Al Viro [Tue, 22 Feb 2011 20:50:10 +0000 (15:50 -0500)]
untangle the "need_reval_dot" mess
instead of ad-hackery around need_reval_dot(), do the following:
set a flag (LOOKUP_JUMPED) in the beginning of path, on absolute
symlink traversal, on ".." and on procfs-style symlinks. Clear on
normal components, leave unchanged on ".". Non-nested callers of
link_path_walk() call handle_reval_path(), which checks that flag
is set and that fs does want the final revalidate thing, then does
->d_revalidate(). In link_path_walk() all the return_reval stuff
is gone.
Al Viro [Tue, 22 Feb 2011 19:02:58 +0000 (14:02 -0500)]
merge path_init and path_init_rcu
Actual dependency on whether we want RCU or not is in 3 small areas
(as it ought to be) and everything around those is the same in both
versions. Since each function has only one caller and those callers
are on two sides of if (flags & LOOKUP_RCU), it's easier and cleaner
to merge them and pull the checks inside.
Al Viro [Tue, 22 Feb 2011 04:38:09 +0000 (23:38 -0500)]
sanitize path_walk() mess
New helper: path_lookupat(). Basically, what do_path_lookup() boils to
modulo -ECHILD/-ESTALE handler. path_walk* family is gone; vfs_path_lookup()
is using link_path_walk() directly, do_path_lookup() and do_filp_open()
are using path_lookupat().
Al Viro [Sun, 13 Mar 2011 06:50:58 +0000 (01:50 -0500)]
compat breakage in preadv() and pwritev()
Fix for a dumb preadv()/pwritev() compat bug - unlike the native
variants, compat_... ones forget to check FMODE_P{READ,WRITE}, so e.g.
on pipe the native preadv() will fail with -ESPIPE and compat one will
act as readv() and succeed. Not critical, but it's a clear bug with trivial
fix.
Doe, YiCheng [Thu, 10 Mar 2011 20:00:21 +0000 (14:00 -0600)]
ipmi: Fix IPMI errors due to timing problems
This patch fixes an issue in OpenIPMI module where sometimes an ABORT command
is sent after sending an IPMI request to BMC causing the IPMI request to fail.
Signed-off-by: YiCheng Doe <yicheng.doe@hp.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Acked-by: Tom Mingarelli <thomas.mingarelli@hp.com> Tested-by: Andy Cress <andy.cress@us.kontron.com> Tested-by: Mika Lansirine <Mika.Lansirinne@stonesoft.com> Tested-by: Brian De Wolf <bldewolf@csupomona.edu> Cc: Jean Michel Audet <Jean-Michel.Audet@ca.Kontron.com> Cc: Jozef Sudelsky <jozef.sudolsky@elbiahosting.sk> Acked-by: Matthew Garrett <mjg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 10 Mar 2011 21:16:01 +0000 (13:16 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
fs/dcache: allow d_obtain_alias() to return unhashed dentries
Check for immutable/append flag in fallocate path
sysctl: the include of rcupdate.h is only needed in the kernel
fat: fix d_revalidate oopsen on NFS exports
jfs: fix d_revalidate oopsen on NFS exports
ocfs2: fix d_revalidate oopsen on NFS exports
gfs2: fix d_revalidate oopsen on NFS exports
fuse: fix d_revalidate oopsen on NFS exports
ceph: fix d_revalidate oopsen on NFS exports
reiserfs xattr ->d_revalidate() shouldn't care about RCU
/proc/self is never going to be invalidated...
Linus Torvalds [Thu, 10 Mar 2011 21:09:26 +0000 (13:09 -0800)]
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86, UV: Initialize the broadcast assist unit base destination node id properly
x86, numa: Fix numa_emulation code with memory-less node0
x86, build: Make sure mkpiggy fails on read error
Linus Torvalds [Thu, 10 Mar 2011 21:08:59 +0000 (13:08 -0800)]
Merge branch 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
sched: Fix sched rt group scheduling when hierachy is enabled
Linus Torvalds [Thu, 10 Mar 2011 21:07:38 +0000 (13:07 -0800)]
Merge branch 'perf/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'perf/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf symbols: Avoid resolving [kernel.kallsyms] to real path for buildid cache
perf symbols: Fix vmlinux path when not using --symfs
drm/i915: Do not handle backlight combination mode specially
since this commit introduced other regressions due to untouched LBPC
register, e.g. the backlight dimmed after resume.
