Russell King [Thu, 9 Feb 2012 01:13:41 +0000 (17:13 -0800)]
pcmcia: fix socket refcount decrementing on each resume
This fixes a memory-corrupting bug: not only does it cause the warning,
but as a result of dropping the refcount to zero, it causes the
pcmcia_socket0 device structure to be freed while it still has
references, causing slab caches corruption. A fatal oops quickly
follows this warning - often even just a 'dmesg' following the warning
causes the kernel to oops.
While testing suspend/resume on an ARM device with PCMCIA support, and a
CF card inserted, I found that after five suspend and resumes, the
kernel would complain, and shortly die after with slab corruption.
WARNING: at include/linux/kref.h:41 kobject_get+0x28/0x50()
As the message doesn't give a clue about which kobject, and the built-in
debugging in drivers/base/power/main.c happens too late, this was added
right before each get_device():
printk("%s: %p [%s] %u\n", __func__, dev, kobject_name(&dev->kobj), atomic_read(&dev->kobj.kref.refcount));
and on the 3rd s2ram cycle, the following behaviour observed:
On the 3rd suspend/resume cycle:
dpm_prepare:
c1a0d998 [pcmcia_socket0] 3
dpm_suspend:
c1a0d998 [pcmcia_socket0] 3
dpm_suspend_noirq:
c1a0d998 [pcmcia_socket0] 3
dpm_resume_noirq:
c1a0d998 [pcmcia_socket0] 3
dpm_resume:
c1a0d998 [pcmcia_socket0] 3
dpm_complete:
c1a0d998 [pcmcia_socket0] 2
4th:
dpm_prepare:
c1a0d998 [pcmcia_socket0] 2
dpm_suspend:
c1a0d998 [pcmcia_socket0] 2
dpm_suspend_noirq:
c1a0d998 [pcmcia_socket0] 2
dpm_resume_noirq:
c1a0d998 [pcmcia_socket0] 2
dpm_resume:
c1a0d998 [pcmcia_socket0] 2
dpm_complete:
c1a0d998 [pcmcia_socket0] 1
5th:
dpm_prepare:
c1a0d998 [pcmcia_socket0] 1
dpm_suspend:
c1a0d998 [pcmcia_socket0] 1
dpm_suspend_noirq:
c1a0d998 [pcmcia_socket0] 1
dpm_resume_noirq:
c1a0d998 [pcmcia_socket0] 1
dpm_resume:
c1a0d998 [pcmcia_socket0] 1
dpm_complete:
c1a0d998 [pcmcia_socket0] 0
------------[ cut here ]------------
WARNING: at include/linux/kref.h:41 kobject_get+0x28/0x50()
Modules linked in: ucb1x00_core
Backtrace:
[<
c0212090>] (dump_backtrace+0x0/0x110) from [<
c04799dc>] (dump_stack+0x18/0x1c)
[<
c04799c4>] (dump_stack+0x0/0x1c) from [<
c021cba0>] (warn_slowpath_common+0x50/0x68)
[<
c021cb50>] (warn_slowpath_common+0x0/0x68) from [<
c021cbdc>] (warn_slowpath_null+0x24/0x28)
[<
c021cbb8>] (warn_slowpath_null+0x0/0x28) from [<
c0335374>] (kobject_get+0x28/0x50)
[<
c033534c>] (kobject_get+0x0/0x50) from [<
c03804f4>] (get_device+0x1c/0x24)
[<
c0388c90>] (dpm_complete+0x0/0x1a0) from [<
c0389cc0>] (dpm_resume_end+0x1c/0x20)
...
Looking at commit
7b24e7988263 ("pcmcia: split up central event handler"),
the following change was made to cs.c:
return 0;
}
#endif
-
- send_event(skt, CS_EVENT_PM_RESUME, CS_EVENT_PRI_LOW);
+ if (!(skt->state & SOCKET_CARDBUS) && (skt->callback))
+ skt->callback->early_resume(skt);
return 0;
}
And the corresponding change in ds.c is from:
-static int ds_event(struct pcmcia_socket *skt, event_t event, int priority)
-{
- struct pcmcia_socket *s = pcmcia_get_socket(skt);
...
- switch (event) {
...
- case CS_EVENT_PM_RESUME:
- if (verify_cis_cache(skt) != 0) {
- dev_dbg(&skt->dev, "cis mismatch - different card\n");
- /* first, remove the card */
- ds_event(skt, CS_EVENT_CARD_REMOVAL, CS_EVENT_PRI_HIGH);
- mutex_lock(&s->ops_mutex);
- destroy_cis_cache(skt);
- kfree(skt->fake_cis);
- skt->fake_cis = NULL;
- s->functions = 0;
- mutex_unlock(&s->ops_mutex);
- /* now, add the new card */
- ds_event(skt, CS_EVENT_CARD_INSERTION,
- CS_EVENT_PRI_LOW);
- }
- break;
...
- }
- pcmcia_put_socket(s);
- return 0;
-} /* ds_event */
to:
+static int pcmcia_bus_early_resume(struct pcmcia_socket *skt)
+{
+ if (!verify_cis_cache(skt)) {
+ pcmcia_put_socket(skt);
+ return 0;
+ }
+ dev_dbg(&skt->dev, "cis mismatch - different card\n");
+ /* first, remove the card */
+ pcmcia_bus_remove(skt);
+ mutex_lock(&skt->ops_mutex);
+ destroy_cis_cache(skt);
+ kfree(skt->fake_cis);
+ skt->fake_cis = NULL;
+ skt->functions = 0;
+ mutex_unlock(&skt->ops_mutex);
+ /* now, add the new card */
+ pcmcia_bus_add(skt);
+ return 0;
+}
As can be seen, the original function called pcmcia_get_socket() and
pcmcia_put_socket() around the guts, whereas the replacement code
calls pcmcia_put_socket() only in one path. This creates an imbalance
in the refcounting.
Testing with pcmcia_put_socket() put removed shows that the bug is gone:
dpm_suspend:
c1a10998 [pcmcia_socket0] 5
dpm_suspend_noirq:
c1a10998 [pcmcia_socket0] 5
dpm_resume_noirq:
c1a10998 [pcmcia_socket0] 5
dpm_resume:
c1a10998 [pcmcia_socket0] 5
dpm_complete:
c1a10998 [pcmcia_socket0] 5
Tested-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins [Thu, 9 Feb 2012 01:13:40 +0000 (17:13 -0800)]
mm: fix UP THP spin_is_locked BUGs
Fix CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_SMP=n CONFIG_DEBUG_VM=y
CONFIG_DEBUG_SPINLOCK=n kernel: spin_is_locked() is then always false,
and so triggers some BUGs in Transparent HugePage codepaths.
asm-generic/bug.h mentions this problem, and provides a WARN_ON_SMP(x);
but being too lazy to add VM_BUG_ON_SMP, BUG_ON_SMP, WARN_ON_SMP_ONCE,
VM_WARN_ON_SMP_ONCE, just test NR_CPUS != 1 in the existing VM_BUG_ONs.
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Thu, 9 Feb 2012 01:13:39 +0000 (17:13 -0800)]
drivers/leds/leds-lm3530.c: fix setting pltfm->als_vmax
In current code, pltfm->als_vmin is set to LM3530_ALS_WINDOW_mV and
pltfm->als_vmax is 0. This does not make sense. I think what we want
here is setting pltfm->als_vmax to LM3530_ALS_WINDOW_mV.
Both als_vmin and als_vmax local variables will be set to
pltfm->als_vmin and pltfm->als_vmax by a few lines latter. Thus also
remove a redundant assignment for als_vmin and als_vmax in this patch.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Cc: Shreshtha Kumar Sahu <shreshthakumar.sahu@stericsson.com>
Acked-by: Milo(Woogyom) Kim <milo.kim@ti.com>
Tested-by: Milo(Woogyom) Kim <milo.kim@ti.com>
Cc: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Thu, 9 Feb 2012 01:13:38 +0000 (17:13 -0800)]
mm: compaction: check for overlapping nodes during isolation for migration
When isolating pages for migration, migration starts at the start of a
zone while the free scanner starts at the end of the zone. Migration
avoids entering a new zone by never going beyond the free scanned.
Unfortunately, in very rare cases nodes can overlap. When this happens,
migration isolates pages without the LRU lock held, corrupting lists
which will trigger errors in reclaim or during page free such as in the
following oops
BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
IP: [<
ffffffff810f795c>] free_pcppages_bulk+0xcc/0x450
PGD
1dda554067 PUD
1e1cb58067 PMD 0
Oops: 0000 [#1] SMP
CPU 37
Pid: 17088, comm: memcg_process_s Tainted: G X
RIP: free_pcppages_bulk+0xcc/0x450
Process memcg_process_s (pid: 17088, threadinfo
ffff881c2926e000, task
ffff881c2926c0c0)
Call Trace:
free_hot_cold_page+0x17e/0x1f0
__pagevec_free+0x90/0xb0
release_pages+0x22a/0x260
pagevec_lru_move_fn+0xf3/0x110
putback_lru_page+0x66/0xe0
unmap_and_move+0x156/0x180
migrate_pages+0x9e/0x1b0
compact_zone+0x1f3/0x2f0
compact_zone_order+0xa2/0xe0
try_to_compact_pages+0xdf/0x110
__alloc_pages_direct_compact+0xee/0x1c0
__alloc_pages_slowpath+0x370/0x830
__alloc_pages_nodemask+0x1b1/0x1c0
alloc_pages_vma+0x9b/0x160
do_huge_pmd_anonymous_page+0x160/0x270
do_page_fault+0x207/0x4c0
page_fault+0x25/0x30
The "X" in the taint flag means that external modules were loaded but but
is unrelated to the bug triggering. The real problem was because the PFN
layout looks like this
Zone PFN ranges:
DMA 0x00000010 -> 0x00001000
DMA32 0x00001000 -> 0x00100000
Normal 0x00100000 -> 0x01e80000
Movable zone start PFN for each node
early_node_map[14] active PFN ranges
0: 0x00000010 -> 0x0000009b
0: 0x00000100 -> 0x0007a1ec
0: 0x0007a354 -> 0x0007a379
0: 0x0007f7ff -> 0x0007f800
0: 0x00100000 -> 0x00680000
1: 0x00680000 -> 0x00e80000
0: 0x00e80000 -> 0x01080000
1: 0x01080000 -> 0x01280000
0: 0x01280000 -> 0x01480000
1: 0x01480000 -> 0x01680000
0: 0x01680000 -> 0x01880000
1: 0x01880000 -> 0x01a80000
0: 0x01a80000 -> 0x01c80000
1: 0x01c80000 -> 0x01e80000
The fix is straight-forward. isolate_migratepages() has to make a
similar check to isolate_freepage to ensure that it never isolates pages
from a zone it does not hold the LRU lock for.
