1. 13 Nov, 2014 6 commits
    • John Sung's avatar
      HID: usbhid: quirk for PM1610 and PM1640 Touchscreen. · 1a7ae6c0
      John Sung authored
      commit 66e54827 upstream.
      
      These device needs to be added to the quirks list with HID_QUIRK_NOGET,
      otherwise they will reset upon receiving the get input report requests.
      Signed-off-by: default avatarJohn Sung <penmount.touch@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      1a7ae6c0
    • Wen-chien Jesse Sung's avatar
      HID: use multi input quirk for 22b9:2968 · d5585865
      Wen-chien Jesse Sung authored
      commit d90b1cf0 upstream.
      
      This device generates ABS_Z and ABS_RX events instead of ABS_X and
      ABS_Y.
      Signed-off-by: default avatarWen-chien Jesse Sung <jesse.sung@canonical.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      d5585865
    • Reyad Attiyat's avatar
      HID: usbhid: Use flag HID_DISCONNECTED when a usb device is removed · 4c1e006d
      Reyad Attiyat authored
      commit 46df9ded upstream.
      
      Set disconnected flag in struct usbhid when a usb device is removed. Check for
      disconnected flag before sending urb requests. This prevents a kernel panic
      when a hid driver calls hid_hw_request() after removing a usb device.
      
       BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
       IP: [<ffffffff8161746f>] hid_submit_ctrl+0x7f/0x290
       PGD 0
       Oops: 0002 [#1] PREEMPT SMP
       CPU: 2 PID: 39 Comm: khubd Tainted: G          IO  3.16.0-rc5+ #112
       Hardware name: Microsoft Corporation Surface Pro 2/Surface Pro 2, BIOS 2.03.0250 09/06/2013
       task: ffff880118aba6e0 ti: ffff8800daf80000 task.ti: ffff8800daf80000
       RIP: 0010:[<ffffffff8161746f>]  [<ffffffff8161746f>] hid_submit_ctrl+0x7f/0x290
       RSP: 0018:ffff8800daf83750  EFLAGS: 00010086
       RAX: 0000000080000300 RBX: ffff88003f60c000 RCX: 0000000000000000
       RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff880117f78000
       RBP: ffff8800daf83788 R08: 0000000000000001 R09: 0000000000000001
       R10: 0000000000000001 R11: 0000000000000000 R12: ffff880117f78000
       R13: ffff88003f11a290 R14: 000000000000000c R15: ffff880091cb3ab8
       FS:  0000000000000000(0000) GS:ffff88011b000000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 0000000000000058 CR3: 0000000001c11000 CR4: 00000000001407e0
       Stack:
        ffff880117f3dcd0 ffff880117f78000 ffff88003f60c000 ffff880117f78000
        ffff880117f78000 ffff88003f11a290 0000000000000000 ffff8800daf837b0
        ffffffff81617707 ffff880117f78000 ffff88003f60c000 0000000000000013
       Call Trace:
        [<ffffffff81617707>] usbhid_restart_ctrl_queue+0x87/0x140
        [<ffffffff81617a88>] usbhid_submit_report+0x2c8/0x370
        [<ffffffff81617b4a>] usbhid_request+0x1a/0x30
        [<ffffffffa020edfb>] sensor_hub_set_feature+0x8b/0xd0 [hid_sensor_hub]
        [<ffffffffa02d9084>] hid_sensor_power_state+0x84/0x110 [hid_sensor_trigger]
        [<ffffffffa02d9129>] hid_sensor_data_rdy_trigger_set_state+0x19/0x20 [hid_sensor_trigger]
        [<ffffffffa034d5b7>] iio_triggered_buffer_predisable+0xa7/0xb0 [industrialio]
        [<ffffffffa034cc4a>] iio_disable_all_buffers+0x3a/0xc0 [industrialio]
        [<ffffffffa03487d3>] iio_device_unregister+0x53/0x80 [industrialio]
        [<ffffffffa026c06a>] hid_accel_3d_remove+0x2a/0x50 [hid_sensor_accel_3d]
        [<ffffffff814f433d>] platform_drv_remove+0x1d/0x40
        [<ffffffff814f18bf>] __device_release_driver+0x7f/0xf0
        [<ffffffff814f1955>] device_release_driver+0x25/0x40
        [<ffffffff814f121c>] bus_remove_device+0x11c/0x1a0
        [<ffffffff814ed7d6>] device_del+0x136/0x1e0
        [<ffffffff81512190>] ? mfd_cell_disable+0x80/0x80
        [<ffffffff814f41d1>] platform_device_del+0x21/0xc0
        [<ffffffff814f4282>] platform_device_unregister+0x12/0x30
        [<ffffffff815121d3>] mfd_remove_devices_fn+0x43/0x50
        [<ffffffff814ed3e3>] device_for_each_child+0x43/0x70
        [<ffffffff81512105>] mfd_remove_devices+0x25/0x30
        [<ffffffffa020ebd7>] sensor_hub_remove+0x87/0x140 [hid_sensor_hub]
        [<ffffffff81607c5b>] hid_device_remove+0x6b/0xd0
        [<ffffffff814f18bf>] __device_release_driver+0x7f/0xf0
        [<ffffffff814f1955>] device_release_driver+0x25/0x40
        [<ffffffff814f121c>] bus_remove_device+0x11c/0x1a0
        [<ffffffff814ed7d6>] device_del+0x136/0x1e0
        [<ffffffff81607d47>] hid_destroy_device+0x27/0x60
        [<ffffffff81616972>] usbhid_disconnect+0x22/0x50
        [<ffffffff81568597>] usb_unbind_interface+0x77/0x2b0
        [<ffffffff814f18bf>] __device_release_driver+0x7f/0xf0
        [<ffffffff814f1955>] device_release_driver+0x25/0x40
        [<ffffffff814f121c>] bus_remove_device+0x11c/0x1a0
        [<ffffffff814ed7d6>] device_del+0x136/0x1e0
        [<ffffffff81565cd1>] usb_disable_device+0x91/0x2a0
        [<ffffffff8155b046>] usb_disconnect+0x96/0x2e0
        [<ffffffff8155d74a>] hub_thread+0xb5a/0x1840
      Signed-off-by: default avatarReyad Attiyat <reyad.attiyat@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      4c1e006d
    • Sergio Gelato's avatar
      nfsd: fix NFS regression · ba1816b4
      Sergio Gelato authored
      Fix regression introduced in pre-3.14 kernels by cherry-picking
      aa07c713 (NFSD: Call ->set_acl with a
      NULL ACL structure if no entries). This is in v3.12.22 as commit
      723ac81c.
      
