- 10 Oct, 2013 3 commits
-
-
Bharat Bhushan authored
When the MM code is invalidating a range of pages, it calls the KVM kvm_mmu_notifier_invalidate_range_start() notifier function, which calls kvm_unmap_hva_range(), which arranges to flush all the TLBs for guest pages. However, the Linux PTEs for the range being flushed are still valid at that point. We are not supposed to establish any new references to pages in the range until the ...range_end() notifier gets called. The PPC-specific KVM code doesn't get any explicit notification of that; instead, we are supposed to use mmu_notifier_retry() to test whether we are or have been inside a range flush notifier pair while we have been referencing a page. This patch calls the mmu_notifier_retry() while mapping the guest page to ensure we are not referencing a page when in range invalidation. This call is inside a region locked with kvm->mmu_lock, which is the same lock that is called by the KVM MMU notifier functions, thus ensuring that no new notification can proceed while we are in the locked region. Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com> Acked-by: Alexander Graf <agraf@suse.de> [Backported to 3.12 - Paolo] Reviewed-by: Bharat Bhushan <bharat.bhushan@freescale.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Paul Mackerras authored
This fixes a typo in the code that saves the guest DSCR (Data Stream Control Register) into the kvm_vcpu_arch struct on guest exit. The effect of the typo was that the DSCR value was saved in the wrong place, so changes to the DSCR by the guest didn't persist across guest exit and entry, and some host kernel memory got corrupted. Cc: stable@vger.kernel.org [v3.1+] Signed-off-by: Paul Mackerras <paulus@samba.org> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Gleb Natapov authored
72f85795 broke shadow on EPT. This patch reverts it and fixes PAE on nEPT (which reverted commit fixed) in other way. Shadow on EPT is now broken because while L1 builds shadow page table for L2 (which is PAE while L2 is in real mode) it never loads L2's GUEST_PDPTR[0-3]. They do not need to be loaded because without nested virtualization HW does this during guest entry if EPT is disabled, but in our case L0 emulates L2's vmentry while EPT is enables, so we cannot rely on vmcs12->guest_pdptr[0-3] to contain up-to-date values and need to re-read PDPTEs from L2 memory. This is what kvm_set_cr3() is doing, but by clearing cache bits during L2 vmentry we drop values that kvm_set_cr3() read from memory. So why the same code does not work for PAE on nEPT? kvm_set_cr3() reads pdptes into vcpu->arch.walk_mmu->pdptrs[]. walk_mmu points to vcpu->arch.nested_mmu while nested guest is running, but ept_load_pdptrs() uses vcpu->arch.mmu which contain incorrect values. Fix that by using walk_mmu in ept_(load|save)_pdptrs. Signed-off-by: Gleb Natapov <gleb@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
- 03 Oct, 2013 22 commits
-
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull kvm NULL deref fix from Gleb Natapov. * git://git.kernel.org/pub/scm/virt/kvm/kvm: Fix NULL dereference in gfn_to_hva_prot()
-
git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arcLinus Torvalds authored
Pull ARC fix from Vineet Gupta: "Chrisitian found/fixed issue with SA_SIGINFO based signal handler corrupting the user space registers post after signal handling" * 'for-curr' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: Fix signal frame management for SA_SIGINFO
-
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpcLinus Torvalds authored
Pull powerpc fixes from Ben Herrenschmidt: "Here are a few powerpc fixes, all aimed at -stable, found in part thanks to the ramping up of a major distro testing and in part thanks to the LE guys hitting all sort interesting corner cases. The most scary are probably the register clobber issues in csum_partial_copy_generic(), especially since Anton even had a test case for that thing, which didn't manage to hit the bugs :-) Another highlight is that memory hotplug should work again with these fixes. Oh and the vio modalias one is worse than the cset implies as it upsets distro installers, so I've been told at least, which is why I'm shooting it to stable" * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: powerpc/tm: Switch out userspace PPR and DSCR sooner powerpc/tm: Turn interrupts hard off in tm_reclaim() powerpc/perf: Fix handling of FAB events powerpc/vio: Fix modalias_show return values powerpc/iommu: Use GFP_KERNEL instead of GFP_ATOMIC in iommu_init_table() powerpc/sysfs: Disable writing to PURR in guest mode powerpc: Restore registers on error exit from csum_partial_copy_generic() powerpc: Fix parameter clobber in csum_partial_copy_generic() powerpc: Fix memory hotplug with sparse vmemmap
