1. 16 Aug, 2013 3 commits
    • Linus Torvalds's avatar
      Merge tag 'usb-3.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 89cb9ae2
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small USB fixes for 3.11-rc6 that have accumulated.
      
        Nothing huge, a EHCI fix that solves a much-reported audio USB
        problem, some usb-serial driver endian fixes and other minor fixes, a
        wireless USB oops fix, and two new quirks"
      
      * tag 'usb-3.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: keyspan: fix null-deref at disconnect and release
        USB: mos7720: fix broken control requests
        usb: add two quirky touchscreen
        USB: ti_usb_3410_5052: fix big-endian firmware handling
        USB: adutux: fix big-endian device-type reporting
        USB: usbtmc: fix big-endian probe of Rigol devices
        USB: mos7840: fix big-endian probe
        USB-Serial: Fix error handling of usb_wwan
        wusbcore: fix kernel panic when disconnecting a wireless USB->serial device
        USB: EHCI: accept very late isochronous URBs
      89cb9ae2
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · ddea368c
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix SKB leak in 8139cp, from Dave Jones.
      
       2) Fix use of *_PAGES interfaces with mlx5 firmware, from Moshe Lazar.
      
       3) RCU conversion of macvtap introduced two races, fixes by Eric
          Dumazet
      
       4) Synchronize statistic flows in bnx2x driver to prevent corruption,
          from Dmitry Kravkov
      
       5) Undo optimization in IP tunneling, we were using the inner IP header
          in some cases to inherit the IP ID, but that isn't correct in some
          circumstances.  From Pravin B Shelar
      
       6) Use correct struct size when parsing netlink attributes in
          rtnl_bridge_getlink().  From Asbjoern Sloth Toennesen
      
       7) Length verifications in tun_get_user() are bogus, from Weiping Pan
          and Dan Carpenter
      
       8) Fix bad merge resolution during 3.11 networking development in
          openvswitch, albeit a harmless one which added some unreachable
          code.  From Jesse Gross
      
       9) Wrong size used in flexible array allocation in openvswitch, from
          Pravin B Shelar
      
      10) Clear out firmware capability flags the be2net driver isn't ready to
          handle yet, from Sarveshwar Bandi
      
      11) Revert DMA mapping error checking addition to cxgb3 driver, it's
          buggy.  From Alexey Kardashevskiy
      
      12) Fix regression in packet scheduler rate limiting when working with a
          link layer of ATM.  From Jesper Dangaard Brouer
      
      13) Fix several errors in TCP Cubic congestion control, in particular
          overflow errors in timestamp calculations.  From Eric Dumazet and
          Van Jacobson
      
      14) In ipv6 routing lookups, we need to backtrack if subtree traversal
          don't result in a match.  From Hannes Frederic Sowa
      
      15) ipgre_header() returns incorrect packet offset.  Fix from Timo Teräs
      
      16) Get "low latency" out of the new MIB counter names.  From Eliezer
          Tamir
      
      17) State check in ndo_dflt_fdb_del() is inverted, from Sridhar
          Samudrala
      
      18) Handle TCP Fast Open properly in netfilter conntrack, from Yuchung
          Cheng
      
      19) Wrong memcpy length in pcan_usb driver, from Stephane Grosjean
      
      20) Fix dealock in TIPC, from Wang Weidong and Ding Tianhong
      
      21) call_rcu() call to destroy SCTP transport is done too early and
          might result in an oops.  From Daniel Borkmann
      
      22) Fix races in genetlink family dumps, from Johannes Berg
      
      23) Flags passed into macvlan by the user need to be validated properly,
          from Michael S Tsirkin
      
      24) Fix skge build on 32-bit, from Stephen Hemminger
      
      25) Handle malformed TCP headers properly in xt_TCPMSS, from Pablo Neira
          Ayuso
      
      26) Fix handling of stacked vlans in vlan_dev_real_dev(), from Nikolay
          Aleksandrov
      
      27) Eliminate MTU calculation overflows in esp{4,6}, from Daniel
          Borkmann
      
