1. 05 May, 2014 40 commits
    • Jiri Slaby's avatar
      Linux 3.12.19 · 3756888c
      Jiri Slaby authored
      3756888c
    • Oleg Nesterov's avatar
      exit: call disassociate_ctty() before exit_task_namespaces() · 61fae6df
      Oleg Nesterov authored
      commit c39df5fa upstream.
      
      Commit 8aac6270 ("move exit_task_namespaces() outside of
      exit_notify()") breaks pppd and the exiting service crashes the kernel:
      
          BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
          IP: ppp_register_channel+0x13/0x20 [ppp_generic]
          Call Trace:
            ppp_asynctty_open+0x12b/0x170 [ppp_async]
            tty_ldisc_open.isra.2+0x27/0x60
            tty_ldisc_hangup+0x1e3/0x220
            __tty_hangup+0x2c4/0x440
            disassociate_ctty+0x61/0x270
            do_exit+0x7f2/0xa50
      
      ppp_register_channel() needs ->net_ns and current->nsproxy == NULL.
      
      Move disassociate_ctty() before exit_task_namespaces(), it doesn't make
      sense to delay it after perf_event_exit_task() or cgroup_exit().
      
      This also allows to use task_work_add() inside the (nontrivial) code
      paths in disassociate_ctty().
      
      Investigated by Peter Hurley.
      Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
      Reported-by: default avatarSree Harsha Totakura <sreeharsha@totakura.in>
      Cc: Peter Hurley <peter@hurleysoftware.com>
      Cc: Sree Harsha Totakura <sreeharsha@totakura.in>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Jeff Dike <jdike@addtoit.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Andrey Vagin <avagin@openvz.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      61fae6df
    • Oleg Nesterov's avatar
      wait: fix reparent_leader() vs EXIT_DEAD->EXIT_ZOMBIE race · f3e9310e
      Oleg Nesterov authored
      commit dfccbb5e upstream.
      
      wait_task_zombie() first does EXIT_ZOMBIE->EXIT_DEAD transition and
      drops tasklist_lock.  If this task is not the natural child and it is
      traced, we change its state back to EXIT_ZOMBIE for ->real_parent.
      
      The last transition is racy, this is even documented in 50b8d257
      "ptrace: partially fix the do_wait(WEXITED) vs EXIT_DEAD->EXIT_ZOMBIE
      race".  wait_consider_task() tries to detect this transition and clear
      ->notask_error but we can't rely on ptrace_reparented(), debugger can
      exit and do ptrace_unlink() before its sub-thread sets EXIT_ZOMBIE.
      
      And there is another problem which were missed before: this transition
      can also race with reparent_leader() which doesn't reset >exit_signal if
      EXIT_DEAD, assuming that this task must be reaped by someone else.  So
      the tracee can be re-parented with ->exit_signal != SIGCHLD, and if
      /sbin/init doesn't use __WALL it becomes unreapable.
      
      Change reparent_leader() to update ->exit_signal even if EXIT_DEAD.
      Note: this is the simple temporary hack for -stable, it doesn't try to
      solve all problems, it will be reverted by the next changes.
      Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
      Reported-by: default avatarJan Kratochvil <jan.kratochvil@redhat.com>
      Reported-by: default avatarMichal Schmidt <mschmidt@redhat.com>
      Tested-by: default avatarMichal Schmidt <mschmidt@redhat.com>
      Cc: Al Viro <viro@ZenIV.linux.org.uk>
      Cc: Lennart Poettering <lpoetter@redhat.com>
      Cc: Roland McGrath <roland@hack.frob.com>
      Cc: Tejun Heo <tj@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      f3e9310e
    • David S. Miller's avatar
      sparc64: Make sure %pil interrupts are enabled during hypervisor yield. · 3f5bb90c
      David S. Miller authored
      [ Upstream commit cb3042d6 ]
      
      In arch_cpu_idle() we must enable %pil based interrupts before
      potentially invoking the hypervisor cpu yield call.
      
      As per the Hypervisor API documentation for cpu_yield:
      
      	Interrupts which are blocked by some mechanism other that
      	pstate.ie (for example %pil) are not guaranteed to cause
      	a return from this service.
      
      It seems that only first generation Niagara chips are hit by this
      bug.  My best guess is that later chips implement this in hardware
      and wake up anyways from %pil events, whereas in first generation
      chips the yield is implemented completely in hypervisor code and
      requires %pil to be enabled in order to wake properly from this
      call.
      
      Fixes: 87fa05ae ("sparc: Use generic idle loop")
      Reported-by: default avatarFabio M. Di Nitto <fabbione@fabbione.net>
      Reported-by: default avatarJan Engelhardt <jengelh@inai.de>
      Tested-by: default avatarJan Engelhardt <jengelh@inai.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      3f5bb90c
    • Dave Kleikamp's avatar
      sparc64: don't treat 64-bit syscall return codes as 32-bit · 094c49e0
      Dave Kleikamp authored
      [ Upstream commit 1535bd8a ]
      
      When checking a system call return code for an error,
      linux_sparc_syscall was sign-extending the lower 32-bit value and
      comparing it to -ERESTART_RESTARTBLOCK. lseek can return valid return
      codes whose lower 32-bits alone would indicate a failure (such as 4G-1).
      Use the whole 64-bit value to check for errors. Only the 32-bit path
      should sign extend the lower 32-bit value.
      Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
      Acked-by: default avatarBob Picco <bob.picco@oracle.com>
      Acked-by: default avatarAllen Pais <allen.pais@oracle.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: sparclinux@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      094c49e0
    • Paul Gortmaker's avatar
      sparc32: fix build failure for arch_jump_label_transform · 50aa539f
      Paul Gortmaker authored
      [ Upstream commit 4f6500ff ]
      
      In arch/sparc/Kernel/Makefile, we see:
      
         obj-$(CONFIG_SPARC64)   += jump_label.o
      
      However, the Kconfig selects HAVE_ARCH_JUMP_LABEL unconditionally
      for all SPARC.  This in turn leads to the following failure when
      doing allmodconfig coverage builds:
      
      kernel/built-in.o: In function `__jump_label_update':
      jump_label.c:(.text+0x8560c): undefined reference to `arch_jump_label_transform'
      kernel/built-in.o: In function `arch_jump_label_transform_static':
      (.text+0x85cf4): undefined reference to `arch_jump_label_transform'
      make: *** [vmlinux] Error 1
      
      Change HAVE_ARCH_JUMP_LABEL to be conditional on SPARC64 so that it
      matches the Makefile.
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      50aa539f
    • Li Zefan's avatar
      jffs2: remove from wait queue after schedule() · 7b87da3a
      Li Zefan authored
      commit 3ead9578 upstream.
      
