Al Viro [Thu, 4 Sep 2014 13:38:11 +0000 (09:38 -0400)]
udf: fix the udf_iget() vs. udf_new_inode() races
Currently udf_iget() (triggered by NFS) can race with udf_new_inode()
leading to two inode structures with the same inode number:
nfsd: iget_locked() creates inode
nfsd: try to read from disk, block on that.
udf_new_inode(): allocate inode with that inumber
udf_new_inode(): insert it into icache, set it up and dirty
udf_write_inode(): write inode into buffer cache
nfsd: get CPU again, look into buffer cache, see nice and sane on-disk
inode, set the in-core inode from it
Fix the problem by putting inode into icache in locked state (I_NEW set)
and unlocking it only after it's fully set up.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jan Kara <jack@suse.cz>
Al Viro [Thu, 4 Sep 2014 13:34:14 +0000 (09:34 -0400)]
udf: merge the pieces inserting a new non-directory object into directory
boilerplate code in udf_{create,mknod,symlink} taken to new helper
symlink case converted to unique id calculated by udf_new_inode() - no
point finding a new one.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jan Kara <jack@suse.cz>
Jan Kara [Thu, 4 Sep 2014 14:26:19 +0000 (16:26 +0200)]
udf: Set i_generation field
Currently UDF doesn't initialize i_generation in any way and thus NFS
can easily get reallocated inodes from stale file handles. Luckily UDF
already has a unique object identifier associated with each inode -
i_unique. Use that for initialization of i_generation.
Signed-off-by: Jan Kara <jack@suse.cz>
Jan Kara [Thu, 4 Sep 2014 14:19:47 +0000 (16:19 +0200)]
udf: Properly detect stale inodes
NFS can easily ask for inodes that are already deleted. Currently UDF
happily returns such inodes which is a bug. Return -ESTALE if
udf_read_inode() is asked to read deleted inode.
Signed-off-by: Jan Kara <jack@suse.cz>
Jan Kara [Thu, 4 Sep 2014 14:15:51 +0000 (16:15 +0200)]
udf: Make udf_read_inode() and udf_iget() return error
Currently __udf_read_inode() wasn't returning anything and we found out
whether we succeeded reading inode by checking whether inode is bad or
not. udf_iget() returned NULL on failure and inode pointer otherwise.
Make these two functions properly propagate errors up the call stack and
use the return value in callers.
Signed-off-by: Jan Kara <jack@suse.cz>
Jan Kara [Thu, 4 Sep 2014 12:06:55 +0000 (14:06 +0200)]
udf: Avoid infinite loop when processing indirect ICBs
We did not implement any bound on number of indirect ICBs we follow when
loading inode. Thus corrupted medium could cause kernel to go into an
infinite loop, possibly causing a stack overflow.
Fix the possible stack overflow by removing recursion from
__udf_read_inode() and limit number of indirect ICBs we follow to avoid
infinite loops.
Signed-off-by: Jan Kara <jack@suse.cz>
Jan Kara [Thu, 4 Sep 2014 11:32:50 +0000 (13:32 +0200)]
udf: Fold udf_fill_inode() into __udf_read_inode()
There's no good reason to separate these since udf_fill_inode() is
called only from __udf_read_inode() and both do part of the same thing.
Signed-off-by: Jan Kara <jack@suse.cz>
Jan Kara [Thu, 4 Sep 2014 09:47:51 +0000 (11:47 +0200)]
udf: Avoid dir link count to go negative
If we are writing back inode of unlinked directory, its link count ends
up being (u16)-1. Although the inode is deleted, udf_iget() can load the
inode when NFS uses stale file handle and get confused.
Signed-off-by: Jan Kara <jack@suse.cz>
Linus Torvalds [Thu, 4 Sep 2014 00:26:12 +0000 (17:26 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
Pull input subsystem updates from Dmitry Torokhov:
"A fix for MT breakage, enhancement to Elantech PS/2 driver and a
couple of assorted fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: elantech - add support for trackpoint found on some v3 models
Input: elantech - reset the device when elantech probe fails
Input: ALPS - suppress message about 'Unknown touchpad'
Input: fix used slots detection breakage
Input: sparc - i8042-sparcio.h: fix unused kbd_res warning
Input: atmel_mxt_ts - improve description of gpio-keymap property
Linus Torvalds [Thu, 4 Sep 2014 00:24:58 +0000 (17:24 -0700)]
Merge tag 'regmap-v3.17-rc1' of git://git./linux/kernel/git/broonie/regmap
Pull regmap fixes from Mark Brown:
"Several bug fixes for issues that have been lurking for a while:
- Check that devices haven't set the flag saying they only support
register at a time operation while we're doing cache syncs,
otherwise we fail to restore caches
- Ensure that we don't mark all registers on devices using
format_write() as cacheable, avoiding adding a cache of things like
reset registers which we don't want to rewrite during cache sync
- Make sure we create the debugfs files in the correct directory"
* tag 'regmap-v3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: Don't attempt block writes when syncing cache on single_rw devices
regmap: Fix handling of volatile registers for format_write() chips
regmap: Fix regcache debugfs initialization
Linus Torvalds [Wed, 3 Sep 2014 17:10:28 +0000 (10:10 -0700)]
Merge tag 'for-f2fs-3.17-rc4' of git://git./linux/kernel/git/jaegeuk/f2fs
Pull f2fs bug fixes from Jaegeuk Kim:
"This series includes patches to:
- fix recovery routines
- fix bugs related to inline_data/xattr
- fix when casting the dentry names
- handle EIO or ENOMEM correctly
- fix memory leak
- fix lock coverage"
* tag 'for-f2fs-3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (28 commits)
f2fs: reposition unlock_new_inode to prevent accessing invalid inode
f2fs: fix wrong casting for dentry name
f2fs: simplify by using a literal
f2fs: truncate stale block for inline_data
f2fs: use macro for code readability
f2fs: introduce need_do_checkpoint for readability
f2fs: fix incorrect calculation with total/free inode num
f2fs: remove rename and use rename2
f2fs: skip if inline_data was converted already
f2fs: remove rewrite_node_page
f2fs: avoid double lock in truncate_blocks
f2fs: prevent checkpoint during roll-forward
f2fs: add WARN_ON in f2fs_bug_on
f2fs: handle EIO not to break fs consistency
f2fs: check s_dirty under cp_mutex
f2fs: unlock_page when node page is redirtied out
f2fs: introduce f2fs_cp_error for readability
f2fs: give a chance to mount again when encountering errors
f2fs: trigger release_dirty_inode in f2fs_put_super
f2fs: don't skip checkpoint if there is no dirty node pages
...
Linus Torvalds [Wed, 3 Sep 2014 17:09:40 +0000 (10:09 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/linux-security
Pull key subsystem fixes from James Morris:
"Fixes for the keys subsystem, one of which addresses a use-after-free
bug"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
PEFILE: Relax the check on the length of the PKCS#7 cert
KEYS: Fix use-after-free in assoc_array_gc()
KEYS: Fix public_key asymmetric key subtype name
KEYS: Increase root_maxkeys and root_maxbytes sizes
Noam Camus [Wed, 3 Sep 2014 11:41:11 +0000 (14:41 +0300)]
ARC: [mm] Fix compilation breakage
Structure name and variable name were erroneously interchanged
Signed-off-by: Noam Camus <noamc@ezchip.com>
Acked-by: Vineet Gupta <vgupta@synopsys.com>
[ Also removed pointless cast from "void *". - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 3 Sep 2014 15:59:45 +0000 (08:59 -0700)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull more arm64 fixes from Will Deacon:
"Another handful of arm64 fixes here. They address some issues found
by running smatch on the arch code (ignoring the false positives) and
also stop 32-bit Android from losing track of its stack.
There's one additional irq migration fix in the pipeline, but it came
in after I'd tagged and tested this set.
- a few fixes for real issues found by smatch (after Dan's talk at KS)
- revert the /proc/cpuinfo changes merged during the merge window.
We've opened a can of worms here, so we need to find out where we
stand before we change this interface.
- implement KSTK_ESP for compat tasks, otherwise 32-bit Android gets
confused wondering where its [stack] has gone
- misc fixes (fpsimd context handling, crypto, ...)"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
Revert "arm64: cpuinfo: print info for all CPUs"
arm64: fix bug for reloading FPSIMD state after cpu power off
arm64: report correct stack pointer in KSTK_ESP for compat tasks
arm64: Add brackets around user_stack_pointer()
arm64: perf: don't rely on layout of pt_regs when grabbing sp or pc
arm64: ptrace: fix compat reg getter/setter return values
arm64: ptrace: fix compat hardware watchpoint reporting
arm64: Remove unused variable in head.S
arm64/crypto: remove redundant update of data
Linus Torvalds [Wed, 3 Sep 2014 15:45:48 +0000 (08:45 -0700)]
Merge tag 'pci-v3.17-fixes-1' of git://git./linux/kernel/git/helgaas/pci
Pull PCI fix from Bjorn Helgaas:
"This fixes an ARM allmodconfig build problem:
Remove module option for ST Microelectronics SPEAr13xx"
* tag 'pci-v3.17-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: spear: Remove module option
Linus Torvalds [Wed, 3 Sep 2014 15:44:55 +0000 (08:44 -0700)]
Merge branch 'leds-fixes-for-3.17' of git://git./linux/kernel/git/cooloney/linux-leds
Pull LED fix from Bryan Wu:
"Hugh, Jiri and many other people found a kernel oops due to a LED
change merged recently. Now the right fix might just revert it and
avoid the kernel oops"
* 'leds-fixes-for-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
Revert "leds: convert blink timer to workqueue"
David Howells [Tue, 2 Sep 2014 12:52:28 +0000 (13:52 +0100)]
PEFILE: Relax the check on the length of the PKCS#7 cert
Relax the check on the length of the PKCS#7 cert as it appears that the PE
file wrapper size gets rounded up to the nearest 8.
The debugging output looks like this:
PEFILE: ==> verify_pefile_signature()
PEFILE: ==> pefile_parse_binary()
PEFILE: checksum @ 110
PEFILE: header size = 200
PEFILE: cert = 968 @547be0 [68 09 00 00 00 02 02 00 30 82 09 56 ]
PEFILE: sig wrapper = { 968, 200, 2 }
PEFILE: Signature data not PKCS#7
The wrapper is the first 8 bytes of the hex dump inside []. This indicates a
length of 0x968 bytes, including the wrapper header - so 0x960 bytes of
payload.
The ASN.1 wrapper begins [ ... 30 82 09 56 ]. That indicates an object of size
0x956 - a four byte discrepency, presumably just padding for alignment
purposes.
So we just check that the ASN.1 container is no bigger than the payload and
reduce the recorded size appropriately.
Whilst we're at it, allow shorter PKCS#7 objects that manage to squeeze within
127 or 255 bytes. It's just about conceivable if no X.509 certs are included
in the PKCS#7 message.
Reported-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Peter Jones <pjones@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
David Howells [Tue, 2 Sep 2014 12:52:20 +0000 (13:52 +0100)]
KEYS: Fix use-after-free in assoc_array_gc()
An edit script should be considered inaccessible by a function once it has
called assoc_array_apply_edit() or assoc_array_cancel_edit().
However, assoc_array_gc() is accessing the edit script just after the
gc_complete: label.
