GitHub/LineageOS/android_kernel_motorola_exynos9610.git
12 years agocompat: fs: Generic compat_sys_sendfile implementation
Catalin Marinas [Wed, 19 Sep 2012 11:01:52 +0000 (12:01 +0100)]
compat: fs: Generic compat_sys_sendfile implementation

This function is used by sparc, powerpc and arm64 for compat support.
The patch adds a generic implementation which calls do_sendfile()
directly and avoids set_fs().

The sparc architecture has wrappers for the sign extensions while
powerpc relies on the compiler to do the this. The patch adds wrappers
for powerpc to handle the u32->int type conversion.

compat_sys_sendfile64() can be replaced by a sys_sendfile() call since
compat_loff_t has the same size as off_t on a 64-bit system.

On powerpc, the patch also changes the 64-bit sendfile call from
sys_sendile64 to sys_sendfile.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agofs: push rcu_barrier() from deactivate_locked_super() to filesystems
Kirill A. Shutemov [Wed, 26 Sep 2012 01:33:07 +0000 (11:33 +1000)]
fs: push rcu_barrier() from deactivate_locked_super() to filesystems

There's no reason to call rcu_barrier() on every
deactivate_locked_super().  We only need to make sure that all delayed rcu
free inodes are flushed before we destroy related cache.

Removing rcu_barrier() from deactivate_locked_super() affects some fast
paths.  E.g.  on my machine exit_group() of a last process in IPC
namespace takes 0.07538s.  rcu_barrier() takes 0.05188s of that time.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agobtrfs: reada_extent doesn't need kref for refcount
Al Viro [Wed, 29 Aug 2012 20:31:33 +0000 (16:31 -0400)]
btrfs: reada_extent doesn't need kref for refcount

All increments and decrements are under the same spinlock - have to be,
since they need to protect the radix_tree it's found in.  Just use
int, no need to wank with kref...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agocoredump: move core dump functionality into its own file
Alex Kelly [Thu, 27 Sep 2012 01:52:08 +0000 (21:52 -0400)]
coredump: move core dump functionality into its own file

This prepares for making core dump functionality optional.

The variable "suid_dumpable" and associated functions are left in fs/exec.c
because they're used elsewhere, such as in ptrace.

Signed-off-by: Alex Kelly <alex.page.kelly@gmail.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agocoredump: prevent double-free on an error path in core dumper
Denys Vlasenko [Wed, 26 Sep 2012 01:34:50 +0000 (11:34 +1000)]
coredump: prevent double-free on an error path in core dumper

In !CORE_DUMP_USE_REGSET case, if elf_note_info_init fails to allocate
memory for info->fields, it frees already allocated stuff and returns
error to its caller, fill_note_info.  Which in turn returns error to its
caller, elf_core_dump.  Which jumps to cleanup label and calls
free_note_info, which will happily try to free all info->fields again.
BOOM.

This is the fix.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Venu Byravarasu <vbyravarasu@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
12 years agousb/gadget: fix misannotations
Al Viro [Thu, 27 Sep 2012 01:43:45 +0000 (21:43 -0400)]
usb/gadget: fix misannotations

__user * != * __user

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agofcntl: fix misannotations
Al Viro [Thu, 27 Sep 2012 01:43:05 +0000 (21:43 -0400)]
fcntl: fix misannotations

__user * != * __user...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoceph: don't abuse d_delete() on failure exits
Al Viro [Thu, 27 Sep 2012 01:41:05 +0000 (21:41 -0400)]
ceph: don't abuse d_delete() on failure exits

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agohypfs: ->d_parent is never NULL or negative
Al Viro [Thu, 27 Sep 2012 01:33:07 +0000 (21:33 -0400)]
hypfs: ->d_parent is never NULL or negative

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agovfs: delete surplus inode NULL check
Alan Cox [Wed, 19 Sep 2012 14:49:51 +0000 (15:49 +0100)]
vfs: delete surplus inode NULL check

Each iteration of d_delete we reload inode from dentry->d_inode and
then call S_ISDIR(inode-i_mode), so inode cannot possibly be NULL
shortly afterwards unless something went horribly wrong.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch simple cases of fget_light to fdget
Al Viro [Tue, 28 Aug 2012 16:52:22 +0000 (12:52 -0400)]
switch simple cases of fget_light to fdget

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agonew helpers: fdget()/fdput()
Al Viro [Mon, 27 Aug 2012 23:55:01 +0000 (19:55 -0400)]
new helpers: fdget()/fdput()

Signed-off-bs: Al Viro <viro@zeniv.linux.org.uk>

12 years agoswitch o2hb_region_dev_write() to fget_light()
Al Viro [Mon, 27 Aug 2012 21:55:17 +0000 (17:55 -0400)]
switch o2hb_region_dev_write() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoproc_map_files_readdir(): don't bother with grabbing files
Al Viro [Mon, 27 Aug 2012 18:55:26 +0000 (14:55 -0400)]
proc_map_files_readdir(): don't bother with grabbing files

all we need is their ->f_mode, so just collect _that_

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agomake get_file() return its argument
Al Viro [Mon, 27 Aug 2012 18:48:26 +0000 (14:48 -0400)]
make get_file() return its argument

simplifies a bunch of callers...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agovhost_set_vring(): turn pollstart/pollstop into bool
Al Viro [Mon, 27 Aug 2012 18:21:39 +0000 (14:21 -0400)]
vhost_set_vring(): turn pollstart/pollstop into bool

