David Howells [Wed, 10 Sep 2014 21:22:00 +0000 (22:22 +0100)]
KEYS: Fix termination condition in assoc array garbage collection
This fixes CVE-2014-3631.
It is possible for an associative array to end up with a shortcut node at the
root of the tree if there are more than fan-out leaves in the tree, but they
all crowd into the same slot in the lowest level (ie. they all have the same
first nibble of their index keys).
When assoc_array_gc() returns back up the tree after scanning some leaves, it
can fall off of the root and crash because it assumes that the back pointer
from a shortcut (after label ascend_old_tree) must point to a normal node -
which isn't true of a shortcut node at the root.
Should we find we're ascending rootwards over a shortcut, we should check to
see if the backpointer is zero - and if it is, we have completed the scan.
This particular bug cannot occur if the root node is not a shortcut - ie. if
you have fewer than 17 keys in a keyring or if you have at least two keys that
sit into separate slots (eg. a keyring and a non keyring).
This can be reproduced by:
ring=`keyctl newring bar @s`
for ((i=1; i<=18; i++)); do last_key=`keyctl newring foo$i $ring`; done
keyctl timeout $last_key 2
Doing this:
echo 3 >/proc/sys/kernel/keys/gc_delay
first will speed things up.
If we do fall off of the top of the tree, we get the following oops:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000018
IP: [<
ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
PGD
dae15067 PUD
cfc24067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: xt_nat xt_mark nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_ni
CPU: 0 PID: 26011 Comm: kworker/0:1 Not tainted 3.14.9-200.fc20.x86_64 #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: events key_garbage_collector
task:
ffff8800918bd580 ti:
ffff8800aac14000 task.ti:
ffff8800aac14000
RIP: 0010:[<
ffffffff8136cea7>] [<
ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
RSP: 0018:
ffff8800aac15d40 EFLAGS:
00010206
RAX:
0000000000000000 RBX:
0000000000000000 RCX:
ffff8800aaecacc0
RDX:
ffff8800daecf440 RSI:
0000000000000001 RDI:
ffff8800aadc2bc0
RBP:
ffff8800aac15da8 R08:
0000000000000001 R09:
0000000000000003
R10:
ffffffff8136ccc7 R11:
0000000000000000 R12:
0000000000000000
R13:
0000000000000000 R14:
0000000000000070 R15:
0000000000000001
FS:
0000000000000000(0000) GS:
ffff88011fc00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
0000000000000018 CR3:
00000000db10d000 CR4:
00000000000006f0
Stack:
ffff8800aac15d50 0000000000000011 ffff8800aac15db8 ffffffff812e2a70
ffff880091a00600 0000000000000000 ffff8800aadc2bc3 00000000cd42c987
ffff88003702df20 ffff88003702dfa0 0000000053b65c09 ffff8800aac15fd8
Call Trace:
[<
ffffffff812e2a70>] ? keyring_detect_cycle_iterator+0x30/0x30
[<
ffffffff812e3e75>] keyring_gc+0x75/0x80
[<
ffffffff812e1424>] key_garbage_collector+0x154/0x3c0
[<
ffffffff810a67b6>] process_one_work+0x176/0x430
[<
ffffffff810a744b>] worker_thread+0x11b/0x3a0
[<
ffffffff810a7330>] ? rescuer_thread+0x3b0/0x3b0
[<
ffffffff810ae1a8>] kthread+0xd8/0xf0
[<
ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
[<
ffffffff816ffb7c>] ret_from_fork+0x7c/0xb0
[<
ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
Code: 08 4c 8b 22 0f 84 bf 00 00 00 41 83 c7 01 49 83 e4 fc 41 83 ff 0f 4c 89 65 c0 0f 8f 5a fe ff ff 48 8b 45 c0 4d 63 cf 49 83 c1 02 <4e> 8b 34 c8 4d 85 f6 0f 84 be 00 00 00 41 f6 c6 01 0f 84 92
RIP [<
ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
RSP <
ffff8800aac15d40>
CR2:
0000000000000018
---[ end trace
1129028a088c0cbd ]---
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Linus Torvalds [Fri, 12 Sep 2014 01:03:21 +0000 (18:03 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client
Pull Ceph fixes from Sage Weil:
"The main thing here is a set of three patches that fix a buffer
overrun for large authentication tickets (sigh).
There is also a trivial warning fix and an error path fix that are
both regressions"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
libceph: do not hard code max auth ticket len
libceph: add process_one_ticket() helper
libceph: gracefully handle large reply messages from the mon
rbd: fix error return code in rbd_dev_device_setup()
rbd: avoid format-security warning inside alloc_workqueue()
Linus Torvalds [Thu, 11 Sep 2014 23:52:29 +0000 (16:52 -0700)]
Merge tag 'stable/for-linus-3.17-b-rc4-tag' of git://git./linux/kernel/git/xen/tip
Pull Xen bug fixes from David Vrabel:
- fix for PVHVM suspend/resume and migration
- don't pointlessly retry certain ballooning ops
- fix gntalloc when grefs have run out.
- fix PV boot if KSALR is enable or very large modules are used.
* tag 'stable/for-linus-3.17-b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
x86/xen: don't copy bogus duplicate entries into kernel page tables
xen/gntalloc: safely delete grefs in add_grefs() undo path
xen/gntalloc: fix oops after runnning out of grant refs
xen/balloon: cancel ballooning if adding new memory failed
xen/manage: Always freeze/thaw processes when suspend/resuming
Linus Torvalds [Thu, 11 Sep 2014 23:49:56 +0000 (16:49 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mpe/linux
Pull powerpc fixes from Michael Ellerman:
"Ben's travelling so this is my first attempt at a pull request.
There's nothing too exciting. The CONFIG_FHANDLE one is annoying, I
know you love defconfig changes. But we've had a couple of developers
waste time debugging boxes that wouldn't boot, only to realise it's
just that systemd needs CONFIG_FHANDLE and our defconfigs don't have
it.
The new syscalls seem to be working, I've run the selftests that
exist, and also let trinity bash on them for a while"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux:
powerpc: Wire up sys_seccomp(), sys_getrandom() and sys_memfd_create()
powerpc: Make CONFIG_FHANDLE=y for all 64 bit powerpc defconfigs
powerpc: use machine_subsys_initcall() for opal_hmi_handler_init()
powerpc/perf: Fix ABIv2 kernel backtraces
powerpc/pseries: Fix endian issues in memory hotplug
Linus Torvalds [Thu, 11 Sep 2014 19:51:10 +0000 (12:51 -0700)]
Merge tag 'pm+acpi-3.17-rc5' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
"These are regression fixes (cpufreq, ACPI battery) and fixes for stuff
that never worked correctly (ACPI RTC operation region handler and PM
domain implementation in the ACPI LPSS driver).
Specifics:
- Fix for the cpufreq Operation Performance Points (OPP) code where a
recent commit added a kcalloc() call with an incorrect ordering of
arguments. From Anand Moon.
- Reverts of two ACPI battery commits that caused incorrect
diagnostic information to be printed to dmesg in some cases from
Bjørn Mork.
- Fix for the ACPI RTC operation region handler that applied the &
operator to an argument already representing an address and that
caused it to overwrite its own argument instead of writing to the
address contained in it as expected. From Chun-Yi Lee.
- Fix for the PM domain implementation in the ACPI LPSS (Low-Power
Subsystem) driver where one callback pointer pointed to a wrong
routine and one was NULL, but it shouldn't. From Fu Zhonghui"
* tag 'pm+acpi-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / LPSS: complete PM entries for LPSS power domain
Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged"
Revert "ACPI / battery: Fix warning message in acpi_battery_get_state()"
ACPI / RTC: Fix CMOS RTC opregion handler accesses to wrong addresses
cpufreq / OPP: Fix the order of arguments for kcalloc()
Linus Torvalds [Thu, 11 Sep 2014 17:11:29 +0000 (10:11 -0700)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"Two minor fixes.
