1. 08 Dec, 2014 8 commits
  2. 07 Dec, 2014 2 commits
  3. 06 Dec, 2014 2 commits
  4. 05 Dec, 2014 7 commits
  5. 04 Dec, 2014 7 commits
  6. 03 Dec, 2014 14 commits
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · ebcd241a
      Linus Torvalds authored
      Pull i2c bugfixes from Wolfram Sang:
       "A few driver bugfixes for 3.18"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: omap: fix i207 errata handling
        i2c: designware: prevent early stop on TX FIFO empty
        i2c: omap: fix NACK and Arbitration Lost irq handling
      ebcd241a
    • Linus Torvalds's avatar
      Merge tag 'pci-v3.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 5dc62635
      Linus Torvalds authored
      Pull PCI fix from Bjorn Helgaas:
       "This fixes a Tegra20 regression that we introduced during the v3.18
        merge window"
      
      * tag 'pci-v3.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: tegra: Use physical range for I/O mapping
      5dc62635
    • Linus Torvalds's avatar
      Merge tag 'devicetree-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/glikely/linux · b48a20a5
      Linus Torvalds authored
      Pull devicetree bugfix from Grant Likely:
       "One more bug fix for v3.18.  I debated whether or not to send you this
        merge request because we're at such a late rc.  The bug isn't critical
        in that there is only one system known to be affected and the patch is
        easy to backport.  The codepath is used by pretty much every DT based
        system, so there is risk a of regression (it /should/ be safe, but
        I've been bitten by stuff that should be safe before).  I've had it in
        linux-next for a week and haven't received any complaints.
      
        I think it probably should just be merged right away rather than
        waiting for the merge window and backporting.  It does fix a real bug
        and the code is theoretically safer after the change.  I can't think
        of any situation where it would be dangerous to reserve the DT memory
        an extra time.
      
        Summary from tag:
      
          Single bugfix for boot failure seen in the wild.  The memory reserve
          code tries to be clever about reserving the FDT, but it should just
          go ahead and reserve it unconditionally to avoid the problem of
          partial overlap described in the patch"
      
      * tag 'devicetree-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/glikely/linux:
        of/fdt: memblock_reserve /memreserve/ regions in the case of partial overlap
      b48a20a5
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 93bd38b3
      Linus Torvalds authored
      Pull block core regression fix from Jens Axboe:
       "Single fix for a regression introduced in this development cycle,
        where dm on top of dif/dix is broken.  From Darrick Wong"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        block: fix regression where bio_integrity_process uses wrong bio_vec iterator
      93bd38b3
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 46d967ae
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Radeon and Nouveau fixes:
      
        So nouveau had a few regression introduced, Ben and Maarten finally
        tracked down the one that was causing problems on my MacBookPro, also
        nvidia gave some info on the an engine we were using incorrectly, so
        disable our use of it, and one regresion with pci hotplug affecting
        optimus users.
      
        Radeon has an oops fixs, sync fix, and one workaround to avoid broken
        functionality on 32-bit x86, this needs better root causing and a
        better fix, but the bandaid is a lot safer at this point"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/radeon: kernel panic in drm_calc_vbltimestamp_from_scanoutpos with 3.18.0-rc6
        drm/radeon: Ignore RADEON_GEM_GTT_WC on 32-bit x86
        drm/radeon: sync all BOs involved in a CS v2
        nouveau: move the hotplug ignore to correct place.
        drm/nouveau/gf116: remove copy1 engine
        drm/nouveau: prevent stale fence->channel pointers, and protect with rcu
        drm/nouveau/fifo/g84-: ack non-stall interrupt before handling it
      46d967ae
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 9044f940
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fill in ethtool link parameters for all link types in cxgb4, from
          Hariprasad Shenai.
      
       2) Fix probe regressions in stmmac driver, from Huacai Chen.
      
       3) Network namespace leaks on errirs in rtnetlink, from Nicolas
          Dichtel.
      
       4) Remove erroneous BUG check which can actually trigger legitimately,
          in xen-netfront.  From Seth Forshee.
      