      28) neigh_parms need to be setup before calling the ->ndo_neigh_setup()
          method.  From Veaceslav Falico
      
      29) Kill out-of-bounds prefetch in fib_trie, from Eric Dumazet
      
      30) Don't dereference MLD query message if the length isn't value in the
          bridge multicast code, from Linus Lüssing
      
      31) Fix VXLAN IGMP join regression due to an inverted check, from Cong
          Wang
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (70 commits)
        net/mlx5_core: Support MANAGE_PAGES and QUERY_PAGES firmware command changes
        tun: signedness bug in tun_get_user()
        qlcnic: Fix diagnostic interrupt test for 83xx adapters
        qlcnic: Fix beacon state return status handling
        qlcnic: Fix set driver version command
        net: tg3: fix NULL pointer dereference in tg3_io_error_detected and tg3_io_slot_reset
        net_sched: restore "linklayer atm" handling
        drivers/net/ethernet/via/via-velocity.c: update napi implementation
        Revert "cxgb3: Check and handle the dma mapping errors"
        be2net: Clear any capability flags that driver is not interested in.
        openvswitch: Reset tunnel key between input and output.
        openvswitch: Use correct type while allocating flex array.
        openvswitch: Fix bad merge resolution.
        tun: compare with 0 instead of total_len
        rtnetlink: rtnl_bridge_getlink: Call nlmsg_find_attr() with ifinfomsg header
        ethernet/arc/arc_emac - fix NAPI "work > weight" warning
        ip_tunnel: Do not use inner ip-header-id for tunnel ip-header-id.
        bnx2x: prevent crash in shutdown flow with CNIC
        bnx2x: fix PTE write access error
        bnx2x: fix memory leak in VF
        ...
      ddea368c
    • Linus Torvalds's avatar
      Fix TLB gather virtual address range invalidation corner cases · 2b047252
      Linus Torvalds authored
      Ben Tebulin reported:
      
       "Since v3.7.2 on two independent machines a very specific Git
        repository fails in 9/10 cases on git-fsck due to an SHA1/memory
        failures.  This only occurs on a very specific repository and can be
        reproduced stably on two independent laptops.  Git mailing list ran
        out of ideas and for me this looks like some very exotic kernel issue"
      
      and bisected the failure to the backport of commit 53a59fc6 ("mm:
      limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT").
      
      That commit itself is not actually buggy, but what it does is to make it
      much more likely to hit the partial TLB invalidation case, since it
      introduces a new case in tlb_next_batch() that previously only ever
      happened when running out of memory.
      
      The real bug is that the TLB gather virtual memory range setup is subtly
      buggered.  It was introduced in commit 597e1c35 ("mm/mmu_gather:
      enable tlb flush range in generic mmu_gather"), and the range handling
      was already fixed at least once in commit e6c495a9 ("mm: fix the TLB
      range flushed when __tlb_remove_page() runs out of slots"), but that fix
      was not complete.
      
      The problem with the TLB gather virtual address range is that it isn't
      set up by the initial tlb_gather_mmu() initialization (which didn't get
      the TLB range information), but it is set up ad-hoc later by the
      functions that actually flush the TLB.  And so any such case that forgot
      to update the TLB range entries would potentially miss TLB invalidates.
      
      Rather than try to figure out exactly which particular ad-hoc range
      setup was missing (I personally suspect it's the hugetlb case in
      zap_huge_pmd(), which didn't have the same logic as zap_pte_range()
      did), this patch just gets rid of the problem at the source: make the
      TLB range information available to tlb_gather_mmu(), and initialize it
      when initializing all the other tlb gather fields.
      
      This makes the patch larger, but conceptually much simpler.  And the end
      result is much more understandable; even if you want to play games with
      partial ranges when invalidating the TLB contents in chunks, now the
      range information is always there, and anybody who doesn't want to
      bother with it won't introduce subtle bugs.
      