      The affected code was removed in 3.14 by commit
      4ac7249e (nfsd: use get_acl
      and ->set_acl). The ->set_acl methods are already able to cope with a
      NULL argument. So this is not needed for >= 3.14.
      Signed-off-by: default avatarSergio Gelato <Sergio.Gelato@astro.su.se>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      ba1816b4
    • Ben Hutchings's avatar
      drivers/net: macvtap and tun depend on INET · 0e8361ae
      Ben Hutchings authored
      [ Upstream commit de11b0e8 ]
      
      These drivers now call ipv6_proxy_select_ident(), which is defined
      only if CONFIG_INET is enabled.  However, they have really depended
      on CONFIG_INET for as long as they have allowed sending GSO packets
      from userland.
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Fixes: f43798c2 ("tun: Allow GSO using virtio_net_hdr")
      Fixes: b9fb9ee0 ("macvtap: add GSO/csum offload support")
      Fixes: 5188cd44 ("drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e8361ae
    • Ben Hutchings's avatar
      drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets · 30ab1cf8
      Ben Hutchings authored
      [ Upstream commit 5188cd44 ]
      
      UFO is now disabled on all drivers that work with virtio net headers,
      but userland may try to send UFO/IPv6 packets anyway.  Instead of
      sending with ID=0, we should select identifiers on their behalf (as we
      used to).
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Fixes: 916e4cf4 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      30ab1cf8
  2. 05 Nov, 2014 13 commits
  3. 03 Nov, 2014 1 commit
  4. 31 Oct, 2014 20 commits
    • Jiri Slaby's avatar
      Linux 3.12.32 · 6eb2b7e3
      Jiri Slaby authored
      6eb2b7e3
    • Jan Kara's avatar
      ext2: Fix fs corruption in ext2_get_xip_mem() · 08f5fb00
      Jan Kara authored
      commit 7ba3ec57 upstream.
      
