Mel Gorman [Thu, 2 Oct 2014 18:47:41 +0000 (19:47 +0100)]
mm: migrate: Close race between migration completion and mprotect
A migration entry is marked as write if pte_write was true at the time the
entry was created. The VMA protections are not double checked when migration
entries are being removed as mprotect marks write-migration-entries as
read. It means that potentially we take a spurious fault to mark PTEs write
again but it's straight-forward. However, there is a race between write
migrations being marked read and migrations finishing. This potentially
allows a PTE to be write that should have been read. Close this race by
double checking the VMA permissions using maybe_mkwrite when migration
completes.
[torvalds@linux-foundation.org: use maybe_mkwrite]
Cc: stable@vger.kernel.org
Signed-off-by: Mel Gorman <mgorman@suse.de>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 2 Oct 2014 04:29:06 +0000 (21:29 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Don't halt the firmware in r8152 driver, from Hayes Wang.
2) Handle full sized 802.1ad frames in bnx2 and tg3 drivers properly,
from Vlad Yasevich.
3) Don't sleep while holding tx_clean_lock in netxen driver, fix from
Manish Chopra.
4) Certain kinds of ipv6 routes can end up endlessly failing the route
validation test, causing it to be re-looked up over and over again.
This particularly kills input route caching in TCP sockets. Fix
from Hannes Frederic Sowa.
5) netvsc_start_xmit() has a use-after-free access to skb->len, fix
from K Y Srinivasan.
6) Fix matching of inverted containers in ematch module, from Ignacy
Gawędzki.
7) Aggregation of GRO frames via SKB ->frag_list for linear skbs isn't
handled properly, regression fix from Eric Dumazet.
8) Don't test return value of ipv4_neigh_lookup(), which returns an
error pointer, against NULL. From WANG Cong.
9) Fix an old regression where we mistakenly allow a double add of the
same tunnel. Fixes from Steffen Klassert.
10) macvtap device delete and open can run in parallel and corrupt lists
etc., fix from Vlad Yasevich.
11) Fix build error with IPV6=m NETFILTER_XT_TARGET_TPROXY=y, from Pablo
Neira Ayuso.
12) rhashtable_destroy() triggers lockdep splats, fix also from Pablo.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (32 commits)
bna: Update Maintainer Email
r8152: disable power cut for RTL8153
r8152: remove clearing bp
bnx2: Correctly receive full sized 802.1ad fragmes
tg3: Allow for recieve of full-size 8021AD frames
r8152: fix setting RTL8152_UNPLUG
netxen: Fix bug in Tx completion path.
netxen: Fix BUG "sleeping function called from invalid context"
ipv6: remove rt6i_genid
hyperv: Fix a bug in netvsc_start_xmit()
net: stmmac: fix stmmac_pci_probe failed when CONFIG_HAVE_CLK is selected
ematch: Fix matching of inverted containers.
gro: fix aggregation for skb using frag_list
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
ip6_gre: Return an error when adding an existing tunnel.
ip6_vti: Return an error when adding an existing tunnel.
ip6_tunnel: Return an error when adding an existing tunnel.
ip6gre: add a rtnl link alias for ip6gretap
net/mlx4_core: Allow not to specify probe_vf in SRIOV IB mode
r8152: fix the carrier off when autoresuming
...
Rasesh Mody [Wed, 1 Oct 2014 21:20:41 +0000 (17:20 -0400)]
bna: Update Maintainer Email
Update the maintainer email for BNA driver.
Signed-off-by: Rasesh Mody <rasesh.mody@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 1 Oct 2014 20:46:41 +0000 (16:46 -0400)]
Merge branch 'r8152'
Hayes Wang says:
====================
r8152: patches about firmware
The patches fix the issues when the firmware exists.
For the multiple OS, the firmware may be loaded by the
driver of the other OS. And the Linux driver has influences
on it.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 1 Oct 2014 05:25:11 +0000 (13:25 +0800)]
r8152: disable power cut for RTL8153
The firmware would be clear when the power cut is enabled for
RTL8153.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 1 Oct 2014 05:25:10 +0000 (13:25 +0800)]
r8152: remove clearing bp
The xxx_clear_bp() is used to halt the firmware. It only necessary
for updating the new firmware. Besides, depend on the version of
the current firmware, it may have problem to halt the firmware
directly. Finally, halt the firmware would let the firmware code
useless, and the bugs which are fixed by the firmware would occur.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 30 Sep 2014 23:39:37 +0000 (19:39 -0400)]
bnx2: Correctly receive full sized 802.1ad fragmes
This driver, similar to tg3, has a check that will
cause full sized 802.1ad frames to be dropped. The
frame will be larger then the standard mtu due to the
presense of vlan header that has not been stripped.
The driver should not drop this frame and should process
it just like it does for 802.1q.
CC: Sony Chacko <sony.chacko@qlogic.com>
CC: Dept-HSGLinuxNICDev@qlogic.com
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 30 Sep 2014 23:39:36 +0000 (19:39 -0400)]
tg3: Allow for recieve of full-size 8021AD frames
When receiving a vlan-tagged frame that still contains
a vlan header, the length of the packet will be greater
then MTU+ETH_HLEN since it will account of the extra
vlan header. TG3 checks this for the case for 802.1Q,
but not for 802.1ad. As a result, full sized 802.1ad
frames get dropped by the card.
Add a check for 802.1ad protocol when receving full
sized frames.
Suggested-by: Prashant Sreedharan <prashant@broadcom.com>
CC: Prashant Sreedharan <prashant@broadcom.com>
CC: Michael Chan <mchan@broadcom.com>
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 1 Oct 2014 20:22:00 +0000 (13:22 -0700)]
Merge branch 'for-3.17' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfix from Bruce Fields:
"This fixes a data corruption bug introduced by the v3.16 xdr encoding
rewrite. I haven't managed to reproduce it myself yet, but it's
apparently not hard to hit given the right workload"
* 'for-3.17' of git://linux-nfs.org/~bfields/linux:
nfsd4: fix corruption of NFSv4 read data
Linus Torvalds [Wed, 1 Oct 2014 02:52:08 +0000 (19:52 -0700)]
Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
"Some further ARM fixes:
- another build fix for the kprobes test code
- a fix for no kuser helpers for the set_tls code, which oopsed on
noMMU hardware
- a fix for alignment handler with neon opcodes being misinterpreted
- turning off the hardware access support, which is not implemented
- a build fix for the v7 coherency exiting code, which can be built
in non-v7 environments (but still only executed on v7 CPUs)"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: 8179/1: kprobes-test: Fix compile error "bad immediate value for offset"
ARM: 8178/1: fix set_tls for !CONFIG_KUSER_HELPERS
ARM: 8177/1: cacheflush: Fix v7_exit_coherency_flush exynos build breakage on ARMv6
ARM: 8165/1: alignment: don't break misaligned NEON load/store
ARM: 8164/1: mm: clear SCTLR.HA instead of setting it for LPAE
hayeswang [Tue, 30 Sep 2014 08:48:01 +0000 (16:48 +0800)]
r8152: fix setting RTL8152_UNPLUG
The flag of RTL8152_UNPLUG should only be set when the device is
unplugged, not each time the rtl8152_disconnect() is called.
Otherwise, the device wouldn't be stopped normally.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 30 Sep 2014 20:22:51 +0000 (16:22 -0400)]
Merge branch 'netxen'
Manish Chopra says:
====================
netxen: Bug fixes.
This series fixes some TX specific issues.
* Move spin_lock(tx_clean_lock) in down path to fix
atomic sleep bug (Reported by Mike Galbraith).
* Fix hang in interface down while running traffic.
Please consider applying this to 'net'.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Tue, 30 Sep 2014 07:56:36 +0000 (03:56 -0400)]
netxen: Fix bug in Tx completion path.
o Driver is not updating sw_consumer while processing Tx completion
when interface is going down. Due to this interface down path gets
stuck forever waiting for NAPI to complete.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Tue, 30 Sep 2014 07:56:35 +0000 (03:56 -0400)]
netxen: Fix BUG "sleeping function called from invalid context"
o __netxen_nic_down() function might sleep while holding spinlock_t(tx_clean_lock).
Acquire this lock for only releasing TX buffers instead of taking it
for whole down path.
Reported-by: Mike Galbraith <umgwanakikbuti@gmail.com>
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
J. Bruce Fields [Wed, 24 Sep 2014 20:32:34 +0000 (16:32 -0400)]
nfsd4: fix corruption of NFSv4 read data
The calculation of page_ptr here is wrong in the case the read doesn't
start at an offset that is a multiple of a page.
The result is that nfs4svc_encode_compoundres sets rq_next_page to a
value one too small, and then the loop in svc_free_res_pages may
incorrectly fail to clear a page pointer in rq_respages[].
