summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2012-11-16swapfile: fix name leak in swapoffXiaotian Feng
There's a name leak introduced by commit 91a27b2a7567 ("vfs: define struct filename and have getname() return it"). Add the missing putname. [akpm@linux-foundation.org: cleanup] Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-16memcg: fix hotplugged memory zone oopsHugh Dickins
When MEMCG is configured on (even when it's disabled by boot option), when adding or removing a page to/from its lru list, the zone pointer used for stats updates is nowadays taken from the struct lruvec. (On many configurations, calculating zone from page is slower.) But we have no code to update all the lruvecs (per zone, per memcg) when a memory node is hotadded. Here's an extract from the oops which results when running numactl to bind a program to a newly onlined node: BUG: unable to handle kernel NULL pointer dereference at 0000000000000f60 IP: __mod_zone_page_state+0x9/0x60 Pid: 1219, comm: numactl Not tainted 3.6.0-rc5+ #180 Bochs Bochs Process numactl (pid: 1219, threadinfo ffff880039abc000, task ffff8800383c4ce0) Call Trace: __pagevec_lru_add_fn+0xdf/0x140 pagevec_lru_move_fn+0xb1/0x100 __pagevec_lru_add+0x1c/0x30 lru_add_drain_cpu+0xa3/0x130 lru_add_drain+0x2f/0x40 ... The natural solution might be to use a memcg callback whenever memory is hotadded; but that solution has not been scoped out, and it happens that we do have an easy location at which to update lruvec->zone. The lruvec pointer is discovered either by mem_cgroup_zone_lruvec() or by mem_cgroup_page_lruvec(), and both of those do know the right zone. So check and set lruvec->zone in those; and remove the inadequate attempt to set lruvec->zone from lruvec_init(), which is called before NODE_DATA(node) has been allocated in such cases. Ah, there was one exceptionr. For no particularly good reason, mem_cgroup_force_empty_list() has its own code for deciding lruvec. Change it to use the standard mem_cgroup_zone_lruvec() and mem_cgroup_get_lru_size() too. In fact it was already safe against such an oops (the lru lists in danger could only be empty), but we're better proofed against future changes this way. I've marked this for stable (3.6) since we introduced the problem in 3.5 (now closed to stable); but I have no idea if this is the only fix needed to get memory hotadd working with memcg in 3.6, and received no answer when I enquired twice before. Reported-by: Tang Chen <tangchen@cn.fujitsu.com> Signed-off-by: Hugh Dickins <hughd@google.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Konstantin Khlebnikov <khlebnikov@openvz.org> Cc: Wen Congyang <wency@cn.fujitsu.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-16mips, arc: fix build failureDavid Rientjes
Using a cross-compiler to fix another issue, the following build error occurred for mips defconfig: arch/mips/fw/arc/misc.c: In function 'ArcHalt': arch/mips/fw/arc/misc.c:25:2: error: implicit declaration of function 'local_irq_disable' Fix it up by including irqflags.h. Signed-off-by: David Rientjes <rientjes@google.com> Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-16memcg: oom: fix totalpages calculation for memory.swappiness==0Michal Hocko
oom_badness() takes a totalpages argument which says how many pages are available and it uses it as a base for the score calculation. The value is calculated by mem_cgroup_get_limit which considers both limit and total_swap_pages (resp. memsw portion of it). This is usually correct but since fe35004fbf9e ("mm: avoid swapping out with swappiness==0") we do not swap when swappiness is 0 which means that we cannot really use up all the totalpages pages. This in turn confuses oom score calculation if the memcg limit is much smaller than the available swap because the used memory (capped by the limit) is negligible comparing to totalpages so the resulting score is too small if adj!=0 (typically task with CAP_SYS_ADMIN or non zero oom_score_adj). A wrong process might be selected as result. The problem can be worked around by checking mem_cgroup_swappiness==0 and not considering swap at all in such a case. Signed-off-by: Michal Hocko <mhocko@suse.cz> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-16mm: fix build warning for uninitialized valueDavid Rientjes
