Pekka Enberg [Sat, 4 Feb 2012 08:32:41 +0000 (10:32 +0200)]
kvm tools: Fix another use-after-free in shutdown sequence
Valgrind spotted another issue:
==2343== Invalid read of size 8
==2343== at 0x408EAD: kvm__pause (kvm.c:529)
==2343== by 0x407E07: ioport__unregister (ioport.c:100)
==2343== by 0x409537: pci__exit (pci.c:210)
==2343== by 0x406303: kvm_cmd_run (builtin-run.c:1314)
==2343== by 0x410670: handle_command (kvm-cmd.c:84)
==2343== by 0x3DE682139C: (below main) (in /lib64/libc-2.14.so)
==2343== Address 0x4c30ca0 is 0 bytes inside a block of size 520 free'd
==2343== at 0x4A055FE: free (vg_replace_malloc.c:366)
==2343== by 0x406293: kvm_cmd_run (builtin-run.c:1292)
==2343== by 0x410670: handle_command (kvm-cmd.c:84)
==2343== by 0x3DE682139C: (below main) (in /lib64/libc-2.14.so)
Pekka Enberg [Sat, 4 Feb 2012 08:30:42 +0000 (10:30 +0200)]
kvm tools, x86: Fix use after free in irq__exit()
Valgrind spotted this issue with KVM tool shutdown:
==1823== Invalid read of size 8
==1823== at 0x410DD0: rb_next (rbtree.c:390)
==1823== by 0x417376: irq__exit (irq.c:182)
==1823== by 0x406230: kvm_cmd_run (builtin-run.c:1275)
==1823== by 0x410670: handle_command (kvm-cmd.c:84)
==1823== by 0x3DE682139C: (below main) (in /lib64/libc-2.14.so)
==1823== Address 0x4f7cca0 is 0 bytes inside a block of size 48 free'd
==1823== at 0x4A055FE: free (vg_replace_malloc.c:366)
==1823== by 0x41736E: irq__exit (irq.c:192)
==1823== by 0x406230: kvm_cmd_run (builtin-run.c:1275)
==1823== by 0x410670: handle_command (kvm-cmd.c:84)
==1823== by 0x3DE682139C: (below main) (in /lib64/libc-2.14.so)
Matt Evans [Thu, 2 Feb 2012 02:47:34 +0000 (13:47 +1100)]
kvm tools: Add build target for statically-linked binary
This commit adds a target for 'lkvm-static' which is linked -static.
(This can be useful to construct kvmtool binaries for minimalist
auto-test host filesystems.)
Since extra features (SDL, AIO, VNC etc.) are auto-detected in the makefile
AND some features may only work when linked one way (but not both), the
feature detection now checks for both dynamic & static success. Intermediate
objects build with correct flags (e.g. CONFIG_HAS_AIO) for the end target.
Signed-off-by: Matt Evans <matt@ozlabs.org> Signed-off-by: Pekka Enberg <penberg@kernel.org>
Matt Evans [Tue, 31 Jan 2012 06:30:41 +0000 (17:30 +1100)]
kvm tools: Repair running on non ioeventfd-capable platforms
Commit d3923126a24212f1e746a84a575dadbd9f259418 added a bunch of
nice error checking around ioevent__init() but the init may gracefully
fail if ioevents simply aren't supported (PPC64 KVM).
This commit adds a new return code for the init -- positive, but
identifiable as 'not success 0'.
Signed-off-by: Matt Evans <matt@ozlabs.org> Signed-off-by: Pekka Enberg <penberg@kernel.org>
Commit b50cac5 ("PCI/sysfs: add per pci device msi[x] irq listing (v5)") added
"struct kobject" dependency to <linux/msi.h> which breaks KVM tool build. As
the header file is no longer about MSI hardware, make a new header file for
"struct msi_ms".