Reported-by: Andreea-Cristina Bernat <bernat.ada@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Andreea-Cristina Bernat <bernat.ada@gmail.com>
cc: shemming@brocade.com
cc: paulmck@linux.vnet.ibm.com
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
David Howells [Tue, 2 Sep 2014 12:52:10 +0000 (13:52 +0100)]
KEYS: Fix public_key asymmetric key subtype name
The length of the name of an asymmetric key subtype must be stored in struct
asymmetric_key_subtype::name_len so that it can be matched by a search for
"<subkey_name>:<partial_fingerprint>". Fix the public_key subtype to have
name_len set.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Steve Dickson [Tue, 2 Sep 2014 12:52:05 +0000 (13:52 +0100)]
KEYS: Increase root_maxkeys and root_maxbytes sizes
Now that NFS client uses the kernel key ring facility to store the NFSv4
id/gid mappings, the defaults for root_maxkeys and root_maxbytes need to be
substantially increased.
These values have been soak tested:
https://bugzilla.redhat.com/show_bug.cgi?id=
1033708#c73
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Jiri Kosina [Tue, 2 Sep 2014 09:03:12 +0000 (02:03 -0700)]
Revert "leds: convert blink timer to workqueue"
This reverts commit
8b37e1bef5a6b60e949e28a4db3006e4b00bd758.
It's broken as it changes led_blink_set() in a way that it can now sleep
(while synchronously waiting for workqueue to be cancelled). That's a
problem, because it's possible that this function gets called from atomic
context (tpt_trig_timer() takes a readlock and thus disables preemption).
This has been brought up 3 weeks ago already [1] but no proper fix has
materialized, and I keep seeing the problem since 3.17-rc1.
[1] https://lkml.org/lkml/2014/8/16/128
BUG: sleeping function called from invalid context at kernel/workqueue.c:2650
in_atomic(): 1, irqs_disabled(): 0, pid: 2335, name: wpa_supplicant
5 locks held by wpa_supplicant/2335:
#0: (rtnl_mutex){+.+.+.}, at: [<
ffffffff814c7c92>] rtnl_lock+0x12/0x20
#1: (&wdev->mtx){+.+.+.}, at: [<
ffffffffc06e649c>] cfg80211_mgd_wext_siwessid+0x5c/0x180 [cfg80211]
#2: (&local->mtx){+.+.+.}, at: [<
ffffffffc0817dea>] ieee80211_prep_connection+0x17a/0x9a0 [mac80211]
#3: (&local->chanctx_mtx){+.+.+.}, at: [<
ffffffffc08081ed>] ieee80211_vif_use_channel+0x5d/0x2a0 [mac80211]
#4: (&trig->leddev_list_lock){.+.+..}, at: [<
ffffffffc081e68c>] tpt_trig_timer+0xec/0x170 [mac80211]
CPU: 0 PID: 2335 Comm: wpa_supplicant Not tainted 3.17.0-rc3 #1
Hardware name: LENOVO 7470BN2/7470BN2, BIOS 6DET38WW (2.02 ) 12/19/2008
ffff8800360b5a50 ffff8800751f76d8 ffffffff8159e97f ffff8800360b5a30
ffff8800751f76e8 ffffffff810739a5 ffff8800751f77b0 ffffffff8106862f
ffffffff810685d0 0aa2209200000000 ffff880000000004 ffff8800361c59d0
Call Trace:
[<
ffffffff8159e97f>] dump_stack+0x4d/0x66
[<
ffffffff810739a5>] __might_sleep+0xe5/0x120
[<
ffffffff8106862f>] flush_work+0x5f/0x270
[<
ffffffff810685d0>] ? mod_delayed_work_on+0x80/0x80
[<
ffffffff810945ca>] ? mark_held_locks+0x6a/0x90
[<
ffffffff81068a5f>] ? __cancel_work_timer+0x6f/0x100
[<
ffffffff810946ed>] ? trace_hardirqs_on_caller+0xfd/0x1c0
[<
ffffffff81068a6b>] __cancel_work_timer+0x7b/0x100
[<
ffffffff81068b0e>] cancel_delayed_work_sync+0xe/0x10
[<
ffffffff8147cf3b>] led_blink_set+0x1b/0x40
[<
ffffffffc081e6b0>] tpt_trig_timer+0x110/0x170 [mac80211]
[<
ffffffffc081ecdd>] ieee80211_mod_tpt_led_trig+0x9d/0x160 [mac80211]
[<
ffffffffc07e4278>] __ieee80211_recalc_idle+0x98/0x140 [mac80211]
[<
ffffffffc07e59ce>] ieee80211_idle_off+0xe/0x10 [mac80211]
[<
ffffffffc0804e5b>] ieee80211_add_chanctx+0x3b/0x220 [mac80211]
[<
ffffffffc08062e4>] ieee80211_new_chanctx+0x44/0xf0 [mac80211]
[<
ffffffffc080838a>] ieee80211_vif_use_channel+0x1fa/0x2a0 [mac80211]
[<
ffffffffc0817df8>] ieee80211_prep_connection+0x188/0x9a0 [mac80211]
[<
ffffffffc081c246>] ieee80211_mgd_auth+0x256/0x2e0 [mac80211]
[<
ffffffffc07eab33>] ieee80211_auth+0x13/0x20 [mac80211]
[<
ffffffffc06cb006>] cfg80211_mlme_auth+0x106/0x270 [cfg80211]
[<
ffffffffc06ce085>] cfg80211_conn_do_work+0x155/0x3b0 [cfg80211]
[<
ffffffffc06cf670>] cfg80211_connect+0x3f0/0x540 [cfg80211]
[<
ffffffffc06e6148>] cfg80211_mgd_wext_connect+0x158/0x1f0 [cfg80211]
[<
ffffffffc06e651e>] cfg80211_mgd_wext_siwessid+0xde/0x180 [cfg80211]
[<
ffffffffc06e36c0>] ? cfg80211_wext_giwessid+0x50/0x50 [cfg80211]
[<
ffffffffc06e36dd>] cfg80211_wext_siwessid+0x1d/0x40 [cfg80211]
[<
ffffffff81584d0c>] ioctl_standard_iw_point+0x14c/0x3e0
[<
ffffffff810946ed>] ? trace_hardirqs_on_caller+0xfd/0x1c0
[<
ffffffff8158502a>] ioctl_standard_call+0x8a/0xd0
[<
ffffffff81584fa0>] ? ioctl_standard_iw_point+0x3e0/0x3e0
[<
ffffffff81584b76>] wireless_process_ioctl.constprop.10+0xb6/0x100
[<
ffffffff8158521d>] wext_handle_ioctl+0x5d/0xb0
[<
ffffffff814cfb29>] dev_ioctl+0x329/0x620
[<
ffffffff810946ed>] ? trace_hardirqs_on_caller+0xfd/0x1c0
[<
ffffffff8149c7f2>] sock_ioctl+0x142/0x2e0
[<
ffffffff811b0140>] do_vfs_ioctl+0x300/0x520
[<
ffffffff815a67fb>] ? sysret_check+0x1b/0x56
[<
ffffffff810946ed>] ? trace_hardirqs_on_caller+0xfd/0x1c0
[<
ffffffff811b03e1>] SyS_ioctl+0x81/0xa0
[<
ffffffff815a67d6>] system_call_fastpath+0x1a/0x1f
wlan0: send auth to 00:0b:6b:3c:8c:e4 (try 1/3)
wlan0: authenticated
wlan0: associate with 00:0b:6b:3c:8c:e4 (try 1/3)
wlan0: RX AssocResp from 00:0b:6b:3c:8c:e4 (capab=0x431 status=0 aid=2)
wlan0: associated
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
cfg80211: Calling CRDA for country: NA
wlan0: Limiting TX power to 27 (27 - 0) dBm as advertised by 00:0b:6b:3c:8c:e4
=================================
[ INFO: inconsistent lock state ]
3.17.0-rc3 #1 Not tainted
---------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
swapper/0/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
((&(&led_cdev->blink_work)->work)){+.?...}, at: [<
ffffffff810685d0>] flush_work+0x0/0x270
{SOFTIRQ-ON-W} state was registered at:
[<
ffffffff81094dbe>] __lock_acquire+0x30e/0x1a30
[<
ffffffff81096c81>] lock_acquire+0x91/0x110
[<
ffffffff81068608>] flush_work+0x38/0x270
[<
ffffffff81068a6b>] __cancel_work_timer+0x7b/0x100
[<
ffffffff81068b0e>] cancel_delayed_work_sync+0xe/0x10
[<
ffffffff8147cf3b>] led_blink_set+0x1b/0x40
[<
ffffffffc081e6b0>] tpt_trig_timer+0x110/0x170 [mac80211]
[<
ffffffffc081ecdd>] ieee80211_mod_tpt_led_trig+0x9d/0x160 [mac80211]
[<
ffffffffc07e4278>] __ieee80211_recalc_idle+0x98/0x140 [mac80211]
[<
ffffffffc07e59ce>] ieee80211_idle_off+0xe/0x10 [mac80211]
[<
ffffffffc0804e5b>] ieee80211_add_chanctx+0x3b/0x220 [mac80211]
[<
ffffffffc08062e4>] ieee80211_new_chanctx+0x44/0xf0 [mac80211]
[<
ffffffffc080838a>] ieee80211_vif_use_channel+0x1fa/0x2a0 [mac80211]
[<
ffffffffc0817df8>] ieee80211_prep_connection+0x188/0x9a0 [mac80211]
[<
ffffffffc081c246>] ieee80211_mgd_auth+0x256/0x2e0 [mac80211]
[<
ffffffffc07eab33>] ieee80211_auth+0x13/0x20 [mac80211]
[<
ffffffffc06cb006>] cfg80211_mlme_auth+0x106/0x270 [cfg80211]
[<
ffffffffc06ce085>] cfg80211_conn_do_work+0x155/0x3b0 [cfg80211]
[<
ffffffffc06cf670>] cfg80211_connect+0x3f0/0x540 [cfg80211]
[<
ffffffffc06e6148>] cfg80211_mgd_wext_connect+0x158/0x1f0 [cfg80211]
[<
ffffffffc06e651e>] cfg80211_mgd_wext_siwessid+0xde/0x180 [cfg80211]
[<
ffffffffc06e36dd>] cfg80211_wext_siwessid+0x1d/0x40 [cfg80211]
[<
ffffffff81584d0c>] ioctl_standard_iw_point+0x14c/0x3e0
[<
ffffffff8158502a>] ioctl_standard_call+0x8a/0xd0
[<
ffffffff81584b76>] wireless_process_ioctl.constprop.10+0xb6/0x100
[<
ffffffff8158521d>] wext_handle_ioctl+0x5d/0xb0
[<
ffffffff814cfb29>] dev_ioctl+0x329/0x620
[<
ffffffff8149c7f2>] sock_ioctl+0x142/0x2e0
[<
ffffffff811b0140>] do_vfs_ioctl+0x300/0x520
[<
ffffffff811b03e1>] SyS_ioctl+0x81/0xa0
[<
ffffffff815a67d6>] system_call_fastpath+0x1a/0x1f
irq event stamp: 493416
hardirqs last enabled at (493416): [<
ffffffff81068a5f>] __cancel_work_timer+0x6f/0x100
hardirqs last disabled at (493415): [<
ffffffff81067e9f>] try_to_grab_pending+0x1f/0x160
softirqs last enabled at (493408): [<
ffffffff81053ced>] _local_bh_enable+0x1d/0x50
softirqs last disabled at (493409): [<
ffffffff81054c75>] irq_exit+0xa5/0xb0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock((&(&led_cdev->blink_work)->work));
<Interrupt>
lock((&(&led_cdev->blink_work)->work));
*** DEADLOCK ***
2 locks held by swapper/0/0:
#0: (((&tpt_trig->timer))){+.-...}, at: [<
ffffffff810b4c50>] call_timer_fn+0x0/0x180
#1: (&trig->leddev_list_lock){.+.?..}, at: [<
ffffffffc081e68c>] tpt_trig_timer+0xec/0x170 [mac80211]
stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.17.0-rc3 #1
Hardware name: LENOVO 7470BN2/7470BN2, BIOS 6DET38WW (2.02 ) 12/19/2008
ffffffff8246eb30 ffff88007c203b00 ffffffff8159e97f ffffffff81a194c0