do_wp_page() sets mmun_called if mmun_start and mmun_end were initialized and, if so, may call mmu_notifier_invalidate_range_end() with these values. This doesn't prevent gcc from emitting a build warning though: mm/memory.c: In function `do_wp_page': mm/memory.c:2530: warning: `mmun_start' may be used uninitialized in this function mm/memory.c:2531: warning: `mmun_end' may be used uninitialized in this function It's much easier to initialize the variables to impossible values and do a simple comparison to determine if they were initialized to remove the bool entirely. Signed-off-by: David Rientjes <rientjes@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-16mm: add anon_vma_lock to validate_mm()Michel Lespinasse
Iterating over the vma->anon_vma_chain without anon_vma_lock may cause NULL ptr deref in anon_vma_interval_tree_verify(), because the node in the chain might have been removed. BUG: unable to handle kernel paging request at fffffffffffffff0 IP: [<ffffffff8122c29c>] anon_vma_interval_tree_verify+0xc/0xa0 PGD 4e28067 PUD 4e29067 PMD 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC CPU 0 Pid: 9050, comm: trinity-child64 Tainted: G W 3.7.0-rc2-next-20121025-sasha-00001-g673f98e-dirty #77 RIP: 0010: anon_vma_interval_tree_verify+0xc/0xa0 Process trinity-child64 (pid: 9050, threadinfo ffff880045f80000, task ffff880048eb0000) Call Trace: validate_mm+0x58/0x1e0 vma_adjust+0x635/0x6b0 __split_vma.isra.22+0x161/0x220 split_vma+0x24/0x30 sys_madvise+0x5da/0x7b0 tracesys+0xe1/0xe6 RIP anon_vma_interval_tree_verify+0xc/0xa0 CR2: fffffffffffffff0 Figured out by Bob Liu. Reported-by: Sasha Levin <sasha.levin@oracle.com> Cc: Bob Liu <lliubbo@gmail.com> Signed-off-by: Michel Lespinasse <walken@google.com> Reviewed-by: Rik van Riel <riel@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-15Merge tag 'for-linus' of git://github.com/gxt/linuxLinus Torvalds
Pull unicore32 update from Guan Xuetao. * tag 'for-linus' of git://github.com/gxt/linux: arch/unicore32: remove CONFIG_EXPERIMENTAL unicore32: switch to generic sys_execve() unicore32: switch to generic kernel_thread()/kernel_execve() unicore32: Use Kbuild infrastructure for kvm_para.h UAPI: (Scripted) Disintegrate arch/unicore32/include/asm UniCore32-bugfix: Remove definitions in asm/bug.h to solve difference between native and cross compiler UniCore32-bugfix: fix mismatch return value of __xchg_bad_pointer UniCore32 bugfix: add missed CONFIG_ZONE_DMA unicore32/mm/fault.c: Port OOM changes to do_pf
2012-11-15Merge tag 'upstream-3.7-rc6' of git://git.infradead.org/linux-ubifsLinus Torvalds
Pull UBIFS fixes from Artem Bityutskiy: "Two patches which fix a problem reported by several people in the past, but only fixed now because no one gave enough material for debugging. Anyway, these fix the problem that sometimes after a power cut the file-system is not mountable with the following symptom: grab_empty_leb: could not find an empty LEB The fixes make the file-system mountable again." * tag 'upstream-3.7-rc6' of git://git.infradead.org/linux-ubifs: UBIFS: fix mounting problems after power cuts UBIFS: introduce categorized lprops counter
2012-11-15Merge tag 'for-v3.7-fixes' of git://git.infradead.org/users/cbou/linux-pstoreLinus Torvalds
Pull pstore fix from Anton Vorontsov: "A small fixup for the persistent storage subsystem. The bug can prevent kernel booting on a APEI-enabled machines w/ PSTORE_CONSOLE=y (this is N by default, though)." * tag 'for-v3.7-fixes' of git://git.infradead.org/users/cbou/linux-pstore: pstore: Fix NULL pointer dereference in console writes
2012-11-15Merge branch 'i2c-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging Pill i2c fixes from Jean Delvare. Well, "fixes".. The biggest patch here is actually Jan marking Wolfram Sang as the main i2c subsystem maintainer, with Jan staying on as the PC controller maintainer. * 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: i2c-mux-pinctrl: Fix probe error path MAINTAINERS: i2c: 7 years, this is it
2012-11-15Merge tag 'regulator-3.7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "A few fixes for teardown issues that will be rarely seen, plus a fix for a silly bug in regulator_is_supported_voltage() which shows how often the answer to the question should be false. The supported voltage commit is very new as I just edited to add a Cc to stable, the code itself has been in -next." * tag 'regulator-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: fix voltage check in regulator_is_supported_voltage() regulator: core: Avoid deadlock when regulator_register fails Regulator: core: Unregister when gpio request fails.