      Commit 8e3dffc6 "Ext2: mark inode dirty after the function
      dquot_free_block_nodirty is called" unveiled a bug in __ext2_get_block()
      called from ext2_get_xip_mem(). That function called ext2_get_block()
      mistakenly asking it to map 0 blocks while 1 was intended. Before the
      above mentioned commit things worked out fine by luck but after that commit
      we started returning that we allocated 0 blocks while we in fact
      allocated 1 block and thus allocation was looping until all blocks in
      the filesystem were exhausted.
      
      Fix the problem by properly asking for one block and also add assertion
      in ext2_get_blocks() to catch similar problems.
      Reported-and-tested-by: default avatarAndiry Xu <andiry.xu@gmail.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      08f5fb00
    • Johannes Weiner's avatar
      mm: memcontrol: do not iterate uninitialized memcgs · 19911e16
      Johannes Weiner authored
      commit 2f7dd7a4 upstream.
      
      The cgroup iterators yield css objects that have not yet gone through
      css_online(), but they are not complete memcgs at this point and so the
      memcg iterators should not return them.  Commit d8ad3055 ("mm/memcg:
      iteration skip memcgs not yet fully initialized") set out to implement
      exactly this, but it uses CSS_ONLINE, a cgroup-internal flag that does
      not meet the ordering requirements for memcg, and so the iterator may
      skip over initialized groups, or return partially initialized memcgs.
      
      The cgroup core can not reasonably provide a clear answer on whether the
      object around the css has been fully initialized, as that depends on
      controller-specific locking and lifetime rules.  Thus, introduce a
      memcg-specific flag that is set after the memcg has been initialized in
      css_online(), and read before mem_cgroup_iter() callers access the memcg
      members.
      Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Cc: Tejun Heo <tj@kernel.org>
      Acked-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      19911e16
    • Michael Ellerman's avatar
      powerpc: Add smp_mb()s to arch_spin_unlock_wait() · d9fc4e65
      Michael Ellerman authored
      commit 78e05b14 upstream.
      
      Similar to the previous commit which described why we need to add a
      barrier to arch_spin_is_locked(), we have a similar problem with
      spin_unlock_wait().
      
      We need a barrier on entry to ensure any spinlock we have previously
      taken is visibly locked prior to the load of lock->slock.
      
      It's also not clear if spin_unlock_wait() is intended to have ACQUIRE
      semantics. For now be conservative and add a barrier on exit to give it
      ACQUIRE semantics.
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      d9fc4e65
    • Michael Ellerman's avatar
      powerpc: Add smp_mb() to arch_spin_is_locked() · 5aaee42d
      Michael Ellerman authored
      commit 51d7d520 upstream.
      
      The kernel defines the function spin_is_locked(), which can be used to
      check if a spinlock is currently locked.
      
      Using spin_is_locked() on a lock you don't hold is obviously racy. That
      is, even though you may observe that the lock is unlocked, it may become
      locked at any time.
      
      There is (at least) one exception to that, which is if two locks are
      used as a pair, and the holder of each checks the status of the other
      before doing any update.
      
      Assuming *A and *B are two locks, and *COUNTER is a shared non-atomic
      value:
      
      The first CPU does:
      
      	spin_lock(*A)
      
      	if spin_is_locked(*B)
      		# nothing
      	else
      		smp_mb()
      		LOAD r = *COUNTER
      		r++
      		STORE *COUNTER = r
      
      	spin_unlock(*A)
      
      And the second CPU does:
      
      	spin_lock(*B)
      
      	if spin_is_locked(*A)
      		# nothing
      	else
      		smp_mb()
      		LOAD r = *COUNTER
      		r++
      		STORE *COUNTER = r
      
      	spin_unlock(*B)
      
      Although this is a strange locking construct, it should work.
      