ffff88007c203b50 ffffffff81599c29 0000000000000001 ffffffff00000001
ffff880000000000 0000000000000006 ffffffff81a194c0 ffffffff81093ad0
Call Trace:
<IRQ> [<
ffffffff8159e97f>] dump_stack+0x4d/0x66
[<
ffffffff81599c29>] print_usage_bug+0x1f4/0x205
[<
ffffffff81093ad0>] ? check_usage_backwards+0x140/0x140
[<
ffffffff810944d3>] mark_lock+0x223/0x2b0
[<
ffffffff81094d60>] __lock_acquire+0x2b0/0x1a30
[<
ffffffff81096c81>] lock_acquire+0x91/0x110
[<
ffffffff810685d0>] ? mod_delayed_work_on+0x80/0x80
[<
ffffffffc081e5a0>] ? __ieee80211_get_rx_led_name+0x10/0x10 [mac80211]
[<
ffffffff81068608>] flush_work+0x38/0x270
[<
ffffffff810685d0>] ? mod_delayed_work_on+0x80/0x80
[<
ffffffff810945ca>] ? mark_held_locks+0x6a/0x90
[<
ffffffff81068a5f>] ? __cancel_work_timer+0x6f/0x100
[<
ffffffffc081e5a0>] ? __ieee80211_get_rx_led_name+0x10/0x10 [mac80211]
[<
ffffffff8109469d>] ? trace_hardirqs_on_caller+0xad/0x1c0
[<
ffffffffc081e5a0>] ? __ieee80211_get_rx_led_name+0x10/0x10 [mac80211]
[<
ffffffff81068a6b>] __cancel_work_timer+0x7b/0x100
[<
ffffffff81068b0e>] cancel_delayed_work_sync+0xe/0x10
[<
ffffffff8147cf3b>] led_blink_set+0x1b/0x40
[<
ffffffffc081e6b0>] tpt_trig_timer+0x110/0x170 [mac80211]
[<
ffffffff810b4cc5>] call_timer_fn+0x75/0x180
[<
ffffffff810b4c50>] ? process_timeout+0x10/0x10
[<
ffffffffc081e5a0>] ? __ieee80211_get_rx_led_name+0x10/0x10 [mac80211]
[<
ffffffff810b50ac>] run_timer_softirq+0x1fc/0x2f0
[<
ffffffff81054805>] __do_softirq+0x115/0x2e0
[<
ffffffff81054c75>] irq_exit+0xa5/0xb0
[<
ffffffff810049b3>] do_IRQ+0x53/0xf0
[<
ffffffff815a74af>] common_interrupt+0x6f/0x6f
<EOI> [<
ffffffff8147b56e>] ? cpuidle_enter_state+0x6e/0x180
[<
ffffffff8147b732>] cpuidle_enter+0x12/0x20
[<
ffffffff8108bba0>] cpu_startup_entry+0x330/0x360
[<
ffffffff8158fb51>] rest_init+0xc1/0xd0
[<
ffffffff8158fa90>] ? csum_partial_copy_generic+0x170/0x170
[<
ffffffff81af3ff2>] start_kernel+0x44f/0x45a
[<
ffffffff81af399c>] ? set_init_arg+0x53/0x53
[<
ffffffff81af35ad>] x86_64_start_reservations+0x2a/0x2c
[<
ffffffff81af36a0>] x86_64_start_kernel+0xf1/0xf4
Cc: Vincent Donnefort <vdonnefort@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Bryan Wu <cooloney@gmail.com>
Chao Yu [Sat, 30 Aug 2014 01:52:34 +0000 (09:52 +0800)]
f2fs: reposition unlock_new_inode to prevent accessing invalid inode
As the race condition on the inode cache, following scenario can appear:
[Thread a] [Thread b]
->f2fs_mkdir
->f2fs_add_link
->__f2fs_add_link
->init_inode_metadata failed here
->gc_thread_func
->f2fs_gc
->do_garbage_collect
->gc_data_segment
->f2fs_iget
->iget_locked
->wait_on_inode
->unlock_new_inode
->move_data_page
->make_bad_inode
->iput
When we fail in create/symlink/mkdir/mknod/tmpfile, the new allocated inode
should be set as bad to avoid being accessed by other thread. But in above
scenario, it allows f2fs to access the invalid inode before this inode was set
as bad.
This patch fix the potential problem, and this issue was found by code review.
change log from v1:
o Add condition judgment in gc_data_segment() suggested by Changman Lee.
o use iget_failed to simplify code.
Signed-off-by: Chao Yu <chao2.yu@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Linus Torvalds [Mon, 1 Sep 2014 17:36:27 +0000 (10:36 -0700)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull irq handling fixlet from Thomas Gleixner:
"Just an export for an interrupt flow handler which is now used in gpio
modules"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irq: Export handle_fasteoi_irq
Will Deacon [Mon, 1 Sep 2014 14:47:19 +0000 (15:47 +0100)]
Revert "arm64: cpuinfo: print info for all CPUs"
It turns out that vendors are relying on the format of /proc/cpuinfo,
and we've even spotted out-of-tree hacks attempting to make it look
identical to the format used by arch/arm/. That means we can't afford to
churn this interface in mainline, so revert the recent reformatting of
the file for arm64 pending discussions on the list to find out what
people actually want.
This reverts commit
d7a49086f263164a2c4c178eb76412d48cd671d7.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Leo Yan [Mon, 1 Sep 2014 03:09:51 +0000 (11:09 +0800)]
arm64: fix bug for reloading FPSIMD state after cpu power off
Now arm64 defers reloading FPSIMD state, but this optimization also
introduces the bug after cpu resume back from low power mode.
The reason is after the cpu has been powered off, s/w need set the
cpu's fpsimd_last_state to NULL so that it will force to reload
FPSIMD state for the thread, otherwise there has the chance to meet
the condition for both the task's fpsimd_state.cpu field contains the
id of the current cpu, and the cpu's fpsimd_last_state per-cpu variable
points to the task's fpsimd_state, so finally kernel will skip to reload
the context during it return back to userland.
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Leo Yan <leoy@marvell.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Linus Torvalds [Mon, 1 Sep 2014 01:23:04 +0000 (18:23 -0700)]
Linux 3.17-rc3
Linus Torvalds [Mon, 1 Sep 2014 00:08:42 +0000 (17:08 -0700)]
Merge tag 'xtensa-
20140830' of git://github.com/czankel/xtensa-linux
Pull Xtensa updates from Chris Zankel:
"Xtensa improvements for 3.17:
- support highmem on cores with aliasing data cache. Enable highmem
on kc705 by default
- simplify addition of new core variants (no need to modify Kconfig /
Makefiles)
- improve robustness of unaligned access handler and its interaction
with window overflow/underflow exception handlers
- deprecate atomic and spill registers syscalls
- clean up Kconfig: remove orphan MATH_EMULATION, sort 'select'
statements
- wire up renameat2 syscall.
Various fixes:
- fix address checks in dma_{alloc,free}_coherent (runtime BUG)
- fix access to THREAD_RA/THREAD_SP/THREAD_DS (debug build breakage)
- fix TLBTEMP_BASE_2 region handling in fast_second_level_miss
(runtime unrecoverable exception)
- fix a6 and a7 handling in fast_syscall_xtensa (runtime userspace
register clobbering)
- fix kernel/user jump out of fast_unaligned (potential runtime
unrecoverabl exception)
- replace termios IOCTL code definitions with constants (userspace
build breakage)"
* tag 'xtensa-
20140830' of git://github.com/czankel/xtensa-linux: (25 commits)
xtensa: deprecate fast_xtensa and fast_spill_registers syscalls
xtensa: don't allow overflow/underflow on unaligned stack
xtensa: fix a6 and a7 handling in fast_syscall_xtensa
xtensa: allow single-stepping through unaligned load/store
xtensa: move invalid unaligned instruction handler closer to its users
xtensa: make fast_unaligned store restartable
xtensa: add double exception fixup handler for fast_unaligned
xtensa: fix kernel/user jump out of fast_unaligned
xtensa: configure kc705 for highmem
xtensa: support highmem in aliasing cache flushing code
xtensa: support aliasing cache in kmap
xtensa: support aliasing cache in k[un]map_atomic
xtensa: implement clear_user_highpage and copy_user_highpage
xtensa: fix TLBTEMP_BASE_2 region handling in fast_second_level_miss
xtensa: allow fixmap and kmap span more than one page table
xtensa: make fixmap region addressing grow with index
xtensa: fix access to THREAD_RA/THREAD_SP/THREAD_DS
xtensa: add renameat2 syscall
xtensa: fix address checks in dma_{alloc,free}_coherent
xtensa: replace IOCTL code definitions with constants
...
Guenter Roeck [Sun, 31 Aug 2014 18:14:26 +0000 (11:14 -0700)]
unicore32: Fix build error
unicore32 builds fail with
arch/unicore32/kernel/signal.c: In function ‘setup_frame’:
arch/unicore32/kernel/signal.c:257: error: ‘usig’ undeclared (first use in this function)
arch/unicore32/kernel/signal.c:279: error: ‘usig’ undeclared (first use in this function)
arch/unicore32/kernel/signal.c: In function ‘handle_signal’:
arch/unicore32/kernel/signal.c:306: warning: unused variable ‘tsk’
arch/unicore32/kernel/signal.c: In function ‘do_signal’:
arch/unicore32/kernel/signal.c:376: error: implicit declaration of function ‘get_signsl’
make[1]: *** [arch/unicore32/kernel/signal.o] Error 1
make: *** [arch/unicore32/kernel/signal.o] Error 2
Bisect points to commit
649671c90eaf ("unicore32: Use get_signal()
signal_setup_done()").
This code never even compiled. Reverting the patch does not work, since
previously used functions no longer exist, so try to fix it up. Compile
tested only.
Fixes:
649671c90eaf ("unicore32: Use get_signal() signal_setup_done()")
Cc: Richard Weinberger <richard@nod.at>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 1 Sep 2014 00:02:57 +0000 (17:02 -0700)]
Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
"Various assorted fixes:
- a couple of patches from Mark Rutland to resolve an errata with
Cortex-A15 CPUs.