This was discovered in a 3.0-based kernel but it affects 3.1.x, 3.2.x
and current mainline.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Xi Wang [Thu, 9 Feb 2012 01:13:37 +0000 (17:13 -0800)]
nilfs2: avoid overflowing segment numbers in nilfs_ioctl_clean_segments()
nsegs is read from userspace. Limit its value and avoid overflowing nsegs
* sizeof(__u64) in the subsequent call to memdup_user().
This patch complements
481fe17e973fb9 ("nilfs2: potential integer overflow
in nilfs_ioctl_clean_segments()").
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Cc: Haogang Chen <haogangchen@gmail.com>
Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 7 Feb 2012 23:54:02 +0000 (15:54 -0800)]
Merge tag 'fbdev-fixes-for-3.3-1' of git://github.com/schandinat/linux-2.6
fbdev fixes for 3.3
It includes:
- compile fix for fsl-diu-fb
- fix for a suspend/resume issue in atmel_lcdfb
- fix for a suspend/resume issue in OMAP
- workaround for a hardware bug to avoid physical damage in OMAP
- really trivial dead code removal in intelfb
* tag 'fbdev-fixes-for-3.3-1' of git://github.com/schandinat/linux-2.6:
atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume
intelfb: remove some dead code
drivers/video: compile fixes for fsl-diu-fb.c
OMAPDSS: HDMI: PHY burnout fix
OMAP: 4430SDP/Panda: add HDMI HPD gpio
OMAP: 4430SDP/Panda: setup HDMI GPIO muxes
OMAPDSS: remove wrong HDMI HPD muxing
OMAP: 4430SDP/Panda: rename HPD GPIO to CT_CP_HPD
OMAP: 4430SDP/Panda: use gpio_free_array to free HDMI gpios
OMAPDSS: use sync versions of pm_runtime_put
Joe Perches [Fri, 3 Feb 2012 23:20:39 +0000 (15:20 -0800)]
checkpatch: Warn on code with 6+ tab indentation
Overly indented code should be refactored.
Suggest refactoring excessive indentation of of
if/else/for/do/while/switch statements.
For example:
$ cat t.c
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
if (1)
if (2)
if (3)
if (4)
if (5)
if (6)
if (7)
if (8)
;
return 0;
}
$ ./scripts/checkpatch.pl -f t.c
WARNING: Too many leading tabs - consider code refactoring
#12: FILE: t.c:12:
+ if (6)
WARNING: Too many leading tabs - consider code refactoring
#13: FILE: t.c:13:
+ if (7)
WARNING: Too many leading tabs - consider code refactoring
#14: FILE: t.c:14:
+ if (8)
total: 0 errors, 3 warnings, 17 lines checked
t.c has style problems, please review.
If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 7 Feb 2012 22:35:19 +0000 (14:35 -0800)]
Merge tag 'ib-srpt-fixes' of git://git./linux/kernel/git/roland/infiniband
Cleanups and error path fixes for the new SRP (SCSI RDMA protocol) target.
* tag 'ib-srpt-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/srpt: Don't return freed pointer from srpt_alloc_ioctx_ring()
IB/srpt: Fix ERR_PTR() vs. NULL checking confusion
IB/srpt: Remove unneeded <linux/version.h> include
IB/srpt: Use ARRAY_SIZE() instead of open-coding
IB/srpt: Use DEFINE_SPINLOCK()/LIST_HEAD()
Linus Torvalds [Tue, 7 Feb 2012 22:32:24 +0000 (14:32 -0800)]
Merge tag 'for-linus' of git://git./linux/kernel/git/mst/vhost
arch: fix ioport mapping on mips,sh
Kevin Cernekee reported that recent cleanup that replaced pci_iomap with
a generic function failed to take into account the differences in io
port handling on mips and sh architectures.
Rather than revert the changes reintroducing the code duplication, this
patchset fixes this by adding ability for architectures to override
ioport mapping for pci devices.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
sh: use the the PCI channels's io_map_base
mips: use the the PCI controller's io_map_base
lib: add NO_GENERIC_PCI_IOPORT_MAP
Yinghai Lu [Tue, 7 Feb 2012 16:20:37 +0000 (08:20 -0800)]
ACPI: remove duplicated lines of merging problems with acpi_processor_add
Those lines have two copies.
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Cc: Thomas Renninger <trenn@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 7 Feb 2012 22:07:20 +0000 (14:07 -0800)]
Merge git://git.samba.org/sfrench/cifs-2.6
* git://git.samba.org/sfrench/cifs-2.6:
cifs: Fix oops in session setup code for null user mounts
[CIFS] Update cifs Kconfig title to match removal of experimental dependency
cifs: fix printk format warnings
cifs: check offset in decode_ntlmssp_challenge()
cifs: NULL dereference on allocation failure
Linus Torvalds [Tue, 7 Feb 2012 22:06:11 +0000 (14:06 -0800)]
Merge branch 'upstream-fixes' of git://git./linux/kernel/git/jikos/hid
* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: wiimote: fix invalid power_supply_powers call
HID: wacom: Fix invalid power_supply_powers calls
HID: hyperv: Properly disconnect the input device
HID: usbhid: fix dead lock between open and disconect
Linus Torvalds [Tue, 7 Feb 2012 22:05:49 +0000 (14:05 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sameo/mfd-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6:
mfd: Avoid twl6040-codec PLL reconfiguration when not needed
mfd: Store twl6040-codec mclk configuration
Jiri Kosina [Tue, 7 Feb 2012 12:40:56 +0000 (13:40 +0100)]
HID: wiimote: fix invalid power_supply_powers call
Analogically to
d7cb3dbd1 ("HID: wacom: Fix invalid power_supply_powers
calls"), fix also the same occurence in wiimote driver.
Reported-by: przemo@firszt.eu
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Randy Dunlap [Mon, 6 Feb 2012 17:50:00 +0000 (09:50 -0800)]
Documentation: update quilt tree location for Documentation patches
Update quilt tree location for Documentation/ patches.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Larry Finger [Mon, 6 Feb 2012 17:49:50 +0000 (09:49 -0800)]
Documentation: add missing tainted bits to Documentation/sysctl/kernel.txt
Two of the bits in the tainted flag are not documented.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 7 Feb 2012 00:26:58 +0000 (16:26 -0800)]
Merge branch 'kvm-updates/3.3' of git://git./virt/kvm/kvm
Fixing a regression with the PMU MSRs when PMU virtualization is
disabled, a guest-internal DoS with the SYSCALL instruction, and a dirty
memory logging race that may cause live migration to fail.
* 'kvm-updates/3.3' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: do not #GP on perf MSR writes when vPMU is disabled
KVM: x86: fix missing checks in syscall emulation
KVM: x86: extend "struct x86_emulate_ops" with "get_cpuid"
KVM: Fix __set_bit() race in mark_page_dirty() during dirty logging
Linus Torvalds [Mon, 6 Feb 2012 23:29:56 +0000 (15:29 -0800)]
Merge tag 'gpio-for-linus' of git://git.secretlab.ca/git/linux-2.6
GPIO fixes for v3.3-rc2
Straight forward bug fixes in this branch. A couple of x86 gpio drivers
missing spinlock initialization, an API change fixup for the samsung driver
and a name typo fix.
* tag 'gpio-for-linus' of git://git.secretlab.ca/git/linux-2.6:
gpio: Add missing spin_lock_init in gpio-ml-ioh driver
gpio: Add missing spin_lock_init in gpio-pch driver
gpio: samsung: adapt to changes in gpio specifier translator function declaration
Correct bad gpio naming
Linus Torvalds [Mon, 6 Feb 2012 23:25:48 +0000 (15:25 -0800)]
Merge tag 'hwmon-fixes-for-3.3-rc3' of git://git./linux/kernel/git/groeck/linux-staging
One patch to fix fan detection on NCT6776F.
* tag 'hwmon-fixes-for-3.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (w83627ehf) Fix number of fans for NCT6776F
Heiko Carstens [Sat, 4 Feb 2012 09:47:10 +0000 (10:47 +0100)]
exec: fix use-after-free bug in setup_new_exec()
Setting the task name is done within setup_new_exec() by accessing
bprm->filename. However this happens after flush_old_exec().
This may result in a use after free bug, flush_old_exec() may
"complete" vfork_done, which will wake up the parent which in turn
may free the passed in filename.
To fix this add a new tcomm field in struct linux_binprm which
contains the now early generated task name until it is used.
Fixes this bug on s390:
Unable to handle kernel pointer dereference at virtual kernel address
0000000039768000
Process kworker/u:3 (pid: 245, task:
000000003a3dc840, ksp:
0000000039453818)
Krnl PSW :
0704000180000000 0000000000282e94 (setup_new_exec+0xa0/0x374)
Call Trace:
([<
0000000000282e2c>] setup_new_exec+0x38/0x374)
[<
00000000002dd12e>] load_elf_binary+0x402/0x1bf4
[<
0000000000280a42>] search_binary_handler+0x38e/0x5bc
[<
0000000000282b6c>] do_execve_common+0x410/0x514
[<
0000000000282cb6>] do_execve+0x46/0x58
[<
00000000005bce58>] kernel_execve+0x28/0x70
[<
000000000014ba2e>] ____call_usermodehelper+0x102/0x140
[<
00000000005bc8da>] kernel_thread_starter+0x6/0xc
[<
00000000005bc8d4>] kernel_thread_starter+0x0/0xc
Last Breaking-Event-Address:
[<
00000000002830f0>] setup_new_exec+0x2fc/0x374
Kernel panic - not syncing: Fatal exception: panic_on_oops
Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jesper Juhl [Sat, 4 Feb 2012 22:49:40 +0000 (23:49 +0100)]
IB/srpt: Don't return freed pointer from srpt_alloc_ioctx_ring()
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Przemo Firszt [Sun, 5 Feb 2012 22:35:24 +0000 (22:35 +0000)]
HID: wacom: Fix invalid power_supply_powers calls
power_supply_powers calls added in
35b4c01e2 ("power_supply: add "powers" links
to self-powered HID devices") have to be called after power device is created.