Pages left in rq_respages[] are available for the next rpc request to
use, so xdr data may be written to that page, which may hold data still
waiting to be transmitted to the client or data in the page cache.
The observed result was silent data corruption seen on an NFSv4 client.
We tag this as "fixing"
05638dc73af2 because that commit exposed this
bug, though the incorrect calculation predates it.
Particular thanks to Andrea Arcangeli and David Gilbert for analysis and
testing.
Fixes:
05638dc73af2 "nfsd4: simplify server xdr->next_page use"
Cc: stable@vger.kernel.org
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Tested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Hannes Frederic Sowa [Sat, 27 Sep 2014 22:46:06 +0000 (00:46 +0200)]
ipv6: remove rt6i_genid
Eric Dumazet noticed that all no-nonexthop or no-gateway routes which
are already marked DST_HOST (e.g. input routes routes) will always be
invalidated during sk_dst_check. Thus per-socket dst caching absolutely
had no effect and early demuxing had no effect.
Thus this patch removes rt6i_genid: fn_sernum already gets modified during
add operations, so we only must ensure we mutate fn_sernum during ipv6
address remove operations. This is a fairly cost extensive operations,
but address removal should not happen that often. Also our mtu update
functions do the same and we heard no complains so far. xfrm policy
changes also cause a call into fib6_flush_trees. Also plug a hole in
rt6_info (no cacheline changes).
I verified via tracing that this change has effect.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: YOSHIFUJI Hideaki <hideaki@yoshifuji.org>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Martin Lau <kafai@fb.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jon Medhurst [Tue, 30 Sep 2014 09:25:10 +0000 (10:25 +0100)]
ARM: 8179/1: kprobes-test: Fix compile error "bad immediate value for offset"
When compiling kprobes-test-arm.c the following error has been observed
/tmp/ccoT403o.s:21439: Error: bad immediate value for offset (4168)
This is caused by the compiler spilling it's literal pool too far away
from the site which is trying to reference it with a PC relative load.
This arises because the compiler is underestimating the size of the
inline assembler code present, which apparently it approximates as 4
bytes per line or instruction.
We fix this problem by moving the operations which generate more than
4 bytes out of the text section. Specifically, moving the .ascii
directives to the .rodata section.
Signed-off-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Nathan Lynch [Mon, 29 Sep 2014 18:11:36 +0000 (19:11 +0100)]
ARM: 8178/1: fix set_tls for !CONFIG_KUSER_HELPERS
Joachim Eastwood reports that commit
fbfb872f5f41 "ARM: 8148/1: flush
TLS and thumbee register state during exec" causes a boot-time crash
on a Cortex-M4 nommu system:
Freeing unused kernel memory: 68K (
281e5000 -
281f6000)
Unhandled exception: IPSR =
00000005 LR =
fffffff1
CPU: 0 PID: 1 Comm: swapper Not tainted 3.17.0-rc6-00313-gd2205fa30aa7 #191
task:
29834000 ti:
29832000 task.ti:
29832000
PC is at flush_thread+0x2e/0x40
LR is at flush_thread+0x21/0x40
pc : [<
2800954a>] lr : [<
2800953d>] psr:
4100000b
sp :
29833d60 ip :
00000000 fp :
00000001
r10:
00003cf8 r9 :
29b1f000 r8 :
00000000
r7 :
29b0bc00 r6 :
29834000 r5 :
29832000 r4 :
29832000
r3 :
ffff0ff0 r2 :
29832000 r1 :
00000000 r0 :
282121f0
xPSR:
4100000b
CPU: 0 PID: 1 Comm: swapper Not tainted 3.17.0-rc6-00313-gd2205fa30aa7 #191
[<
2800afa5>] (unwind_backtrace) from [<
2800a327>] (show_stack+0xb/0xc)
[<
2800a327>] (show_stack) from [<
2800a963>] (__invalid_entry+0x4b/0x4c)
The problem is that set_tls is attempting to clear the TLS location in
the kernel-user helper page, which isn't set up on V7M.
Fix this by guarding the write to the kuser helper page with
a CONFIG_KUSER_HELPERS ifdef.
Fixes:
fbfb872f5f41 ARM: 8148/1: flush TLS and thumbee register state during exec
Reported-by: Joachim Eastwood <manabian@gmail.com>
Tested-by: Joachim Eastwood <manabian@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Krzysztof Kozlowski [Sun, 28 Sep 2014 04:36:46 +0000 (05:36 +0100)]
ARM: 8177/1: cacheflush: Fix v7_exit_coherency_flush exynos build breakage on ARMv6
This fixes build breakage of platsmp.c if ARMv6 was chosen for compile
time options (e.g. by building allmodconfig):
$ make allmodconfig
$ make
CC arch/arm/mach-exynos/platsmp.o
/tmp/ccdQM0Eg.s: Assembler messages:
/tmp/ccdQM0Eg.s:432: Error: selected processor does not support ARM mode `isb '
/tmp/ccdQM0Eg.s:437: Error: selected processor does not support ARM mode `isb '
/tmp/ccdQM0Eg.s:438: Error: selected processor does not support ARM mode `dsb '
make[1]: *** [arch/arm/mach-exynos/platsmp.o] Error 1
The error was introduced in commit "ARM: EXYNOS: Move code from
hotplug.c to platsmp.c". Previously code using
v7_exit_coherency_flush() macro was built with '-march=armv7-a' flag but
this flag dissapeared during the movement.
Fix this by annotating the v7_exit_coherency_flush() asm code with
armv7-a architecture.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reported-by: Mark Brown <broonie@kernel.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
KY Srinivasan [Mon, 29 Sep 2014 05:16:43 +0000 (22:16 -0700)]
hyperv: Fix a bug in netvsc_start_xmit()
After the packet is successfully sent, we should not touch the skb
as it may have been freed. This patch is based on the work done by
Long Li <longli@microsoft.com>.
In this version of the patch I have fixed issues pointed out by David.
David, please queue this up for stable.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Tested-by: Long Li <longli@microsoft.com>
Tested-by: Sitsofe Wheeler <sitsofe@yahoo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kweh, Hock Leong [Fri, 26 Sep 2014 13:42:55 +0000 (21:42 +0800)]
net: stmmac: fix stmmac_pci_probe failed when CONFIG_HAVE_CLK is selected
When the CONFIG_HAVE_CLK is selected for the system, the stmmac_pci_probe
will fail with dmesg:
[ 2.167225] stmmaceth 0000:00:14.6: enabling device (0000 -> 0002)
[ 2.178267] stmmaceth 0000:00:14.6: enabling bus mastering
[ 2.178436] stmmaceth 0000:00:14.6: irq 24 for MSI/MSI-X
[ 2.178703] stmmaceth 0000:00:14.6: stmmac_dvr_probe: warning: cannot
get CSR clock
[ 2.186503] stmmac_pci_probe: main driver probe failed
[ 2.194003] stmmaceth 0000:00:14.6: disabling bus mastering
[ 2.196473] stmmaceth: probe of 0000:00:14.6 failed with error -2
This patch fix the issue by breaking the dependency to devm_clk_get()
as the CSR clock can be obtained at priv->plat->clk_csr from pci driver.
Reported-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de>
Signed-off-by: Kweh, Hock Leong <hock.leong.kweh@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ignacy Gawędzki [Wed, 24 Sep 2014 16:38:39 +0000 (18:38 +0200)]
ematch: Fix matching of inverted containers.
Negated expressions and sub-expressions need to have their flags checked for
TCF_EM_INVERT and their result negated accordingly.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 29 Sep 2014 17:34:29 +0000 (10:34 -0700)]
gro: fix aggregation for skb using frag_list
In commit
8a29111c7ca6 ("net: gro: allow to build full sized skb")
I added a regression for linear skb that traditionally force GRO
to use the frag_list fallback.
Erez Shitrit found that at most two segments were aggregated and
the "if (skb_gro_len(p) != pinfo->gso_size)" test was failing.
This is because pinfo at this spot still points to the last skb in the
chain, instead of the first one, where we find the correct gso_size
information.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes:
8a29111c7ca6 ("net: gro: allow to build full sized skb")
Reported-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 28 Sep 2014 21:29:07 +0000 (14:29 -0700)]
Linux 3.17-rc7
WANG Cong [Thu, 25 Sep 2014 00:07:53 +0000 (17:07 -0700)]
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
Fixes: commit
f187bc6efb7250afee0e2009b6106 ("ipv4: No need to set generic neighbour pointer")
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 28 Sep 2014 20:45:16 +0000 (13:45 -0700)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull slave-dmaengine fixes from Vinod Koul:
"Two small fixes for omap dmaengine driver which fixes cyclic suspend
and resume"
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: omap-dma: Restore the CLINK_CTRL in resume path
dmaengine: omap-dma: Add memory barrier to dma_resume path
David S. Miller [Sun, 28 Sep 2014 20:19:52 +0000 (16:19 -0400)]
Merge branch 'ipv6_tunnel'
Steffen Klassert says:
====================
ipv6: Return an error when adding an already existing tunnel
The ipv6 tunnel locate functions should not return an existing
tunnel if create is true. Otherwise it is possible to add the
same tunnel multiple times without getting an error.