- fix cpuidle for the CPU part ID changes in the last merge window
- add support for a relocation which ARM binutils is generating in
some circumstances"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: 8130/1: cpuidle/cpuidle-big_little: fix reading cpu id part number
ARM: 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy strex
ARM: 8128/1: abort: don't clear the exclusive monitors
ARM: 8127/1: module: add support for R_ARM_TARGET1 relocations
Linus Torvalds [Mon, 1 Sep 2014 00:01:19 +0000 (17:01 -0700)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"Here's the weekly batch of fixes from arm-soc.
The delta is a largeish negative delta, due to revert of SMP support
for Broadcom's STB SoC -- it was accidentally merged before some
issues had been addressed, so they will make a new attempt for 3.18.
I didn't see a need for a full revert of the whole platform due to
this, we're keeping the rest enabled.
The rest is mostly:
- a handful of DT fixes for i.MX (Hummingboard/Cubox-i in particular)
- some MTD/NAND fixes for OMAP
- minor DT fixes for shmobile
- warning fix for UP builds on vexpress/spc
There's also a couple of patches that wires up hwmod on TI's DRA7 SoC
so it can boot. Drivers and the rest had landed for 3.17, and it's
small and isolated so it made sense to pick up now even if it's not a
bugfix"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (23 commits)
vexpress/spc: fix a build warning on array bounds
ARM: DRA7: hwmod: Add dra74x and dra72x specific ocp interface lists
ARM: DRA7: Add support for soc_is_dra74x() and soc_is_dra72x() variants
MAINTAINERS: catch special Rockchip code locations
ARM: dts: microsom-ar8035: MDIO pad must be set open drain
ARM: dts: omap54xx-clocks: Fix the l3 and l4 clock rates
ARM: brcmstb: revert SMP support
ARM: OMAP2+: hwmod: Rearm wake-up interrupts for DT when MUSB is idled
ARM: dts: Enable UART wake-up events for beagleboard
ARM: dts: Remove twl6030 clk32g "regulator"
ARM: OMAP2+: omap_device: remove warning that clk alias already exists
ARM: OMAP: fix %d confusingly prefixed with 0x in format string
ARM: dts: DRA7: fix interrupt-cells for GPIO
mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc()
ARM: dts: omap3430-sdp: Revert to using software ECC for NAND
ARM: OMAP2+: GPMC: Support Software ECC scheme via DT
mtd: nand: omap: Revert to using software ECC by default
ARM: dts: hummingboard/cubox-i: change SPDIF output to be more descriptive
ARM: dts: hummingboard/cubox-i: add USB OC pinctrl configuration
ARM: shmobile: r8a7791: add missing 0x0100 for SDCKCR
...
Alex Shi [Wed, 16 Jul 2014 11:21:56 +0000 (19:21 +0800)]
vexpress/spc: fix a build warning on array bounds
With ARCH_VEXPRESS_SPC option, kernel build has the following
warning:
arch/arm/mach-vexpress/spc.c: In function ‘ve_spc_clk_init’:
arch/arm/mach-vexpress/spc.c:431:38: warning: array subscript is below array bounds [-Warray-bounds]
struct ve_spc_opp *opps = info->opps[cluster];
^
since 'cluster' maybe '-1' in UP system. This patch does a active
checking to fix this issue.
Signed-off-by: Alex Shi <alex.shi@linaro.org>
Acked-by: Pawel Moll <pawel.moll@arm.com>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Sun, 31 Aug 2014 17:19:09 +0000 (10:19 -0700)]
Merge tag 'for-v3.17-rc/omap-dra72x-d74x-support-a' of git://git./linux/kernel/git/pjw/omap-pending into fixes
Pull "ARM: OMAP2+: DRA72x/DRA74x basic support" from Tony Lindgren:
Add basic subarchitecture support for the DRA72x and DRA74x. These
are OMAP2+ derivative SoCs. This should be low-risk to existing OMAP
platforms.
Basic build, boot, and PM test logs are available here:
http://www.pwsan.com/omap/testlogs/hwmod-a-early-v3.17-rc/
20140827194314/
* tag 'for-v3.17-rc/omap-dra72x-d74x-support-a' of git://git.kernel.org/pub/scm/linux/kernel/git/pjw/omap-pending:
ARM: DRA7: hwmod: Add dra74x and dra72x specific ocp interface lists
ARM: DRA7: Add support for soc_is_dra74x() and soc_is_dra72x() variants
Signed-off-by: Olof Johansson <olof@lixom.net>
Linus Torvalds [Sun, 31 Aug 2014 17:09:07 +0000 (10:09 -0700)]
Merge tag 'spi-v3.17-rc3-2' of git://git./linux/kernel/git/broonie/spi
Pull spi bugfixes from Mark Brown:
"A smattering of bug fixes for the SPI subsystem, all in driver code
which has seen active work recently and none of them with any great
global impact.
There's also a new ACPI ID for the pxa2xx driver which required no
code changes and the addition of kerneldoc for some structure fields
that were missing it and generating warnings during documentation
builds as a result"
* tag 'spi-v3.17-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: sh-msiof: Fix transmit-only DMA transfers
spi/rockchip: Avoid accidentally turning off the clock
spi: dw: fix kernel crash due to NULL pointer dereference
spi: dw-pci: fix bug when regs left uninitialized
spi: davinci: fix SPI_NO_CS functionality
spi/rockchip: fixup incorrect dma direction setting
spi/pxa2xx: Add ACPI ID for Intel Braswell
spi: spi-au1550: fix build failure
spi: rspi: Fix leaking of unused DMA descriptors
spi: sh-msiof: Fix leaking of unused DMA descriptors
spi: Add missing kerneldoc bits
spi/omap-mcspi: Fix the spi task hangs waiting dma_rx
Mark Brown [Sun, 31 Aug 2014 12:46:19 +0000 (13:46 +0100)]
Merge remote-tracking branch 'spi/fix/sh-msiof' into spi-linus
Mark Brown [Sun, 31 Aug 2014 12:46:19 +0000 (13:46 +0100)]
Merge tag 'spi-v3.17-rc3' into spi-linus
spi: Bug fixes for v3.17
A smattering of bug fixes for the SPI subsystem, all in driver code
which has seen active work recently and none of them with any great
global impact.
There's also a new ACPI ID for the pxa2xx driver which required no code
changes and the addition of kerneldoc for some structure fields that
were missing it and generating warnings during documentation builds as a
result.
# gpg: Signature made Sun 31 Aug 2014 13:19:12 BST using RSA key ID
7EA229BD
# gpg: Good signature from "Mark Brown <broonie@sirena.org.uk>"
# gpg: aka "Mark Brown <broonie@debian.org>"
# gpg: aka "Mark Brown <broonie@kernel.org>"
# gpg: aka "Mark Brown <broonie@tardis.ed.ac.uk>"
# gpg: aka "Mark Brown <broonie@linaro.org>"
# gpg: aka "Mark Brown <Mark.Brown@linaro.org>"
Geert Uytterhoeven [Thu, 7 Aug 2014 12:07:43 +0000 (14:07 +0200)]
spi: sh-msiof: Fix transmit-only DMA transfers
Fix tx/rx mixup, which broke transmit-only transfers.
Introduced by commit
4240305f7cbdc7782aa8bc40cc702775d9ac0839
("spi: sh-msiof: Fix leaking of unused DMA descriptors").
Reported-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Mark Brown [Sun, 31 Aug 2014 12:23:45 +0000 (13:23 +0100)]
Merge remote-tracking branches 'regmap/fix/cache', 'regmap/fix/debugfs' and 'regmap/fix/volatile' into regmap-linus
Mark Brown [Wed, 27 Aug 2014 12:09:12 +0000 (13:09 +0100)]
regmap: Don't attempt block writes when syncing cache on single_rw devices
If the device can't support block writes then don't attempt to use raw
syncing which will automatically generate block writes for adjacent
registers, use the existing _single() block syncing implementation.
Reported-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org
Linus Torvalds [Sun, 31 Aug 2014 04:04:37 +0000 (21:04 -0700)]
Merge tag 'locks-v3.17-3' of git://git.samba.org/jlayton/linux
Pull file locking bugfx from Jeff Layton:
"Just a bugfix for a bug that crept in to v3.15. It's in a rather rare
error path, and I'm not aware of anyone having hit it, but it's worth
fixing for v3.17"
* tag 'locks-v3.17-3' of git://git.samba.org/jlayton/linux:
locks: pass correct "before" pointer to locks_unlink_lock in generic_add_lease
Mark Brown [Sat, 30 Aug 2014 18:28:04 +0000 (19:28 +0100)]
Merge remote-tracking branches 'spi/fix/au1550', 'spi/fix/davinci', 'spi/fix/doc', 'spi/fix/dw', 'spi/fix/omap-mcspi', 'spi/fix/pxa2xx', 'spi/fix/rockchip' and 'spi/fix/rspi' into spi-linus
Mark Brown [Sat, 30 Aug 2014 18:28:03 +0000 (19:28 +0100)]
Merge remote-tracking branch 'spi/fix/sh-msiof' into spi-linus
Linus Torvalds [Sat, 30 Aug 2014 00:22:27 +0000 (17:22 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Peter Anvin:
"One patch to avoid assigning interrupts we don't actually have on
non-PC platforms, and two patches that addresses bugs in the new
IOAPIC assignment code"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, irq, PCI: Keep IRQ assignment for runtime power management
x86: irq: Fix bug in setting IOAPIC pin attributes
x86: Fix non-PC platform kernel crash on boot due to NULL dereference
Linus Torvalds [Sat, 30 Aug 2014 00:18:48 +0000 (17:18 -0700)]
Merge tag 'pm+acpi-3.17-rc3' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
- Fix for an ACPI regression related to the handling of fixed events
that caused netlink routines to be (incorrectly) run in interrupt
context from Lan Tianyu
- Fix for an ACPI EC driver regression on Acer Aspire V5-573G that
caused AC/battery plug/unplug and video brightness change
notifications to be delayed on that machine from Lv Zheng
- Fix for an ACPI device enumeration regression that caused ACPI driver
probe to fail for some devices where it succeeded before (Rafael J
Wysocki)
- intel_pstate driver fix to prevent it from printing an information
message for every CPU in the system on every boot from Andi Kleen
- s5pv210 cpufreq driver fix to remove an __init annotation from a
routine that in fact can be called at any time after init too from
Mark Brown
- New Intel Braswell device ID for the ACPI LPSS (Low-Power Subsystem)
driver from Alan Cox
- New Intel Braswell CPU ID for intel_pstate from Mika Westerberg
* tag 'pm+acpi-3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: s5pv210: Remove spurious __init annotation
cpufreq: intel_pstate: Add CPU ID for Braswell processor
intel_pstate: Turn per cpu printk into pr_debug
ACPI / LPSS: Add ACPI IDs for Intel Braswell
ACPI / EC: Add support to disallow QR_EC to be issued before completing previous QR_EC
ACPI / EC: Add support to disallow QR_EC to be issued when SCI_EVT isn't set
ACPI: Run fixed event device notifications in process context
ACPI / scan: Allow ACPI drivers to bind to PNP device objects
Linus Torvalds [Fri, 29 Aug 2014 23:28:29 +0000 (16:28 -0700)]
Merge branch 'akpm' (fixes from Andrew Morton)
Merge patches from Andrew Morton:
"22 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (22 commits)
kexec: purgatory: add clean-up for purgatory directory
Documentation/kdump/kdump.txt: add ARM description
flush_icache_range: export symbol to fix build errors
tools: selftests: fix build issue with make kselftests target
ocfs2: quorum: add a log for node not fenced
ocfs2: o2net: set tcp user timeout to max value
ocfs2: o2net: don't shutdown connection when idle timeout
ocfs2: do not write error flag to user structure we cannot copy from/to
x86/purgatory: use approprate -m64/-32 build flag for arch/x86/purgatory
drivers/rtc/rtc-s5m.c: re-add support for devices without irq specified
xattr: fix check for simultaneous glibc header inclusion
kexec: remove CONFIG_KEXEC dependency on crypto
kexec: create a new config option CONFIG_KEXEC_FILE for new syscall
x86,mm: fix pte_special versus pte_numa
hugetlb_cgroup: use lockdep_assert_held rather than spin_is_locked
mm/zpool: use prefixed module loading
zram: fix incorrect stat with failed_reads
lib: turn CONFIG_STACKTRACE into an actual option.
mm: actually clear pmd_numa before invalidating
memblock, memhotplug: fix wrong type in memblock_find_in_range_node().