-
Michael Neuling authored
When we do a treclaim or trecheckpoint we end up running with userspace PPR and DSCR values. Currently we don't do anything special to avoid running with user values which could cause a severe performance degradation. This patch moves the PPR and DSCR save and restore around treclaim and trecheckpoint so that we run with user values for a much shorter period. More care is taken with the PPR as it's impact is greater than the DSCR. This is similar to user exceptions, where we run HTM_MEDIUM early to ensure that we don't run with a userspace PPR values in the kernel. Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: <stable@vger.kernel.org> # 3.9+ Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-
Michael Neuling authored
We can't take IRQs in tm_reclaim as we might have a bogus r13 and r1. This turns IRQs hard off in this function. Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: <stable@vger.kernel.org> # 3.9+ Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-
Michael Ellerman authored
Commit 4df48999 "Add power8 EBB support" included a bug in the handling of the FAB_CRESP_MATCH and FAB_TYPE_MATCH fields. These values are pulled out of the event code using EVENT_THR_CTL_SHIFT, however we were then or'ing that value directly into MMCR1. This meant we were failing to set the FAB fields correctly, and also potentially corrupting the value for PMC4SEL. Leading to no counts for the FAB events and incorrect counts for PMC4. The fix is simply to shift left the FAB value correctly before or'ing it with MMCR1. Reported-by: Sooraj Ravindran Nair <soonair3@in.ibm.com> Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Cc: <stable@vger.kernel.org> # 3.10+ Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-
Prarit Bhargava authored
modalias_show() should return an empty string on error, not -ENODEV. This causes the following false and annoying error: > find /sys/devices -name modalias -print0 | xargs -0 cat >/dev/null cat: /sys/devices/vio/4000/modalias: No such device cat: /sys/devices/vio/4001/modalias: No such device cat: /sys/devices/vio/4002/modalias: No such device cat: /sys/devices/vio/4004/modalias: No such device cat: /sys/devices/vio/modalias: No such device Signed-off-by: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> CC: <stable@vger.kernel.org>
-
Nishanth Aravamudan authored
Under heavy (DLPAR?) stress, we tripped this panic() in arch/powerpc/kernel/iommu.c::iommu_init_table(): page = alloc_pages_node(nid, GFP_ATOMIC, get_order(sz)); if (!page) panic("iommu_init_table: Can't allocate %ld bytes\n", sz); Before the panic() we got a page allocation failure for an order-2 allocation. There appears to be memory free, but perhaps not in the ATOMIC context. I looked through all the call-sites of iommu_init_table() and didn't see any obvious reason to need an ATOMIC allocation. Most call-sites in fact have an explicit GFP_KERNEL allocation shortly before the call to iommu_init_table(), indicating we are not in an atomic context. There is some indirection for some paths, but I didn't see any locks indicating that GFP_KERNEL is inappropriate. With this change under the same conditions, we have not been able to reproduce the panic. Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> CC: <stable@vger.kernel.org>
-
Madhavan Srinivasan authored
arch/powerpc/kernel/sysfs.c exports PURR with write permission. This may be valid for kernel in phyp mode. But writing to the file in guest mode causes crash due to a priviledge violation Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> CC: <stable@vger.kernel.org>
-