All our ipv6 tunnels have this bug from the very beginning.
Only the sit tunnel was fixed some years ago with:
commit
8db99e57175 ("sit: Fail to create tunnel, if it already exists").
This patchset fixes the remaining ipv6 tunnels.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 22 Sep 2014 08:07:26 +0000 (10:07 +0200)]
ip6_gre: Return an error when adding an existing tunnel.
ip6gre_tunnel_locate() should not return an existing tunnel if
create is true. Otherwise it is possible to add the same
tunnel multiple times without getting an error.
So return NULL if the tunnel that should be created already
exists.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 22 Sep 2014 08:07:25 +0000 (10:07 +0200)]
ip6_vti: Return an error when adding an existing tunnel.
vti6_locate() should not return an existing tunnel if
create is true. Otherwise it is possible to add the same
tunnel multiple times without getting an error.
So return NULL if the tunnel that should be created already
exists.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 22 Sep 2014 08:07:24 +0000 (10:07 +0200)]
ip6_tunnel: Return an error when adding an existing tunnel.
ip6_tnl_locate() should not return an existing tunnel if
create is true. Otherwise it is possible to add the same
tunnel multiple times without getting an error.
So return NULL if the tunnel that should be created already
exists.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 28 Sep 2014 00:05:14 +0000 (17:05 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
"Assorted fixes + unifying __d_move() and __d_materialise_dentry() +
minimal regression fix for d_path() of victims of overwriting rename()
ported on top of that"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
vfs: Don't exchange "short" filenames unconditionally.
fold swapping ->d_name.hash into switch_names()
fold unlocking the children into dentry_unlock_parents_for_move()
kill __d_materialise_dentry()
__d_materialise_dentry(): flip the order of arguments
__d_move(): fold manipulations with ->d_child/->d_subdirs
don't open-code d_rehash() in d_materialise_unique()
pull rehashing and unlocking the target dentry into __d_materialise_dentry()
ufs: deal with nfsd/iget races
fuse: honour max_read and max_write in direct_io mode
shmem: fix nlink for rename overwrite directory
Linus Torvalds [Sat, 27 Sep 2014 23:45:33 +0000 (16:45 -0700)]
Merge branch 'for-3.17-fixes' of git://git./linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
"This is quite late but these need to be backported anyway.
This is the fix for a long-standing cpuset bug which existed from
2009. cpuset makes use of PF_SPREAD_{PAGE|SLAB} flags to modify the
task's memory allocation behavior according to the settings of the
cpuset it belongs to; unfortunately, when those flags have to be
changed, cpuset did so directly even whlie the target task is running,
which is obviously racy as task->flags may be modified by the task
itself at any time. This obscure bug manifested as corrupt
PF_USED_MATH flag leading to a weird crash.
The bug is fixed by moving the flag to task->atomic_flags. The first
two are prepatory ones to help defining atomic_flags accessors and the
third one is the actual fix"
* 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags
sched: add macros to define bitops for task atomic flags
sched: fix confusing PFA_NO_NEW_PRIVS constant
Linus Torvalds [Sat, 27 Sep 2014 21:58:59 +0000 (14:58 -0700)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"Here's our last set of fixes for 3.17. Most of these are for TI
platforms, fixing some noisy Kconfig issues, runtime clock and power
issues on several platforms and NAND timings on DRA7.
There are also a couple of bug fixes for i.MX, one for QCOM and a
small fix to avoid section mismatch noise on PXA.
Diffstat looks large, partially due to some tables being updated and
thus touching many lines. The qcom gsbi change also restructures
clock management a bit and thus touches a bunch of lines.
All in all, a bit more changes than we'd like at this point, but
nothing stands out as risky either so it seems like the right thing to
send it up now instead of holding it to the merge window"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
drivers/soc: qcom: do not disable the iface clock in probe
ARM: imx: fix .is_enabled() of shared gate clock
ARM: OMAP3: Fix I/O chain clock line assertion timed out error
ARM: keystone: dts: fix bindings for pcie and usb clock nodes
bus: omap_l3_noc: Fix connID for OMAP4
ARM: DT: imx53: fix lvds channel 1 port
ARM: dts: cm-t54: fix serial console power supply.
ARM: dts: dra7-evm: Fix NAND GPMC timings
ARM: pxa: fix section mismatch warning for pxa_timer_nodt_init
ARM: OMAP: Fix Kconfig warning for omap1
Linus Torvalds [Sat, 27 Sep 2014 21:42:18 +0000 (14:42 -0700)]
Merge branch 'upstream' of git://git.linux-mips.org/ralf/upstream-linus
Pull MIPS fixes from Ralf Baechle:
"The final round of fixes. One corner case in the math emulator and
another one in the mcount function for ftrace"
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: mcount: Adjust stack pointer for static trace in MIPS32
MIPS: Fix MFC1 & MFHC1 emulation for 64-bit MIPS systems
Linus Torvalds [Sat, 27 Sep 2014 21:23:13 +0000 (14:23 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
"This has:
- EFI revert to fix a boot regression
- early_ioremap() fix for boot failure
- KASLR fix for possible boot failures
- EFI fix for corrupted string printing
- remove a misleading EFI bootup 'failed!' error message
Unfortunately it's all rather close to the merge window"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/efi: Truncate 64-bit values when calling 32-bit OutputString()
x86/efi: Delete misleading efi_printk() error message
Revert "efi/x86: efistub: Move shared dependencies to <asm/efi.h>"
x86/kaslr: Avoid the setup_data area when picking location
x86 early_ioremap: Increase FIX_BTMAPS_SLOTS to 8
Mikhail Efremov [Wed, 24 Sep 2014 18:14:33 +0000 (22:14 +0400)]
vfs: Don't exchange "short" filenames unconditionally.
Only exchange source and destination filenames
if flags contain RENAME_EXCHANGE.
In case if executable file was running and replaced by
other file /proc/PID/exe should still show correct file name,
not the old name of the file by which it was replaced.
The scenario when this bug manifests itself was like this:
* ALT Linux uses rpm and start-stop-daemon;
* during a package upgrade rpm creates a temporary file
for an executable to rename it upon successful unpacking;
* start-stop-daemon is run subsequently and it obtains
the (nonexistant) temporary filename via /proc/PID/exe
thus failing to identify the running process.
Note that "long" filenames (> DNAiME_INLINE_LEN) are still
exchanged without RENAME_EXCHANGE and this behaviour exists
long enough (should be fixed too apparently).
So this patch is just an interim workaround that restores
behavior for "short" names as it was before changes
introduced by commit
da1ce0670c14 ("vfs: add cross-rename").
See https://lkml.org/lkml/2014/9/7/6 for details.
AV: the comments about being more careful with ->d_name.hash
than with ->d_name.name are from back in 2.3.40s; they
became obsolete by 2.3.60s, when we started to unhash the
target instead of swapping hash chain positions followed
by d_delete() as we used to do when dcache was first
introduced.
Acked-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Cc: stable@vger.kernel.org
Fixes:
da1ce0670c14 "vfs: add cross-rename"
Signed-off-by: Mikhail Efremov <sem@altlinux.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Linus Torvalds [Wed, 24 Sep 2014 19:27:39 +0000 (12:27 -0700)]
fold swapping ->d_name.hash into switch_names()
and do it along with ->d_name.len there
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 27 Sep 2014 03:11:15 +0000 (23:11 -0400)]
fold unlocking the children into dentry_unlock_parents_for_move()
... renaming it into dentry_unlock_for_move() and making it more
symmetric with dentry_lock_for_move().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 27 Sep 2014 03:06:14 +0000 (23:06 -0400)]
kill __d_materialise_dentry()
it folds into __d_move() now
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 27 Sep 2014 02:54:02 +0000 (22:54 -0400)]
__d_materialise_dentry(): flip the order of arguments
... thus making it much closer to (now unreachable, BTW) IS_ROOT(dentry)
case in __d_move(). A bit more and it'll fold in.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 27 Sep 2014 01:34:01 +0000 (21:34 -0400)]
__d_move(): fold manipulations with ->d_child/->d_subdirs
list_del() + list_add() is a slightly pessimised list_move()
list_del() + INIT_LIST_HEAD() is a slightly pessimised list_del_init()
Interleaving those makes the resulting code even worse. And harder to follow...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 27 Sep 2014 01:26:50 +0000 (21:26 -0400)]
don't open-code d_rehash() in d_materialise_unique()
... and get rid of duplicate BUG_ON() there
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 27 Sep 2014 01:20:39 +0000 (21:20 -0400)]
pull rehashing and unlocking the target dentry into __d_materialise_dentry()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sat, 27 Sep 2014 01:17:52 +0000 (21:17 -0400)]
ufs: deal with nfsd/iget races
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Miklos Szeredi [Wed, 24 Sep 2014 15:09:11 +0000 (17:09 +0200)]
fuse: honour max_read and max_write in direct_io mode
The third argument of fuse_get_user_pages() "nbytesp" refers to the number of
bytes a caller asked to pack into fuse request. This value may be lesser
than capacity of fuse request or iov_iter. So fuse_get_user_pages() must
ensure that *nbytesp won't grow.