...
Michael Welling [Fri, 29 Aug 2014 22:19:13 +0000 (15:19 -0700)]
kexec: purgatory: add clean-up for purgatory directory
Without this patch the kexec-purgatory.c and purgatory.ro files are not
removed after make mrproper.
Signed-off-by: Michael Welling <mwelling@ieee.org>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
HuKeping [Fri, 29 Aug 2014 22:19:11 +0000 (15:19 -0700)]
Documentation/kdump/kdump.txt: add ARM description
Add arm specific parts to kdump kernel documentation.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Haren Myneni <hbabu@us.ibm.com>
Cc: Rob Landley <rob@landley.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pranith Kumar [Fri, 29 Aug 2014 22:19:09 +0000 (15:19 -0700)]
flush_icache_range: export symbol to fix build errors
Fix building errors occuring due to a missing export of
flush_icache_range() in
kisskb.ellerman.id.au/kisskb/buildresult/
11677809/
ERROR: "flush_icache_range" [drivers/misc/lkdtm.ko] undefined!
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Vineet Gupta <vgupta@synopsys.com> [arc]
Acked-by: Richard Kuo <rkuo@codeaurora.org> [hexagon]
Cc: Chris Metcalf <cmetcalf@tilera.com>
Cc: Chris Zankel <chris@zankel.net>
Acked-by: Max Filippov <jcmvbkbc@gmail.com> [xtensa]
Cc: Noam Camus <noamc@ezchip.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Acked-by: Zhigang Lu <zlu@tilera.com> [tile]
Cc: Kirill Tkhai <tkhai@yandex.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Phong Tran [Fri, 29 Aug 2014 22:19:06 +0000 (15:19 -0700)]
tools: selftests: fix build issue with make kselftests target
Fix the typo of ARCH when running 'make kselftests'. Change the 'X86'
to 'x86'. Test by compilation.
Signed-off-by: Phong Tran <tranmanphong@gmail.com>
Cc: David Herrmann <dh.herrmann@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Shuah Khan <shuah.kh@samsung.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Junxiao Bi [Fri, 29 Aug 2014 22:19:04 +0000 (15:19 -0700)]
ocfs2: quorum: add a log for node not fenced
For debug use, we can see from the log whether the fence decision is
made and why it is not fenced.
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Srinivas Eeda <srinivas.eeda@oracle.com>
Reviewed-by: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Joseph Qi <joseph.qi@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Junxiao Bi [Fri, 29 Aug 2014 22:19:02 +0000 (15:19 -0700)]
ocfs2: o2net: set tcp user timeout to max value
When tcp retransmit timeout(15mins), the connection will be closed.
Pending messages may be lost during this time. So we set tcp user
timeout to override the retransmit timeout to the max value. This is OK
for ocfs2 since we have disk heartbeat, if peer crash, the disk
heartbeat will timeout and it will be evicted, if disk heartbeat not
timeout and connection idle for a long time, then this means the cluster
enters split-brain state, since fence can't happen, we'd better keep the
connection and wait network recover.
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Srinivas Eeda <srinivas.eeda@oracle.com>
Reviewed-by: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Joseph Qi <joseph.qi@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Junxiao Bi [Fri, 29 Aug 2014 22:19:00 +0000 (15:19 -0700)]
ocfs2: o2net: don't shutdown connection when idle timeout
This patch series is to fix a possible message lost bug in ocfs2 when
network go bad. This bug will cause ocfs2 hung forever even network
become good again.
The messages may lost in this case. After the tcp connection is
established between two nodes, an idle timer will be set to check its
state periodically, if no messages are received during this time, idle
timer will timeout, it will shutdown the connection and try to
reconnect, so pending messages in tcp queues will be lost. This
messages may be from dlm. Dlm may get hung in this case. This may
cause the whole ocfs2 cluster hung.
This is very possible to happen when network state goes bad. Do the
reconnect is useless, it will fail if network state is still bad. Just
waiting there for network recovering may be a good idea, it will not
lost messages and some node will be fenced until cluster goes into
split-brain state, for this case, Tcp user timeout is used to override
the tcp retransmit timeout. It will timeout after 25 days, user should
have notice this through the provided log and fix the network, if they
don't, ocfs2 will fall back to original reconnect way.
This patch (of 3):
Some messages in the tcp queue maybe lost if we shutdown the connection
and reconnect when idle timeout. If packets lost and reconnect success,
then the ocfs2 cluster maybe hung.
To fix this, we can leave the connection there and do the fence decision
when idle timeout, if network recover before fence dicision is made, the
connection survive without lost any messages.
This bug can be saw when network state go bad. It may cause ocfs2 hung
forever if some packets lost. With this fix, ocfs2 will recover from
hung if network becomes good again.
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Srinivas Eeda <srinivas.eeda@oracle.com>
Reviewed-by: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Joseph Qi <joseph.qi@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ben Hutchings [Fri, 29 Aug 2014 22:18:58 +0000 (15:18 -0700)]
ocfs2: do not write error flag to user structure we cannot copy from/to
If we failed to copy from the structure, writing back the flags leaks 31
bits of kernel memory (the rest of the ir_flags field).
In any case, if we cannot copy from/to the structure, why should we
expect putting just the flags to work?
Also make sure ocfs2_info_handle_freeinode() returns the right error
code if the copy_to_user() fails.
Fixes:
ddee5cdb70e6 ('Ocfs2: Add new OCFS2_IOC_INFO ioctl for ocfs2 v8.')
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Joel Becker <jlbec@evilplan.org>
Acked-by: Mark Fasheh <mfasheh@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vivek Goyal [Fri, 29 Aug 2014 22:18:55 +0000 (15:18 -0700)]
x86/purgatory: use approprate -m64/-32 build flag for arch/x86/purgatory
Thomas reported that build of x86_64 kernel was failing for him. He is
using 32bit tool chain.
Problem is that while compiling purgatory, I have not specified -m64
flag. And 32bit tool chain must be assuming -m32 by default.
Following is error message.
(mini) [~/work/linux-2.6] make
scripts/kconfig/conf --silentoldconfig Kconfig
CHK include/config/kernel.release
UPD include/config/kernel.release
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
UPD include/generated/utsrelease.h
CC arch/x86/purgatory/purgatory.o
arch/x86/purgatory/purgatory.c:1:0: error: code model 'large' not supported in
the 32 bit mode
Fix it by explicitly passing appropriate -m64/-m32 build flag for
purgatory.
Reported-by: Thomas Glanzmann <thomas@glanzmann.de>
Tested-by: Thomas Glanzmann <thomas@glanzmann.de>
Suggested-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bartlomiej Zolnierkiewicz [Fri, 29 Aug 2014 22:18:53 +0000 (15:18 -0700)]
drivers/rtc/rtc-s5m.c: re-add support for devices without irq specified
The rtc-s5m driver used to support devices without irq specified in the
past. Re-add this support.
The patch fixes boot for Insignal's Exynos4412 based Origen board.
Error messages before the patch:
...
Unable to handle kernel NULL pointer dereference at virtual address
00000094
pgd =
c0004000
[
00000094] *pgd=
00000000
Internal error: Oops: 5 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 1 Comm: swapper/0 Not tainted
3.16.0-next-20140804-00008-ga59480f-dirty #701
task:
ea80f000 ti:
ea882000 task.ti:
ea882000
PC is at regmap_irq_get_virq+0x0/0x28
LR is at s5m_rtc_probe+0xdc/0x310
pc : [<
c02574fc>] lr : [<
c02de75c>] psr:
80000153
sp :
ea883e48 ip :
00000000 fp :
00000000
r10:
0000000c r9 :
c05de7ac r8 :
eaabc600
r7 :
eaa6b4d0 r6 :
c0439e8c r5 :
eaabc610 r4 :
eab30e50
r3 :
00000000 r2 :
00000000 r1 :
0000000c r0 :
00000000
Flags: Nzcv IRQs on FIQs off Mode SVC_32 ISA ARM Segment kernel
Control:
10c5387d Table:
4000404a DAC:
00000015
Process swapper/0 (pid: 1, stack limit = 0xea882240)
Backtrace:
regmap_irq_get_virq
s5m_rtc_probe
platform_drv_probe
driver_probe_device
__driver_attach
bus_for_each_dev
bus_add_driver
driver_register
do_one_initcall
kernel_init_freeable
kernel_init
---[ end trace
a954d7f019122700 ]---
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
...
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Tested-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Filipe Brandenburger [Fri, 29 Aug 2014 22:18:51 +0000 (15:18 -0700)]
xattr: fix check for simultaneous glibc header inclusion
The guard was introduced in commit
ea1a8217b06b ("xattr: guard against
simultaneous glibc header inclusion") but it is using #ifdef to check
for a define that is either set to 1 or 0. Fix it to use #if instead.
* Without this patch:
$ { echo "#include <sys/xattr.h>"; echo "#include <linux/xattr.h>"; } | gcc -E -Iinclude/uapi - >/dev/null
include/uapi/linux/xattr.h:19:0: warning: "XATTR_CREATE" redefined [enabled by default]
#define XATTR_CREATE 0x1 /* set value, fail if attr already exists */
^
/usr/include/x86_64-linux-gnu/sys/xattr.h:32:0: note: this is the location of the previous definition
#define XATTR_CREATE XATTR_CREATE
^
* With this patch:
$ { echo "#include <sys/xattr.h>"; echo "#include <linux/xattr.h>"; } | gcc -E -Iinclude/uapi - >/dev/null
(no warnings)
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Cc: Allan McRae <allan@archlinux.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vivek Goyal [Fri, 29 Aug 2014 22:18:49 +0000 (15:18 -0700)]
kexec: remove CONFIG_KEXEC dependency on crypto
New system call depends on crypto. As it did not have a separate config
option, CONFIG_KEXEC was modified to select CRYPTO and CRYPTO_SHA256.
But now previous patch introduced a new config option for new syscall.