      Ben verified that this fixes his problem.
      Reported-bisected-and-tested-by: default avatarBen Tebulin <tebulin@googlemail.com>
      Build-testing-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Build-testing-by: default avatarRichard Weinberger <richard.weinberger@gmail.com>
      Reviewed-by: default avatarMichal Hocko <mhocko@suse.cz>
      Acked-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2b047252
  2. 15 Aug, 2013 11 commits
  3. 14 Aug, 2013 23 commits
    • Jesse Gross's avatar
      openvswitch: Reset tunnel key between input and output. · 36bf5cc6
      Jesse Gross authored
      It doesn't make sense to output a tunnel packet using the same
      parameters that it was received with since that will generally
      just result in the packet going back to us. As a result, userspace
      assumes that the tunnel key is cleared when transitioning through
      the switch. In the majority of cases this doesn't matter since a
      packet is either going to a tunnel port (in which the key is
      overwritten with new values) or to a non-tunnel port (in which
      case the key is ignored). However, it's theoreticaly possible that
      userspace could rely on the documented behavior, so this corrects
      it.
      Signed-off-by: default avatarJesse Gross <jesse@nicira.com>
      36bf5cc6
    • Pravin B Shelar's avatar
      openvswitch: Use correct type while allocating flex array. · 42415c90
      Pravin B Shelar authored
      Flex array is used to allocate hash buckets which is type struct
      hlist_head, but we use `struct hlist_head *` to calculate
      array size.  Since hlist_head is of size pointer it works fine.
      
      Following patch use correct type.
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      Signed-off-by: default avatarJesse Gross <jesse@nicira.com>
      42415c90
    • Jesse Gross's avatar
      openvswitch: Fix bad merge resolution. · 30444e98
      Jesse Gross authored
      git silently included an extra hunk in vport_cmd_set() during
      automatic merging. This code is unreachable so it does not actually
      introduce a problem but it is clearly incorrect.
      Signed-off-by: default avatarJesse Gross <jesse@nicira.com>
      30444e98
    • Johan Hovold's avatar
      USB: keyspan: fix null-deref at disconnect and release · ff8a43c1
      Johan Hovold authored
      Make sure to fail properly if the device is not accepted during attach
      in order to avoid null-pointer derefs (of missing interface private
      data) at disconnect or release.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohan Hovold <jhovold@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ff8a43c1
    • Johan Hovold's avatar
      USB: mos7720: fix broken control requests · ef6c8c1d
      Johan Hovold authored
      The parallel-port code of the drivers used a stack allocated
      control-request buffer for asynchronous (and possibly deferred) control
      requests. This not only violates the no-DMA-from-stack requirement but
      could also lead to corrupt control requests being submitted.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohan Hovold <jhovold@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ef6c8c1d
    • Oliver Neukum's avatar
      usb: add two quirky touchscreen · 304ab4ab
      Oliver Neukum authored
      These devices tend to become unresponsive after S3
      Signed-off-by: default avatarOliver Neukum <oneukum@suse.de>
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      304ab4ab
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew Morton) · f1d6e17f
      Linus Torvalds authored
      Merge a bunch of fixes from Andrew Morton.
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        fs/proc/task_mmu.c: fix buffer overflow in add_page_map()
        arch: *: Kconfig: add "kernel/Kconfig.freezer" to "arch/*/Kconfig"
        ocfs2: fix null pointer dereference in ocfs2_dir_foreach_blk_id()
        x86 get_unmapped_area(): use proper mmap base for bottom-up direction
        ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page
        ocfs2: Revert 40bd62eb to avoid regression in extended allocation
        drivers/rtc/rtc-stmp3xxx.c: provide timeout for potentially endless loop polling a HW bit
        hugetlb: fix lockdep splat caused by pmd sharing
        aoe: adjust ref of head for compound page tails
        microblaze: fix clone syscall
        mm: save soft-dirty bits on file pages
        mm: save soft-dirty bits on swapped pages
        memcg: don't initialize kmem-cache destroying work for root caches
      f1d6e17f
    • Weiping Pan's avatar
      tun: compare with 0 instead of total_len · d9bf5f13
      Weiping Pan authored
      Since we set "len = total_len" in the beginning of tun_get_user(),
      so we should compare the new len with 0, instead of total_len,
      or the if statement always returns false.
      Signed-off-by: default avatarWeiping Pan <wpan@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d9bf5f13
    • Asbjoern Sloth Toennesen's avatar
      rtnetlink: rtnl_bridge_getlink: Call nlmsg_find_attr() with ifinfomsg header · 3e805ad2
      Asbjoern Sloth Toennesen authored
      Fix the iproute2 command `bridge vlan show`, after switching from
      rtgenmsg to ifinfomsg.
      
