Fabio Estevam [Mon, 27 May 2013 15:28:25 +0000 (12:28 -0300)]
clk: mxs: Include clk mxs header file
Fix the following sparse warnings:
drivers/clk/mxs/clk-imx28.c:72:5: warning: symbol 'mxs_saif_clkmux_select' was not declared. Should it be static?
drivers/clk/mxs/clk-imx28.c:156:12: warning: symbol 'mx28_clocks_init' was not declared. Should it be static?
Kees Cook [Thu, 23 May 2013 17:32:17 +0000 (10:32 -0700)]
iscsi-target: fix heap buffer overflow on error
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the
error response packet, generated by iscsi_add_notunderstood_response(),
would still attempt to copy the entire key into the packet, overflowing
the structure on the heap.
Remote preauthentication kernel memory corruption was possible if a
target was configured and listening on the network.
CVE-2013-2850
Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Linus Torvalds [Fri, 31 May 2013 00:48:56 +0000 (09:48 +0900)]
Merge branch 'for-3.10' of git://linux-nfs.org/~bfields/linux
Pull nfsd fixes from Bruce Fields:
"A couple minor fixes for the (new to 3.10) gss-proxy code.
And one regression from user-namespace changes. (XBMC clients were
doing something admittedly weird--sending -1 gid's--but something that
we used to allow.)"
* 'for-3.10' of git://linux-nfs.org/~bfields/linux:
svcrpc: fix failures to handle -1 uid's and gid's
svcrpc: implement O_NONBLOCK behavior for use-gss-proxy
svcauth_gss: fix error code in use_gss_proxy()
target/file: Fix off-by-one READ_CAPACITY bug for !S_ISBLK export
This patch fixes a bug where FILEIO was incorrectly reporting the number
of logical blocks (+ 1) when using non struct block_device export mode.
It changes fd_get_blocks() to follow all other backend ->get_blocks() cases,
and reduces the calculated dev_size by one dev->dev_attrib.block_size
number of bytes, and also fixes initial fd_block_size assignment at
fd_configure_device() time introduced in commit 0fd97ccf4.
Linus Torvalds [Fri, 31 May 2013 00:44:10 +0000 (09:44 +0900)]
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Peter Anvin:
- Three EFI-related fixes
- Two early memory initialization fixes
- build fix for older binutils
- fix for an eager FPU performance regression -- currently we don't
allow the use of the FPU at interrupt time *at all* in eager mode,
which is clearly wrong.
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86: Allow FPU to be used at interrupt time even with eagerfpu
x86, crc32-pclmul: Fix build with older binutils
x86-64, init: Fix a possible wraparound bug in switchover in head_64.S
x86, range: fix missing merge during add range
x86, efi: initial the local variable of DataSize to zero
efivar: fix oops in efivar_update_sysfs_entries() caused by memory reuse
efivarfs: Never return ENOENT from firmware again
Pekka Riikonen [Mon, 13 May 2013 12:32:07 +0000 (14:32 +0200)]
x86: Allow FPU to be used at interrupt time even with eagerfpu
With the addition of eagerfpu the irq_fpu_usable() now returns false
negatives especially in the case of ksoftirqd and interrupted idle task,
two common cases for FPU use for example in networking/crypto. With
eagerfpu=off FPU use is possible in those contexts. This is because of
the eagerfpu check in interrupted_kernel_fpu_idle():
...
* For now, with eagerfpu we will return interrupted kernel FPU
* state as not-idle. TBD: Ideally we can change the return value
* to something like __thread_has_fpu(current). But we need to
* be careful of doing __thread_clear_has_fpu() before saving
* the FPU etc for supporting nested uses etc. For now, take
* the simple route!
...
if (use_eager_fpu())
return 0;
As eagerfpu is automatically "on" on those CPUs that also have the
features like AES-NI this patch changes the eagerfpu check to return 1 in
case the kernel_fpu_begin() has not been said yet. Once it has been the
__thread_has_fpu() will start returning 0.
Notice that with eagerfpu the __thread_has_fpu is always true initially.
FPU use is thus always possible no matter what task is under us, unless
the state has already been saved with kernel_fpu_begin().
[ hpa: this is a performance regression, not a correctness regression,
but since it can be quite serious on CPUs which need encryption at
interrupt time I am marking this for urgent/stable. ]
Jan Beulich [Wed, 29 May 2013 12:43:54 +0000 (13:43 +0100)]
x86, crc32-pclmul: Fix build with older binutils
binutils prior to 2.18 (e.g. the ones found on SLE10) don't support
assembling PEXTRD, so a macro based approach like the one for PCLMULQDQ
in the same file should be used.
This requires making the helper macros capable of recognizing 32-bit
general purpose register operands.
[ hpa: tagging for stable as it is a low risk build fix ]
Signed-off-by: Jan Beulich <jbeulich@suse.com> Link: http://lkml.kernel.org/r/51A6142A02000078000D99D8@nat28.tlf.novell.com Cc: Alexander Boyko <alexander_boyko@xyratex.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Huang Ying <ying.huang@intel.com> Cc: <stable@vger.kernel.org> v3.9 Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Dave Chinner [Tue, 21 May 2013 08:02:08 +0000 (18:02 +1000)]
xfs: rework remote attr CRCs
Note: this changes the on-disk remote attribute format. I assert
that this is OK to do as CRCs are marked experimental and the first
kernel it is included in has not yet reached release yet. Further,
the userspace utilities are still evolving and so anyone using this
stuff right now is a developer or tester using volatile filesystems
for testing this feature. Hence changing the format right now to
save longer term pain is the right thing to do.
The fundamental change is to move from a header per extent in the
attribute to a header per filesytem block in the attribute. This
means there are more header blocks and the parsing of the attribute
data is slightly more complex, but it has the advantage that we
always know the size of the attribute on disk based on the length of
the data it contains.
This is where the header-per-extent method has problems. We don't
know the size of the attribute on disk without first knowing how
many extents are used to hold it. And we can't tell from a
mapping lookup, either, because remote attributes can be allocated
contiguously with other attribute blocks and so there is no obvious
way of determining the actual size of the atribute on disk short of
walking and mapping buffers.
The problem with this approach is that if we map a buffer
incorrectly (e.g. we make the last buffer for the attribute data too
long), we then get buffer cache lookup failure when we map it
correctly. i.e. we get a size mismatch on lookup. This is not
necessarily fatal, but it's a cache coherency problem that can lead
to returning the wrong data to userspace or writing the wrong data
to disk. And debug kernels will assert fail if this occurs.
I found lots of niggly little problems trying to fix this issue on a
4k block size filesystem, finally getting it to pass with lots of
fixes. The thing is, 1024 byte filesystems still failed, and it was
getting really complex handling all the corner cases that were
showing up. And there were clearly more that I hadn't found yet.