In addition to the revert, this patch includes a fix for the original
issue (weird backlight levels) by removing the wrong bit shift for
computing the current backlight level.
Also, including typo fixes (lpbc -> lbpc).
the df's will show that the inode is not freed on the filesystem until
the last step, when it could have been freed after killing the client's
tail -f. On-disk data won't be deallocated either, leading to possible
spurious ENOSPC.
This occurs because when the client does the close, it arrives in a
compound with a putfh and a close, processed like:
- putfh: look up the filehandle. The only alias found for the
inode will be DCACHE_UNHASHED alias referenced by the filp
this, so it creates a new DCACHE_DISCONECTED dentry and
returns that instead.
- close: closes the existing filp, which is destroyed
immediately by dput() since it's DCACHE_UNHASHED.
- end of the compound: release the reference
to the current filehandle, and dput() the new
DCACHE_DISCONECTED dentry, which gets put on the
unused list instead of being destroyed immediately.
Nick Piggin suggested fixing this by allowing d_obtain_alias to return
the unhashed dentry that is referenced by the filp, instead of making it
create a new dentry.
Leave __d_find_alias() alone to avoid changing behavior of other
callers.
Also nfsd doesn't need all the checks of __d_find_alias(); any dentry,
hashed or unhashed, disconnected or not, should work.
Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Marco Stornelli [Sat, 5 Mar 2011 10:10:19 +0000 (11:10 +0100)]
Check for immutable/append flag in fallocate path
In the fallocate path the kernel doesn't check for the immutable/append
flag. It's possible to have a race condition in this scenario: an
application open a file in read/write and it does something, meanwhile
root set the immutable flag on the file, the application at that point
can call fallocate with success. In addition, we don't allow to do any
unreserve operation on an append only file but only the reserve one.
Signed-off-by: Marco Stornelli <marco.stornelli@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Linus Torvalds [Thu, 10 Mar 2011 00:46:06 +0000 (16:46 -0800)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/pseries: Disable VPNH feature
powerpc/iseries: Fix early init access to lppaca
Vasiliy Kulikov [Tue, 1 Mar 2011 21:33:13 +0000 (00:33 +0300)]
net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules
Since a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c any process with
CAP_NET_ADMIN may load any module from /lib/modules/. This doesn't mean
that CAP_NET_ADMIN is a superset of CAP_SYS_MODULE as modules are
limited to /lib/modules/**. However, CAP_NET_ADMIN capability shouldn't
allow anybody load any module not related to networking.
This patch restricts an ability of autoloading modules to netdev modules
with explicit aliases. This fixes CVE-2011-1019.
Arnd Bergmann suggested to leave untouched the old pre-v2.6.32 behavior
of loading netdev modules by name (without any prefix) for processes
with CAP_SYS_MODULE to maintain the compatibility with network scripts
that use autoloading netdev modules by aliases like "eth0", "wlan0".
Currently there are only three users of the feature in the upstream
kernel: ipip, ip_gre and sit.
