Peter Zijlstra [Wed, 5 Jun 2013 10:26:50 +0000 (12:26 +0200)]
arch, mm: Remove tlb_fast_mode()
Since the introduction of preemptible mmu_gather TLB fast mode has been
broken. TLB fast mode relies on there being absolutely no concurrency;
it frees pages first and invalidates TLBs later.
However now we can get concurrency and stuff goes *bang*.
This patch removes all tlb_fast_mode() code; it was found the better
option vs trying to patch the hole by entangling tlb invalidation with
the scheduler.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Tony Luck <tony.luck@intel.com>
Reported-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 6 Jun 2013 01:05:45 +0000 (10:05 +0900)]
Merge branch 'rc-fixes' of git://git./linux/kernel/git/mmarek/kbuild
Pull kbuild fixes from Michal Marek:
"There is one fix for a kbuild regression, plus three kconfig fixes for
bugs that have alway been there, but are simple enough to be fixed in
an -rc"
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
kconfig/menu.c: fix multiple references to expressions in menu_add_prop()
mconf: handle keys in empty dialogs
kbuild: Don't assume dts files live in arch/*/boot/dts
scripts/config: fix assignment of parameters for short version of --*-after options
Linus Torvalds [Wed, 5 Jun 2013 10:19:04 +0000 (19:19 +0900)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix timeouts with direct mode authentication in mac80211, from
Stanislaw Gruszka.
2) Aggregation sessions can deadlock in ath9k, from Felix Fietkau.
3) Netfilter's xt_addrtype doesn't work with ipv6 due to route lookups
creating undesirable cache entries, from Florian Westphal.
4) Fix netfilter's ipt_ULOG from generating non-NULL terminated
strings.
5) Fix netdev transmit queue crashes in mac80211, from Johannes Berg.
6) Fix copy and paste error in 802.11 stack that broke reporting of
64-bit station tx statistics, from Felix Fietkau.
7) When qlge_probe fails, it leaks the netdev. Fix from Wei Yongjun.
8) SKB control block (where we store the IP options information,
amongst other things) must be cleared properly otherwise ICMP
sending can crash for IP tunnels. Fix from Eric Dumazet.
9) Verification of Energy Efficient Ether support was coded wrongly,
the test was inversed. Fix from Giuseppe CAVALLARO.
10) TCP handles redirects improperly because the wrong flow key is used
for the route lookup. From Michal Kubecek.
11) Don't interpret MSG_CMSG_COMPAT from userspace, fix from Andy
Lutomirski.
12) The new AF_VSOCK was missing from the lockdep string table, fix from
Federico Vaga.
13) be2net doesn't handle checksumming of IP fragments properly, from
Somnath Kotur.
14) Fix several bugs in the device address list code that lead to
crashes and other misbehaviors. From Jay Vosburgh.
15) Fix ipv6 segmentation handling of fragmented GRE tunnel traffic,
from Pravin B Shalr.
16) Fix usage of stale policies in IPSEC layer, from Paul Moore.
17) Fix team driver dump of ports when there are a large number of them,
from Jiri Pirko.
18) Fix softlockups in UDP ipv4 socket lookup causes by and error in the
hlist_nulls_for_each_entry_rcu() macro. From Eric Dumazet.
19) Fix several regressions added by the high rate accuracy changes to
the htb packet scheduler. From Eric Dumazet.
20) Fix DMA'ing onto the stack in esd_usb2 and peak_usb CAN drivers,
from Olivier Sobrie and Marc Kleine-Budde.
21) Fix unremovable network devices due to missing route pointer
installation in the per-device ipv6 address list entries. From Gao
feng.
22) Apply the tg3 5719 DMA workaround on 5720 chips as well, otherwise
we get stalls. From Nithin Sujir.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (68 commits)
net_sched: htb: do not mix 1ns and 64ns time units
net: fix sk_buff head without data area
tg3: Add read dma workaround for 5720
net: ethernet: xilinx_emaclite: set protocol selector bits when writing ANAR
bnx2x: Fix bridged GSO for 57710/57711 chips
net: fec: add fallback to random MAC address
bnx2x: fix TCP offload for tunneling ipv4 over ipv6
ipv6: assign rt6_info to inet6_ifaddr in init_loopback
net/mlx4_core: Keep VF assigned MAC in the PF admin table
net/mlx4_en: Handle unassigned VF MAC address correctly
net/mlx4_core: Return -EPROBE_DEFER when a VF is probed before PF is sufficiently initialized
net/mlx4_en: Fix adaptive moderation cq update
net: can: peak_usb: Do not do dma on the stack
net: can: esd_usb2: Do not do dma on the stack
net: can: kvaser_usb: fix reception on "USBcan Pro" and "USBcan R" type hardware.
net_sched: restore "overhead xxx" handling
net: force a reload of first item in hlist_nulls_for_each_entry_rcu
hyperv: Fix vlan_proto setting in netvsc_recv_callback()
team: fix port list dump for big number of ports
list: introduce list_first_entry_or_null
...
Eric Dumazet [Tue, 4 Jun 2013 07:11:48 +0000 (07:11 +0000)]
net_sched: htb: do not mix 1ns and 64ns time units
commit
56b765b79 ("htb: improved accuracy at high rates") added another
regression for low rates, because it mixes 1ns and 64ns time units.
So the maximum delay (mbuffer) was not 60 second, but 937 ms.
Lets convert all time fields to 1ns as 64bit arches are becoming the
norm.
Reported-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira [Mon, 3 Jun 2013 09:28:43 +0000 (09:28 +0000)]
net: fix sk_buff head without data area
Eric Dumazet spotted that we have to check skb->head instead
of skb->data as skb->head points to the beginning of the
data area of the skbuff. Similarly, we have to initialize the
skb->head pointer, not skb->data in __alloc_skb_head.
After this fix, netlink crashes in the release path of the
sk_buff, so let's fix that as well.
This bug was introduced in (
0ebd0ac net: add function to
allocate sk_buff head without data area).
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nithin Sujir [Mon, 3 Jun 2013 09:19:34 +0000 (09:19 +0000)]
tg3: Add read dma workaround for 5720
Commit
091f0ea30074bc43f9250961b3247af713024bc6 "tg3: Add New 5719 Read
DMA workaround" added a workaround for TX DMA stall on the 5719. This
workaround needs to be applied to the 5720 as well.
Cc: stable@vger.kernel.org
Reported-by: Roland Dreier <roland@purestorage.com>
Tested-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jens Renner \(EFE\) [Mon, 3 Jun 2013 04:32:52 +0000 (04:32 +0000)]
net: ethernet: xilinx_emaclite: set protocol selector bits when writing ANAR
This patch sets the protocol selector bits (4:0) of the PHY's MII_ADVERTISE
register (ANAR) when writing ADVERTISE_ALL. The protocol selector bits are
indicating IEEE 803.3u support and are fixed / read-only on some PHYs. Not
setting them correctly on others (like TI DP83630) makes the PHY fall back
to 10M HDX mode which should be avoided.
Tested for TI DP83630 PHY on Microblaze platform.
Signed-off-by: Jens Renner <renner@efe-gmbh.de>
Tested-by: Michal Simek <monstr@monstr.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuval Mintz [Mon, 3 Jun 2013 02:59:57 +0000 (02:59 +0000)]
bnx2x: Fix bridged GSO for 57710/57711 chips
It was recently found out that GSO on 57710/57711 was broken, due to packets
being sent without a valid IP checksum.
Commit
057cf65 "bnx2x: Fix GSO for 57710/57711 chips" partially fixed this
issue, but failed to set the correct IP checksum when receiving GSO packets
via bridges, as such packets enter bnx2x_tx_split() and the FW flags needed
to calculate IP checksum were erroneously set in the incorrect
buffer descriptor.
This patch re-enables GSO in said scenario for 57710/57711 chips.