This patch also fixes the second call - it has to be "ac" instead of "battery"
Signed-off-by: Przemo Firszt <przemo@firszt.eu>
Signed-off-by: Chris Bagwell <chris@cnpbagwell.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Jiri Kosina [Mon, 6 Feb 2012 15:11:09 +0000 (16:11 +0100)]
Merge branch 'master' of git://git./linux/kernel/git/torvalds/linux into upstream-fixes
Sync with Linus' tree. This is necessary to have a base for
patch that fixes commit
35b4c01e29b ("power_supply: add "powers"
links to self-powered HID devices") which went in through Anton's
tree.
Guenter Roeck [Fri, 27 Jan 2012 13:43:59 +0000 (05:43 -0800)]
hwmon: (w83627ehf) Fix number of fans for NCT6776F
NCT6776F can select fan input pins for fans 3 to 5 with a secondary set of
chip register bits. Check that second set of bits in addition to the first set
to detect if fans 3..5 are monitored.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: stable@vger.kernel.org # 3.0+
Acked-by: Jean Delvare <khali@linux-fr.org>
Linus Torvalds [Sat, 4 Feb 2012 23:21:39 +0000 (15:21 -0800)]
Merge tag 'pm-fixes-for-3.3-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Power management fixes for 3.3-rc3
Three power management regression fixes, one for a recent regression introcuded
by the freezer changes during the 3.3 merge window and two for regressions
in cpuidle (resulting from PM QoS changes) and in the hibernate user space
interface, both introduced during the 3.2 development cycle.
They include:
* Two hibernate (s2disk) regression fixes from Srivatsa S. Bhat (for
regressions introduced during the 3.3 merge window and during the 3.2
development cycle).
* A cpuidle fix from Venki Pallipadi for a regression resulting from PM QoS
changes during the 3.2 development cycle causing cpuidle to work incorrectly
for CONFIG_PM unset.
* tag 'pm-fixes-for-3.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / QoS: CPU C-state breakage with PM Qos change
PM / Freezer: Thaw only kernel threads if freezing of kernel threads fails
PM / Hibernate: Thaw kernel threads in SNAPSHOT_CREATE_IMAGE ioctl path
Venkatesh Pallipadi [Fri, 3 Feb 2012 21:22:25 +0000 (22:22 +0100)]
PM / QoS: CPU C-state breakage with PM Qos change
Looks like change "PM QoS: Move and rename the implementation files"
merged during the 3.2 development cycle made PM QoS depend on
CONFIG_PM which depends on (PM_SLEEP || PM_RUNTIME).
That breaks CPU C-states with kernels not having these CONFIGs, causing CPUs
to spend time in Polling loop idle instead of going into deep C-states,
consuming way way more power. This is with either acpi idle or intel idle
enabled.
Either CONFIG_PM should be enabled with any pm_qos users or
the !CONFIG_PM pm_qos_request() should return sane defaults not to break
the existing users. Here's is the patch for the latter option.
[rjw: Modified the changelog slightly.]
Signed-off-by: Venkatesh Pallipadi <venki@google.com>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: stable@vger.kernel.org
Srivatsa S. Bhat [Fri, 3 Feb 2012 21:22:41 +0000 (22:22 +0100)]
PM / Freezer: Thaw only kernel threads if freezing of kernel threads fails
If freezing of kernel threads fails, we are expected to automatically
thaw tasks in the error recovery path. However, at times, we encounter
situations in which we would like the automatic error recovery path
to thaw only the kernel threads, because we want to be able to do
some more cleanup before we thaw userspace. Something like:
error = freeze_kernel_threads();
if (error) {
/* Do some cleanup */
/* Only then thaw userspace tasks*/
thaw_processes();
}
An example of such a situation is where we freeze/thaw filesystems
during suspend/hibernation. There, if freezing of kernel threads
fails, we would like to thaw the frozen filesystems before thawing
the userspace tasks.
So, modify freeze_kernel_threads() to thaw only kernel threads in
case of freezing failure. And change suspend_freeze_processes()
accordingly. (At the same time, let us also get rid of the rather
cryptic usage of the conditional operator (:?) in that function.)
[rjw: In fact, this patch fixes a regression introduced during the
3.3 merge window, because without it thaw_processes() may be called
before swsusp_free() in some situations and that may lead to massive
memory allocation failures.]
Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Nigel Cunningham <nigel@tuxonice.net>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Linus Torvalds [Sat, 4 Feb 2012 20:11:40 +0000 (12:11 -0800)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/arm/arm-soc
arm-soc fixes for 3.3-rc
* A series of OMAP regression fixes for merge window fallout
* Two patches for Davinci, one removes some misdefined clocks, the other
is a regression fix for merge window fallout
* Two patches that makes Broadcom bcmring build again (and removes a
bunch of unused code in the process)
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: bcmring: fix build failure in mach-bcmring/arch.c
ARM: bcmring: remove unused DMA map code
ARM: davinci: update mdio bus name
ARM: OMAP2+: arch/arm/mach-omap2/smartreflex.c: add missing iounmap
ARM: OMAP2+: arch/arm/mach-omap2/devices.c: introduce missing kfree
ARM: OMAP: fix MMC2 loopback clock handling
ARM: OMAP: fix erroneous mmc2 clock change on mmc3 setup
ARM: OMAP2+: GPMC: fix device size setup
ARM: OMAP2+: timer: Fix crash due to wrong arg to __omap_dm_timer_read_counter
ARM: OMAP3: hwmod data: register dss hwmods after dss_core
ARM: OMAP2/3: PRM: fix missing plat/irqs.h build breakage
ARM: OMAP2+: io: fix compilation breakage on 2420-only configs
ARM: OMAP4: hwmod data: Add names for DMIC memory address space
ARM: OMAP3: hwmod data: add SYSC_HAS_ENAWAKEUP for dispc
ARM: OMAP2+: hwmod data: split omap2/3 dispc hwmod class
ARM: davinci: DA850: remove non-existing pll1_sysclk4-7 clocks
ARM: OMAP2: fix regulator warnings
ARM: OMAP2: fix omap3 touchbook kconfig warning
i2c: OMAP: Fix OMAP1 build error
Paul Gortmaker [Sat, 4 Feb 2012 19:29:02 +0000 (11:29 -0800)]
ARM: bcmring: fix build failure in mach-bcmring/arch.c
Upstream commit
d1fce9c115eeb93e01c01732dfe9a86cf76009cf
"ARM: restart: bcmring: use new restart hook"
breaks building of this platform, since what used to be the
last field of the MACHINE_START/END block didn't have a
trailing comma. Once another field was added below, we get:
arch/arm/mach-bcmring/arch.c:198: error: request for member 'restart' in something not a structure or union
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Acked-by: Jiandong Zheng <jdzheng@broadcom.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
JD Zheng [Mon, 30 Jan 2012 18:59:01 +0000 (10:59 -0800)]
ARM: bcmring: remove unused DMA map code
Remove BCMRING DMA map code which is no longer used.
This also fixes a build error with dma.c introduced by
bfcd2ea6a40b33270564d706396f1b514a988d3c.
Signed-off-by: Jiandong Zheng <jdzheng@broadcom.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Linus Torvalds [Sat, 4 Feb 2012 18:57:42 +0000 (10:57 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: i8042 - add Lenovo Ideapad U455 to 'reset' blacklist
Input: serio_raw - return proper result when serio_raw_read fails
Input: document device properties
Input: twl4030_keypad - fix comment (trivial)
Input: gpio_keys - fix struct device declared inside parameter list
Input: evdev - fix variable initialisation
Linus Torvalds [Sat, 4 Feb 2012 18:54:26 +0000 (10:54 -0800)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
i.MX SDMA: Fix burstsize settings
ARM: mach-shmobile: both USB DMAC instances on sh7372 are slave-only
dma: sh_dma: not all SH DMAC implementations support MEMCPY
at_hdmac: bugfix for enabling channel irq
dmaengine: fix missing 'cnt' in ?: in dmatest
Linus Torvalds [Sat, 4 Feb 2012 18:51:54 +0000 (10:51 -0800)]
Merge branch 'akpm'
* akpm:
mm: compaction: check pfn_valid when entering a new MAX_ORDER_NR_PAGES block during isolation for migration
readahead: fix pipeline break caused by block plug
kprobes: fix a memory leak in function pre_handler_kretprobe()
drivers/tty/vt/vt_ioctl.c: fix KDFONTOP 32bit compatibility layer
lkdtm: avoid calling lkdtm_do_action() with spinlock held
mm/filemap_xip.c: fix race condition in xip_file_fault()
mm/memcontrol.c: fix warning with CONFIG_NUMA=n
avr32: select generic atomic64_t support
mm: postpone migrated page mapping reset
xtensa: fix memscan()
MAINTAINERS: update lguest F: patterns
MAINTAINERS: remove staging sections
MAINTAINERS: remove iMX5 section
MAINTAINERS: update partitions block F: patterns
Linus Torvalds [Sat, 4 Feb 2012 15:17:47 +0000 (07:17 -0800)]
Merge tag 'for-linus-3.3' of git://git.infradead.org/~dwmw2/mtd-3.3
- Fix a regression in 16-bit Atmel NAND flash which was introduced in 3.1
- Fix breakage with MTD suspend caused by the API rework
- Fix a problem with resetting the MX28 BCH module
- A couple of other trivial fixes
* tag 'for-linus-3.3-
20120204' of git://git.infradead.org/~dwmw2/mtd-3.3:
Revert "mtd: atmel_nand: optimize read/write buffer functions"
mtd: fix MTD suspend
jffs2: do not initialize variable unnecessarily
mtd: gpmi-nand bugfix: reset the BCH module when it is not MX23
mtd: nand: fix typo in comment
Artem Bityutskiy [Thu, 2 Feb 2012 11:54:25 +0000 (13:54 +0200)]
Revert "mtd: atmel_nand: optimize read/write buffer functions"
This reverts commit
fb5427508abbd635e877fabdf55795488119c2d6.
The reason is that it breaks 16 bits NAND flash as it was reported by
Nikolaus Voss and confirmed by Eric Bénard.
Nicolas Ferre <nicolas.ferre@atmel.com> alco confirmed:
"After double checking with designers, I must admit that I misunderstood
the way of optimizing accesses to SMC. 16 bit nand is not so common
those days..."