root@albatros:~# capsh --drop=$(seq -s, 0 11),$(seq -s, 13 34) --
root@albatros:~# grep Cap /proc/$$/status
CapInh: 0000000000000000
CapPrm: fffffff800001000
CapEff: fffffff800001000
CapBnd: fffffff800001000
root@albatros:~# modprobe xfs
FATAL: Error inserting xfs
(/lib/modules/2.6.38-rc6-00001-g2bf4ca3/kernel/fs/xfs/xfs.ko): Operation not permitted
root@albatros:~# lsmod | grep xfs
root@albatros:~# ifconfig xfs
xfs: error fetching interface information: Device not found
root@albatros:~# lsmod | grep xfs
root@albatros:~# lsmod | grep sit
root@albatros:~# ifconfig sit
sit: error fetching interface information: Device not found
root@albatros:~# lsmod | grep sit
root@albatros:~# ifconfig sit0
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
root@albatros:~# lsmod | grep sit
sit 10457 0
tunnel4 2957 1 sit
For CAP_SYS_MODULE module loading is still relaxed:
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Acked-by: David S. Miller <davem@davemloft.net> Acked-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
The problem is that iSeries very early boot code, which generates
the device-tree and runs before our normal early initializations
does need access the lppaca's very early, before the PACA array is
initialized, and in fact even before the boot PACA has been
initialized (it contains all 0's at this stage).
However, the first patch above makes that code use the new
llpaca_of(cpu) accessor, which itself is changed by the second patch to
use the PACA array.
We fix that by reverting iSeries to directly dereferencing the array. In
addition, we fix all iterators in the iSeries code to always skip CPU
whose number is above 63 which is the maximum size of that array and
the maximum number of supported CPUs on these machines.
Additionally, we make sure the boot_paca is properly initialized
in our early startup code.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Linus Torvalds [Wed, 9 Mar 2011 22:52:09 +0000 (14:52 -0800)]
Merge branch 'for-2.6.38' of git://linux-nfs.org/~bfields/linux
* 'for-2.6.38' of git://linux-nfs.org/~bfields/linux:
nfsd: wrong index used in inner loop
nfsd4: fix bad pointer on failure to find delegation
NFSD: fix decode_cb_sequence4resok
Linus Torvalds [Wed, 9 Mar 2011 22:03:59 +0000 (14:03 -0800)]
Merge branch 'for-2639-rc7/i2c-fixes' of git://git.fluff.org/bjdooks/linux
* 'for-2639-rc7/i2c-fixes' of git://git.fluff.org/bjdooks/linux:
i2c-eg20t: include slab.h for memory allocations
i2c-ocores: Fix pointer type mismatch error
i2c-omap: Program I2C_WE on OMAP4 to enable i2c wakeup
Linus Torvalds [Wed, 9 Mar 2011 21:55:51 +0000 (13:55 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
nd->inode is not set on the second attempt in path_walk()
unfuck proc_sysctl ->d_compare()
minimal fix for do_filp_open() race
Naga Chumbalkar [Wed, 9 Mar 2011 14:02:49 +0000 (14:02 +0000)]
[CPUFREQ] pcc-cpufreq: don't load driver if get_freq fails during init.
Return 0 on failure. This will cause the initialization of the driver
to fail and prevent the driver from loading if the BIOS cannot handle
the PCC interface command to "get frequency". Otherwise, the driver
will load and display a very high value like "4294967274" (which is
actually -EINVAL) for frequency:
Lin Ming [Thu, 3 Mar 2011 15:23:57 +0000 (23:23 +0800)]
perf symbols: Avoid resolving [kernel.kallsyms] to real path for buildid cache
kallsyms has a virtual file name [kernel.kallsyms]. Currently, it can't
be added to buildid cache successfully because the code
(build_id_cache__add_s) tries to resolve [kernel.kallsyms] to a real
absolute pathname and that fails.
Fixes it by not resolving it and just use the name [kernel.kallsyms].
So dir ~/.debug/[kernel.kallsyms] is created.
Original bug report at:
https://lkml.org/lkml/2011/3/1/524
Tested-by: Han Pingtian <phan@redhat.com> Cc: Han Pingtian <phan@redhat.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <1299165837-27817-1-git-send-email-ming.m.lin@intel.com> Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cliff Wickman [Wed, 9 Mar 2011 14:15:57 +0000 (08:15 -0600)]
x86, UV: Initialize the broadcast assist unit base destination node id properly
The BAU's initialization of the broadcast description header is
lacking the coherence domain (high bits) in the nasid. This
causes a catastrophic system failure when running on a system
with multiple coherence domains.