Now, when helper iov_iter_get_pages() performs all hard work of extracting
pages from iov_iter, it can be done by passing properly calculated
"maxsize" to the helper.
The other caller of iov_iter_get_pages() (dio_refill_pages()) doesn't need
this capability, so pass LONG_MAX as the maxsize argument here.
Fixes:
c9c37e2e6378 ("fuse: switch to iov_iter_get_pages()")
Reported-by: Werner Baumann <werner.baumann@onlinehome.de>
Tested-by: Maxim Patlasov <mpatlasov@parallels.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Miklos Szeredi [Wed, 24 Sep 2014 15:56:17 +0000 (17:56 +0200)]
shmem: fix nlink for rename overwrite directory
If overwriting an empty directory with rename, then need to drop the extra
nlink.
Test prog:
#include <stdio.h>
#include <fcntl.h>
#include <err.h>
#include <sys/stat.h>
int main(void)
{
const char *test_dir1 = "test-dir1";
const char *test_dir2 = "test-dir2";
int res;
int fd;
struct stat statbuf;
res = mkdir(test_dir1, 0777);
if (res == -1)
err(1, "mkdir(\"%s\")", test_dir1);
res = mkdir(test_dir2, 0777);
if (res == -1)
err(1, "mkdir(\"%s\")", test_dir2);
fd = open(test_dir2, O_RDONLY);
if (fd == -1)
err(1, "open(\"%s\")", test_dir2);
res = rename(test_dir1, test_dir2);
if (res == -1)
err(1, "rename(\"%s\", \"%s\")", test_dir1, test_dir2);
res = fstat(fd, &statbuf);
if (res == -1)
err(1, "fstat(%i)", fd);
if (statbuf.st_nlink != 0) {
fprintf(stderr, "nlink is %lu, should be 0\n", statbuf.st_nlink);
return 1;
}
return 0;
}
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Nicolas Dichtel [Wed, 24 Sep 2014 09:03:00 +0000 (11:03 +0200)]
ip6gre: add a rtnl link alias for ip6gretap
With this alias, we don't need to load manually the module before adding an
ip6gretap interface with iproute2.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Matan Barak [Tue, 23 Sep 2014 13:05:59 +0000 (16:05 +0300)]
net/mlx4_core: Allow not to specify probe_vf in SRIOV IB mode
When the HCA is configured in SRIOV IB mode (that is, at least one of
the ports is IB) and the probe_vf module param isn't specified,
mlx4_init_one() failed because of the following condition:
if (ib_ports && (num_vfs_argc > 1 || probe_vfs_argc > 1)) {
.....
}
The root cause for that is a mistake in the initialization of num_vfs_argc
and probe_vfs_argc. When num_vfs / probe_vf aren't given, their argument
count counterpart should be 0, fix that.
Fixes:
dd41cc3bb90e ('net/mlx4: Adapt num_vfs/probed_vf params for single port VF')
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 26 Sep 2014 20:21:29 +0000 (16:21 -0400)]
Merge git://git./pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
nf pull request for net
This series contains netfilter fixes for net, they are:
1) Fix lockdep splat in nft_hash when releasing sets from the
rcu_callback context. We don't the mutex there anymore.
2) Remove unnecessary spinlock_bh in the destroy path of the nf_tables
rbtree set type from rcu_callback context.
3) Fix another lockdep splat in rhashtable. None of the callers hold
a mutex when calling rhashtable_destroy.
4) Fix duplicated error reporting from nfnetlink when aborting and
replaying a batch.
5) Fix a Kconfig issue reported by kbuild robot.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Tue, 23 Sep 2014 08:31:47 +0000 (16:31 +0800)]
r8152: fix the carrier off when autoresuming
netif_carrier_off would be called when autoresuming, even though
the cable is plugged. This causes some applications do relative
actions when detecting the carrier off. Keep the status of the
carrier, and let it be modified when the linking change occurs.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Soren Brinkmann [Mon, 22 Sep 2014 23:49:08 +0000 (16:49 -0700)]
Revert "net/macb: add pinctrl consumer support"
This reverts commit
8ef29f8aae524bd51298fb10ac6a5ce6c4c5a3d8.
The driver core already calls pinctrl_get() and claims the default
state. There is no need to replicate this in the driver.
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Mon, 22 Sep 2014 20:34:17 +0000 (16:34 -0400)]
macvtap: Fix race between device delete and open.
In macvtap device delete and open calls can race and
this causes a list curruption of the vlan queue_list.
The race intself is triggered by the idr accessors
that located the vlan device. The device is stored
into and removed from the idr under both an rtnl and
a mutex. However, when attempting to locate the device
in idr, only a mutex is taken. As a result, once cpu
perfoming a delete may take an rtnl and wait for the mutex,
while another cput doing an open() will take the idr
mutex first to fetch the device pointer and later take
an rtnl to add a queue for the device which may have
just gotten deleted.
With this patch, we now hold the rtnl for the duration
of the macvtap_open() call thus making sure that
open will not race with delete.
CC: Michael S. Tsirkin <mst@redhat.com>
CC: Jason Wang <jasowang@redhat.com>
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 26 Sep 2014 19:11:37 +0000 (15:11 -0400)]
Merge branch 'qlcnic'
Manish Chopra says:
====================
qlcnic: Bug fixes.
This patch series contains following bug fixes:
* Fixes related to ethtool statistics.
* Fix for flash read related API.
Please apply this series to 'net'.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Mon, 22 Sep 2014 09:51:53 +0000 (05:51 -0400)]
qlcnic: Fix ordering of stats in stats buffer.
o When TX queues are not allocated, driver does not fill TX queues stats in the buffer.
However, it is also not advancing data pointer by TX queue stats length, which would
misplace all successive stats data in the buffer and will result in mismatch between
stats strings and it's values.
o Fix this by advancing data pointer by TX queue stats length when
queues are not allocated.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Mon, 22 Sep 2014 09:51:52 +0000 (05:51 -0400)]
qlcnic: Remove __QLCNIC_DEV_UP bit check to read TX queues statistics.
o TX queues stats must be read when queues are allocated regardless
of interface is up or not.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Mon, 22 Sep 2014 09:51:51 +0000 (05:51 -0400)]
qlcnic: Fix memory corruption while reading stats using ethtool.
o Driver is doing memset with zero for total number of stats bytes when
it has already filled some data in the stats buffer, which can overwrite
memory area beyond the length of stats buffer.
o Fix this by initializing stats buffer with zero before filling any data in it.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sony Chacko [Mon, 22 Sep 2014 09:51:50 +0000 (05:51 -0400)]
qlcnic: Use qlcnic_83xx_flash_read32() API instead of lockless version of the API.
In qlcnic_83xx_setup_idc_parameters() routine use qlcnic_83xx_flash_read32() API
which takes flash lock internally instead of the lockless version
qlcnic_83xx_lockless_flash_read32().
Signed-off-by: Sony Chacko <sony.chacko@qlogic.com>
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 26 Sep 2014 18:04:31 +0000 (11:04 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
Pull input fix from Dmitry Torokhov:
"A small fixup to i8042 adding Asus X450LCP to the nomux list"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: i8042 - fix Asus X450LCP touchpad detection
Linus Torvalds [Fri, 26 Sep 2014 15:38:09 +0000 (08:38 -0700)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
"A CONFIG_STACK_GROWSUP=y fix, and a hotplug llc CPU mask fix"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched: Fix unreleased llc_shared_mask bit during CPU hotplug
sched: Fix end_of_stack() and location of stack canary for architectures using CONFIG_STACK_GROWSUP
Linus Torvalds [Fri, 26 Sep 2014 15:11:43 +0000 (08:11 -0700)]
Merge branch 'akpm' (fixes from Andrew Morton)
Merge fixes from Andrew Morton:
"9 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
mm: softdirty: keep bit when zapping file pte
fs/cachefiles: add missing \n to kerror conversions
genalloc: fix device node resource counter
drivers/rtc/rtc-efi.c: add missing module alias
mm, slab: initialize object alignment on cache creation
mm: softdirty: addresses before VMAs in PTE holes aren't softdirty
ocfs2/dlm: do not get resource spinlock if lockres is new
nilfs2: fix data loss with mmap()
ocfs2: free vol_label in ocfs2_delete_osb()
Peter Feiner [Thu, 25 Sep 2014 23:05:29 +0000 (16:05 -0700)]
mm: softdirty: keep bit when zapping file pte
This fixes the same bug as
b43790eedd31 ("mm: softdirty: don't forget to
save file map softdiry bit on unmap") and
9aed8614af5a ("mm/memory.c:
don't forget to set softdirty on file mapped fault") where the return
value of pte_*mksoft_dirty was being ignored.