It is complex, fragile code, and if we don't fix it now, it will be
complex, fragile code forever more.
Hence the simple fix is to add a header to each filesystem block.
This gives us the same relationship between the attribute data
length and the number of blocks on disk as we have without CRCs -
it's a linear mapping and doesn't require us to guess anything. It
is simple to implement, too - the remote block count calculated at
lookup time can be used by the remote attribute set/get/remove code
without modification for both CRC and non-CRC filesystems. The world
becomes sane again.
Because the copy-in and copy-out now need to iterate over each
filesystem block, I moved them into helper functions so we separate
the block mapping and buffer manupulations from the attribute data
and CRC header manipulations. The code becomes much clearer as a
result, and it is a lot easier to understand and debug. It also
appears to be much more robust - once it worked on 4k block size
filesystems, it has worked without failure on 1k block size
filesystems, too.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit ad1858d77771172e08016890f0eb2faedec3ecee)
Dave Chinner [Tue, 21 May 2013 08:02:06 +0000 (18:02 +1000)]
xfs: fully initialise temp leaf in xfs_attr3_leaf_compact
xfs_attr3_leaf_compact() uses a temporary buffer for compacting the
the entries in a leaf. It copies the the original buffer into the
temporary buffer, then zeros the original buffer completely. It then
copies the entries back into the original buffer. However, the
original buffer has not been correctly initialised, and so the
movement of the entries goes horribly wrong.
Make sure the zeroed destination buffer is fully initialised, and
once we've set up the destination incore header appropriately, write
is back to the buffer before starting to move entries around.
While debugging this, the _d/_s prefixes weren't sufficient to
remind me what buffer was what, so rename then all _src/_dst.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit d4c712bcf26a25c2b67c90e44e0b74c7993b5334)
Dave Chinner [Tue, 21 May 2013 08:02:05 +0000 (18:02 +1000)]
xfs: fully initialise temp leaf in xfs_attr3_leaf_unbalance
xfs_attr3_leaf_unbalance() uses a temporary buffer for recombining
the entries in two leaves when the destination leaf requires
compaction. The temporary buffer ends up being copied back over the
original destination buffer, so the header in the temporary buffer
needs to contain all the information that is in the destination
buffer.
To make sure the temporary buffer is fully initialised, once we've
set up the temporary incore header appropriately, write is back to
the temporary buffer before starting to move entries around.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 8517de2a81da830f5d90da66b4799f4040c76dc9)
Dave Chinner [Tue, 21 May 2013 08:02:04 +0000 (18:02 +1000)]
xfs: correctly map remote attr buffers during removal
If we don't map the buffers correctly (same as for get/set
operations) then the incore buffer lookup will fail. If a block
number matches but a length is wrong, then debug kernels will ASSERT
fail in _xfs_buf_find() due to the length mismatch. Ensure that we
map the buffers correctly by basing the length of the buffer on the
attribute data length rather than the remote block count.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 6863ef8449f1908c19f43db572e4474f24a1e9da)
Dave Chinner [Tue, 21 May 2013 08:02:03 +0000 (18:02 +1000)]
xfs: remote attribute tail zeroing does too much
When an attribute data does not fill then entire remote block, we
zero the remaining part of the buffer. This, however, needs to take
into account that the buffer has a header, and so the offset where
zeroing starts and the length of zeroing need to take this into
account. Otherwise we end up with zeros over the end of the
attribute value when CRCs are enabled.
While there, make sure we only ask to map an extent that covers the
remaining range of the attribute, rather than asking every time for
the full length of remote data. If the remote attribute blocks are
contiguous with other parts of the attribute tree, it will map those
blocks as well and we can potentially zero them incorrectly. We can
also get buffer size mistmatches when trying to read or remove the
remote attribute, and this can lead to not finding the correct
buffer when looking it up in cache.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 4af3644c9a53eb2f1ecf69cc53576561b64be4c6)
Dave Chinner [Tue, 21 May 2013 08:02:02 +0000 (18:02 +1000)]
xfs: remote attribute read too short
Reading a maximally size remote attribute fails when CRCs are
enabled with this verification error:
XFS (vdb): remote attribute header does not match required off/len/owner)
There are two reasons for this, the first being that the
length of the buffer being read is determined from the
args->rmtblkcnt which doesn't take into account CRC headers. Hence
the mapped length ends up being too short and so we need to
calculate it directly from the value length.
The second is that the byte count of valid data within a buffer is
capped by the length of the data and so doesn't take into account
that the buffer might be longer due to headers. Hence we need to
calculate the data space in the buffer first before calculating the
actual byte count of data.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 913e96bc292e1bb248854686c79d6545ef3ee720)
Dave Chinner [Tue, 21 May 2013 08:02:01 +0000 (18:02 +1000)]
xfs: remote attribute allocation may be contiguous
When CRCs are enabled, there may be multiple allocations made if the
headers cause a length overflow. This, however, does not mean that
the number of headers required increases, as the second and
subsequent extents may be contiguous with the previous extent. Hence
when we map the extents to write the attribute data, we may end up
with less extents than allocations made. Hence the assertion that we
consume the number of headers we calculated in the allocation loop
is incorrect and needs to be removed.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 90253cf142469a40f89f989904abf0a1e500e1a6)
Dave Chinner [Tue, 28 May 2013 08:37:17 +0000 (18:37 +1000)]
xfs: fix dir3 freespace block corruption
When the directory freespace index grows to a second block (2017
4k data blocks in the directory), the initialisation of the second
new block header goes wrong. The write verifier fires a corruption
error indicating that the block number in the header is zero. This
was being tripped by xfs/110.
The problem is that the initialisation of the new block is done just
fine in xfs_dir3_free_get_buf(), but the caller then users a dirv2
structure to zero on-disk header fields that xfs_dir3_free_get_buf()
has already zeroed. These lined up with the block number in the dir
v3 header format.
While looking at this, I noticed that the struct xfs_dir3_free_hdr()
had 4 bytes of padding in it that wasn't defined as padding or being
zeroed by the initialisation. Add a pad field declaration and fully
zero the on disk and in-core headers in xfs_dir3_free_get_buf() so
that this is never an issue in the future. Note that this doesn't
change the on-disk layout, just makes the 32 bits of padding in the
layout explicit.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 5ae6e6a401957698f2bd8c9f4a86d86d02199fea)
Dave Chinner [Mon, 27 May 2013 06:38:24 +0000 (16:38 +1000)]
xfs: disable swap extents ioctl on CRC enabled filesystems
Currently, swapping extents from one inode to another is a simple
act of switching data and attribute forks from one inode to another.