Wolfram Sang [Wed, 23 Feb 2011 10:11:35 +0000 (11:11 +0100)]
i2c-eg20t: include slab.h for memory allocations
Fixes (with v2.6.38-rc3/parisc/parisc-allmodconfig):
src/drivers/i2c/busses/i2c-eg20t.c:720: error: implicit declaration of function 'kzalloc'
src/drivers/i2c/busses/i2c-eg20t.c:790: error: implicit declaration of function 'kfree'
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Cc: Tomoya MORINAGA <tomoya-linux@dsn.okisemi.com> Cc: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Grant Likely [Mon, 28 Feb 2011 20:52:32 +0000 (13:52 -0700)]
i2c-ocores: Fix pointer type mismatch error
ocores_i2c_of_probe needs to use a const __be32 type for handing
device tree property values. This patch fixed the following build
warning:
CC drivers/i2c/busses/i2c-ocores.o
drivers/i2c/busses/i2c-ocores.c: In function 'ocores_i2c_of_probe':
drivers/i2c/busses/i2c-ocores.c:254: warning: assignment discards qualifiers from pointer target type
drivers/i2c/busses/i2c-ocores.c:261: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Grant Likely <grant.likely@secretlab.ca> Cc: Peter Korsgaard <jacmet@sunsite.dk> Cc: Ben Dooks <ben-linux@fluff.org> Cc: linux-i2c@vger.kernel.org Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Ohad Ben-Cohen [Tue, 8 Mar 2011 21:32:02 +0000 (23:32 +0200)]
mmc: fix CONFIG_MMC_UNSAFE_RESUME regression
30201e7f3 ("mmc: skip detection of nonremovable cards on rescan")
allowed skipping detection of nonremovable cards on mmc_rescan().
The intention was to only skip detection of hardwired cards that
cannot be removed, so make sure this is indeed the case by directly
checking for (lack of) MMC_CAP_NONREMOVABLE, instead of using
mmc_card_is_removable(), which is overloaded with
CONFIG_MMC_UNSAFE_RESUME semantics.
The user-visible symptom of the bug this patch fixes is that no
"mmc: card XXXX removed" message appears in dmesg when a card is
removed and CONFIG_MMC_UNSAFE_RESUME=y.
Al Viro [Tue, 8 Mar 2011 06:25:28 +0000 (01:25 -0500)]
unfuck proc_sysctl ->d_compare()
a) struct inode is not going to be freed under ->d_compare();
however, the thing PROC_I(inode)->sysctl points to just might.
Fortunately, it's enough to make freeing that sucker delayed,
provided that we don't step on its ->unregistering, clear
the pointer to it in PROC_I(inode) before dropping the reference
and check if it's NULL in ->d_compare().
b) I'm not sure that we *can* walk into NULL inode here (we recheck
dentry->seq between verifying that it's still hashed / fetching
dentry->d_inode and passing it to ->d_compare() and there's no
negative hashed dentries in /proc/sys/*), but if we can walk into
that, we really should not have ->d_compare() return 0 on it!
Said that, I really suspect that this check can be simply killed.
Nick?