2012-11-15Merge tag 'sound-3.7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "The only large LOC is seen in WM5102 driver, just writing a bunch of register updates, but the actual code change is small. Other than that, all small fixes suitable for rc6." * tag 'sound-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: Fix mutex deadlock at disconnection ALSA: fm801: precedence bug in snd_fm801_tea575x_get_pins() ALSA: es1968: precedence bug in snd_es1968_tea575x_get_pins() ALSA: hda - Add a missing quirk entry for iMac 9,1 ASoC: core: Double control update err for snd_soc_put_volsw_sx ASoC: dapm: Use card_list during DAPM shutdown ASoC: cs42l52: fix the return value of cs42l52_set_fmt() ASoC: bells: Correct type in sub speaker DAI name for WM5102 ASoC: wm8978: pll incorrectly configured when codec is master ASoC: mxs-saif: Fix channel swap for 24-bit format ASoC: bells: Select WM1250-EV1 Springbank audio I/O module ASoC: bells: Add missing select of WM0010 ASoC: mxs-saif: Add MODULE_ALIAS ASoC: wm5102: Write register value corrections after SYSCLK is enabled
2012-11-14pstore: Fix NULL pointer dereference in console writesColin Ian King
Passing a NULL id causes a NULL pointer deference in writers such as erst_writer and efi_pstore_write because they expect to update this id. Pass a dummy id instead. This avoids a cascade of oopses caused when the initial pstore_console_write passes a null which in turn causes writes to the console causing further oopses in subsequent pstore_console_write calls. Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Anton Vorontsov <anton.vorontsov@linaro.org>
2012-11-15Merge remote-tracking branches 'regulator/fix/gpio', 'regulator/fix/put' and ↵Mark Brown
'regulator/fix/supp-volt' into tmp
2012-11-15regulator: fix voltage check in regulator_is_supported_voltage()Marek Szyprowski
regulator_is_supported_voltage() should return true only if the voltage of fixed/constant regulator is between min_uV and max_uV. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: stable@vger.kernel.org
2012-11-14Merge branch 'release' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux Pull power tools fixes from Len Brown: "A pair of power tools patches -- a 3.7 regression fix plus a bug fix." * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: tools/power turbostat: graceful fail on garbage input tools/power turbostat: Repair Segmentation fault when using -i option
2012-11-14Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds
Pull MIPS update from Ralf Baechle: "To avoid unnecessary risk and work the preemption fixes are combined with some preparatory work that isn't strictly required. So it's really just 3 fixes: - Get is_compat_task() to do the right thing while simplifying it. The unnecessary complexity hid a rarely striking bug which could be triggered by ext3/ext4 under certain circumstances. - Resolve a preemption issue in the irqflags.h functions for kernels built to support pre-MIPS32 / pre-MIPS64 Release 2 processors. - Fix the interrupt number of the MIPS Malta's CBUS UART." * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Malta: Fix interupt number of CBUS UART. MIPS: Make irqflags.h functions preempt-safe for non-mipsr2 cpus MIPS: Remove irqflags.h dependency from bitops.h MIPS: bitops.h: Change use of 'unsigned short' to 'int' MIPS: compat: Delete now unused TIF_32BIT. MIPS: compat: Implement is_compat_task() by testing for 32-bit address space. MIPS: compat: Fix use of TIF_32BIT_ADDR vs _TIF_32BIT_ADDR
2012-11-14Merge branch 'for-3.7-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup fixes from Tejun Heo: "This contains two fix patches for device_cgroup. One fixes a regression introduced earlier in 3.7 cycle where device_cgroup could try to dereference the NULL parent of the root cgroup. The other one is RCU usage fix." * 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: device_cgroup: fix RCU usage device_cgroup: fix unchecked cgroup parent usage
2012-11-14ALSA: usb-audio: Fix mutex deadlock at disconnectionTakashi Iwai