First one from Kuninori clarifying dmas bindings and second from Lars
for fixing dma descriptor completion in non cyclic case"
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: jz4740: Fix non-cyclic descriptor completion
dt/bindings: rcar-audmapp: tidyup dmas explanation
Linus Torvalds [Thu, 11 Sep 2014 17:10:04 +0000 (10:10 -0700)]
Merge tag 'pinctrl-v3.17-3' of git://git./linux/kernel/git/linusw/linux-pinctrl
Pull two pin control fixes from Linus Walleij:
- fix a warning about unbalanced IRQs on the Baytrail
- update Tomasz Figa's address in MAINTAINERS
* tag 'pinctrl-v3.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
MAINTAINERS: Tomasz has moved
pinctrl: baytrail: resolve unbalanced IRQ wake disable warning
Linus Torvalds [Thu, 11 Sep 2014 17:08:36 +0000 (10:08 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
Pull input updates from Dmitry Torokhov:
"An update to Synaptics PS/2 driver to handle "ForcePads" (currently
found in HP EliteBook 1040 laptops), a change for Elan PS/2 driver to
detect newer touchpads, bunch of devices get annotated as Trackpoint
and/or Pointer to help userspace classify and handle them, plus
assorted driver fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: serport - add compat handling for SPIOCSTYPE ioctl
Input: atmel_mxt_ts - fix double free of input device
Input: synaptics - add support for ForcePads
Input: matrix_keypad - use request_any_context_irq()
Input: atmel_mxt_ts - downgrade warning about empty interrupts
Input: wm971x - fix typo in module parameter description
Input: cap1106 - fix register definition
Input: add missing POINTER / DIRECT properties to a bunch of drivers
Input: add INPUT_PROP_POINTING_STICK property
Input: elantech - fix detection of touchpad on ASUS s301l
Rafael J. Wysocki [Thu, 11 Sep 2014 13:09:30 +0000 (15:09 +0200)]
Merge branches 'acpi-rtc', 'acpi-lpss' and 'acpi-battery'
* acpi-rtc:
ACPI / RTC: Fix CMOS RTC opregion handler accesses to wrong addresses
* acpi-lpss:
ACPI / LPSS: complete PM entries for LPSS power domain
* acpi-battery:
Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged"
Revert "ACPI / battery: Fix warning message in acpi_battery_get_state()"
Rafael J. Wysocki [Thu, 11 Sep 2014 13:09:05 +0000 (15:09 +0200)]
Merge branch 'pm-cpufreq'
* pm-cpufreq:
cpufreq / OPP: Fix the order of arguments for kcalloc()
Lars-Peter Clausen [Sun, 7 Sep 2014 13:54:39 +0000 (15:54 +0200)]
dmaengine: jz4740: Fix non-cyclic descriptor completion
We need to make sure to deqeueue the descriptor from the active list before
we call vchan_cookie_complete(). Also we need obviously only set chan->desc
to NULL after we stopped using it.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Linus Torvalds [Wed, 10 Sep 2014 22:42:18 +0000 (15:42 -0700)]
Merge branch 'akpm' (fixes from Andrew Morton)
Merge misc fixes from Andrew Morton:
"10 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
fs/notify: don't show f_handle if exportfs_encode_inode_fh failed
fsnotify/fdinfo: use named constants instead of hardcoded values
kcmp: fix standard comparison bug
mm/mmap.c: use pr_emerg when printing BUG related information
shm: add memfd.h to UAPI export list
checkpatch: allow commit descriptions on separate line from commit id
sh: get_user_pages_fast() must flush cache
eventpoll: fix uninitialized variable in epoll_ctl
kernel/printk/printk.c: fix faulty logic in the case of recursive printk
mem-hotplug: let memblock skip the hotpluggable memory regions in __next_mem_range()
Andrey Vagin [Tue, 9 Sep 2014 21:51:06 +0000 (14:51 -0700)]
fs/notify: don't show f_handle if exportfs_encode_inode_fh failed
Currently we handle only ENOSPC. In case of other errors the file_handle
variable isn't filled properly and we will show a part of stack.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrey Vagin [Tue, 9 Sep 2014 21:51:04 +0000 (14:51 -0700)]
fsnotify/fdinfo: use named constants instead of hardcoded values
MAX_HANDLE_SZ is equal to 128, but currently the size of pad is only 64
bytes, so exportfs_encode_inode_fh can return an error.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rasmus Villemoes [Tue, 9 Sep 2014 21:51:01 +0000 (14:51 -0700)]
kcmp: fix standard comparison bug
The C operator <= defines a perfectly fine total ordering on the set of
values representable in a long. However, unlike its namesake in the
integers, it is not translation invariant, meaning that we do not have
"b <= c" iff "a+b <= a+c" for all a,b,c.
This means that it is always wrong to try to boil down the relationship
between two longs to a question about the sign of their difference,
because the resulting relation [a LEQ b iff a-b <= 0] is neither
anti-symmetric or transitive. The former is due to -LONG_MIN==LONG_MIN
(take any two a,b with a-b = LONG_MIN; then a LEQ b and b LEQ a, but a !=
b). The latter can either be seen observing that x LEQ x+1 for all x,
implying x LEQ x+1 LEQ x+2 ... LEQ x-1 LEQ x; or more directly with the
simple example a=LONG_MIN, b=0, c=1, for which a-b < 0, b-c < 0, but a-c >
0.
Note that it makes absolutely no difference that a transmogrying bijection
has been applied before the comparison is done. In fact, had the
obfuscation not been done, one could probably not observe the bug
(assuming all values being compared always lie in one half of the address
space, the mathematical value of a-b is always representable in a long).
As it stands, one can easily obtain three file descriptors exhibiting the
non-transitivity of kcmp().
Side note 1: I can't see that ensuring the MSB of the multiplier is
set serves any purpose other than obfuscating the obfuscating code.
Side note 2:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <assert.h>
#include <sys/syscall.h>
enum kcmp_type {
KCMP_FILE,
KCMP_VM,
KCMP_FILES,
KCMP_FS,
KCMP_SIGHAND,
KCMP_IO,
KCMP_SYSVSEM,
KCMP_TYPES,
};
pid_t pid;
int kcmp(pid_t pid1, pid_t pid2, int type,
unsigned long idx1, unsigned long idx2)
{
return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2);
}
int cmp_fd(int fd1, int fd2)
{
int c = kcmp(pid, pid, KCMP_FILE, fd1, fd2);
if (c < 0) {
perror("kcmp");
exit(1);
}
assert(0 <= c && c < 3);
return c;
}
int cmp_fdp(const void *a, const void *b)
{
static const int normalize[] = {0, -1, 1};
return normalize[cmp_fd(*(int*)a, *(int*)b)];
}
#define MAX 100 /* This is plenty; I've seen it trigger for MAX==3 */
int main(int argc, char *argv[])
{
int r, s, count = 0;
int REL[3] = {0,0,0};
int fd[MAX];
pid = getpid();
while (count < MAX) {
r = open("/dev/null", O_RDONLY);
if (r < 0)
break;
fd[count++] = r;
}
printf("opened %d file descriptors\n", count);
for (r = 0; r < count; ++r) {
for (s = r+1; s < count; ++s) {
REL[cmp_fd(fd[r], fd[s])]++;
}
}
printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]);
qsort(fd, count, sizeof(fd[0]), cmp_fdp);
memset(REL, 0, sizeof(REL));
for (r = 0; r < count; ++r) {
for (s = r+1; s < count; ++s) {
REL[cmp_fd(fd[r], fd[s])]++;
}
}
printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]);
return (REL[0] + REL[2] != 0);
}
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
"Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sasha Levin [Tue, 9 Sep 2014 21:50:59 +0000 (14:50 -0700)]
mm/mmap.c: use pr_emerg when printing BUG related information
Make sure we actually see the output of validate_mm() and browse_rb()
before triggering a BUG(). pr_info isn't shown by default so the reason
for the BUG() isn't obvious.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Drysdale [Tue, 9 Sep 2014 21:50:57 +0000 (14:50 -0700)]
shm: add memfd.h to UAPI export list
The new header file memfd.h from commit
9183df25fe7b ("shm: add
memfd_create() syscall") should be exported.
Signed-off-by: David Drysdale <drysdale@google.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Tue, 9 Sep 2014 21:50:55 +0000 (14:50 -0700)]
checkpatch: allow commit descriptions on separate line from commit id
The general form for commit id and description is
'Commit <12+hexdigits> ("commit description/subject line")'
but commit logs often have relatively long commit ids and the commit
description emds on the next line like:
Some explanation as to why commit <12+hexdigits>
("commit foo description/subject line") is improved.
Allow this form.
Signed-off-by: Joe Perches <joe@perches.com>
Suggested-by: Joe Lawrence <joe.lawrence@stratus.com>
Tested-by: Joe Lawrence <joe.lawrence@stratus.com>
Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Stas Sergeev [Tue, 9 Sep 2014 21:50:53 +0000 (14:50 -0700)]
sh: get_user_pages_fast() must flush cache
This patch avoids fuse hangs on sh4 by flushing the cache on
get_user_pages_fast(). This is not necessary a good thing to do, but
get_user_pages() does this, so get_user_pages_fast() should too.
Please note the patch for mips arch that addresses the similar problem:
https://kernel.googlesource.com/pub/scm/linux/kernel/git/ralf/linux/+/linux-3.4.50%5E!/#F0
They basically simply disable get_user_pages_fast() at all, using a
fall-back to get_user_pages(). But my fix is different, it adds an
explicit cache flushes.
Signed-off-by: Stas Sergeev <stsp@users.sourceforge.net>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Kamal Dasu <kdasu.kdev@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nicolas Iooss [Tue, 9 Sep 2014 21:50:51 +0000 (14:50 -0700)]
eventpoll: fix uninitialized variable in epoll_ctl
When calling epoll_ctl with operation EPOLL_CTL_DEL, structure epds is
not initialized but ep_take_care_of_epollwakeup reads its event field.
When this unintialized field has EPOLLWAKEUP bit set, a capability check
is done for CAP_BLOCK_SUSPEND in ep_take_care_of_epollwakeup. This
produces unexpected messages in the audit log, such as (on a system
running SELinux):
type=AVC msg=audit(
1408212798.866:410): avc: denied
{ block_suspend } for pid=7754 comm="dbus-daemon" capability=36
scontext=unconfined_u:unconfined_r:unconfined_t
tcontext=unconfined_u:unconfined_r:unconfined_t
tclass=capability2 permissive=1
type=SYSCALL msg=audit(
1408212798.866:410): arch=
c000003e syscall=233
success=yes exit=0 a0=3 a1=2 a2=9 a3=
7fffd4d66ec0 items=0 ppid=1
pid=7754 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=3 comm="dbus-daemon"
exe="/usr/bin/dbus-daemon"
subj=unconfined_u:unconfined_r:unconfined_t key=(null)
("arch=
c000003e syscall=233 a1=2" means "epoll_ctl(op=EPOLL_CTL_DEL)")
Remove use of epds in epoll_ctl when op == EPOLL_CTL_DEL.
Fixes: 4d7e30d98939 ("epoll: Add a flag, EPOLLWAKEUP, to prevent suspend while epoll events are ready")
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Patrick Palka [Tue, 9 Sep 2014 21:50:48 +0000 (14:50 -0700)]
kernel/printk/printk.c: fix faulty logic in the case of recursive printk
We shouldn't set text_len in the code path that detects printk recursion
because text_len corresponds to the length of the string inside textbuf.
A few lines down from the line
text_len = strlen(recursion_msg);
is the line
text_len += vscnprintf(text + text_len, ...);
So if printk detects recursion, it sets text_len to 29 (the length of
recursion_msg) and logs an error. Then the message supplied by the
caller of printk is stored inside textbuf but offset by 29 bytes. This
means that the output of the recursive call to printk will contain 29
bytes of garbage in front of it.