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 5 Jun 2013 00:13:06 +0000 (09:13 +0900)]
Merge tag 'mmc-fixes-for-3.10-rc5' of git://git./linux/kernel/git/cjb/mmc
Pull MMC fixes from Chris Ball:
- sdhci-acpi: Fix initial runtime PM status, add more ACPI IDs
- atmel-mci, omap_hsmmc: DT handling fixes
- esdhc-imx: Fix SDIO IRQs, fix multiblock reads (both h/w errata)
* tag 'mmc-fixes-for-3.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
mmc: omap_hsmmc: Skip platform_get_resource_byname() for dt case
mmc: omap_hsmmc: convert to dma_request_slave_channel_compat
mmc: omap_hsmmc: Fix the DT pbias workaround for MMC controllers 2 to 5
mmc: sdhci-pci: add more device ids
mmc: sdhci-acpi: add more device ids
mmc: sdhci-acpi: fix initial runtime pm status
mmc: atmel-mci: convert to dma_request_slave_channel_compat()
mmc: sdhci-esdhc-imx: fix multiblock reads on i.MX53
mmc: sdhci-esdhc-imx: Fix SDIO interrupts
Linus Torvalds [Wed, 5 Jun 2013 00:11:06 +0000 (09:11 +0900)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
Pull input fixes from Dmitry Torokhov:
"Just a 2 small driver fixups here"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: wacom - fix a typo for Cintiq 22HDT
Input: synaptics - fix sync lost after resume on some laptops
Linus Torvalds [Wed, 5 Jun 2013 00:09:35 +0000 (09:09 +0900)]
Merge branch 'fixes' of git://git./virt/kvm/kvm
Pull kvm bugfixes from Gleb Natapov:
"The bulk of the fixes is in MIPS KVM kernel<->userspace ABI. MIPS KVM
is new for 3.10 and some problems were found with current ABI. It is
better to fix them now and do not have a kernel with broken one"
* 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: Fix race in apic->pending_events processing
KVM: fix sil/dil/bpl/spl in the mod/rm fields
KVM: Emulate multibyte NOP
ARM: KVM: be more thorough when invalidating TLBs
ARM: KVM: prevent NULL pointer dereferences with KVM VCPU ioctl
mips/kvm: Use ENOIOCTLCMD to indicate unimplemented ioctls.
mips/kvm: Fix ABI by moving manipulation of CP0 registers to KVM_{G,S}ET_ONE_REG
mips/kvm: Use ARRAY_SIZE() instead of hardcoded constants in kvm_arch_vcpu_ioctl_{s,g}et_regs
mips/kvm: Fix name of gpr field in struct kvm_regs.
mips/kvm: Fix ABI for use of 64-bit registers.
mips/kvm: Fix ABI for use of FPU.
Linus Torvalds [Wed, 5 Jun 2013 00:06:28 +0000 (09:06 +0900)]
Merge git://git./linux/kernel/git/steve/gfs2-3.0-fixes
Pull gfs2 fixes from Steven Whitehouse:
"There are four patches this time.
The first fixes a problem where the wrong descriptor type was being
written into the log for journaled data blocks.
The second fixes a race relating to the deallocation of allocator
data.
The third provides a fallback if kmalloc is unable to satisfy a
request to allocate a directory hash table.
The fourth fixes the iopen glock caching so that inodes are deleted in
a more timely manner after rmdir/unlink"
* git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes:
GFS2: Don't cache iopen glocks
GFS2: Fall back to vmalloc if kmalloc fails for dir hash tables
GFS2: Increase i_writecount during gfs2_setattr_size
GFS2: Set log descriptor type for jdata blocks
Linus Torvalds [Wed, 5 Jun 2013 00:03:31 +0000 (09:03 +0900)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mszeredi/fuse
Pull fuse fixes from Miklos Szeredi:
"One patch fixes an Oops introduced in 3.9 with the readdirplus
feature. The rest are fixes for async-dio in 3.10"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: fix alignment in short read optimization for async_dio
fuse: return -EIOCBQUEUED from fuse_direct_IO() for all async requests
fuse: fix readdirplus Oops in fuse_dentry_revalidate
fuse: update inode size and invalidate attributes on fallocate
fuse: truncate pagecache range on hole punch
fuse: allocate for_background dio requests based on io->async state
Linus Torvalds [Wed, 5 Jun 2013 00:02:09 +0000 (09:02 +0900)]
Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblaze
Pull microblaze fixes from Michal Simek:
"One is fixing warning reported by sparse and the second warning was
reported by Geert in his build regressions/improvements status update
for -rc4."
* 'next' of git://git.monstr.eu/linux-2.6-microblaze:
microblaze: Use static inline functions in cacheflush.h
microblaze: Fix sparse warnings
Lucas Stach [Mon, 3 Jun 2013 00:38:39 +0000 (00:38 +0000)]
net: fec: add fallback to random MAC address
If no valid MAC address could be obtained from the hardware,
fall back to a randomly generated one.
Signed-off-by: Pavel Machek <pavel@denx.de>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Sun, 2 Jun 2013 23:28:41 +0000 (23:28 +0000)]
bnx2x: fix TCP offload for tunneling ipv4 over ipv6
FW was initialized with data from wrong header, this caused TSO packets
have wrong IP csum.
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gao feng [Sun, 2 Jun 2013 22:16:21 +0000 (22:16 +0000)]
ipv6: assign rt6_info to inet6_ifaddr in init_loopback
Commit
25fb6ca4ed9cad72f14f61629b68dc03c0d9713f
"net IPv6 : Fix broken IPv6 routing table after loopback down-up"
forgot to assign rt6_info to the inet6_ifaddr.
When disable the net device, the rt6_info which allocated
in init_loopback will not be destroied in __ipv6_ifa_notify.
This will trigger the waring message below
[23527.916091] unregister_netdevice: waiting for tap0 to become free. Usage count = 1
Reported-by: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 4 Jun 2013 21:30:12 +0000 (14:30 -0700)]
Merge branch 'fixes-for-3.10' of git://gitorious.org/linux-can/linux-can
Marc Kleine-Budde says:
====================
here are there fixes for the v3.10 release cycle:
The first patch by Jonas Peterson and Olivier Sobrie fixes the reception of CAN
frames on Kvaser's "USBcan Pro" and "USBcan R" type hardware.
The last two patches by Olivier Sobrie (for esd_usb2) and me (for peak_usb)
change the memory handling for the USB messages from stack to kmalloc(), as
memory used for DMA should not be allocated on stack.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Or Gerlitz [Tue, 4 Jun 2013 05:13:29 +0000 (05:13 +0000)]
net/mlx4_core: Keep VF assigned MAC in the PF admin table
MAC addresses assigned by the PF to VFs were not kept in the PF driver
admin table. As a result, displaying the VF MACs from the PF interface
to user space showed zero address where in fact the VF got non-zero
address from the PF, fix that.
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Or Gerlitz [Tue, 4 Jun 2013 05:13:28 +0000 (05:13 +0000)]
net/mlx4_en: Handle unassigned VF MAC address correctly
When a VF sense they didn't get MAC address, use random one. This will
address the case of administrator not assigning MAC to the VF through
the PF OS APIs and keep udev happy.
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Tue, 4 Jun 2013 05:13:27 +0000 (05:13 +0000)]
net/mlx4_core: Return -EPROBE_DEFER when a VF is probed before PF is sufficiently initialized
In the PF initialization, SRIOV is enabled before the PF is fully initialized.
This allows the kernel to probe the newly-exposed VFs before the PF is ready
to handle them (nested probes).
Have the probe method return the -EPROBE_DEFER value in this situation (instead
of the VF probe method retrying its initialization in a loop, and returning -EIO
on failure). When -EPROBE_DEFER is returned by the VF probe method, the kernel
itself will retry the probe after a suitable delay.
Based upon a suggestion by Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sagi Grimberg [Tue, 4 Jun 2013 05:13:26 +0000 (05:13 +0000)]
net/mlx4_en: Fix adaptive moderation cq update
When turning on adaptive_rx under adaptive moderation, the CQ's moderation
count wasn't updated according to rx_frames which resulted in too many
interrupts and bandwidth drop.