Reported-by: Nikolaus Voss <n.voss@weinmann.de>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Cc: stable@kernel.org [3.1+]
Linus Torvalds [Sat, 4 Feb 2012 00:57:40 +0000 (16:57 -0800)]
Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7314/1: kuser: consistently use usr_ret for returning from helpers
ARM: 7302/1: Add TLB flushing for both entries in a PMD
ARM: 7303/1: perf: add empty NODE event definitions for Cortex-A5 and Cortex-A15
ARM: 7308/1: vfp: flush thread hwstate before copying ptrace registers
ARM: 7307/1: vfp: fix ptrace regset modification race
ARM: 7306/1: vfp: flush thread hwstate before restoring context from sigframe
Revert "ARM: 7304/1: ioremap: fix boundary check when reusing static mapping"
Mel Gorman [Fri, 3 Feb 2012 23:37:18 +0000 (15:37 -0800)]
mm: compaction: check pfn_valid when entering a new MAX_ORDER_NR_PAGES block during isolation for migration
When isolating for migration, migration starts at the start of a zone
which is not necessarily pageblock aligned. Further, it stops isolating
when COMPACT_CLUSTER_MAX pages are isolated so migrate_pfn is generally
not aligned. This allows isolate_migratepages() to call pfn_to_page() on
an invalid PFN which can result in a crash. This was originally reported
against a 3.0-based kernel with the following trace in a crash dump.
PID: 9902 TASK:
d47aecd0 CPU: 0 COMMAND: "memcg_process_s"
#0 [
d72d3ad0] crash_kexec at
c028cfdb
#1 [
d72d3b24] oops_end at
c05c5322
#2 [
d72d3b38] __bad_area_nosemaphore at
c0227e60
#3 [
d72d3bec] bad_area at
c0227fb6
#4 [
d72d3c00] do_page_fault at
c05c72ec
#5 [
d72d3c80] error_code (via page_fault) at
c05c47a4
EAX:
00000000 EBX:
000c0000 ECX:
00000001 EDX:
00000807 EBP:
000c0000
DS: 007b ESI:
00000001 ES: 007b EDI:
f3000a80 GS: 6f50
CS: 0060 EIP:
c030b15a ERR:
ffffffff EFLAGS:
00010002
#6 [
d72d3cb4] isolate_migratepages at
c030b15a
#7 [
d72d3d14] zone_watermark_ok at
c02d26cb
#8 [
d72d3d2c] compact_zone at
c030b8de
#9 [
d72d3d68] compact_zone_order at
c030bba1
#10 [
d72d3db4] try_to_compact_pages at
c030bc84
#11 [
d72d3ddc] __alloc_pages_direct_compact at
c02d61e7
#12 [
d72d3e08] __alloc_pages_slowpath at
c02d66c7
#13 [
d72d3e78] __alloc_pages_nodemask at
c02d6a97
#14 [
d72d3eb8] alloc_pages_vma at
c030a845
#15 [
d72d3ed4] do_huge_pmd_anonymous_page at
c03178eb
#16 [
d72d3f00] handle_mm_fault at
c02f36c6
#17 [
d72d3f30] do_page_fault at
c05c70ed
#18 [
d72d3fb0] error_code (via page_fault) at
c05c47a4
EAX:
b71ff000 EBX:
00000001 ECX:
00001600 EDX:
00000431
DS: 007b ESI:
08048950 ES: 007b EDI:
bfaa3788
SS: 007b ESP:
bfaa36e0 EBP:
bfaa3828 GS: 6f50
CS: 0073 EIP:
080487c8 ERR:
ffffffff EFLAGS:
00010202
It was also reported by Herbert van den Bergh against 3.1-based kernel
with the following snippet from the console log.
BUG: unable to handle kernel paging request at
01c00008
IP: [<
c0522399>] isolate_migratepages+0x119/0x390
*pdpt =
000000002f7ce001 *pde =
0000000000000000
It is expected that it also affects 3.2.x and current mainline.
The problem is that pfn_valid is only called on the first PFN being
checked and that PFN is not necessarily aligned. Lets say we have a case
like this
H = MAX_ORDER_NR_PAGES boundary
| = pageblock boundary
m = cc->migrate_pfn
f = cc->free_pfn
o = memory hole
H------|------H------|----m-Hoooooo|ooooooH-f----|------H
The migrate_pfn is just below a memory hole and the free scanner is beyond
the hole. When isolate_migratepages started, it scans from migrate_pfn to
migrate_pfn+pageblock_nr_pages which is now in a memory hole. It checks
pfn_valid() on the first PFN but then scans into the hole where there are
not necessarily valid struct pages.
This patch ensures that isolate_migratepages calls pfn_valid when
necessary.
Reported-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com>
Tested-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com>
Signed-off-by: Mel Gorman <mgorman@suse.de>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Shaohua Li [Fri, 3 Feb 2012 23:37:17 +0000 (15:37 -0800)]
readahead: fix pipeline break caused by block plug
Herbert Poetzl reported a performance regression since 2.6.39. The test
is a simple dd read, but with big block size. The reason is:
T1: ra (A, A+128k), (A+128k, A+256k)
T2: lock_page for page A, submit the 256k
T3: hit page A+128K, ra (A+256k, A+384). the range isn't submitted
because of plug and there isn't any lock_page till we hit page A+256k
because all pages from A to A+256k is in memory
T4: hit page A+256k, ra (A+384, A+ 512). Because of plug, the range isn't
submitted again.
T5: lock_page A+256k, so (A+256k, A+512k) will be submitted. The task is
waitting for (A+256k, A+512k) finish.
There is no request to disk in T3 and T4, so readahead pipeline breaks.
We really don't need block plug for generic_file_aio_read() for buffered
I/O. The readahead already has plug and has fine grained control when I/O
should be submitted. Deleting plug for buffered I/O fixes the regression.
One side effect is plug makes the request size 256k, the size is 128k
without it. This is because default ra size is 128k and not a reason we
need plug here.
Vivek said:
: We submit some readahead IO to device request queue but because of nested
: plug, queue never gets unplugged. When read logic reaches a page which is
: not in page cache, it waits for page to be read from the disk
: (lock_page_killable()) and that time we flush the plug list.
:
: So effectively read ahead logic is kind of broken in parts because of
: nested plugging. Removing top level plug (generic_file_aio_read()) for
: buffered reads, will allow unplugging queue earlier for readahead.
Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Reported-by: Herbert Poetzl <herbert@13thfloor.at>
Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiang Liu [Fri, 3 Feb 2012 23:37:16 +0000 (15:37 -0800)]
kprobes: fix a memory leak in function pre_handler_kretprobe()
In function pre_handler_kretprobe(), the allocated kretprobe_instance
object will get leaked if the entry_handler callback returns non-zero.
This may cause all the preallocated kretprobe_instance objects exhausted.
This issue can be reproduced by changing
samples/kprobes/kretprobe_example.c to probe "mutex_unlock". And the fix
is straightforward: just put the allocated kretprobe_instance object back
onto the free_instances list.
[akpm@linux-foundation.org: use raw_spin_lock/unlock]
Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
Acked-by: Jim Keniston <jkenisto@us.ibm.com>
Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Samuel Thibault [Fri, 3 Feb 2012 23:37:15 +0000 (15:37 -0800)]
drivers/tty/vt/vt_ioctl.c: fix KDFONTOP 32bit compatibility layer
KDFONTOP(GET) currently fails with EIO when being run in a 32bit userland
with a 64bit kernel if the font width is not 8.
This is because of the setting of the KD_FONT_FLAG_OLD flag, which makes
con_font_get return EIO in such case.
This flag should *not* be set for KDFONTOP, since it's actually the whole
point of this flag (see comment in con_font_set for instance).
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Arthur Taylor <art@ified.ca>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cong Wang [Fri, 3 Feb 2012 23:37:15 +0000 (15:37 -0800)]
lkdtm: avoid calling lkdtm_do_action() with spinlock held
lkdtm_do_action() may call sleeping functions like kmalloc(), so do not
call it with spin lock held.
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Reviewed-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Carsten Otte [Fri, 3 Feb 2012 23:37:14 +0000 (15:37 -0800)]
mm/filemap_xip.c: fix race condition in xip_file_fault()
Fix a race condition that shows in conjunction with xip_file_fault() when
two threads of the same user process fault on the same memory page.
In this case, the race winner will install the page table entry and the
unlucky loser will cause an oops: xip_file_fault calls vm_insert_pfn (via
vm_insert_mixed) which drops out at this check:
retval = -EBUSY;
if (!pte_none(*pte))
goto out_unlock;
The resulting -EBUSY return value will trigger a BUG_ON() in
xip_file_fault.
This fix simply considers the fault as fixed in this case, because the
race winner has successfully installed the pte.
[akpm@linux-foundation.org: use conventional (and consistent) comment layout]
Reported-by: David Sadler <dsadler@us.ibm.com>
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Reported-by: Louis Alex Eisner <leisner@cs.ucsd.edu>
Cc: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Fri, 3 Feb 2012 23:37:14 +0000 (15:37 -0800)]
mm/memcontrol.c: fix warning with CONFIG_NUMA=n
mm/memcontrol.c: In function 'memcg_check_events':
mm/memcontrol.c:779: warning: unused variable 'do_numainfo'
Acked-by: Michal Hocko <mhocko@suse.cz>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Hiroyuki KAMEZAWA <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: "Kirill A. Shutemov" <kirill@shutemov.name>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fabio Baltieri [Fri, 3 Feb 2012 23:37:14 +0000 (15:37 -0800)]
avr32: select generic atomic64_t support
Enable use of the generic atomic64 implementation on AVR32 platforms.
Without this the kernel fails to build as the architecture does not
provide its version.
Signed-off-by: Fabio Baltieri <fabio.baltieri@gmail.com>
Acked-by: Hans-Christian Egtvedt <egtvedt@samfundet.no>
Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Konstantin Khlebnikov [Fri, 3 Feb 2012 23:37:13 +0000 (15:37 -0800)]
mm: postpone migrated page mapping reset
Postpone resetting page->mapping until the final remove_migration_ptes().
Otherwise the expression PageAnon(migration_entry_to_page(entry)) does not
work.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Akinobu Mita [Fri, 3 Feb 2012 23:37:13 +0000 (15:37 -0800)]
xtensa: fix memscan()
Defining memscan() as memchr() is wrong, because the return values of
memscan() and memchr() are different when the character is not found. So
use the generic memscan() implementation to fix this.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Chris Zankel <chris@zankel.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Fri, 3 Feb 2012 23:37:13 +0000 (15:37 -0800)]
MAINTAINERS: update lguest F: patterns
commit
07fe9977b623 ("lguest: move the lguest tool to the tools
directory") moved the files, update the patterns. Sort F: patterns
alphabetically too.
