a
("xfs: factor dir2 block read operations")
* tag 'for-linus-v3.8-rc4' of git://oss.sgi.com/xfs/xfs:
xfs: recalculate leaf entry pointer after compacting a dir2 block
xfs: remove int casts from debug dquot soft limit timer asserts
xfs: fix the multi-segment log buffer format
xfs: fix segment in xfs_buf_item_format_segment
xfs: rename bli_format to avoid confusion with bli_formats
xfs: use b_maps[] for discontiguous buffers
Linus Torvalds [Wed, 16 Jan 2013 22:34:52 +0000 (14:34 -0800)]
Merge tag 'pm+acpi-for-3.8-rc4' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
- cpuidle regression fix related to the initialization of state
kobjects from Krzysztof Mazur.
- cpuidle fix removing some not very useful code and making some
user-visible problems go away at the same time. From Daniel Lezcano.
- ACPI build fix from Yinghai Lu.
* tag 'pm+acpi-for-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpuidle: remove the power_specified field in the driver
ACPI / glue: Fix build with ACPI_GLUE_DEBUG set
cpuidle: fix number of initialized/destroyed states
Eric Sandeen [Thu, 10 Jan 2013 16:41:48 +0000 (10:41 -0600)]
xfs: recalculate leaf entry pointer after compacting a dir2 block
Dave Jones hit this assert when doing a compile on recent git, with
CONFIG_XFS_DEBUG enabled:
XFS: Assertion failed: (char *)dup - (char *)hdr == be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)), file: fs/xfs/xfs_dir2_data.c, line: 828
Upon further digging, the tag found by xfs_dir2_data_unused_tag_p(dup)
contained "2" and not the proper offset, and I found that this value was
changed after the memmoves under "Use a stale leaf for our new entry."
in xfs_dir2_block_addname(), i.e.
memmove(&blp[mid + 1], &blp[mid],
(highstale - mid) * sizeof(*blp));
overwrote it.
What has happened is that the previous call to xfs_dir2_block_compact()
has rearranged things; it changes btp->count as well as the
blp array. So after we make that call, we must recalculate the
proper pointer to the leaf entries by making another call to
xfs_dir2_block_leaf_p().
Dave provided a metadump image which led to a simple reproducer
(create a particular filename in the affected directory) and this
resolves the testcase as well as the bug on his live system.
Thanks also to dchinner for looking at this one with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Tested-by: Dave Jones <davej@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Brian Foster [Fri, 21 Dec 2012 15:45:17 +0000 (10:45 -0500)]
xfs: remove int casts from debug dquot soft limit timer asserts
The int casts here make it easy to trigger an assert with a large
soft limit. For example, set a >4TB soft limit on an empty volume
to reproduce a (0 > -x) comparison due to an overflow of
d_blk_softlimit.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:05 +0000 (17:18 -0600)]
xfs: fix the multi-segment log buffer format
Per Dave Chinner suggestion, this patch:
1) Corrects the detection of whether a multi-segment buffer is
still tracking data.
2) Clears all the buffer log formats for a multi-segment buffer.
Signed-off-by: Mark Tinguely <tinguely@sgi.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:04 +0000 (17:18 -0600)]
xfs: fix segment in xfs_buf_item_format_segment
Not every segment in a multi-segment buffer is dirty in a
transaction and they will not be outputted. The assert in
xfs_buf_item_format_segment() that checks for the at least
one chunk of data in the segment to be used is not necessary
true for multi-segmented buffers.
Signed-off-by: Mark Tinguely <tinguely@sgi.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:03 +0000 (17:18 -0600)]
xfs: rename bli_format to avoid confusion with bli_formats
Rename the bli_format structure to __bli_format to avoid
accidently confusing them with the bli_formats pointer.