      @wait is a local variable, so if we don't remove it from the wait queue
      list, later wake_up() may end up accessing invalid memory.
      
      This was spotted by eyes.
      Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      7b87da3a
    • Li Zefan's avatar
      jffs2: avoid soft-lockup in jffs2_reserve_space_gc() · ff308965
      Li Zefan authored
      commit 13b546d9 upstream.
      
      We triggered soft-lockup under stress test on 2.6.34 kernel.
      
      BUG: soft lockup - CPU#1 stuck for 60009ms! [lockf2.test:14488]
      ...
      [<bf09a4d4>] (jffs2_do_reserve_space+0x420/0x440 [jffs2])
      [<bf09a528>] (jffs2_reserve_space_gc+0x34/0x78 [jffs2])
      [<bf0a1350>] (jffs2_garbage_collect_dnode.isra.3+0x264/0x478 [jffs2])
      [<bf0a2078>] (jffs2_garbage_collect_pass+0x9c0/0xe4c [jffs2])
      [<bf09a670>] (jffs2_reserve_space+0x104/0x2a8 [jffs2])
      [<bf09dc48>] (jffs2_write_inode_range+0x5c/0x4d4 [jffs2])
      [<bf097d8c>] (jffs2_write_end+0x198/0x2c0 [jffs2])
      [<c00e00a4>] (generic_file_buffered_write+0x158/0x200)
      [<c00e14f4>] (__generic_file_aio_write+0x3a4/0x414)
      [<c00e15c0>] (generic_file_aio_write+0x5c/0xbc)
      [<c012334c>] (do_sync_write+0x98/0xd4)
      [<c0123a84>] (vfs_write+0xa8/0x150)
      [<c0123d74>] (sys_write+0x3c/0xc0)]
      
      Fix this by adding a cond_resched() in the while loop.
      
      [akpm@linux-foundation.org: don't initialize `ret']
      Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      ff308965
    • Ajesh Kunhipurayil Vijayan's avatar
      jffs2: Fix crash due to truncation of csize · 0bf18cba
      Ajesh Kunhipurayil Vijayan authored
      commit 41bf1a24 upstream.
      
      mounting JFFS2 partition sometimes crashes with this call trace:
      
      [ 1322.240000] Kernel bug detected[#1]:
      [ 1322.244000] Cpu 2
      [ 1322.244000] $ 0   : 0000000000000000 0000000000000018 000000003ff00070 0000000000000001
      [ 1322.252000] $ 4   : 0000000000000000 c0000000f3980150 0000000000000000 0000000000010000
      [ 1322.260000] $ 8   : ffffffffc09cd5f8 0000000000000001 0000000000000088 c0000000ed300de8
      [ 1322.268000] $12   : e5e19d9c5f613a45 ffffffffc046d464 0000000000000000 66227ba5ea67b74e
      [ 1322.276000] $16   : c0000000f1769c00 c0000000ed1e0200 c0000000f3980150 0000000000000000
      [ 1322.284000] $20   : c0000000f3a80000 00000000fffffffc c0000000ed2cfbd8 c0000000f39818f0
      [ 1322.292000] $24   : 0000000000000004 0000000000000000
      [ 1322.300000] $28   : c0000000ed2c0000 c0000000ed2cfab8 0000000000010000 ffffffffc039c0b0
      [ 1322.308000] Hi    : 000000000000023c
      [ 1322.312000] Lo    : 000000000003f802
      [ 1322.316000] epc   : ffffffffc039a9f8 check_tn_node+0x88/0x3b0
      [ 1322.320000]     Not tainted
      [ 1322.324000] ra    : ffffffffc039c0b0 jffs2_do_read_inode_internal+0x1250/0x1e48
      [ 1322.332000] Status: 5400f8e3    KX SX UX KERNEL EXL IE
      [ 1322.336000] Cause : 00800034
      [ 1322.340000] PrId  : 000c1004 (Netlogic XLP)
      [ 1322.344000] Modules linked in:
      [ 1322.348000] Process jffs2_gcd_mtd7 (pid: 264, threadinfo=c0000000ed2c0000, task=c0000000f0e68dd8, tls=0000000000000000)
      [ 1322.356000] Stack : c0000000f1769e30 c0000000ed010780 c0000000ed010780 c0000000ed300000
              c0000000f1769c00 c0000000f3980150 c0000000f3a80000 00000000fffffffc
              c0000000ed2cfbd8 ffffffffc039c0b0 ffffffffc09c6340 0000000000001000
              0000000000000dec ffffffffc016c9d8 c0000000f39805a0 c0000000f3980180
              0000008600000000 0000000000000000 0000000000000000 0000000000000000
              0001000000000dec c0000000f1769d98 c0000000ed2cfb18 0000000000010000
              0000000000010000 0000000000000044 c0000000f3a80000 c0000000f1769c00
              c0000000f3d207a8 c0000000f1769d98 c0000000f1769de0 ffffffffc076f9c0
              0000000000000009 0000000000000000 0000000000000000 ffffffffc039cf90
              0000000000000017 ffffffffc013fbdc 0000000000000001 000000010003e61c
              ...
      [ 1322.424000] Call Trace:
      [ 1322.428000] [<ffffffffc039a9f8>] check_tn_node+0x88/0x3b0
      [ 1322.432000] [<ffffffffc039c0b0>] jffs2_do_read_inode_internal+0x1250/0x1e48
      [ 1322.440000] [<ffffffffc039cf90>] jffs2_do_crccheck_inode+0x70/0xd0
      [ 1322.448000] [<ffffffffc03a1b80>] jffs2_garbage_collect_pass+0x160/0x870
      [ 1322.452000] [<ffffffffc03a392c>] jffs2_garbage_collect_thread+0xdc/0x1f0
      [ 1322.460000] [<ffffffffc01541c8>] kthread+0xb8/0xc0
      [ 1322.464000] [<ffffffffc0106d18>] kernel_thread_helper+0x10/0x18
      [ 1322.472000]
      [ 1322.472000]
      Code: 67bd0050  94a4002c  2c830001 <00038036> de050218  2403fffc  0080a82d  00431824  24630044
      [ 1322.480000] ---[ end trace b052bb90e97dfbf5 ]---
      
      The variable csize in structure jffs2_tmp_dnode_info is of type uint16_t, but it
      is used to hold the compressed data length(csize) which is declared as uint32_t.
      So, when the value of csize exceeds 16bits, it gets truncated when assigned to
      tn->csize. This is causing a kernel BUG.
      Changing the definition of csize in jffs2_tmp_dnode_info to uint32_t fixes the issue.
      Signed-off-by: default avatarAjesh Kunhipurayil Vijayan <ajesh@broadcom.com>
      Signed-off-by: default avatarKamlakant Patel <kamlakant.patel@broadcom.com>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      0bf18cba
    • Kamlakant Patel's avatar
      jffs2: Fix segmentation fault found in stress test · 7e33def9
      Kamlakant Patel authored
      commit 3367da56 upstream.
      