Paul E. McKenney authored
The csum_partial_copy_generic() function saves the PowerPC non-volatile r14, r15, and r16 registers for the main checksum-and-copy loop. Unfortunately, it fails to restore them upon error exit from this loop, which results in silent corruption of these registers in the presumably rare event of an access exception within that loop. This commit therefore restores these register on error exit from the loop. Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Anton Blanchard <anton@samba.org> Cc: stable@vger.kernel.org Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-
Paul E. McKenney authored
The csum_partial_copy_generic() uses register r7 to adjust the remaining bytes to process. Unfortunately, r7 also holds a parameter, namely the address of the flag to set in case of access exceptions while reading the source buffer. Lacking a quantum implementation of PowerPC, this commit instead uses register r9 to do the adjusting, leaving r7's pointer uncorrupted. Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Anton Blanchard <anton@samba.org> Cc: stable@vger.kernel.org Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-
Nathan Fontenot authored
Previous commit 46723bfa... introduced a new config option HAVE_BOOTMEM_INFO_NODE that ended up breaking memory hot-remove for ppc when sparse vmemmap is not defined. This patch defines HAVE_BOOTMEM_INFO_NODE for ppc and adds the call to register_page_bootmem_info_node. Without this we get a BUG_ON for memory hot remove in put_page_bootmem(). This also adds a stub for register_page_bootmem_memmap to allow ppc to build with sparse vmemmap defined. Leaving this as a stub is fine since the same vmemmap addresses are also handled in vmemmap_populate and as such are properly mapped. Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> CC: <stable@vger.kernel.org> [v3.9+]
-
Gleb Natapov authored
gfn_to_memslot() can return NULL or invalid slot. We need to check slot validity before accessing it. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-socLinus Torvalds authored
Pull ARM SoC fixes from Olof Johansson: "We have a fairly large batch of fixes this time around, mostly just due to various platforms all having a fix or two more than usual. Worth pointing out are: - A fix for EDMA on Davinci/OMAP where channel allocation broke with the DT conversion. Due to some miscommunication we didn't understand the impact of the breakage, so we were pushing back on it for 3.12, but it sounds like it's actually breaking quite a few people out there. - A bunch of fixes for Marvell platforms, some straggling fixes for merge window fallout and some fixes for a couple of the platforms (Netgear RN102 in particular). - A fix for a race between multi-cluster power management and cpu hotplug on Versatile Express. And a bunch of other smaller fixes that all add up. We'll be switching over into stricter regressions-only mode from here on out" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits) ARM: multi_v7_defconfig: add SDHCI for i.MX bus: mvebu-mbus: Fix optional pcie-mem/io-aperture properties ARM: mvebu: add missing DT Mbus ranges and relocate PCIe DT nodes for RN102 ARM: at91: sam9g45: shutdown ddr1 too when rebooting MAINTAINERS: ARM: SIRF: use kernel.org mail box MAINTAINERS: ARM: SIRF: add missed drivers into maintain list ARM: edma: Fix clearing of unused list for DT DMA resources ARM: vexpress: tc2: fix hotplug/idle/kexec race on cluster power down ARM: dts: sirf: fix interrupt and dma prop of VIP for prima2 and atlas6 ARM: dts: sirf: fix the ranges of peri-iobrg of prima2 ARM: dts: makefile: build atlas6-evb.dtb for ARCH_ATLAS6 ARM: dts: sirf: fix fifosize, clks, dma channels for UART ARM: mvebu: Add DT entry for ReadyNAS 102 to use gpio-poweroff driver ARM: mvebu: fix ReadyNAS 102 Power button GPIO to make it active high ARM: mach-integrator: Add stub for pci_v3_early_init() for !CONFIG_PCI ARM: shmobile: Remove #gpio-ranges-cells DT property gpio: rcar: Remove #gpio-range-cells DT property usage ARM: shmobile: armadillo: fixup ether pinctrl naming ARM: shmobile: Lager: add Micrel KSZ8041 PHY fixup ARM: shmobile: update SDHI DT compatibility string to the <unit>-<soc> format ...