Reported-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Pekka Enberg <penberg@kernel.org>
Ingo Molnar [Wed, 18 Jan 2012 09:04:48 +0000 (10:04 +0100)]
kvm tools: Fix build breakage with GCC 4.7
* Pekka Enberg <penberg@kernel.org> wrote:
> >In file included from virtio/net.c:3:0:
> >include/kvm/virtio.h: In function ‘virt_queue__available’:
> >include/kvm/virtio.h:42:2: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
i suspect the contrast might be from casting a 'struct
vring_used_elem's 'id' field to type '__u16 *' and dereferencing
it might break GCC alias optimizations, as it makes two uses of
the 'num' field - one the regular 32-bit usage, the other this
weird 16-bit usage.
I think the only sane way to solve this is to do what the kernel
does, to turn off strict aliasing. The patch below does this and
resolves the build bug. Note: i also switched optimization from
-Os to -O2 - the latter is generally the better option for
performance critical code. -Os sometimes produces really weird
code.
The other build problem is that it appears the default GCC
regparm model changed, which highlighted this prototype bug:
x86/bios/e820.c:32:15: error: conflicting types for ‘e820_query_map’
In file included from x86/bios/e820.c:1:0:
include/kvm/e820.h:10:6: note: previous declaration of ‘e820_query_map’ was here
and there are similar problems with other BIOS prototypes.
Resolved via the other bits in the patch below.
Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Pekka Enberg <penberg@kernel.org>
Asias He [Mon, 9 Jan 2012 09:18:01 +0000 (17:18 +0800)]
kvm tools: Fix kvm-ipc.c build breakage
CC kvm-ipc.o
kvm-ipc.c: In function ???kvm_ipc__send_msg???:
kvm-ipc.c:53:34: error: comparison between signed and unsigned integer
expressions [-Werror=sign-compare]
cc1: all warnings being treated as errors
Reported-by: Jean-Philippe Menil <jean-philippe.menil@univ-nantes.fr> Signed-off-by: Asias He <asias.hejun@gmail.com> Signed-off-by: Pekka Enberg <penberg@kernel.org>
Hongyong Zang [Fri, 6 Jan 2012 02:06:26 +0000 (10:06 +0800)]
kvm tool: Change kvm->ram_size to real mapped size.
If a guest's ram_size exceeds KVM_32BIT_GAP_START, the corresponding kvm tool's
virtual address size should be (ram_size + KVM_32BIT_GAP_SIZE), rather than ram_size.
Use macro define KVM_32BIT_MAX_MEM_SIZE instead of magic number "0x100000000ULL".
Signed-off-by: Hongyong Zang <zanghongyong@huawei.com> Signed-off-by: Pekka Enberg <penberg@kernel.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
fix CAN MAINTAINERS SCM tree type
mwifiex: fix crash during simultaneous scan and connect
b43: fix regression in PIO case
ath9k: Fix kernel panic in AR2427 in AP mode
CAN MAINTAINERS update
net: fsl: fec: fix build for mx23-only kernel
sch_qfq: fix overflow in qfq_update_start()
Revert "Bluetooth: Increase HCI reset timeout in hci_dev_do_close"
Al Viro [Wed, 4 Jan 2012 10:51:03 +0000 (10:51 +0000)]
minixfs: misplaced checks lead to dentry leak
bitmap size sanity checks should be done *before* allocating ->s_root;
there their cleanup on failure would be correct. As it is, we do iput()
on root inode, but leak the root dentry...
Oleg Nesterov [Wed, 4 Jan 2012 16:29:20 +0000 (17:29 +0100)]
ptrace: ensure JOBCTL_STOP_SIGMASK is not zero after detach
This is the temporary simple fix for 3.2, we need more changes in this
area.
1. do_signal_stop() assumes that the running untraced thread in the
stopped thread group is not possible. This was our goal but it is
not yet achieved: a stopped-but-resumed tracee can clone the running
thread which can initiate another group-stop.
Remove WARN_ON_ONCE(!current->ptrace).
2. A new thread always starts with ->jobctl = 0. If it is auto-attached
and this group is stopped, __ptrace_unlink() sets JOBCTL_STOP_PENDING
but JOBCTL_STOP_SIGMASK part is zero, this triggers WANR_ON(!signr)
in do_jobctl_trap() if another debugger attaches.