      Creating a large file on a JFFS2 partition sometimes crashes with this call
      trace:
      
      [  306.476000] CPU 13 Unable to handle kernel paging request at virtual address c0000000dfff8002, epc == ffffffffc03a80a8, ra == ffffffffc03a8044
      [  306.488000] Oops[#1]:
      [  306.488000] Cpu 13
      [  306.492000] $ 0   : 0000000000000000 0000000000000000 0000000000008008 0000000000008007
      [  306.500000] $ 4   : c0000000dfff8002 000000000000009f c0000000e0007cde c0000000ee95fa58
      [  306.508000] $ 8   : 0000000000000001 0000000000008008 0000000000010000 ffffffffffff8002
      [  306.516000] $12   : 0000000000007fa9 000000000000ff0e 000000000000ff0f 80e55930aebb92bb
      [  306.524000] $16   : c0000000e0000000 c0000000ee95fa5c c0000000efc80000 ffffffffc09edd70
      [  306.532000] $20   : ffffffffc2b60000 c0000000ee95fa58 0000000000000000 c0000000efc80000
      [  306.540000] $24   : 0000000000000000 0000000000000004
      [  306.548000] $28   : c0000000ee950000 c0000000ee95f738 0000000000000000 ffffffffc03a8044
      [  306.556000] Hi    : 00000000000574a5
      [  306.560000] Lo    : 6193b7a7e903d8c9
      [  306.564000] epc   : ffffffffc03a80a8 jffs2_rtime_compress+0x98/0x198
      [  306.568000]     Tainted: G        W
      [  306.572000] ra    : ffffffffc03a8044 jffs2_rtime_compress+0x34/0x198
      [  306.580000] Status: 5000f8e3    KX SX UX KERNEL EXL IE
      [  306.584000] Cause : 00800008
      [  306.588000] BadVA : c0000000dfff8002
      [  306.592000] PrId  : 000c1100 (Netlogic XLP)
      [  306.596000] Modules linked in:
      [  306.596000] Process dd (pid: 170, threadinfo=c0000000ee950000, task=c0000000ee6e0858, tls=0000000000c47490)
      [  306.608000] Stack : 7c547f377ddc7ee4 7ffc7f967f5d7fae 7f617f507fc37ff4 7e7d7f817f487f5f
              7d8e7fec7ee87eb3 7e977ff27eec7f9e 7d677ec67f917f67 7f3d7e457f017ed7
              7fd37f517f867eb2 7fed7fd17ca57e1d 7e5f7fe87f257f77 7fd77f0d7ede7fdb
              7fba7fef7e197f99 7fde7fe07ee37eb5 7f5c7f8c7fc67f65 7f457fb87f847e93
              7f737f3e7d137cd9 7f8e7e9c7fc47d25 7dbb7fac7fb67e52 7ff17f627da97f64
              7f6b7df77ffa7ec5 80057ef17f357fb3 7f767fa27dfc7fd5 7fe37e8e7fd07e53
              7e227fcf7efb7fa1 7f547e787fa87fcc 7fcb7fc57f5a7ffb 7fc07f6c7ea97e80
              7e2d7ed17e587ee0 7fb17f9d7feb7f31 7f607e797e887faa 7f757fdd7c607ff3
              7e877e657ef37fbd 7ec17fd67fe67ff7 7ff67f797ff87dc4 7eef7f3a7c337fa6
              7fe57fc97ed87f4b 7ebe7f097f0b8003 7fe97e2a7d997cba 7f587f987f3c7fa9
              ...
      [  306.676000] Call Trace:
      [  306.680000] [<ffffffffc03a80a8>] jffs2_rtime_compress+0x98/0x198
      [  306.684000] [<ffffffffc0394f10>] jffs2_selected_compress+0x110/0x230
      [  306.692000] [<ffffffffc039508c>] jffs2_compress+0x5c/0x388
      [  306.696000] [<ffffffffc039dc58>] jffs2_write_inode_range+0xd8/0x388
      [  306.704000] [<ffffffffc03971bc>] jffs2_write_end+0x16c/0x2d0
      [  306.708000] [<ffffffffc01d3d90>] generic_file_buffered_write+0xf8/0x2b8
      [  306.716000] [<ffffffffc01d4e7c>] __generic_file_aio_write+0x1ac/0x350
      [  306.720000] [<ffffffffc01d50a0>] generic_file_aio_write+0x80/0x168
      [  306.728000] [<ffffffffc021f7dc>] do_sync_write+0x94/0xf8
      [  306.732000] [<ffffffffc021ff6c>] vfs_write+0xa4/0x1a0
      [  306.736000] [<ffffffffc02202e8>] SyS_write+0x50/0x90
      [  306.744000] [<ffffffffc0116cc0>] handle_sys+0x180/0x1a0
      [  306.748000]
      [  306.748000]
      Code: 020b202d  0205282d  90a50000 <90840000> 14a40038  00000000  0060602d  0000282d  016c5823
      [  306.760000] ---[ end trace 79dd088435be02d0 ]---
      Segmentation fault
      
      This crash is caused because the 'positions' is declared as an array of signed
      short. The value of position is in the range 0..65535, and will be converted
      to a negative number when the position is greater than 32767 and causes a
      corruption and crash. Changing the definition to 'unsigned short' fixes this
      issue
      Signed-off-by: default avatarJayachandran C <jchandra@broadcom.com>
      Signed-off-by: default avatarKamlakant Patel <kamlakant.patel@broadcom.com>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      7e33def9
    • Eric Whitney's avatar
      ext4: fix premature freeing of partial clusters split across leaf blocks · 1eccbcab
      Eric Whitney authored
      commit ad6599ab upstream.
      