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ping Cheng [Thu, 23 May 2013 17:22:33 +0000 (10:22 -0700)]
Input: wacom - fix a typo for Cintiq 22HDT
And make the lines easier to read.
Signed-off-by: Ping Cheng <pingc@wacom.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Eric Miao [Tue, 4 Jun 2013 16:30:55 +0000 (09:30 -0700)]
Input: synaptics - fix sync lost after resume on some laptops
In summary, the symptom is intermittent key events lost after resume
on some machines with synaptics touchpad (seems this is synaptics _only_),
and key events loss is due to serio port reconnect after psmouse sync lost.
Removing psmouse and inserting it back during the suspend/resume process
is able to work around the issue, so the difference between psmouse_connect()
and psmouse_reconnect() is the key to the root cause of this problem.
After comparing the two different paths, synaptics driver has its own
implementation of synaptics_reconnect(), and the missing psmouse_probe()
seems significant, the patch below added psmouse_probe() to the reconnect
process, and has been verified many times that the issue could not be reliably
reproduced.
There are two PS/2 commands in psmouse_probe():
1. PSMOUSE_CMD_GETID
2. PSMOUSE_CMD_RESET_DIS
Only the PSMOUSE_CMD_GETID seems to be significant. The
PSMOUSE_CMD_RESET_DIS is irrelevant to this issue after trying
several times. So we have only implemented this patch to issue
the PSMOUSE_CMD_GETID so far.
Tested-by: Daniel Manrique <daniel.manrique@canonical.com>
Signed-off-by: James M Leddy <james.leddy@canonical.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Linus Torvalds [Mon, 3 Jun 2013 21:34:51 +0000 (06:34 +0900)]
Merge tag 'regulator-v3.10-rc4' of git://git./linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A few small fixes for v3.10, documentation things in the core and a
few driver bugs."
* tag 'regulator-v3.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: palmas: Fix "enable_reg" to point to the correct reg for SMPS10
regulator: palmas: Fix incorrect condition
regulator: core: Correct spelling mistake in comment
regulator: dbx500: Make local symbol static
regulator: Fix kernel-doc generation warnings.
Linus Torvalds [Mon, 3 Jun 2013 21:33:44 +0000 (06:33 +0900)]
Merge tag 'jfs-3.10-rc5' of git://github.com/kleikamp/linux-shaggy
Pull jfs bugfixes from David Kleikamp:
"A couple jfs bug fixes for 3.10-rc5"
* tag 'jfs-3.10-rc5' of git://github.com/kleikamp/linux-shaggy:
fs/jfs: Add check if journaling to disk has been disabled in lbmRead()
jfs: Several bugs in jfs_freeze() and jfs_unfreeze()
Bob Peterson [Wed, 29 May 2013 15:51:52 +0000 (11:51 -0400)]
GFS2: Don't cache iopen glocks
This patch makes GFS2 immediately reclaim/delete all iopen glocks
as soon as they're dequeued. This allows deleters to get an
EXclusive lock on iopen so files are deleted properly instead of
being set as unlinked.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Bob Peterson [Thu, 30 May 2013 13:48:56 +0000 (09:48 -0400)]
GFS2: Fall back to vmalloc if kmalloc fails for dir hash tables
This version has one more correction: the vmalloc calls are replaced
by __vmalloc calls to preserve the GFP_NOFS flag.
When GFS2's directory management code allocates buffers for a
directory hash table, if it can't get the memory it needs, it
currently gives a bad return code. Rather than giving an error,
this patch allows it to use virtual memory rather than kernel
memory for the hash table. This should make it possible for
directories to function properly, even when kernel memory becomes
very fragmented.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Bob Peterson [Tue, 28 May 2013 14:04:44 +0000 (10:04 -0400)]
GFS2: Increase i_writecount during gfs2_setattr_size
This patch calls get_write_access in a few functions. This
merely increases inode->i_writecount for the duration of the function.
That will ensure that any file closes won't delete the inode's
multi-block reservation while the function is running.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Bob Peterson [Fri, 24 May 2013 19:02:49 +0000 (15:02 -0400)]
GFS2: Set log descriptor type for jdata blocks
This patch sets the log descriptor type according to whether the
journal commit is for (journaled) data or metadata. This was
recently broken when the functions to process data and metadata
log ops were combined.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Maxim Patlasov [Thu, 30 May 2013 12:41:34 +0000 (16:41 +0400)]
fuse: fix alignment in short read optimization for async_dio
The bug was introduced with async_dio feature: trying to optimize short reads,
we cut number-of-bytes-to-read to i_size boundary. Hence the following example:
truncate --size=300 /mnt/file
dd if=/mnt/file of=/dev/null iflag=direct
led to FUSE_READ request of 300 bytes size. This turned out to be problem
for userspace fuse implementations who rely on assumption that kernel fuse
does not change alignment of request from client FS.
The patch turns off the optimization if async_dio is disabled. And, if it's
enabled, the patch fixes adjustment of number-of-bytes-to-read to preserve
alignment.
Note, that we cannot throw out short read optimization entirely because
otherwise a direct read of a huge size issued on a tiny file would generate
a huge amount of fuse requests and most of them would be ACKed by userspace
with zero bytes read.
Signed-off-by: Maxim Patlasov <MPatlasov@parallels.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Brian Foster [Thu, 30 May 2013 19:35:50 +0000 (15:35 -0400)]
fuse: return -EIOCBQUEUED from fuse_direct_IO() for all async requests
If request submission fails for an async request (i.e.,
get_user_pages() returns -ERESTARTSYS), we currently skip the
-EIOCBQUEUED return and drop into wait_for_sync_kiocb() forever.
Avoid this by always returning -EIOCBQUEUED for async requests. If
an error occurs, the error is passed into fuse_aio_complete(),
returned via aio_complete() and thus propagated to userspace via
io_getevents().
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Maxim Patlasov <MPatlasov@parallels.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Miklos Szeredi [Mon, 3 Jun 2013 12:40:22 +0000 (14:40 +0200)]
fuse: fix readdirplus Oops in fuse_dentry_revalidate
Fix bug introduced by commit
4582a4ab2a "FUSE: Adapt readdirplus to application
usage patterns".
We need to check for a positive dentry; negative dentries are not added by
readdirplus. Secondly we need to advise the use of readdirplus on the *parent*,
otherwise the whole thing is useless. Thirdly all this is only relevant if
"readdirplus_auto" mode is selected by the filesystem.
We advise the use of readdirplus only if the dentry was still valid. If we had
to redo the lookup then there was no use in doing the -plus version.
Reported-by: Bernd Schubert <bernd.schubert@itwm.fraunhofer.de>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: Feng Shuo <steve.shuo.feng@gmail.com>
CC: stable@vger.kernel.org
Marc Kleine-Budde [Thu, 16 May 2013 09:36:40 +0000 (11:36 +0200)]
net: can: peak_usb: Do not do dma on the stack
smatch reports the following warnings:
drivers/net/can/usb/peak_usb/pcan_usb_pro.c:514 pcan_usb_pro_drv_loaded() error: doing dma on the stack (buffer)
drivers/net/can/usb/peak_usb/pcan_usb_pro.c:878 pcan_usb_pro_init() error: doing dma on the stack (&fi)
drivers/net/can/usb/peak_usb/pcan_usb_pro.c:889 pcan_usb_pro_init() error: doing dma on the stack (&bi)
See "Documentation/DMA-API-HOWTO.txt" section "What memory is DMA'able?"