This defect is caused by commit
458df9fd4815 ("printk: remove separate
printk_sched buffers and use printk buf instead") which turned the line
text_len = vscnprintf(text, ...);
into
text_len += vscnprintf(text + text_len, ...);
To fix this, this patch avoids setting text_len when logging the printk
recursion error. This patch also marks unlikely() the branch leading up
to this code.
Fixes: 458df9fd4815b478 ("printk: remove separate printk_sched buffers and use printk buf instead")
Signed-off-by: Patrick Palka <patrick@parcs.ath.cx>
Reviewed-by: Petr Mladek <pmladek@suse.cz>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Xishi Qiu [Tue, 9 Sep 2014 21:50:46 +0000 (14:50 -0700)]
mem-hotplug: let memblock skip the hotpluggable memory regions in __next_mem_range()
Let memblock skip the hotpluggable memory regions in __next_mem_range(),
it is used to to prevent memblock from allocating hotpluggable memory
for the kernel at early time. The code is the same as __next_mem_range_rev().
Clear hotpluggable flag before releasing free pages to the buddy
allocator. If we don't clear hotpluggable flag in
free_low_memory_core_early(), the memory which marked hotpluggable flag
will not free to buddy allocator. Because __next_mem_range() will skip
them.
free_low_memory_core_early
for_each_free_mem_range
for_each_mem_range
__next_mem_range
[akpm@linux-foundation.org: fix warning]
Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Tang Chen <tangchen@cn.fujitsu.com>
Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
Cc: Wen Congyang <wency@cn.fujitsu.com>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 10 Sep 2014 21:04:17 +0000 (14:04 -0700)]
Merge branch 'for_linus' of git://git./linux/kernel/git/jack/linux-fs
Pull UDF fixes from Jan Kara:
"Fixes for UDF handling of NFS handles and one fix for proper handling
of corrupted media"
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
udf: saner calling conventions for udf_new_inode()
udf: fix the udf_iget() vs. udf_new_inode() races
udf: merge the pieces inserting a new non-directory object into directory
udf: Set i_generation field
udf: Properly detect stale inodes
udf: Make udf_read_inode() and udf_iget() return error
udf: Avoid infinite loop when processing indirect ICBs
udf: Fold udf_fill_inode() into __udf_read_inode()
udf: Avoid dir link count to go negative
John Sung [Tue, 9 Sep 2014 17:06:51 +0000 (10:06 -0700)]
Input: serport - add compat handling for SPIOCSTYPE ioctl
When running a 32-bit inputattach utility in a 64-bit system, there will be
error code "inputattach: can't set device type". This is caused by the
serport device driver not supporting compat_ioctl, so that SPIOCSTYPE ioctl
fails.
Cc: stable@vger.kernel.org
Signed-off-by: John Sung <penmount.touch@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Stephen Warren [Wed, 10 Sep 2014 17:01:10 +0000 (10:01 -0700)]
Input: atmel_mxt_ts - fix double free of input device
[Nick Dyer: reworked to move free of input device into separate function
and only call in paths that require it.]
Signed-off-by: Nick Dyer <nick.dyer@itdev.co.uk>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Ilya Dryomov [Tue, 9 Sep 2014 15:39:15 +0000 (19:39 +0400)]
libceph: do not hard code max auth ticket len
We hard code cephx auth ticket buffer size to 256 bytes. This isn't
enough for any moderate setups and, in case tickets themselves are not
encrypted, leads to buffer overflows (ceph_x_decrypt() errors out, but
ceph_decode_copy() doesn't - it's just a memcpy() wrapper). Since the
buffer is allocated dynamically anyway, allocated it a bit later, at
the point where we know how much is going to be needed.
Fixes: http://tracker.ceph.com/issues/8979
Cc: stable@vger.kernel.org
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Ilya Dryomov [Mon, 8 Sep 2014 13:25:34 +0000 (17:25 +0400)]
libceph: add process_one_ticket() helper
Add a helper for processing individual cephx auth tickets. Needed for
the next commit, which deals with allocating ticket buffers. (Most of
the diff here is whitespace - view with git diff -b).
Cc: stable@vger.kernel.org
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Sage Weil [Mon, 4 Aug 2014 14:01:54 +0000 (07:01 -0700)]
libceph: gracefully handle large reply messages from the mon
We preallocate a few of the message types we get back from the mon. If we
get a larger message than we are expecting, fall back to trying to allocate
a new one instead of blindly using the one we have.
CC: stable@vger.kernel.org
Signed-off-by: Sage Weil <sage@redhat.com>
Reviewed-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Stefan Bader [Tue, 2 Sep 2014 10:16:01 +0000 (11:16 +0100)]
x86/xen: don't copy bogus duplicate entries into kernel page tables
When RANDOMIZE_BASE (KASLR) is enabled; or the sum of all loaded
modules exceeds 512 MiB, then loading modules fails with a warning
(and hence a vmalloc allocation failure) because the PTEs for the
newly-allocated vmalloc address space are not zero.
WARNING: CPU: 0 PID: 494 at linux/mm/vmalloc.c:128
vmap_page_range_noflush+0x2a1/0x360()
This is caused by xen_setup_kernel_pagetables() copying
level2_kernel_pgt into level2_fixmap_pgt, overwriting many non-present
entries.
Without KASLR, the normal kernel image size only covers the first half
of level2_kernel_pgt and module space starts after that.
L4[511]->level3_kernel_pgt[510]->level2_kernel_pgt[ 0..255]->kernel
[256..511]->module
[511]->level2_fixmap_pgt[ 0..505]->module
This allows 512 MiB of of module vmalloc space to be used before
having to use the corrupted level2_fixmap_pgt entries.
With KASLR enabled, the kernel image uses the full PUD range of 1G and
module space starts in the level2_fixmap_pgt. So basically:
L4[511]->level3_kernel_pgt[510]->level2_kernel_pgt[0..511]->kernel
[511]->level2_fixmap_pgt[0..505]->module
And now no module vmalloc space can be used without using the corrupt
level2_fixmap_pgt entries.
Fix this by properly converting the level2_fixmap_pgt entries to MFNs,
and setting level1_fixmap_pgt as read-only.
A number of comments were also using the the wrong L3 offset for
level2_kernel_pgt. These have been corrected.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: stable@vger.kernel.org
Tomasz Figa [Tue, 26 Aug 2014 14:30:53 +0000 (16:30 +0200)]
MAINTAINERS: Tomasz has moved
I am leaving Samsung, so my current e-mail address is not going to work
any longer. Replace it with my private one. In addition, Sylwester
Nawrocki is being added as co-maintainer for Samsung clock drivers to
take some of the responsibilities, as I will be doing my part in my spare
time.
Signed-off-by: Tomasz Figa <t.figa@samsung.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Mathias Nyman [Mon, 11 Aug 2014 13:51:55 +0000 (16:51 +0300)]
pinctrl: baytrail: resolve unbalanced IRQ wake disable warning
Add the IRQCHIP_SKIP_SET_WAKE flag to baytrail gpio irq_chip
to resolve unbalaced IRQ wake disable warnings.
Suggested-by: Borun Fu <borun.fu@intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Wei Yongjun [Thu, 14 Aug 2014 03:49:52 +0000 (20:49 -0700)]
rbd: fix error return code in rbd_dev_device_setup()
Fix to return -ENOMEM from the workqueue alloc error handling
case instead of 0, as done elsewhere in this function.
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Ilya Dryomov [Tue, 12 Aug 2014 07:22:07 +0000 (11:22 +0400)]
rbd: avoid format-security warning inside alloc_workqueue()
drivers/block/rbd.c: In function ‘rbd_dev_device_setup’:
drivers/block/rbd.c:5090:19: warning: format not a string literal and no format arguments [-Wformat-security]
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Linus Torvalds [Wed, 10 Sep 2014 00:00:43 +0000 (17:00 -0700)]
Merge branch 'for-next-3.17' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs/smb3 fixes from Steve French:
"This includes various cifs and smb3 bug fixes including those for bugs
found with the recently updated xfstests.
Also I am working fixes for two additional cifs problems found by
xfstests which I plan to send later (when reviewed and run additional
tests)"
* 'for-next-3.17' of git://git.samba.org/sfrench/cifs-2.6:
Clarify Kconfig help text for CIFS and SMB2/SMB3
CIFS: Fix wrong filename length for SMB2
CIFS: Fix wrong restart readdir for SMB1
CIFS: Fix directory rename error
cifs: No need to send SIGKILL to demux_thread during umount
cifs: Allow directIO read/write during cache=strict
cifs: remove unneeded check of null checking in if condition
cifs: fix a possible use of uninit variable in SMB2_sess_setup
cifs: fix memory leak when password is supplied multiple times
cifs: fix a possible null pointer deref in decode_ascii_ssetup
Trivial whitespace fix
Dmitry Torokhov [Sat, 30 Aug 2014 20:51:06 +0000 (13:51 -0700)]
Input: synaptics - add support for ForcePads
ForcePads are found on HP EliteBook 1040 laptops. They lack any kind of
physical buttons, instead they generate primary button click when user
presses somewhat hard on the surface of the touchpad. Unfortunately they
also report primary button click whenever there are 2 or more contacts
on the pad, messing up all multi-finger gestures (2-finger scrolling,
multi-finger tapping, etc). To cope with this behavior we introduce a
delay (currently 50 msecs) in reporting primary press in case more
contacts appear.
Cc: stable@vger.kernel.org
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Lothar Waßmann [Tue, 9 Sep 2014 21:41:16 +0000 (14:41 -0700)]
Input: matrix_keypad - use request_any_context_irq()
When trying to use the matrix-keypad driver with GPIO drivers that
require nested irq handlers (e.g. I2C GPIO adapters like PCA9554),
request_irq() fails because the GPIO driver requires a threaded
interrupt handler.
Use request_any_context_irq() to be able to use any GPIO driver as
keypad driver.
Signed-off-by: Lothar Waßmann <LW@KARO-electronics.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Nick Dyer [Tue, 9 Sep 2014 18:24:21 +0000 (11:24 -0700)]
Input: atmel_mxt_ts - downgrade warning about empty interrupts
In the case where the CHG/interrupt line mode is not configured correctly,
this warning is output to dmesg output for each interrupt. Downgrade the
message to debug.