Linus Torvalds [Tue, 8 Mar 2011 04:46:39 +0000 (20:46 -0800)]
Merge branch 's5p-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung
* 's5p-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: S3C64XX: Update regulator names for debugfs compatiblity on SMDK6410
ARM: S3C64XX: Fix build with WM1190 disabled and WM1192 enabled on SMDK6410
ARM: S3C64XX: Reduce output of s3c64xx_dma_init1()
ARM: S3C64XX: Tone down SDHCI debugging
ARM: S3C64XX: Add clock for i2c1
ARM: S3C64XX: Staticise non-exported GPIO to interrupt functions
ARM: SAMSUNG: Include devs.h in dev-uart.c to prototype devices
ARM: S3C64XX: Fix keypad setup to configure correct number of rows
ARM: S3C2440: Fix usage gpio bank j pin definitions on GTA02
ARM: S5P64X0: Fix number of GPIO lines in Bank F
ARM: S3C2440: Select missing S3C_DEV_USB_HOST on GTA02
Linus Torvalds [Tue, 8 Mar 2011 04:43:55 +0000 (20:43 -0800)]
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: index i shadowed in 2nd loop
drm/nv50-nvc0: prevent multiple vm/bar flushes occuring simultanenously
drm/nouveau: fix regression causing ttm to not be able to evict vram
drm/i915: Rebind the buffer if its alignment constraints changes with tiling
drm/i915: Disable GPU semaphores by default
drm/i915: Do not overflow the MMADDR write FIFO
Revert "drm/i915: fix corruptions on i8xx due to relaxed fencing"
Dmitry Shmidt [Thu, 3 Mar 2011 22:40:10 +0000 (17:40 -0500)]
mmc: sdio: Allow sdio operations in other threads during sdio_add_func()
This fixes a bug introduced by 807e8e40673d ("mmc: Fix sd/sdio/mmc
initialization frequency retries") that prevented SDIO drivers from
performing SDIO commands in their probe routines -- the above patch
called mmc_claim_host() before sdio_add_func(), which causes a deadlock
if an external SDIO driver calls sdio_claim_host().
Fix tested on an OLPC XO-1.75 with libertas on SDIO.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> Reviewed-and-Tested-by: Chris Ball <cjb@laptop.org> Signed-off-by: Chris Ball <cjb@laptop.org>
Dave Airlie [Mon, 7 Mar 2011 21:18:35 +0000 (07:18 +1000)]
Merge remote branch 'ickle/drm-intel-fixes' into drm-fixes
* ickle/drm-intel-fixes:
drm/i915: Rebind the buffer if its alignment constraints changes with tiling
drm/i915: Disable GPU semaphores by default
drm/i915: Do not overflow the MMADDR write FIFO
Revert "drm/i915: fix corruptions on i8xx due to relaxed fencing"
Linus Torvalds [Mon, 7 Mar 2011 21:14:19 +0000 (13:14 -0800)]
Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] tape: deadlock on system work queue
[S390] keyboard: integer underflow bug
[S390] xpram: remove __initdata attribute from module parameters
The per-vm mutex doesn't prevent this completely, a flush coming from the
BAR VM could potentially happen at the same time as one for the channel
VM. Not to mention that if/when we get per-client/channel VM, this will
happen far more frequently.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
J. Bruce Fields [Mon, 7 Mar 2011 00:11:03 +0000 (19:11 -0500)]
nfsd4: fix bad pointer on failure to find delegation
In case of a nonempty list, the return on error here is obviously bogus;
it ends up being a pointer to the list head instead of to any valid
delegation on the list.
In particular, if nfsd4_delegreturn() hits this case, and you're quite unlucky,
then renew_client may oops, and it may take an embarassingly long time to
figure out why. Facepalm.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
IP: [<ffffffff81292965>] nfsd4_delegreturn+0x125/0x200
...
Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Chris Wilson [Mon, 7 Mar 2011 10:42:03 +0000 (10:42 +0000)]
drm/i915: Rebind the buffer if its alignment constraints changes with tiling
Early gen3 and gen2 chipset do not have the relaxed per-surface tiling
constraints of the later chipsets, so we need to check that the GTT
alignment is correct for the new tiling. If it is not, we need to
rebind.
Reported-by: Daniel Vetter <daniel.vetter@ffwll.ch> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Chris Wilson [Fri, 4 Mar 2011 18:48:03 +0000 (18:48 +0000)]
drm/i915: Disable GPU semaphores by default
Andi Kleen narrowed his GPU hangs on his Sugar Bay (SNB desktop) rev 09
down to the use of GPU semaphores, and we already know that they appear
broken up to Huron River (mobile) rev 08. (I'm optimistic that disabling
GPU semaphores is simply hiding another bug by the latency and
side-effects of the additional device interaction it introduces...)