Cc: Stephane Grosjean <s.grosjean@peak-system.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Olivier Sobrie [Fri, 18 Jan 2013 08:14:04 +0000 (09:14 +0100)]
net: can: esd_usb2: Do not do dma on the stack
smatch reports the following warnings:
drivers/net/can/usb/esd_usb2.c:640 esd_usb2_start() error: doing dma on the stack (&msg)
drivers/net/can/usb/esd_usb2.c:846 esd_usb2_close() error: doing dma on the stack (&msg)
drivers/net/can/usb/esd_usb2.c:855 esd_usb2_close() error: doing dma on the stack (&msg)
drivers/net/can/usb/esd_usb2.c:923 esd_usb2_set_bittiming() error: doing dma on the stack (&msg)
drivers/net/can/usb/esd_usb2.c:1047 esd_usb2_probe() error: doing dma on the stack (&msg)
drivers/net/can/usb/esd_usb2.c:1053 esd_usb2_probe() error: doing dma on the stack (&msg)
See "Documentation/DMA-API-HOWTO.txt" section "What memory is DMA'able?"
Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
Cc: Matthias Fuchs <matthias.fuchs@esd.eu>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Jonas Peterson [Tue, 7 May 2013 20:05:23 +0000 (22:05 +0200)]
net: can: kvaser_usb: fix reception on "USBcan Pro" and "USBcan R" type hardware.
Unlike Kvaser Leaf light devices, some other Kvaser devices (like USBcan
Pro, USBcan R) receive CAN messages in CMD_LOG_MESSAGE frames. This
patch adds support for it.
Cc: linux-stable <stable@vger.kernel.org> # >= v3.8
Signed-off-by: Jonas Peterson <jonas.peterson@gmail.com>
Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Michal Simek [Mon, 3 Jun 2013 09:30:04 +0000 (11:30 +0200)]
microblaze: Use static inline functions in cacheflush.h
Using static inline functions ensure proper type checking
which also remove compilation warning for no MMU
Compilation warning:
arch/microblaze/include/asm/cacheflush.h: warning: 'addr'
may be used uninitialized in this function [-Wmaybe-uninitialized]
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Linus Torvalds [Mon, 3 Jun 2013 09:09:42 +0000 (18:09 +0900)]
Merge branch 'for-linus' of git://git./linux/kernel/git/geert/linux-m68k
Pull m68k fix from Geert Uytterhoeven:
"A boot lock-up on Mac, also destined for stable"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k/mac: Fix unexpected interrupt with CONFIG_EARLY_PRINTK
Linus Torvalds [Mon, 3 Jun 2013 09:04:07 +0000 (18:04 +0900)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
"Recent bug fixes, one of them touches a common code file.
It adds two #ifndef/#endif pairs to asm-generic/io.h to be able to
override xlate_dev_kmem_ptr and xlate_dev_mem_ptr."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/pgtable: Fix gmap notifier address
s390/dasd: fix handling of gone paths
s390/pgtable: Fix check for pgste/storage key handling
arch: s390: appldata: using strncpy() and strnlen() instead of sprintf()
s390/smp: lost IPIs on cpu hotplug
kernel: Fix s390 absolute memory access for /dev/mem
s390/dma: do not call debug_dma after free
Linus Torvalds [Mon, 3 Jun 2013 08:57:16 +0000 (17:57 +0900)]
Merge branch 'for-3.10-fixes' of git://git./linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
- Fix for yet another xattr bug which may lead to NULL deref.
- A subtle bug in for_each_descendant_pre(). This bug requires quite
specific conditions to trigger and isn't too likely to actually
happen in the wild, but maybe that just makes it that much more
nastier.
- A warning message added for silly cgroup re-mount (not -o remount,
but unmount followed by mount) behavior.
* 'for-3.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: warn about mismatching options of a new mount of an existing hierarchy
cgroup: fix a subtle bug in descendant pre-order walk
cgroup: initialize xattr before calling d_instantiate()
Linus Torvalds [Mon, 3 Jun 2013 08:55:09 +0000 (17:55 +0900)]
Merge branch 'for-3.10-fixes' of git://git./linux/kernel/git/tj/libata
Pull libata changes from Tejun Heo:
"Nothing too interesting. PCI ID additions, some sata_rcar fixes and a
fringe bug fix for DMADIR handling which shouldn't affect any device
remotely modern."
* 'for-3.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
sata_rcar: fix interrupt handling
ahci: add an observed PCI ID for Marvell 88se9172 SATA controller
sata_rcar: clear STOP bit in bmdma_start() method
libata: make ata_exec_internal_sg honor DMADIR
ata_piix: add PCI IDs for Intel BayTail
libata: update "Maintained by:" tags
Michal Simek [Thu, 30 May 2013 13:10:52 +0000 (15:10 +0200)]
microblaze: Fix sparse warnings
arch/microblaze/include/asm/uaccess.h:101:3:
warning: cast removes address space of expression
arch/microblaze/include/asm/uaccess.h:107:2:
warning: cast removes address space of expression
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Gleb Natapov [Mon, 3 Jun 2013 08:30:02 +0000 (11:30 +0300)]
KVM: Fix race in apic->pending_events processing
apic->pending_events processing has a race that may cause INIT and
SIPI
processing to be reordered:
vpu0: vcpu1:
set INIT
test_and_clear_bit(KVM_APIC_INIT)
process INIT
set INIT
set SIPI
test_and_clear_bit(KVM_APIC_SIPI)
process SIPI
At the end INIT is left pending in pending_events. The following patch
fixes this by latching pending event before processing them.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Paolo Bonzini [Thu, 30 May 2013 14:35:55 +0000 (16:35 +0200)]
KVM: fix sil/dil/bpl/spl in the mod/rm fields
The x86-64 extended low-byte registers were fetched correctly from reg,
but not from mod/rm.
This fixes another bug in the boot of RHEL5.9 64-bit, but it is still
not enough.
Cc: <stable@vger.kernel.org> # 3.9
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Paolo Bonzini [Thu, 30 May 2013 11:22:39 +0000 (13:22 +0200)]
KVM: Emulate multibyte NOP
This is encountered when booting RHEL5.9 64-bit. There is another bug
after this one that is not a simple emulation failure, but this one lets
the boot proceed a bit.
Cc: <stable@vger.kernel.org> # 3.9
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Marc Zyngier [Tue, 14 May 2013 11:11:34 +0000 (12:11 +0100)]
ARM: KVM: be more thorough when invalidating TLBs
The KVM/ARM MMU code doesn't take care of invalidating TLBs before
freeing a {pte,pmd} table. This could cause problems if the page
is reallocated and then speculated into by another CPU.
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Christoffer Dall <cdall@cs.columbia.edu>
Andre Przywara [Wed, 8 May 2013 22:28:06 +0000 (00:28 +0200)]
ARM: KVM: prevent NULL pointer dereferences with KVM VCPU ioctl
Some ARM KVM VCPU ioctls require the vCPU to be properly initialized
with the KVM_ARM_VCPU_INIT ioctl before being used with further
requests. KVM_RUN checks whether this initialization has been
done, but other ioctls do not.
Namely KVM_GET_REG_LIST will dereference an array with index -1
without initialization and thus leads to a kernel oops.
Fix this by adding checks before executing the ioctl handlers.
[ Removed superflous comment from static function - Christoffer ]
Changes from v1:
* moved check into a static function with a meaningful name
Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
Signed-off-by: Christoffer Dall <cdall@cs.columbia.edu>
David Daney [Thu, 23 May 2013 16:49:10 +0000 (09:49 -0700)]
mips/kvm: Use ENOIOCTLCMD to indicate unimplemented ioctls.
The Linux Way is to return -ENOIOCTLCMD to the vfs when an
unimplemented ioctl is requested. Do this in kvm_mips instead of a
random mixture of -ENOTSUPP and -EINVAL.
Signed-off-by: David Daney <david.daney@cavium.com>
Acked-by: Sanjay Lal <sanjayl@kymasys.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Daney [Thu, 23 May 2013 16:49:09 +0000 (09:49 -0700)]
mips/kvm: Fix ABI by moving manipulation of CP0 registers to KVM_{G,S}ET_ONE_REG
Because not all 256 CP0 registers are ever implemented, we need a
different method of manipulating them. Use the
KVM_SET_ONE_REG/KVM_GET_ONE_REG mechanism.
Now unused code and definitions are removed.