This, unfortunately in no longer so simple with CRC enabled
filesystems as there is owner information embedded into the BMBT
blocks that are swapped between inodes. Hence swapping the forks
between inodes results in the inodes having mapping blocks that
point to the wrong owner and hence are considered corrupt.
To fix this we need an extent tree block or record based swap
algorithm so that the BMBT block owner information can be updated
atomically in the swap transaction. This is a significant piece of
new work, so for the moment simply don't allow swap extent
operations to succeed on CRC enabled filesystems.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 02f75405a75eadfb072609f6bf839e027de6a29a)
Dave Chinner [Mon, 27 May 2013 06:38:26 +0000 (16:38 +1000)]
xfs: add fsgeom flag for v5 superblock support.
Currently userspace has no way of determining that a filesystem is
CRC enabled. Add a flag to the XFS_IOC_FSGEOMETRY ioctl output to
indicate that the filesystem has v5 superblock support enabled.
This will allow xfs_info to correctly report the state of the
filesystem.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 74137fff067961c9aca1e14d073805c3de8549bd)
Dave Chinner [Mon, 27 May 2013 06:38:20 +0000 (16:38 +1000)]
xfs: fix incorrect remote symlink block count
When CRCs are enabled, the number of blocks needed to hold a remote
symlink on a 1k block size filesystem may be 2 instead of 1. The
transaction reservation for the allocated blocks was not taking this
into account and only allocating one block. Hence when trying to
read or invalidate such symlinks, we are mapping a hole where there
should be a block and things go bad at that point.
Fix the reservation to use the correct block count, clean up the
block count calculation similar to the remote attribute calculation,
and add a debug guard to detect when we don't write the entire
symlink to disk.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 321a95839e65db3759a07a3655184b0283af90fe)
That problem occurred when a contiguous dirty region of a buffer was
split across across two pages of an unmapped buffer. It's been a
long time since that has been done in XFS, and the changes to log
the entire inode buffers for CRC enabled filesystems has
re-introduced that corner case.
And, of course, it turns out that the above commit didn't actually
fix anything - it just ensured that log recovery is guaranteed to
fail when this situation occurs. And now for the gory details.
xfstest xfs/085 is failing with this assert:
XFS (vdb): bad number of regions (0) in inode log format
XFS: Assertion failed: 0, file: fs/xfs/xfs_log_recover.c, line: 1583
Largely undocumented factoid #1: Log recovery depends on all log
buffer format items starting with this format:
As recoery uses the size field and assumptions about 32 bit
alignment in decoding format items. So don't pay much attention to
the fact log recovery thinks that it decoding an inode log format
item - it just uses them to determine what the size of the item is.
But why would it see a log format item with a zero size? Well,
luckily enough xfs_logprint uses the same code and gives the same
error, so with a bit of gdb magic, it turns out that it isn't a log
format that is being decoded. What logprint tells us is this:
Oper (130): tid: a0375e1a len: 28 clientid: TRANS flags: none
BUF: #regs: 2 start blkno: 144 (0x90) len: 16 bmap size: 2 flags: 0x4000
Oper (131): tid: a0375e1a len: 4096 clientid: TRANS flags: none
BUF DATA
----------------------------------------------------------------------------
Oper (132): tid: a0375e1a len: 4096 clientid: TRANS flags: none
xfs_logprint: unknown log operation type (4e49)
**********************************************************************
* ERROR: data block=2 *
**********************************************************************
That we've got a buffer format item (oper 130) that has two regions;
the format item itself and one dirty region. The subsequent region
after the buffer format item and it's data is them what we are
tripping over, and the first bytes of it at an inode magic number.
Not a log opheader like there is supposed to be.
That means there's a problem with the buffer format item. It's dirty
data region is 4096 bytes, and it contains - you guessed it -
initialised inodes. But inode buffers are 8k, not 4k, and we log
them in their entirety. So something is wrong here. The buffer
format item contains:
Two regions, and a signle dirty contiguous region of 64 bits. 64 *
128 = 8k, so this should be followed by a single 8k region of data.
And the blf_flags tell us that the type of buffer is a
XFS_BLFT_DINO_BUF. It contains inodes. And because it doesn't have
the XFS_BLF_INODE_BUF flag set, that means it's an inode allocation
buffer. So, it should be followed by 8k of inode data.
and so be32_to_cpu(oh_len) = 0x1000 = 4096 bytes. It's simply not
long enough to hold all the logged data. There must be another
region. There is - there's a following opheader for another 4k of
data that contains the other half of the inode cluster data - the
one we assert fail on because it's not a log format header.
So why is the second part of the data not being accounted to the
correct buffer log format structure? It took a little more work with
gdb to work out that the buffer log format structure was both
expecting it to be there but hadn't accounted for it. It was at that
point I went to the kernel code, as clearly this wasn't a bug in
xfs_logprint and the kernel was writing bad stuff to the log.
First port of call was the buffer item formatting code, and the
discontiguous memory/contiguous dirty region handling code
immediately stood out. I've wondered for a long time why the code
had this comment in it:
vecp->i_addr = xfs_buf_offset(bp, buffer_offset);
vecp->i_len = nbits * XFS_BLF_CHUNK;
vecp->i_type = XLOG_REG_TYPE_BCHUNK;
/*
* You would think we need to bump the nvecs here too, but we do not
* this number is used by recovery, and it gets confused by the boundary
* split here
* nvecs++;
*/
vecp++;
And it didn't account for the extra vector pointer. The case being
handled here is that a contiguous dirty region lies across a
boundary that cannot be memcpy()d across, and so has to be split
into two separate operations for xlog_write() to perform.
What this code assumes is that what is written to the log is two
consecutive blocks of data that are accounted in the buf log format
item as the same contiguous dirty region and so will get decoded as
such by the log recovery code.
The thing is, xlog_write() knows nothing about this, and so just
does it's normal thing of adding an opheader for each vector. That
means the 8k region gets written to the log as two separate regions
of 4k each, but because nvecs has not been incremented, the buf log
format item accounts for only one of them.
Hence when we come to log recovery, we process the first 4k region
and then expect to come across a new item that starts with a log
format structure of some kind that tells us whenteh next data is
going to be. Instead, we hit raw buffer data and things go bad real
quick.
So, the commit from 2002 that commented out nvecs++ is just plain
wrong. It breaks log recovery completely, and it would seem the only
reason this hasn't been since then is that we don't log large
contigous regions of multi-page unmapped buffers very often. Never
would be a closer estimate, at least until the CRC code came along....
So, lets fix that by restoring the nvecs accounting for the extra
region when we hit this case.....