So CONFIG_KEXEC does not require crypto. Remove that dependency.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vivek Goyal [Fri, 29 Aug 2014 22:18:46 +0000 (15:18 -0700)]
kexec: create a new config option CONFIG_KEXEC_FILE for new syscall
Currently new system call kexec_file_load() and all the associated code
compiles if CONFIG_KEXEC=y. But new syscall also compiles purgatory
code which currently uses gcc option -mcmodel=large. This option seems
to be available only gcc 4.4 onwards.
Hiding new functionality behind a new config option will not break
existing users of old gcc. Those who wish to enable new functionality
will require new gcc. Having said that, I am trying to figure out how
can I move away from using -mcmodel=large but that can take a while.
I think there are other advantages of introducing this new config
option. As this option will be enabled only on x86_64, other arches
don't have to compile generic kexec code which will never be used. This
new code selects CRYPTO=y and CRYPTO_SHA256=y. And all other arches had
to do this for CONFIG_KEXEC. Now with introduction of new config
option, we can remove crypto dependency from other arches.
Now CONFIG_KEXEC_FILE is available only on x86_64. So whereever I had
CONFIG_X86_64 defined, I got rid of that.
For CONFIG_KEXEC_FILE, instead of doing select CRYPTO=y, I changed it to
"depends on CRYPTO=y". This should be safer as "select" is not
recursive.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Tested-by: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins [Fri, 29 Aug 2014 22:18:44 +0000 (15:18 -0700)]
x86,mm: fix pte_special versus pte_numa
Sasha Levin has shown oopses on
ffffea0003480048 and
ffffea0003480008 at
mm/memory.c:1132, running Trinity on different 3.16-rc-next kernels:
where zap_pte_range() checks page->mapping to see if PageAnon(page).
Those addresses fit struct pages for pfns d2001 and d2000, and in each
dump a register or a stack slot showed
d2001730 or
d2000730: pte flags
0x730 are PCD ACCESSED PROTNONE SPECIAL IOMAP; and Sasha's e820 map has
a hole between
cfffffff and
100000000, which would need special access.
Commit
c46a7c817e66 ("x86: define _PAGE_NUMA by reusing software bits on
the PMD and PTE levels") has broken vm_normal_page(): a PROTNONE SPECIAL
pte no longer passes the pte_special() test, so zap_pte_range() goes on
to try to access a non-existent struct page.
Fix this by refining pte_special() (SPECIAL with PRESENT or PROTNONE) to
complement pte_numa() (SPECIAL with neither PRESENT nor PROTNONE). A
hint that this was a problem was that
c46a7c817e66 added pte_numa() test
to vm_normal_page(), and moved its is_zero_pfn() test from slow to fast
path: This was papering over a pte_special() snag when the zero page was
encountered during zap. This patch reverts vm_normal_page() to how it
was before, relying on pte_special().
It still appears that this patch may be incomplete: aren't there other
places which need to be handling PROTNONE along with PRESENT? For
example, pte_mknuma() clears _PAGE_PRESENT and sets _PAGE_NUMA, but on a
PROT_NONE area, that would make it pte_special(). This is side-stepped
by the fact that NUMA hinting faults skipped PROT_NONE VMAs and there
are no grounds where a NUMA hinting fault on a PROT_NONE VMA would be
interesting.
Fixes:
c46a7c817e66 ("x86: define _PAGE_NUMA by reusing software bits on the PMD and PTE levels")
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Tested-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Mel Gorman <mgorman@suse.de>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: Matthew Wilcox <matthew.r.wilcox@intel.com>
Cc: <stable@vger.kernel.org> [3.16]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michal Hocko [Fri, 29 Aug 2014 22:18:42 +0000 (15:18 -0700)]
hugetlb_cgroup: use lockdep_assert_held rather than spin_is_locked
spin_lock may be an empty struct for !SMP configurations and so
arch_spin_is_locked may return unconditional 0 and trigger the VM_BUG_ON
even when the lock is held.
Replace spin_is_locked by lockdep_assert_held. We will not BUG anymore
but it is questionable whether crashing makes a lot of sense in the
uncharge path. Uncharge happens after the last page reference was
released so nobody should touch the page and the function doesn't update
any shared state except for res counter which uses synchronization of
its own.
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kees Cook [Fri, 29 Aug 2014 22:18:40 +0000 (15:18 -0700)]
mm/zpool: use prefixed module loading
To avoid potential format string expansion via module parameters, do not
use the zpool type directly in request_module() without a format string.
Additionally, to avoid arbitrary modules being loaded via zpool API
(e.g. via the zswap_zpool_type module parameter) add a "zpool-" prefix
to the requested module, as well as module aliases for the existing
zpool types (zbud and zsmalloc).
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Seth Jennings <sjennings@variantweb.net>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Nitin Gupta <ngupta@vflare.org>
Acked-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chao Yu [Fri, 29 Aug 2014 22:18:37 +0000 (15:18 -0700)]
zram: fix incorrect stat with failed_reads
Since we allocate a temporary buffer in zram_bvec_read to handle partial
page operations in commit
924bd88d703e ("Staging: zram: allow partial
page operations"), our ->failed_reads value may be incorrect as we do
not increase its value when failing to allocate the temporary buffer.
Let's fix this issue and correct the annotation of failed_reads.
Signed-off-by: Chao Yu <chao2.yu@samsung.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Cc: Nitin Gupta <ngupta@vflare.org>
Acked-by: Jerome Marchand <jmarchan@redhat.com>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dave Jones [Fri, 29 Aug 2014 22:18:35 +0000 (15:18 -0700)]
lib: turn CONFIG_STACKTRACE into an actual option.
I was puzzled why /proc/$$/stack had disappeared, until I figured out I
had disabled the last debug option that did a 'select STACKTRACE'. This
patch makes the option show up at config time, so it can be enabled
without enabling any of the more heavyweight debug options.
Signed-off-by: Dave Jones <davej@redhat.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Matthew Wilcox [Fri, 29 Aug 2014 22:18:33 +0000 (15:18 -0700)]
mm: actually clear pmd_numa before invalidating
Commit
67f87463d3a3 ("mm: clear pmd_numa before invalidating") cleared
the NUMA bit in a copy of the PMD entry, but then wrote back the
original
Signed-off-by: Matthew Wilcox <matthew.r.wilcox@intel.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tang Chen [Fri, 29 Aug 2014 22:18:31 +0000 (15:18 -0700)]
memblock, memhotplug: fix wrong type in memblock_find_in_range_node().
In memblock_find_in_range_node(), we defined ret as int. But it should
be phys_addr_t because it is used to store the return value from
__memblock_find_range_bottom_up().
The bug has not been triggered because when allocating low memory near
the kernel end, the "int ret" won't turn out to be negative. When we
started to allocate memory on other nodes, and the "int ret" could be
minus. Then the kernel will panic.
A simple way to reproduce this: comment out the following code in
numa_init(),
memblock_set_bottom_up(false);
and the kernel won't boot.
Reported-by: Xishi Qiu <qiuxishi@huawei.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Tested-by: Xishi Qiu <qiuxishi@huawei.com>
Cc: <stable@vger.kernel.org> [3.13+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Vivek Goyal [Fri, 29 Aug 2014 22:18:29 +0000 (15:18 -0700)]
resource: fix the case of null pointer access
Richard and Daniel reported that UML is broken due to changes to
resource traversal functions. Problem is that iomem_resource.child can
be null and new code does not consider that possibility. Old code used
a for loop and that loop will not even execute if p was null.
Revert back to for() loop logic and bail out if p is null.
I also moved sibling_only check out of resource_lock. There is no
reason to keep it inside the lock.
Following is backtrace of the UML crash.
RIP: 0033:[<
0000000060039b9f>]
RSP:
0000000081459da0 EFLAGS:
00010202
RAX:
0000000000000000 RBX:
00000000219b3fff RCX:
000000006010d1d9
RDX:
0000000000000001 RSI:
00000000602dfb94 RDI:
0000000081459df8
RBP:
0000000081459de0 R08:
00000000601b59f4 R09:
ffffffff0000ff00
R10:
ffffffff0000ff00 R11:
0000000081459e88 R12:
0000000081459df8
R13:
00000000219b3fff R14:
00000000602dfb94 R15:
0000000000000000
Kernel panic - not syncing: Segfault with no mm
CPU: 0 PID: 1 Comm: swapper Not tainted
3.16.0-10454-g58d08e3 #13
Stack:
00000000 000080d0 81459df0 219b3fff
81459e70 6010d1d9 ffffffff 6033e010
81459e50 6003a269 81459e30 00000000
Call Trace:
[<
6010d1d9>] ? kclist_add_private+0x0/0xe7
[<
6003a269>] walk_system_ram_range+0x61/0xb7
[<
6000e859>] ? proc_kcore_init+0x0/0xf1
[<
6010d574>] kcore_update_ram+0x4c/0x168
[<
6010d72e>] ? kclist_add+0x0/0x2e
[<
6000e943>] proc_kcore_init+0xea/0xf1
[<
6000e859>] ? proc_kcore_init+0x0/0xf1
[<
6000e859>] ? proc_kcore_init+0x0/0xf1
[<
600189f0>] do_one_initcall+0x13c/0x204
[<
6004ca46>] ? parse_args+0x1df/0x2e0
[<
6004c82d>] ? parameq+0x0/0x3a
[<
601b5990>] ? strcpy+0x0/0x18
[<
60001e1a>] kernel_init_freeable+0x240/0x31e
[<
6026f1c0>] kernel_init+0x12/0x148
[<
60019fad>] new_thread_handler+0x81/0xa3
Fixes
8c86e70acead629aacb4a ("resource: provide new functions to walk
through resources").
Reported-by: Daniel Walter <sahne@0x90.at>
Tested-by: Richard Weinberger <richard@nod.at>
Tested-by: Toralf Förster <toralf.foerster@gmx.de>
Tested-by: Daniel Walter <sahne@0x90.at>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Fri, 29 Aug 2014 22:18:26 +0000 (15:18 -0700)]
checkpatch: relax check for length of git commit IDs
Checkpatch currently warns if a git commit ID (in the changelog,
usually) is less than 12 characters or more than 16. The "more than 16"
is excessive. Change the check so we accept IDs from 12 to 40 chars in
length.
Cc: Geert Uytterhoeven <geert@linux-m68k.org
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 29 Aug 2014 20:04:13 +0000 (13:04 -0700)]
Merge tag 'nfs-for-3.17-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull NFS client fixes from Trond Myklebust:
"Highlights:
- NFSv3 stable fix for another POSIX ACL regression
- NFSv4 stable fix for a regression with OPEN_DOWNGRADE
- NFSv4 stable fix for bad close() behaviour when holding a delegation"
* tag 'nfs-for-3.17-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFSv3: Fix another acl regression
NFSv4: Don't clear the open state when we just did an OPEN_DOWNGRADE
NFSv4: Fix problems with close in the presence of a delegation
Linus Torvalds [Fri, 29 Aug 2014 19:10:03 +0000 (12:10 -0700)]
Merge tag 'usb-3.17-rc3' of git://git./linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a bunch of fixes for the USB drivers for 3.17-rc3.
Also in here is the movement of the usbip driver out of staging, into
the "real" part of the kernel, it had to wait until after -rc1 to
handle the merge issues involved between the USB and staging trees.
The code is identical, just file movements there.