Change __ptrace_unlink() to set the artificial SIGSTOP for report.
Alternatively we could change ptrace_init_task() to copy signr from
current, but this means we can copy it for no reason and hide the
possible similar problems.
do {
ptrace(PTRACE_CONT, pid, 0, 0);
pid = waitpid(-1, NULL, 0);
} while (pid > 0);
return 1;
}
It fails because ->real_parent sees its child in EXIT_DEAD state
while the tracer is going to change the state back to EXIT_ZOMBIE
in wait_task_zombie().
The offending commit is 823b018e which moved the EXIT_DEAD check,
but in fact we should not blame it. The original code was not
correct as well because it didn't take ptrace_reparented() into
account and because we can't really trust ->ptrace.
This patch adds the additional check to close this particular
race but it doesn't solve the whole problem. We simply can't
rely on ->ptrace in this case, it can be cleared if the tracer
is multithreaded by the exiting ->parent.
I think we should kill EXIT_DEAD altogether, we should always
remove the soon-to-be-reaped child from ->children or at least
we should never do the DEAD->ZOMBIE transition. But this is too
complex for 3.2.
The call to "schedule_work()" in rtc_initialize_alarm() happens too
early, and can cause oopses at bootup
Neil Brown explains why we do it:
"If you set an alarm in the future, then shutdown and boot again after
that time, then you will end up with a timer_queue node which is in
the past.
When this happens the queue gets stuck. That entry-in-the-past won't
get removed until and interrupt happens and an interrupt won't happen
because the RTC only triggers an interrupt when the alarm is "now".
So you'll find that e.g. "hwclock" will always tell you that
'select' timed out.
So we force the interrupt work to happen at the start just in case."
and has a patch that convert it to do things in-process rather than with
the worker thread, but right now it's too late to play around with this,
so we just revert the patch that caused problems for now.
Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Requested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Requested-by: John Stultz <john.stultz@linaro.org> Cc: Neil Brown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Steve French [Wed, 4 Jan 2012 05:08:24 +0000 (23:08 -0600)]
[CIFS] default ntlmv2 for cifs mount delayed to 3.3
Turned out the ntlmv2 (default security authentication)
upgrade was harder to test than expected, and we ran
out of time to test against Apple and a few other servers
that we wanted to. Delay upgrade of default security
from ntlm to ntlmv2 (on mount) to 3.3. Still works
fine to specify it explicitly via "sec=ntlmv2" so this
should be fine.
Acked-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
Jeff Layton [Sun, 1 Jan 2012 15:34:39 +0000 (10:34 -0500)]
cifs: fix bad buffer length check in coalesce_t2
The current check looks to see if the RFC1002 length is larger than
CIFSMaxBufSize, and fails if it is. The buffer is actually larger than
that by MAX_CIFS_HDR_SIZE.
This bug has been around for a long time, but the fact that we used to
cap the clients MaxBufferSize at the same level as the server tended
to paper over it. Commit c974befa changed that however and caused this
bug to bite in more cases.
Reported-and-Tested-by: Konstantinos Skarlatos <k.skarlatos@gmail.com> Tested-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
It causes failures on Toshiba laptops - instead of disabling the alarm,
it actually seems to enable it on the affected laptops, resulting in
(for example) the laptop powering on automatically five minutes after
shutdown.
There's a patch for it that appears to work for at least some people,
but it's too late to play around with this, so revert for now and try
again in the next merge window.
See for example
http://bugs.debian.org/652869
Reported-and-bisected-by: Andreas Friedrich <afrie@gmx.net> (Toshiba Tecra) Reported-by: Antonio-M. Corbi Bellot <antonio.corbi@ua.es> (Toshiba Portege R500) Reported-by: Marco Santos <marco.santos@waynext.com> (Toshiba Portege Z830) Reported-by: Christophe Vu-Brugier <cvubrugier@yahoo.fr> (Toshiba Portege R830) Cc: Jonathan Nieder <jrnieder@gmail.com> Requested-by: John Stultz <john.stultz@linaro.org> Cc: stable@kernel.org # for the versions that applied this Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
vfork parent uninterruptibly and unkillably waits for its child to
exec/exit. This wait is of unbounded length. Ignore such waits
in the hung_task detector.