Signed-off-by: Nick Dyer <nick.dyer@itdev.co.uk>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Masanari Iida [Tue, 9 Sep 2014 18:23:10 +0000 (11:23 -0700)]
Input: wm971x - fix typo in module parameter description
Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Linus Torvalds [Tue, 9 Sep 2014 17:33:52 +0000 (10:33 -0700)]
Merge tag 'microblaze-3.17-rc5' of git://git.monstr.eu/linux-2.6-microblaze
Pull arch/microblaze fixes from Michal Simek:
- Kconfig menu structure fix
- fix number of syscalls
- fix compilation warnings from allmodconfig
* tag 'microblaze-3.17-rc5' of git://git.monstr.eu/linux-2.6-microblaze:
microblaze: Fix number of syscalls
microblaze: Rename Advance setup to Kernel features
microblaze: Add mm/Kconfig to advance menu
arch/microblaze/include/asm/uaccess.h: Use pr_devel() instead of pr_debug()
arch/microblaze/include/asm/entry.h: Include "linux/linkage.h" to avoid compiling issue
Fu Zhonghui [Tue, 9 Sep 2014 14:30:06 +0000 (16:30 +0200)]
ACPI / LPSS: complete PM entries for LPSS power domain
PM entries of LPSS power domain were not implemented correctly
in commit
c78b0830667a "ACPI / LPSS: custom power domain for LPSS".
This patch fixes and completes these PM entries.
Fixes: c78b0830667a (ACPI / LPSS: custom power domain for LPSS)
Signed-off-by: Li Aubrey <aubrey.li@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Fu Zhonghui <zhonghui.fu@linux.intel.com>
Cc: 3.16+ <stable@vger.kernel.org> # 3.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Bjørn Mork [Tue, 9 Sep 2014 08:45:18 +0000 (10:45 +0200)]
Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged"
This reverts commit
232de5143790 ("ACPI / battery: fix wrong value of
capacity_now reported when fully charged")
There is nothing wrong or unexpected about 'capacity_now' increasing above
the last 'full_charge_capacity' value. Different charging cycles will cause
'full_charge_capacity' to vary, both up and down. Good battery firmwares
will update 'full_charge_capacity' when the current charging cycle is
complete, increasing it if necessary. It might even go above
'design_capacity' on a fresh and healthy battery.
Capping 'capacity_now' to 'full_charge_capacity' is plain wrong, and
printing a warning if this doesn't happen to match the 'design_capacity'
is both annoying and terribly wrong.
This results in bogus warnings on perfectly working systems/firmwares:
[Firmware Bug]: battery: reported current charge level (39800) is higher than reported maximum charge level (39800).
and wrong values being reported for 'capacity_now' and
'full_charge_capacity' after the warning has been triggered.
Fixes: 232de5143790 ("ACPI / battery: fix wrong value of capacity_now reported when fully charged")
Cc: 3.16+ <stable@vger.kernel.org> # 3.16+
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Bjørn Mork [Tue, 9 Sep 2014 08:45:17 +0000 (10:45 +0200)]
Revert "ACPI / battery: Fix warning message in acpi_battery_get_state()"
This reverts commit
d719870b41e0 ("ACPI / battery: Fix warning message in
acpi_battery_get_state()")
Capping 'capacity_now' to 'full_charge_capacity' is plain wrong. If this
is necessary to work around some buggy firmware, then the workaround needs
protection against being applied to working firmwares.
Good battery firmwares will allow 'capacity_now' to increase above
'full_charge_capacity', and will update the latter when the battery
is fully charged. By capping 'capacity_now' we lose accurate capacity
reporting until charging is complete whenever 'full_charge_capacity'
needs to be increased.
Fixes: d719870b41e0 ("ACPI / battery: Fix warning message in acpi_battery_get_state()")
Cc: 3.16+ <stable@vger.kernel.org> # 3.16+
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Michal Simek [Tue, 9 Sep 2014 11:11:43 +0000 (13:11 +0200)]
microblaze: Fix number of syscalls
Number of syscalls have to be updated too.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Michal Simek [Mon, 1 Sep 2014 14:23:54 +0000 (16:23 +0200)]
microblaze: Rename Advance setup to Kernel features
"Advance setup: menu is misleading that's why rename it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Michal Simek [Mon, 1 Sep 2014 14:23:14 +0000 (16:23 +0200)]
microblaze: Add mm/Kconfig to advance menu
mm/Kconfig is getting too big to be in root menu.
Move it to submenu.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Chen Gang [Tue, 5 Aug 2014 16:25:52 +0000 (00:25 +0800)]
arch/microblaze/include/asm/uaccess.h: Use pr_devel() instead of pr_debug()
When DYNAMIC_DEBUG enabled, pr_debug() depends on KBUILD_MODNAME which
also depends on the modules number in Makefile. The related information
in "scripts/Makefile.lib" line 94:
# $(modname_flags) #defines KBUILD_MODNAME as the name of the module it will
# end up in (or would, if it gets compiled in)
# Note: Files that end up in two or more modules are compiled without the
# KBUILD_MODNAME definition. The reason is that any made-up name would
# differ in different configs.
For this case, 'radio-si470x-i2c.o' and 'radio-si470x-common.o' are in
one line, so cause compiling issue. And 'uaccess.h' is a common shared
header (not specially for drivers), so use pr_devel() instead of is OK.
The related error with allmodconfig:
CC [M] drivers/media/radio/si470x/radio-si470x-i2c.o
CC [M] drivers/media/radio/si470x/radio-si470x-common.o
In file included from include/linux/printk.h:257:0,
from include/linux/kernel.h:13,
from drivers/media/radio/si470x/radio-si470x.h:29,
from drivers/media/radio/si470x/radio-si470x-common.c:115:
./arch/microblaze/include/asm/uaccess.h: In function 'access_ok':
include/linux/dynamic_debug.h:66:14: error: 'KBUILD_MODNAME' undeclared (first use in this function)
.modname = KBUILD_MODNAME, \
^
include/linux/dynamic_debug.h:76:2: note: in expansion of macro 'DEFINE_DYNAMIC_DEBUG_METADATA'
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, fmt); \
^
include/linux/printk.h:263:2: note: in expansion of macro 'dynamic_pr_debug'
dynamic_pr_debug(fmt, ##__VA_ARGS__)
^
./arch/microblaze/include/asm/uaccess.h:101:3: note: in expansion of macro 'pr_debug'
pr_debug("ACCESS fail: %s at 0x%08x (size 0x%x), seg 0x%08x\n",
^
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Chen Gang [Wed, 6 Aug 2014 13:32:53 +0000 (21:32 +0800)]
arch/microblaze/include/asm/entry.h: Include "linux/linkage.h" to avoid compiling issue
"entry.h" needs 'asmlinkage', and "asm/linkage.h" does not provide it.
So need include "linux/linkage.h" to use generic one instead of.
The related error (with allmodconfig under microblaze):
CC [M] drivers/net/ethernet/emulex/benet/be_main.o
In file included from ./arch/microblaze/include/asm/processor.h:17:0,
from include/linux/prefetch.h:14,
from drivers/net/ethernet/emulex/benet/be_main.c:18:
./arch/microblaze/include/asm/entry.h:33:19: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'void'
extern asmlinkage void do_notify_resume(struct pt_regs *regs, int in_syscall);
^
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Pranith Kumar [Mon, 1 Sep 2014 18:23:07 +0000 (14:23 -0400)]
powerpc: Wire up sys_seccomp(), sys_getrandom() and sys_memfd_create()
This patch wires up three new syscalls for powerpc. The three
new syscalls are seccomp, getrandom and memfd_create.
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Cyril Bur [Fri, 5 Sep 2014 01:16:43 +0000 (11:16 +1000)]
powerpc: Make CONFIG_FHANDLE=y for all 64 bit powerpc defconfigs
CONFIG_FHANDLE is a requirement for systemd and with the increasing
uptake of systemd within distros it makes sense for 64 bit defconfigs
to include it.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Li Zhong [Tue, 12 Aug 2014 09:17:04 +0000 (17:17 +0800)]
powerpc: use machine_subsys_initcall() for opal_hmi_handler_init()
As opal_message_init() uses machine_early_initcall(powernv, ), and
opal_hmi_handler_init() depends on that early initcall, so it also needs
use machine_* to check the machine_id.
Signed-off-by: Li Zhong <zhong@linux.vnet.ibm.com>
Anton Blanchard [Tue, 26 Aug 2014 02:44:15 +0000 (12:44 +1000)]
powerpc/perf: Fix ABIv2 kernel backtraces
ABIv2 kernels are failing to backtrace through the kernel. An example:
39.30% readseek2_proce [kernel.kallsyms] [k] find_get_entry
|
--- find_get_entry
__GI___libc_read
The problem is in valid_next_sp() where we check that the new stack
pointer is at least STACK_FRAME_OVERHEAD below the previous one.
ABIv1 has a minimum stack frame size of 112 bytes consisting of 48 bytes
and 64 bytes of parameter save area. ABIv2 changes that to 32 bytes
with no paramter save area.
STACK_FRAME_OVERHEAD is in theory the minimum stack frame size,
but we over 240 uses of it, some of which assume that it includes
space for the parameter area.
We need to work through all our stack defines and rationalise them
but let's fix perf now by creating STACK_FRAME_MIN_SIZE and using
in valid_next_sp(). This fixes the issue:
30.64% readseek2_proce [kernel.kallsyms] [k] find_get_entry
|
--- find_get_entry
pagecache_get_page
generic_file_read_iter
new_sync_read
vfs_read
sys_read
syscall_exit
__GI___libc_read
Cc: stable@vger.kernel.org # 3.16+
Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Thomas Falcon [Tue, 19 Aug 2014 20:44:57 +0000 (15:44 -0500)]
powerpc/pseries: Fix endian issues in memory hotplug
Values acquired from Open Firmware are in 32-bit big endian format
and need to be handled on little endian architectures. This patch
ensures values are in cpu endian when hotplugging memory.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Linus Torvalds [Mon, 8 Sep 2014 22:51:01 +0000 (15:51 -0700)]
Merge branch 'for_linus_urgent' of git://git./linux/kernel/git/tytso/ext4
Pull ext4 bugfix from Ted Ts'o.