      It seems to be understood, but not documented, that spin_is_locked() is
      not a memory barrier, so in the examples above and below the caller
      inserts its own memory barrier before acting on the result of
      spin_is_locked().
      
      For now we assume spin_is_locked() is implemented as below, and we break
      it out in our examples:
      
      	bool spin_is_locked(*LOCK) {
      		LOAD l = *LOCK
      		return l.locked
      	}
      
      Our intuition is that there should be no problem even if the two code
      sequences run simultaneously such as:
      
      	CPU 0			CPU 1
      	==================================================
      	spin_lock(*A)		spin_lock(*B)
      	LOAD b = *B		LOAD a = *A
      	if b.locked # true	if a.locked # true
      	# nothing		# nothing
      	spin_unlock(*A)		spin_unlock(*B)
      
      If one CPU gets the lock before the other then it will do the update and
      the other CPU will back off:
      
      	CPU 0			CPU 1
      	==================================================
      	spin_lock(*A)
      	LOAD b = *B
      				spin_lock(*B)
      	if b.locked # false	LOAD a = *A
      	else			if a.locked # true
      	smp_mb()		# nothing
      	LOAD r1 = *COUNTER	spin_unlock(*B)
      	r1++
      	STORE *COUNTER = r1
      	spin_unlock(*A)
      
      However in reality spin_lock() itself is not indivisible. On powerpc we
      implement it as a load-and-reserve and store-conditional.
      
      Ignoring the retry logic for the lost reservation case, it boils down to:
      	spin_lock(*LOCK) {
      		LOAD l = *LOCK
      		l.locked = true
      		STORE *LOCK = l
      		ACQUIRE_BARRIER
      	}
      
      The ACQUIRE_BARRIER is required to give spin_lock() ACQUIRE semantics as
      defined in memory-barriers.txt:
      
           This acts as a one-way permeable barrier.  It guarantees that all
           memory operations after the ACQUIRE operation will appear to happen
           after the ACQUIRE operation with respect to the other components of
           the system.
      
      On modern powerpc systems we use lwsync for ACQUIRE_BARRIER. lwsync is
      also know as "lightweight sync", or "sync 1".
      
      As described in Power ISA v2.07 section B.2.1.1, in this scenario the
      lwsync is not the barrier itself. It instead causes the LOAD of *LOCK to
      act as the barrier, preventing any loads or stores in the locked region
      from occurring prior to the load of *LOCK.
      
      Whether this behaviour is in accordance with the definition of ACQUIRE
      semantics in memory-barriers.txt is open to discussion, we may switch to
      a different barrier in future.
      
      What this means in practice is that the following can occur:
      
      	CPU 0			CPU 1
      	==================================================
      	LOAD a = *A 		LOAD b = *B
      	a.locked = true		b.locked = true
      	LOAD b = *B		LOAD a = *A
      	STORE *A = a		STORE *B = b
      	if b.locked # false	if a.locked # false
      	else			else
      	smp_mb()		smp_mb()
      	LOAD r1 = *COUNTER	LOAD r2 = *COUNTER
      	r1++			r2++
      	STORE *COUNTER = r1
      				STORE *COUNTER = r2	# Lost update
      	spin_unlock(*A)		spin_unlock(*B)
      
      That is, the load of *B can occur prior to the store that makes *A
      visibly locked. And similarly for CPU 1. The result is both CPUs hold
      their lock and believe the other lock is unlocked.
      
      The easiest fix for this is to add a full memory barrier to the start of
      spin_is_locked(), so adding to our previous definition would give us:
      
      	bool spin_is_locked(*LOCK) {
      		smp_mb()
      		LOAD l = *LOCK
      		return l.locked
      	}
      
      The new barrier orders the store to the lock we are locking vs the load
      of the other lock:
      
      	CPU 0			CPU 1
      	==================================================
      	LOAD a = *A 		LOAD b = *B
      	a.locked = true		b.locked = true
      	STORE *A = a		STORE *B = b
      	smp_mb()		smp_mb()
      	LOAD b = *B		LOAD a = *A
      	if b.locked # true	if a.locked # true
      	# nothing		# nothing
      	spin_unlock(*A)		spin_unlock(*B)
      
      Although the above example is theoretical, there is code similar to this
      example in sem_lock() in ipc/sem.c. This commit in addition to the next
      commit appears to be a fix for crashes we are seeing in that code where
      we believe this race happens in practice.
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      5aaee42d
    • Ilya Dryomov's avatar
      libceph: ceph-msgr workqueue needs a resque worker · 292b5884
      Ilya Dryomov authored
      commit f9865f06 upstream.
      