However, use of semaphores is a massive performance improvement... Only
as long as the system remains stable. Enable at your peril.
Reported-by: Andi Kleen <andi-fd@firstfloor.org>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=33921 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Linus Torvalds [Sun, 6 Mar 2011 18:44:49 +0000 (10:44 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: hda - Don't set to D3 in Cirrus errata init verbs
ALSA: hda - add new Fermi 5xx codec IDs to snd-hda
ASoC: WM8994: Ensure late enable events are processed for the ADCs
ASoC: WM8994: Don't disable the AIF[1|2]CLK_ENA unconditionaly
ASoC: Fix WM9081 platform data initialisation
ALSA: hda - Fix unable to record issue on ASUS N82JV
ALSA: HDA: Realtek: Fixup jack detection to input subsystem
Amit Shah [Fri, 4 Mar 2011 03:34:33 +0000 (14:04 +1030)]
virtio: console: Don't access vqs if device was unplugged
If a virtio-console device gets unplugged while a port is open, a
subsequent close() call on the port accesses vqs to free up buffers.
This can lead to a crash.
The buffers are already freed up as a result of the call to
unplug_ports() from virtcons_remove(). The fix is to simply not access
vq information if port->portdev is NULL.
Reported-by: juzhang <juzhang@redhat.com> CC: stable@kernel.org Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chris Wilson [Fri, 4 Mar 2011 19:22:40 +0000 (19:22 +0000)]
drm/i915: Do not overflow the MMADDR write FIFO
Whilst the GT is powered down (rc6), writes to MMADDR are placed in a
FIFO by the System Agent. This is a limited resource, only 64 entries, of
which 20 are reserved for Display and PCH writes, and so we must take
care not to queue up too many writes. To avoid this, there is counter
which we can poll to ensure there are sufficient free entries in the
fifo.
"Issuing a write to a full FIFO is not supported; at worst it could
result in corruption or a system hang."
Reported-and-Tested-by: Matt Turner <mattst88@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=34056 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
As it turns out, userspace already depends upon being able to enable
tiling on existing bo which it promises to be large enough for its
purposes i.e. it will not access beyond the end of the last full-tile
row.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=35016 Reported-and-tested-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Linus Torvalds [Sat, 5 Mar 2011 18:43:22 +0000 (10:43 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: no .snap inside of snapped namespace
libceph: fix msgr standby handling
libceph: fix msgr keepalive flag
libceph: fix msgr backoff
libceph: retry after authorization failure
libceph: fix handling of short returns from get_user_pages
ceph: do not clear I_COMPLETE from d_release
ceph: do not set I_COMPLETE
Revert "ceph: keep reference to parent inode on ceph_dentry"
Andi Kleen [Sat, 5 Mar 2011 01:36:32 +0000 (17:36 -0800)]
mm: use correct numa policy node for transparent hugepages
Pass down the correct node for a transparent hugepage allocation. Most
callers continue to use the current node, however the hugepaged daemon
now uses the previous node of the first to be collapsed page instead.
This ensures that khugepaged does not mess up local memory for an
existing process which uses local policy.
The choice of node is somewhat primitive currently: it just uses the
node of the first page in the pmd range. An alternative would be to
look at multiple pages and use the most popular node. I used the
simplest variant for now which should work well enough for the case of
all pages being on the same node.
Axel Lin [Sat, 5 Mar 2011 01:36:27 +0000 (17:36 -0800)]
drivers/video/backlight/ltv350qv.c: fix a memory leak
Signed-off-by: Axel Lin <axel.lin@gmail.com> Cc: Haavard Skinnemoen <hskinnemoen@atmel.com> Cc: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kyungmin Park [Sat, 5 Mar 2011 01:36:26 +0000 (17:36 -0800)]
MAINTAINERS: add maintainer of Samsung Mobile Machine support
Add maintainer of Samsung Mobile machine support. Currently, Aquila,
Goni, Universal (C210), and Nuri board are supported.