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch prctl_set_mm_exe_file() to fget_light()
Al Viro [Mon, 27 Aug 2012 17:02:21 +0000 (13:02 -0400)]
switch prctl_set_mm_exe_file() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch xfs_find_handle() to fget_light()
Al Viro [Mon, 27 Aug 2012 16:59:52 +0000 (12:59 -0400)]
switch xfs_find_handle() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch xfs_swapext() to fget_light()
Al Viro [Mon, 27 Aug 2012 16:57:12 +0000 (12:57 -0400)]
switch xfs_swapext() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch coda get_device_index() to fget_light()
Al Viro [Mon, 27 Aug 2012 16:54:13 +0000 (12:54 -0400)]
switch coda get_device_index() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch infinibarf users of fget() to fget_light()
Al Viro [Mon, 27 Aug 2012 16:47:29 +0000 (12:47 -0400)]
switch infinibarf users of fget() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch vfio_group_set_container() to fget_light()
Al Viro [Mon, 27 Aug 2012 16:14:05 +0000 (12:14 -0400)]
switch vfio_group_set_container() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch btrfs_ioctl_clone() to fget_light()
Al Viro [Mon, 27 Aug 2012 07:18:55 +0000 (03:18 -0400)]
switch btrfs_ioctl_clone() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch mqueue syscalls to fget_light()
Al Viro [Mon, 27 Aug 2012 07:11:34 +0000 (03:11 -0400)]
switch mqueue syscalls to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch SNDRV_PCM_IOCTL_LINK to fget_light()
Al Viro [Mon, 27 Aug 2012 01:35:48 +0000 (21:35 -0400)]
switch SNDRV_PCM_IOCTL_LINK to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch timerfd_[sg]ettime(2) to fget_light()
Al Viro [Mon, 27 Aug 2012 01:32:02 +0000 (21:32 -0400)]
switch timerfd_[sg]ettime(2) to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch epoll_wait(2) to fget_light()
Al Viro [Mon, 27 Aug 2012 01:27:40 +0000 (21:27 -0400)]
switch epoll_wait(2) to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch btrfs_ioctl_snap_create_transid() to fget_light()
Al Viro [Mon, 27 Aug 2012 01:20:24 +0000 (21:20 -0400)]
switch btrfs_ioctl_snap_create_transid() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch EXT4_IOC_MOVE_EXT to fget_light()
Al Viro [Mon, 27 Aug 2012 01:01:46 +0000 (21:01 -0400)]
switch EXT4_IOC_MOVE_EXT to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoexport fget_light
Al Viro [Tue, 28 Aug 2012 14:19:41 +0000 (10:19 -0400)]
export fget_light

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoext4: close struct file leak on EXT4_IOC_MOVE_EXT
Al Viro [Mon, 27 Aug 2012 01:00:03 +0000 (21:00 -0400)]
ext4: close struct file leak on EXT4_IOC_MOVE_EXT

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch hpux_getdents() to fget_light()
Al Viro [Mon, 27 Aug 2012 00:41:49 +0000 (20:41 -0400)]
switch hpux_getdents() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch itanic perfmonctl(2) to fget_light()
Al Viro [Mon, 27 Aug 2012 00:39:16 +0000 (20:39 -0400)]
switch itanic perfmonctl(2) to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch osf_getdirentries() to fget_light()
Al Viro [Mon, 27 Aug 2012 00:36:23 +0000 (20:36 -0400)]
switch osf_getdirentries() to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch readahead(2) to fget_light()
Al Viro [Mon, 27 Aug 2012 00:30:57 +0000 (20:30 -0400)]
switch readahead(2) to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch fadvise(2) to fget_light()
Al Viro [Mon, 27 Aug 2012 00:27:09 +0000 (20:27 -0400)]
switch fadvise(2) to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch fchmod(2) to fget_light()
Al Viro [Mon, 27 Aug 2012 00:22:10 +0000 (20:22 -0400)]
switch fchmod(2) to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch fallocate(2) to fget_light()
Al Viro [Mon, 27 Aug 2012 00:15:40 +0000 (20:15 -0400)]
switch fallocate(2) to fget_light()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch ftruncate(2) to fget_light
Al Viro [Mon, 27 Aug 2012 00:13:36 +0000 (20:13 -0400)]
switch ftruncate(2) to fget_light

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agonamei.c: fix BS comment
Al Viro [Sun, 26 Aug 2012 16:55:54 +0000 (12:55 -0400)]
namei.c: fix BS comment

get_write_access() is needed for nfsd, not binfmt_aout (the latter
has no business doing anything of that kind, of course)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agodon't leak O_CLOEXEC into ->f_flags
Al Viro [Sun, 26 Aug 2012 15:01:04 +0000 (11:01 -0400)]
don't leak O_CLOEXEC into ->f_flags

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoprocfs: Convert /proc/pid/fdinfo/ handling routines to seq-file v2
Cyrill Gorcunov [Sun, 26 Aug 2012 14:28:20 +0000 (18:28 +0400)]
procfs: Convert /proc/pid/fdinfo/ handling routines to seq-file v2

This patch converts /proc/pid/fdinfo/ handling routines to seq-file which
is needed to extend seq operations and plug in auxiliary fdinfo provides
from subsystems like eventfd/eventpoll/fsnotify.

Note the proc_fd_link no longer call for proc_fd_info, simply because
the guts of proc_fd_info() got merged into ->show() of that seq_file

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoprocfs: Move /proc/pid/fd[info] handling code to fd.[ch]
Cyrill Gorcunov [Thu, 23 Aug 2012 10:43:24 +0000 (14:43 +0400)]
procfs: Move /proc/pid/fd[info] handling code to fd.[ch]

This patch prepares the ground for further extension of
/proc/pid/fd[info] handling code by moving fdinfo handling
code into fs/proc/fd.c.