[ Hmm. It's possible we should make kfree() aware of error pointers,
and use IS_ERR_OR_NULL rather than a NULL check. But in the meantime
this is obviously the right fix. - Linus ]
* 'for_linus_urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: avoid trying to kfree an ERR_PTR pointer
Linus Torvalds [Mon, 8 Sep 2014 22:18:06 +0000 (15:18 -0700)]
Merge branch 'for-3.17' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfixes from Bruce Fields:
"A couple minor nfsd bugfixes"
* 'for-3.17' of git://linux-nfs.org/~bfields/linux:
lockd: fix rpcbind crash on lockd startup failure
nfsd4: fix rd_dircount enforcement
Klaus Goger [Mon, 8 Sep 2014 21:45:30 +0000 (14:45 -0700)]
Input: cap1106 - fix register definition
Use the correct register address for Calibration Active and Interrupt
Enable.
Signed-off-by: Klaus Goger <klaus.goger@theobroma-systems.com>
Acked-by: Daniel Mack <zonque@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Hans de Goede [Mon, 8 Sep 2014 21:44:05 +0000 (14:44 -0700)]
Input: add missing POINTER / DIRECT properties to a bunch of drivers
I've not done a full audit of all mouse drivers, I noticed these ones were
missing the POINTER property while working on the POINTING_STICK property.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Hans de Goede [Mon, 8 Sep 2014 21:42:12 +0000 (14:42 -0700)]
Input: add INPUT_PROP_POINTING_STICK property
It is useful for userspace to know that there not dealing with a regular
mouse but rather with a pointing stick (e.g. a trackpoint) so that
userspace can e.g. automatically enable middle button scrollwheel
emulation.
It is impossible to tell the difference from the evdev info without
resorting to putting a list of device / driver names in userspace, this is
undesirable.
Add a property which allows userspace to see if a device is a pointing
stick, and set it on all the pointing stick drivers.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Hans de Goede [Mon, 8 Sep 2014 21:39:52 +0000 (14:39 -0700)]
Input: elantech - fix detection of touchpad on ASUS s301l
Adjust Elantech signature validation to account fo rnewer models of
touchpads.
Cc: stable@vger.kernel.org
Reported-and-tested-by: Màrius Monton <marius.monton@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
J. Bruce Fields [Fri, 29 Aug 2014 20:25:50 +0000 (16:25 -0400)]
lockd: fix rpcbind crash on lockd startup failure
Nikita Yuschenko reported that booting a kernel with init=/bin/sh and
then nfs mounting without portmap or rpcbind running using a busybox
mount resulted in:
# mount -t nfs 10.30.130.21:/opt /mnt
svc: failed to register lockdv1 RPC service (errno 111).
lockd_up: makesock failed, error=-111
Unable to handle kernel paging request for data at address 0x00000030
Faulting instruction address: 0xc055e65c
Oops: Kernel access of bad area, sig: 11 [#1]
MPC85xx CDS
Modules linked in:
CPU: 0 PID: 1338 Comm: mount Not tainted 3.10.44.cge #117
task:
cf29cea0 ti:
cf35c000 task.ti:
cf35c000
NIP:
c055e65c LR:
c0566490 CTR:
c055e648
REGS:
cf35dad0 TRAP: 0300 Not tainted (3.10.44.cge)
MSR:
00029000 <CE,EE,ME> CR:
22442488 XER:
20000000
DEAR:
00000030, ESR:
00000000
GPR00:
c05606f4 cf35db80 cf29cea0 cf0ded80 cf0dedb8 00000001 1dec3086
00000000
GPR08:
00000000 c07b1640 00000007 1dec3086 22442482 100b9758 00000000
10090ae8
GPR16:
00000000 000186a5 00000000 00000000 100c3018 bfa46edc 100b0000
bfa46ef0
GPR24:
cf386ae0 c07834f0 00000000 c0565f88 00000001 cf0dedb8 00000000
cf0ded80
NIP [
c055e65c] call_start+0x14/0x34
LR [
c0566490] __rpc_execute+0x70/0x250
Call Trace:
[
cf35db80] [
00000080] 0x80 (unreliable)
[
cf35dbb0] [
c05606f4] rpc_run_task+0x9c/0xc4
[
cf35dbc0] [
c0560840] rpc_call_sync+0x50/0xb8
[
cf35dbf0] [
c056ee90] rpcb_register_call+0x54/0x84
[
cf35dc10] [
c056f24c] rpcb_register+0xf8/0x10c
[
cf35dc70] [
c0569e18] svc_unregister.isra.23+0x100/0x108
[
cf35dc90] [
c0569e38] svc_rpcb_cleanup+0x18/0x30
[
cf35dca0] [
c0198c5c] lockd_up+0x1dc/0x2e0
[
cf35dcd0] [
c0195348] nlmclnt_init+0x2c/0xc8
[
cf35dcf0] [
c015bb5c] nfs_start_lockd+0x98/0xec
[
cf35dd20] [
c015ce6c] nfs_create_server+0x1e8/0x3f4
[
cf35dd90] [
c0171590] nfs3_create_server+0x10/0x44
[
cf35dda0] [
c016528c] nfs_try_mount+0x158/0x1e4
[
cf35de20] [
c01670d0] nfs_fs_mount+0x434/0x8c8
[
cf35de70] [
c00cd3bc] mount_fs+0x20/0xbc
[
cf35de90] [
c00e4f88] vfs_kern_mount+0x50/0x104
[
cf35dec0] [
c00e6e0c] do_mount+0x1d0/0x8e0
[
cf35df10] [
c00e75ac] SyS_mount+0x90/0xd0
[
cf35df40] [
c000ccf4] ret_from_syscall+0x0/0x3c
The addition of svc_shutdown_net() resulted in two calls to
svc_rpcb_cleanup(); the second is no longer necessary and crashes when
it calls rpcb_register_call with clnt=NULL.
Reported-by: Nikita Yushchenko <nyushchenko@dev.rtsoft.ru>
Fixes: 679b033df484 "lockd: ensure we tear down any live sockets when socket creation fails during lockd_up"
Cc: stable@vger.kernel.org
Acked-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
J. Bruce Fields [Wed, 20 Aug 2014 18:49:50 +0000 (14:49 -0400)]
nfsd4: fix rd_dircount enforcement
Commit
3b299709091b "nfsd4: enforce rd_dircount" totally misunderstood
rd_dircount; it refers to total non-attribute bytes returned, not number
of directory entries returned.
Bring the code into agreement with RFC 3530 section 14.2.24.
Cc: stable@vger.kernel.org
Fixes: 3b299709091b "nfsd4: enforce rd_dircount"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Linus Torvalds [Mon, 8 Sep 2014 15:27:00 +0000 (08:27 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
"A bug fix for the vdso code, the loadparm for booting from SCSI is
added and the access permissions for the dasd module parameters are
corrected"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/vdso: remove NULL pointer check from clock_gettime
s390/ipl: Add missing SCSI loadparm attributes to /sys/firmware
s390/dasd: Make module parameter visible in sysfs
Lee, Chun-Yi [Thu, 4 Sep 2014 07:13:39 +0000 (15:13 +0800)]
ACPI / RTC: Fix CMOS RTC opregion handler accesses to wrong addresses
The value64 parameter is an u64 point that used to transfer the value
for write to CMOS, or used to return the value that's read from CMOS.
The value64 is an u64 point, so don't need get address again. It causes
acpi_cmos_rtc_space_handler always return 0 to reader and didn't write
expected value to CMOS.
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
Cc: 3.11+ <stable@vger.kernel.org> # 3.11+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Mon, 8 Sep 2014 03:20:16 +0000 (20:20 -0700)]
Merge branch 'for-3.17-fixes' of git://git./linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
"This pull request includes Alban's patch to disallow '\n' in cgroup
names.
Two other patches from Li to fix a possible oops when cgroup
destruction races against other file operations and one from Vivek to
fix a unified hierarchy devel behavior"
* 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: check cgroup liveliness before unbreaking kernfs
cgroup: delay the clearing of cgrp->kn->priv
cgroup: Display legacy cgroup files on default hierarchy
cgroup: reject cgroup names with '\n'
Linus Torvalds [Mon, 8 Sep 2014 03:10:06 +0000 (20:10 -0700)]
Merge branch 'for-3.17-fixes' of git://git./linux/kernel/git/tj/percpu
Pull percpu fixes from Tejun Heo:
"One patch to fix a failure path in the alloc path. The bug is
dangerous but probably not too likely to actually trigger in the wild
given that there hasn't been any report yet.