To be sure that no other pte/pmd "mk" function return values were being
ignored, I annotated the functions in arch/x86/include/asm/pgtable.h
with __must_check and rebuilt.
The userspace effect of this bug is that the softdirty mark might be
lost if a file mapped pte get zapped.
Signed-off-by: Peter Feiner <pfeiner@google.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Jamie Liu <jamieliu@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fabian Frederick [Thu, 25 Sep 2014 23:05:27 +0000 (16:05 -0700)]
fs/cachefiles: add missing \n to kerror conversions
Commit
0227d6abb378 ("fs/cachefiles: replace kerror by pr_err") didn't
include newline featuring in original kerror definition
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Reported-by: David Howells <dhowells@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: <stable@vger.kernel.org> [3.16.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vladimir Zapolskiy [Thu, 25 Sep 2014 23:05:25 +0000 (16:05 -0700)]
genalloc: fix device node resource counter
Decrement the np_pool device_node refcount, which was incremented on
the preceding of_parse_phandle() call.
Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Olof Johansson <olof@lixom.net>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pali Rohár [Thu, 25 Sep 2014 23:05:22 +0000 (16:05 -0700)]
drivers/rtc/rtc-efi.c: add missing module alias
Without proper alias kernel module is not loaded for rtc-efi driver.
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Rientjes [Thu, 25 Sep 2014 23:05:20 +0000 (16:05 -0700)]
mm, slab: initialize object alignment on cache creation
Since commit
4590685546a3 ("mm/sl[aou]b: Common alignment code"), the
"ralign" automatic variable in __kmem_cache_create() may be used as
uninitialized.
The proper alignment defaults to BYTES_PER_WORD and can be overridden by
SLAB_RED_ZONE or the alignment specified by the caller.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=85031
Signed-off-by: David Rientjes <rientjes@google.com>
Reported-by: Andrei Elovikov <a.elovikov@gmail.com>
Acked-by: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Peter Feiner [Thu, 25 Sep 2014 23:05:18 +0000 (16:05 -0700)]
mm: softdirty: addresses before VMAs in PTE holes aren't softdirty
In PTE holes that contain VM_SOFTDIRTY VMAs, unmapped addresses before
VM_SOFTDIRTY VMAs are reported as softdirty by /proc/pid/pagemap. This
bug was introduced in commit
68b5a6524856 ("mm: softdirty: respect
VM_SOFTDIRTY in PTE holes"). That commit made /proc/pid/pagemap look at
VM_SOFTDIRTY in PTE holes but neglected to observe the start of VMAs
returned by find_vma.
Tested:
Wrote a selftest that creates a PMD-sized VMA then unmaps the first
page and asserts that the page is not softdirty. I'm going to send the
pagemap selftest in a later commit.
Signed-off-by: Peter Feiner <pfeiner@google.com>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: Jamie Liu <jamieliu@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joseph Qi [Thu, 25 Sep 2014 23:05:16 +0000 (16:05 -0700)]
ocfs2/dlm: do not get resource spinlock if lockres is new
There is a deadlock case which reported by Guozhonghua:
https://oss.oracle.com/pipermail/ocfs2-devel/2014-September/010079.html
This case is caused by &res->spinlock and &dlm->master_lock
misordering in different threads.
It was introduced by commit
8d400b81cc83 ("ocfs2/dlm: Clean up refmap
helpers"). Since lockres is new, it doesn't not require the
&res->spinlock. So remove it.
Fixes:
8d400b81cc83 ("ocfs2/dlm: Clean up refmap helpers")
Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Reviewed-by: joyce.xue <xuejiufei@huawei.com>
Reported-by: Guozhonghua <guozhonghua@h3c.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andreas Rohner [Thu, 25 Sep 2014 23:05:14 +0000 (16:05 -0700)]
nilfs2: fix data loss with mmap()
This bug leads to reproducible silent data loss, despite the use of
msync(), sync() and a clean unmount of the file system. It is easily
reproducible with the following script:
----------------[BEGIN SCRIPT]--------------------
mkfs.nilfs2 -f /dev/sdb
mount /dev/sdb /mnt
dd if=/dev/zero bs=1M count=30 of=/mnt/testfile
umount /mnt
mount /dev/sdb /mnt
CHECKSUM_BEFORE="$(md5sum /mnt/testfile)"
/root/mmaptest/mmaptest /mnt/testfile 30 10 5
sync
CHECKSUM_AFTER="$(md5sum /mnt/testfile)"
umount /mnt
mount /dev/sdb /mnt
CHECKSUM_AFTER_REMOUNT="$(md5sum /mnt/testfile)"
umount /mnt
echo "BEFORE MMAP:\t$CHECKSUM_BEFORE"
echo "AFTER MMAP:\t$CHECKSUM_AFTER"
echo "AFTER REMOUNT:\t$CHECKSUM_AFTER_REMOUNT"
----------------[END SCRIPT]--------------------
The mmaptest tool looks something like this (very simplified, with
error checking removed):
----------------[BEGIN mmaptest]--------------------
data = mmap(NULL, file_size - file_offset, PROT_READ | PROT_WRITE,
MAP_SHARED, fd, file_offset);
for (i = 0; i < write_count; ++i) {
memcpy(data + i * 4096, buf, sizeof(buf));
msync(data, file_size - file_offset, MS_SYNC))
}
----------------[END mmaptest]--------------------
The output of the script looks something like this:
BEFORE MMAP:
281ed1d5ae50e8419f9b978aab16de83 /mnt/testfile
AFTER MMAP:
6604a1c31f10780331a6850371b3a313 /mnt/testfile
AFTER REMOUNT:
281ed1d5ae50e8419f9b978aab16de83 /mnt/testfile
So it is clear, that the changes done using mmap() do not survive a
remount. This can be reproduced a 100% of the time. The problem was
introduced in commit
136e8770cd5d ("nilfs2: fix issue of
nilfs_set_page_dirty() for page at EOF boundary").
If the page was read with mpage_readpage() or mpage_readpages() for
example, then it has no buffers attached to it. In that case
page_has_buffers(page) in nilfs_set_page_dirty() will be false.
Therefore nilfs_set_file_dirty() is never called and the pages are never
collected and never written to disk.
This patch fixes the problem by also calling nilfs_set_file_dirty() if the
page has no buffers attached to it.
[akpm@linux-foundation.org: s/PAGE_SHIFT/PAGE_CACHE_SHIFT/]
Signed-off-by: Andreas Rohner <andreas.rohner@gmx.net>
Tested-by: Andreas Rohner <andreas.rohner@gmx.net>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joseph Qi [Thu, 25 Sep 2014 23:05:11 +0000 (16:05 -0700)]
ocfs2: free vol_label in ocfs2_delete_osb()
osb->vol_label is malloced in ocfs2_initialize_super but not freed if
error occurs or during umount, thus causing a memory leak.
Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Reviewed-by: joyce.xue <xuejiufei@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Markos Chandras [Tue, 16 Sep 2014 14:55:12 +0000 (15:55 +0100)]
MIPS: mcount: Adjust stack pointer for static trace in MIPS32
Every mcount() call in the MIPS 32-bit kernel is done as follows:
[...]
move at, ra
jal _mcount
addiu sp, sp, -8
[...]
but upon returning from the mcount() function, the stack pointer
is not adjusted properly. This is explained in details in
58b69401c797
(MIPS: Function tracer: Fix broken function tracing).
Commit
ad8c396936e3 ("MIPS: Unbreak function tracer for 64-bit kernel.)
fixed the stack manipulation for 64-bit but it didn't fix it completely
for MIPS32.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: <stable@vger.kernel.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7792/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Paul Burton [Wed, 24 Sep 2014 09:45:37 +0000 (10:45 +0100)]
MIPS: Fix MFC1 & MFHC1 emulation for 64-bit MIPS systems
Commit
bbd426f542cb "MIPS: Simplify FP context access" modified the
SIFROMREG & SIFROMHREG macros such that they return unsigned rather
than signed 32b integers. I had believed that to be fine, but
inadvertently missed the MFC1 & MFHC1 cases which write to a struct
pt_regs regs element. On MIPS32 this is fine, but on 64 bit those
saved regs' fields are 64 bit wide. Using unsigned values caused the
32 bit value from the FP register to be zero rather than sign extended
as the architecture specifies, causing incorrect emulation of the
MFC1 & MFHc1 instructions. Fix by reintroducing the casts to signed
integers, and therefore the sign extension.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: stable@vger.kernel.org # v3.15+
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7848/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Steffen Klassert [Mon, 22 Sep 2014 07:11:08 +0000 (09:11 +0200)]
ip_tunnel: Don't allow to add the same tunnel multiple times.