I think such move makes both fs/proc/base.c and fs/proc/fd.c
easier to read.

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
CC: Al Viro <viro@ZenIV.linux.org.uk>
CC: Alexey Dobriyan <adobriyan@gmail.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: James Bottomley <jbottomley@parallels.com>
CC: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
CC: Alexey Dobriyan <adobriyan@gmail.com>
CC: Matthew Helsley <matt.helsley@gmail.com>
CC: "J. Bruce Fields" <bfields@fieldses.org>
CC: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agonew helper: daemonize_descriptors()
Al Viro [Wed, 22 Aug 2012 22:42:10 +0000 (18:42 -0400)]
new helper: daemonize_descriptors()

descriptor-related parts of daemonize, done right.  As the
result we simplify the locking rules for ->files - we
hold task_lock in *all* cases when we modify ->files.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch spufs/coredump to iterate_fd()
Al Viro [Wed, 22 Aug 2012 02:50:49 +0000 (22:50 -0400)]
switch spufs/coredump to iterate_fd()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agodo_coredump(): make sure that descriptor table isn't shared
Al Viro [Wed, 22 Aug 2012 02:43:47 +0000 (22:43 -0400)]
do_coredump(): make sure that descriptor table isn't shared

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agonew helper: iterate_fd()
Al Viro [Wed, 22 Aug 2012 02:32:06 +0000 (22:32 -0400)]
new helper: iterate_fd()

iterates through the opened files in given descriptor table,
calling a supplied function; we stop once non-zero is returned.
Callback gets struct file *, descriptor number and const void *
argument passed to iterator.  It is called with files->file_lock
held, so it is not allowed to block.

tty_io, netprio_cgroup and selinux flush_unauthorized_files()
converted to its use.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agomake expand_files() and alloc_fd() static
Al Viro [Wed, 22 Aug 2012 00:11:34 +0000 (20:11 -0400)]
make expand_files() and alloc_fd() static

no callers outside of fs/file.c left

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotake __{set,clear}_{open_fd,close_on_exec}() into fs/file.c
Al Viro [Wed, 22 Aug 2012 00:09:42 +0000 (20:09 -0400)]
take __{set,clear}_{open_fd,close_on_exec}() into fs/file.c

nobody uses those outside anymore.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoswitch flush_unauthorized_files() to replace_fd()
Al Viro [Tue, 21 Aug 2012 16:26:45 +0000 (12:26 -0400)]
switch flush_unauthorized_files() to replace_fd()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agonew helper: replace_fd()
Al Viro [Tue, 21 Aug 2012 16:11:46 +0000 (12:11 -0400)]
new helper: replace_fd()

analog of dup2(), except that it takes struct file * as source.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotake purely descriptor-related stuff from fcntl.c to file.c
Al Viro [Tue, 21 Aug 2012 15:48:11 +0000 (11:48 -0400)]
take purely descriptor-related stuff from fcntl.c to file.c

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotake close-on-exec logics to fs/file.c, clean it up a bit
Al Viro [Tue, 21 Aug 2012 13:56:33 +0000 (09:56 -0400)]
take close-on-exec logics to fs/file.c, clean it up a bit

... and add cond_resched() there, while we are at it.  We can
get large latencies as is...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoum: resurrect the right variant of mconsole_proc()
Al Viro [Sun, 19 Aug 2012 17:00:49 +0000 (13:00 -0400)]
um: resurrect the right variant of mconsole_proc()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotake descriptor-related part of close() to file.c
Al Viro [Sun, 19 Aug 2012 16:04:24 +0000 (12:04 -0400)]
take descriptor-related part of close() to file.c

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotake fget() and friends to fs/file.c
Al Viro [Thu, 16 Aug 2012 01:12:10 +0000 (21:12 -0400)]
take fget() and friends to fs/file.c

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoexpose a low-level variant of fd_install() for binder
Al Viro [Thu, 16 Aug 2012 01:06:33 +0000 (21:06 -0400)]
expose a low-level variant of fd_install() for binder

Similar situation to that of __alloc_fd(); do not use unless you
really have to.  You should not touch any descriptor table other
than your own; it's a sure sign of a really bad API design.

As with __alloc_fd(), you *must* use a first-class reference to
struct files_struct; something obtained by get_files_struct(some task)
(let alone direct task->files) will not do.  It must be either
current->files, or obtained by get_files_struct(current) by the
owner of that sucker and given to you.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agomove put_unused_fd() and fd_install() to fs/file.c
Al Viro [Thu, 16 Aug 2012 01:03:26 +0000 (21:03 -0400)]
move put_unused_fd() and fd_install() to fs/file.c

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotrim free_fdtable_rcu()
Al Viro [Thu, 16 Aug 2012 00:06:36 +0000 (20:06 -0400)]
trim free_fdtable_rcu()

embedded case isn't hit anymore

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agodon't bother with call_rcu() in put_files_struct()
Al Viro [Thu, 16 Aug 2012 00:00:58 +0000 (20:00 -0400)]
don't bother with call_rcu() in put_files_struct()

At that point nobody can see us anyway; everything that
looks at files_fdtable(files) is separated from the
guts of put_files_struct(files) - either since files is
current->files or because we fetched it under task_lock()
and hadn't dropped that yet, or because we'd bumped
files->count while holding task_lock()...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agomove files_struct-related bits from kernel/exit.c to fs/file.c
Al Viro [Wed, 15 Aug 2012 23:56:12 +0000 (19:56 -0400)]
move files_struct-related bits from kernel/exit.c to fs/file.c