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Cc: Joe Perches <joe@perches.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Thomas Gleixner [Sat, 5 Mar 2011 01:36:23 +0000 (17:36 -0800)]
pps: make pps_gen_parport depend on BROKEN
This driver causes hard lockups, when the active clock soure is jiffies.
The reason is that it loops with interrupts disabled waiting for a
timestamp to be reached by polling getnstimeofday(). Though with a
jiffies clocksource, when that code runs on the same CPU which is
responsible for updating jiffies, then we loop in circles for ever
simply because the timer interrupt cannot update jiffies. So both UP
and SMP can be affected.
There is no easy fix for that problem so make it depend on BROKEN for
now.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Alexander Gordeev <lasaine@lvk.cs.msu.su> Cc: Rodolfo Giometti <giometti@linux.it> Cc: john stultz <johnstul@us.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Sat, 5 Mar 2011 01:36:22 +0000 (17:36 -0800)]
drivers/misc/bmp085.c: add MODULE_DEVICE_TABLE
The device table is required to load modules based on modaliases.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Cc: Shubhrajyoti D <shubhrajyoti@ti.com> Cc: Christoph Mair <christoph.mair@gmail.com> Cc: Jonathan Cameron <jic23@cam.ac.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Sat, 5 Mar 2011 01:36:19 +0000 (17:36 -0800)]
drivers/rtc/rtc-s3c.c: fix prototype for s3c_rtc_setaie()
Fix s3c_rtc_setaie() prototype to eliminate the following compile
warning:
drivers/rtc/rtc-s3c.c:383: warning: initialization from incompatible pointer type
(akpm: the rtc_class_ops.alarm_irq_enable() handler is being passed two
arguments where it expects just one, presumably with undesired effects)
Signed-off-by: Axel Lin <axel.lin@gmail.com> Cc: Alessandro Zummo <a.zummo@towertech.it> Cc: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 5 Mar 2011 01:31:43 +0000 (17:31 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vapier/blackfin
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vapier/blackfin:
Blackfin: iflush: update anomaly 05000491 workaround
Blackfin: outs[lwb]: make sure count is greater than 0
Linus Torvalds [Sat, 5 Mar 2011 01:31:01 +0000 (17:31 -0800)]
Merge branch 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6
* 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
sh: Change __nosave_XXX symbols to long
sh: Flush executable pages in copy_user_highpage
sh: Ensure ST40-300 BogoMIPS value is consistent
sh: sh7750: Fix incompatible pointer type
sh: sh7750: move machtypes.h to include/generated
It occurs because an skb with a fraglist was freed from the tcp
retransmit queue when it was acked, but a page on that fraglist had
PG_Slab set (indicating it was allocated from the Slab allocator (which
means the free path above can't safely free it via put_page.
We tracked this back to an nfsv4 setacl operation, in which the nfs code
attempted to fill convert the passed in buffer to an array of pages in
__nfs4_proc_set_acl, which gets used by the skb->frags list in
xs_sendpages. __nfs4_proc_set_acl just converts each page in the buffer
to a page struct via virt_to_page, but the vfs allocates the buffer via
kmalloc, meaning the PG_slab bit is set. We can't create a buffer with
kmalloc and free it later in the tcp ack path with put_page, so we need
to either:
1) ensure that when we create the list of pages, no page struct has
PG_Slab set
or
2) not use a page list to send this data
Given that these buffers can be multiple pages and arbitrarily sized, I
think (1) is the right way to go. I've written the below patch to
allocate a page from the buddy allocator directly and copy the data over
to it. This ensures that we have a put_page free-able page for every
entry that winds up on an skb frag list, so it can be safely freed when
the frame is acked. We do a put page on each entry after the
rpc_call_sync call so as to drop our own reference count to the page,
leaving only the ref count taken by tcp_sendpages. This way the data
will be properly freed when the ack comes in
Successfully tested by myself to solve the above oops.