-
Christian Ruppert authored
Previously, when a signal was registered with SA_SIGINFO, parameters 2 and 3 of the signal handler were written to registers r1 and r2 before the register set was saved. This led to corruption of these two registers after returning from the signal handler (the wrong values were restored). With this patch, registers are now saved before any parameters are passed, thus maintaining the processor state from before signal entry. Signed-off-by: Christian Ruppert <christian.ruppert@abilis.com> Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds authored
Pull sparc fixes from David Miller: "Couple of small bug fixes: 1) strlcpy in ldom_reboot() is still not quite right, use sprintf instead from Kees Cook. 2) Generic hugetlb interface pte checks should use the widest return type, otherwise high bits can get chopped off. 3) Fix build with PCI MSI enabled on 32-bit sparc" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: fix MSI build failure on Sparc32 sparc: remove deprecated IRQF_DISABLED mm: Fix generic hugetlb pte check return type. sparc: fix ldom_reboot buffer overflow harder
-
git://git.infradead.org/linux-mvebuOlof Johansson authored
From Jason Cooper: mvebu fixes for v3.12 (round 2) - mvebu - fix ReadyNAS 102 power button (needs to be active high) - fix ReadyNAS 102 automated rebooting (prevent hang) by add gpio-poweroff node - fix booting ReadyNAS 102 by adding MBus ranges and PCIe DT nodes - mvebu-mbus: prevent PCIe driver from continuing with corrupted resource * tag 'fixes-3.12-2' of git://git.infradead.org/linux-mvebu: bus: mvebu-mbus: Fix optional pcie-mem/io-aperture properties ARM: mvebu: add missing DT Mbus ranges and relocate PCIe DT nodes for RN102 ARM: mvebu: Add DT entry for ReadyNAS 102 to use gpio-poweroff driver ARM: mvebu: fix ReadyNAS 102 Power button GPIO to make it active high Signed-off-by: Olof Johansson <olof@lixom.net>
-
Olof Johansson authored
Turn on SDHCI for i.MX support so machines can boot with local rootfs on SD. Tested on a Wandboard Quad. Signed-off-by: Olof Johansson <olof@lixom.net> Reviewed-by: Fabio Estevam <fabio.estevam@freescale.com>
-
Thomas Petazzoni authored
Commit ebd97be6 ('PCI: remove ARCH_SUPPORTS_MSI kconfig option') removes the ARCH_SUPPORTS_MSI Kconfig option that allowed architectures to indicate whether they support PCI MSI or not. Now, PCI MSI support can be compiled in on any architecture thanks to the use of weak functions thanks to 4287d824 ('PCI: use weak functions for MSI arch-specific functions'). So, architecture specific code is now responsible to ensure that its PCI MSI code builds in all cases, or be appropriately conditionally compiled. On Sparc, the MSI support is only provided for Sparc64, so the ARCH_SUPPORTS_MSI kconfig option was only selected for SPARC64, and not for the Sparc architecture as a whole. Therefore, removing ARCH_SUPPORTS_MSI broke Sparc32 configurations with CONFIG_PCI_MSI=y, because the Sparc-specific MSI code is not designed to be built on Sparc32. To solve this, this commit ensures that the Sparc MSI code is only built on Sparc64. This is done thanks to a new Kconfig Makefile helper option SPARC64_PCI_MSI, modeled after the existing SPARC64_PCI. The SPARC64_PCI_MSI option is an hidden option that is true when both Sparc64 PCI support is enabled and MSI is enabled. The arch/sparc/kernel/pci_msi.c file is now only built when SPARC64_PCI_MSI is true. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reported-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from sparc architecture code. It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by: Michael Opdenacker <michael.opdenacker@free-electrons.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Miller authored