.... and there's the problemin log recovery it is apparently working
around:
XFS: Assertion failed: i == item->ri_total, file: fs/xfs/xfs_log_recover.c, line: 2135
Yup, xlog_recover_do_reg_buffer() doesn't handle contigous dirty
regions being broken up into multiple regions by the log formatting
code. That's an easy fix, though - if the number of contiguous dirty
bits exceeds the length of the region being copied out of the log,
only account for the number of dirty bits that region covers, and
then loop again and copy more from the next region. It's a 2 line
fix.
Now xfstests xfs/085 passes, we have one less piece of mystery
code, and one more important piece of knowledge about how to
structure new log format items..
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Mark Tinguely <tinguely@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 709da6a61aaf12181a8eea8443919ae5fc1b731d)
Dave Chinner [Mon, 27 May 2013 06:38:25 +0000 (16:38 +1000)]
xfs: kill suid/sgid through the truncate path.
XFS has failed to kill suid/sgid bits correctly when truncating
files of non-zero size since commit c4ed4243 ("xfs: split
xfs_setattr") introduced in the 3.1 kernel. Fix it.
Fix it.
cc: stable kernel <stable@vger.kernel.org> Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 56c19e89b38618390addfc743d822f99519055c6)
Dave Chinner [Tue, 21 May 2013 08:02:00 +0000 (18:02 +1000)]
xfs: avoid nesting transactions in xfs_qm_scall_setqlim()
Lockdep reports:
=============================================
[ INFO: possible recursive locking detected ]
3.9.0+ #3 Not tainted
---------------------------------------------
setquota/28368 is trying to acquire lock:
(sb_internal){++++.?}, at: [<c11e8846>] xfs_trans_alloc+0x26/0x50
but task is already holding lock:
(sb_internal){++++.?}, at: [<c11e8846>] xfs_trans_alloc+0x26/0x50
from xfs_qm_scall_setqlim()->xfs_dqread() when a dquot needs to be
allocated.
xfs_qm_scall_setqlim() is starting a transaction and then not
passing it into xfs_qm_dqet() and so it starts it's own transaction
when allocating the dquot. Splat!
Fix this by not allocating the dquot in xfs_qm_scall_setqlim()
inside the setqlim transaction. This requires getting the dquot
first (and allocating it if necessary) then dropping and relocking
the dquot before joining it to the setqlim transaction.
Reported-by: Michael L. Semon <mlsemon35@gmail.com> Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit f648167f3ac79018c210112508c732ea9bf67c7b)
Linus Torvalds [Thu, 30 May 2013 21:01:18 +0000 (06:01 +0900)]
Merge tag 'stable/for-linus-3.10-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
Pull Xen fixes from Konrad Rzeszutek Wilk:
- Use proper error paths
- Clean up APIC IPI usage (incorrect arguments)
- Delay XenBus frontend resume is backend (xenstored) is not running
- Fix build error with various combinations of CONFIG_
* tag 'stable/for-linus-3.10-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xenbus_client.c: correct exit path for xenbus_map_ring_valloc_hvm
xen-pciback: more uses of cached MSI-X capability offset
xen: Clean up apic ipi interface
xenbus: save xenstore local status for later use
xenbus: delay xenbus frontend resume if xenstored is not running
xmem/tmem: fix 'undefined variable' build error.
Linus Torvalds [Thu, 30 May 2013 20:59:28 +0000 (05:59 +0900)]
Merge tag 'sound-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound updates from Takashi Iwai:
"Again very calm updates at this time.
All small fixes for individual drivers, mostly ASoC codecs, in
addition to soc-compress fix for capture streams which is safe to
apply as there is no in-tree users yet."
* tag 'sound-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: cs42l52: fix default value for MASTERA_VOL.
ASoC: wm8994: check for array index returned
ASoC: wm8994: Fix reporting of accessory removal on WM8958
ASoC: wm8994: use the correct pointer to get the control value
ASoC: wm5110: Correct DSP4R Mixer control name
ALSA: usb-6fire: Modify firmware version check
ASoC: cs42l52: fix master playback mute mask.
ASoC: cs42l52: fix bogus shifts in "Speaker Volume" and "PCM Mixer Volume" controls.
ASoC: cs42l52: microphone bias is controlled by IFACE_CTL2 register.
ASoC: davinci: fix sample rotation
ASoC: wm5110: Add missing speaker initialisation
ASoC: soc-compress: Send correct stream event for capture start
ASoC: max98090: request IRQF_ONESHOT interrupt
Chuck Lever [Tue, 14 May 2013 18:37:56 +0000 (14:37 -0400)]
NFS: Fix security flavor negotiation with legacy binary mounts
Darrick J. Wong <darrick.wong@oracle.com> reports:
> I have a kvm-based testing setup that netboots VMs over NFS, the
> client end of which seems to have broken somehow in 3.10-rc1. The
> server's exports file looks like this:
>
> /storage/mtr/x64 192.168.122.0/24(ro,sync,no_root_squash,no_subtree_check)
>
> On the client end (inside the VM), the initrd runs the following
> command to try to mount the rootfs over NFS:
>
> # mount -o nolock -o ro -o retrans=10 192.168.122.1:/storage/mtr/x64/ /root
>
> (Note: This is the busybox mount command.)
>
> The mount fails with -EINVAL.
Commit 4580a92d44 "NFS: Use server-recommended security flavor by
default (NFSv3)" introduced a behavior regression for NFS mounts
done via a legacy binary mount(2) call.
Ensure that a default security flavor is specified for legacy binary
mount requests, since they do not invoke nfs_select_flavor() in the
kernel.
Busybox uses klibc's nfsmount command, which performs NFS mounts
using the legacy binary mount data format. /sbin/mount.nfs is not
affected by this regression.
Reported-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Tested-by: Darrick J. Wong <darrick.wong@oracle.com> Acked-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Lance Ortiz [Thu, 30 May 2013 14:25:12 +0000 (08:25 -0600)]
aerdrv: Move cper_print_aer() call out of interrupt context
The following warning was seen on 3.9 when a corrected PCIe error was being
handled by the AER subsystem.
WARNING: at .../drivers/pci/search.c:214 pci_get_dev_by_id+0x8a/0x90()
This occurred because a call to pci_get_domain_bus_and_slot() was added to
cper_print_pcie() to setup for the call to cper_print_aer(). The warning
showed up because cper_print_pcie() is called in an interrupt context and
pci_get* functions are not supposed to be called in that context.
The solution is to move the cper_print_aer() call out of the interrupt
context and into aer_recover_work_func() to avoid any warnings when calling
pci_get* functions.