Jan Kara [Tue, 3 Jan 2012 12:14:29 +0000 (13:14 +0100)]
security: Fix security_old_inode_init_security() when CONFIG_SECURITY is not set
Commit 1e39f384bb01 ("evm: fix build problems") makes the stub version
of security_old_inode_init_security() return 0 when CONFIG_SECURITY is
not set.
But that makes callers such as reiserfs_security_init() assume that
security_old_inode_init_security() has set name, value, and len
arguments properly - but security_old_inode_init_security() left them
uninitialized which then results in interesting failures.
Revert security_old_inode_init_security() to the old behavior of
returning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this
just fine.
[ Also fixed the S_PRIVATE(inode) case of the actual non-stub
security_old_inode_init_security() function to return EOPNOTSUPP
for the same reason, as pointed out by Mimi Zohar.
It got incorrectly changed to match the new function in commit fb88c2b6cbb1: "evm: fix security/security_old_init_security return
code". - Linus ]
Reported-by: Jorge Bastos <mysql.jorge@decimal.pt> Acked-by: James Morris <jmorris@namei.org> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mwifiex: fix crash during simultaneous scan and connect
If 'iw connect' command is fired when driver is already busy in
serving 'iw scan' command, ssid specific scan operation for connect
is skipped. In this case cmd wait queue handler gets called with no
command in queue (i.e. adapter->cmd_queued = NULL).
This patch adds a NULL check in mwifiex_wait_queue_complete()
routine to fix crash observed during simultaneous scan and assoc
operations.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
commit 17030f48e31adde5b043741c91ba143f5f7db0fd
From: Rafał Miłecki <zajec5@gmail.com>
Date: Thu, 11 Aug 2011 17:16:27 +0200
Subject: [PATCH] b43: support new RX header, noticed to be used in 598.314+ fw
in PIO case.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
don't do aggregation related stuff for 'AP mode client power save
handling' if aggregation is not enabled in the driver, otherwise it
will lead to panic because those data structures won't be never
intialized in 'ath_tx_node_init' if aggregation is disabled
Oliver Hartkopp [Tue, 3 Jan 2012 08:40:28 +0000 (08:40 +0000)]
CAN MAINTAINERS update
Update the CAN MAINTAINERS section:
- point out active maintainers
- pull the CAN driver discussion away from netdev ML
- point to the new CAN web site on gitorious.org
- add CAN development git repository URL to submit patches
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> CC: Oliver Hartkopp <oliver.hartkopp@volkswagen.de> CC: Urs Thuermann <urs.thuermann@volkswagen.de> CC: Wolfgang Grandegger <wg@grandegger.com> CC: Marc Kleine-Budde <mkl@pengutronix.de> CC: linux-can@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>
Wolfram Sang [Tue, 3 Jan 2012 03:46:47 +0000 (03:46 +0000)]
net: fsl: fec: fix build for mx23-only kernel
If one only selects mx23-based boards, compile fails:
drivers/net/ethernet/freescale/fec.c:410:2: error: 'FEC_HASH_TABLE_HIGH' undeclared (first use in this function)
drivers/net/ethernet/freescale/fec.c:411:2: error: 'FEC_HASH_TABLE_LOW' undeclared (first use in this function)
This is because fec.h uses CONFIG_SOC_IMX28 to determine the register
layout of the core which makes sense since the MX23 does not have a fec.
However, Kconfig uses the broader ARCH_MXS symbol and this way even
makes the fec-driver default for MX23. Adapt Kconfig to use the more
precise SOC_IMX28 as well.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Cc: Fabio Estevam <fabio.estevam@freescale.com> Cc: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: David S. Miller <davem@davemloft.net> Acked-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 2 Jan 2012 05:47:57 +0000 (05:47 +0000)]
sch_qfq: fix overflow in qfq_update_start()
grp->slot_shift is between 22 and 41, so using 32bit wide variables is
probably a typo.