The include/asm-generic/hugetlb.h stubs that just vector huge_pte_*() calls to the pte_*() implementations won't work in certain situations. x86 and sparc, for example, return "unsigned long" from the bit checks, and just go "return pte_val(pte) & PTE_BIT_FOO;" But since huge_pte_*() returns 'int', if any high bits on 64-bit are relevant, they get chopped off. The net effect is that we can loop forever trying to COW a huge page, because the huge_pte_write() check signals false all the time. Reported-by: Gurudas Pai <gurudas.pai@oracle.com> Tested-by: Gurudas Pai <gurudas.pai@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: David Rientjes <rientjes@google.com>
-
Kees Cook authored
The length argument to strlcpy was still wrong. It could overflow the end of full_boot_str by 5 bytes. Instead of strcat and strlcpy, just use snprint. Reported-by: Brad Spengler <spender@grsecurity.net> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 02 Oct, 2013 3 commits
-
-
git://git.kvack.org/~bcrl/aio-nextLinus Torvalds authored
Pull aio use-after-free fix from Ben LaHaise. * git://git.kvack.org/~bcrl/aio-next: aio: fix use-after-free in aio_migratepage
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "All small, mostly driver-specific fixes: a few ASoC driver fixes (trivial stable fixes, sgtl5000 fixes), one DPCM fix, an old AC97 ID, and a fix for HD-audio Conexant GPIO" * tag 'sound-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda - Fix GPIO for Acer Aspire 3830TG ALSA: ac97: Add ID for TI TLV320AIC27 codec ASoC: imx-sgtl5000: Fix uninitialized pointer use in error path ASoC: imx-sgtl5000: do not use devres on a foreign device ASoC: blackfin: Add missing break statement to bf6xx ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st() ASoC: ab8500-codec: info leak in anc_status_control_put() ASoC: max98095: a couple array underflows ASoC: core: Only add platform DAI widgets once.
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrlLinus Torvalds authored
Pull pin control fixes from Linus Walleij: - Various build warning fixes. - Correct the S5P pin count. - Handle BIAS_DEFAULT properly in the Palmas driver. * tag 'pinctrl-v3.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: palmas: do not abort pin configuration for BIAS_DEFAULT pinctrl: Correct number of pins for s5pv210 pinctrl: remove an unnecessary cast pinctrl: fix pinconf_dbg_config_write return type pinctrl: tegra114: Remove MODULE_ALIAS
-
- 01 Oct, 2013 12 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking changes from David Miller: 1) Multiply in netfilter IPVS can overflow when calculating destination weight. From Simon Kirby. 2) Use after free fixes in IPVS from Julian Anastasov. 3) SFC driver bug fixes from Daniel Pieczko. 4) Memory leak in pcan_usb_core failure paths, from Alexey Khoroshilov. 5) Locking and encapsulation fixes to serial line CAN driver, from Andrew Naujoks. 6) Duplex and VF handling fixes to bnx2x driver from Yaniv Rosner, Eilon Greenstein, and Ariel Elior. 7) In lapb, if no other packets are outstanding, T1 timeouts actually stall things and no packet gets sent. Fix from Josselin Costanzi. 8) ICMP redirects should not make it to the socket error queues, from Duan Jiong. 9) Fix bugs in skge DMA mapping error handling, from Nikulas Patocka. 10) Fix setting of VLAN priority field on via-rhine driver, from Roget Luethi. 11) Fix TX stalls and VLAN promisc programming in be2net driver from Ajit Khaparde. 12) Packet padding doesn't get handled correctly in new usbnet SG support code, from Ming Lei. 13) Fix races in netdevice teardown wrt. network namespace closing. From Eric W. Biederman. 14) Fix potential missed initialization of net_secret if not TCP connections are openned. From Eric Dumazet. 15) Cinterion PLXX product ID in qmi_wwan driver is wrong, from Aleksander Morgado. 16) skb_cow_head() can change skb->data and thus packet header pointers, don't use stale ip_hdr reference in ip_tunnel code. 17) Backend state transition handling fixes in xen-netback, from Paul Durrant. 