Signed-off-by: Mark Tinguely <tinguely@sgi.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:02 +0000 (17:18 -0600)]
xfs: use b_maps[] for discontiguous buffers
Commits starting at 77c1a08 introduced a multiple segment support
to xfs_buf. xfs_trans_buf_item_match() could not find a multi-segment
buffer in the transaction because it was looking at the single segment
block number rather than the multi-segment b_maps[0].bm.bn. This
results on a recursive buffer lock that can never be satisfied.
This patch:
1) Changed the remaining b_map accesses to be b_maps[0] accesses.
2) Renames the single segment b_map structure to __b_map to avoid
future confusion.
Signed-off-by: Mark Tinguely <tinguely@sgi.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ben Myers <bpm@sgi.com>
Andrew Cooper [Wed, 16 Jan 2013 12:00:55 +0000 (12:00 +0000)]
xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
This fixes CVE-2013-0190 / XSA-40
There has been an error on the xen_failsafe_callback path for failed
iret, which causes the stack pointer to be wrong when entering the
iret_exc error path. This can result in the kernel crashing.
In the classic kernel case, the relevant code looked a little like:
popl %eax # Error code from hypervisor
jz 5f
addl $16,%esp
jmp iret_exc # Hypervisor said iret fault
5: addl $16,%esp
# Hypervisor said segment selector fault
Here, there are two identical addls on either option of a branch which
appears to have been optimised by hoisting it above the jz, and
converting it to an lea, which leaves the flags register unaffected.
In the PVOPS case, the code looks like:
popl_cfi %eax # Error from the hypervisor
lea 16(%esp),%esp # Add $16 before choosing fault path
CFI_ADJUST_CFA_OFFSET -16
jz 5f
addl $16,%esp # Incorrectly adjust %esp again
jmp iret_exc
It is possible unprivileged userspace applications to cause this
behaviour, for example by loading an LDT code selector, then changing
the code selector to be not-present. At this point, there is a race
condition where it is possible for the hypervisor to return back to
userspace from an interrupt, fault on its own iret, and inject a
failsafe_callback into the kernel.
This bug has been present since the introduction of Xen PVOPS support
in commit
5ead97c84 (xen: Core Xen implementation), in 2.6.23.
Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: stable@vger.kernel.org
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Kirill Smelkov [Fri, 2 Nov 2012 11:41:01 +0000 (15:41 +0400)]
Tell the world we gave up on pushing CC_OPTIMIZE_FOR_SIZE
In commit
281dc5c5ec0f ("Give up on pushing CC_OPTIMIZE_FOR_SIZE") we
already changed the actual default value, but the help-text still
suggested 'y'. Fix the help text too, for all the same reasons.
Sadly, -Os keeps on generating some very suboptimal code for certain
cases, to the point where any I$ miss upside is swamped by the downside.
The main ones are:
- using "rep movsb" for memcpy, even on CPU's where that is
horrendously bad for performance.
- not honoring branch prediction information, so any I$ footprint you
win from smaller code, you lose from less code density in the I$.
- using divide instructions when that is very expensive.
Signed-off-by: Kirill Smelkov <kirr@mns.spb.ru>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chuansheng Liu [Mon, 24 Dec 2012 14:19:56 +0000 (22:19 +0800)]
mfd, TWL4030: TWL4030 need select REGMAP_I2C
Fix the build error:
drivers/built-in.o: In function `twl_probe':
drivers/mfd/twl-core.c:1256: undefined reference to `devm_regmap_init_i2c'
make: *** [vmlinux] Error 1
Signed-off-by: liu chuansheng <chuansheng.liu@intel.com>
Acked-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
[ Samuel is busy, taking it directly - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ralf Baechle [Tue, 15 Jan 2013 14:27:46 +0000 (15:27 +0100)]
drivers/base/cpu.c: Fix typo in comment
[ We should make fun of people who can't speel too, but then we'd have
no time for any real work at all - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiri Kosina [Tue, 15 Jan 2013 19:12:37 +0000 (20:12 +0100)]
lockdep, rwsem: fix down_write_nest_lock() if !CONFIG_DEBUG_LOCK_ALLOC
Commit
1b963c81b145 ("lockdep, rwsem: provide down_write_nest_lock()")
contains a bug in a codepath when CONFIG_DEBUG_LOCK_ALLOC is disabled,
which causes down_read() to be called instead of down_write() by mistake
on such configurations. Fix that.