This could explain QFQ hangs Dave reported to me, after 2^23 packets ?
(23 = 64 - 41)
Reported-by: Dave Taht <dave.taht@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Dave Taht <dave.taht@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Pekka Enberg [Tue, 3 Jan 2012 17:49:49 +0000 (19:49 +0200)]
kvm tools, 9p: Fix memory leak in virtio_9p_attach()
This patch fixes the following valgrind reported memory leak:
==7684== 20 bytes in 8 blocks are definitely lost in loss record 3 of 46
==7684== at 0x4A0649D: malloc (vg_replace_malloc.c:236)
==7684== by 0x4116B5: virtio_p9_pdu_readf (9p-pdu.c:110)
==7684== by 0x40FD8C: virtio_p9_attach (9p.c:354)
==7684== by 0x410E80: virtio_p9_do_io (9p.c:1154)
==7684== by 0x40DB45: thread_pool__threadfunc (threadpool.c:56)
==7684== by 0x3DE7007B30: start_thread (in /lib64/libpthread-2.14.so)
==7684== by 0x3DE68DFD2C: clone (in /lib64/libc-2.14.so)
Pekka Enberg [Tue, 3 Jan 2012 17:39:14 +0000 (19:39 +0200)]
kvm tools, 9p: Fix memory leak in virtio_p9_walk()
This patch fixes the following valgrind reported memory leak in
virtio_9p_walk():
==6689== 1,058 bytes in 134 blocks are definitely lost in loss record 39 of 47
==6689== at 0x4A0649D: malloc (vg_replace_malloc.c:236)
==6689== by 0x4116A9: virtio_p9_pdu_readf (9p-pdu.c:110)
==6689== by 0x40FB9F: virtio_p9_walk (9p.c:305)
==6689== by 0x410E73: virtio_p9_do_io (9p.c:1151)
==6689== by 0x40DB45: thread_pool__threadfunc (threadpool.c:56)
==6689== by 0x3DE7007B30: start_thread (in /lib64/libpthread-2.14.so)
==6689== by 0x3DE68DFD2C: clone (in /lib64/libc-2.14.so)
Pekka Enberg [Tue, 3 Jan 2012 17:25:28 +0000 (19:25 +0200)]
kvm tools: Free vcpu array on shutdown
This patch silences the following harmless warning to reduce valgrind noise:
==5529== 864 bytes in 3 blocks are possibly lost in loss record 39 of 48
==5529== at 0x4A04B84: calloc (vg_replace_malloc.c:467)
==5529== by 0x3DE6410D44: _dl_allocate_tls (in /lib64/ld-2.14.so)
==5529== by 0x3DE70082F5: pthread_create@@GLIBC_2.2.5 (in /lib64/libpthread-2.14.so)
==5529== by 0x405755: kvm_cmd_run (builtin-run.c:1169)
==5529== by 0x40D47D: handle_command (kvm-cmd.c:84)
==5529== by 0x3DE682139C: (below main) (in /lib64/libc-2.14.so)
Pekka Enberg [Tue, 3 Jan 2012 17:20:23 +0000 (19:20 +0200)]
kvm tools: Fix use after free during shutdown
Valgrind reports the following use after free error, when shutting down a
guest:
[penberg@tux kvm]$ valgrind ./vm run
[ snip ]
Mounting...