18) Packet offset for AH protocol is handled wrong in flow dissector, from Eric Dumazet. 19) Taking down an fq packet scheduler instance can leave stale packets in the queues, fix from Eric Dumazet. 20) Fix performance regressions introduced by TCP Small Queues. From Eric Dumazet. 21) IPV6 GRE tunneling code calculates max_headroom incorrectly, from Hannes Frederic Sowa. 22) Multicast timer handlers in ipv4 and ipv6 can be the last and final reference to the ipv4/ipv6 specific network device state, so use the reference put that will check and release the object if the reference hits zero. From Salam Noureddine. 23) Fix memory corruption in ip_tunnel driver, and use skb_push() instead of __skb_push() so that similar bugs are less hard to find. From Steffen Klassert. 24) Add forgotten hookup of rtnl_ops in SIT and ip6tnl drivers, from Nicolas Dichtel. 25) fq scheduler doesn't accurately rate limit in certain circumstances, from Eric Dumazet. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (103 commits) pkt_sched: fq: rate limiting improvements ip6tnl: allow to use rtnl ops on fb tunnel sit: allow to use rtnl ops on fb tunnel ip_tunnel: Remove double unregister of the fallback device ip_tunnel_core: Change __skb_push back to skb_push ip_tunnel: Add fallback tunnels to the hash lists ip_tunnel: Fix a memory corruption in ip_tunnel_xmit qlcnic: Fix SR-IOV configuration ll_temac: Reset dma descriptors indexes on ndo_open skbuff: size of hole is wrong in a comment ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put ethernet: moxa: fix incorrect placement of __initdata tag ipv6: gre: correct calculation of max_headroom powerpc/83xx: gianfar_ptp: select 1588 clock source through dts file Revert "powerpc/83xx: gianfar_ptp: select 1588 clock source through dts file" bonding: Fix broken promiscuity reference counting issue tcp: TSQ can use a dynamic limit dm9601: fix IFF_ALLMULTI handling pkt_sched: fq: qdisc dismantle fixes ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds authored
Pull sparc fix from David Miller: "Just a single bug fix to a regression added during some strlcpy() conversions" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix buggy strlcpy() conversion in ldom_reboot().
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull vfs lru leak fix from Al Viro: "The fix in "super: fix for destroy lrus" didn't - they need to be destroyed, all right, but that's the wrong place..." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs/super.c: fix lru_list leak for real
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull two KVM fixes from Gleb Natapov. * git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: VMX: do not check bit 12 of EPT violation exit qualification when undefined ARM: kvm: rename cpu_reset to avoid name clash
-
Al Viro authored
Freeing ->s_{inode,dentry}_lru in deactivate_locked_super() is wrong; the right place is destroy_super(). As it is, we leak them if sget() decides that new superblock it has allocated (and never shown to anybody) isn't needed and should be freed. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-
Jason Gunthorpe authored
If the property was not specified then the returned resource had a resource_size(..) == 1, rather than 0. The PCI-E driver checks for 0 so it blindly continues on with a corrupted resource. The regression was introduced into v3.12 by: 11be6547 PCI: mvebu: Adapt to the new device tree layout Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Signed-off-by: Jason Cooper <jason@lakedaemon.net>
-
Eric Dumazet authored