      Xfstests generic/311 and shared/298 fail when run on a bigalloc file
      system.  Kernel error messages produced during the tests report that
      blocks to be freed are already on the to-be-freed list.  When e2fsck
      is run at the end of the tests, it typically reports bad i_blocks and
      bad free blocks counts.
      
      The bug that causes these failures is located in ext4_ext_rm_leaf().
      Code at the end of the function frees a partial cluster if it's not
      shared with an extent remaining in the leaf.  However, if all the
      extents in the leaf have been removed, the code dereferences an
      invalid extent pointer (off the front of the leaf) when the check for
      sharing is made.  This generally has the effect of unconditionally
      freeing the partial cluster, which leads to the observed failures
      when the partial cluster is shared with the last extent in the next
      leaf.
      
      Fix this by attempting to free the cluster only if extents remain in
      the leaf.  Any remaining partial cluster will be freed if possible
      when the next leaf is processed or when leaf removal is complete.
      Signed-off-by: default avatarEric Whitney <enwlinux@gmail.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      1eccbcab
    • Eric Whitney's avatar
      ext4: fix partial cluster handling for bigalloc file systems · 23606f1b
      Eric Whitney authored
      commit c0634493 upstream.
      
      Commit 9cb00419, which enables hole punching for bigalloc file
      systems, exposed a bug introduced by commit 6ae06ff5 in an earlier
      release.  When run on a bigalloc file system, xfstests generic/013, 068,
      075, 083, 091, 100, 112, 127, 263, 269, and 270 fail with e2fsck errors
      or cause kernel error messages indicating that previously freed blocks
      are being freed again.
      
      The latter commit optimizes the selection of the starting extent in
      ext4_ext_rm_leaf() when hole punching by beginning with the extent
      supplied in the path argument rather than with the last extent in the
      leaf node (as is still done when truncating).  However, the code in
      rm_leaf that initially sets partial_cluster to track cluster sharing on
      extent boundaries is only guaranteed to run if rm_leaf starts with the
      last node in the leaf.  Consequently, partial_cluster is not correctly
      initialized when hole punching, and a cluster on the boundary of a
      punched region that should be retained may instead be deallocated.
      Signed-off-by: default avatarEric Whitney <enwlinux@gmail.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      23606f1b
    • Eric Whitney's avatar
      ext4: fix error return from ext4_ext_handle_uninitialized_extents() · e3794f95
      Eric Whitney authored
      commit ce37c429 upstream.
      
      Commit 37794732 breaks the return of error codes from
      ext4_ext_handle_uninitialized_extents() in ext4_ext_map_blocks().  A
      portion of the patch assigns that function's signed integer return
      value to an unsigned int.  Consequently, negatively valued error codes
      are lost and can be treated as a bogus allocated block count.
      Signed-off-by: default avatarEric Whitney <enwlinux@gmail.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      e3794f95
    • Josef Bacik's avatar
      Btrfs: fix deadlock with nested trans handles · 3717191e
      Josef Bacik authored
      commit 3bbb24b2 upstream.
      
      Zach found this deadlock that would happen like this
      
      btrfs_end_transaction <- reduce trans->use_count to 0
        btrfs_run_delayed_refs
          btrfs_cow_block
            find_free_extent
      	btrfs_start_transaction <- increase trans->use_count to 1
                allocate chunk
      	btrfs_end_transaction <- decrease trans->use_count to 0
      	  btrfs_run_delayed_refs
      	    lock tree block we are cowing above ^^
      
      We need to only decrease trans->use_count if it is above 1, otherwise leave it
      alone.  This will make nested trans be the only ones who decrease their added
      ref, and will let us get rid of the trans->use_count++ hack if we have to commit
      the transaction.  Thanks,
      Reported-by: default avatarZach Brown <zab@redhat.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      Tested-by: default avatarZach Brown <zab@redhat.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      3717191e
    • Hidetoshi Seto's avatar
      Btrfs: skip submitting barrier for missing device · d1dc14b5
      Hidetoshi Seto authored
      commit f88ba6a2 upstream.
      
      I got an error on v3.13:
       BTRFS error (device sdf1) in write_all_supers:3378: errno=-5 IO failure (errors while submitting device barriers.)
      
      how to reproduce:
        > mkfs.btrfs -f -d raid1 /dev/sdf1 /dev/sdf2
        > wipefs -a /dev/sdf2
        > mount -o degraded /dev/sdf1 /mnt
        > btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single /mnt
      
      The reason of the error is that barrier_all_devices() failed to submit
      barrier to the missing device.  However it is clear that we cannot do
      anything on missing device, and also it is not necessary to care chunks
      on the missing device.
      
      This patch stops sending/waiting barrier if device is missing.
      Signed-off-by: default avatarHidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      d1dc14b5
    • Mark Tinguely's avatar
      xfs: fix directory hash ordering bug · fd4037ca
      Mark Tinguely authored
      commit c88547a8 upstream.
      
      Commit f5ea1100 ("xfs: add CRCs to dir2/da node blocks") introduced
      in 3.10 incorrectly converted the btree hash index array pointer in
      xfs_da3_fixhashpath(). It resulted in the the current hash always
      being compared against the first entry in the btree rather than the
      current block index into the btree block's hash entry array. As a
      result, it was comparing the wrong hashes, and so could misorder the
      entries in the btree.
      
      For most cases, this doesn't cause any problems as it requires hash
      collisions to expose the ordering problem. However, when there are
      hash collisions within a directory there is a very good probability
      that the entries will be ordered incorrectly and that actually
      matters when duplicate hashes are placed into or removed from the
      btree block hash entry array.
      
      This bug results in an on-disk directory corruption and that results
      in directory verifier functions throwing corruption warnings into
      the logs. While no data or directory entries are lost, access to
      them may be compromised, and attempts to remove entries from a
      directory that has suffered from this corruption may result in a
      filesystem shutdown.  xfs_repair will fix the directory hash
      ordering without data loss occuring.
      
      [dchinner: wrote useful a commit message]
      Reported-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarMark Tinguely <tinguely@sgi.com>
      Reviewed-by: default avatarBen Myers <bpm@sgi.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      fd4037ca
    • Claudio Takahasi's avatar
      Bluetooth: Fix removing Long Term Key · 626d6cde
      Claudio Takahasi authored
      commit 5981a882 upstream.
      
      This patch fixes authentication failure on LE link re-connection when
      BlueZ acts as slave (peripheral). LTK is removed from the internal list
      after its first use causing PIN or Key missing reply when re-connecting
      the link. The LE Long Term Key Request event indicates that the master
      is attempting to encrypt or re-encrypt the link.
      