Starting '/bin/sh'...
sh-4.2# exit
[ snip ]
==4726== Thread 11:
==4726== Invalid read of size 8
==4726== at 0x407818: kvm__continue (kvm.c:518)
==4726== by 0x3DE683534F: ??? (in /lib64/libc-2.14.so)
==4726== by 0x3DE68D8AF6: ioctl (in /lib64/libc-2.14.so)
==4726== by 0x406C95: kvm_cpu__run (kvm-cpu.c:35)
==4726== by 0x406D95: kvm_cpu__start (kvm-cpu.c:109)
==4726== by 0x4046D5: kvm_cpu_thread (builtin-run.c:603)
==4726== by 0x3DE7007B30: start_thread (in /lib64/libpthread-2.14.so)
==4726== by 0x3DE68DFD2C: clone (in /lib64/libc-2.14.so)
==4726== Address 0x4c2e040 is 0 bytes inside a block of size 936 free'd
==4726== at 0x4A055FE: free (vg_replace_malloc.c:366)
==4726== by 0x4046E7: kvm_cpu_thread (builtin-run.c:606)
==4726== by 0x3DE7007B30: start_thread (in /lib64/libpthread-2.14.so)
==4726== by 0x3DE68DFD2C: clone (in /lib64/libc-2.14.so)
==4726==
==4726== Thread 1:
==4726== Invalid read of size 1
==4726== at 0x4057BC: kvm_cmd_run (builtin-run.c:1182)
==4726== by 0x40D46D: handle_command (kvm-cmd.c:84)
==4726== by 0x3DE682139C: (below main) (in /lib64/libc-2.14.so)
==4726== Address 0x4e36f58 is 920 bytes inside a block of size 936 free'd
==4726== at 0x4A055FE: free (vg_replace_malloc.c:366)
==4726== by 0x4046E7: kvm_cpu_thread (builtin-run.c:606)
==4726== by 0x3DE7007B30: start_thread (in /lib64/libpthread-2.14.so)
==4726== by 0x3DE68DFD2C: clone (in /lib64/libc-2.14.so)
This patch fixes the problem by moving the kvm_cpu__delete() call from
kvm_cpu_thread() to kvm_cmd_run() after we've made sure the VCPU thread is
stopped.
Lai Jiangshan [Tue, 27 Dec 2011 07:36:38 +0000 (15:36 +0800)]
kvm tools: Don't remove any file which is not created by itself
It is user's or other program's reponsibility, not the current program.
Just try best to let the user know what happen.
Also make print_guest() keep the same behavior as do_debug()
do_pause() ...etc. when it failed.
Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com> Signed-off-by: Pekka Enberg <penberg@kernel.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
netfilter: ctnetlink: fix timeout calculation
ipvs: try also real server with port 0 in backup server
skge: restore rx multicast filter on resume and after config changes
mlx4_en: nullify cq->vector field when closing completion queue
Hugh Dickins [Sat, 31 Dec 2011 19:44:01 +0000 (11:44 -0800)]
futex: Fix uninterruptible loop due to gate_area
It was found (by Sasha) that if you use a futex located in the gate
area we get stuck in an uninterruptible infinite loop, much like the
ZERO_PAGE issue.
While looking at this problem, PeterZ realized you'll get into similar
trouble when hitting any install_special_pages() mapping. And are there
still drivers setting up their own special mmaps without page->mapping,
and without special VM or pte flags to make get_user_pages fail?
In most cases, if page->mapping is NULL, we do not need to retry at all:
Linus points out that even /proc/sys/vm/drop_caches poses no problem,
because it ends up using remove_mapping(), which takes care not to
interfere when the page reference count is raised.
But there is still one case which does need a retry: if memory pressure
called shmem_writepage in between get_user_pages_fast dropping page
table lock and our acquiring page lock, then the page gets switched from
filecache to swapcache (and ->mapping set to NULL) whatever the refcount.
Fault it back in to get the page->mapping needed for key->shared.inode.
Julian Anastasov [Fri, 30 Dec 2011 05:19:02 +0000 (14:19 +0900)]
ipvs: try also real server with port 0 in backup server
We should not forget to try for real server with port 0
in the backup server when processing the sync message. We should
do it in all cases because the backup server can use different
forwarding method.
Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Zumbiehl [Fri, 30 Dec 2011 17:30:09 +0000 (17:30 +0000)]
skge: restore rx multicast filter on resume and after config changes
Restore skge hardware registers for multicast filtering to their
appropriate values after system resume and after hardware restarts
that are done when changing certain settings.