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agonew helper: __alloc_fd()
Al Viro [Sun, 12 Aug 2012 21:27:30 +0000 (17:27 -0400)]
new helper: __alloc_fd()

Essentially, alloc_fd() in a files_struct we own a reference to.
Most of the time wanting to use it is a sign of lousy API
design (such as android/binder).  It's *not* a general-purpose
interface; better that than open-coding its guts, but again,
playing with other process' descriptor table is a sign of bad
design.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotake rlimit check to callers of expand_files()
Al Viro [Sun, 12 Aug 2012 20:17:59 +0000 (16:17 -0400)]
take rlimit check to callers of expand_files()

... except for one in android, where the check is different
and already done in caller.  No need to recalculate rlimit
many times in alloc_fd() either.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agofanotify: sanitize failure exits in copy_event_to_user()
Al Viro [Sun, 19 Aug 2012 16:30:45 +0000 (12:30 -0400)]
fanotify: sanitize failure exits in copy_event_to_user()

* do copy_to_user() before prepare_for_access_response(); that kills
the need in remove_access_response().
* don't do fd_install() until we are past the last possible failure
exit.  Don't use sys_close() on cleanup side - just put_unused_fd()
and fput().  Less racy that way...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoevents: don't use get_unused_fd_flags() when get_unused_fd() will do
Al Viro [Tue, 21 Aug 2012 13:40:46 +0000 (09:40 -0400)]
events: don't use get_unused_fd_flags() when get_unused_fd() will do

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agopipe(2) - race-free error recovery
Al Viro [Sun, 19 Aug 2012 16:17:29 +0000 (12:17 -0400)]
pipe(2) - race-free error recovery

don't mess with sys_close() if copy_to_user() fails; just postpone
fd_install() until we know it hasn't.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agobinder: don't allow mmap() by process other than proc->tsk
Al Viro [Wed, 15 Aug 2012 22:23:36 +0000 (18:23 -0400)]
binder: don't allow mmap() by process other than proc->tsk

we really shouldn't do get_files_struct() on a different process
and use it to modify the sucker later on.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoautofs4: don't open-code fd_install()
Al Viro [Sun, 12 Aug 2012 22:04:37 +0000 (18:04 -0400)]
autofs4: don't open-code fd_install()

The only difference between autofs_dev_ioctl_fd_install() and
fd_install() is __set_close_on_exec() done by the latter.  Just
use get_unused_fd_flags(O_CLOEXEC) to allocate the descriptor
and be done with that...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agomake get_unused_fd_flags() a function
Al Viro [Sun, 12 Aug 2012 21:18:05 +0000 (17:18 -0400)]
make get_unused_fd_flags() a function

... and get_unused_fd() a macro around it

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agounexport sock_map_fd(), switch to sock_alloc_file()
Al Viro [Sat, 18 Aug 2012 04:25:51 +0000 (00:25 -0400)]
unexport sock_map_fd(), switch to sock_alloc_file()

Both modular callers of sock_map_fd() had been buggy; sctp one leaks
descriptor and file if copy_to_user() fails, 9p one shouldn't be
exposing file in the descriptor table at all.

Switch both to sock_alloc_file(), export it, unexport sock_map_fd() and
make it static.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agotake descriptor handling from sock_alloc_file() to callers
Al Viro [Sat, 18 Aug 2012 03:54:15 +0000 (23:54 -0400)]
take descriptor handling from sock_alloc_file() to callers

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 years agoMerge remote branch 'origin' into for-next
Al Viro [Thu, 27 Sep 2012 01:07:20 +0000 (21:07 -0400)]
Merge remote branch 'origin' into for-next

12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Tue, 25 Sep 2012 21:20:29 +0000 (14:20 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull more networking fixes from David Miller:

 1) Eric Dumazet discovered and fixed what turned out to be a family of
    bugs.  These functions were using pskb_may_pull() which might need
    to reallocate the linear SKB data buffer, but the callers were not
    expecting this possibility.  The callers have cached pointers to the
    packet header areas, and would need to reload them if we were to
    continue using pskb_may_pull().

    So they could end up reading garbage.

    It's easier to just change these RAW4/RAW6/MIP6 routines to use
    skb_header_pointer() instead of pskb_may_pull(), which won't modify
    the linear SKB data area.

 2) Dave Jone's syscall spammer caught a case where a non-TCP socket can
    call down into the TCP keepalive code.  The case basically involves
    creating a raw socket with sk_protocol == IPPROTO_TCP, then calling
    setsockopt(sock_fd, SO_KEEPALIVE, ...)

    Fixed by Eric Dumazet.

 3) Bluetooth devices do not get configured properly while being powered
    on, resulting in always using legacy pairing instead of SSP.  Fix
    from Andrzej Kaczmarek.

 4) Bluetooth cancels delayed work erroneously, put stricter checks in
    place.  From Andrei Emeltchenko.

 5) Fix deadlock between cfg80211_mutex and reg_regdb_search_mutex in
    cfg80211, from Luis R.  Rodriguez.

 6) Fix interrupt double release in iwlwifi, from Emmanuel Grumbach.

 7) Missing module license in bcm87xx driver, from Peter Huewe.

 8) Team driver can lose port changed events when adding devices to a
    team, fix from Jiri Pirko.

 9) Fix endless loop when trying ot unregister PPPOE device in zombie
    state, from Xiaodong Xu.

10) batman-adv layer needs to set MAC address of software device
    earlier, otherwise we call tt_local_add with it uninitialized.