Signed-off-by: David Daney <david.daney@cavium.com>
Acked-by: Sanjay Lal <sanjayl@kymasys.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Daney [Thu, 23 May 2013 16:49:08 +0000 (09:49 -0700)]
mips/kvm: Use ARRAY_SIZE() instead of hardcoded constants in kvm_arch_vcpu_ioctl_{s,g}et_regs
Also we cannot set special zero register, so force it to zero.
Signed-off-by: David Daney <david.daney@cavium.com>
Acked-by: Sanjay Lal <sanjayl@kymasys.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Daney [Thu, 23 May 2013 16:49:07 +0000 (09:49 -0700)]
mips/kvm: Fix name of gpr field in struct kvm_regs.
Signed-off-by: David Daney <david.daney@cavium.com>
Acked-by: Sanjay Lal <sanjayl@kymasys.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Daney [Thu, 23 May 2013 16:49:06 +0000 (09:49 -0700)]
mips/kvm: Fix ABI for use of 64-bit registers.
All registers are 64-bits wide, 32-bit guests use the least
significant portion of the register storage fields.
Signed-off-by: David Daney <david.daney@cavium.com>
Acked-by: Sanjay Lal <sanjayl@kymasys.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Daney [Thu, 23 May 2013 16:49:05 +0000 (09:49 -0700)]
mips/kvm: Fix ABI for use of FPU.
Define a non-empty struct kvm_fpu.
Signed-off-by: David Daney <david.daney@cavium.com>
Acked-by: Sanjay Lal <sanjayl@kymasys.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Dumazet [Sun, 2 Jun 2013 13:55:05 +0000 (13:55 +0000)]
net_sched: restore "overhead xxx" handling
commit
56b765b79 ("htb: improved accuracy at high rates")
broke the "overhead xxx" handling, as well as the "linklayer atm"
attribute.
tc class add ... htb rate X ceil Y linklayer atm overhead 10
This patch restores the "overhead xxx" handling, for htb, tbf
and act_police
The "linklayer atm" thing needs a separate fix.
Reported-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vimalkumar <j.vimal@gmail.com>
Cc: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 29 May 2013 09:06:27 +0000 (09:06 +0000)]
net: force a reload of first item in hlist_nulls_for_each_entry_rcu
Roman Gushchin discovered that udp4_lib_lookup2() was not reloading
first item in the rcu protected list, in case the loop was restarted.
This produced soft lockups as in https://lkml.org/lkml/2013/4/16/37
rcu_dereference(X)/ACCESS_ONCE(X) seem to not work as intended if X is
ptr->field :
In some cases, gcc caches the value or ptr->field in a register.
Use a barrier() to disallow such caching, as documented in
Documentation/atomic_ops.txt line 114
Thanks a lot to Roman for providing analysis and numerous patches.
Diagnosed-by: Roman Gushchin <klamm@yandex-team.ru>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Boris Zhmurov <zhmurov@yandex-team.ru>
Signed-off-by: Roman Gushchin <klamm@yandex-team.ru>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 2 Jun 2013 08:11:17 +0000 (17:11 +0900)]
Linux 3.10-rc4
Sergei Shtylyov [Fri, 31 May 2013 22:38:35 +0000 (02:38 +0400)]
sata_rcar: fix interrupt handling
The driver's interrupt handling code is too picky in deciding whether it should
handle an interrupt or not which causes completely unneeded spurious interrupts.
Thus make sata_rcar_{ata|serr}_interrupt() *void*; add ATA status register read
to sata_rcar_ata_interrupt() to clear an unexpected ATA interrupt -- it doesn't
get cleared by writing to the SATAINTSTAT register in the interrupt mode we use.
Also, in sata_rcar_ata_interrupt() we should check SATAINTSTAT register only for
enabled interrupts and we should clear only those interrupts that we have read
as active first time around, because else we have a race and risk clearing an
interrupt that can occur between read and write of the SATAINTSTAT register
and never registering it...
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: stable@vger.kernel.org
Linus Torvalds [Sat, 1 Jun 2013 21:24:54 +0000 (06:24 +0900)]
Merge branch 'for-3.10' of git://git./linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
"This patcheset includes fixes for:
- the PCI/LBA which brings back the stifb graphics framebuffer
console
- possible memory overflows in parisc kernel init code
- parport support on older GSC machines
- avoids that users by mistake enable PARPORT_PC_SUPERIO on parisc
- MAINTAINERS file list updates for parisc."
* 'for-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: parport0: fix this legacy no-device port driver!
parport_pc: disable PARPORT_PC_SUPERIO on parisc architecture
parisc/PCI: lba: fix: convert to pci_create_root_bus() for correct root bus resources (v2)
parisc/PCI: Set type for LBA bus_num resource
MAINTAINERS: update parisc architecture file list
parisc: kernel: using strlcpy() instead of strcpy()
parisc: rename "CONFIG_PA7100" to "CONFIG_PA7000"
parisc: fix kernel BUG at arch/parisc/include/asm/mmzone.h:50
parisc: memory overflow, 'name' length is too short for using
Helge Deller [Thu, 30 May 2013 21:06:39 +0000 (21:06 +0000)]
parisc: parport0: fix this legacy no-device port driver!
Fix the above kernel error from parport_announce_port() on 32bit GSC
machines (e.g. B160L). The parport driver requires now a pointer to the
device struct.
Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Thu, 30 May 2013 16:24:46 +0000 (16:24 +0000)]
parport_pc: disable PARPORT_PC_SUPERIO on parisc architecture
If enabled, CONFIG_PARPORT_PC_SUPERIO scans on PC-like hardware for
various super-io chips by accessing i/o ports in a range which will
crash any parisc hardware at once.
In addition, parisc has it's own incompatible superio chip
(CONFIG_SUPERIO), so if we disable PARPORT_PC_SUPERIO completely for
parisc we can avoid that people by accident enable the parport_pc
superio option too.
Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Fri, 31 May 2013 22:24:58 +0000 (22:24 +0000)]
parisc/PCI: lba: fix: convert to pci_create_root_bus() for correct root bus resources (v2)
commit
dc7dce280a
Author: Bjorn Helgaas <bhelgaas@google.com>
Date: Fri Oct 28 16:27:27 2011 -0600
parisc/PCI: lba: convert to pci_create_root_bus() for correct root bus
resources
Supply root bus resources to pci_create_root_bus() so they're correct
immediately. This fixes the problem of "early" and "header" quirks seeing
incorrect root bus resources.
added tests for elmmio_space.start while it should use
elmmio_space.flags. This for example led to incorrect resource
assignments and a non-working stifb framebuffer on most parisc machines.
LBA 10:1: PCI host bridge to bus 0000:01
pci_bus 0000:01: root bus resource [io 0x12000-0x13fff] (bus address [0x2000-0x3fff])
pci_bus 0000:01: root bus resource [mem 0xfffffffffa000000-0xfffffffffbffffff] (bus address [0xfa000000-0xfbffffff])
pci_bus 0000:01: root bus resource [mem 0xfffffffff4800000-0xfffffffff4ffffff] (bus address [0xf4800000-0xf4ffffff])
pci_bus 0000:01: root bus resource [??? 0x00000001 flags 0x0]
Signed-off-by: Helge Deller <deller@gmx.de>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Bjorn Helgaas [Thu, 30 May 2013 17:45:39 +0000 (11:45 -0600)]
parisc/PCI: Set type for LBA bus_num resource
The non-PAT resource probing code failed to set the type of the LBA bus_num
resource (
30aa80da43 "parisc/PCI: register busn_res for root buses" did
the corresponding thing for the PAT case).
This causes incorrect resource assignments and a non-working stifb
framebuffer on most parisc machines.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Thu, 30 May 2013 13:48:07 +0000 (13:48 +0000)]
MAINTAINERS: update parisc architecture file list
Signed-off-by: Helge Deller <deller@gmx.de>
Chen Gang [Thu, 30 May 2013 01:18:43 +0000 (01:18 +0000)]
parisc: kernel: using strlcpy() instead of strcpy()
'boot_args' is an input args, and 'boot_command_line' has a fix length.