      Pre-condition: BlueZ host paired and running as slave.
      How to reproduce(master):
      
        1) Establish an ACL LE encrypted link
        2) Disconnect the link
        3) Try to re-establish the ACL LE encrypted link (fails)
      
      > HCI Event: LE Meta Event (0x3e) plen 19
            LE Connection Complete (0x01)
              Status: Success (0x00)
              Handle: 64
              Role: Slave (0x01)
      ...
      @ Device Connected: 00:02:72:DC:29:C9 (1) flags 0x0000
      > HCI Event: LE Meta Event (0x3e) plen 13
            LE Long Term Key Request (0x05)
              Handle: 64
              Random number: 875be18439d9aa37
              Encryption diversifier: 0x76ed
      < HCI Command: LE Long Term Key Request Reply (0x08|0x001a) plen 18
              Handle: 64
              Long term key: 2aa531db2fce9f00a0569c7d23d17409
      > HCI Event: Command Complete (0x0e) plen 6
            LE Long Term Key Request Reply (0x08|0x001a) ncmd 1
              Status: Success (0x00)
              Handle: 64
      > HCI Event: Encryption Change (0x08) plen 4
              Status: Success (0x00)
              Handle: 64
              Encryption: Enabled with AES-CCM (0x01)
      ...
      @ Device Disconnected: 00:02:72:DC:29:C9 (1) reason 3
      < HCI Command: LE Set Advertise Enable (0x08|0x000a) plen 1
              Advertising: Enabled (0x01)
      > HCI Event: Command Complete (0x0e) plen 4
            LE Set Advertise Enable (0x08|0x000a) ncmd 1
              Status: Success (0x00)
      > HCI Event: LE Meta Event (0x3e) plen 19
            LE Connection Complete (0x01)
              Status: Success (0x00)
              Handle: 64
              Role: Slave (0x01)
      ...
      @ Device Connected: 00:02:72:DC:29:C9 (1) flags 0x0000
      > HCI Event: LE Meta Event (0x3e) plen 13
            LE Long Term Key Request (0x05)
              Handle: 64
              Random number: 875be18439d9aa37
              Encryption diversifier: 0x76ed
      < HCI Command: LE Long Term Key Request Neg Reply (0x08|0x001b) plen 2
              Handle: 64
      > HCI Event: Command Complete (0x0e) plen 6
            LE Long Term Key Request Neg Reply (0x08|0x001b) ncmd 1
              Status: Success (0x00)
              Handle: 64
      > HCI Event: Disconnect Complete (0x05) plen 4
              Status: Success (0x00)
              Handle: 64
              Reason: Authentication Failure (0x05)
      @ Device Disconnected: 00:02:72:DC:29:C9 (1) reason 0
      Signed-off-by: default avatarClaudio Takahasi <claudio.takahasi@openbossa.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      626d6cde
    • Oleg Nesterov's avatar
      pid_namespace: pidns_get() should check task_active_pid_ns() != NULL · d2bba525
      Oleg Nesterov authored
      commit d2308225 upstream.
      
      pidns_get()->get_pid_ns() can hit ns == NULL. This task_struct can't
      go away, but task_active_pid_ns(task) is NULL if release_task(task)
      was already called. Alternatively we could change get_pid_ns(ns) to
      check ns != NULL, but it seems that other callers are fine.
      Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
      Cc: Eric W. Biederman ebiederm@xmission.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      d2bba525
    • Peter Hurley's avatar
      tty: Fix low_latency BUG · 18b258a3
      Peter Hurley authored
      commit a9c3f68f upstream.
      
      The user-settable knob, low_latency, has been the source of
      several BUG reports which stem from flush_to_ldisc() running
      in interrupt context. Since 3.12, which added several sleeping
      locks (termios_rwsem and buf->lock) to the input processing path,
      the frequency of these BUG reports has increased.
      
      Note that changes in 3.12 did not introduce this regression;
      sleeping locks were first added to the input processing path
      with the removal of the BKL from N_TTY in commit
      a88a69c9,
      'n_tty: Fix loss of echoed characters and remove bkl from n_tty'
      and later in commit 38db8979,
      'tty: throttling race fix'. Since those changes, executing
      flush_to_ldisc() in interrupt_context (ie, low_latency set), is unsafe.
      
      However, since most devices do not validate if the low_latency
      setting is appropriate for the context (process or interrupt) in
      which they receive data, some reports are due to misconfiguration.
      Further, serial dma devices for which dma fails, resort to
      interrupt receiving as a backup without resetting low_latency.
      
      Historically, low_latency was used to force wake-up the reading
      process rather than wait for the next scheduler tick. The
      effect was to trim multiple milliseconds of latency from
      when the process would receive new data.
      
      Recent tests [1] have shown that the reading process now receives
      data with only 10's of microseconds latency without low_latency set.
      
      Remove the low_latency rx steering from tty_flip_buffer_push();
      however, leave the knob as an optional hint to drivers that can
      tune their rx fifos and such like. Cleanup stale code comments
      regarding low_latency.
      
      [1] https://lkml.org/lkml/2014/2/20/434
      
      "Yay.. thats an annoying historical pain in the butt gone."
      	-- Alan Cox
      Reported-by: default avatarBeat Bolli <bbolli@ewanet.ch>
      Reported-by: default avatarPavel Roskin <proski@gnu.org>
      Acked-by: default avatarDavid Sterba <dsterba@suse.cz>
      Cc: Grant Edwards <grant.b.edwards@gmail.com>
      Cc: Stanislaw Gruszka <sgruszka@redhat.com>
      Cc: Hal Murray <murray+fedora@ip-64-139-1-69.sjc.megapath.net>
      Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      18b258a3
    • Hannes Reinecke's avatar
      tty: Set correct tty name in 'active' sysfs attribute · 8351a311
      Hannes Reinecke authored
      commit 723abd87 upstream.
      
      The 'active' sysfs attribute should refer to the currently active tty
      devices the console is running on, not the currently active console. The
      console structure doesn't refer to any device in sysfs, only the tty the
      console is running on has. So we need to print out the tty names in
      'active', not the console names.
      
      There is one special-case, which is tty0. If the console is directed to
      it, we want 'tty0' to show up in the file, so user-space knows that the
      messages get forwarded to the active VT. The ->device() callback would
      resolve tty0, though. Hence, treat it special and don't call into the VT
      layer to resolve it (plymouth is known to depend on it).
      