When we try to add an already existing tunnel, we don't return
an error. Instead we continue and call ip_tunnel_update().
This means that we can change existing tunnels by adding
the same tunnel multiple times. It is even possible to change
the tunnel endpoints of the fallback device.
We fix this by returning an error if we try to add an existing
tunnel.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 25 Sep 2014 22:25:52 +0000 (15:25 -0700)]
Merge tag 'pm+acpi-3.17-rc7' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
"These are regression fixes (ACPI hotplug, cpufreq, hibernation, ACPI
LPSS driver), fixes for stuff that never worked correctly (ACPI GPIO
support in some cases and a wrong sign of an error code in the ACPI
core in one place), and one blacklist item for ACPI backlight
handling.
Specifics:
- Revert of a recent hibernation core commit that introduced a NULL
pointer dereference during resume for at least one user (Rafael J
Wysocki).
- Fix for the ACPI LPSS (Low-Power Subsystem) driver to disable
asynchronous PM callback execution for LPSS devices during system
suspend/resume (introduced in 3.16) which turns out to break
ordering expectations on some systems. From Fu Zhonghui.
- cpufreq core fix related to the handling of sysfs nodes during
system suspend/resume that has been broken for intel_pstate since
3.15 from Lan Tianyu.
- Restore the generation of "online" uevents for ACPI container
devices that was removed in 3.14, but some user space utilities
turn out to need them (Rafael J Wysocki).
- The cpufreq core fails to release a lock in an error code path
after changes made in 3.14. Fix from Prarit Bhargava.
- ACPICA and ACPI/GPIO fixes to make the handling of ACPI GPIO
operation regions (which means AML using GPIOs) work correctly in
all cases from Bob Moore and Srinivas Pandruvada.
- Fix for a wrong sign of the ACPI core's create_modalias() return
value in case of an error from Mika Westerberg.
- ACPI backlight blacklist entry for ThinkPad X201s from Aaron Lu"
* tag 'pm+acpi-3.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Revert "PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free()"
gpio / ACPI: Use pin index and bit length
ACPICA: Update to GPIO region handler interface.
ACPI / platform / LPSS: disable async suspend/resume of LPSS devices
cpufreq: release policy->rwsem on error
cpufreq: fix cpufreq suspend/resume for intel_pstate
ACPI / scan: Correct error return value of create_modalias()
ACPI / video: disable native backlight for ThinkPad X201s
ACPI / hotplug: Generate online uevents for ACPI containers
Linus Torvalds [Thu, 25 Sep 2014 22:04:06 +0000 (15:04 -0700)]
Merge branch 'i2c/for-current' of git://git./linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"This is probably not the kind of pull request you want to see that
late in the cycle. Yet, the ACPI refactorization was problematic
again and caused another two issues which need fixing. My holidays
with limited internet (plus travelling) and the developer's illness
didn't help either :(
The details:
- ACPI code was refactored out into a seperate file and as a
side-effect, the i2c-core module got renamed. Jean Delvare
rightfully complained about the rename being problematic for
distributions. So, Mika and I thought the least problematic way to
deal with it is to move all the code back into the main i2c core
source file. This is mainly a huge code move with some #ifdeffery
applied. No functional code changes. Our personal tests and the
testbots did not find problems. (I was thinking about reverting,
too, yet that would also have ~800 lines changed)
- The new ACPI code also had a NULL pointer exception, thanks to
Peter for finding and fixing it.
- Mikko fixed a locking problem by decoupling clock_prepare and
clock_enable.
- Addy learnt that the datasheet was wrong and reimplemented the
frequency setup according to the new algorithm.
- Fan fixed an off-by-one error when copying data
- Janusz fixed a copy'n'paste bug which gave a wrong error message
- Sergei made sure that "don't touch" bits are not accessed"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: acpi: Fix NULL Pointer dereference
i2c: move acpi code back into the core
i2c: rk3x: fix divisor calculation for SCL frequency
i2c: mxs: fix error message in pio transfer
i2c: ismt: use correct length when copy buffer
i2c: rcar: fix RCAR_IRQ_ACK_{RECV|SEND}
i2c: tegra: Move clk_prepare/clk_set_rate to probe
Randy Dunlap [Thu, 25 Sep 2014 18:34:54 +0000 (11:34 -0700)]
MAINTAINERS: new Documentation maintainer
Transfer Documentation maintainership to Jiri Kosina.
Thanks, Jiri.
I'll still be reviewing and working on documentation.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rafael J. Wysocki [Thu, 25 Sep 2014 21:07:29 +0000 (23:07 +0200)]
Merge branches 'pm-cpufreq' and 'pm-sleep'
* pm-cpufreq:
cpufreq: release policy->rwsem on error
cpufreq: fix cpufreq suspend/resume for intel_pstate
* pm-sleep:
Revert "PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free()"
Rafael J. Wysocki [Thu, 25 Sep 2014 20:59:30 +0000 (22:59 +0200)]
Merge branches 'acpi-hotplug', 'acpi-scan', 'acpi-lpss', 'acpi-gpio' and 'acpi-video'
* acpi-hotplug:
ACPI / hotplug: Generate online uevents for ACPI containers
* acpi-scan:
ACPI / scan: Correct error return value of create_modalias()
* acpi-lpss:
ACPI / platform / LPSS: disable async suspend/resume of LPSS devices
* acpi-gpio:
gpio / ACPI: Use pin index and bit length
ACPICA: Update to GPIO region handler interface.
* acpi-video:
ACPI / video: disable native backlight for ThinkPad X201s
Linus Torvalds [Thu, 25 Sep 2014 17:17:37 +0000 (10:17 -0700)]
Merge tag 'gpio-v3.17-4' of git://git./linux/kernel/git/linusw/linux-gpio
Pull gpio fixes from Linus Walleij:
"Two GPIO fixes:
- GPIO direction flags where handled wrong in the new descriptor-
based API, so direction changes did not always "take".
- Fix a handler installation race in the generic GPIO irqchip code"
* tag 'gpio-v3.17-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: Fix potential NULL handler data in chained irqchip handler
gpio: Fix gpio direction flags not getting set
Ingo Molnar [Thu, 25 Sep 2014 14:40:08 +0000 (16:40 +0200)]
Merge tag 'efi-urgent' of git://git./linux/kernel/git/mfleming/efi into x86/urgent
Pull EFI fixes from Matt Fleming:
* Revert the static library changes from the merge window since they're
causing issues for Macbooks and Fedora + Grub2 (Matt Fleming)
* Delete the misleading "setup_efi_pci() failed!" message which some
people are seeing when booting EFI (Matt Fleming)
* Fix printing strings from the 32-bit EFI boot stub by only passing
32-bit addresses to the firmware (Matt Fleming)
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Linus Torvalds [Thu, 25 Sep 2014 14:39:29 +0000 (07:39 -0700)]
Merge tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux
Pull devicetree bug fixes and documentation from Grant Likely:
"Several bug fix commits for issues found in the v3.17 rc series.
Most of these are minor in that they aren't actively dangerous, but
they have been seen in the wild. The one important fix is commit
7dbe5849fb50 ("of: make sure of_alias is initialized before accessing
it"), without which some powerpc platforms will fail to find stdout
for the console"
* tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux:
of/fdt: fix memory range check
of: Fix memory block alignment in early_init_dt_add_memory_arch()
of: make sure of_alias is initialized before accessing it
of: Documentation regarding attaching OF Selftest testdata
of: Disabling OF functions that use sysfs if CONFIG_SYSFS disabled
of: correct of_console_check()'s return value
Robin Murphy [Thu, 25 Sep 2014 10:56:19 +0000 (11:56 +0100)]
ARM: 8165/1: alignment: don't break misaligned NEON load/store
The alignment fixup incorrectly decodes faulting ARM VLDn/VSTn
instructions (where the optional alignment hint is given but incorrect)
as LDR/STR, leading to register corruption. Detect these and correctly
treat them as unhandled, so that userspace gets the fault it expects.