       5) Validate length of IFLA_BOND_ARP_IP_TARGET netlink attributes, from
          Thomas Grag.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        cxgb4: Fill in supported link mode for SFP modules
        xen-netfront: Remove BUGs on paged skb data which crosses a page boundary
        sh_eth: Fix sleeping function called from invalid context
        stmmac: platform: Move plat_dat checking earlier
        sh_eth: Fix skb alloc size and alignment adjust rule.
        rtnetlink: release net refcnt on error in do_setlink()
        bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes
      9044f940
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 23c836ce
      Linus Torvalds authored
      Pull keyring/nfs fixes from James Morris:
       "From David Howells:
      
        The first one fixes the handling of maximum buffer size for key
        descriptions, fixing the size at 4095 + NUL char rather than whatever
        PAGE_SIZE happens to be and permits you to read back the full
        description without it getting clipped because some extra information
        got prepended.
      
        The second and third fix a bug in NFS idmapper handling whereby a key
        representing a mapping between an id and a name expires and causing
        EKEYEXPIRED to be seen internally in NFS (which prevents the mapping
        from happening) rather than re-looking up the mapping"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED
        KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags
        KEYS: Fix the size of the key description passed to/from userspace
      23c836ce
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew Morton) · 1dd909af
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "10 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        slab: fix nodeid bounds check for non-contiguous node IDs
        lib/genalloc.c: export devm_gen_pool_create() for modules
        mm: fix anon_vma_clone() error treatment
        mm: fix swapoff hang after page migration and fork
        fat: fix oops on corrupted vfat fs
        ipc/sem.c: fully initialize sem_array before making it visible
        drivers/input/evdev.c: don't kfree() a vmalloc address
        mm/vmpressure.c: fix race in vmpressure_work_fn()
        mm: frontswap: invalidate expired data on a dup-store failure
        mm: do not overwrite reserved pages counter at show_mem()
      1dd909af
    • Paul Mackerras's avatar
      slab: fix nodeid bounds check for non-contiguous node IDs · 7c3fbbdd
      Paul Mackerras authored
      The bounds check for nodeid in ____cache_alloc_node gives false
      positives on machines where the node IDs are not contiguous, leading to
      a panic at boot time.  For example, on a POWER8 machine the node IDs are
      typically 0, 1, 16 and 17.  This means that num_online_nodes() returns
      4, so when ____cache_alloc_node is called with nodeid = 16 the VM_BUG_ON
      triggers, like this:
      
        kernel BUG at /home/paulus/kernel/kvm/mm/slab.c:3079!
        Call Trace:
          .____cache_alloc_node+0x5c/0x270 (unreliable)
          .kmem_cache_alloc_node_trace+0xdc/0x360
          .init_list+0x3c/0x128
          .kmem_cache_init+0x1dc/0x258
          .start_kernel+0x2a0/0x568
          start_here_common+0x20/0xa8
      
      To fix this, we instead compare the nodeid with MAX_NUMNODES, and
      additionally make sure it isn't negative (since nodeid is an int).  The
      check is there mainly to protect the array dereference in the get_node()
      call in the next line, and the array being dereferenced is of size
      MAX_NUMNODES.  If the nodeid is in range but invalid (for example if the
      node is off-line), the BUG_ON in the next line will catch that.
      
      Fixes: 14e50c6a ("mm: slab: Verify the nodeid passed to ____cache_alloc_node")
      Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
      Reviewed-by: default avatarYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Reviewed-by: default avatarPekka Enberg <penberg@kernel.org>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7c3fbbdd
    • Michal Simek's avatar
      lib/genalloc.c: export devm_gen_pool_create() for modules · b724aa21
      Michal Simek authored
      Modules can use this function for creating pool.
      Signed-off-by: default avatarMichal Simek <michal.simek@xilinx.com>
      Acked-by: default avatarLad, Prabhakar <prabhakar.csengg@gmail.com>
      Cc: Laura Abbott <lauraa@codeaurora.org>
      Cc: Olof Johansson <olof@lixom.net>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com>
      Cc: Philipp Zabel <p.zabel@pengutronix.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b724aa21
    • Daniel Forrest's avatar
      mm: fix anon_vma_clone() error treatment · c4ea95d7
      Daniel Forrest authored
      Andrew Morton noticed that the error return from anon_vma_clone() was
      being dropped and replaced with -ENOMEM (which is not itself a bug
      because the only error return value from anon_vma_clone() is -ENOMEM).
      