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Davidlohr Bueso <dave@gnu.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Fri, 3 Feb 2012 23:37:12 +0000 (15:37 -0800)]
MAINTAINERS: remove staging sections
Two commits moved files from staging to drivers/media/
commit
d6ce55de3abcc ("[media] move cx25821 out of staging")
commit
be30497085080 ("[media] move tm6000 to drivers/media/video")
Remove the sections.
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Fri, 3 Feb 2012 23:37:12 +0000 (15:37 -0800)]
MAINTAINERS: remove iMX5 section
commit
784a90c0a7d8f5 ("ARM i.MX: Merge i.MX5 support into mach-imx")
merged the files, remove the iMX5 section.
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Amit Kucheria <amit.kucheria@canonical.com>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Fri, 3 Feb 2012 23:37:11 +0000 (15:37 -0800)]
MAINTAINERS: update partitions block F: patterns
Commit
9be96f3fd101 ("move fs/partitions to block/") moved the files,
update the patterns.
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 3 Feb 2012 20:41:31 +0000 (12:41 -0800)]
Merge tag 'kmemleak-fixes' of git://git./linux/kernel/git/cmarinas/linux
Trivial kmemleak bug-fixes:
- Early logging doesn't stop when kmemleak is off by default.
- Zero-size scanning areas should be ignored (currently it prints a
warning).
* tag 'kmemleak-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux:
kmemleak: Disable early logging when kmemleak is off by default
kmemleak: Only scan non-zero-size areas
Linus Torvalds [Fri, 3 Feb 2012 18:06:15 +0000 (10:06 -0800)]
Merge tag 'sound-fixes' of git://git./linux/kernel/git/tiwai/sound
sound fixes for 3.3-rc3
Most of commits are either regression fixes for varioud HD-audio
codecs or small ASoC fixes. Also a trivial build fix is included.
* tag 'sound-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Disable dynamic-power control for VIA as default
ALSA: hda - Allow analog low-current mode when dynamic power-control is on
ALSA: hda - Fix the logic to detect VIA analog low-current mode
ALSA: hda - Check power-state before changing in patch_via.c
ALSA: HDA: Fix duplicated output to more than one codec
ALSA: hda - Fix calling cs_automic twice for Cirrus codecs.
ALSA: HDA: Remove quirk for Toshiba Qosmio G50
ALSA: HDA: Fix jack creation for codecs with front and rear Line In
ALSA: hda - Apply 0x0f-VREF fix to all ASUS laptops with ALC861/660
ASoC: neo1973_wm8753: remove references to the neo1973-gta01 machine
ALSA: Add #ifdef CONFIG_PCI guard for snd_pci_quirk_* functions
ASoC: wm_hubs: fix wrong bits for LINEOUT2 N/P mixer
ALSA: HDA: Remove quirk for Asus N53Jq
ASoC: wm_hubs: Enable line out VMID buffer for single ended line outputs
ASoC: wm5100: Mark register cache as dirty when regulators are disabled
ASoC: wm8962: Mark register cache as dirty when regulators are disabled
ASoC: wm8996: Mark register cache as dirty when regulators are disabled
ASoC: wm5100: Fix microphone configuration
ASoC: wm5100: Make sure we switch to button reporting mode
Peter Ujfalusi [Sat, 14 Jan 2012 19:58:44 +0000 (20:58 +0100)]
mfd: Avoid twl6040-codec PLL reconfiguration when not needed
Do not reconfigure the PLL in case it has been configured already
with the requested parameters.
In case of different PLL configuration do only the needed changes.
This can save considerable amount of time since we can avoid the
defined protocol (with delays) for the PLL configuration.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Peter Ujfalusi [Sat, 14 Jan 2012 19:58:43 +0000 (20:58 +0100)]
mfd: Store twl6040-codec mclk configuration
Store the last used mclk configuration for the PLL.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Dan Carpenter [Fri, 4 Nov 2011 18:27:32 +0000 (21:27 +0300)]
IB/srpt: Fix ERR_PTR() vs. NULL checking confusion
transport_init_session() and target_fabric_configfs_init() don't
return NULL pointers, they only return ERR_PTRs or valid pointers.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Will Deacon [Fri, 3 Feb 2012 10:08:05 +0000 (11:08 +0100)]
ARM: 7314/1: kuser: consistently use usr_ret for returning from helpers
__kuser_cmpxchg64 has a return path using bx lr to get back to the caller.
This is actually ok since the code in question is predicated on
CONFIG_CPU_32v6K, but for the sake of consistency using the usr_ret
macro is probably better.
Acked-by: Dave Martin <dave.martin@linaro.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Igor Murzov [Fri, 3 Feb 2012 08:19:07 +0000 (00:19 -0800)]
Input: i8042 - add Lenovo Ideapad U455 to 'reset' blacklist
From
2d5a38a56453421e82428155f4b00303f3fb19b2 Mon Sep 17 00:00:00 2001
From: Igor Murzov <e-mail@date.by>
Date: Wed, 1 Feb 2012 03:11:53 +0400
Subject: [PATCH] Input: i8042 - add Lenovo Ideapad U455 to 'reset' blacklist
Lenovo Ideapad U455 needs to be in the reset quirk list for its
touchpad's proper function.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=40672
Signed-off-by: Igor Murzov <e-mail@date.by>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Linus Torvalds [Thu, 2 Feb 2012 23:47:33 +0000 (15:47 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
rbd: fix safety of rbd_put_client()
rbd: fix a memory leak in rbd_get_client()
ceph: create a new session lock to avoid lock inversion
ceph: fix length validation in parse_reply_info()
ceph: initialize client debugfs outside of monc->mutex
ceph: change "ceph.layout" xattr to be "ceph.file.layout"
Josh Triplett [Thu, 2 Feb 2012 23:29:08 +0000 (15:29 -0800)]
include/linux/lp8727.h: Remove executable bit
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Shirish Pargaonkar [Thu, 2 Feb 2012 21:28:28 +0000 (15:28 -0600)]
cifs: Fix oops in session setup code for null user mounts
For null user mounts, do not invoke string length function
during session setup.
Cc: <stable@kernel.org
Reported-and-Tested-by: Chris Clayton <chris2553@googlemail.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Alex Elder [Sun, 29 Jan 2012 19:57:43 +0000 (13:57 -0600)]
rbd: fix safety of rbd_put_client()
The rbd_client structure uses a kref to arrange for cleaning up and
freeing an instance when its last reference is dropped. The cleanup
routine is rbd_client_release(), and one of the things it does is
delete the rbd_client from rbd_client_list. It acquires node_lock
to do so, but the way it is done is still not safe.
The problem is that when attempting to reuse an existing rbd_client,
the structure found might already be in the process of getting
destroyed and cleaned up.
Here's the scenario, with "CLIENT" representing an existing
rbd_client that's involved in the race:
Thread on CPU A | Thread on CPU B
--------------- | ---------------
rbd_put_client(CLIENT) | rbd_get_client()
kref_put() | (acquires node_lock)
kref->refcount becomes 0 | __rbd_client_find() returns CLIENT
calls rbd_client_release() | kref_get(&CLIENT->kref);
| (releases node_lock)
(acquires node_lock) |
deletes CLIENT from list | ...and starts using CLIENT...
(releases node_lock) |
and frees CLIENT | <-- but CLIENT gets freed here
Fix this by having rbd_put_client() acquire node_lock. The result
could still be improved, but at least it avoids this problem.
Signed-off-by: Alex Elder <elder@dreamhost.com>
Signed-off-by: Sage Weil <sage@newdream.net>
Jesper Juhl [Thu, 2 Feb 2012 20:55:59 +0000 (12:55 -0800)]
IB/srpt: Remove unneeded <linux/version.h> include
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Roland Dreier [Thu, 2 Feb 2012 20:55:58 +0000 (12:55 -0800)]
IB/srpt: Use ARRAY_SIZE() instead of open-coding
Signed-off-by: Roland Dreier <roland@purestorage.com>
Roland Dreier [Thu, 2 Feb 2012 20:55:58 +0000 (12:55 -0800)]
IB/srpt: Use DEFINE_SPINLOCK()/LIST_HEAD()
Signed-off-by: Roland Dreier <roland@purestorage.com>
Christopher Yeoh [Thu, 2 Feb 2012 01:04:09 +0000 (11:34 +1030)]
Fix race in process_vm_rw_core
This fixes the race in process_vm_core found by Oleg (see
http://article.gmane.org/gmane.linux.kernel/
1235667/
for details).
This has been updated since I last sent it as the creation of the new
mm_access() function did almost exactly the same thing as parts of the
previous version of this patch did.
In order to use mm_access() even when /proc isn't enabled, we move it to
kernel/fork.c where other related process mm access functions already
are.
Signed-off-by: Chris Yeoh <yeohc@au1.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alex Elder [Tue, 24 Jan 2012 16:08:36 +0000 (10:08 -0600)]
rbd: fix a memory leak in rbd_get_client()
If an existing rbd client is found to be suitable for use in
rbd_get_client(), the rbd_options structure is not being
freed as it should. Fix that.
Signed-off-by: Alex Elder <elder@dreamhost.com>
Signed-off-by: Sage Weil <sage@newdream.net>
Alex Elder [Fri, 13 Jan 2012 01:48:10 +0000 (17:48 -0800)]
ceph: create a new session lock to avoid lock inversion
Lockdep was reporting a possible circular lock dependency in
dentry_lease_is_valid(). That function needs to sample the
session's s_cap_gen and and s_cap_ttl fields coherently, but needs
to do so while holding a dentry lock. The s_cap_lock field was
being used to protect the two fields, but that can't be taken while
holding a lock on a dentry within the session.
In most cases, the s_cap_gen and s_cap_ttl fields only get operated
on separately. But in three cases they need to be updated together.
Implement a new lock to protect the spots updating both fields
atomically is required.
Signed-off-by: Alex Elder <elder@dreamhost.com>
Reviewed-by: Sage Weil <sage@newdream.net>
Xi Wang [Sun, 15 Jan 2012 03:20:59 +0000 (22:20 -0500)]
ceph: fix length validation in parse_reply_info()
"len" is read from network and thus needs validation. Otherwise, given
a bogus "len" value, p+len could be an out-of-bounds pointer, which is
used in further parsing.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Sage Weil <sage@newdream.net>
Sage Weil [Sat, 14 Jan 2012 06:22:03 +0000 (22:22 -0800)]
ceph: initialize client debugfs outside of monc->mutex
Initializing debufs under monc->mutex introduces a lock dependency for
sb->s_type->i_mutex_key, which (combined with several other dependencies)
leads to an annoying lockdep warning. There's no particular reason to do
the debugfs setup under this lock, so move it out.