      Commit f363e45f ("net/ceph: make ceph_msgr_wq non-reentrant")
      effectively removed WQ_MEM_RECLAIM flag from ceph_msgr_wq.  This is
      wrong - libceph is very much a memory reclaim path, so restore it.
      
      Cc: stable@vger.kernel.org # needs backporting for < 3.12
      Signed-off-by: default avatarIlya Dryomov <idryomov@redhat.com>
      Tested-by: default avatarMicha Krause <micha@krausam.de>
      Reviewed-by: default avatarSage Weil <sage@redhat.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      292b5884
    • Ezequiel Garcia's avatar
      drm/tilcdc: Fix the error path in tilcdc_load() · 99a52137
      Ezequiel Garcia authored
      commit b478e336 upstream.
      
      The current error path calls tilcdc_unload() in case of an error to release
      the resources. However, this is wrong because not all resources have been
      allocated by the time an error occurs in tilcdc_load().
      
      To fix it, this commit adds proper labels to bail out at the different
      stages in the load function, and release only the resources actually allocated.
      Tested-by: default avatarDarren Etheridge <detheridge@ti.com>
      Tested-by: default avatarJohannes Pointner <johannes.pointner@br-automation.com>
      Signed-off-by: default avatarEzequiel Garcia <ezequiel@vanguardiasur.com.ar>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      99a52137
    • Shen Guang's avatar
      usb:hub set hub->change_bits when over-current happens · 5436a41f
      Shen Guang authored
      commit 08d1dec6 upstream.
      
      When we are doing compliance test with xHCI, we found that if we
      enable CONFIG_USB_SUSPEND and plug in a bad device which causes
      over-current condition to the root port, software will not be noticed.
      The reason is that current code don't set hub->change_bits in
      hub_activate() when over-current happens, and then hub_events() will
      not check the port status because it thinks nothing changed.
      If CONFIG_USB_SUSPEND is disabled, the interrupt pipe of the hub will
      report the change and set hub->event_bits, and then hub_events() will
      check what events happened.In this case over-current can be detected.
      Signed-off-by: default avatarShen Guang <shenguang10@gmail.com>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Acked-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      5436a41f
    • Pawel Moll's avatar
      perf: Handle compat ioctl · 470023f4
      Pawel Moll authored
      commit b3f20785 upstream.
      
      When running a 32-bit userspace on a 64-bit kernel (eg. i386
      application on x86_64 kernel or 32-bit arm userspace on arm64
      kernel) some of the perf ioctls must be treated with special
      care, as they have a pointer size encoded in the command.
      
      For example, PERF_EVENT_IOC_ID in 32-bit world will be encoded
      as 0x80042407, but 64-bit kernel will expect 0x80082407. In
      result the ioctl will fail returning -ENOTTY.
      
      This patch solves the problem by adding code fixing up the
      size as compat_ioctl file operation.
      Reported-by: default avatarDrew Richardson <drew.richardson@arm.com>
      Signed-off-by: default avatarPawel Moll <pawel.moll@arm.com>
      Signed-off-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Link: http://lkml.kernel.org/r/1402671812-9078-1-git-send-email-pawel.moll@arm.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      470023f4
    • Vince Weaver's avatar
      perf/x86/intel: Use proper dTLB-load-misses event on IvyBridge · 7eca260f
      Vince Weaver authored
      commit 1996388e upstream.
      
      This was discussed back in February:
      
      	https://lkml.org/lkml/2014/2/18/956
      
      But I never saw a patch come out of it.
      