11) Fix handling of KSZ8021 PHYs, it's matched currently by KS8051 but
    that doesn't program the device properly.  From Marek Vasut.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  ipv6: mip6: fix mip6_mh_filter()
  ipv6: raw: fix icmpv6_filter()
  net: guard tcp_set_keepalive() to tcp sockets
  phy/micrel: Add missing header to micrel_phy.h
  phy/micrel: Rename KS80xx to KSZ80xx
  phy/micrel: Implement support for KSZ8021
  batman-adv: Fix symmetry check / route flapping in multi interface setups
  batman-adv: Fix change mac address of soft iface.
  pppoe: drop PPPOX_ZOMBIEs in pppoe_release
  team: send port changed when added
  ipv4: raw: fix icmp_filter()
  net/phy/bcm87xx: Add MODULE_LICENSE("GPL") to GPL driver
  iwlwifi: don't double free the interrupt in failure path
  cfg80211: fix possible circular lock on reg_regdb_search()
  Bluetooth: Fix not removing power_off delayed work
  Bluetooth: Fix freeing uninitialized delayed works
  Bluetooth: mgmt: Fix enabling LE while powered off
  Bluetooth: mgmt: Fix enabling SSP while powered off

12 years agoipv6: mip6: fix mip6_mh_filter()
Eric Dumazet [Tue, 25 Sep 2012 20:01:28 +0000 (22:01 +0200)]
ipv6: mip6: fix mip6_mh_filter()

mip6_mh_filter() should not modify its input, or else its caller
would need to recompute ipv6_hdr() if skb->head is reallocated.

Use skb_header_pointer() instead of pskb_may_pull()

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge
David S. Miller [Tue, 25 Sep 2012 17:24:02 +0000 (13:24 -0400)]
Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge

Included fixes:
- fix the behaviour of batman-adv in case of virtual interface MAC change event
- fix symmetric link check in neighbour selection

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoipv6: raw: fix icmpv6_filter()
Eric Dumazet [Tue, 25 Sep 2012 07:03:40 +0000 (07:03 +0000)]
ipv6: raw: fix icmpv6_filter()

icmpv6_filter() should not modify its input, or else its caller
would need to recompute ipv6_hdr() if skb->head is reallocated.

Use skb_header_pointer() instead of pskb_may_pull() and
change the prototype to make clear both sk and skb are const.

Also, if icmpv6 header cannot be found, do not deliver the packet,
as we do in IPv4.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh
Linus Torvalds [Tue, 25 Sep 2012 16:20:48 +0000 (09:20 -0700)]
Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh

Pull SuperH fix from Paul Mundt:
 "One last minute regression fix.."

* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
  sh: pfc: Fix up GPIO mux type reconfig case.

12 years agoMerge branch 'akpm' (sundry from Andrew)
Linus Torvalds [Tue, 25 Sep 2012 16:00:02 +0000 (09:00 -0700)]
Merge branch 'akpm' (sundry from Andrew)

Merge misc fixes from Andrew Morton:
 "One maintainer change and three bugfixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (4 commits)
  c/r: prctl: fix build error for no-MMU case
  lib/flex_proportions.c: fix corruption of denominator in flexible proportions
  checksyscalls: fix "here document" handling
  pwm-backlight: take over maintenance

12 years agoc/r: prctl: fix build error for no-MMU case
Mark Salter [Tue, 25 Sep 2012 00:17:38 +0000 (17:17 -0700)]
c/r: prctl: fix build error for no-MMU case

Commit 1ad75b9e1628 ("c/r: prctl: add minimal address test to
PR_SET_MM") added some address checking to prctl_set_mm() used by
checkpoint-restore.  This causes a build error for no-MMU systems:

   kernel/sys.c: In function 'prctl_set_mm':
   kernel/sys.c:1868:34: error: 'mmap_min_addr' undeclared (first use in this function)

The test for mmap_min_addr doesn't make a lot of sense for no-MMU code
as noted in commit 6e1415467614 ("NOMMU: Optimise away the
{dac_,}mmap_min_addr tests").

This patch defines mmap_min_addr as 0UL in the no-MMU case so that the
compiler will optimize away tests for "addr < mmap_min_addr".

Signed-off-by: Mark Salter <msalter@redhat.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: <stable@vger.kernel.org> [3.6.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agolib/flex_proportions.c: fix corruption of denominator in flexible proportions
Jan Kara [Tue, 25 Sep 2012 00:17:35 +0000 (17:17 -0700)]
lib/flex_proportions.c: fix corruption of denominator in flexible proportions

When racing with CPU hotplug, percpu_counter_sum() can return negative
values for the number of observed events.

This confuses fprop_new_period(), which uses unsigned type and as a
result number of events is set to big *positive* number.  From that
moment on, things go pear shaped and can result e.g.  in division by
zero as denominator is later truncated to 32-bits.

This bug causes a divide-by-zero oops in bdi_dirty_limit() in Borislav's
3.6.0-rc6 based kernel.

Fix the issue by using a signed type in fprop_new_period().  That makes
us bail out from the function without doing anything (mistakenly)
thinking there are no events to age.  That makes aging somewhat
inaccurate but getting accurate data would be rather hard.

Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: Borislav Petkov <bp@amd64.org>
Reported-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agochecksyscalls: fix "here document" handling
Heiko Carstens [Tue, 25 Sep 2012 00:17:33 +0000 (17:17 -0700)]
checksyscalls: fix "here document" handling

"echo" doesn't read from stdin, therefore the checksyscalls script didn't
warn about not implemented system calls anymore since 29dc54c6
("checksyscalls: Use arch/x86/syscalls/syscall_32.tbl as source").