It used to be the case that our first monmap could come from the OSD; that
is no longer the case with recent servers, so we will reliably set up the
client entry during the initial authentication.
We don't have to worry about racing with debugfs teardown by
ceph_debugfs_client_cleanup() because ceph_destroy_client() calls
ceph_msgr_flush() first, which will wait for the message dispatch work
to complete (and the debugfs init to complete).
Fixes: #1940
Signed-off-by: Sage Weil <sage@newdream.net>
Alex Elder [Thu, 12 Jan 2012 01:41:01 +0000 (17:41 -0800)]
ceph: change "ceph.layout" xattr to be "ceph.file.layout"
The virtual extended attribute named "ceph.layout" is meaningful
only for regular files. Change its name to be "ceph.file.layout" to
more directly reflect that in the ceph xattr namespace. Preserve
the old "ceph.layout" name for the time being (until we decide it's
safe to get rid of it entirely).
Add a missing initializer for "readonly" in the terminating entry.
Signed-off-by: Alex Elder <elder@dreamhost.com>
Reviewed-by: Sage Weil <sage@newdream.net>
Linus Torvalds [Thu, 2 Feb 2012 19:19:03 +0000 (11:19 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/radeon/kms/blit: fix blit copy for very large buffers
drm/radeon/kms: fix TRAVIS panel setup
drm/radeon: fix use after free in ATRM bios reading code.
drm/radeon/kms: Fix device tree linkage of DP i2c buses too
drm/radeon: Set DESKTOP_HEIGHT register to the framebuffer (not mode) height.
drm/radeon/kms: disable output polling when suspended
drm/nv50/pm: signedness bug in nv50_pm_clocks_pre()
drm/nouveau/gem: fix fence_sync race / oops
drm/nouveau: fix typo on mxmdcb option
drm/nouveau/mxm: pretend to succeed, even if we can't shadow the MXM-SIS
drm/nouveau/disp: check that panel power gpio is enabled at init time
Linus Torvalds [Thu, 2 Feb 2012 19:18:18 +0000 (11:18 -0800)]
Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblaze
* 'next' of git://git.monstr.eu/linux-2.6-microblaze:
Revert "microblaze: Add topology init"
Linus Torvalds [Thu, 2 Feb 2012 19:11:13 +0000 (11:11 -0800)]
Merge branches 'core-urgent-for-linus', 'perf-urgent-for-linus', 'sched-urgent-for-linus' and 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
bugs, x86: Fix printk levels for panic, softlockups and stack dumps
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf top: Fix number of samples displayed
perf tools: Fix strlen() bug in perf_event__synthesize_event_type()
perf tools: Fix broken build by defining _GNU_SOURCE in Makefile
x86/dumpstack: Remove unneeded check in dump_trace()
perf: Fix broken interrupt rate throttling
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/rt: Fix task stack corruption under __ARCH_WANT_INTERRUPTS_ON_CTXSW
sched: Fix ancient race in do_exit()
sched/nohz: Fix nohz cpu idle load balancing state with cpu hotplug
sched/s390: Fix compile error in sched/core.c
sched: Fix rq->nr_uninterruptible update race
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/reboot: Remove VersaLogic Menlow reboot quirk
x86/reboot: Skip DMI checks if reboot set by user
x86: Properly parenthesize cmpxchg() macro arguments
Catalin Marinas [Wed, 25 Jan 2012 10:54:22 +0000 (11:54 +0100)]
ARM: 7302/1: Add TLB flushing for both entries in a PMD
Linux uses two PMD entries for a PTE with the classic page table format,
covering 2MB range. However, the __pte_free_tlb() function only adds a
single TLB flush corresponding to 1MB range covering 'addr'. On
Cortex-A15, level 1 entries can be cached by the TLB independently of
the level 2 entries and without additional flushing a PMD entry would be
left pointing at the wrong PTE. The patch limits the TLB flushing range
to two 4KB pages around the 1MB boundary within PMD.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Will Deacon [Wed, 25 Jan 2012 18:36:28 +0000 (19:36 +0100)]
ARM: 7303/1: perf: add empty NODE event definitions for Cortex-A5 and Cortex-A15
Commit
89d6c0b5 ("perf, arch: Add generic NODE cache events") added
empty NODE event definitions for the ARM PMU implementations. This was
merged along with Cortex-A5 and Cortex-A15 PMU support, so they missed
out on the original patch.
This patch adds the empty definitions to Cortex-A5 and Cortex-A15.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Will Deacon [Mon, 30 Jan 2012 19:23:29 +0000 (20:23 +0100)]
ARM: 7308/1: vfp: flush thread hwstate before copying ptrace registers
If we are context switched whilst copying into a thread's
vfp_hard_struct then the partial copy may be corrupted by the VFP
context switching code (see "ARM: vfp: flush thread hwstate before
restoring context from sigframe").
This patch updates the ptrace VFP set code so that the thread state is
flushed before the copy, therefore disabling VFP and preventing
corruption from occurring.
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Dave Martin [Mon, 30 Jan 2012 19:22:28 +0000 (20:22 +0100)]
ARM: 7307/1: vfp: fix ptrace regset modification race
In a preemptible kernel, vfp_set() can be preempted, causing the
hardware VFP context to be switched while the thread vfp state is
being read and modified. This leads to a race condition which can
cause the thread vfp state to become corrupted if lazy VFP context
save occurs due to preemption in between the time thread->vfpstate
is read and the time the modified state is written back.
This may occur if preemption occurs during the execution of a
ptrace() call which modifies the VFP register state of a thread.
Such instances should be very rare in most realistic scenarios --
none has been reported, so far as I am aware. Only uniprocessor
systems should be affected, since VFP context save is not currently
lazy in SMP kernels.
The problem was introduced by my earlier patch migrating to use
regsets to implement ptrace.
This patch does a vfp_sync_hwstate() before reading
thread->vfpstate, to make sure that the thread's VFP state is not
live in the hardware registers while the registers are modified.
Thanks to Will Deacon for spotting this.
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Dave Martin <dave.martin@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Will Deacon [Mon, 30 Jan 2012 19:21:42 +0000 (20:21 +0100)]
ARM: 7306/1: vfp: flush thread hwstate before restoring context from sigframe
Following execution of a signal handler, we currently restore the VFP
context from the ucontext in the signal frame. This involves copying
from the user stack into the current thread's vfp_hard_struct and then
flushing the new data out to the hardware registers.
This is problematic when using a preemptible kernel because we could be
context switched whilst updating the vfp_hard_struct. If the current
thread has made use of VFP since the last context switch, the VFP
notifier will copy from the hardware registers into the vfp_hard_struct,
overwriting any data that had been partially copied by the signal code.
Disabling preemption across copy_from_user calls is a terrible idea, so
instead we move the VFP thread flush *before* we update the
vfp_hard_struct. Since the flushing is performed lazily, this has the
effect of disabling VFP and clearing the CPU's VFP state pointer,
therefore preventing the thread from being updated with stale data on
the next context switch.
Cc: stable <stable@vger.kernel.org>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Sun, 29 Jan 2012 14:55:21 +0000 (14:55 +0000)]
Revert "ARM: 7304/1: ioremap: fix boundary check when reusing static mapping"
This reverts commit
3c424f359898aff48c3d5bed608ac706f8a528c3.
Joachim Eastwood reports:
| "ARM: 7304/1: ioremap: fix boundary check when reusing static mapping"
| Commit:
3c424f359898aff48c3d5bed608ac706f8a528c3 in Linus master
|
| Breaks booting on my custom AT91RM9200 board.
| There isn't any error messages or anything that indicates what goes
| wrong it just stops after; Uncompressing Linux... done, booting the
| kernel.
|
| Reverting it makes my board boot again.
and further debugging reveals:
ioremap: pfn=fffff phys=
fffff000 offset=400 size=1000
ioremap: area
c3ffdfc0: phys_addr=200000 pfn=200 size=4000
ioremap: found: addr
fef74000 =>
fed73000 =>
fed73400
Clearly, an area for pfn 0x200, 16K can't ever satisfy a request for pfn
0xfffff. This happens because the changed if statement becomes:
if (0x00200 > 0xfffff ||
0xfffff000 + 0x400 + 0x1000-1 > 0x00200000 + 0x4000-1)
and therefore:
if (0x00200 > 0xfffff ||
0x000003ff > 0x00203fff)
The if condition fails, and so we _believe_ that the SRAM mapping fits
our request. Clearly that's totally bogus.
Moreover, the original premise of the 'fix' patch was wrong:
| The condition checking boundaries of the requested and existing
| mappings didn't take in-page offset into consideration though,
| which lead to obscure and hard to debug problems when requested
| mapping crossed end of the static one.
as the code immediately above this loop does:
size = PAGE_ALIGN(offset + size);
so 'size' already contains the requested offset into the page.
So, revert the broken 'fix'.
Acked-by: Nicolas Pitre <nico@linaro.org>
Ilija Hadzic [Thu, 2 Feb 2012 15:26:24 +0000 (10:26 -0500)]
drm/radeon/kms/blit: fix blit copy for very large buffers
Evergreen and NI blit copy was broken if the buffer maps to a rectangle
whose one dimension is 16384 (max dimension allowed by these chips).
In the mainline kernel, the problem is exposed only when buffers are
very large (1G), but it's still a problem. The problem could be exposed
for smaller buffers if anyone modifies the algorithm for rectangle
construction in r600_blit_create_rect() (the reason why someone would
modify that algorithm is to tune the performance of buffer moves).
The root cause was in i2f() function which only operated on range between
0 and 16383. Fix this by extending the range of i2f() function to 0 to
32767.
While at it improve the function so that the range can be easily
extended in the future (if it becomes necessary), cleanup lines
over 80 characters, and replace in-line comments with one strategic
comment that explains the crux of the function.
Credits to michel@daenzer.net for pointing out the root cause of
the bug.
v2: Fix I2F_MAX_INPUT constant definition goof and warn only once
if input argument is out of range. Edit the comment a little
bit to avoid some linguistic confusion and make it look better
in general.