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Kay Sievers <kay@vrfy.org>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Signed-off-by: default avatarWerner Fink <werner@suse.de>
      Signed-off-by: default avatarHannes Reinecke <hare@suse.de>
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      8351a311
    • Ian Abbott's avatar
      staging: comedi: 8255_pci: initialize MITE data window · c7860938
      Ian Abbott authored
      commit 268d1e79 upstream.
      
      According to National Instruments' PCI-DIO-96/PXI-6508/PCI-6503 User
      Manual, the physical address in PCI BAR1 needs to be OR'ed with 0x80 and
      written to register offset 0xC0 in the "MITE" registers (BAR0).  Do so
      during initialization of the National Instruments boards handled by the
      "8255_pci" driver.  The boards were previously handled by the
      "ni_pcidio" driver, where the initialization was done by `mite_setup()`
      in the "mite" module.  The "mite" module comes with too much extra
      baggage for the "8255_pci" driver to deal with so use a local, simpler
      initialization function.
      Signed-off-by: default avatarIan Abbott <abbotti@mev.co.uk>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      c7860938
    • Lan Tianyu's avatar
      ACPI / button: Add ACPI Button event via netlink routine · f437aa69
      Lan Tianyu authored
      commit 0bf6368e upstream.
      
      Commit 1696d9dc (ACPI: Remove the old /proc/acpi/event interface)
      removed ACPI Button event which originally was sent to userspace via
      /proc/acpi/event. This caused ACPI shutdown regression on gentoo
      in VirtualBox. Now ACPI events are sent to userspace via netlink,
      so add ACPI Button event back via netlink routine.
      
      References: https://bugzilla.kernel.org/show_bug.cgi?id=71721Reported-and-tested-by: default avatarRichard Musil <richard.musil@gmail.com>
      Signed-off-by: default avatarLan Tianyu <tianyu.lan@intel.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      f437aa69
    • Mohit Kumar's avatar
      PCI: designware: Fix iATU programming for cfg1, io and mem viewport · 7cdf9eb0
      Mohit Kumar authored
      commit 017fcdc3 upstream.
      
      This patch corrects iATU programming for cfg1, io and mem viewport.  Enable
      ATU only after configuring it.
      Signed-off-by: default avatarMohit Kumar <mohit.kumar@st.com>
      Signed-off-by: default avatarAjay Khandelwal <ajay.khandelwal@st.com>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Acked-by: default avatarJingoo Han <jg1.han@samsung.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      7cdf9eb0
    • Mohit Kumar's avatar
      PCI: designware: Fix RC BAR to be single 64-bit non-prefetchable memory BAR · 47495e35
      Mohit Kumar authored
      commit dbffdd68 upstream.
      
      The Synopsys PCIe core provides one pair of 32-bit BARs (BAR 0 and BAR 1).
      The BARs can be configured as follows:
      
        - One 64-bit BAR: BARs 0 and 1 are combined to form a single 64-bit BAR
        - Two 32-bit BARs: BARs 0 and 1 are two independent 32-bit BARs
      
      This patch corrects 64-bit, non-prefetchable memory BAR configuration
      implemented in dw driver.
      Signed-off-by: default avatarMohit Kumar <mohit.kumar@st.com>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Cc: Pratyush Anand <pratyush.anand@st.com>
      Cc: Jingoo Han <jg1.han@samsung.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      47495e35
    • Neil Horman's avatar
      x86: Adjust irq remapping quirk for older revisions of 5500/5520 chipsets · 6226a60b
      Neil Horman authored
      commit 6f8a1b33 upstream.
      
      Commit 03bbcb2e (iommu/vt-d: add quirk for broken interrupt
      remapping on 55XX chipsets) properly disables irq remapping on the
      5500/5520 chipsets that don't correctly perform that feature.
      
      However, when I wrote it, I followed the errata sheet linked in that
      commit too closely, and explicitly tied the activation of the quirk to
      revision 0x13 of the chip, under the assumption that earlier revisions
      were not in the field.  Recently a system was reported to be suffering
      from this remap bug and the quirk hadn't triggered, because the
      revision id register read at a lower value that 0x13, so the quirk
      test failed improperly.  Given this, it seems only prudent to adjust
      this quirk so that any revision less than 0x13 has the quirk asserted.
      
      [ tglx: Removed the 0x12 comparison of pci id 3405 as this is covered
          	by the <= 0x13 check already ]
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: x86@kernel.org
      Link: http://lkml.kernel.org/r/1394649873-14913-1-git-send-email-nhorman@tuxdriver.comSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      6226a60b
    • Mikulas Patocka's avatar
      user namespace: fix incorrect memory barriers · 4eaff7d2
      Mikulas Patocka authored
      commit e79323bd upstream.
      
      smp_read_barrier_depends() can be used if there is data dependency between
      the readers - i.e. if the read operation after the barrier uses address
      that was obtained from the read operation before the barrier.
      
      In this file, there is only control dependency, no data dependecy, so the
      use of smp_read_barrier_depends() is incorrect. The code could fail in the
      following way:
      * the cpu predicts that idx < entries is true and starts executing the
        body of the for loop
      * the cpu fetches map->extent[0].first and map->extent[0].count
      * the cpu fetches map->nr_extents
      * the cpu verifies that idx < extents is true, so it commits the
        instructions in the body of the for loop
      
      The problem is that in this scenario, the cpu read map->extent[0].first
      and map->nr_extents in the wrong order. We need a full read memory barrier
      to prevent it.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      4eaff7d2
    • Oliver Neukum's avatar
      ACPI / sleep: remove panic in case hardware has changed after S4 · 43c5512d
      Oliver Neukum authored
      commit 5c551e62 upstream.
      
      Some BIOSes change hardware based on the state of
      a laptop's lid. If the lid is closed, the touchpad is
      disabled and the checksum changes. Windows 8 no longer
      aborts resume if the checksum has changed.
      Signed-off-by: default avatarOliver Neukum <oneukum@suse.de>
      [rjw: Use pr_crit() for the message and don't break the string]
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      43c5512d
    • LEROY Christophe's avatar
      powerpc/8xx: mfspr SPRN_TBRx in lieu of mftb/mftbu is not supported · 1e37176e
      LEROY Christophe authored
      commit ae2163be upstream.
      
      Commit beb2dc0a breaks the MPC8xx which
      seems to not support using mfspr SPRN_TBRx instead of mftb/mftbu
      despite what is written in the reference manual.
      