Reported-by: Simon Hosie <simon.hosie@arm.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Will Deacon [Thu, 25 Sep 2014 10:39:19 +0000 (11:39 +0100)]
ARM: 8164/1: mm: clear SCTLR.HA instead of setting it for LPAE
SCTLR.HA (hardware access flag) is deprecated and not actually
implemented by any CPUs. Furthermore, it can confuse cr_alignment checks
where the whole value of SCTLR is compared against the value sitting in
the hardware, since the bit is actually RAZ/WI and will not match the
saved cr_alignment value.
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Peter Hüwe [Fri, 12 Sep 2014 19:09:47 +0000 (21:09 +0200)]
i2c: acpi: Fix NULL Pointer dereference
If adapter->dev.parent == NULL there is a NULL pointer dereference in
acpi_i2c_install_space_handler and acpi_i2c_remove_space_handler.
This is present since introduction of this code:
366047515c6e "i2c: rework kernel config I2C_ACPI" or even
da3c6647ee08 "I2C/ACPI: Clean up I2C ACPI code and Add CONFIG_I2C_ACPI"
The adapter->dev.parent == NULL case is valid for the i2c_stub,
so loading i2c_stub with ACPI_I2C_OPREGION enabled results in an oops.
This is also valid at least for i2c_tiny_usb and i2c_robotfuzz_osif.
Fix by checking whether it is null before calling ACPI_HANDLE.
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Wolfram Sang [Mon, 22 Sep 2014 17:41:00 +0000 (19:41 +0200)]
i2c: move acpi code back into the core
Commit
5d98e61d337c ("I2C/ACPI: Add i2c ACPI operation region support")
renamed the i2c-core module. This may cause regressions for
distributions, so put the ACPI code back into the core.
Reported-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Tested-by: Lan Tianyu <tianyu.lan@intel.com>
Tested-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Srinivas Kandagatla [Tue, 23 Sep 2014 09:59:09 +0000 (10:59 +0100)]
of/fdt: fix memory range check
In cases where board has below memory DT node
memory{
device_type = "memory";
reg = <0x80000000 0x80000000>;
};
Check on the memory range in fdt.c will always fail because it is
comparing MAX_PHYS_ADDR with base + size, in fact it should compare
it with base + size - 1.
This issue was originally noticed on Qualcomm IFC6410 board.
Without this patch kernel shows up noticed unnecessary warnings
[ 0.000000] Machine model: Qualcomm APQ8064/IFC6410
[ 0.000000] Ignoring memory range 0xffffffff - 0x100000000
[ 0.000000] cma: Reserved 64 MiB at
ab800000
as a result the size get reduced to 0x7fffffff which looks wrong.
This patch fixes the check involved in generating this warning and
as a result it also fixes the wrong size calculation.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[grant.likely: adjust new size calculation also]
Signed-off-by: Grant Likely <grant.likely@linaro.org>
Zefan Li [Thu, 25 Sep 2014 01:41:02 +0000 (09:41 +0800)]
cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags
When we change cpuset.memory_spread_{page,slab}, cpuset will flip
PF_SPREAD_{PAGE,SLAB} bit of tsk->flags for each task in that cpuset.
This should be done using atomic bitops, but currently we don't,
which is broken.
Tetsuo reported a hard-to-reproduce kernel crash on RHEL6, which happened
when one thread tried to clear PF_USED_MATH while at the same time another
thread tried to flip PF_SPREAD_PAGE/PF_SPREAD_SLAB. They both operate on
the same task.
Here's the full report:
https://lkml.org/lkml/2014/9/19/230
To fix this, we make PF_SPREAD_PAGE and PF_SPREAD_SLAB atomic flags.
v4:
- updated mm/slab.c. (Fengguang Wu)
- updated Documentation.
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Miao Xie <miaox@cn.fujitsu.com>
Cc: Kees Cook <keescook@chromium.org>
Fixes:
950592f7b991 ("cpusets: update tasks' page/slab spread flags in time")
Cc: <stable@vger.kernel.org> # 2.6.31+
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Zefan Li [Thu, 25 Sep 2014 01:40:40 +0000 (09:40 +0800)]
sched: add macros to define bitops for task atomic flags
This will simplify code when we add new flags.
v3:
- Kees pointed out that no_new_privs should never be cleared, so we
shouldn't define task_clear_no_new_privs(). we define 3 macros instead
of a single one.
v2:
- updated scripts/tags.sh, suggested by Peter
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Miao Xie <miaox@cn.fujitsu.com>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Zefan Li [Thu, 25 Sep 2014 01:40:17 +0000 (09:40 +0800)]
sched: fix confusing PFA_NO_NEW_PRIVS constant
Commit
1d4457f99928 ("sched: move no_new_privs into new atomic flags")
defined PFA_NO_NEW_PRIVS as hexadecimal value, but it is confusing
because it is used as bit number. Redefine it as decimal bit number.
Note this changes the bit position of PFA_NOW_NEW_PRIVS from 1 to 0.
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Kees Cook <keescook@chromium.org>
[ lizf: slightly modified subject and changelog ]
Signed-off-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Marcos Paulo de Souza [Wed, 24 Sep 2014 23:00:33 +0000 (16:00 -0700)]
Input: i8042 - fix Asus X450LCP touchpad detection
We need to add this module to the nomux table to be able to detect the
touchpad.
Cc: stablevger.kernel.org
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Rafael J. Wysocki [Wed, 24 Sep 2014 22:53:44 +0000 (00:53 +0200)]
Revert "PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free()"
Revert commit
6efde38f0769 (PM / Hibernate: Iterate over set bits
instead of PFNs in swsusp_free()) that introduced a NULL pointer
dereference during system resume from hibernation:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<
ffffffff810a8cc1>] swsusp_free+0x21/0x190
PGD
b39c2067 PUD
b39c1067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: <irrelevant list of modules>
CPU: 1 PID: 4898 Comm: s2disk Tainted: G C 3.17-rc5-amd64 #1 Debian 3.17~rc5-1~exp1
Hardware name: LENOVO 2776LEG/2776LEG, BIOS 6EET55WW (3.15 ) 12/19/2011
task:
ffff88023155ea40 ti:
ffff8800b3b14000 task.ti:
ffff8800b3b14000
RIP: 0010:[<
ffffffff810a8cc1>] [<
ffffffff810a8cc1>]
swsusp_free+0x21/0x190
RSP: 0018:
ffff8800b3b17ea8 EFLAGS:
00010246
RAX:
0000000000000000 RBX:
ffff8800b39bab00 RCX:
0000000000000001
RDX:
ffff8800b39bab10 RSI:
ffff8800b39bab00 RDI:
0000000000000000
RBP:
0000000000000010 R08:
0000000000000000 R09:
0000000000000000
R10:
ffff8800b39bab10 R11:
0000000000000246 R12:
ffffea0000000000
R13:
ffff880232f485a0 R14:
ffff88023ac27cd8 R15:
ffff880232927590
FS:
00007f406d83b700(0000) GS:
ffff88023bc80000(0000)
knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
0000000000000000 CR3:
00000000b3a62000 CR4:
00000000000007e0
Stack:
ffff8800b39bab00 0000000000000010 ffff880232927590 ffffffff810acb4a
ffff8800b39bab00 ffffffff811a955a ffff8800b39bab10 0000000000000000
ffff88023155f098 ffffffff81a6b8c0 ffff88023155ea40 0000000000000007
Call Trace:
[<
ffffffff810acb4a>] ? snapshot_release+0x2a/0xb0
[<
ffffffff811a955a>] ? __fput+0xca/0x1d0
[<
ffffffff81080627>] ? task_work_run+0x97/0xd0
[<
ffffffff81012d89>] ? do_notify_resume+0x69/0xa0
[<
ffffffff8151452a>] ? int_signal+0x12/0x17
Code: 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 41 54 48 8b 05 ba 62 9c 00 49 bc 00 00 00 00 00 ea ff ff 48 8b 3d a1 62 9c 00 55 53 <48> 8b 10 48 89 50 18 48 8b 52 20 48 c7 40 28 00 00 00 00 c7 40
RIP [<
ffffffff810a8cc1>] swsusp_free+0x21/0x190
RSP <
ffff8800b3b17ea8>
CR2:
0000000000000000
---[ end trace
f02be86a1ec0cccb ]---
due to forbidden_pages_map being NULL in swsusp_free().
Fixes:
6efde38f0769 "PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free()"
Reported-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Wed, 24 Sep 2014 22:57:55 +0000 (15:57 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Some final radeon and i915 fixes, black screens mostly"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/radeon/cik: use a separate counter for CP init timeout
drm/i915/hdmi: fix hdmi audio state readout
drm/i915: Don't leak command parser tables on suspend/resume
drm/radeon: add PX quirk for asus K53TK
drm/radeon: add a backlight quirk for Amilo Xi 2550
drm/radeon: add a module parameter for backlight control (v2)
drm/radeon: Update IH_RB_RPTR register after each processed interrupt
drm/radeon: Make IH ring overflow debugging output more useful
drm/radeon: Clear RB_OVERFLOW bit earlier
Srinivas Pandruvada [Tue, 23 Sep 2014 02:35:54 +0000 (10:35 +0800)]
gpio / ACPI: Use pin index and bit length
Fix code when the operation region callback is for an gpio, which
is not at index 0 and for partial pins in a GPIO definition.