Signed-off-by: Ilija Hadzic <ihadzic@research.bell-labs.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Michel Dänzer <michel@daenzer.net>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Alex Deucher [Thu, 2 Feb 2012 15:18:00 +0000 (10:18 -0500)]
drm/radeon/kms: fix TRAVIS panel setup
Different versions of the DP to LVDS bridge chip
need different panel mode settings depending on
the chip version used.
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=41569
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave Airlie [Thu, 2 Feb 2012 15:25:16 +0000 (15:25 +0000)]
drm/radeon: fix use after free in ATRM bios reading code.
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=45503
Reported-and-Debugged-by: mlambda@gmail.com
Signed-off-by: Dave Airlie <airlied@redhat.com>
K. Y. Srinivasan [Wed, 18 Jan 2012 16:57:14 +0000 (08:57 -0800)]
HID: hyperv: Properly disconnect the input device
When we unload the mouse driver, properly disconnect the input device.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Reported-by: Fuzhou Chen <fuzhouch@microsoft.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Takashi Iwai [Thu, 2 Feb 2012 09:30:17 +0000 (10:30 +0100)]
ALSA: hda - Disable dynamic-power control for VIA as default
Since the dynamic pin power-control and the analog low-current mode
may lead to pop-noise, it's safer to set it off as default.
Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=741128
Cc: <stable@kernel.org> [v3.1+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai [Wed, 1 Feb 2012 09:33:23 +0000 (10:33 +0100)]
ALSA: hda - Allow analog low-current mode when dynamic power-control is on
VIA codecs have several different power-saving features, and one of
them is the analog low-current mode. But it turned out that the ALC
mode causes pop-noises at each on/off time on some machines. As a
quick workaround, disable the ALC when another power-saving feature,
the dynamic pin power-control, is turned off, too, since the dynamic
power-control is already exposed as a mixer enum element so that user
can turn it on/off freely.
Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=741128
Cc: <stable@kernel.org> [v3.1+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai [Tue, 24 Jan 2012 12:58:36 +0000 (13:58 +0100)]
ALSA: hda - Fix the logic to detect VIA analog low-current mode
The analog low-current mode must be enabled when the no stream is
running but the current detection checks it in a wrong way.
Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=741128
Cc: <stable@kernel.org> [v3.1+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai [Tue, 24 Jan 2012 11:25:50 +0000 (12:25 +0100)]
ALSA: hda - Check power-state before changing in patch_via.c
Instead of always writing AC_VERB_SET_POWER_STATE, check the current
power-state and don't write again if the value is already set.
This may reduce the click noise upon the dynamic power-state change
(e.g. in analog-input mixer).
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Ming Lei [Thu, 12 Jan 2012 09:42:22 +0000 (17:42 +0800)]
HID: usbhid: fix dead lock between open and disconect
There is no reason to hold hiddev->existancelock before
calling usb_deregister_dev, so move it out of the lock.
The patch fixes the lockdep warning below.
[ 5733.386271] ======================================================
[ 5733.386274] [ INFO: possible circular locking dependency detected ]
[ 5733.386278] 3.2.0-custom-next-
20120111+ #1 Not tainted
[ 5733.386281] -------------------------------------------------------
[ 5733.386284] khubd/186 is trying to acquire lock:
[ 5733.386288] (minor_rwsem){++++.+}, at: [<
ffffffffa0011a04>] usb_deregister_dev+0x37/0x9e [usbcore]
[ 5733.386311]
[ 5733.386312] but task is already holding lock:
[ 5733.386315] (&hiddev->existancelock){+.+...}, at: [<
ffffffffa0094d17>] hiddev_disconnect+0x26/0x87 [usbhid]
[ 5733.386328]
[ 5733.386329] which lock already depends on the new lock.
[ 5733.386330]
[ 5733.386333]
[ 5733.386334] the existing dependency chain (in reverse order) is:
[ 5733.386336]
[ 5733.386337] -> #1 (&hiddev->existancelock){+.+...}:
[ 5733.386346] [<
ffffffff81082d26>] lock_acquire+0xcb/0x10e
[ 5733.386357] [<
ffffffff813df961>] __mutex_lock_common+0x60/0x465
[ 5733.386366] [<
ffffffff813dfe4d>] mutex_lock_nested+0x36/0x3b
[ 5733.386371] [<
ffffffffa0094ad6>] hiddev_open+0x113/0x193 [usbhid]
[ 5733.386378] [<
ffffffffa0011971>] usb_open+0x66/0xc2 [usbcore]
[ 5733.386390] [<
ffffffff8111a8b5>] chrdev_open+0x12b/0x154
[ 5733.386402] [<
ffffffff811159a8>] __dentry_open.isra.16+0x20b/0x355
[ 5733.386408] [<
ffffffff811165dc>] nameidata_to_filp+0x43/0x4a
[ 5733.386413] [<
ffffffff81122ed5>] do_last+0x536/0x570
[ 5733.386419] [<
ffffffff8112300b>] path_openat+0xce/0x301
[ 5733.386423] [<
ffffffff81123327>] do_filp_open+0x33/0x81
[ 5733.386427] [<
ffffffff8111664d>] do_sys_open+0x6a/0xfc
[ 5733.386431] [<
ffffffff811166fb>] sys_open+0x1c/0x1e
[ 5733.386434] [<
ffffffff813e7c79>] system_call_fastpath+0x16/0x1b
[ 5733.386441]
[ 5733.386441] -> #0 (minor_rwsem){++++.+}:
[ 5733.386448] [<
ffffffff8108255d>] __lock_acquire+0xa80/0xd74
[ 5733.386454] [<
ffffffff81082d26>] lock_acquire+0xcb/0x10e
[ 5733.386458] [<
ffffffff813e01f5>] down_write+0x44/0x77
[ 5733.386464] [<
ffffffffa0011a04>] usb_deregister_dev+0x37/0x9e [usbcore]
[ 5733.386475] [<
ffffffffa0094d2d>] hiddev_disconnect+0x3c/0x87 [usbhid]
[ 5733.386483] [<
ffffffff8132df51>] hid_disconnect+0x3f/0x54
[ 5733.386491] [<
ffffffff8132dfb4>] hid_device_remove+0x4e/0x7a
[ 5733.386496] [<
ffffffff812c0957>] __device_release_driver+0x81/0xcd
[ 5733.386502] [<
ffffffff812c09c3>] device_release_driver+0x20/0x2d
[ 5733.386507] [<
ffffffff812c0564>] bus_remove_device+0x114/0x128
[ 5733.386512] [<
ffffffff812bdd6f>] device_del+0x131/0x183
[ 5733.386519] [<
ffffffff8132def3>] hid_destroy_device+0x1e/0x3d
[ 5733.386525] [<
ffffffffa00916b0>] usbhid_disconnect+0x36/0x42 [usbhid]
[ 5733.386530] [<
ffffffffa000fb60>] usb_unbind_interface+0x57/0x11f [usbcore]
[ 5733.386542] [<
ffffffff812c0957>] __device_release_driver+0x81/0xcd
[ 5733.386547] [<
ffffffff812c09c3>] device_release_driver+0x20/0x2d
[ 5733.386552] [<
ffffffff812c0564>] bus_remove_device+0x114/0x128
[ 5733.386557] [<
ffffffff812bdd6f>] device_del+0x131/0x183
[ 5733.386562] [<
ffffffffa000de61>] usb_disable_device+0xa8/0x1d8 [usbcore]
[ 5733.386573] [<
ffffffffa0006bd2>] usb_disconnect+0xab/0x11f [usbcore]
[ 5733.386583] [<
ffffffffa0008aa0>] hub_thread+0x73b/0x1157 [usbcore]
[ 5733.386593] [<
ffffffff8105dc0f>] kthread+0x95/0x9d
[ 5733.386601] [<
ffffffff813e90b4>] kernel_thread_helper+0x4/0x10
[ 5733.386607]
[ 5733.386608] other info that might help us debug this:
[ 5733.386609]
[ 5733.386612] Possible unsafe locking scenario:
[ 5733.386613]
[ 5733.386615] CPU0 CPU1
[ 5733.386618] ---- ----
[ 5733.386620] lock(&hiddev->existancelock);
[ 5733.386625] lock(minor_rwsem);
[ 5733.386630] lock(&hiddev->existancelock);
[ 5733.386635] lock(minor_rwsem);
[ 5733.386639]
[ 5733.386640] *** DEADLOCK ***
[ 5733.386641]
[ 5733.386644] 6 locks held by khubd/186:
[ 5733.386646] #0: (&__lockdep_no_validate__){......}, at: [<
ffffffffa00084af>] hub_thread+0x14a/0x1157 [usbcore]
[ 5733.386661] #1: (&__lockdep_no_validate__){......}, at: [<
ffffffffa0006b77>] usb_disconnect+0x50/0x11f [usbcore]
[ 5733.386677] #2: (hcd->bandwidth_mutex){+.+.+.}, at: [<
ffffffffa0006bc8>] usb_disconnect+0xa1/0x11f [usbcore]
[ 5733.386693] #3: (&__lockdep_no_validate__){......}, at: [<
ffffffff812c09bb>] device_release_driver+0x18/0x2d
[ 5733.386704] #4: (&__lockdep_no_validate__){......}, at: [<
ffffffff812c09bb>] device_release_driver+0x18/0x2d
[ 5733.386714] #5: (&hiddev->existancelock){+.+...}, at: [<
ffffffffa0094d17>] hiddev_disconnect+0x26/0x87 [usbhid]
[ 5733.386727]
[ 5733.386727] stack backtrace:
[ 5733.386731] Pid: 186, comm: khubd Not tainted 3.2.0-custom-next-
20120111+ #1
[ 5733.386734] Call Trace:
[ 5733.386741] [<
ffffffff81062881>] ? up+0x34/0x3b
[ 5733.386747] [<
ffffffff813d9ef3>] print_circular_bug+0x1f8/0x209
[ 5733.386752] [<
ffffffff8108255d>] __lock_acquire+0xa80/0xd74
[ 5733.386756] [<
ffffffff810808b4>] ? trace_hardirqs_on_caller+0x15d/0x1a3
[ 5733.386763] [<
ffffffff81043a3f>] ? vprintk+0x3f4/0x419
[ 5733.386774] [<
ffffffffa0011a04>] ? usb_deregister_dev+0x37/0x9e [usbcore]
[ 5733.386779] [<
ffffffff81082d26>] lock_acquire+0xcb/0x10e
[ 5733.386789] [<
ffffffffa0011a04>] ? usb_deregister_dev+0x37/0x9e [usbcore]
[ 5733.386797] [<
ffffffff813e01f5>] down_write+0x44/0x77
[ 5733.386807] [<
ffffffffa0011a04>] ? usb_deregister_dev+0x37/0x9e [usbcore]
[ 5733.386818] [<
ffffffffa0011a04>] usb_deregister_dev+0x37/0x9e [usbcore]
[ 5733.386825] [<