So use strlcpy() instead of strcpy() to avoid memory overflow.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
Acked-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Helge Deller <deller@gmx.de>
Paul Bolle [Wed, 29 May 2013 09:56:58 +0000 (09:56 +0000)]
parisc: rename "CONFIG_PA7100" to "CONFIG_PA7000"
There's a Makefile line setting cflags for CONFIG_PA7100. But that
Kconfig macro doesn't exist. There is a Kconfig symbol PA7000, which
covers both PA7000 and PA7100 processors. So let's use the corresponding
Kconfig macro.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Tue, 28 May 2013 20:35:54 +0000 (20:35 +0000)]
parisc: fix kernel BUG at arch/parisc/include/asm/mmzone.h:50
With CONFIG_DISCONTIGMEM=y and multiple physical memory areas,
cat /proc/kpageflags triggers this kernel bug:
kernel BUG at arch/parisc/include/asm/mmzone.h:50!
CPU: 2 PID: 7848 Comm: cat Tainted: G D W 3.10.0-rc3-64bit #44
IAOQ[0]: kpageflags_read0x128/0x238
IAOQ[1]: kpageflags_read0x12c/0x238
RP(r2): proc_reg_read0xbc/0x130
Backtrace:
[<
00000000402ca2d4>] proc_reg_read0xbc/0x130
[<
0000000040235bcc>] vfs_read0xc4/0x1d0
[<
0000000040235f0c>] SyS_read0x94/0xf0
[<
0000000040105fc0>] syscall_exit0x0/0x14
kpageflags_read() walks through the whole memory, even if some memory
areas are physically not available. So, we should better not BUG on an
unavailable pfn in pfn_to_nid() but just return the expected value -1 or
0.
Signed-off-by: Helge Deller <deller@gmx.de>
Chen Gang [Mon, 27 May 2013 04:57:09 +0000 (04:57 +0000)]
parisc: memory overflow, 'name' length is too short for using
'path.bc[i]' can be asigned by PCI_SLOT() which can '> 10', so sizeof(6
* "%u:" + "%u" + '\0') may be 21.
Since 'name' length is 20, it may be memory overflow.
And 'path.bc[i]' is 'unsigned char' for printing, we can be sure the
max length of 'name' must be less than 28.
So simplify thinking, we can use 28 instead of 20 directly, and do not
think of whether 'patchc.bc[i]' can '> 100'.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Linus Torvalds [Sat, 1 Jun 2013 11:13:16 +0000 (20:13 +0900)]
Merge branch 'merge' of git://git./linux/kernel/git/benh/powerpc
Pull powerpc fixes from Ben Herrenschmidt:
"Here are a few more fixes for powerpc 3.10. It's a bit more than I
would have liked this late in the game but I suppose that's what
happens with a brand new chip generation coming out.
A few regression fixes, some last minute fixes for new P8 features
such as transactional memory,...
There's also one powerpc KVM patch that I requested that adds two
missing functions to our in-kernel interrupt controller support which
is itself a new 3.10 feature. These are defined by the base
hypervisor specification. We didn't implement them originally because
Linux doesn't use them but they are simple and I'm not comfortable
having a half-implemented interface in 3.10 and having to deal with
versionning etc... later when something starts needing those calls.
They cannot be emulated in qemu when using in-kernel interrupt
controller (not enough shared state).
Just added a last minute patch to fix a typo introducing a breakage in
our cputable for Power7+ processors, sorry about that, but the
regression it fixes just hurt me :-)"
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/cputable: Fix typo on P7+ cputable entry
powerpc/perf: Add missing SIER support
powerpc/perf: Revert to original NO_SIPR logic
powerpc/pci: Remove the unused variables in pci_process_bridge_OF_ranges
powerpc/pci: Remove the stale comments of pci_process_bridge_OF_ranges
powerpc/pseries: Always enable CONFIG_HOTPLUG_CPU on PSERIES SMP
powerpc/kvm/book3s: Add support for H_IPOLL and H_XIRR_X in XICS emulation
powerpc/32bit:Store temporary result in r0 instead of r8
powerpc/mm: Always invalidate tlb on hpte invalidate and update
powerpc/pseries: Improve stream generation comments in copypage/user
powerpc/pseries: Kill all prefetch streams on context switch
powerpc/cputable: Fix oprofile_cpu_type on power8
powerpc/mpic: Fix irq distribution problem when MPIC_SINGLE_DEST_CPU
powerpc/tm: Fix userspace stack corruption on signal delivery for active transactions
powerpc/tm: Move TM abort cause codes to uapi
powerpc/tm: Abort on emulation and alignment faults
powerpc/tm: Update cause codes documentation
powerpc/tm: Make room for hypervisor in abort cause codes
Linus Torvalds [Sat, 1 Jun 2013 11:05:20 +0000 (20:05 +0900)]
Merge git://git./linux/kernel/git/nab/target-pending
Pull scsi target fixes from Nicholas Bellinger:
"The highlights include:
- Re-instate sess->wait_list in target_wait_for_sess_cmds() for
active I/O shutdown handling in fabrics using se_cmd->cmd_kref
- Make ib_srpt call target_sess_cmd_list_set_waiting() during session
shutdown
- Fix FILEIO off-by-one READ_CAPACITY bug for !S_ISBLK export
- Fix iscsi-target login error heap buffer overflow (Kees)
- Fix iscsi-target active I/O shutdown handling regression in
v3.10-rc1
A big thanks to Kees Cook for fixing a long standing login error
buffer overflow bug.
All patches are CC'ed to stable with the exception of the v3.10-rc1
specific regression + other minor target cleanup."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
iscsi-target: Fix iscsit_free_cmd() se_cmd->cmd_kref shutdown handling
target: Propigate up ->cmd_kref put return via transport_generic_free_cmd
iscsi-target: fix heap buffer overflow on error
target/file: Fix off-by-one READ_CAPACITY bug for !S_ISBLK export
ib_srpt: Call target_sess_cmd_list_set_waiting during shutdown_session
target: Re-instate sess_wait_list for target_wait_for_sess_cmds
target: Remove unused wait_for_tasks bit in target_wait_for_sess_cmds
Linus Torvalds [Sat, 1 Jun 2013 10:55:26 +0000 (19:55 +0900)]
Merge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux
Pull clock subsystem fixes from Mike Turquette:
"A mix of small fixes affecting mostly ARM platforms as well as a
discrete clock expander chip. Most fixes are corrections to lousy
clock data of one form or another."
* tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux:
clk: mxs: Include clk mxs header file
clk: vt8500: Fix unbalanced spinlock in vt8500_dclk_set_rate()
clk: si5351: Set initial clkout rate when defined in platform data.
clk: si5351: Fix clkout rate computation.
clk: samsung: Add CLK_IGNORE_UNUSED flag for the sysreg clocks
clk: ux500: clk-sysctrl: handle clocks with no parents
clk: ux500: Provide device enumeration number suffix for SMSC911x
Linus Torvalds [Sat, 1 Jun 2013 10:53:41 +0000 (19:53 +0900)]
Merge tag 'fbdev-for-3.10-rc4' of git://git./linux/kernel/git/plagnioj/linux-fbdev
Pull fbdev fixes from Jean-Christophe PLAGNIOL-VILLARD:
"This contains some small fixes
- Atmel LCDC: fix blank the backlight on remove
- ps3fb: fix compile warning
- OMAPDSS: Fix crash with DT boot"
* tag 'fbdev-for-3.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/plagnioj/linux-fbdev:
atmel_lcdfb: blank the backlight on remove
trivial: atmel_lcdfb: add missing error message
OMAPDSS: Fix crash with DT boot
fbdev/ps3fb: fix compile warning
Linus Torvalds [Sat, 1 Jun 2013 10:51:52 +0000 (19:51 +0900)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull assorted fixes from Al Viro:
"There'll be more - I'm trying to dig out from under the pile of mail
(a couple of weeks of something flu-like ;-/) and there's several more
things waiting for review; this is just the obvious stuff."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
zoran: racy refcount handling in vm_ops ->open()/->close()
befs_readdir(): do not increment ->f_pos if filldir tells us to stop
hpfs: deadlock and race in directory lseek()
qnx6: qnx6_readdir() has a braino in pos calculation
fix buffer leak after "scsi: saner replacements for ->proc_info()"
vfs: Fix invalid ida_remove() call
Linus Torvalds [Sat, 1 Jun 2013 10:48:59 +0000 (19:48 +0900)]
Merge tag 'nfs-for-3.10-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull two NFS client fixes from Trond Myklebust:
- Fix a regression that broke NFS mounting using klibc and busybox
- Stable fix to check access modes correctly on NFSv4 delegated open()
* tag 'nfs-for-3.10-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFS: Fix security flavor negotiation with legacy binary mounts
NFSv4: Fix a thinko in nfs4_try_open_cached
Haiyang Zhang [Tue, 28 May 2013 06:15:56 +0000 (06:15 +0000)]
hyperv: Fix vlan_proto setting in netvsc_recv_callback()
Since the recent addition of 8021AD, we need to set the new field vlan_proto in
sk_buff. Otherwise, it will trigger BUG() call in vlan_proto_idx().