The USB fixes are all over the place, new device ids, xhci fixes for
reported issues and the usual gadget driver fixes as well. All have
been in linux-next for a while now"
* tag 'usb-3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (46 commits)
USB: fix build error with CONFIG_PM_RUNTIME disabled
Revert "usb: ehci/ohci-exynos: Fix PHY getting sequence"
xhci: Disable streams on Via XHCI with device-id 0x3432
USB: serial: fix potential heap buffer overflow
USB: serial: fix potential stack buffer overflow
usb: ehci/ohci-exynos: Fix PHY getting sequence
usb: hub: Prevent hub autosuspend if usbcore.autosuspend is -1
USB: sisusb: add device id for Magic Control USB video
usb: dwc2: gadget: Set the default EP max packet value as 8 bytes
usb: ehci: using wIndex + 1 for hub port
USB: storage: add quirk for Newer Technology uSCSI SCSI-USB converter
MAINTAINERS: Add an entry for USB/IP driver
usbip: remove struct usb_device_id table
usbip: move usbip kernel code out of staging
usbip: move usbip userspace code out of staging
USB: whiteheat: Added bounds checking for bulk command response
usb: gadget: remove $(PWD) in ccflags-y
usb: pch_udc: usb gadget device support for Intel Quark X1000
usb: gadget: uvc: fix possible lockup in uvc gadget
usb: wusbcore: fix below build warning
...
Linus Torvalds [Fri, 29 Aug 2014 19:04:10 +0000 (12:04 -0700)]
Merge tag 'staging-3.17-rc3' of git://git./linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are some staging driver fixes for your tree. Nothing huge, just
some fixes for issues that have been reported and a few new device ids
added.
All have been in linux-next for a while"
* tag 'staging-3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: r8188eu: Add new USB ID
staging/rtl8188eu: add 0df6:0076 Sitecom Europe B.V.
staging: android: fix a possible memory leak
staging: lustre: lustre: libcfs: workitem.c: Cleaning up missing null-terminate after strncpy call
staging: et131x: Fix errors caused by phydev->addr accesses before initialisation
staging: lustre: Remove circular dependency on header
Linus Torvalds [Fri, 29 Aug 2014 19:01:22 +0000 (12:01 -0700)]
Merge tag 'char-misc-3.17-rc3' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are 3 fixes for the mei and thunderbolt drivers that resolve some
reported issues.
All have been in linux-next for a while"
* tag 'char-misc-3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
thunderbolt: Clear hops before overwriting
mei: nfc: fix memory leak in error path
mei: reset client state on queued connect request
Linus Torvalds [Fri, 29 Aug 2014 18:59:46 +0000 (11:59 -0700)]
Merge tag 'fbdev-fixes-3.17' of git://git./linux/kernel/git/tomba/linux
Pull fbdev fixes from Tomi Valkeinen:
"Minor fbdev fixes for da8xx-fb, atmel_lcdfb, arm clcd and chipsfb"
* tag 'fbdev-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
video: da8xx-fb: preserve display width when changing HSYNC
video: of: display_timing: double free on error
drivers: video: fbdev: atmel_lcdfb.c: fix error return code
video: ARM CLCD: Fix calculation of bits-per-pixel
fbdev: Remove __init from chips_hw_init() to fix build failure
Linus Torvalds [Fri, 29 Aug 2014 18:52:46 +0000 (11:52 -0700)]
Merge tag 'ext4_for_linus_stable' of git://git./linux/kernel/git/tytso/ext4
Pull ext4 bugfixes from Ted Ts'o:
"Ext4 bug fixes for 3.17, to provide better handling of memory
allocation failures, and to fix some journaling bugs involving
journal checksums and FALLOC_FL_ZERO_RANGE"
* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: fix same-dir rename when inline data directory overflows
jbd2: fix descriptor block size handling errors with journal_csum
jbd2: fix infinite loop when recovering corrupt journal blocks
ext4: update i_disksize coherently with block allocation on error path
ext4: fix transaction issues for ext4_fallocate and ext_zero_range
ext4: fix incorect journal credits reservation in ext4_zero_range
ext4: move i_size,i_disksize update routines to helper function
ext4: fix BUG_ON in mb_free_blocks()
ext4: propagate errors up to ext4_find_entry()'s callers
Linus Torvalds [Fri, 29 Aug 2014 18:49:10 +0000 (11:49 -0700)]
Merge tag 'dm-3.17-fix' of git://git./linux/kernel/git/device-mapper/linux-dm
Pull device mapper fix from Mike Snitzer:
"Fix a 3.17-rc1 regression introduced by switching the DM crypt target
to using per-bio data"
* tag 'dm-3.17-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm crypt: fix access beyond the end of allocated space
Linus Torvalds [Fri, 29 Aug 2014 18:21:48 +0000 (11:21 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block layer fixes from Jens Axboe:
"A smaller collection of fixes that have come up since the initial
merge window pull request. This contains:
- error handling cleanup and support for larger than 16 byte cdbs in
sg_io() from Christoph. The latter just matches what bsg and
friends support, sg_io() got left out in the merge.
- an option for brd to expose partitions in /proc/partitions. They
are hidden by default for compat reasons. From Dmitry Monakhov.
- a few blk-mq fixes from me - killing a dead/unused flag, fix for
merging happening even if turned off, and correction of a few
comments.
- removal of unnecessary ->owner setting in systemace. From Michal
Simek.
- two related fixes for a problem with nesting freezing of queues in
blk-mq. One from Ming Lei removing an unecessary freeze operation,
and another from Tejun fixing the nesting regression introduced in
the merge window.
- fix for a BUG_ON() at bio_endio time when protection info is
attached and the IO has an error. From Sagi Grimberg.
- two scsi_ioctl bug fixes for regressions with scsi-mq from Tony
Battersby.
- a cfq weight update fix and subsequent comment update from Toshiaki
Makita"
* 'for-linus' of git://git.kernel.dk/linux-block:
cfq-iosched: Add comments on update timing of weight
cfq-iosched: Fix wrong children_weight calculation
block: fix error handling in sg_io
fix regression in SCSI_IOCTL_SEND_COMMAND
scsi-mq: fix requests that use a separate CDB buffer
block: support > 16 byte CDBs for SG_IO
block: cleanup error handling in sg_io
brd: add ram disk visibility option
block: systemace: Remove .owner field for driver
blk-mq: blk_mq_freeze_queue() should allow nesting
blk-mq: correct a few wrong/bad comments
block: Fix BUG_ON when pi errors occur
blk-mq: don't allow merges if turned off for the queue
blk-mq: get rid of unused BLK_MQ_F_SHOULD_SORT flag
blk-mq: fix WARNING "percpu_ref_kill() called more than once!"
Will Deacon [Fri, 25 Jul 2014 00:53:54 +0000 (17:53 -0700)]
alpha: io: implement relaxed accessor macros for writes
write{b,w,l,q}_relaxed are implemented by some architectures in order to
permit memory-mapped I/O writes with weaker barrier semantics than the
non-relaxed variants.
This patch implements these write macros for Alpha, in the same vein as
the relaxed read macros, which are already implemented.
Acked-by: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michael Cree [Fri, 25 Jul 2014 00:53:53 +0000 (17:53 -0700)]
alpha: Wire up sched_setattr, sched_getattr, and renameat2 syscalls.
Signed-off-by: Michael Cree <mcree@orcon.net.nz>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Will Deacon [Fri, 29 Aug 2014 15:11:10 +0000 (16:11 +0100)]
arm64: report correct stack pointer in KSTK_ESP for compat tasks
The KSTK_ESP macro is used to determine the user stack pointer for a
given task. In particular, this is used to to report the '[stack]' VMA
in /proc/self/maps, which is used by Android to determine the stack
location for children of the main thread.
This patch fixes the macro to use user_stack_pointer instead of directly
returning sp. This means that we report w13 instead of sp, since the
former is used as the stack pointer when executing in AArch32 state.
Cc: <stable@vger.kernel.org>
Reported-by: Serban Constantinescu <Serban.Constantinescu@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Catalin Marinas [Fri, 29 Aug 2014 15:08:02 +0000 (16:08 +0100)]
arm64: Add brackets around user_stack_pointer()
Commit
5f888a1d33 (ARM64: perf: support dwarf unwinding in compat mode)
changes user_stack_pointer() to return the compat SP for 32-bit tasks
but without brackets around the whole definition, with possible issues
on the call sites (noticed with a subsequent fix for KSTK_ESP).
Fixes:
5f888a1d33c4 (ARM64: perf: support dwarf unwinding in compat mode)
Reported-by: Sudeep Holla <sudeep.holla@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Jiang Liu [Fri, 29 Aug 2014 09:26:23 +0000 (17:26 +0800)]
x86, irq, PCI: Keep IRQ assignment for runtime power management
Now IOAPIC driver dynamically allocates IRQ numbers for IOAPIC pins.
We need to keep IRQ assignment for PCI devices during runtime power
management, otherwise it may cause failure of device wakeups.
Commit
3eec595235c17a7 "x86, irq, PCI: Keep IRQ assignment for PCI
devices during suspend/hibernation" has fixed the issue for suspend/
hibernation, we also need the same fix for runtime device sleep too.
Fix: https://bugzilla.kernel.org/show_bug.cgi?id=83271
Reported-and-Tested-by: EmanueL Czirai <amanual@openmailbox.org>
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: EmanueL Czirai <amanual@openmailbox.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Grant Likely <grant.likely@linaro.org>
Link: http://lkml.kernel.org/r/1409304383-18806-1-git-send-email-jiang.liu@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Doug Anderson [Thu, 28 Aug 2014 23:43:48 +0000 (16:43 -0700)]
spi/rockchip: Avoid accidentally turning off the clock
If our client is requesting a clock that is above the maximum clock
then the following division will result in 0:
rs->max_freq / rs->speed
We'll then program 0 into the SPI_BAUDR register. The Rockchip TRM
says: "If the value is 0, the serial output clock (sclk_out) is
disabled."
It's much better to end up with the fastest possible clock rather than
a clock that is off, so enforce a minimum value.
Signed-off-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Jaegeuk Kim [Fri, 29 Aug 2014 07:26:50 +0000 (00:26 -0700)]
f2fs: fix wrong casting for dentry name
The dentry name type is unsigned char *.
If we don't match this type, some character codes can be changed by signed bit.
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Darrick J. Wong [Wed, 27 Aug 2014 22:40:09 +0000 (18:40 -0400)]
ext4: fix same-dir rename when inline data directory overflows
When performing a same-directory rename, it's possible that adding or
setting the new directory entry will cause the directory to overflow
the inline data area, which causes the directory to be converted to an
extent-based directory. Under this circumstance it is necessary to
re-read the directory when deleting the old dirent because the "old
directory" context still points to i_block in the inode table, which
is now an extent tree root! The delete fails with an FS error, and
the subsequent fsck complains about incorrect link counts and
hardlinked directories.
Test case (originally found with flat_dir_test in the metadata_csum
test program):
# mkfs.ext4 -O inline_data /dev/sda
# mount /dev/sda /mnt
# mkdir /mnt/x
# touch /mnt/x/changelog.gz /mnt/x/copyright /mnt/x/README.Debian
# sync
# for i in /mnt/x/*; do mv $i $i.longer; done
# ls -la /mnt/x/
total 0
-rw-r--r-- 1 root root 0 Aug 25 12:03 changelog.gz.longer
-rw-r--r-- 1 root root 0 Aug 25 12:03 copyright
-rw-r--r-- 1 root root 0 Aug 25 12:03 copyright.longer
-rw-r--r-- 1 root root 0 Aug 25 12:03 README.Debian.longer
(Hey! Why are there four files now??)