The recent change for USB-audio disconnection race fixes introduced a mutex deadlock again. There is a circular dependency between chip->shutdown_rwsem and pcm->open_mutex, depicted like below, when a device is opened during the disconnection operation: A. snd_usb_audio_disconnect() -> card.c::register_mutex -> chip->shutdown_rwsem (write) -> snd_card_disconnect() -> pcm.c::register_mutex -> pcm->open_mutex B. snd_pcm_open() -> pcm->open_mutex -> snd_usb_pcm_open() -> chip->shutdown_rwsem (read) Since the chip->shutdown_rwsem protection in the case A is required only for turning on the chip->shutdown flag and it doesn't have to be taken for the whole operation, we can reduce its window in snd_usb_audio_disconnect(). Reported-by: Jiri Slaby <jslaby@suse.cz> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-11-14regulator: core: Avoid deadlock when regulator_register failsCharles Keepax
When regulator_register fails and exits through the scrub path the regulator_put function was called whilst holding the regulator_list_mutex, causing deadlock. This patch adds a private version of the regulator_put function which can be safely called whilst holding the mutex, replacing the aforementioned call. Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2012-11-14ALSA: fm801: precedence bug in snd_fm801_tea575x_get_pins()Dan Carpenter
There is a precedence bug because | has higher precedence than ?:. This code was cut and pasted and I fixed a similar bug a few days ago. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-11-13i2c-mux-pinctrl: Fix probe error pathGuenter Roeck
When allocating the memory for i2c busses, the code checked the wrong variable and thus never detected if there was a memory error. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Cc: stable@vger.kernel.org Signed-off-by: Jean Delvare <khali@linux-fr.org>
2012-11-13MAINTAINERS: i2c: 7 years, this is itJean Delvare
I have been maintaining the i2c subsystem for 7 years now, it's about time to let someone else take over. Just before I leave, I would like to thank several individuals who made this possible at all: * Greg Kroah-Hartman, for his faith in my potential subsystem maintainer skills. Greg, I hope I met your expectations. * Late David Brownell, for helping me convert the i2c subsystem to the standard device driver model. Rest in peace David, we're missing you. * Ben Dooks, for stepping in when I asked for someone to take care of the huge flow of new i2c adapter drivers for embedded systems. * Wolfram Sang, for joining the crew when it became clear that there was more review work than Ben and myself could deal with. I hope I did not forget anyone, please forgive me if I did. Another big thank is due to Wolfram again, who quickly proposed to take over as the main i2c subsystem maintainer. This will allow for a smooth and fast transition. Note that I will keep maintaining all I2C/SMBus controller drivers for PC systems as well as a few others. I am hereby updating MAINTAINERS accordingly. I'll also keep maintaining user-space i2c-tools. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Ben Dooks <ben-linux@fluff.org> Acked-by: Wolfram Sang <w.sang@pengutronix.de>
2012-11-13MIPS: Malta: Fix interupt number of CBUS UART.Ralf Baechle
The CBUS UART's interrupt number was wrong conflicting with the interrupt being tied to the Intel PIIX4. Since the PIIX4's interrupt is registered before the CBUS UART which is not being used on most systems this would not be noticed. Attempts to open the ttyS2 CBUS UART would result in: genirq: Flags mismatch irq 18. 00000000 (serial) vs. 00010000 (XT-PIC cascade) serial_link_irq_chain: request failed: -16 for irq: 18 Qemu was written to match the kernel so will need to be fixed also. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2012-11-13ALSA: es1968: precedence bug in snd_es1968_tea575x_get_pins()Dan Carpenter
I don't think this works as intended. '|' higher precedence than ?: so the bitwize OR "0 | (val & STR_MOST)" is a no-op. I have re-written it to be more clear. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-11-13Merge tag 'asoc-3.7' of ↵Takashi Iwai
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v3.7 A few small fixes plus a large but simple change for WM5102 which writes out a bunch of register updates to the device when we enable the clock as recommended following chip evaluation.