      Let's start with a little history:
      
      Feb 20:   Vlad Yasevich got his VLAN-aware bridge patchset included in
                the 3.9 merge window.
                In the kernel commit 6cbdceeb, he added attribute support to
                bridge GETLINK requests sent with rtgenmsg.
      
      Mar 6th:  Vlad got this iproute2 reference implementation of the bridge
                vlan netlink interface accepted (iproute2 9eff0e5c)
      
      Apr 25th: iproute2 switched from using rtgenmsg to ifinfomsg (63338dca)
                http://patchwork.ozlabs.org/patch/239602/
                http://marc.info/?t=136680900700007
      
      Apr 28th: Linus released 3.9
      
      Apr 30th: Stephen released iproute2 3.9.0
      
      The `bridge vlan show` command haven't been working since the switch to
      ifinfomsg, or in a released version of iproute2. Since the kernel side
      only supports rtgenmsg, which iproute2 switched away from just prior to
      the iproute2 3.9.0 release.
      
      I haven't been able to find any documentation, about neither rtgenmsg
      nor ifinfomsg, and in which situation to use which, but kernel commit
      88c5b5ce seams to suggest that ifinfomsg should be used.
      
      Fixing this in kernel will break compatibility, but I doubt that anybody
      have been using it due to this bug in the user space reference
      implementation, at least not without noticing this bug. That said the
      functionality is still fully functional in 3.9, when reversing iproute2
      commit 63338dca.
      
      This could also be fixed in iproute2, but thats an ugly patch that would
      reintroduce rtgenmsg in iproute2, and from searching in netdev it seams
      like rtgenmsg usage is discouraged. I'm assuming that the only reason
      that Vlad implemented the kernel side to use rtgenmsg, was because
      iproute2 was using it at the time.
      Signed-off-by: default avatarAsbjoern Sloth Toennesen <ast@fiberby.net>
      Reviewed-by: default avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3e805ad2
    • yonghua zheng's avatar
      fs/proc/task_mmu.c: fix buffer overflow in add_page_map() · 8c829622
      yonghua zheng authored
      Recently we met quite a lot of random kernel panic issues after enabling
      CONFIG_PROC_PAGE_MONITOR.  After debuggind we found this has something
      to do with following bug in pagemap:
      
      In struct pagemapread:
      
        struct pagemapread {
            int pos, len;
            pagemap_entry_t *buffer;
            bool v2;
        };
      
      pos is number of PM_ENTRY_BYTES in buffer, but len is the size of
      buffer, it is a mistake to compare pos and len in add_page_map() for
      checking buffer is full or not, and this can lead to buffer overflow and
      random kernel panic issue.
      
      Correct len to be total number of PM_ENTRY_BYTES in buffer.
      
      [akpm@linux-foundation.org: document pagemapread.pos and .len units, fix PM_ENTRY_BYTES definition]
      Signed-off-by: default avatarYonghua Zheng <younghua.zheng@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8c829622
    • Chen Gang's avatar
      arch: *: Kconfig: add "kernel/Kconfig.freezer" to "arch/*/Kconfig" · 57a1a197
      Chen Gang authored
      All architectures include "kernel/Kconfig.freezer" except three left, so
      let them include it too, or 'allmodconfig' will report error.
      