      On IvyBridge we share the SandyBridge cache event tables, but the
      dTLB-load-miss event is not compatible.  Patch it up after
      the fact to the proper DTLB_LOAD_MISSES.DEMAND_LD_MISS_CAUSES_A_WALK
      Signed-off-by: default avatarVince Weaver <vincent.weaver@maine.edu>
      Signed-off-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1407141528200.17214@vincent-weaver-1.umelst.maine.eduSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      7eca260f
    • Dave Chinner's avatar
      xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly · 3ff95cbd
      Dave Chinner authored
      commit 0d085a52 upstream.
      
      XFS has been having trouble with stray delayed allocation extents
      beyond EOF for a long time. Recent changes to the collapse range
      code has triggered erroneous EBUSY errors on page invalidtion for
      block size smaller than page size filesystems. These
      have been caused by dirty buffers beyond EOF on a partial page which
      do not get written to disk during a sync.
      
      The issue is that write-ahead in xfs_cluster_write() finds such a
      partial page and handles it by leaving the page dirty but pushing it
      into a writeback state. This used to work just fine, as the
      write_cache_pages() code would then find the dirty partial page in
      the next mapping tree lookup as the dirty tag is still set.
      
      Unfortunately, when we moved to a mark and sweep approach to
      writeback to fix other writeback sync issues, we broken this. THe
      act of marking the page as under writeback now clears the TOWRITE
      tag in the radix tree, even though the page is still dirty. This
      causes the TOWRITE tag to be cleared, and hence the next lookup on
      the mapping tree does not find the dirty partial page and so doesn't
      try to write it again.
      
      This same writeback bug was found recently in ext4 and fixed in
      commit 1c8349a1 ("ext4: fix data integrity sync in ordered mode")
      without communication to the wider filesystem community. We can use
      exactly the same fix here so the TOWRITE flag is not cleared on
      partial page writes.
      
      cc: stable@vger.kernel.org # dependent on 1c8349a1Root-cause-found-by: default avatarBrian Foster <bfoster@redhat.com>
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      3ff95cbd
    • Chao Yu's avatar
      ecryptfs: avoid to access NULL pointer when write metadata in xattr · 660e27e8
      Chao Yu authored
      commit 35425ea2 upstream.
      
      Christopher Head 2014-06-28 05:26:20 UTC described:
      "I tried to reproduce this on 3.12.21. Instead, when I do "echo hello > foo"
      in an ecryptfs mount with ecryptfs_xattr specified, I get a kernel crash:
      
      BUG: unable to handle kernel NULL pointer dereference at           (null)
      IP: [<ffffffff8110eb39>] fsstack_copy_attr_all+0x2/0x61
      PGD d7840067 PUD b2c3c067 PMD 0
      Oops: 0002 [#1] SMP
      Modules linked in: nvidia(PO)
      CPU: 3 PID: 3566 Comm: bash Tainted: P           O 3.12.21-gentoo-r1 #2
      Hardware name: ASUSTek Computer Inc. G60JX/G60JX, BIOS 206 03/15/2010
      task: ffff8801948944c0 ti: ffff8800bad70000 task.ti: ffff8800bad70000
      RIP: 0010:[<ffffffff8110eb39>]  [<ffffffff8110eb39>] fsstack_copy_attr_all+0x2/0x61
      RSP: 0018:ffff8800bad71c10  EFLAGS: 00010246
      RAX: 00000000000181a4 RBX: ffff880198648480 RCX: 0000000000000000
      RDX: 0000000000000004 RSI: ffff880172010450 RDI: 0000000000000000
      RBP: ffff880198490e40 R08: 0000000000000000 R09: 0000000000000000
      R10: ffff880172010450 R11: ffffea0002c51e80 R12: 0000000000002000
      R13: 000000000000001a R14: 0000000000000000 R15: ffff880198490e40
      FS:  00007ff224caa700(0000) GS:ffff88019fcc0000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000000 CR3: 00000000bb07f000 CR4: 00000000000007e0
      Stack:
      ffffffff811826e8 ffff8800a39d8000 0000000000000000 000000000000001a
      ffff8800a01d0000 ffff8800a39d8000 ffffffff81185fd5 ffffffff81082c2c
      00000001a39d8000 53d0abbc98490e40 0000000000000037 ffff8800a39d8220
      Call Trace:
      [<ffffffff811826e8>] ? ecryptfs_setxattr+0x40/0x52
      [<ffffffff81185fd5>] ? ecryptfs_write_metadata+0x1b3/0x223
      [<ffffffff81082c2c>] ? should_resched+0x5/0x23
      [<ffffffff8118322b>] ? ecryptfs_initialize_file+0xaf/0xd4
      [<ffffffff81183344>] ? ecryptfs_create+0xf4/0x142
      [<ffffffff810f8c0d>] ? vfs_create+0x48/0x71
      [<ffffffff810f9c86>] ? do_last.isra.68+0x559/0x952
      [<ffffffff810f7ce7>] ? link_path_walk+0xbd/0x458
      [<ffffffff810fa2a3>] ? path_openat+0x224/0x472
      [<ffffffff810fa7bd>] ? do_filp_open+0x2b/0x6f
      [<ffffffff81103606>] ? __alloc_fd+0xd6/0xe7
      [<ffffffff810ee6ab>] ? do_sys_open+0x65/0xe9
      [<ffffffff8157d022>] ? system_call_fastpath+0x16/0x1b
      RIP  [<ffffffff8110eb39>] fsstack_copy_attr_all+0x2/0x61
      RSP <ffff8800bad71c10>
      CR2: 0000000000000000
      ---[ end trace df9dba5f1ddb8565 ]---"
      