For example:
Name (GMOD, ResourceTemplate ()
{
//3 Outputs that define the Power mode of the device
GpioIo (Exclusive, PullDown, , , , "\\_SB.GPI2") {10, 11, 12}
})
}
If opregion callback calls is for:
- Set pin 10, then address = 0 and bit length = 1
- Set pin 11, then address = 1 and bit length = 1
- Set for both pin 11 and pin 12, then address = 1, bit length = 2
This change requires updated ACPICA gpio operation handler code to
send the pin index and bit length.
Fixes:
473ed7be0da0 (gpio / ACPI: Add support for ACPI GPIO operation regions)
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Cc: 3.15+ <stable@vger.kernel.org> # 3.15+: 75ec6e55f138 ACPICA: Update to GPIO region handler interface.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Matt Fleming [Wed, 24 Sep 2014 10:56:10 +0000 (11:56 +0100)]
x86/efi: Truncate 64-bit values when calling 32-bit OutputString()
If we're executing the 32-bit efi_char16_printk() code path (i.e.
running on top of 32-bit firmware) we know that efi_early->text_output
will be a 32-bit value, even though ->text_output has type u64.
Unfortunately, we currently pass ->text_output directly to
efi_early->call() so for CONFIG_X86_32 the compiler will push a 64-bit
value onto the stack, causing the other parameters to be misaligned.
The way we handle this in the rest of the EFI boot stub is to pass
pointers as arguments to efi_early->call(), which automatically do the
right thing (pointers are 32-bit on CONFIG_X86_32, and we simply ignore
the upper 32-bits of the argument register if running in 64-bit mode
with 32-bit firmware).
This fixes a corruption bug when printing strings from the 32-bit EFI
boot stub.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=84241
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Bob Moore [Tue, 23 Sep 2014 02:35:47 +0000 (10:35 +0800)]
ACPICA: Update to GPIO region handler interface.
Changes to correct several GPIO issues:
1) The update_rule in a GPIO field definition is now ignored;
a read-modify-write operation is never performed for GPIO fields.
(Internally, this means that the field assembly/disassembly
code is completely bypassed for GPIO.)
2) The Address parameter passed to a GPIO region handler is
now the bit offset of the field from a previous Connection()
operator. Thus, it becomes a "Pin Number Index" into the
Connection() resource descriptor.
3) The bit_width parameter passed to a GPIO region handler is
now the exact bit width of the GPIO field. Thus, it can be
interpreted as "number of pins".
Overall, we can now say that the region handler interface
to GPIO handlers is a raw "bit/pin" addressed interface, not
a byte-addressed interface like the system_memory handler interface.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Cc: 3.15+ <stable@vger.kernel.org> # 3.15+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Dave Airlie [Wed, 24 Sep 2014 20:49:26 +0000 (06:49 +1000)]
Merge branch 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
- fix a backlight regression resulting in dark screen
- add a PX quirk to avoid a hang with runtime pm
- fix an init issue on the CIK compute rings
- fix IH ring buffer overflows gracefully
* 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux:
drm/radeon/cik: use a separate counter for CP init timeout
drm/radeon: add PX quirk for asus K53TK
drm/radeon: add a backlight quirk for Amilo Xi 2550
drm/radeon: add a module parameter for backlight control (v2)
drm/radeon: Update IH_RB_RPTR register after each processed interrupt
drm/radeon: Make IH ring overflow debugging output more useful
drm/radeon: Clear RB_OVERFLOW bit earlier
Dave Airlie [Wed, 24 Sep 2014 20:48:26 +0000 (06:48 +1000)]
Merge tag 'drm-intel-fixes-2014-09-24' of git://anongit.freedesktop.org/drm-intel into drm-fixes
a couple of small fixes for 3.17 still.
* tag 'drm-intel-fixes-2014-09-24' of git://anongit.freedesktop.org/drm-intel:
drm/i915/hdmi: fix hdmi audio state readout
drm/i915: Don't leak command parser tables on suspend/resume
Fu Zhonghui [Wed, 24 Sep 2014 20:42:26 +0000 (22:42 +0200)]
ACPI / platform / LPSS: disable async suspend/resume of LPSS devices
On some systems (Asus T100 in particular) there are strict ordering
dependencies between LPSS devices with respect to power management
that break if they suspend/resume asynchronously.
In theory it should be possible to follow those dependencies in the
async suspend/resume case too (the ACPI tables tell as that the
dependencies are there), but since we're missing infrastructure
for that at the moment, disable async suspend/resume for all of
the LPSS devices for the time being.
Link: http://marc.info/?l=linux-acpi&m=141158962321905&w=2
Fixes:
8ce62f85a81f (ACPI / platform / LPSS: Enable async suspend/resume of LPSS devices)
Signed-off-by: Li Aubrey <aubrey.li@linux.intel.com>
Signed-off-by: Fu Zhonghui <zhonghui.fu@linux.intel.com>
Cc: 3.16+ <stable@vger.kernel.org> # 3.16+
[ rjw: Changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Wed, 24 Sep 2014 19:45:24 +0000 (12:45 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Here is a quick pull request primarily meant to address the deconfig
fallout from changing SCSI_NETLINK from being used via 'select' to
being used via 'depends'.
I applied a set of 5 patches written by Michal Marek, and then I
carefully audited all of the remaining config files, basically:
1) I scanned every arch config file, and if it mentioned CONFIG_INET
or CONFIG_UNIX, I made sure it had CONFIG_NET=y
2) After that, I scanned every arch config file, and if it did not
have CONFIG_NET=y I made sure it did not reference any networking
config options.
Finally, we have some late breaking wireless fixes in here from John
Linville and co"
[ And there's a sparc bpf fix snuck in too ]
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
sparc: bpf_jit: fix loads from negative offsets
parisc: Update defconfigs which were missing CONFIG_NET.
powerpc: Update defconfigs which were missing CONFIG_NET.
s390: Update defconfigs which were missing CONFIG_NET.
mips: Update some more defconfigs which were missing CONFIG_NET.
sparc: Set CONFIG_NET=y in defconfigs
sh: Set CONFIG_NET=y in defconfigs
powerpc: Set CONFIG_NET=y in defconfigs
parisc: Set CONFIG_NET=y in defconfigs
mips: Set CONFIG_NET=y in defconfigs
brcmfmac: Fix off by one bug in brcmf_count_20mhz_channels()
ath9k: Fix NULL pointer dereference on early irq
net: rfkill: gpio: Fix clock status
NFC: st21nfca: Fix potential depmod dependency cycle
NFC: st21nfcb: Fix depmod dependency cycle
NFC: microread: Potential overflows in microread_target_discovered()
Alexei Starovoitov [Tue, 23 Sep 2014 20:50:10 +0000 (13:50 -0700)]
sparc: bpf_jit: fix loads from negative offsets
- fix BPF_LD|ABS|IND from negative offsets:
make sure to sign extend lower 32 bits in 64-bit register
before calling C helpers from JITed code, otherwise 'int k'
argument of bpf_internal_load_pointer_neg_helper() function
will be added as large unsigned integer, causing packet size
check to trigger and abort the program.
It's worth noting that JITed code for 'A = A op K' will affect
upper 32 bits differently depending whether K is simm13 or not.
Since small constants are sign extended, whereas large constants
are stored in temp register and zero extended.
That is ok and we don't have to pay a penalty of sign extension
for every sethi, since all classic BPF instructions have 32-bit
semantics and we only need to set correct upper bits when
transitioning from JITed code into C.
- though instructions 'A &= 0' and 'A *= 0' are odd, JIT compiler
should not optimize them out
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 24 Sep 2014 19:00:12 +0000 (15:00 -0400)]
Merge tag 'master-2014-09-23' of git://git./linux/kernel/git/linville/wireless
John W. Linville says:
====================
pull request: wireless 2014-09-23
Please consider pulling this one last batch of fixes intended for the 3.17 stream!
For the NFC bits, Samuel says:
"Hopefully not too late for a handful of NFC fixes:
- 2 potential build failures for ST21NFCA and ST21NFCB, triggered by a
depmod dependenyc cycle.
- One potential buffer overflow in the microread driver."
On top of that...
Emil Goode provides a fix for a brcmfmac off-by-one regression which
was introduced in the 3.17 cycle.
Loic Poulain fixes a polarity mismatch for a variable assignment
inside of rfkill-gpio.
Wojciech Dubowik prevents a NULL pointer dereference in ath9k.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>