Signed-off-by: Florian Zumbiehl <florz@florz.de> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
which got bisected down to the stable version of this commit.
Reported-by: Jonathan Nieder <jrnieder@gmail.com> Reported-by: Phil Miller <mille121@illinois.edu> Reported-by: Philip Langdale <philipl@overt.org> Reported-by: Tim Gardner <tim.gardner@canonical.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Greg KH <gregkh@suse.de> Cc: stable@kernel.org # for stable kernels that applied the original Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 30 Dec 2011 20:13:03 +0000 (12:13 -0800)]
Merge git://www.linux-watchdog.org/linux-watchdog
* git://www.linux-watchdog.org/linux-watchdog:
watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing (part 2)
watchdog: hpwdt: Changes to handle NX secure bit in 32bit path
watchdog: sp805: Fix section mismatch in ID table.
watchdog: move coh901327 state holders
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
packet: fix possible dev refcnt leak when bind fail
netem: dont call vfree() under spinlock and BH disabled
netfilter: ctnetlink: fix scheduling while atomic if helper is autoloaded
netfilter: ctnetlink: fix return value of ctnetlink_get_expect()
Andreas Schwab [Wed, 28 Dec 2011 23:57:15 +0000 (15:57 -0800)]
procfs: do not confuse jiffies with cputime64_t
Commit 2a95ea6c0d129b4 ("procfs: do not overflow get_{idle,iowait}_time
for nohz") did not take into account that one some architectures jiffies
and cputime use different units.
This causes get_idle_time() to return numbers in the wrong units, making
the idle time fields in /proc/stat wrong.
Instead of converting the usec value returned by
get_cpu_{idle,iowait}_time_us to units of jiffies, use the new function
usecs_to_cputime64 to convert it to the correct unit of cputime64_t.
Signed-off-by: Andreas Schwab <schwab@linux-m68k.org> Acked-by: Michal Hocko <mhocko@suse.cz> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "Artem S. Tashkinov" <t.artem@mailcity.com> Cc: Dave Jones <davej@redhat.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hans de Goede [Thu, 29 Dec 2011 21:09:21 +0000 (19:09 -0200)]
gspca: Fix bulk mode cameras no longer working (regression fix)
The new iso bandwidth calculation code accidentally has broken support
for bulk mode cameras. This has broken the following drivers:
finepix, jeilinj, ovfx2, ov534, ov534_9, se401, sq905, sq905c, sq930x,
stv0680, vicam.
Sage Weil [Thu, 29 Dec 2011 16:05:14 +0000 (08:05 -0800)]
ceph: disable use of dcache for readdir etc.
Ceph attempts to use the dcache to satisfy negative lookups and readdir
when the entire directory contents are in cache. Disable this behavior
until lingering bugs in this code are shaken out; we'll re-enable these
hooks once things are fully stable.
Dan Williams [Thu, 29 Dec 2011 08:16:28 +0000 (09:16 +0100)]
block: fix blk_queue_end_tag()
Commit 5e081591 "block: warn if tag is greater than real_max_depth"
cleaned up blk_queue_end_tag() to warn when the tag is truly invalid
(greater than real_max_depth). However, it changed behavior in the tag <
max_depth case to not end the request. Leading to triggering of
BUG_ON(blk_queued_rq(rq)) in the request completion path:
In order to allow blk_queue_resize_tags() to shrink the tag space
blk_queue_end_tag() must always complete tags with a value less than
real_max_depth regardless of the current max_depth. The comment about
"handling the shrink case" seems to be what prompted changes in this
space, so remove it and BUG on all invalid tags (made even simpler by
Matthew's suggestion to use an unsigned compare).