Signed-off-by: Lance Ortiz <lance.ortiz@hp.com> Acked-by: Borislav Petkov <bp@suse.de> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
regulator: palmas: Fix "enable_reg" to point to the correct reg for SMPS10
regulator_enable_regmap() uses enable_reg to enable the regulator.
But enable_reg for smps10 points to SMPS10_STATUS which is a
read-only register. Fixed the same by having enable_reg
set to SMPS10_CTRL.
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: stable@vger.kernel.org
Linus Torvalds [Thu, 30 May 2013 04:39:01 +0000 (13:39 +0900)]
Merge branch 'mn10300' (mn10300 fixes from David Howells)
Merge mn10300 fixes from David Howells.
* emailed patches from David Howells <dhowells@redhat.com>:
MN10300: Need pci_iomap() and __pci_ioport_map() defining
MN10300: ASB2305's PCI code needs the definition of XIRQ1
MN10300: Enable IRQs more in system call exit work path
MN10300: Fix ret_from_kernel_thread
David Howells [Tue, 28 May 2013 19:21:25 +0000 (20:21 +0100)]
MN10300: Need pci_iomap() and __pci_ioport_map() defining
Include the generic definitions of pci_iomap() and __pci_ioport_map()
otherwise we can get errors like:
lib/pci_iomap.c: In function 'pci_iomap':
lib/pci_iomap.c:37: error: implicit declaration of function '__pci_ioport_map'
lib/pci_iomap.c:37: warning: return makes pointer from integer without a cast
and:
drivers/pci/quirks.c: In function 'disable_igfx_irq':
drivers/pci/quirks.c:2893: error: implicit declaration of function 'pci_iomap'
drivers/pci/quirks.c:2893: warning: initialization makes pointer from integer without a cast
drivers/pci/quirks.c: In function 'reset_ivb_igd':
drivers/pci/quirks.c:3133: warning: assignment makes pointer from integer without a cast
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Ken Cox <jkc@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Tue, 28 May 2013 19:21:17 +0000 (20:21 +0100)]
MN10300: ASB2305's PCI code needs the definition of XIRQ1
The code for PCI in the ASB2305 needs the definition of XIRQ1 from proc/irq.h
otherwise the following error appears:
arch/mn10300/unit-asb2305/pci.c: In function 'unit_pci_init':
arch/mn10300/unit-asb2305/pci.c:481: error: 'XIRQ1' undeclared (first use in this function)
arch/mn10300/unit-asb2305/pci.c:481: error: (Each undeclared identifier is reported only once
arch/mn10300/unit-asb2305/pci.c:481: error: for each function it appears in.)
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Ken Cox <jkc@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Tue, 28 May 2013 19:21:10 +0000 (20:21 +0100)]
MN10300: Enable IRQs more in system call exit work path
Enable IRQs when calling schedule() for TIF_NEED_RESCHED and
do_notify_resume(). If interrupts are enabled during do_notify_resume(), a
warning can be seen (see lower down).
Whilst we're at it, resume_userspace can be made local to entry.S as it is not
called outside of there and it can be merged with the part of work_resched that
occurs after schedule() is called.
David Howells [Tue, 28 May 2013 19:21:02 +0000 (20:21 +0100)]
MN10300: Fix ret_from_kernel_thread
ret_from_kernel_thread needs to set A2 to the thread_info pointer before
jumping to syscall_exit.
Without this, we never correctly start userspace.
This was caused by the rejuggling of the fork/exec paths in commit ddf23e87a804 ("mn10300: switch to saner kernel_execve() semantics")
Reported-by: Ken Cox <jkc@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Ken Cox <jkc@redhat.com> Acked-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ib_srpt: Call target_sess_cmd_list_set_waiting during shutdown_session
Given that srpt_release_channel_work() calls target_wait_for_sess_cmds()
to allow outstanding se_cmd_t->cmd_kref a change to complete, the call
to perform target_sess_cmd_list_set_waiting() needs to happen in
srpt_shutdown_session()
Also, this patch adds an explicit call to srpt_shutdown_session() within
srpt_drain_channel() so that target_sess_cmd_list_set_waiting() will be
called in the cases where TFO->shutdown_session() is not triggered
directly by TCM.
Cc: Joern Engel <joern@logfs.org> Cc: Roland Dreier <roland@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
target: Re-instate sess_wait_list for target_wait_for_sess_cmds
Switch back to pre commit 1c7b13fe652 list splicing logic for active I/O
shutdown with tcm_qla2xxx + ib_srpt fabrics.
The original commit was done under the incorrect assumption that it's safe to
walk se_sess->sess_cmd_list unprotected in target_wait_for_sess_cmds() after
sess->sess_tearing_down = 1 has been set by target_sess_cmd_list_set_waiting()
during session shutdown.
So instead of adding sess->sess_cmd_lock protection around sess->sess_cmd_list
during target_wait_for_sess_cmds(), switch back to sess->sess_wait_list to
allow wait_for_completion() + TFO->release_cmd() to occur without having to
walk ->sess_cmd_list after the list_splice.
Also add a check to exit if target_sess_cmd_list_set_waiting() has already
been called, and add a WARN_ON to check for any fabric bug where new se_cmds
are added to sess->sess_cmd_list after sess->sess_tearing_down = 1 has already
been set.
Cc: Joern Engel <joern@logfs.org> Cc: Roland Dreier <roland@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Linus Torvalds [Wed, 29 May 2013 23:54:29 +0000 (08:54 +0900)]
Merge tag 'pinctrl-fixes-v3.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin-control fixes from Linus Walleij:
- Six patches fixing up the suspend/resume and wakeup handling of the
Samsung and Exynos drivers.
- Errorpath fixes for four different drivers. All on the probe()
errorpath.
- Make the debugfs code for pin config take the right mutex.
* tag 'pinctrl-fixes-v3.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: pinconf: take the right mutex
pinctrl: sunxi: fix error return code in sunxi_pinctrl_probe()
pinctrl: exynos: Handle suspend/resume of GPIO EINT registers
pinctrl: samsung: Allow per-bank SoC-specific private data
pinctrl: samsung: Add support for SoC-specific suspend/resume callbacks
pinctrl: Don't override the error code in probe error handling
ARM: EXYNOS: Fix EINT wake-up mask configuration when pinctrl is used
pinctrl: exynos: Add support for set_irq_wake of wake-up EINTs
pinctrl: samsung: fix suspend/resume functionality
Dave Airlie [Wed, 29 May 2013 23:14:03 +0000 (09:14 +1000)]
Merge branch 'drm-fixes-3.10' of git://people.freedesktop.org/~agd5f/linux into drm-next
just a few minor fixes for radeon.