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Darrick J. Wong [Wed, 27 Aug 2014 22:40:07 +0000 (18:40 -0400)]
jbd2: fix descriptor block size handling errors with journal_csum
It turns out that there are some serious problems with the on-disk
format of journal checksum v2. The foremost is that the function to
calculate descriptor tag size returns sizes that are too big. This
causes alignment issues on some architectures and is compounded by the
fact that some parts of jbd2 use the structure size (incorrectly) to
determine the presence of a 64bit journal instead of checking the
feature flags.
Therefore, introduce journal checksum v3, which enlarges the
descriptor block tag format to allow for full 32-bit checksums of
journal blocks, fix the journal tag function to return the correct
sizes, and fix the jbd2 recovery code to use feature flags to
determine 64bitness.
Add a few function helpers so we don't have to open-code quite so
many pieces.
Switching to a 16-byte block size was found to increase journal size
overhead by a maximum of 0.1%, to convert a 32-bit journal with no
checksumming to a 32-bit journal with checksum v3 enabled.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reported-by: TR Reardon <thomas_reardon@hotmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Darrick J. Wong [Wed, 27 Aug 2014 22:40:05 +0000 (18:40 -0400)]
jbd2: fix infinite loop when recovering corrupt journal blocks
When recovering the journal, don't fall into an infinite loop if we
encounter a corrupt journal block. Instead, just skip the block and
return an error, which fails the mount and thus forces the user to run
a full filesystem fsck.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Dmitry Monakhov [Wed, 27 Aug 2014 22:40:03 +0000 (18:40 -0400)]
ext4: update i_disksize coherently with block allocation on error path
In case of delalloc block i_disksize may be less than i_size. So we
have to update i_disksize each time we allocated and submitted some
blocks beyond i_disksize. We weren't doing this on the error paths,
so fix this.
testcase: xfstest generic/019
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Will Deacon [Fri, 22 Aug 2014 13:25:21 +0000 (14:25 +0100)]
arm64: perf: don't rely on layout of pt_regs when grabbing sp or pc
The current perf_regs code relies on sp and pc sitting just off the end
of the pt_regs->regs array. This is ugly and fragile, so this patch
checks for these register explicitly and returns the appropriate field.
Acked-by: Jean Pihet <jean.pihet@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Will Deacon [Fri, 22 Aug 2014 13:20:24 +0000 (14:20 +0100)]
arm64: ptrace: fix compat reg getter/setter return values
copy_{to,from}_user return the number of bytes remaining on failure, not
an error code.
This patch returns -EFAULT when the copy operation didn't complete,
rather than expose the number of bytes not copied directly to userspace.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Will Deacon [Fri, 22 Aug 2014 13:13:24 +0000 (14:13 +0100)]
arm64: ptrace: fix compat hardware watchpoint reporting
I'm not sure what I was on when I wrote this, but when iterating over
the hardware watchpoint array (hbp_watch_array), our index is off by
ARM_MAX_BRP, so we walk off the end of our thread_struct...
... except, a dodgy condition in the loop means that it never executes
at all (bp cannot be NULL).
This patch fixes the code so that we remove the bp check and use the
correct index for accessing the watchpoint structures.
Cc: <stable@vger.kernel.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Mikulas Patocka [Thu, 28 Aug 2014 15:09:31 +0000 (11:09 -0400)]
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit
3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit
298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Linus Torvalds [Thu, 28 Aug 2014 17:47:10 +0000 (10:47 -0700)]
Merge tag 'backlight-fixes-3.17' of git://git./linux/kernel/git/lee/backlight
Pull backlight fix from Lee Jones:
"One simple fix to invalidate GPIO non-request"
* tag 'backlight-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight:
pwm-backlight: Fix bogus request for GPIO#0 when instantiated from DT
Linus Torvalds [Thu, 28 Aug 2014 17:46:25 +0000 (10:46 -0700)]
Merge tag 'mfd-fixes-3.17' of git://git./linux/kernel/git/lee/mfd
Pull mfd fixes from Lee Jones:
"Couple of simple fixes due for the 3.17 rcs
(and a sneaky document addition that slipped from the previous
pull-request)"
* tag 'mfd-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
mfd: twl4030-power: Fix PM idle pin configuration to not conflict with regulators
mfd: tc3589x: Add device tree bindings
mfd: ab8500-core: Use 'ifdef' for config options
mfd: htc-i2cpld: Fix %d confusingly prefixed with 0x in format string
mfd: omap-usb-host: Fix %d confusingly prefixed with 0x in format string
Linus Torvalds [Thu, 28 Aug 2014 17:31:29 +0000 (10:31 -0700)]
Merge tag 'pinctrl-v3.17-2' of git://git./linux/kernel/git/linusw/linux-pinctrl
Pull pin-control fixes from Linus Walleij:
"My first (a bit delayed) pack of pin control fixes for the v3.17
series, only driver fixes:
- SH-PFC (Renesas) r8a7791 CAN bus pin group problem
- Rockchip (GPIO0 configuration)
- Tegra-xusb (interrupt handling)
- Exynos (GPIO interrupt locking)
- Qualcomm (fix misleading example interrupts)
- minor non-critical fixes for abx500 and AT91 also sneaked in,
because I initially intended this pull for post RC-1, hope it's
still OK"
* tag 'pinctrl-v3.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: qcom: apq8064: Correct interrupts in example
pinctrl: exynos: Lock GPIOs as interrupts when used as EINTs
pinctrl: pinctrl-at91.c: fix decimal printf format specifiers prefixed with 0x
pinctrl: abx500: remove useless check
pinctrl: tegra-xusb: testing wrong variable in probe()
pinctrl: tegra-xusb: fix an off by one test
pinctrl: rockchip: fix rk3288 gpio0 configuration
sh-pfc: r8a7791: fix CAN pin groups
Linus Torvalds [Thu, 28 Aug 2014 17:30:25 +0000 (10:30 -0700)]
Merge tag 'for-3.17-rc3' of git://git./linux/kernel/git/sumits/dma-buf
Pull dma-buf fixes from Sumit Semwal:
"The major changes for 3.17 already went via Greg-KH's tree this time
as well; this is a small pull request for dma-buf - all documentation
related"
* tag 'for-3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/sumits/dma-buf:
dma-buf/fence: Fix one more kerneldoc warning
dma-buf/fence: Fix a kerneldoc warning
Documentation/dma-buf-sharing.txt: update API descriptions
Linus Torvalds [Thu, 28 Aug 2014 16:44:25 +0000 (09:44 -0700)]
Merge tag 'sound-3.17-rc3' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Here contains not many exciting changes but just a few minor ones: An
off-by-one proc write fix, a couple of trivial incldue guard fixes,
Acer laptop pinconfig fix, and a fix for DSD formats that are still
rarely used"
* tag 'sound-3.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Set up initial pins for Acer Aspire V5
ALSA: pcm: Fix the silence data for DSD formats
ALSA: ctxfi: ct20k1reg: Fix typo in include guard
ALSA: hda: ca0132_regs.h: Fix typo in include guard
ALSA: core: fix buffer overflow in snd_info_get_line()
Linus Torvalds [Thu, 28 Aug 2014 16:40:37 +0000 (09:40 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Nothing major, one core oops fixes, some radeon oops fixes, some sti
driver fixups, msm driver fixes and a minor Kconfig update for the ww
mutex debugging"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/ast: Add missing entry to dclk_table[]
drm: fix division-by-zero on dumb_create()
ww-mutex: clarify help text for DEBUG_WW_MUTEX_SLOWPATH
radeon: Test for PCI root bus before assuming bus->self
drm/radeon: handle broken disabled rb mask gracefully (6xx/7xx) (v2)
drm/radeon: save/restore the PD addr on suspend/resume
drm/msm: Fix missing unlock on error in msm_fbdev_create()
drm/msm: fix compile error for non-dt builds
drm/msm/mdp4: request vblank during modeset
drm/msm: avoid flood of kernel logs on faults
drm: sti: Add missing dependency on RESET_CONTROLLER
drm: sti: Make of_device_id array const
drm: sti: Fix return value check in sti_drm_platform_probe()
drm: sti: hda: fix return value check in sti_hda_probe()
drm: sti: hdmi: fix return value check in sti_hdmi_probe()
drm: sti: tvout: fix return value check in sti_tvout_probe()
Dan Carpenter [Thu, 28 Aug 2014 13:13:21 +0000 (16:13 +0300)]
f2fs: simplify by using a literal
We can make the code a bit simpler because we know that "!retry" is
zero.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Tony Lindgren [Tue, 19 Aug 2014 15:24:05 +0000 (08:24 -0700)]
mfd: twl4030-power: Fix PM idle pin configuration to not conflict with regulators
Commit
43fef47f94a1 (mfd: twl4030-power: Add a configuration to turn
off oscillator during off-idle) added support for configuring the PMIC
to cut off resources during deeper idle states to save power.
This however caused regression for n900 display power that needed the
PMIC configuration to be disabled with commit
d937678ab625 (ARM: dts:
Revert enabling of twl configuration for n900).
Turns out the root cause of the problem is that we must use
TWL4030_RESCONFIG_UNDEF instead of DEV_GRP_NULL to avoid disabling
regulators that may have been enabled before the init function
for twl4030-power.c runs. With TWL4030_RESCONFIG_UNDEF we let the
regulator framework control the regulators like it should. Here we
need to only configure the sys_clken and sys_off_mode triggers for
the regulators that cannot be done by the regulator framework as
it's not running at that point.
This allows us to enable the PMIC configuration for n900.
Fixes:
43fef47f94a1 (mfd: twl4030-power: Add a configuration to turn off oscillator during off-idle)
Cc: stable@vger.kernel.org # v3.16
Signed-off-by: Tony Lindgren <tony@atomide.com>
Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Linus Walleij [Wed, 9 Apr 2014 07:28:00 +0000 (09:28 +0200)]
mfd: tc3589x: Add device tree bindings
This defines the device tree bindings for the Toshiba TC3589x
series of multi-purpose expanders. Only the stuff I can test
is defined: GPIO and keypad. Others may implement more
subdevices further down the road.
This is to complement
commit
a435ae1d51e2f18414f2a87219fdbe068231e692
"mfd: Enable the tc3589x for Device Tree" which left off
the definition of the device tree bindings.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Toshiaki Makita [Thu, 28 Aug 2014 08:14:58 +0000 (17:14 +0900)]
cfq-iosched: Add comments on update timing of weight
Explain that weight has to be updated on activation.
This complements previous fix
e15693ef18e1 ("cfq-iosched: Fix wrong
children_weight calculation").
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <axboe@fb.com>
Thierry Reding [Fri, 8 Aug 2014 11:06:30 +0000 (13:06 +0200)]
dma-buf/fence: Fix one more kerneldoc warning
The seqno_fence_init() function's cond argument isn't described in the
kerneldoc comment. Fix that to silence a warning when building DocBook
documentation.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>