      This patch reverts to the use of mftb/mftbu when CONFIG_8xx is
      selected.
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarScott Wood <scottwood@freescale.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      1e37176e
    • Helge Deller's avatar
      parisc: fix epoll_pwait syscall on compat kernel · b7b78ca8
      Helge Deller authored
      commit ab3e55b1 upstream.
      
      This bug was detected with the libio-epoll-perl debian package where the
      test case IO-Ppoll-compat.t failed.
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      CC: stable@kernel.org   # 3.0+
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      b7b78ca8
    • Wang, Xiaoming's avatar
      net: ipv4: current group_info should be put after using. · 95c3a562
      Wang, Xiaoming authored
      commit b04c4619 upstream.
      
      Plug a group_info refcount leak in ping_init.
      group_info is only needed during initialization and
      the code failed to release the reference on exit.
      While here move grabbing the reference to a place
      where it is actually needed.
      Signed-off-by: default avatarChuansheng Liu <chuansheng.liu@intel.com>
      Signed-off-by: default avatarZhang Dongxing <dongxing.zhang@intel.com>
      Signed-off-by: default avatarxiaoming wang <xiaoming.wang@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      95c3a562
    • Paolo Bonzini's avatar
      KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155) · 95846d96
      Paolo Bonzini authored
      commit 5678de3f upstream.
      
      QE reported that they got the BUG_ON in ioapic_service to trigger.
      I cannot reproduce it, but there are two reasons why this could happen.
      
      The less likely but also easiest one, is when kvm_irq_delivery_to_apic
      does not deliver to any APIC and returns -1.
      
      Because irqe.shorthand == 0, the kvm_for_each_vcpu loop in that
      function is never reached.  However, you can target the similar loop in
      kvm_irq_delivery_to_apic_fast; just program a zero logical destination
      address into the IOAPIC, or an out-of-range physical destination address.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      95846d96
    • Bodo Stroesser's avatar
      ipmi: Fix a race restarting the timer · 10083c00
      Bodo Stroesser authored
      commit 48e8ac29 upstream.
      
      With recent changes it is possible for the timer handler to detect an
      idle interface and not start the timer, but the thread to start an
      operation at the same time.  The thread will not start the timer in that
      instance, resulting in the timer not running.
      
      Instead, move all timer operations under the lock and start the timer in
      the thread if it detect non-idle and the timer is not already running.
      Moving under locks allows the last timeout to be set in both the thread
      and the timer.  'Timer is not running' means that the timer is not
      pending and smi_timeout() is not running.  So we need a flag to detect
      this correctly.
      
      Also fix a few other timeout bugs: setting the last timeout when the
      interrupt has to be disabled and the timer started, and setting the last
      timeout in check_start_timer_thread possibly racing with the timer
      Signed-off-by: default avatarCorey Minyard <cminyard@mvista.com>
      Signed-off-by: default avatarBodo Stroesser <bstroesser@ts.fujitsu.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      10083c00
    • Rusty Russell's avatar
      virtio_balloon: don't softlockup on huge balloon changes. · fa8c40b7
      Rusty Russell authored
      commit 1f74ef0f upstream.
      
      When adding or removing 100G from a balloon:
      
          BUG: soft lockup - CPU#0 stuck for 22s! [vballoon:367]
      
      We have a wait_event_interruptible(), but the condition is always true
      (more ballooning to do) so we don't ever sleep.  We also have a
      wait_event() for the host to ack, but that is also always true as QEMU
      is synchronous for balloon operations.
      Reported-by: default avatarGopesh Kumar Chaudhary <gopchaud@in.ibm.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      fa8c40b7
    • Jan Kara's avatar
      bdi: avoid oops on device removal · fa48decc
      Jan Kara authored
      commit 5acda9d1 upstream.
      
      After commit 839a8e86 ("writeback: replace custom worker pool
      implementation with unbound workqueue") when device is removed while we
      are writing to it we crash in bdi_writeback_workfn() ->
      set_worker_desc() because bdi->dev is NULL.
      
      This can happen because even though bdi_unregister() cancels all pending
      flushing work, nothing really prevents new ones from being queued from
      balance_dirty_pages() or other places.
      
      Fix the problem by clearing BDI_registered bit in bdi_unregister() and
      checking it before scheduling of any flushing work.
      
      Fixes: 839a8e86Reviewed-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Cc: Derek Basehore <dbasehore@chromium.org>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      fa48decc
    • Derek Basehore's avatar
      backing_dev: fix hung task on sync · 24239843
      Derek Basehore authored
      commit 6ca738d6 upstream.
      
      bdi_wakeup_thread_delayed() used the mod_delayed_work() function to
      schedule work to writeback dirty inodes.  The problem with this is that
      it can delay work that is scheduled for immediate execution, such as the
      work from sync_inodes_sb().  This can happen since mod_delayed_work()
      can now steal work from a work_queue.  This fixes the problem by using
      queue_delayed_work() instead.  This is a regression caused by commit
      839a8e86 ("writeback: replace custom worker pool implementation with
      unbound workqueue").
      
      The reason that this causes a problem is that laptop-mode will change
      the delay, dirty_writeback_centisecs, to 60000 (10 minutes) by default.
      In the case that bdi_wakeup_thread_delayed() races with
      sync_inodes_sb(), sync will be stopped for 10 minutes and trigger a hung
      task.  Even if dirty_writeback_centisecs is not long enough to cause a
      hung task, we still don't want to delay sync for that long.
      
      We fix the problem by using queue_delayed_work() when we want to
      schedule writeback sometime in future.  This function doesn't change the
      timer if it is already armed.
      
      For the same reason, we also change bdi_writeback_workfn() to
      immediately queue the work again in the case that the work_list is not
      empty.  The same problem can happen if the sync work is run on the
      rescue worker.
      
      [jack@suse.cz: update changelog, add comment, use bdi_wakeup_thread_delayed()]
      Signed-off-by: default avatarDerek Basehore <dbasehore@chromium.org>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Cc: Alexander Viro <viro@zento.linux.org.uk>
      Reviewed-by: default avatarTejun Heo <tj@kernel.org>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: "Darrick J. Wong" <darrick.wong@oracle.com>
      Cc: Derek Basehore <dbasehore@chromium.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Benson Leung <bleung@chromium.org>
      Cc: Sonny Rao <sonnyrao@chromium.org>
      Cc: Luigi Semenzato <semenzato@chromium.org>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: Dave Chinner <david@fromorbit.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      24239843
    • Aravind Gopalakrishnan's avatar
      amd64_edac: Fix logic to determine channel for F15 M30h processors · a9600ec9
      Aravind Gopalakrishnan authored
      commit 9d0e8d83 upstream.
      