      The related errors: (with allmodconfig for openrisc):
      
          CC      kernel/cgroup_freezer.o
        kernel/cgroup_freezer.c: In function 'freezer_css_online':
        kernel/cgroup_freezer.c:133:15: error: 'system_freezing_cnt' undeclared (first use in this function)
        kernel/cgroup_freezer.c:133:15: note: each undeclared identifier is reported only once for each function it appears in
        kernel/cgroup_freezer.c: In function 'freezer_css_offline':
        kernel/cgroup_freezer.c:157:15: error: 'system_freezing_cnt' undeclared (first use in this function)
        kernel/cgroup_freezer.c: In function 'freezer_attach':
        kernel/cgroup_freezer.c:200:4: error: implicit declaration of function 'freeze_task'
        kernel/cgroup_freezer.c: In function 'freezer_apply_state':
        kernel/cgroup_freezer.c:371:16: error: 'system_freezing_cnt' undeclared (first use in this function)
      Signed-off-by: default avatarChen Gang <gang.chen@asianux.com>
      Cc: Richard Kuo <rkuo@codeaurora.org>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: Chen Liqin <liqin.chen@sunplusct.com>
      Cc: Lennox Wu <lennox.wu@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      57a1a197
    • Jeff Liu's avatar
      ocfs2: fix null pointer dereference in ocfs2_dir_foreach_blk_id() · d6394b59
      Jeff Liu authored
      Fix a NULL pointer deference while removing an empty directory, which
      was introduced by commit 3704412b ("[readdir] convert ocfs2").
      
        BUG: unable to handle kernel NULL pointer dereference at (null)
        IP: [<(null)>]           (null)
        PGD 6da85067 PUD 6da89067 PMD 0
        Oops: 0010 [#1] SMP
        CPU: 0 PID: 6564 Comm: rmdir Tainted: G           O 3.11.0-rc1 #4
        RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
        Call Trace:
          ocfs2_dir_foreach+0x49/0x50 [ocfs2]
          ocfs2_empty_dir+0x12c/0x3e0 [ocfs2]
          ocfs2_unlink+0x56e/0xc10 [ocfs2]
          vfs_rmdir+0xd5/0x140
          do_rmdir+0x1cb/0x1e0
          SyS_rmdir+0x16/0x20
          system_call_fastpath+0x16/0x1b
        Code:  Bad RIP value.
        RIP  [<          (null)>]           (null)
        RSP <ffff88006daddc10>
        CR2: 0000000000000000
      
      [dan.carpenter@oracle.com: fix pointer math]
      Signed-off-by: default avatarJie Liu <jeff.liu@oracle.com>
      Reported-by: default avatarDavid Weber <wb@munzinger.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d6394b59
    • Radu Caragea's avatar
      x86 get_unmapped_area(): use proper mmap base for bottom-up direction · df54d6fa
      Radu Caragea authored
      When the stack is set to unlimited, the bottomup direction is used for
      mmap-ings but the mmap_base is not used and thus effectively renders
      ASLR for mmapings along with PIE useless.
      
      Cc: Michel Lespinasse <walken@google.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Acked-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Adrian Sendroiu <molecula2788@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      df54d6fa
    • Tiger Yang's avatar
      ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page · c7dd3392
      Tiger Yang authored
      Since ocfs2_cow_file_pos will invoke ocfs2_refcount_icow with a NULL as
      the struct file pointer, it finally result in a null pointer dereference
      in ocfs2_duplicate_clusters_by_page.
      
      This patch replace file pointer with inode pointer in
      cow_duplicate_clusters to fix this issue.
      
      [jeff.liu@oracle.com: rebased patch against linux-next tree]
      Signed-off-by: default avatarTiger Yang <tiger.yang@oracle.com>
      Signed-off-by: default avatarJie Liu <jeff.liu@oracle.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Acked-by: default avatarTao Ma <tm@tao.ma>
      Tested-by: default avatarDavid Weber <wb@munzinger.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c7dd3392
    • Jie Liu's avatar
      ocfs2: Revert 40bd62eb to avoid regression in extended allocation · 6115ea28
      Jie Liu authored
      Revert commit 40bd62eb ("fs/ocfs2/journal.h: add bits_wanted while
      calculating credits in ocfs2_calc_extend_credits").
      