* 'drm-fixes-3.10' of git://people.freedesktop.org/~agd5f/linux:
radeon: use max_bus_speed to activate gen2 speeds
drm/radeon: narrow scope of Apple re-POST hack
drm/radeon: don't check crtcs in card_posted() on cards without DCE
drm/radeon: fix card_posted check for newer asics
drm/radeon: fix typo in cu_per_sh on verde
drm/radeon: UVD block on SUMO2 is the same as on SUMO
Tony Prisk [Fri, 17 May 2013 21:18:49 +0000 (09:18 +1200)]
clk: vt8500: Fix unbalanced spinlock in vt8500_dclk_set_rate()
With the addition of a DVO clock, a bug is now evident in the vt8500
clock code:
[ 0.290000] WARNING: at init/main.c:698 do_one_initcall+0x158/0x18c()
[ 0.300000] initcall wm8505fb_driver_init+0x0/0xc returned with disabled int
This is caused by an unbalanced spinlock in vt8500_dclk_set_rate().
Replace the second call to spin_lock_irqsave() with spin_unlock_irqrestore().
Signed-off-by: Tony Prisk <linux@prisktech.co.nz> Signed-off-by: Mike Turquette <mturquette@linaro.org>
Marek Belisko [Fri, 3 May 2013 05:53:22 +0000 (07:53 +0200)]
clk: si5351: Fix clkout rate computation.
Rate was incorrectly computed because we read from wrong divider register.
Signed-off-by: Marek Belisko <marek.belisko@streamunlimited.com> Acked-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com> Signed-off-by: Mike Turquette <mturquette@linaro.org> Cc: stable@kernel.org
Lee Jones [Wed, 8 May 2013 13:29:03 +0000 (14:29 +0100)]
clk: ux500: Provide device enumeration number suffix for SMSC911x
First Ethernet device has a ".0" appended onto the device name. It
appears that we need this in order to obtain the correct clock.
Without this fix Ethernet does not function on Ux500 devices, which is a
regression.
Cc: Ulf Hansson <ulf.hansson@linaro.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Mike Turquette <mturquette@linaro.org>
[mturquette@linaro.org: improved changelog]
radeon currently uses a drm function to get the speed capabilities for
the bus, drm_pcie_get_speed_cap_mask. However, this is a non-standard
method of performing this detection and this patch changes it to use
the max_bus_speed attribute.
From: Lucas Kannebley Tavares <lucaskt@linux.vnet.ibm.com> Signed-off-by: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Alex Deucher [Wed, 22 May 2013 17:29:33 +0000 (13:29 -0400)]
drm/radeon: narrow scope of Apple re-POST hack
This narrows the scope of the apple re-POST hack added in:
drm/radeon: re-POST the asic on Apple hardware when booted via EFI
That patch prevents UVD from working on macs when booted in EFI
mode. The original patch fixed macbook2,1 systems which were
r5xx and hence have no UVD. Limit the hack to those systems to
prevent UVD breakage on newer systems.
Cc: Matthew Garrett <mjg59@srcf.ucam.org> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Acked-by: Matthew Garrett <matthew.garrett@nebula.com>
Alex Deucher [Wed, 22 May 2013 15:22:51 +0000 (11:22 -0400)]
drm/radeon: fix card_posted check for newer asics
Newer asics have variable numbers of crtcs. Use that
rather than the asic family to determine which crtcs
to check. This avoids checking non-existent crtcs or
missing crtcs on certain asics.
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org
Tested-By: Dave Witbrodt <dawitbro@sbcglobal.net> Signed-off-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
J. Bruce Fields [Fri, 24 May 2013 21:24:34 +0000 (17:24 -0400)]
svcrpc: fix failures to handle -1 uid's and gid's
As of f025adf191924e3a75ce80e130afcd2485b53bb8 "sunrpc: Properly decode
kuids and kgids in RPC_AUTH_UNIX credentials" any rpc containing a -1
(0xffff) uid or gid would fail with a badcred error.
Reported symptoms were xmbc clients failing on upgrade of the NFS
server; examination of the network trace showed them sending -1 as the
gid.
Reported-by: Julian Sikorski <belegdol@gmail.com> Tested-by: Julian Sikorski <belegdol@gmail.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Stefan Bader [Wed, 8 May 2013 14:37:35 +0000 (16:37 +0200)]
xen: Clean up apic ipi interface
Commit f447d56d36af18c5104ff29dcb1327c0c0ac3634 introduced the
implementation of the PV apic ipi interface. But there were some
odd things (it seems none of which cause really any issue but
maybe they should be cleaned up anyway):
- xen_send_IPI_mask_allbutself (and by that xen_send_IPI_allbutself)
ignore the passed in vector and only use the CALL_FUNCTION_SINGLE
vector. While xen_send_IPI_all and xen_send_IPI_mask use the vector.
- physflat_send_IPI_allbutself is declared unnecessarily. It is never
used.
This patch tries to clean up those things.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Save the xenstore local status computed in xenbus_init. It can then be used
later to check if xenstored is running in this domain.
Signed-off-by: Aurelien Chartier <aurelien.chartier@citrix.com>
[Changes in v4:
- Change variable name to xen_store_domain_type] Reviewed-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
xenbus: delay xenbus frontend resume if xenstored is not running
If the xenbus frontend is located in a domain running xenstored, the device
resume is hanging because it is happening before the process resume. This
patch adds extra logic to the resume code to check if we are the domain
running xenstored and delay the resume if needed.
Signed-off-by: Aurelien Chartier <aurelien.chartier@citrix.com>
[Changes in v2:
- Instead of bypassing the resume, process it in a workqueue]
[Changes in v3:
- Add a struct work in xenbus_device to avoid dynamic allocation
- Several small code fixes]
[Changes in v4:
- Use a dedicated workqueue]
[Changes in v5:
- Move create_workqueue error handling to xenbus_frontend_dev_resume] Acked-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Takashi Iwai [Wed, 29 May 2013 10:52:16 +0000 (12:52 +0200)]
Merge tag 'asoc-v3.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Updates for v3.10
A series of driver specific updates, none particularly critical, plus
one fix to the compressed API code to handle capture streams properly
which is very safe for mainline as there's no current users.
Linus Torvalds [Wed, 29 May 2013 10:24:55 +0000 (19:24 +0900)]
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM Exynos fixes from Olof Johansson:
"Here's a shorter set of fixes for 3.10, all for Samsung Exynos
platforms.