ffffffffa0094d2d>] hiddev_disconnect+0x3c/0x87 [usbhid]
[ 5733.386830] [<
ffffffff8132df51>] hid_disconnect+0x3f/0x54
[ 5733.386834] [<
ffffffff8132dfb4>] hid_device_remove+0x4e/0x7a
[ 5733.386839] [<
ffffffff812c0957>] __device_release_driver+0x81/0xcd
[ 5733.386844] [<
ffffffff812c09c3>] device_release_driver+0x20/0x2d
[ 5733.386848] [<
ffffffff812c0564>] bus_remove_device+0x114/0x128
[ 5733.386854] [<
ffffffff812bdd6f>] device_del+0x131/0x183
[ 5733.386859] [<
ffffffff8132def3>] hid_destroy_device+0x1e/0x3d
[ 5733.386865] [<
ffffffffa00916b0>] usbhid_disconnect+0x36/0x42 [usbhid]
[ 5733.386876] [<
ffffffffa000fb60>] usb_unbind_interface+0x57/0x11f [usbcore]
[ 5733.386882] [<
ffffffff812c0957>] __device_release_driver+0x81/0xcd
[ 5733.386886] [<
ffffffff812c09c3>] device_release_driver+0x20/0x2d
[ 5733.386890] [<
ffffffff812c0564>] bus_remove_device+0x114/0x128
[ 5733.386895] [<
ffffffff812bdd6f>] device_del+0x131/0x183
[ 5733.386905] [<
ffffffffa000de61>] usb_disable_device+0xa8/0x1d8 [usbcore]
[ 5733.386916] [<
ffffffffa0006bd2>] usb_disconnect+0xab/0x11f [usbcore]
[ 5733.386921] [<
ffffffff813dff82>] ? __mutex_unlock_slowpath+0x130/0x141
[ 5733.386929] [<
ffffffffa0008aa0>] hub_thread+0x73b/0x1157 [usbcore]
[ 5733.386935] [<
ffffffff8106a51d>] ? finish_task_switch+0x78/0x150
[ 5733.386941] [<
ffffffff8105e396>] ? __init_waitqueue_head+0x4c/0x4c
[ 5733.386950] [<
ffffffffa0008365>] ? usb_remote_wakeup+0x56/0x56 [usbcore]
[ 5733.386955] [<
ffffffff8105dc0f>] kthread+0x95/0x9d
[ 5733.386961] [<
ffffffff813e90b4>] kernel_thread_helper+0x4/0x10
[ 5733.386966] [<
ffffffff813e24b8>] ? retint_restore_args+0x13/0x13
[ 5733.386970] [<
ffffffff8105db7a>] ? __init_kthread_worker+0x55/0x55
[ 5733.386974] [<
ffffffff813e90b0>] ? gs_change+0x13/0x13
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Philippe Rétornaz [Tue, 24 Jan 2012 13:22:01 +0000 (14:22 +0100)]
i.MX SDMA: Fix burstsize settings
Commit
6584cb88 (ARM i.MX dma: Fix burstsize settings) fixed
the mxcmmc driver but forgot to fix the SDMA driver to handle the
correct burtsize.
This make the SD card access works again with DMA on i.MX31 boards.
Signed-off-by: Philippe Rétornaz <philippe.retornaz@epfl.ch>
Tested-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Vinod Koul <vinod.koul@linux.intel.com>
Axel Lin [Wed, 1 Feb 2012 02:50:05 +0000 (10:50 +0800)]
gpio: Add missing spin_lock_init in gpio-ml-ioh driver
This bug was introduced by commit
54be5663
"gpio-ml-ioh: Support interrupt function" which adds a spinlock to struct
ioh_gpio but never init the spinlock.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Axel Lin [Wed, 1 Feb 2012 02:51:53 +0000 (10:51 +0800)]
gpio: Add missing spin_lock_init in gpio-pch driver
This bug was introduced by commit
d568a681
"gpio-pch: add spinlock in suspend/resume processing"
which adds a spinlock to struct pch_gpio but never init the spinlock.
Reported-by: Tomoya MORINAGA <tomoya.rohm@gmail.com>
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Linus Torvalds [Thu, 2 Feb 2012 02:30:15 +0000 (18:30 -0800)]
Merge tag 'firewire-fixes' of git://git./linux/kernel/git/ieee1394/linux1394
firewire fixes post v3.3-rc1
Add workarounds table entries for hardware bugs in
- FireWire part of Sound Blaster Audigy cards,
- Ricoh PCIe 1394 controllers.
Without these, several protocols, e.g. AV/C, do not work on the
Audigy, and the Ricoh PCIe controllers wouldn't work at all.
This does not concern the older Ricoh PCI controllers.
* tag 'firewire-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: ohci: disable MSI on Ricoh controllers
firewire: ohci: add reset packet quirk for SB Audigy
Randy Dunlap [Thu, 2 Feb 2012 03:04:02 +0000 (19:04 -0800)]
staging: fix go7007-usb license
Add MODULE_LICENSE() as per the license in the comment at the top of the
file for this source module to fix build warning:
WARNING: modpost: missing MODULE_LICENSE() in drivers/staging/media/go7007/go7007-usb.o
see include/linux/module.h for more information
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Cc: Ross Cohen <rcohen@snurgle.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Randy Dunlap [Thu, 2 Feb 2012 02:15:49 +0000 (18:15 -0800)]
docbook: fix fatal errors in device-drivers docbook and add DMA Management section
Fix 2 fatal errors in the device-drivers docbook.
Also add some missing files from drivers/base/; since several
of these are DMA-related, add a section for DMA Management.
docproc: drivers/base/sys.c: No such file or directory
docproc: drivers/tty/serial/8250.c: No such file or directory
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Thomas Abraham [Wed, 1 Feb 2012 13:02:32 +0000 (18:32 +0530)]
gpio: samsung: adapt to changes in gpio specifier translator function declaration
Commit
15c9a0acc3f7 (of: create of_phandle_args to simplify return of phandle
parsing data) modifies the parameter list of of_xlate function pointer declaration
in gpio_chip. Adapt the gpio specifier translate function for this change.
Reported-by: Tushar Behera <tushar.behera@linaro.org>
Signed-off-by: Thomas Abraham <thomas.abraham@linaro.org>
Tested-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Linus Torvalds [Thu, 2 Feb 2012 00:00:38 +0000 (16:00 -0800)]
Merge branch 'for-linus2' of git://git./linux/kernel/git/jmorris/linux-security
* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
lib: Fix 32-bit sparc udiv_qrnnd() definition in mpilib's longlong.h
lib: Fix multiple definitions of clz_tab
lib/digsig: checks for NULL return value
lib/mpi: added missing NULL check
lib/mpi: added comment on divide by 0 case
lib/mpi: check for possible zero length
lib/digsig: pkcs_1_v1_5_decode_emsa cleanup
lib/digsig: additional sanity checks against badly formated key payload
lib/mpi: removed unused functions
lib/mpi: checks for zero divisor length
lib/mpi: return error code on dividing by zero
lib/mpi: replaced MPI_NULL with normal NULL
lib/mpi: added missing NULL check
David Miller [Wed, 1 Feb 2012 22:17:55 +0000 (00:17 +0200)]
lib: Fix 32-bit sparc udiv_qrnnd() definition in mpilib's longlong.h
This copy of longlong.h is extremely dated and results in compile
errors on sparc32 when MPILIB is enabled, copy over the more uptodate
implementation from arch/sparc/math/sfp-util_32.h
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: James Morris <jmorris@namei.org>
David Miller [Wed, 1 Feb 2012 22:17:54 +0000 (00:17 +0200)]
lib: Fix multiple definitions of clz_tab
Both sparc 32-bit's software divide assembler and MPILIB provide
clz_tab[] with identical contents.
Break it out into a seperate object file and select it when
SPARC32 or MPILIB is set.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: James Morris <jmorris@namei.org>
Linus Torvalds [Wed, 1 Feb 2012 23:18:39 +0000 (15:18 -0800)]
Merge tag 'rdma-for-linus' of git://git./linux/kernel/git/roland/infiniband
InfiniBand/RDMA fixes for 3.3:
- Fix a crash due to a regression (uninitialized refcnt) introduced in
3.2 with XRC support.
- Close race in how ucma reports events when connect fails.
- Process vendor-specific MADs in mlx4 so that eg FDR-10 data rate works.
- Fix regression in qib caused by over-aggressive PCIe tuning.
- Other small fixes for hardware drivers (ipath, nes, qib).
* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
RDMA/nes: Copyright update
IB/mlx4: pass SMP vendor-specific attribute MADs to firmware
RDMA/nes: Fix fast memory registration opcode
RDMA/nes: Fix fast memory registration length
RDMA/ucma: Discard all events for new connections until accepted
IB/qib: Roll back PCIe tuning change
IB/qib: Use GFP_ATOMIC when locks are held
RDMA/nes: Add missing rcu_read_unlock() in nes_addr_resolve_neigh()
RDMA/nes: Fix for sending MPA reject frame
IB/ipath: Calling PTR_ERR() on right variable in create_file()
RDMA/core: Fix kernel panic by always initializing qp->usecnt
Oleg Nesterov [Tue, 31 Jan 2012 16:15:11 +0000 (17:15 +0100)]
proc: make sure mem_open() doesn't pin the target's memory
Once /proc/pid/mem is opened, the memory can't be released until
mem_release() even if its owner exits.
Change mem_open() to do atomic_inc(mm_count) + mmput(), this only
pins mm_struct. Change mem_rw() to do atomic_inc_not_zero(mm_count)
before access_remote_vm(), this verifies that this mm is still alive.
I am not sure what should mem_rw() return if atomic_inc_not_zero()
fails. With this patch it returns zero to match the "mm == NULL" case,
may be it should return -EINVAL like it did before
e268337d.
Perhaps it makes sense to add the additional fatal_signal_pending()
check into the main loop, to ensure we do not hold this memory if
the target task was oom-killed.
Cc: stable@kernel.org
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>