      Unfortunately this change broke fallocate even if there is insufficient
      disk space for the preallocation, which is a serious problem.
      
        # df -h
        /dev/sda8        22G  1.2G   21G   6% /ocfs2
        # fallocate -o 0 -l 200M /ocfs2/testfile
        fallocate: /ocfs2/test: fallocate failed: No space left on device
      
      and a kernel warning:
      
        CPU: 3 PID: 3656 Comm: fallocate Tainted: G        W  O 3.11.0-rc3 #2
        Call Trace:
          dump_stack+0x77/0x9e
          warn_slowpath_common+0xc4/0x110
          warn_slowpath_null+0x2a/0x40
          start_this_handle+0x6c/0x640 [jbd2]
          jbd2__journal_start+0x138/0x300 [jbd2]
          jbd2_journal_start+0x23/0x30 [jbd2]
          ocfs2_start_trans+0x166/0x300 [ocfs2]
          __ocfs2_extend_allocation+0x38f/0xdb0 [ocfs2]
          ocfs2_allocate_unwritten_extents+0x3c9/0x520
          __ocfs2_change_file_space+0x5e0/0xa60 [ocfs2]
          ocfs2_fallocate+0xb1/0xe0 [ocfs2]
          do_fallocate+0x1cb/0x220
          SyS_fallocate+0x6f/0xb0
          system_call_fastpath+0x16/0x1b
        JBD2: fallocate wants too many credits (51216 > 4381)
      Signed-off-by: default avatarJie Liu <jeff.liu@oracle.com>
      Cc: Goldwyn Rodrigues <rgoldwyn@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6115ea28
    • Lothar Waßmann's avatar
      drivers/rtc/rtc-stmp3xxx.c: provide timeout for potentially endless loop polling a HW bit · 28a0c883
      Lothar Waßmann authored
      It's always a bad idea to poll on HW bits without a timeout.
      
      The i.MX28 RTC can be easily brought into a state in which the RTC is
      not running (until after a power-on-reset) and thus the status bits
      which are polled in the driver won't ever change.
      
      This patch prevents the kernel from getting stuck in this case.
      Signed-off-by: default avatarLothar Waßmann <LW@KARO-electronics.de>
      Acked-by: default avatarWolfram Sang <wsa@the-dreams.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      28a0c883
    • Michal Hocko's avatar
      hugetlb: fix lockdep splat caused by pmd sharing · b610ded7
      Michal Hocko authored
      Dave has reported the following lockdep splat:
      
        =================================
        [ INFO: inconsistent lock state ]
        3.11.0-rc1+ #9 Not tainted
        ---------------------------------
        inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage.
        kswapd0/49 [HC0[0]:SC0[0]:HE1:SE1] takes:
         (&mapping->i_mmap_mutex){+.+.?.}, at: [<c114971b>] page_referenced+0x87/0x5e3
        {RECLAIM_FS-ON-W} state was registered at:
           mark_held_locks+0x81/0xe7
           lockdep_trace_alloc+0x5e/0xbc
           __alloc_pages_nodemask+0x8b/0x9b6
           __get_free_pages+0x20/0x31
           get_zeroed_page+0x12/0x14
           __pmd_alloc+0x1c/0x6b
           huge_pmd_share+0x265/0x283
           huge_pte_alloc+0x5d/0x71
           hugetlb_fault+0x7c/0x64a
           handle_mm_fault+0x255/0x299
           __do_page_fault+0x142/0x55c
           do_page_fault+0xd/0x16
           error_code+0x6c/0x74
        irq event stamp: 3136917
        hardirqs last  enabled at (3136917):  _raw_spin_unlock_irq+0x27/0x50
        hardirqs last disabled at (3136916):  _raw_spin_lock_irq+0x15/0x78
        softirqs last  enabled at (3136180):  __do_softirq+0x137/0x30f
        softirqs last disabled at (3136175):  irq_exit+0xa8/0xaa
        other info that might help us debug this:
         Possible unsafe locking scenario:
               CPU0
               ----
          lock(&mapping->i_mmap_mutex);
          <Interrupt>
            lock(&mapping->i_mmap_mutex);
      