      If we create a file when we mount with ecryptfs_xattr_metadata option, we will
      encounter a crash in this path:
      ->ecryptfs_create
        ->ecryptfs_initialize_file
          ->ecryptfs_write_metadata
            ->ecryptfs_write_metadata_to_xattr
              ->ecryptfs_setxattr
                ->fsstack_copy_attr_all
      It's because our dentry->d_inode used in fsstack_copy_attr_all is NULL, and it
      will be initialized when ecryptfs_initialize_file finish.
      
      So we should skip copying attr from lower inode when the value of ->d_inode is
      invalid.
      Signed-off-by: default avatarChao Yu <chao2.yu@samsung.com>
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      660e27e8
    • Ludovic Desroches's avatar
      ARM: at91/PMC: don't forget to write PMC_PCDR register to disable clocks · f7726152
      Ludovic Desroches authored
      commit cfa1950e upstream.
      
      When introducing support for sama5d3, the write to PMC_PCDR register has
      been accidentally removed.
      Reported-by: default avatarNathalie Cyrille <nathalie.cyrille@atmel.com>
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@atmel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      f7726152
    • Andreas Henriksson's avatar
      ARM: at91: fix at91sam9263ek DT mmc pinmuxing settings · 479b576f
      Andreas Henriksson authored
      commit b65e0fb3 upstream.
      
      As discovered on a custom board similar to at91sam9263ek and basing
      its devicetree on that one apparently the pin muxing doesn't get
      set up properly. This was discovered since the custom boards u-boot
      does funky stuff with the pin muxing and leaved it set to SPI
      which made the MMC driver not work under Linux.
      The fix is simply to define the given configuration as the default.
      This probably worked by pure luck before, but it's better to
      make the muxing explicitly set.
      Signed-off-by: default avatarAndreas Henriksson <andreas.henriksson@endian.se>
      Acked-by: default avatarBoris Brezillon <boris.brezillon@free-electrons.com>
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@atmel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      479b576f
    • Anssi Hannula's avatar
      ALSA: hda - hdmi: Fix missing ELD change event on plug/unplug · 7158dc66
      Anssi Hannula authored
      commit 6acce400 upstream.
      
      The ELD ALSA control change event is sent by hdmi_present_sense() when
      eld_changed is true.
      
      Currently, it is only true when the ELD buffer contents have been
      modified. However, the user-visible ELD controls also change to a
      zero-length value and back when eld_valid is unset/set, and no event is
      currently sent in such cases (such as when unplugging or replugging a
      sink).
      