      Update current channel selection logic to include F15h, M30h memory
      controllers.
      
      Refer F15 M30h BKDG D18F2x110[7:6] (DRAM Controller Select Low)
      (Link:http://support.amd.com/TechDocs/49125_15h_Models_30h-3Fh_BKDG.pdf)
      Signed-off-by: default avatarAravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
      Link: http://lkml.kernel.org/r/1390338216-3873-1-git-send-email-Aravind.Gopalakrishnan@amd.comSigned-off-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      a9600ec9
    • Aravind Gopalakrishnan's avatar
      x86/quirks: Add workaround for AMD F16h Erratum792 · 8e0a45a8
      Aravind Gopalakrishnan authored
      commit fb53a1ab upstream.
      
      The workaround for this Erratum is included in AGESA. But BIOSes
      spun only after Jan2014 will have the fix (atleast server
      versions of the chip). The erratum affects both embedded and
      server platforms and since we cannot say with certainity that
      ALL BIOSes on systems out in the field will have the fix, we
      should probably insulate ourselves in case BIOS does not do the
      right thing or someone is using old BIOSes.
      
      Refer to Revision Guide for AMD F16h models 00h-0fh, document 51810
      Rev. 3.04, November2013 for details on the Erratum.
      
      Tested the patch on Fam16h server platform and it works fine.
      Signed-off-by: default avatarAravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
      Cc: <hmh@hmh.eng.br>
      Cc: <Kim.Naru@amd.com>
      Cc: <Suravee.Suthikulpanit@amd.com>
      Cc: <bp@suse.de>
      Cc: <sherry.hurwitz@amd.com>
      Link: http://lkml.kernel.org/r/1390515212-1824-1-git-send-email-Aravind.Gopalakrishnan@amd.com
      [ Minor edits. ]
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      8e0a45a8
    • Sergey Dyasly's avatar
      ARM: 7840/1: LPAE: don't reject mapping /dev/mem above 4GB · 4aeced5e
      Sergey Dyasly authored
      commit 3159f372 upstream.
      
      With LPAE enabled, physical address space is larger than 4GB. Allow mapping any
      part of it via /dev/mem by using PHYS_MASK to determine valid range.
      
      PHYS_MASK covers 40 bits with LPAE enabled and 32 bits otherwise.
      Reported-by: default avatarVassili Karpov <av1474@comtv.ru>
      Signed-off-by: default avatarSergey Dyasly <dserrg@gmail.com>
      Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      4aeced5e
    • Kieran Clancy's avatar
      ACPI / EC: Process rather than discard events in acpi_ec_clear · 3da1d25c
      Kieran Clancy authored
      commit 3eba563e upstream.
      
      Address a regression caused by commit ad332c8a:
      (ACPI / EC: Clear stale EC events on Samsung systems)
      
      After the earlier patch, there was found to be a race condition on some
      earlier Samsung systems (N150/N210/N220). The function acpi_ec_clear was
      sometimes discarding a new EC event before its GPE was triggered by the
      system. In the case of these systems, this meant that the "lid open"
      event was not registered on resume if that was the cause of the wake,
      leading to problems when attempting to close the lid to suspend again.
      
      After testing on a number of Samsung systems, both those affected by the
      previous EC bug and those affected by the race condition, it seemed that
      the best course of action was to process rather than discard the events.
      On Samsung systems which accumulate stale EC events, there does not seem
      to be any adverse side-effects of running the associated _Q methods.
      
      This patch adds an argument to the static function acpi_ec_sync_query so
      that it may be used within the acpi_ec_clear loop in place of
      acpi_ec_query_unlocked which was used previously.
      
      With thanks to Stefan Biereigel for reporting the issue, and for all the
      people who helped test the new patch on affected systems.
      
      Fixes: ad332c8a (ACPI / EC: Clear stale EC events on Samsung systems)
      References: https://lkml.kernel.org/r/532FE3B2.9060808@biereigel-wb.de
      References: https://bugzilla.kernel.org/show_bug.cgi?id=44161#c173Reported-by: default avatarStefan Biereigel <stefan@biereigel.de>
      Signed-off-by: default avatarKieran Clancy <clancy.kieran@gmail.com>
      Tested-by: default avatarStefan Biereigel <stefan@biereigel.de>
      Tested-by: default avatarDennis Jansen <dennis.jansen@web.de>
      Tested-by: default avatarNicolas Porcel <nicolasporcel06@gmail.com>
      Tested-by: default avatarMaurizio D'Addona <mauritiusdadd@gmail.com>
      Tested-by: default avatarJuan Manuel Cabo <juanmanuel.cabo@gmail.com>
      Tested-by: default avatarGiannis Koutsou <giannis.koutsou@gmail.com>
      Tested-by: default avatarKieran Clancy <clancy.kieran@gmail.com>
      Cc: 3.14+ <stable@vger.kernel.org> # 3.14+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      3da1d25c
    • David Ertman's avatar
      e1000e: Fix no connectivity when driver loaded with cable out · ee16a586
      David Ertman authored
      commit b20a7744 upstream.
      
      In commit da1e2046, the flow for enabling/disabling an Si errata
      workaround (e1000_lv_jumbo_workaround_ich8lan) was changed to fix a problem
      with iAMT connections dropping on interface down with jumbo frames set.
      Part of this change was to move the function call disabling the workaround
      to e1000e_down() from the e1000_setup_rctl() function.  The mechanic for
      disabling of this workaround involves writing several MAC and PHY registers
      back to hardware defaults.
      
      After this commit, when the driver is loaded with the cable out, the PHY
      registers are not programmed with the correct default values.  This causes
      the device to be capable of transmitting packets, but is unable to recieve
      them until this workaround is called.
      
      The flow of e1000e's open code relies upon calling the above workaround to
      expicitly program these registers either with jumbo frame appropriate settings
      or h/w defaults on 82579 and newer hardware.
      
      Fix this issue by adding logic to e1000_setup_rctl() that not only calls
      e1000_lv_jumbo_workaround_ich8lan() when jumbo frames are set, to enable the
      workaround, but also calls this function to explicitly disable the workaround
      in the case that jumbo frames are not set.
      Signed-off-by: default avatarDave Ertman <davidx.m.ertman@intel.com>
      Tested-by: default avatarJeff Pieper <jeffrey.e.pieper@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      ee16a586