Use "cat" instead of "echo" which handles this correctly.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: H. Peter Anvin <hpa@linux.intel.com>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agopwm-backlight: take over maintenance
Thierry Reding [Tue, 25 Sep 2012 00:17:30 +0000 (17:17 -0700)]
pwm-backlight: take over maintenance

Since the pwm-backlight driver is lacking a proper maintainer and is the
heaviest user of the PWM framework I'm taking over maintenance.

Signed-off-by: Thierry Reding <thierry.reding@avionic-design.de>
Acked-by: Arun Murthy <arun.murthy@stericsson.com>
Cc: Matthew Garrett <mjg@redhat.com>
Cc: Robert Morell <rmorell@nvidia.com>
Cc: Dilan Lee <dilee@nvidia.com>
Cc: Axel Lin <axel.lin@gmail.com>
Cc: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: Alexandre Courbot <acourbot@nvidia.com>
Acked-by: Sachin Kamat <sachin.kamat@linaro.org>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agosh: pfc: Fix up GPIO mux type reconfig case.
Paul Mundt [Tue, 25 Sep 2012 02:51:05 +0000 (11:51 +0900)]
sh: pfc: Fix up GPIO mux type reconfig case.

Some drivers need to switch pin states between GPIO and pin function at
runtime, which was inadvertently broken in the pinctrl driver for GPIOs
being bound to a specific direction.

This fixes up the request path to ensure that previously configured GPIOs
don't cause us to inadvertently error out with an unsupported mux on
reconfig, which in practice is primarily aimed at trapping pull-up/down
users that have yet to be implemented under the new API.

Fixes up regressions in the TPU PWM driver, amongst others.

Reported-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Tested-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
12 years agoMerge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville...
David S. Miller [Tue, 25 Sep 2012 02:00:00 +0000 (22:00 -0400)]
Merge branch 'for-davem' of git://git./linux/kernel/git/linville/wireless

John W. Linville says:

====================
Please pull this last(?) batch of fixes intended for 3.6...

For the Bluetooth bits, Gustavo says this:

"Here goes probably my last update to 3.6. It includes the two patches
you were ok last week(from Andrzej Kaczmarek), those are critical
ones, and two other fixes one for a system crash and the other for
a missing lockdep annotation."

The referenced fixes from Andrzej prevent attempts to configure devices
that are powered-off.

Along with the Bluetooth fixes, there are a couple of 802.11 fixes.
Emmanuel Grumbach gives us an iwlwifi fix to prevent releasing an
interrupt twice.  Luis R. Rodriguez provides a fix for a possible
circular lock dependency in the cfg80211 regulatory enforcement code.

All of these have been in linux-next for a few days.  I hope they are
not too late to make the 3.6 release!
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile
Linus Torvalds [Mon, 24 Sep 2012 23:17:17 +0000 (16:17 -0700)]
Merge git://git./linux/kernel/git/cmetcalf/linux-tile

Pull tile gxio ABI fix from Chris Metcalf:
 "This fixes a last-minute change in the Tilera hypervisor ABI for TRIO
  (PCI root complex) support.  We've locked in this ABI going forward
  and will make sure no further ABI changes like this occur."

* git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
  tile: gxio iorpc numbering change for TRIO interface

12 years agoMerge tag 'vfio-for-linus' of git://github.com/awilliam/linux-vfio
Linus Torvalds [Mon, 24 Sep 2012 23:16:33 +0000 (16:16 -0700)]
Merge tag 'vfio-for-linus' of git://github.com/awilliam/linux-vfio

Pull vfio fixes from Alex Williamson:
 "VFIO doc update and virqfd race fix"

* tag 'vfio-for-linus' of git://github.com/awilliam/linux-vfio:
  vfio: Fix virqfd release race
  vfio: Trivial Documentation correction

12 years agoMerge tag 'stable/for-linus-3.6-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Mon, 24 Sep 2012 23:14:34 +0000 (16:14 -0700)]
Merge tag 'stable/for-linus-3.6-rc7-tag' of git://git./linux/kernel/git/konrad/xen

Pull a Xen fix from Konrad Rzeszutek Wilk:
 "It is a bug-fix when we run the initial PV guest on a AMD K8 machine
  and have CONFIG_AMD_NUMA enabled and detect the NUMA topology from the
  Northbridge.

  We end up in the situation where the initial domain gets too much
  information and gets confused and crashes - the fix is to restrict the
  domain to get the information - and we do it by just disabling NUMA on
  the PV guest (the hypervisor is still able to do its proper NUMA
  allocations of guests).

  It is OK to disable the PV guest from accessing NUMA data as right now
  we do not inject any NUMA node information to the PV guests.  When we
  do get to that point, then this patch will have to be reverted."

 * Disable PV NUMA support as we do not do anything with it (yet) and it
   can cause bootup crashes on certain AMD machines.

* tag 'stable/for-linus-3.6-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen/boot: Disable NUMA for PV guests.

12 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph...
Linus Torvalds [Mon, 24 Sep 2012 23:13:49 +0000 (16:13 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client

Pull two ceph fixes from Sage Weil:
 "The first fixes a leak in the rbd setup error path, and the second
  fixes a more serious problem with mismatched kmap/kunmap that surfaced
  after the recent refactoring work."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  libceph: only kunmap kmapped pages
  rbd: drop dev reference on error in rbd_open()

12 years agonet: guard tcp_set_keepalive() to tcp sockets
Eric Dumazet [Mon, 24 Sep 2012 07:00:11 +0000 (07:00 +0000)]
net: guard tcp_set_keepalive() to tcp sockets

Its possible to use RAW sockets to get a crash in
tcp_set_keepalive() / sk_reset_timer()

Fix is to make sure socket is a SOCK_STREAM one.

Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agophy/micrel: Add missing header to micrel_phy.h
Marek Vasut [Sun, 23 Sep 2012 16:58:51 +0000 (16:58 +0000)]
phy/micrel: Add missing header to micrel_phy.h

The license header was missing in micrel_phy.h . This patch adds
one.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: David J. Choi <david.choi@micrel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agophy/micrel: Rename KS80xx to KSZ80xx
Marek Vasut [Sun, 23 Sep 2012 16:58:50 +0000 (16:58 +0000)]
phy/micrel: Rename KS80xx to KSZ80xx

There is no such part as KS8001, KS8041 or KS8051. There are only
KSZ8001, KSZ8041 and KSZ8051. Rename these parts as such to match
the Micrel naming.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: David J. Choi <david.choi@micrel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Cc: Linux ARM kernel <linux-arm-kernel@lists.infradead.org>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Shawn Guo <shawn.guo@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agophy/micrel: Implement support for KSZ8021
Marek Vasut [Sun, 23 Sep 2012 16:58:49 +0000 (16:58 +0000)]
phy/micrel: Implement support for KSZ8021

The KSZ8021 PHY was previously caught by KS8051, which is not correct.
This PHY needs additional setup if it is strapped for address 0. In such
case an reserved bit must be written in the 0x16, "Operation Mode Strap
Override" register. According to the KS8051 datasheet, that bit means
"PHY Address 0 in non-broadcast" and it indeed behaves as such on KSZ8021.
The issue where the ethernet controller (Freescale FEC) did not communicate
with network is fixed by writing this bit as 1.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: David J. Choi <david.choi@micrel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agotile: gxio iorpc numbering change for TRIO interface
Chris Metcalf [Mon, 24 Sep 2012 18:57:58 +0000 (14:57 -0400)]
tile: gxio iorpc numbering change for TRIO interface

An ABI numbering change was made in the hypervisor for Tilera's 4.1
MDE release (just shipped).  It's incompatible with the previous 4.0
release ABI numbering, so we track the new numbering going forward.
We plan to avoid modifying ABI numbering for these interfaces again.

Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
12 years agoxen/boot: Disable NUMA for PV guests.
Konrad Rzeszutek Wilk [Fri, 17 Aug 2012 14:22:37 +0000 (10:22 -0400)]
xen/boot: Disable NUMA for PV guests.

The hypervisor is in charge of allocating the proper "NUMA" memory
and dealing with the CPU scheduler to keep them bound to the proper
NUMA node. The PV guests (and PVHVM) have no inkling of where they
run and do not need to know that right now. In the future we will
need to inject NUMA configuration data (if a guest spans two or more
NUMA nodes) so that the kernel can make the right choices. But those
patches are not yet present.

In the meantime, disable the NUMA capability in the PV guest, which
also fixes a bootup issue. Andre says:

"we see Dom0 crashes due to the kernel detecting the NUMA topology not
by ACPI, but directly from the northbridge (CONFIG_AMD_NUMA).

This will detect the actual NUMA config of the physical machine, but
will crash about the mismatch with Dom0's virtual memory. Variation of
the theme: Dom0 sees what it's not supposed to see.

This happens with the said config option enabled and on a machine where
this scanning is still enabled (K8 and Fam10h, not Bulldozer class)

We have this dump then:
NUMA: Warning: node ids are out of bound, from=-1 to=-1 distance=10
Scanning NUMA topology in Northbridge 24
Number of physical nodes 4
Node 0 MemBase 0000000000000000 Limit 0000000040000000
Node 1 MemBase 0000000040000000 Limit 0000000138000000
Node 2 MemBase 0000000138000000 Limit 00000001f8000000
Node 3 MemBase 00000001f8000000 Limit 0000000238000000
Initmem setup node 0 0000000000000000-0000000040000000
  NODE_DATA [000000003ffd9000 - 000000003fffffff]
Initmem setup node 1 0000000040000000-0000000138000000
  NODE_DATA [0000000137fd9000 - 0000000137ffffff]
Initmem setup node 2 0000000138000000-00000001f8000000
  NODE_DATA [00000001f095e000 - 00000001f0984fff]
Initmem setup node 3 00000001f8000000-0000000238000000
Cannot find 159744 bytes in node 3
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff81d220e6>] __alloc_bootmem_node+0x43/0x96
Pid: 0, comm: swapper Not tainted 3.3.6 #1 AMD Dinar/Dinar
RIP: e030:[<ffffffff81d220e6>]  [<ffffffff81d220e6>] __alloc_bootmem_node+0x43/0x96
.. snip..
  [<ffffffff81d23024>] sparse_early_usemaps_alloc_node+0x64/0x178
  [<ffffffff81d23348>] sparse_init+0xe4/0x25a
  [<ffffffff81d16840>] paging_init+0x13/0x22
  [<ffffffff81d07fbb>] setup_arch+0x9c6/0xa9b
  [<ffffffff81683954>] ? printk+0x3c/0x3e
  [<ffffffff81d01a38>] start_kernel+0xe5/0x468
  [<ffffffff81d012cf>] x86_64_start_reservations+0xba/0xc1
  [<ffffffff81007153>] ? xen_setup_runstate_info+0x2c/0x36
  [<ffffffff81d050ee>] xen_start_kernel+0x565/0x56c
"

so we just disable NUMA scanning by setting numa_off=1.

CC: stable@vger.kernel.org
Reported-and-Tested-by: Andre Przywara <andre.przywara@amd.com>
Acked-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
12 years agoLinux 3.6-rc7
Linus Torvalds [Mon, 24 Sep 2012 01:10:57 +0000 (18:10 -0700)]
Linux 3.6-rc7

12 years agoMerge branch 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Linus Torvalds [Sun, 23 Sep 2012 22:40:58 +0000 (15:40 -0700)]
Merge branch 'rc-fixes' of git://git./linux/kernel/git/mmarek/kbuild

Pull kbuild fixes from Michal Marek:
 "There are two more kbuild fixes for 3.6.