The other two are low impact fixes"
* 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
percpu: free percpu allocation info for uniprocessor system
percpu: perform tlb flush after pcpu_map_pages() failure
percpu: fix pcpu_alloc_pages() failure path
Linus Torvalds [Mon, 8 Sep 2014 03:06:44 +0000 (20:06 -0700)]
Merge branch 'for-3.17-fixes' of git://git./linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
"Two patches are to add PCI IDs for ICH9 and all others are device
specific fixes. Nothing too interesting"
* 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
ahci_xgene: Fix the link down in first attempt for the APM X-Gene SoC AHCI SATA host controller driver.
ahci_xgene: Skip the PHY and clock initialization if already configured by the firmware.
ahci: add pcid for Marvel 0x9182 controller
ata: Disabling the async PM for JMicron chip 363/361
ata_piix: Add Device IDs for Intel 9 Series PCH
ahci: Add Device IDs for Intel 9 Series PCH
ata: ahci_tegra: Read calibration fuse
Linus Torvalds [Mon, 8 Sep 2014 02:56:38 +0000 (19:56 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix skb leak in mac802154, from Martin Townsend
2) Use select not depends on NF_NAT for NFT_NAT, from Pablo Neira
Ayuso
3) Fix union initializer bogosity in vxlan, from Gerhard Stenzel
4) Fix RX checksum configuration in stmmac driver, from Giuseppe
CAVALLARO
5) Fix TSO with non-accelerated VLANs in e1000, e1000e, bna, ehea,
i40e, i40evf, mvneta, and qlge, from Vlad Yasevich
6) Fix capability checks in phy_init_eee(), from Giuseppe CAVALLARO
7) Try high order allocations more sanely for SKBs, specifically if a
high order allocation fails, fall back directly to zero order pages
rather than iterating down one order at a time. From Eric Dumazet
8) Fix a memory leak in openvswitch, from Li RongQing
9) amd-xgbe initializes wrong spinlock, from Thomas Lendacky
10) RTNL locking was busted in setsockopt for anycast and multicast, fix
from Sabrina Dubroca
11) Fix peer address refcount leak in ipv6, from Nicolas Dichtel
12) DocBook typo fixes, from Masanari Iida
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (101 commits)
ipv6: restore the behavior of ipv6_sock_ac_drop()
amd-xgbe: Enable interrupts for all management counters
amd-xgbe: Treat certain counter registers as 64 bit
greth: moved TX ring cleaning to NAPI rx poll func
cnic : Cleanup CONFIG_IPV6 & VLAN check
net: treewide: Fix typo found in DocBook/networking.xml
bnx2x: Fix link problems for 1G SFP RJ45 module
3c59x: avoid panic in boomerang_start_xmit when finding page address:
netfilter: add explicit Kconfig for NETFILTER_XT_NAT
ipv6: use addrconf_get_prefix_route() to remove peer addr
ipv6: fix a refcnt leak with peer addr
net-timestamp: only report sw timestamp if reporting bit is set
drivers/net/fddi/skfp/h/skfbi.h: Remove useless PCI_BASE_2ND macros
l2tp: fix race while getting PMTU on PPP pseudo-wire
ipv6: fix rtnl locking in setsockopt for anycast and multicast
VMXNET3: Check for map error in vmxnet3_set_mc
openvswitch: distinguish between the dropped and consumed skb
amd-xgbe: Fix initialization of the wrong spin lock
openvswitch: fix a memory leak
netfilter: fix missing dependencies in NETFILTER_XT_TARGET_LOG
...
David S. Miller [Sun, 7 Sep 2014 23:11:10 +0000 (16:11 -0700)]
Merge tag 'master-2014-09-04' of git://git./linux/kernel/git/linville/wireless
John W. Linville says:
====================
pull request: wireless 2014-09-05
Please pull this batch of fixes intended for the 3.17 stream...
For the mac80211 bits, Johannes says:
"Here are a few fixes for mac80211. One has been discussed for a while
and adds a terminating NUL-byte to the alpha2 sent to userspace, which
shouldn't be necessary but since many places treat it as a string we
couldn't move to just sending two bytes.
In addition to that, we have two VLAN fixes from Felix, a mesh fix, a
fix for the recently introduced RX aggregation offload, a revert for
a broken patch (that luckily didn't really cause any harm) and a small
fix for alignment in debugfs."
For the iwlwifi bits, Emmanuel says:
"I revert a patch that disabled CTS to self in dvm because users
reported issues. The revert is CCed to stable since the offending
patch was sent to stable too. I also bump the firmware API versions
since a new firmware is coming up. On top of that, Marcel fixes a
bug I introduced while fixing a bug in our Kconfig file."
Please let me know if there are problems!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
WANG Cong [Fri, 5 Sep 2014 21:33:00 +0000 (14:33 -0700)]
ipv6: restore the behavior of ipv6_sock_ac_drop()
It is possible that the interface is already gone after joining
the list of anycast on this interface as we don't hold a refcount
for the device, in this case we are safe to ignore the error.
What's more important, for API compatibility we should not
change this behavior for applications even if it were correct.
Fixes: commit a9ed4a2986e13011 ("ipv6: fix rtnl locking in setsockopt for anycast and multicast")
Cc: Sabrina Dubroca <sd@queasysnail.net>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 7 Sep 2014 23:09:43 +0000 (16:09 -0700)]
Linux 3.17-rc4
Sudip Mukherjee [Sun, 7 Sep 2014 18:26:12 +0000 (11:26 -0700)]
Documentation: new page link in SubmittingPatches
new link for - How to piss off a Linux kernel subsystem maintainer
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Paul Bolle [Sun, 7 Sep 2014 18:25:55 +0000 (11:25 -0700)]
Documentation: NFS/RDMA: Document separate Kconfig symbols
The NFS/RDMA Kconfig symbol was split into separate options for client
and server in commit
2e8c12e1b765 ("xprtrdma: add separate Kconfig
options for NFSoRDMA client and server support").
Update the documentation to reflect this split.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: "J. Bruce Fields" <bfields@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Masanari Iida [Sun, 7 Sep 2014 18:25:45 +0000 (11:25 -0700)]
Documentation: misc-devices: Rename freefall.c from hpfall.c in lis2lv02d
hpfall.c was renamed to freefall.c in 3.16, but this file still refer to
hpfall.c instead of freefall.c
Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jose Manuel Alarcon Roldan [Sun, 7 Sep 2014 18:25:00 +0000 (11:25 -0700)]
Documentation: i2c: rename variable "register" to "reg"
The example code provided with the i2c device interface documentation
won't compile since it uses the reserved word "register" to name a
variable.
The compiler fails with this error message:
error: expected identifier or '(' before '=' token
__u8 register = 0x20; /* Device register to access */
^
Rename the variable "register" to simply "reg" in the example code.
Another couple of typos has been fixed as well.
[Change "! =" to "!=".]
Signed-off-by: Jose Alarcon Roldan <jose.alarcon.roldan@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rob Jones [Sun, 7 Sep 2014 18:24:40 +0000 (11:24 -0700)]
Documentation: seq_file: Document seq_open_private(), seq_release_private()
Despite the fact that these functions have been around for years, they
are little used (only 15 uses in 13 files at the preseht time) even
though many other files use work-arounds to achieve the same result.
By documenting them, hopefully they will become more widely used.
Signed-off-by: Rob Jones <rob.jones@codethink.co.uk>
Acked-by: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Anand Moon [Fri, 5 Sep 2014 03:08:30 +0000 (08:38 +0530)]
cpufreq / OPP: Fix the order of arguments for kcalloc()
These changes fix the argument to the kcalloc
@n: number of elements.
@size: element size.
@flags: the type of memory to allocate (see kmalloc).
void *kcalloc(size_t n, size_t size, gfp_t flags)
Fixes: 3c5445ce3a0c (cpufreq: OPP: Avoid sleeping while atomic)
Signed-off-by: Anand Moon <moon.linux@yahoo.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Sun, 7 Sep 2014 18:57:27 +0000 (11:57 -0700)]
Merge tag 'pm+acpi-3.17-rc4' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
"These are regression fixes (ACPI sysfs, ACPI video, suspend test),
ACPI cpuidle deadlock fix, missing runtime validation of ACPI _DSD
output, a fix and a new CPU ID for the RAPL driver, new blacklist
entry for the ACPI EC driver and a couple of trivial cleanups
(intel_pstate and generic PM domains).
Specifics:
- Fix for recently broken test_suspend= command line argument (Rafael
Wysocki).
- Fixes for regressions related to the ACPI video driver caused by
switching the default to native backlight handling in 3.16 from
Hans de Goede.
- Fix for a sysfs attribute of ACPI device objects that returns stale
values sometimes due to the fact that they are cached instead of
executing the appropriate method (_SUN) every time (broken in
3.14). From Yasuaki Ishimatsu.
- Fix for a deadlock between cpuidle_lock and cpu_hotplug.lock in the
ACPI processor driver from Jiri Kosina.
- Runtime output validation for the ACPI _DSD device configuration
object missing from the support for it that has been introduced
recently. From Mika Westerberg.
- Fix for an unuseful and misleading RAPL (Running Average Power
Limit) domain detection message in the RAPL driver from Jacob Pan.
- New Intel Haswell CPU ID for the RAPL driver from Jason Baron.
- New Clevo W350etq blacklist entry for the ACPI EC driver from Lan
Tianyu.
- Cleanup for the intel_pstate driver and the core generic PM domains
code from Gabriele Mazzotta and Geert Uytterhoeven"
* tag 'pm+acpi-3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / cpuidle: fix deadlock between cpuidle_lock and cpu_hotplug.lock
ACPI / scan: not cache _SUN value in struct acpi_device_pnp
cpufreq: intel_pstate: Remove unneeded variable
powercap / RAPL: change domain detection message
powercap / RAPL: add support for CPU model 0x3f
PM / domains: Make generic_pm_domain.name const
PM / sleep: Fix test_suspend= command line option
ACPI / EC: Add msi quirk for Clevo W350etq
ACPI / video: Disable native_backlight on HP ENVY 15 Notebook PC
ACPI / video: Add a disable_native_backlight quirk
ACPI / video: Fix use_native_backlight selection logic
ACPICA: ACPI 5.1: Add support for runtime validation of _DSD package.
Linus Torvalds [Sun, 7 Sep 2014 17:59:58 +0000 (10:59 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull filesystem fixes from Al Viro:
"Several bugfixes (all of them -stable fodder).
Alexey's one deals with double mutex_lock() in UFS (apparently, nobody
has tried to test "ufs: sb mutex merge + mutex_destroy" on something
like file creation/removal on ufs). Mine deal with two kinds of
umount bugs, in umount propagation and in handling of automounted
submounts, both resulting in bogus transient EBUSY from umount"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
ufs: fix deadlocks introduced by sb mutex merge
fix EBUSY on umount() from MNT_SHRINKABLE
get rid of propagate_umount() mistakenly treating slaves as busy.