        *** DEADLOCK ***
        no locks held by kswapd0/49.
      
        stack backtrace:
        CPU: 1 PID: 49 Comm: kswapd0 Not tainted 3.11.0-rc1+ #9
        Hardware name: Dell Inc.                 Precision WorkStation 490    /0DT031, BIOS A08 04/25/2008
        Call Trace:
          dump_stack+0x4b/0x79
          print_usage_bug+0x1d9/0x1e3
          mark_lock+0x1e0/0x261
          __lock_acquire+0x623/0x17f2
          lock_acquire+0x7d/0x195
          mutex_lock_nested+0x6c/0x3a7
          page_referenced+0x87/0x5e3
          shrink_page_list+0x3d9/0x947
          shrink_inactive_list+0x155/0x4cb
          shrink_lruvec+0x300/0x5ce
          shrink_zone+0x53/0x14e
          kswapd+0x517/0xa75
          kthread+0xa8/0xaa
          ret_from_kernel_thread+0x1b/0x28
      
      which is a false positive caused by hugetlb pmd sharing code which
      allocates a new pmd from withing mapping->i_mmap_mutex.  If this
      allocation causes reclaim then the lockdep detector complains that we
      might self-deadlock.
      
      This is not correct though, because hugetlb pages are not reclaimable so
      their mapping will be never touched from the reclaim path.
      
      The patch tells lockup detector that hugetlb i_mmap_mutex is special by
      assigning it a separate lockdep class so it won't report possible
      deadlocks on unrelated mappings.
      
      [peterz@infradead.org: comment for annotation]
      Reported-by: default avatarDave Jones <davej@redhat.com>
      Signed-off-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Reviewed-by: default avatarMinchan Kim <minchan@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b610ded7
    • Ed Cashin's avatar
      aoe: adjust ref of head for compound page tails · fb32975d
      Ed Cashin authored
      Fix a BUG which can trigger when direct-IO is used with AOE.
      
      As discussed previously, the fact that some users of the block layer
      provide bios that point to pages with a zero _count means that it is not
      OK for the network layer to do a put_page on the skb frags during an
      skb_linearize, so the aoe driver gets a reference to pages in bios and
      puts the reference before ending the bio.  And because it cannot use
      get_page on a page with a zero _count, it manipulates the value
      directly.
      
      It is not OK to increment the _count of a compound page tail, though,
      since the VM layer will VM_BUG_ON a non-zero _count.  Block users that
      do direct I/O can result in the aoe driver seeing compound page tails in
      bios.  In that case, the same logic works as long as the head of the
      compound page is used instead of the tails.  This patch handles compound
      pages and does not BUG.
      
      It relies on the block layer user leaving the relationship between the
      page tail and its head alone for the duration between the submission of
      the bio and its completion, whether successful or not.
      Signed-off-by: default avatarEd Cashin <ecashin@coraid.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fb32975d
    • Michal Simek's avatar
      microblaze: fix clone syscall · dfa9771a
      Michal Simek authored
      Fix inadvertent breakage in the clone syscall ABI for Microblaze that
      was introduced in commit f3268edb ("microblaze: switch to generic
      fork/vfork/clone").
      
      The Microblaze syscall ABI for clone takes the parent tid address in the
      4th argument; the third argument slot is used for the stack size.  The
      incorrectly-used CLONE_BACKWARDS type assigned parent tid to the 3rd
      slot.
      
      This commit restores the original ABI so that existing userspace libc
      code will work correctly.
      