FQ rate limiting suffers from two problems, reported by Steinar : 1) FQ enforces a delay when flow quantum is exhausted in order to reduce cpu overhead. But if packets are small, current delay computation is slightly wrong, and observed rates can be too high. Steinar had this problem because he disabled TSO and GSO, and default FQ quantum is 2*1514. (Of course, I wish recent TSO auto sizing changes will help to not having to disable TSO in the first place) 2) maxrate was not used for forwarded flows (skbs not attached to a socket) Tested: tc qdisc add dev eth0 root est 1sec 4sec fq maxrate 8Mbit netperf -H lpq84 -l 1000 & sleep 10 ; tc -s qdisc show dev eth0 qdisc fq 8003: root refcnt 32 limit 10000p flow_limit 100p buckets 1024 quantum 3028 initial_quantum 15140 maxrate 8000Kbit Sent 16819357 bytes 11258 pkt (dropped 0, overlimits 0 requeues 0) rate 7831Kbit 653pps backlog 7570b 5p requeues 0 44 flows (43 inactive, 1 throttled), next packet delay 2977352 ns 0 gc, 0 highprio, 5545 throttled lpq83:~# tcpdump -p -i eth0 host lpq84 -c 12 09:02:52.079484 IP lpq83 > lpq84: . 1389536928:1389538376(1448) ack 3808678021 win 457 <nop,nop,timestamp 961812 572609068> 09:02:52.079499 IP lpq83 > lpq84: . 1448:2896(1448) ack 1 win 457 <nop,nop,timestamp 961812 572609068> 09:02:52.079906 IP lpq84 > lpq83: . ack 2896 win 16384 <nop,nop,timestamp 572609080 961812> 09:02:52.082568 IP lpq83 > lpq84: . 2896:4344(1448) ack 1 win 457 <nop,nop,timestamp 961815 572609071> 09:02:52.082581 IP lpq83 > lpq84: . 4344:5792(1448) ack 1 win 457 <nop,nop,timestamp 961815 572609071> 09:02:52.083017 IP lpq84 > lpq83: . ack 5792 win 16384 <nop,nop,timestamp 572609083 961815> 09:02:52.085678 IP lpq83 > lpq84: . 5792:7240(1448) ack 1 win 457 <nop,nop,timestamp 961818 572609074> 09:02:52.085693 IP lpq83 > lpq84: . 7240:8688(1448) ack 1 win 457 <nop,nop,timestamp 961818 572609074> 09:02:52.086117 IP lpq84 > lpq83: . ack 8688 win 16384 <nop,nop,timestamp 572609086 961818> 09:02:52.088792 IP lpq83 > lpq84: . 8688:10136(1448) ack 1 win 457 <nop,nop,timestamp 961821 572609077> 09:02:52.088806 IP lpq83 > lpq84: . 10136:11584(1448) ack 1 win 457 <nop,nop,timestamp 961821 572609077> 09:02:52.089217 IP lpq84 > lpq83: . ack 11584 win 16384 <nop,nop,timestamp 572609090 961821> Reported-by: Steinar H. Gunderson <sesse@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nicolas Dichtel authored
rtnl ops where introduced by c075b130 ("ip6tnl: advertise tunnel param via rtnl"), but I forget to assign rtnl ops to fb tunnels. Now that it is done, we must remove the explicit call to unregister_netdevice_queue(), because the fallback tunnel is added to the queue in ip6_tnl_destroy_tunnels() when checking rtnl_link_ops of all netdevices (this is valid since commit 0bd87628 ("ip6tnl: add x-netns support")). Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nicolas Dichtel authored
rtnl ops where introduced by ba3e3f50 ("sit: advertise tunnel param via rtnl"), but I forget to assign rtnl ops to fb tunnels. Now that it is done, we must remove the explicit call to unregister_netdevice_queue(), because the fallback tunnel is added to the queue in sit_destroy_tunnels() when checking rtnl_link_ops of all netdevices (this is valid since commit 5e6700b3 ("sit: add support of x-netns")). Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
ip_tunnel bug fixes from Steffen Klassert. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Steffen Klassert authored
When queueing the netdevices for removal, we queue the fallback device twice in ip_tunnel_destroy(). The first time when we queue all netdevices in the namespace and then again explicitly. Fix this by removing the explicit queueing of the fallback device. Bug was introduced when network namespace support was added with commit 6c742e71 ("ipip: add x-netns support"). Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Steffen Klassert authored
Git commit 0e6fbc5b ("ip_tunnels: extend iptunnel_xmit()") moved the IP header installation to iptunnel_xmit() and changed skb_push() to __skb_push(). This makes possible bugs hard to track down, so change it back to skb_push(). Cc: Pravin Shelar <pshelar@nicira.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-