This patch fixes the problem.
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Wed, 29 May 2013 05:02:57 +0000 (05:02 +0000)]
team: fix port list dump for big number of ports
In case the port list dump does not fit into one skb currently the
dump would start over again. Fix this by continue from the last dumped
port.
Introduced by commit
d90f889e9c (team: handle sending port list in the
same way option list is sent)
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Wed, 29 May 2013 05:02:56 +0000 (05:02 +0000)]
list: introduce list_first_entry_or_null
non-rcu variant of list_first_or_null_rcu
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Wed, 29 May 2013 07:36:32 +0000 (07:36 +0000)]
selinux: fix the labeled xfrm/IPsec reference count handling
The SELinux labeled IPsec code was improperly handling its reference
counting, dropping a reference on a delete operation instead of on a
free/release operation.
Reported-by: Ondrej Moris <omoris@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Wed, 29 May 2013 07:36:25 +0000 (07:36 +0000)]
xfrm: force a garbage collection after deleting a policy
In some cases after deleting a policy from the SPD the policy would
remain in the dst/flow/route cache for an extended period of time
which caused problems for SELinux as its dynamic network access
controls key off of the number of XFRM policy and state entries.
This patch corrects this problem by forcing a XFRM garbage collection
whenever a policy is sucessfully removed.
Reported-by: Ondrej Moris <omoris@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pravin B Shelar [Thu, 30 May 2013 06:45:27 +0000 (06:45 +0000)]
udp6: Fix udp fragmentation for tunnel traffic.
udp6 over GRE tunnel does not work after to GRE tso changes. GRE
tso handler passes inner packet but keeps track of outer header
start in SKB_GSO_CB(skb)->mac_offset. udp6 fragment need to
take care of outer header, which start at the mac_offset, while
adding fragment header.
This bug is introduced by commit
68c3316311 (GRE: Add TCP
segmentation offload for GRE).
Reported-by: Dmitry Kravkov <dkravkov@gmail.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Tested-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jay Vosburgh [Fri, 31 May 2013 11:57:29 +0000 (11:57 +0000)]
net/core: dev_mc_sync_multiple calls wrong helper
The dev_mc_sync_multiple function is currently calling
__hw_addr_sync, and not __hw_addr_sync_multiple. This will result in
addresses only being synced to the first device from the set.
Corrected by calling the _multiple variant.
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Reviewed-by: Vlad Yasevich <vyasevic@redhat.com>
Tested-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jay Vosburgh [Fri, 31 May 2013 11:57:28 +0000 (11:57 +0000)]
net/core: __hw_addr_sync_one / _multiple broken
Currently, __hw_addr_sync_one is called in a loop by
__hw_addr_sync_multiple to sync each of a "from" device's hw addresses
to a "to" device. __hw_addr_sync_one calls __hw_addr_add_ex to attempt
to add each address. __hw_addr_add_ex is called with global=false, and
sync=true.
__hw_addr_add_ex checks to see if the new address matches an
address already on the list. If so, it tests global and sync. In this
case, sync=true, and it then checks if the address is already synced,
and if so, returns 0.
This 0 return causes __hw_addr_sync_one to increment the sync_cnt
and refcount for the "from" list's address entry, even though the address
is already synced and has a reference and sync_cnt. This will cause
the sync_cnt and refcount to increment without bound every time an
addresses is added to the "from" device and synced to the "to" device.
The fix here has two parts:
First, when __hw_addr_add_ex finds the address already exists
and is synced, return -EEXIST instead of 0.
Second, __hw_addr_sync_one checks the error return for -EEXIST,
and if so, it (a) does not add a refcount/sync_cnt, and (b) returns 0
itself so that __hw_addr_sync_multiple will not return an error.
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Reviewed-by: Vlad Yasevich <vyasevic@redhat.com>
Tested-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jay Vosburgh [Fri, 31 May 2013 11:57:27 +0000 (11:57 +0000)]
net/core: __hw_addr_unsync_one "from" address not marked synced
When an address is added to a subordinate interface (the "to"
list), the address entry in the "from" list is not marked "synced" as
the entry added to the "to" list is.
When performing the unsync operation (e.g., dev_mc_unsync),
__hw_addr_unsync_one calls __hw_addr_del_entry with the "synced"
parameter set to true for the case when the address reference is being
released from the "from" list. This causes a test inside to fail,
with the result being that the reference count on the "from" address
is not properly decremeted and the address on the "from" list will
never be freed.
Correct this by having __hw_addr_unsync_one call the
__hw_addr_del_entry function with the "sync" flag set to false for the
"remove from the from list" case.
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Reviewed-by: Vlad Yasevich <vyasevic@redhat.com>
Tested-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jay Vosburgh [Fri, 31 May 2013 11:57:26 +0000 (11:57 +0000)]
net/core: __hw_addr_create_ex does not initialize sync_cnt
The sync_cnt field is not being initialized, which can result
in arbitrary values in the field. Fixed by initializing it to zero.
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Reviewed-by: Vlad Yasevich <vyasevic@redhat.com>
Tested-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Will Schmidt [Mon, 20 May 2013 05:04:18 +0000 (05:04 +0000)]
powerpc/cputable: Fix typo on P7+ cputable entry
Fix a typo in setting COMMON_USER2_POWER7 bits to .cpu_user_features2
cpu specs table.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com>
Acked-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Nicolas Dichtel [Fri, 31 May 2013 05:37:57 +0000 (05:37 +0000)]
snmp6: remove IPSTATS_MIB_CSUMERRORS
This stat is not relevant in IPv6, there is no checksum in IPv6 header.
Just leave a comment to explain the hole.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Ellerman [Wed, 15 May 2013 20:19:31 +0000 (20:19 +0000)]
powerpc/perf: Add missing SIER support
Commit
8f61aa3 "Add support for SIER" missed updates to siar_valid()
and perf_get_data_addr().
In both cases we need to check the SIER instead of mmcra.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Ellerman [Wed, 15 May 2013 20:19:30 +0000 (20:19 +0000)]
powerpc/perf: Revert to original NO_SIPR logic
This is a revert and then some of commit
860aad7 "Add regs_no_sipr()".
This workaround was only needed on early chip versions.
As before NO_SIPR becomes a static flag of the PMU struct.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Kevin Hao [Thu, 16 May 2013 20:58:42 +0000 (20:58 +0000)]
powerpc/pci: Remove the unused variables in pci_process_bridge_OF_ranges
The codes which ever used these two variables have gone. Throw away
them too.
Signed-off-by: Kevin Hao <haokexin@gmail.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Kevin Hao [Thu, 16 May 2013 20:58:41 +0000 (20:58 +0000)]
powerpc/pci: Remove the stale comments of pci_process_bridge_OF_ranges
These comments already don't apply to the current code. So just remove
them.