Linus Torvalds [Sun, 7 Sep 2014 17:51:42 +0000 (10:51 -0700)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull RCU fix from Ingo Molnar:
"A boot hang fix for the offloaded callback RCU model (RCU_NOCB_CPU=y
&& (TREE_CPU=y || TREE_PREEMPT_RC)) in certain bootup scenarios"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
rcu: Make nocb leader kthreads process pending callbacks after spawning
Linus Torvalds [Sun, 7 Sep 2014 17:37:48 +0000 (10:37 -0700)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull timer fixes from Thomas Gleixner:
"Three fixlets from the timer departement:
- Update the timekeeper before updating vsyscall and pvclock. This
fixes the kvm-clock regression reported by Chris and Paolo.
- Use the proper irq work interface from NMI. This fixes the
regression reported by Catalin and Dave.
- Clarify the compat_nanosleep error handling mechanism to avoid
future confusion"
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
timekeeping: Update timekeeper before updating vsyscall and pvclock
compat: nanosleep: Clarify error handling
nohz: Restore NMI safe local irq work for local nohz kick
Alexey Khoroshilov [Tue, 2 Sep 2014 07:40:17 +0000 (11:40 +0400)]
ufs: fix deadlocks introduced by sb mutex merge
Commit
0244756edc4b ("ufs: sb mutex merge + mutex_destroy") introduces
deadlocks in ufs_new_inode() and ufs_free_inode().
Most callers of that functions acqure the mutex by themselves and
ufs_{new,free}_inode() do that via lock_ufs(),
i.e we have an unavoidable double lock.
The patch proposes to resolve the issue by making sure that
ufs_{new,free}_inode() are not called with the mutex held.
Found by Linux Driver Verification project (linuxtesting.org).
Cc: stable@vger.kernel.org # 3.16
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Linus Torvalds [Sat, 6 Sep 2014 23:42:12 +0000 (16:42 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"A smattering of bug fixes across most architectures"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
powerpc/kvm/cma: Fix panic introduces by signed shift operation
KVM: s390/mm: Fix guest storage key corruption in ptep_set_access_flags
KVM: s390/mm: Fix storage key corruption during swapping
arm/arm64: KVM: Complete WFI/WFE instructions
ARM/ARM64: KVM: Nuke Hyp-mode tlbs before enabling MMU
KVM: s390/mm: try a cow on read only pages for key ops
KVM: s390: Fix user triggerable bug in dead code
Linus Torvalds [Sat, 6 Sep 2014 19:37:43 +0000 (12:37 -0700)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Kevin Hilman:
"Another round of fixes from arm-soc land, which are mostly DT fixes
for:
- OMAP: handful of DT fixes devices on newly supported hardware
- davinci: fix 2nd EDMA channel
- ux500: extend previous pinctrl fix to another board
- at91: clock registration fixes, compatibility string precision
And one more fix for event cleanup in drivers/bus/arm-ccn"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
bus: arm-ccn: Move event cleanup routine
ARM: at91/dt: rm9200: fix usb clock definition
ARM: at91: rm9200: fix clock registration
ARM: at91/dt: sam9g20: set at91sam9g20 pllb driver
ARM: dts: dra7-evm: Add vtt regulator support
ARM: dts: dra7-evm: Fix spi1 mux documentation
ARM: dts: am43x-epos-evm: Disable QSPI to prevent conflict with GPMC-NAND
ARM: OMAP2+: gpmc: Don't complain if wait pin is used without r/w monitoring
ARM: dts: am43xx-epos-evm: Don't use read/write wait monitoring
ARM: dts: am437x-gp-evm: Don't use read/write wait monitoring
ARM: dts: am437x-gp-evm: Use BCH16 ECC scheme instead of BCH8
ARM: dts: am43x-epos-evm: Use BCH16 ECC scheme instead of BCH8
ARM: dts: am4372: fix USB regs size
ARM: dts: am437x-gp: switch i2c0 to 100KHz
ARM: dts: dra7-evm: Fix 8th NAND partition's name
ARM: dts: dra7-evm: Fix i2c3 pinmux and frequency
ARM: ux500: disable msp2 node on Snowball
ARM: edma: Fix configuration parsing for SoCs with multiple eDMA3 CC
ARM: dts: set 'ti,set-rate-parent' for dpll4_m5x2 clock
Linus Torvalds [Sat, 6 Sep 2014 19:13:17 +0000 (12:13 -0700)]
Merge tag 'xfs-for-linus-3.17-rc3' of git://git./linux/kernel/git/dgc/linux-xfs
Pull xfs fixes from Dave Chinner:
"The fixes all address recently discovered data corruption issues.
The original Direct IO issue was discovered by Chris Mason @ Facebook
on a production workload which mixed buffered reads with direct reads
and writes IO to the same file. The fix for that exposed other issues
with page invalidation (exposed by millions of fsx operations) failing
due to dirty buffers beyond EOF.
Finally, the collapse_range code could also cause problems due to
racing writeback changing the extent map while it was being shifted
around. The commits for that problem are simple mitigation fixes that
prevent the problem from occuring. A more robust fix for 3.18 that
addresses the underlying problem is currently being worked on by
Brian.
Summary of fixes:
- a direct IO read/buffered read data corruption
- the associated fallout from the DIO data corruption fix
- collapse range bugs that are potential data corruption issues"
* tag 'xfs-for-linus-3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs:
xfs: trim eofblocks before collapse range
xfs: xfs_file_collapse_range is delalloc challenged
xfs: don't log inode unless extent shift makes extent modifications
xfs: use ranged writeback and invalidation for direct IO
xfs: don't zero partial page cache pages during O_DIRECT writes
xfs: don't zero partial page cache pages during O_DIRECT writes
xfs: don't dirty buffers beyond EOF
Linus Torvalds [Sat, 6 Sep 2014 19:12:09 +0000 (12:12 -0700)]
Merge tag 'for-linus-
20140905' of git://git.infradead.org/linux-mtd
Pull mtd fixes from Brian Norris:
"Two trivial MTD updates for 3.17-rc4:
- a tiny comment tweak, to kill a bunch of DocBook warnings added
during the merge window
- a small fixup to the OTP routines' error handling"
* tag 'for-linus-
20140905' of git://git.infradead.org/linux-mtd:
mtd: nand: fix DocBook warnings on nand_sdr_timings doc
mtd: cfi_cmdset_0002: check return code for get_chip()
Thomas Gleixner [Sat, 6 Sep 2014 10:24:49 +0000 (12:24 +0200)]
timekeeping: Update timekeeper before updating vsyscall and pvclock
The update_walltime() code works on the shadow timekeeper to make the
seqcount protected region as short as possible. But that update to the
shadow timekeeper does not update all timekeeper fields because it's
sufficient to do that once before it becomes life. One of these fields
is tkr.base_mono. That stays stale in the shadow timekeeper unless an
operation happens which copies the real timekeeper to the shadow.
The update function is called after the update calls to vsyscall and
pvclock. While not correct, it did not cause any problems because none
of the invoked update functions used base_mono.
commit
cbcf2dd3b3d4 (x86: kvm: Make kvm_get_time_and_clockread()
nanoseconds based) changed that in the kvm pvclock update function, so
the stale mono_base value got used and caused kvm-clock to malfunction.
Put the update where it belongs and fix the issue.
Reported-by: Chris J Arges <chris.j.arges@canonical.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gleb Natapov <gleb@kernel.org>
Cc: John Stultz <john.stultz@linaro.org>
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1409050000570.3333@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Thomas Gleixner [Sat, 6 Sep 2014 10:18:07 +0000 (12:18 +0200)]
compat: nanosleep: Clarify error handling
The error handling in compat_sys_nanosleep() is correct, but
completely non obvious. Document it and restrict it to the
-ERESTART_RESTARTBLOCK return value for clarity.
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
David S. Miller [Sat, 6 Sep 2014 05:37:36 +0000 (22:37 -0700)]
Merge branch 'amd-xgbe-net'
Tom Lendacky says:
====================
amd-xgbe: AMD XGBE driver fixes 2014-09-05
The following series of patches includes fixes to the driver.
- Proper access to 64 bit management counter registers
- Enable all management counter registers to generate an interrupt when
the counter threshold is reached
This patch series is based on net.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Lendacky, Thomas [Fri, 5 Sep 2014 23:02:36 +0000 (18:02 -0500)]
amd-xgbe: Enable interrupts for all management counters
As the management counters reach a threshold they will generate an
interrupt so the value can be saved and the counter reset. The
current code does not enable this interrupt on all counters. This
can result in inaccurate statistics.
Update the code to enable all the counters to generate an interrupt
when its threshold is exceeded.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Lendacky, Thomas [Fri, 5 Sep 2014 23:02:30 +0000 (18:02 -0500)]
amd-xgbe: Treat certain counter registers as 64 bit
Even if the management counters are configured to be 32 bit register
values, the [rt]xoctetcount_gb and [rt]xoctetcount_g counters are
always 64 bit counter registers. Since they are not being treated as
64 bit values, these statistics are being reported incorrectly (ifconfig,
ethtool, etc.).
Update the routines used to read the registers to access the "hi"
register (an offset of 4 from the "lo" register) to create a 64 bit
value for these 64 bit counters.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Hellstrom [Fri, 5 Sep 2014 11:13:48 +0000 (13:13 +0200)]
greth: moved TX ring cleaning to NAPI rx poll func
This patch does not affect the 10/100 GRETH MAC.
Before all GBit GRETH TX descriptor ring cleaning was done in
start_xmit(), when descriptor list became full it activated
TX interrupt to start the NAPI rx poll function to do TX ring
cleaning.
With this patch the TX descriptor ring is always cleaned from
the NAPI rx poll function, triggered via TX or RX interrupt.