  One fixes a race between x86's archscripts target and the rule
  (re)building scripts/basic/fixdep.  The second is a fix for the
  previous attempt at fixing make firmware_install with make 3.82.
  This new solution should work with any version of GNU make"

* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  x86/kbuild: archscripts depends on scripts_basic
  firmware: fix directory creation rule matching with make 3.80

12 years agoMerge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelv...
Linus Torvalds [Sun, 23 Sep 2012 21:50:15 +0000 (14:50 -0700)]
Merge branch 'hwmon-for-linus' of git://git./linux/kernel/git/jdelvare/staging

Pull hwmon subsystem fixes from Jean Delvare.

* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  hwmon: (fam15h_power) Tweak runavg_range on resume
  hwmon: (coretemp) Use get_online_cpus to avoid races involving CPU hotplug
  hwmon: (via-cputemp) Use get_online_cpus to avoid races involving CPU hotplug

12 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Sun, 23 Sep 2012 21:48:28 +0000 (14:48 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of four essential fixes: two oops related (bnx2i,
  virtio-scsi), one data corruption related (hpsa) and one failure to
  boot due to interrupt routing issues (mpt2ss).

Signed-off-by: James Bottomley <JBottomley@Parallels.com>"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] hpsa: fix handling of protocol error
  [SCSI] mpt2sas: Fix for issue - Unable to boot from the drive connected to HBA
  [SCSI] bnx2i: Fixed NULL ptr deference for 1G bnx2 Linux iSCSI offload
  [SCSI] scsi: virtio-scsi: Fix address translation failure of HighMem pages used by sg list

12 years agoedac_mc: edac_mc_free() cannot assume mem_ctl_info is registered in sysfs.
Shaun Ruffell [Sun, 23 Sep 2012 01:26:38 +0000 (20:26 -0500)]
edac_mc: edac_mc_free() cannot assume mem_ctl_info is registered in sysfs.

Fix potential NULL pointer dereference in edac_unregister_sysfs() on
system boot introduced in 3.6-rc1.

Since commit 7a623c039 ("edac: rewrite the sysfs code to use struct
device") edac_mc_alloc() no longer initializes embedded kobjects in
struct mem_ctl_info.  Therefore edac_mc_free() can no longer simply
decrement a kobject reference count to free the allocated memory unless
the memory controller driver module had also called edac_mc_add_mc().

Now edac_mc_free() will check if the newly embedded struct device has
been registered with sysfs before using either the standard device
release functions or freeing the data structures itself with logic
pulled out of the error path of edac_mc_alloc().

The BUG this patch resolves for me:

  BUG: unable to handle kernel NULL pointer dereference at   (null)
  EIP is at __wake_up_common+0x1a/0x6a
  Process modprobe (pid: 933, ti=f3dc6000 task=f3db9520 task.ti=f3dc6000)
  Call Trace:
    complete_all+0x3f/0x50
    device_pm_remove+0x23/0xa2
    device_del+0x34/0x142
    edac_unregister_sysfs+0x3b/0x5c [edac_core]
    edac_mc_free+0x29/0x2f [edac_core]
    e7xxx_probe1+0x268/0x311 [e7xxx_edac]
    e7xxx_init_one+0x56/0x61 [e7xxx_edac]
    local_pci_probe+0x13/0x15
  ...

Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Cc: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agoedac_mc: fix messy kfree calls in the error path
Fengguang Wu [Sun, 23 Sep 2012 00:18:06 +0000 (08:18 +0800)]
edac_mc: fix messy kfree calls in the error path

coccinelle warns about:

+ drivers/edac/edac_mc.c:429:9-23: ERROR: reference preceded by free on line 429

   421         if (mci->csrows) {
 > 422                 for (chn = 0; chn < tot_channels; chn++) {
   423                         csr = mci->csrows[chn];
   424                         if (csr) {
 > 425                                 for (chn = 0; chn < tot_channels; chn++)
   426                                          kfree(csr->channels[chn]);
   427                                  kfree(csr);
   428                          }
 > 429                          kfree(mci->csrows[i]);
   430                  }
   431                  kfree(mci->csrows);
   432          }

and that code block seem to mess things up in several ways (double free, memory
leak, out-of-bound reads etc.):

L422: The iterator "chn" and bound "tot_channels" are totally wrong. Should be
      "row" and "tot_csrows" respectively. Which means either memory leak, or
      out-of-bound reads (which if does not trigger an immediate page fault
      error, will further lead to kfree() on random addresses).

L425: The inner loop is reusing the same iterator "chn" as the outer loop,
      which could lead to premature end of the outer loop, and hence memory leak.

L429: The array index 'i' in mci->csrows[i] is a temporary value used in
      previous loops, and won't change at all in the current loop. Which
      means either out-of-bound read and possibly kfree(random number), or the
      same mci->csrows[i] get freed once and again, and possibly double free
      for the kfree(csr) in L427.

L426/L427: a kfree(csr->channels) is needed in between to avoid leaking the memory.

The buggy code was introduced by commit de3910eb ("edac: change the mem
allocation scheme to make Documentation/kobject.txt happy") in the 3.6-rc1
merge window. Fix it by freeing up resources in this order:

  free csrows[i]->channels[j]
  free csrows[i]->channels
  free csrows[i]
  free csrows

CC: Mauro Carvalho Chehab <mchehab@redhat.com>
CC: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>