Reported-and-tested-by: Andrew Clayton <andrew@digital-domain.net>
Reported-and-tested-by: Zlatko Calusic <zlatko.calusic@iskon.hr>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 16 Jan 2013 19:33:52 +0000 (11:33 -0800)]
Merge tag 'sound-3.8' of git://git./linux/kernel/git/tiwai/sound
Pull second round of sound fixes from Takashi Iwai:
"Yet a few more fixes popped up in this week.
The biggest change here is the addition of pinctrl support for Atmel,
which turned out to be almost mandatory to make things working.
The rest are a few fixes for M-Audio usb-audio device and a fix for
regression of HD-audio HDMI codecs with alsactl in the recent kernel."
* tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/hdmi - Work around "alsactl restore" errors
ALSA: usb-audio: selector map for M-Audio FT C400
ALSA: usb-audio: M-Audio FT C400 skip packet quirk
ALSA: usb-audio: correct M-Audio C400 clock source quirk
ALSA: usb - fix race in creation of M-Audio Fast track pro driver
ASoC: atmel-ssc: add pinctrl selection to driver
ARM: at91/dts: add pinctrl support for SSC peripheral
Linus Torvalds [Wed, 16 Jan 2013 19:13:39 +0000 (11:13 -0800)]
Merge git://git./linux/kernel/git/nab/target-pending
Pull scsi target fixes from Nicholas Bellinger:
"This includes an important >= v3.6 regression bugfix for active I/O
shutdown (Roland), some TMR related failure / corner cases fixes for
long outstanding I/O (Roland), two FCoE target mode fabric fabric role
fixes (MDR), a fix for an incorrect sense code during LUN
communication failure (Dr. Hannes), plus a handful of other minor
fixes.
There are still some outstanding zero-length control CDB regression
fixes that need to be addressed for v3.8, that will be coming in a
follow-up PULL request."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
iscsi-target: Fix CmdSN comparison (use cmd->cmd_sn instead of cmd->stat_sn)
target: Release se_cmd when LUN lookup fails for TMR
target: Fix use-after-free in LUN RESET handling
target: Fix missing CMD_T_ACTIVE bit regression for pending WRITEs
tcm_fc: Do not report target role when target is not defined
tcm_fc: Do not indicate retry capability to initiators
target: Use TCM_NO_SENSE for initialisation
target: Introduce TCM_NO_SENSE
target: use correct sense code for LUN communication failure
Linus Torvalds [Wed, 16 Jan 2013 18:55:10 +0000 (10:55 -0800)]
Merge branch 'for_linus' of git://git./linux/kernel/git/jack/linux-fs
Pull ext3 and udf fixes from Jan Kara:
"One ext3 performance regression fix and one udf regression fix (oops
on interrupted mount)."
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
UDF: Fix a null pointer dereference in udf_sb_free_partitions
jbd: don't wake kjournald unnecessarily
Linus Torvalds [Wed, 16 Jan 2013 18:17:09 +0000 (10:17 -0800)]
Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull s390 KVM fix from Gleb Natapov.
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
s390/kvm: Fix BUG in include/linux/kvm_host.h:745
Linus Torvalds [Wed, 16 Jan 2013 18:13:04 +0000 (10:13 -0800)]
Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh
Pull SuperH fixes from Paul Mundt.
* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
sh: ecovec: add sample amixer settings
sh: Fix up stack debugging build.
sh: wire up finit_module syscall.
sh: Fix FDPIC binary loader
sh: clkfwk: bugfix: sh_clk_div_enable() care sh_clk_div_set_rate() if div6
sh: define TASK_UNMAPPED_BASE as a page aligned constant
Linus Torvalds [Wed, 16 Jan 2013 17:44:40 +0000 (09:44 -0800)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/cmarinas/linux-aarch64
Pull arm64 fixes from Catalin Marinas:
- Page protection fixes, including proper PAGE_NONE handling
- Timezone vdso sequence counting fix
- Additional compat syscall wiring
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
arm64: compat: add syscall table entries for new syscalls
arm64: mm: introduce present, faulting entries for PAGE_NONE
arm64: mm: only wrprotect clean ptes if they are present
arm64: vdso: remove broken, redundant sequence counting for timezones
Linus Torvalds [Wed, 16 Jan 2013 17:11:50 +0000 (09:11 -0800)]
Merge branch 'x86/urgent' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Peter Anvin:
"This is mainly a workaround for a bug in Sandy Bridge graphics which
causes corruption of certain memory pages."
* 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
x86/Sandy Bridge: mark arrays in __init functions as __initconst
x86/Sandy Bridge: reserve pages when integrated graphics is present
x86, efi: correct precedence of operators in setup_efi_pci
Timur Tabi [Tue, 15 Jan 2013 20:19:45 +0000 (14:19 -0600)]
MAINTAINERS: update email address for Timur Tabi
Timur Tabi no longer works for Freescale, so update the email address
and status for all of his maintained projects.
Also mark the QE library as orphaned, for lack of interest in
maintaining it.
The CS4270 driver is marked as "Odd Fixes" because appropriate hardware
is no longer available.
Signed-off-by: Timur Tabi <timur@freescale.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Luciano Coelho [Tue, 15 Jan 2013 08:43:43 +0000 (10:43 +0200)]
firmware: make sure the fw file size is not 0
If the requested firmware file size is 0 bytes in the filesytem, we
will try to vmalloc(0), which causes a warning:
vmalloc: allocation failure: 0 bytes
kworker/1:1: page allocation failure: order:0, mode:0xd2
__vmalloc_node_range+0x164/0x208
__vmalloc_node+0x4c/0x58
vmalloc+0x38/0x44
_request_firmware_load+0x220/0x6b0
request_firmware+0x64/0xc8
wl18xx_setup+0xb4/0x570 [wl18xx]
wlcore_nvs_cb+0x64/0x9f8 [wlcore]
request_firmware_work_func+0x94/0x100
process_one_work+0x1d0/0x750
worker_thread+0x184/0x4ac
kthread+0xb4/0xc0
To fix this, check whether the file size is less than or equal to zero
in fw_read_file_contents().
Cc: stable <stable@vger.kernel.org> [3.7]
Signed-off-by: Luciano Coelho <coelho@ti.com>
Acked-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tejun Heo [Wed, 16 Jan 2013 02:52:51 +0000 (18:52 -0800)]
module, async: async_synchronize_full() on module init iff async is used
If the default iosched is built as module, the kernel may deadlock
while trying to load the iosched module on device probe if the probing
was running off async. This is because async_synchronize_full() at
the end of module init ends up waiting for the async job which
initiated the module loading.
async A modprobe
1. finds a device
2. registers the block device
3. request_module(default iosched)
4. modprobe in userland
5. load and init module
6. async_synchronize_full()
Async A waits for modprobe to finish in request_module() and modprobe
waits for async A to finish in async_synchronize_full().
Because there's no easy to track dependency once control goes out to
userland, implementing properly nested flushing is difficult. For
now, make module init perform async_synchronize_full() iff module init
has queued async jobs as suggested by Linus.
This avoids the described deadlock because iosched module doesn't use
async and thus wouldn't invoke async_synchronize_full(). This is
hacky and incomplete. It will deadlock if async module loading nests;
however, this works around the known problem case and seems to be the
best of bad options.
For more details, please refer to the following thread.
http://thread.gmane.org/gmane.linux.kernel/1420814
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Alex Riesen <raa.lkml@gmail.com>
Tested-by: Ming Lei <ming.lei@canonical.com>
Tested-by: Alex Riesen <raa.lkml@gmail.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>