It also includes a defconfig update so that exynos_defconfig provides
a meaningful set of drivers to boot an unmodified kernel on the
Samsung ARM-based Chromebooks."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: exynos: defconfig update
ARM: SAMSUNG: Add names to fimd0 IRQ resources
ARM: EXYNOS: fix software reset logic for EXYNOS5440 SOC
ARM: EXYNOS: Fix support of Exynos4210 rev0 SoC
ARM: dts: Enabling samsung-usb2phy driver for exynos5250
This also turns off DEBUG_LL, and switches the hardcoded Samsung lowlevel
uart to uart 3 (which is only used to show the "uncompressing kernel"
message at boot, it seems).
Signed-off-by: Olof Johansson <olof@lixom.net> Reviewed-by: Doug Anderson <dianders@chromium.org> Tested-by: Tushar Behera <tushar.behera@linaro.org> Acked-by: Kukjin Kim <kgene.kim@samsung.com>
Jeff Liu [Sun, 26 May 2013 13:33:09 +0000 (21:33 +0800)]
cgroup: warn about mismatching options of a new mount of an existing hierarchy
With the new __DEVEL__sane_behavior mount option was introduced,
if the root cgroup is alive with no xattr function, to mount a
new cgroup with xattr will be rejected in terms of design which
just fine. However, if the root cgroup does not mounted with
__DEVEL__sane_hehavior, to create a new cgroup with xattr option
will succeed although after that the EA function does not works
as expected but will get ENOTSUPP for setting up attributes under
either cgroup. e.g.
setfattr: /cgroup2/test: Operation not supported
Instead of keeping silence in this case, it's better to drop a log
entry in warning level. That would be helpful to understand the
reason behind the scene from the user's perspective, and this is
essentially an improvement does not break the backward compatibilities.
With this fix, above mount attemption will keep up works as usual but
the following line cound be found at the system log:
[ ...] cgroup: new mount options do not match the existing superblock
tj: minor formatting / message updates.
Signed-off-by: Jie Liu <jeff.liu@oracle.com> Reported-by: Alexey Kodanev <alexey.kodanev@oracle.com> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org
Zhang Yanfei [Tue, 14 May 2013 06:48:58 +0000 (14:48 +0800)]
x86-64, init: Fix a possible wraparound bug in switchover in head_64.S
In head_64.S, a switchover has been used to handle kernel crossing
1G, 512G boundaries.
And commit 8170e6bed465b4b0c7687f93e9948aca4358a33b
x86, 64bit: Use a #PF handler to materialize early mappings on demand
said:
During the switchover in head_64.S, before #PF handler is available,
we use three pages to handle kernel crossing 1G, 512G boundaries with
sharing page by playing games with page aliasing: the same page is
mapped twice in the higher-level tables with appropriate wraparound.
But from the switchover code, when we set up the PUD table:
114 addq $4096, %rdx
115 movq %rdi, %rax
116 shrq $PUD_SHIFT, %rax
117 andl $(PTRS_PER_PUD-1), %eax
118 movq %rdx, (4096+0)(%rbx,%rax,8)
119 movq %rdx, (4096+8)(%rbx,%rax,8)
It seems line 119 has a potential bug there. For example,
if the kernel is loaded at physical address 511G+1008M, that is 000000000111111111111111000000000000000000000000
and the kernel _end is 512G+2M, that is 000000001000000000000000001000000000000000000000
So in this example, when using the 2nd page to setup PUD (line 114~119),
rax is 511.
In line 118, we put rdx which is the address of the PMD page (the 3rd page)
into entry 511 of the PUD table. But in line 119, the entry we calculate from
(4096+8)(%rbx,%rax,8) has exceeded the PUD page. IMO, the entry in line
119 should be wraparound into entry 0 of the PUD table.
The patch fixes the bug.
Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com> Link: http://lkml.kernel.org/r/5191DE5A.3020302@cn.fujitsu.com Signed-off-by: Yinghai Lu <yinghai@kernel.org> Cc: <stable@vger.kernel.org> v3.9 Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Linus Torvalds [Tue, 28 May 2013 17:11:34 +0000 (10:11 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"This is mostly exynos and intel fixes, along with some vblank patches
I lost from Rob a few months ago that make wayland work better on lots
of GPUs, also a qxl kconfig fix."
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (22 commits)
qxl: fix Kconfig deps - select FB_DEFERRED_IO
drm/exynos: replace request_threaded_irq with devm function
drm/exynos: remove unnecessary devm_kfree
drm/exynos: fix build warnings from ipp fimc
drm/exynos: cleanup device pointer usages
drm/exynos: wait for the completion of pending page flip
drm/exynos: use drm_send_vblank_event() helper
drm/i915: avoid premature DP AUX timeouts
drm/i915: avoid premature timeouts in __wait_seqno()
drm/i915: use msecs_to_jiffies_timeout instead of open coding the same
drm/i915: add msecs_to_jiffies_timeout to guarantee minimum duration
drm/i915: force full modeset if the connector is in DPMS OFF mode
drm/exynos: page flip fixes
drm/exynos: exynos_hdmi: Pass correct pointer to free_irq()
drm/exynos: exynos_drm_ipp: Fix incorrect usage of IS_ERR_OR_NULL
drm/exynos: exynos_drm_fbdev: Fix incorrect usage of IS_ERR_OR_NULL
drm/imx: use drm_send_vblank_event() helper
drm/shmob: use drm_send_vblank_event() helper
drm/radeon: use drm_send_vblank_event() helper
drm/nouveau: use drm_send_vblank_event() helper
...
Linus Torvalds [Tue, 28 May 2013 17:08:39 +0000 (10:08 -0700)]
Merge branch 'for-3.10' of git://git.samba.org/sfrench/cifs-2.6
Pull CIFS fixes from Steve French:
"Fixes for a couple of DFS problems, a problem with extended security
negotiation and two other small cifs fixes"
* 'for-3.10' of git://git.samba.org/sfrench/cifs-2.6:
cifs: fix composing of mount options for DFS referrals
cifs: stop printing the unc= option in /proc/mounts
cifs: fix error handling when calling cifs_parse_devname
cifs: allow sec=none mounts to work against servers that don't support extended security
cifs: fix potential buffer overrun when composing a new options string
cifs: only set ops for inodes in I_NEW state
Linus Torvalds [Tue, 28 May 2013 16:39:04 +0000 (09:39 -0700)]
Merge tag 'trace-fixes-v3.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"Two more fixes:
The first one was reported by Mauro Carvalho Chehab, where if a poll()
is done against a trace buffer for a CPU that has never been online,
it will crash the kernel, as buffers are only created when a CPU comes
on line, but the trace files are for all possible CPUs.
This fix is to check if the buffer was allocated and if not return
-EINVAL.
That was the simple fix, the real fix is a bit more complex and not
for a -rc release. We could have the files created when the CPUs come
online. That would require some design changes.