Note, as this is the result of a setacl operation that exceeded a page
of data, I think this amounts to a local DOS triggerable by an
uprivlidged user, so I'm CCing security on this as well.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> CC: Trond Myklebust <Trond.Myklebust@netapp.com> CC: security@kernel.org CC: Jeff Layton <jlayton@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sage Weil [Fri, 4 Mar 2011 20:25:05 +0000 (12:25 -0800)]
libceph: fix msgr standby handling
The standby logic used to be pretty dependent on the work requeueing
behavior that changed when we switched to WQ_NON_REENTRANT. It was also
very fragile.
Restructure things so that:
- We clear WRITE_PENDING when we set STANDBY. This ensures we will
requeue work when we wake up later.
- con_work backs off if STANDBY is set. There is nothing to do if we are
in standby.
- clear_standby() helper is called by both con_send() and con_keepalive(),
the two actions that can wake us up again. Move the connect_seq++
logic here.
Sage Weil [Fri, 4 Mar 2011 20:24:28 +0000 (12:24 -0800)]
libceph: fix msgr backoff
With commit f363e45f we replaced a bunch of hacky workqueue mutual
exclusion logic with the WQ_NON_REENTRANT flag. One pieces of fallout is
that the exponential backoff breaks in certain cases:
* con_work attempts to connect.
* we get an immediate failure, and the socket state change handler queues
immediate work.
* con_work calls con_fault, we decide to back off, but can't queue delayed
work.
In this case, we add a BACKOFF bit to make con_work reschedule delayed work
next time it runs (which should be immediately).
Al Viro [Fri, 4 Mar 2011 18:14:21 +0000 (13:14 -0500)]
minimal fix for do_filp_open() race
failure exits on the no-O_CREAT side of do_filp_open() merge with
those of O_CREAT one; unfortunately, if do_path_lookup() returns
-ESTALE, we'll get out_filp:, notice that we are about to return
-ESTALE without having trying to create the sucker with LOOKUP_REVAL
and jump right into the O_CREAT side of code. And proceed to try
and create a file. Usually that'll fail with -ESTALE again, but
we can race and get that attempt of pathname resolution to succeed.
open() without O_CREAT really shouldn't end up creating files, races
or not. The real fix is to rearchitect the whole do_filp_open(),
but for now splitting the failure exits will do.
Linus Torvalds [Fri, 4 Mar 2011 17:23:30 +0000 (09:23 -0800)]
Mark ptrace_{traceme,attach,detach} static
They are only used inside kernel/ptrace.c, and have been for a long
time. We don't want to go back to the bad-old-days when architectures
did things on their own, so make them static and private.
Balbir Singh [Thu, 3 Mar 2011 11:34:35 +0000 (17:04 +0530)]
sched: Fix sched rt group scheduling when hierachy is enabled
The current sched rt code is broken when it comes to hierarchical
scheduling, this patch fixes two problems
1. It adds redundant enqueuing (harmless) when it finds a queue
has tasks enqueued, but it has no run time and it is not
throttled.
2. The most important change is in sched_rt_rq_enqueue/dequeue.
The code just picks the rt_rq belonging to the current cpu
on which the period timer runs, the patch fixes it, so that
the correct rt_se is enqueued/dequeued.
Tested with a simple hierarchy
/c/d, c and d assigned similar runtimes of 50,000 and a while
1 loop runs within "d". Both c and d get throttled, without
the patch, the task just stops running and never runs (depends
on where the sched_rt b/w timer runs). With the patch, the
task is throttled and runs as expected.
[ bharata, suggestions on how to pick the rt_se belong to the
rt_rq and correct cpu ]
Mark Brown [Thu, 3 Mar 2011 23:24:15 +0000 (08:24 +0900)]
ARM: S3C64XX: Update regulator names for debugfs compatiblity on SMDK6410
The debugfs support added to the regulator API (which has been merged
in during this merge window) creates directories for regulators named
after the display names for the regulators so replace / as a separator
for multiple supplies with + in the SMDK6410 machine.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
projects / linux-beck.git / log