      All kernel versions from v3.8-rc1 were affected.
      Signed-off-by: default avatarMichal Simek <michal.simek@xilinx.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dfa9771a
    • Cyrill Gorcunov's avatar
      mm: save soft-dirty bits on file pages · 41bb3476
      Cyrill Gorcunov authored
      Andy reported that if file page get reclaimed we lose the soft-dirty bit
      if it was there, so save _PAGE_BIT_SOFT_DIRTY bit when page address get
      encoded into pte entry.  Thus when #pf happens on such non-present pte
      we can restore it back.
      Reported-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarCyrill Gorcunov <gorcunov@openvz.org>
      Acked-by: default avatarPavel Emelyanov <xemul@parallels.com>
      Cc: Matt Mackall <mpm@selenic.com>
      Cc: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Wanpeng Li <liwanp@linux.vnet.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      41bb3476
    • Cyrill Gorcunov's avatar
      mm: save soft-dirty bits on swapped pages · 179ef71c
      Cyrill Gorcunov authored
      Andy Lutomirski reported that if a page with _PAGE_SOFT_DIRTY bit set
      get swapped out, the bit is getting lost and no longer available when
      pte read back.
      
      To resolve this we introduce _PTE_SWP_SOFT_DIRTY bit which is saved in
      pte entry for the page being swapped out.  When such page is to be read
      back from a swap cache we check for bit presence and if it's there we
      clear it and restore the former _PAGE_SOFT_DIRTY bit back.
      
      One of the problem was to find a place in pte entry where we can save
      the _PTE_SWP_SOFT_DIRTY bit while page is in swap.  The _PAGE_PSE was
      chosen for that, it doesn't intersect with swap entry format stored in
      pte.
      Reported-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarCyrill Gorcunov <gorcunov@openvz.org>
      Acked-by: default avatarPavel Emelyanov <xemul@parallels.com>
      Cc: Matt Mackall <mpm@selenic.com>
      Cc: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
      Reviewed-by: default avatarMinchan Kim <minchan@kernel.org>
      Reviewed-by: default avatarWanpeng Li <liwanp@linux.vnet.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      179ef71c
    • Andrey Vagin's avatar
      memcg: don't initialize kmem-cache destroying work for root caches · 3e6b11df
      Andrey Vagin authored
      struct memcg_cache_params has a union.  Different parts of this union
      are used for root and non-root caches.  A part with destroying work is
      used only for non-root caches.
      
      I fixed the same problem in another place v3.9-rc1-16204-gf101a946, but
      didn't notice this one.
      
      This patch fixes the kernel panic:
      
      [   46.848187] BUG: unable to handle kernel paging request at 000000fffffffeb8
      [   46.849026] IP: [<ffffffff811a484c>] kmem_cache_destroy_memcg_children+0x6c/0xc0
      [   46.849092] PGD 0
      [   46.849092] Oops: 0000 [#1] SMP
      ...
      Signed-off-by: default avatarAndrey Vagin <avagin@openvz.org>
      Cc: Glauber Costa <glommer@openvz.org>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Acked-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: Balbir Singh <bsingharora@gmail.com>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Konstantin Khlebnikov <khlebnikov@openvz.org>
      Cc: <stable@vger.kernel.org>    [3.9.x]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3e6b11df
    • Alexey Brodkin's avatar
      ethernet/arc/arc_emac - fix NAPI "work > weight" warning · 9cff866e
      Alexey Brodkin authored
      Initially I improperly set a boundary for maximum number of input
      packets to process on NAPI poll ("work") so it might be more than
      expected amount ("weight").
      
      This was really harmless but seeing WARN_ON_ONCE on every device boot is
      not nice. So trivial fix ("<" instead of "<=") is here.
      Signed-off-by: default avatarAlexey Brodkin <abrodkin@synopsys.com>
      
      Cc: Vineet Gupta <vgupta@synopsys.com>
      Cc: Mischa Jonker <mjonker@synopsys.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Grant Likely <grant.likely@linaro.org>
      Cc: Rob Herring <rob.herring@calxeda.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9cff866e
  4. 13 Aug, 2013 3 commits