The second one was reported by Peter Zijlstra. If the kernel command
line has ftrace=nop, it will lock up the system on boot up. This is
because the new design for 3.10 has the nop tracer bootstrap the
tracing subsystem. When ftrace=<trace> is defined, when a that tracer
is registered, it starts the tracing, but uses the nop tracer to clear
things out. What happened here was that ftrace=nop caused the
registering of nop to start it and use nop before it was initialized.
The only thing nop needs to have done to initialize it is to have the
tracer point its current_tracer structure member to the nop tracer.
Doing that before registering the nop tracer makes everything work."
* tag 'trace-fixes-v3.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ring-buffer: Do not poll non allocated cpu buffers
tracing: Fix crash when ftrace=nop on the kernel command line
Linus Torvalds [Tue, 28 May 2013 16:23:23 +0000 (09:23 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k
Pull m68k fixes from Geert Uytterhoeven:
- futex support that I had missed before,
- A long-overdue update of the m68k defconfigs.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k: Update defconfigs for v3.9
m68k: implement futex.h to support userspace robust futexes and PI mutexes
Linus Torvalds [Tue, 28 May 2013 16:21:13 +0000 (09:21 -0700)]
Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblaze
Pull microblaze fixes from Michal Simek:
"One patch fix futex support and my patches fix warnings which were
reported by Geert's regression testing"
* 'next' of git://git.monstr.eu/linux-2.6-microblaze:
microblaze: Reversed logic in futex cmpxchg
microblaze: Use proper casting for inb/inw/inl in io.h
microblaze: Initialize temp variable to remove compilation warning
ring-buffer: Do not poll non allocated cpu buffers
The tracing infrastructure sets up for possible CPUs, but it uses
the ring buffer polling, it is possible to call the ring buffer
polling code with a CPU that hasn't been allocated. This will cause
a kernel oops when it access a ring buffer cpu buffer that is part
of the possible cpus but hasn't been allocated yet as the CPU has never
been online.
Nicolas Schichan [Thu, 23 May 2013 14:53:02 +0000 (16:53 +0200)]
ASoC: cs42l52: fix default value for MASTERA_VOL.
The default register value for MASTERA_VOL is 0x00, the same as
MASTERB_VOL.
Signed-off-by: Nicolas Schichan <nschichan@freebox.fr> Acked-by: Brian Austin <brian.austin@cirrus.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: stable@vger.kernel.org
Mark Brown [Tue, 28 May 2013 11:52:08 +0000 (12:52 +0100)]
ASoC: wm8994: Fix reporting of accessory removal on WM8958
During recent refactoring the code to report removal when MICDET reports
an absent microphone was removed, causing problems for systems which rely
solely on the MICDET for this functionality. Restore it.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Frederico Cadete [Sat, 25 May 2013 20:48:57 +0000 (22:48 +0200)]
xmem/tmem: fix 'undefined variable' build error.
In the (not so useful) kernel configuration where CONFIG_SWAP
is undefined and CONFIG_XEN_SELFBALLOONING is defined,
xen_tmem_init would use undefined variable 'static bool frontswap'.
Added #else to have #define frontswap (0) in the case where
CONFIG_FRONTSWAP is not defined.
Signed-off-by: Frederico Cadete <frederico@cadete.eu> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
s390/pgtable: Fix check for pgste/storage key handling
pte_present might return true on PAGE_TYPE_NONE, even if
the invalid bit is on. Modify the existing check of the
pgste functions to avoid crashes.
[ Martin Schwidefsky: added ptep_modify_prot_[start|commit] bits ]
Reported-by: Martin Schwidefky <schwidefsky@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> CC: stable@vger.kernel.org Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Jussi Kivilinna [Tue, 21 May 2013 14:09:41 +0000 (17:09 +0300)]
crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations
The _XFER stack element size was set too small, 8 bytes, when it needs to be
16 bytes. As _XFER is the last stack element used by these implementations,
the 16 byte stores with 'movdqa' corrupt the stack where the value of register
%r12 is temporarily stored. As these implementations align the stack pointer
to 16 bytes, this corruption did not happen every time.
Patch corrects this issue.
Reported-by: Julian Wollrath <jwollrath@web.de> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Tested-by: Julian Wollrath <jwollrath@web.de> Acked-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Olof Johansson [Tue, 28 May 2013 02:26:30 +0000 (19:26 -0700)]
Merge tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes
From Kukjin Kim:
Fixes following for v3.10
- to get usb2 working on the Chromebook with adding the
usb phy node for usb2 on exynos5250
- supporting exynos4210 rev0 SoC
- exynos5440 restart applying only to powered-on domains
- drm-exynos probe failure with adding resource names to
fimd0 platform device
* tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: SAMSUNG: Add names to fimd0 IRQ resources
ARM: EXYNOS: fix software reset logic for EXYNOS5440 SOC
ARM: EXYNOS: Fix support of Exynos4210 rev0 SoC
ARM: dts: Enabling samsung-usb2phy driver for exynos5250
Tomasz Figa [Fri, 17 May 2013 16:24:31 +0000 (18:24 +0200)]
pinctrl: samsung: Allow per-bank SoC-specific private data
This patch extends pin bank descriptor structure with SoC-specific
private data field that allows SoC-specific drivers to store their own
private data.
Signed-off-by: Tomasz Figa <t.figa@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Tested-by: Doug Anderson <dianders@chromium.org> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Tomasz Figa [Fri, 17 May 2013 16:24:30 +0000 (18:24 +0200)]
pinctrl: samsung: Add support for SoC-specific suspend/resume callbacks
SoC-specific driver might require additional save and restore of
registers. This patch adds pair of SoC-specific callbacks per pinctrl
device to account for this.
Signed-off-by: Tomasz Figa <t.figa@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Tested-by: Doug Anderson <dianders@chromium.org> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Axel Lin [Sun, 19 May 2013 05:58:37 +0000 (13:58 +0800)]
pinctrl: Don't override the error code in probe error handling
Otherwise, we return 0 in probe error paths when gpiochip_remove() returns 0.
Also show error message if gpiochip_remove() fails.
Signed-off-by: Axel Lin <axel.lin@ingics.com> Acked-by: Tony Prisk <linux@prisktech.co.nz> Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Tomasz Figa [Fri, 17 May 2013 16:24:28 +0000 (18:24 +0200)]
ARM: EXYNOS: Fix EINT wake-up mask configuration when pinctrl is used
On DT-enabled systems pinctrl-exynos driver is responsible for handling
of wake-up EINT interrupts. This patch adjusts wake-up mask
configuration code to take wake-up mask value from pinctrl-exynos driver
on DT-enabled systems.
Signed-off-by: Tomasz Figa <t.figa@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Tested-by: Doug Anderson <dianders@chromium.org> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>