Otherwise we could end up in TX frames being sent but not
reported to the stack being sent. On the 10/100 GRETH this
is not an issue since the SKB is copied&aligned into private
buffers so that the SKB can be freed directly on start_xmit()
Signed-off-by: Daniel Hellstrom <daniel@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Anish Bhatt [Fri, 5 Sep 2014 00:12:57 +0000 (17:12 -0700)]
cnic : Cleanup CONFIG_IPV6 & VLAN check
The cnic module needs to ensure that if ipv6 support is compiled as a module,
then the cnic module cannot be compiled as built-in as it depends on ipv6.
Made this check cleaner via Kconfig
Use simpler IS_ENABLED for CONFIG_VLAN_8021Q check
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Acked-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Suman Tripathi [Thu, 28 Aug 2014 09:21:22 +0000 (14:51 +0530)]
ahci_xgene: Fix the link down in first attempt for the APM X-Gene SoC AHCI SATA host controller driver.
Due to HW errata the APM X-Gene AHCI SATA host controller reports link
down even if the device presence is detected. This issue is due to speed
negotiation failure. This patch implements the algorithm to retry the
COMRESET if PxSTAT register reports device presence detected but
PHY communication not established. The maximum retry attempts are 3.
This patch also fixes the code to match the algorithm for the printing
a warning message if the disparity error still exists after link up.
Signed-off-by: Loc Ho <lho@apm.com>
Signed-off-by: Suman Tripathi <stripathi@apm.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Suman Tripathi [Thu, 28 Aug 2014 09:21:21 +0000 (14:51 +0530)]
ahci_xgene: Skip the PHY and clock initialization if already configured by the firmware.
This patch implements the feature to skip the PHY and clock
initialization if it is already configured by the firmware.
Signed-off-by: Loc Ho <lho@apm.com>
Signed-off-by: Suman Tripathi <stripathi@apm.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Masanari Iida [Thu, 4 Sep 2014 14:44:36 +0000 (23:44 +0900)]
net: treewide: Fix typo found in DocBook/networking.xml
This patch fix spelling typo found in DocBook/networking.xml.
It is because the neworking.xml is generated from comments
in the source, I have to fix typo in comments within the source.
Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yaniv Rosner [Thu, 4 Sep 2014 10:26:00 +0000 (13:26 +0300)]
bnx2x: Fix link problems for 1G SFP RJ45 module
When 1G SFP RJ45 module is detected, driver must reset the Tx laser
in order to prevent link issues. As part of change, the link_attr_sync
was relocated from vars to params.
Signed-off-by: Yaniv Rosner <Yaniv.Rosner@qlogic.com>
Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Neil Horman [Thu, 4 Sep 2014 10:13:38 +0000 (06:13 -0400)]
3c59x: avoid panic in boomerang_start_xmit when finding page address:
This bug was reported on a very old kernel (RHEL6, 2.6.32-491.el6):
BUG: unable to handle kernel paging request at
00800000
IP: [<
c04107b5>] nommu_map_page+0x15/0x110
*pdpt =
000000003454f001 *pde =
000000003f03d067
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/system/cpu/online
Modules linked in: nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs p4_clockmod
ipv6 ppdev parport_pc parport microcode iTCO_wdt iTCO_vendor_support 3c59x mii
dcdbas serio_raw snd_intel8x0 snd_ac97_codec ac97_bus snd_seq snd_seq_device
snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 sg lpc_ich mfd_core ext4
jbd2 mbcache sr_mod cdrom sd_mod crc_t10dif pata_acpi ata_generic ata_piix
radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core dm_mirror dm_region_hash
dm_log dm_mod [last unloaded: mperf]
Pid: 4219, comm: nfsd Not tainted 2.6.32-491.el6.i686 #1 Dell Computer
Corporation OptiPlex GX240 /OptiPlex GX240
EIP: 0060:[<
c04107b5>] EFLAGS:
00010246 CPU: 0
EIP is at nommu_map_page+0x15/0x110
EAX:
00000000 EBX:
c0a83480 ECX:
00000000 EDX:
00800000
ESI:
00000000 EDI:
f70e7860 EBP:
e2d09b54 ESP:
e2d09b24
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process nfsd (pid: 4219, ti=
e2d08000 task=
e2ceaaa0 task.ti=
e2d08000)
Stack:
00000056 00000000 0000000e c65efd38 00000020 00000296 00000206 00000206
<0>
c050c850 c0a83480 e2cef154 00000001 e2d09ba8 f8fcd585 00000510 00000001
<0>
00000000 00000000 f5172200 f8fdac00 0039ef8c f5277020 f70e7860 00000510
Call Trace:
[<
c050c850>] ? page_address+0xd0/0xe0
[<
f8fcd585>] ? boomerang_start_xmit+0x3b5/0x520 [3c59x]
[<
c07b2975>] ? dev_hard_start_xmit+0xe5/0x400
[<
f9182b00>] ? ip6_output_finish+0x0/0xf0 [ipv6]
[<
c07ca053>] ? sch_direct_xmit+0x113/0x180
[<
c07d5588>] ? nf_hook_slow+0x68/0x120
[<
c07b2ea5>] ? dev_queue_xmit+0x1b5/0x290
[<
f9182b6d>] ? ip6_output_finish+0x6d/0xf0 [ipv6]
[<
f9184cb8>] ? ip6_xmit+0x3e8/0x490 [ipv6]
[<
f91ab9f9>] ? inet6_csk_xmit+0x289/0x2f0 [ipv6]
[<
c07f6451>] ? tcp_transmit_skb+0x431/0x7f0
[<
c07a403f>] ? __alloc_skb+0x4f/0x140
[<
c07f85a2>] ? tcp_write_xmit+0x1c2/0xa50
[<
c07f90b1>] ? __tcp_push_pending_frames+0x31/0xe0
[<
c07ea47a>] ? tcp_sendpage+0x44a/0x4b0
[<
c07ea030>] ? tcp_sendpage+0x0/0x4b0
[<
c079be1e>] ? kernel_sendpage+0x4e/0x90
[<
f8457bb9>] ? svc_send_common+0xc9/0x120 [sunrpc]
[<
f8457c85>] ? svc_sendto+0x75/0x1f0 [sunrpc]
[<
c060d0d9>] ? _atomic_dec_and_lock+0x59/0x90
[<
f87d55d0>] ? nfs3svc_encode_readres+0x0/0xc0 [nfsd]
[<
f845876d>] ? svc_authorise+0x2d/0x40 [sunrpc]
[<
f87d4410>] ? nfs3svc_release_fhandle+0x0/0x10 [nfsd]
[<
f8455721>] ? svc_process_common+0xf1/0x5a0 [sunrpc]
[<
f8457e86>] ? svc_tcp_sendto+0x36/0xa0 [sunrpc]
[<
f8461778>] ? svc_send+0x98/0xd0 [sunrpc]
[<
f87c698c>] ? nfsd+0xac/0x140 [nfsd]
[<
c04470e0>] ? complete+0x40/0x60
[<
f87c68e0>] ? nfsd+0x0/0x140 [nfsd]
[<
c04802ac>] ? kthread+0x7c/0xa0
[<
c0480230>] ? kthread+0x0/0xa0
[<
c0409f9f>] ? kernel_thread_helper+0x7/0x10
Code: 8d b6 00 00 00 00 eb f8 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5
83 ec 30 89 75 f8 31 f6 89 7d fc 89 c7 89 c8 89 5d f4 <8b> 1a 8b 4d 08 c1 eb 19
c1 e3 04 8b 9b c0 29 c7 c0 83 e3 fc 29
But the problem seems to still exist upstream. It seems on 32 bit kernels
page_address() can reutrn a NULL value in some circumstances, and the
pci_map_single api isn't prepared to handle that (on this system it results in a
bogus pointer deference in nommu_map_page.
The fix is pretty easy, if we convert the 3c59x driver to use the more
convieient skb_frag_dma_map api we don't need to find the virtual address of the
page at all, and page gets mapped to the hardware properly. Verified to fix the
problem as described by the reporter.
Applies to the net tree
Change Notes:
v2) Converted PCI_DMA_TODEVICE to DMA_TO_DEVICE. Thanks Dave!
v3) Actually Run git commit after making changes to v2 :)
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: klassert@mathematik.tu-chemnitz.de
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso [Thu, 4 Sep 2014 07:47:21 +0000 (09:47 +0200)]
netfilter: add explicit Kconfig for NETFILTER_XT_NAT
Paul Bolle reports that 'select NETFILTER_XT_NAT' from the IPV4 and IPV6
NAT tables becomes noop since there is no Kconfig switch for it. Add the
Kconfig switch to resolve this problem.
Fixes: 8993cf8 netfilter: move NAT Kconfig switches out of the iptables scope
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Wed, 3 Sep 2014 21:59:22 +0000 (23:59 +0200)]
ipv6: use addrconf_get_prefix_route() to remove peer addr
addrconf_get_prefix_route() ensures to get the right route in the right table.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Wed, 3 Sep 2014 21:59:21 +0000 (23:59 +0200)]
ipv6: fix a refcnt leak with peer addr
There is no reason to take a refcnt before deleting the peer address route.
It's done some lines below for the local prefix route because
inet6_ifa_finish_destroy() will release it at the end.
For the peer address route, we want to free it right now.
This bug has been introduced by commit
caeaba79009c ("ipv6: add support of peer address").
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Willem de Bruijn [Wed, 3 Sep 2014 16:01:18 +0000 (12:01 -0400)]
net-timestamp: only report sw timestamp if reporting bit is set
The timestamping API has separate bits for generating and reporting
timestamps. A software timestamp should only be reported for a packet
when the packet has the relevant generation flag (SKBTX_..) set
and the socket has reporting bit SOF_TIMESTAMPING_SOFTWARE set.
The second check was accidentally removed. Reinstitute the original
behavior.
Tested:
Without this patch, Documentation/networking/txtimestamp reports
timestamps regardless of whether SOF_TIMESTAMPING_SOFTWARE is set.
After the patch, it only reports them when the flag is set.
Fixes: f24b9be5957b ("net-timestamp: extend SCM_TIMESTAMPING ancillary data struct")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>