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Cc: Tao Ma <boyu.mt@taobao.com> Cc: Matthew Wilcox <matthew@wil.cx> Reported-by: Meelis Roos <mroos@ut.ee> Reported-by: Ed Nadolski <edmund.nadolski@intel.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Denis Kuzmenko [Wed, 28 Dec 2011 05:04:51 +0000 (14:04 +0900)]
ARM: SAMSUNG: Fix build error when selecting CPU_FREQ_S3C24XX_DEBUGFS on S3C2440
Following is happened when CONFIG_CPU_FREQ_S3C24XX_DEBUGFS
is selected without building of s3c2410-iotiming.c file:
arch/arm/mach-s3c2440/built-in.o:(.data+0x38c): undefined reference to `s3c2410_iotiming_debugfs
Basically, the CONFIG_S3C2410_IOTIMING is not selected for
MACH_MINI2440. Because the s3c2410-iotiming.c is not ever
compiled and enabling CONFIG_CPU_FREQ_S3C24XX_DEBUGFS option
caused undefined reference to s3c2410_iotiming_debugfs()
defined in that file. The s3c2410_iotiming_debugfs defined
as NULL for this case.
Wim Van Sebroeck [Mon, 26 Dec 2011 14:23:51 +0000 (15:23 +0100)]
watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing (part 2)
Redhat Bugzilla: Bug 727875 - TCO_EN bit is disabled by TCO driver
The previous patch breaks reset watchdog behaviour on the older hardware.
It is therefor better to make sure that the behaviour for older hardware (<=ICH5 or
6300ESB) is preserved and that the behaviour for newer hardware is changed.
We therefor use the iTCO_version to see if we need the clearing of the SMI_TCO_EN
bit in the SMI_EN register.
So the new behaviour becomes:
turn_SMI_watchdog_clear_off=0 -> Do not turn off SMI clearing watchdog.
turn_SMI_watchdog_clear_off=1 -> Turn off SMI clearing watchdog when iTCO_version=1
(ICHO till ICH5 + 6300ESB only)
turn_SMI_watchdog_clear_off=2 -> Turn off SMI clearing watchdog.
Keith Packard [Tue, 27 Dec 2011 01:02:11 +0000 (17:02 -0800)]
drm/i915: Disable RC6 on Sandybridge by default
RC6 fails again.
> I found my system freeze mostly during starting up X and KDE. Sometimes it
> works for some minutes, sometimes it freezes immediatly. When the freeze
> happens, everything is dead (even the reset button does not work, I need to
> power cycle).
> I disabled RC6, and my system runs wonderfully.
> The system is a Z68 Pro board with Sandybridge i5-2500K processor, 8
> GB of RAM and UEFI firmware.
Reported-by: Kai Krakow <hurikhan77@gmail.com> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Keith Packard [Tue, 27 Dec 2011 01:02:10 +0000 (17:02 -0800)]
drm/i915: Disable semaphores by default on SNB
Semaphores still cause problems on some machines:
> From Udo Steinberg:
>
> With Linux-3.2-rc6 I'm frequently seeing GPU hangs when large amounts of
> text scroll in an xterm, such as when extracting a tar archive. Such as this
> one (note the timestamps):
>
> I can reproduce it fairly easily with something
> as simple as:
>
> while true; do dmesg; done
This patch turns them off on SNB while leaving them on for IVB.
Reported-by: Udo Steinberg <udo@hypervisor.org> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: Eugeni Dodonov <eugeni@dodonov.net> Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 26 Dec 2011 21:17:00 +0000 (13:17 -0800)]
Merge branch 'kvm-updates/3.2' of git://git.kernel.org/pub/scm/virt/kvm/kvm
* 'kvm-updates/3.2' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: PPC: e500: include linux/export.h
KVM: PPC: fix kvmppc_start_thread() for CONFIG_SMP=N
KVM: PPC: protect use of kvmppc_h_pr
KVM: PPC: move compute_tlbie_rb to book3s_64 common header
KVM: Don't automatically expose the TSC deadline timer in cpuid
KVM: Device assignment permission checks
KVM: Remove ability to assign a device without iommu support
KVM: x86: Prevent starting PIT timers in the absence of irqchip support
projects / karo-tx-linux.git / log