      I did an audit of callers of anon_vma_clone() and discovered an actual
      bug where the error return was being lost.  In __split_vma(), between
      Linux 3.11 and 3.12 the code was changed so the err variable is used
      before the call to anon_vma_clone() and the default initial value of
      -ENOMEM is overwritten.  So a failure of anon_vma_clone() will return
      success since err at this point is now zero.
      
      Below is a patch which fixes this bug and also propagates the error
      return value from anon_vma_clone() in all cases.
      
      Fixes: ef0855d3 ("mm: mempolicy: turn vma_set_policy() into vma_dup_policy()")
      Signed-off-by: default avatarDaniel Forrest <dan.forrest@ssec.wisc.edu>
      Reviewed-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: Konstantin Khlebnikov <koct9i@gmail.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Tim Hartrick <tim@edgecast.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Michel Lespinasse <walken@google.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: <stable@vger.kernel.org>	[3.12+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c4ea95d7
    • Hugh Dickins's avatar
      mm: fix swapoff hang after page migration and fork · 2022b4d1
      Hugh Dickins authored
      I've been seeing swapoff hangs in recent testing: it's cycling around
      trying unsuccessfully to find an mm for some remaining pages of swap.
      
      I have been exercising swap and page migration more heavily recently,
      and now notice a long-standing error in copy_one_pte(): it's trying to
      add dst_mm to swapoff's mmlist when it finds a swap entry, but is doing
      so even when it's a migration entry or an hwpoison entry.
      
      Which wouldn't matter much, except it adds dst_mm next to src_mm,
      assuming src_mm is already on the mmlist: which may not be so.  Then if
      pages are later swapped out from dst_mm, swapoff won't be able to find
      where to replace them.
      
      There's already a !non_swap_entry() test for stats: move that up before
      the swap_duplicate() and the addition to mmlist.
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Kelley Nielsen <kelleynnn@gmail.com>
      Cc: <stable@vger.kernel.org>	[2.6.18+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2022b4d1
    • Al Viro's avatar
      fat: fix oops on corrupted vfat fs · 1ead0e79
      Al Viro authored
      a) don't bother with ->d_time for positives - we only check it for
         negatives anyway.
      
      b) make sure to set it at unlink and rmdir time - at *that* point
         soon-to-be negative dentry matches then-current directory contents
      
      c) don't go into renaming of old alias in vfat_lookup() unless it
         has the same parent (which it will, unless we are seeing corrupted
         image)
      
      [hirofumi@mail.parknet.co.jp: make change minimum, don't call d_move() for dir]
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarOGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
      Cc: <stable@vger.kernel.org>	[3.17.x]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1ead0e79
    • Manfred Spraul's avatar
      ipc/sem.c: fully initialize sem_array before making it visible · e8577d1f
      Manfred Spraul authored
      ipc_addid() makes a new ipc identifier visible to everyone.  New objects
      start as locked, so that the caller can complete the initialization
      after the call.  Within struct sem_array, at least sma->sem_base and
      sma->sem_nsems are accessed without any locks, therefore this approach
      doesn't work.
      
      Thus: Move the ipc_addid() to the end of the initialization.
      Signed-off-by: default avatarManfred Spraul <manfred@colorfullife.com>
      Reported-by: default avatarRik van Riel <riel@redhat.com>
      Acked-by: default avatarRik van Riel <riel@redhat.com>
      Acked-by: default avatarDavidlohr Bueso <dave@stgolabs.net>
      Acked-by: default avatarRafael Aquini <aquini@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e8577d1f