Signed-off-by: Kevin Hao <haokexin@gmail.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Srivatsa S. Bhat [Tue, 21 May 2013 09:32:48 +0000 (09:32 +0000)]
powerpc/pseries: Always enable CONFIG_HOTPLUG_CPU on PSERIES SMP
Adam Lackorzynski reported the following build failure on
!CONFIG_HOTPLUG_CPU configuration:
CC arch/powerpc/kernel/rtas.o
arch/powerpc/kernel/rtas.c: In function ‘rtas_cpu_state_change_mask’:
arch/powerpc/kernel/rtas.c:843:4: error: implicit declaration of function ‘cpu_down’ [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
make[1]: *** [arch/powerpc/kernel/rtas.o] Error 1
make: *** [arch/powerpc/kernel] Error 2
The build fails because cpu_down() is defined only under CONFIG_HOTPLUG_CPU.
Looking further, the mobility code in pseries is one of the call-sites which
uses rtas_ibm_suspend_me(), which in turn calls rtas_cpu_state_change_mask().
And the mobility code is unconditionally compiled-in (it does not fall under
any Kconfig option). And commit
120496ac (powerpc: Bring all threads online
prior to migration/hibernation) which introduced this build regression is
critical for the proper functioning of the migration code. So it appears
that the only solution to this problem is to enable CONFIG_HOTPLUG_CPU if
SMP is enabled on PPC_PSERIES platforms. So make that change in the Kconfig.
Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Cc: stable@vger.kernel.org
Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Paul Mackerras [Thu, 23 May 2013 15:42:21 +0000 (15:42 +0000)]
powerpc/kvm/book3s: Add support for H_IPOLL and H_XIRR_X in XICS emulation
This adds the remaining two hypercalls defined by PAPR for manipulating
the XICS interrupt controller, H_IPOLL and H_XIRR_X. H_IPOLL returns
information about the priority and pending interrupts for a virtual
cpu, without changing any state. H_XIRR_X is like H_XIRR in that it
reads and acknowledges the highest-priority pending interrupt, but it
also returns the timestamp (timebase register value) from when the
interrupt was first received by the hypervisor. Currently we just
return the current time, since we don't do any software queueing of
virtual interrupts inside the XICS emulation code.
These hcalls are not currently used by Linux guests, but may be in
future.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Acked-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Priyanka Jain [Fri, 31 May 2013 01:20:02 +0000 (01:20 +0000)]
powerpc/32bit:Store temporary result in r0 instead of r8
Commit
a9c4e541ea9b22944da356f2a9258b4eddcc953b
"powerpc/kprobe: Complete kprobe and migrate exception frame"
introduced a regression:
While returning from exception handling in case of PREEMPT enabled,
_TIF_NEED_RESCHED bit is checked in TI_FLAGS (thread_info flag) of current
task. Only if this bit is set, it should continue with the process of
calling preempt_schedule_irq() to schedule highest priority task if
available.
Current code assumes that r8 contains TI_FLAGS and check this for
_TIF_NEED_RESCHED, but as r8 is modified in the code which executes before
this check, r8 no longer contains the expected TI_FLAGS information.
As a result check for comparison with _TIF_NEED_RESCHED was failing even if
NEED_RESCHED bit is set in the current thread_info flag. Due to this,
preempt_schedule_irq() and in turn scheduler was not getting called even if
highest priority task is ready for execution.
So, store temporary results in r0 instead of r8 to prevent r8 from getting
modified as subsequent code is dependent on its value.
Signed-off-by: Priyanka Jain <Priyanka.Jain@freescale.com>
CC: <stable@vger.kernel.org> [v3.7+]
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Aneesh Kumar K.V [Fri, 31 May 2013 01:03:24 +0000 (01:03 +0000)]
powerpc/mm: Always invalidate tlb on hpte invalidate and update
If a hash bucket gets full, we "evict" a more/less random entry from it.
When we do that we don't invalidate the TLB (hpte_remove) because we assume
the old translation is still technically "valid". This implies that when
we are invalidating or updating pte, even if HPTE entry is not valid
we should do a tlb invalidate.
This was a regression introduced by
b1022fbd293564de91596b8775340cf41ad5214c
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Wed, 29 May 2013 19:34:29 +0000 (19:34 +0000)]
powerpc/pseries: Improve stream generation comments in copypage/user
No code changes, just documenting what's happening a little better.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Wed, 29 May 2013 19:34:27 +0000 (19:34 +0000)]
powerpc/pseries: Kill all prefetch streams on context switch
On context switch, we should have no prefetch streams leak from one
userspace process to another. This frees up prefetch resources for the
next process.
Based on patch from Milton Miller.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Nishanth Aravamudan [Tue, 28 May 2013 10:39:50 +0000 (10:39 +0000)]
powerpc/cputable: Fix oprofile_cpu_type on power8
Maynard informed me that neither the oprofile kernel module nor oprofile
userspace has been updated to support that "legacy" oprofile module
interface for power8, which is indicated by "ppc64/power8." This results
in no samples. The solution is to default to the "timer" type, instead.
The raw entry also should be updated, as "ppc64/ibm-compat-v1" indicates
to oprofile userspace to use "compatibility events" which are obsolete
in ISA 2.07.
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
chenhui zhao [Mon, 27 May 2013 21:59:43 +0000 (21:59 +0000)]
powerpc/mpic: Fix irq distribution problem when MPIC_SINGLE_DEST_CPU
For the mpic with a flag MPIC_SINGLE_DEST_CPU, only one bit should be
set in interrupt destination registers.
The code is applicable to 64-bit platforms as well as 32-bit.
Signed-off-by: Zhao Chenhui <chenhui.zhao@freescale.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Sun, 26 May 2013 18:09:41 +0000 (18:09 +0000)]
powerpc/tm: Fix userspace stack corruption on signal delivery for active transactions
When in an active transaction that takes a signal, we need to be careful with
the stack. It's possible that the stack has moved back up after the tbegin.
The obvious case here is when the tbegin is called inside a function that
returns before a tend. In this case, the stack is part of the checkpointed
transactional memory state. If we write over this non transactionally or in
suspend, we are in trouble because if we get a tm abort, the program counter
and stack pointer will be back at the tbegin but our in memory stack won't be
valid anymore.
To avoid this, when taking a signal in an active transaction, we need to use
the stack pointer from the checkpointed state, rather than the speculated
state. This ensures that the signal context (written tm suspended) will be
written below the stack required for the rollback. The transaction is aborted
becuase of the treclaim, so any memory written between the tbegin and the
signal will be rolled back anyway.
For signals taken in non-TM or suspended mode, we use the
normal/non-checkpointed stack pointer.
Tested with 64 and 32 bit signals
Signed-off-by: Michael Neuling <mikey@neuling.org>
Cc: <stable@vger.kernel.org> # v3.9
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Sun, 26 May 2013 18:30:56 +0000 (18:30 +0000)]
powerpc/tm: Move TM abort cause codes to uapi
These cause codes are usable by userspace, so let's export to uapi.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Cc: <stable@vger.kernel.org> # v3.9
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Sun, 26 May 2013 18:09:39 +0000 (18:09 +0000)]
powerpc/tm: Abort on emulation and alignment faults
If we are emulating an instruction inside an active user transaction that
touches memory, the kernel can't emulate it as it operates in transactional
suspend context. We need to abort these transactions and send them back to
userspace for the hardware to rollback.
We can service these if the user transaction is in suspend mode, since the
kernel will operate in the same suspend context.
This adds a check to all alignment faults and to specific instruction
emulations (only string instructions for now). If the user process is in an
active (non-suspended) transaction, we abort the transaction go back to
userspace allowing the HW to roll back the transaction and tell the user of the
failure. This also adds new tm abort cause codes to report the reason of the
persistent error to the user.
Crappy test case here http://neuling.org/devel/junkcode/aligntm.c
Signed-off-by: Michael Neuling <mikey@neuling.org>
Cc: <stable@vger.kernel.org> # v3.9
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>