      Fix the code to always set eld_changed if eld_valid value is changed,
      and therefore to always send the change event when the user-visible
      value changes.
      Signed-off-by: default avatarAnssi Hannula <anssi.hannula@iki.fi>
      Cc: David Henningsson <david.henningsson@canonical.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      7158dc66
    • Vlad Catoi's avatar
      ALSA: usb-audio: Add support for Steinberg UR22 USB interface · b36df611
      Vlad Catoi authored
      commit f0b127fb upstream.
      
      Adding support for Steinberg UR22 USB interface via quirks table patch
      
      See Ubuntu bug report:
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1317244
      Also see threads:
      http://linux-audio.4202.n7.nabble.com/Support-for-Steinberg-UR22-Yamaha-USB-chipset-0499-1509-tc82888.html#a82917
      http://www.steinberg.net/forums/viewtopic.php?t=62290
      
      Tested by at least 4 people judging by the threads.
      Did not test MIDI interface, but audio output and capture both are
      functional. Built 3.17 kernel with this driver on Ubuntu 14.04 & tested with mpg123
      Patch applied to 3.13 Ubuntu kernel works well enough for daily use.
      Signed-off-by: default avatarVlad Catoi <vladcatoi@gmail.com>
      Acked-by: default avatarClemens Ladisch <clemens@ladisch.de>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      b36df611
    • Harsha Priya's avatar
      ALSA: ALC283 codec - Avoid pop noise on headphones during suspend/resume · 3bbcc0f4
      Harsha Priya authored
      commit b450b17c upstream.
      
      This patch sets the headphones mode to default before suspending
      which helps avoid the pop noise on headphones
      Signed-off-by: default avatarHarsha Priya <harshapriya.n@intel.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      3bbcc0f4
    • Takashi Iwai's avatar
      ALSA: emu10k1: Fix deadlock in synth voice lookup · 348d783d
      Takashi Iwai authored
      commit 95926035 upstream.
      
      The emu10k1 voice allocator takes voice_lock spinlock.  When there is
      no empty stream available, it tries to release a voice used by synth,
      and calls get_synth_voice.  The callback function,
      snd_emu10k1_synth_get_voice(), however, also takes the voice_lock,
      thus it deadlocks.
      
      The fix is simply removing the voice_lock holds in
      snd_emu10k1_synth_get_voice(), as this is always called in the
      spinlock context.
      Reported-and-tested-by: default avatarArthur Marsh <arthur.marsh@internode.on.net>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      348d783d
    • Anatol Pomozov's avatar
      ALSA: pcm: use the same dma mmap codepath both for arm and arm64 · 493d45eb
      Anatol Pomozov authored
      commit a011e213 upstream.
      
      This avoids following kernel crash when try to playback on arm64
      
      [  107.497203] [<ffffffc00046b310>] snd_pcm_mmap_data_fault+0x90/0xd4
      [  107.503405] [<ffffffc0001541ac>] __do_fault+0xb0/0x498
      [  107.508565] [<ffffffc0001576a0>] handle_mm_fault+0x224/0x7b0
      [  107.514246] [<ffffffc000092640>] do_page_fault+0x11c/0x310
      [  107.519738] [<ffffffc000081100>] do_mem_abort+0x38/0x98
      
      Tested: backported to 3.14 and tried to playback on arm64 machine
      Signed-off-by: default avatarAnatol Pomozov <anatol.pomozov@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      493d45eb
    • Victor Kamensky's avatar
      arm64: compat: fix compat types affecting struct compat_elf_prpsinfo · b58c3a9f
      Victor Kamensky authored
      commit 971a5b6f upstream.
      
      The compat_elf_prpsinfo structure does not match the arch/arm struct
      elf_pspsinfo definition. As result NT_PRPSINFO note in core file
      created by arm64 kernel for aarch32 (compat) process has wrong size.
      So gdb cannot display command that caused process crash.
      
      Fix is to change size of __compat_uid_t, __compat_gid_t so it would
      match size of similar fields in arch/arm case.
      Signed-off-by: default avatarVictor Kamensky <victor.kamensky@linaro.org>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      b58c3a9f