2012-11-13Merge branches 'fix/arizona', 'fix/core', 'fix/cs42l52', 'fix/mxs', ↵Mark Brown
'fix/samsung' and 'fix/wm8978' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into tmp
2012-11-12Merge git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds
Pull KVM fix from Marcelo Tosatti: "A correction for user triggerable oops" * git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461)
2012-11-12Merge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linuxLinus Torvalds
Pull ux500 clk fixes from Mike Turquette: "Missing clkdev entries are causing regressions on the U8500 platform. This pull request contains those missing clkdev entries which are needed to boot that platform." * tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux: clk: ux500: Register slimbus clock lookups for u8500 clk: ux500: Update rtc clock lookup for u8500 clk: ux500: Register msp clock lookups for u8500 clk: ux500: Register ssp clock lookups for u8500 clk: ux500: Register i2c clock lookups for u8500
2012-11-12Merge branch 'rc-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull menuconfig portability fix from Michal Marek: "Here is a fix for v3.7 that makes menuconfig compile again on systems whose C library is lacking CIRCLEQ_* macros. I thought I sent it earlier, but apparently I did not." * 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: menuconfig: Replace CIRCLEQ by list_head-style lists.
2012-11-12Merge branch 'fixes-for-3.7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds Pull LED fix from Bryan Wu. * 'fixes-for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds: ledtrig-cpu: kill useless mutex to fix sleep in atomic context
2012-11-12Merge branch 'core-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull futex fix from Thomas Gleixner: "Single fix for a long standing futex race when taking over a futex whose owner died. You can end up with two owners, which violates quite some rules." * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: futex: Handle futex_pi OWNER_DIED take over correctly
2012-11-12KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461)Petr Matousek
On hosts without the XSAVE support unprivileged local user can trigger oops similar to the one below by setting X86_CR4_OSXSAVE bit in guest cr4 register using KVM_SET_SREGS ioctl and later issuing KVM_RUN ioctl. invalid opcode: 0000 [#2] SMP Modules linked in: tun ip6table_filter ip6_tables ebtable_nat ebtables ... Pid: 24935, comm: zoog_kvm_monito Tainted: G D 3.2.0-3-686-pae EIP: 0060:[<f8b9550c>] EFLAGS: 00210246 CPU: 0 EIP is at kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm] EAX: 00000001 EBX: 000f387e ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: ef5a0060 ESP: d7c63e70 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process zoog_kvm_monito (pid: 24935, ti=d7c62000 task=ed84a0c0 task.ti=d7c62000) Stack: 00000001 f70a1200 f8b940a9 ef5a0060 00000000 00200202 f8769009 00000000 ef5a0060 000f387e eda5c020 8722f9c8 00015bae 00000000 ed84a0c0 ed84a0c0 c12bf02d 0000ae80 ef7f8740 fffffffb f359b740 ef5a0060 f8b85dc1 0000ae80 Call Trace: [<f8b940a9>] ? kvm_arch_vcpu_ioctl_set_sregs+0x2fe/0x308 [kvm] ... [<c12bfb44>] ? syscall_call+0x7/0xb Code: 89 e8 e8 14 ee ff ff ba 00 00 04 00 89 e8 e8 98 48 ff ff 85 c0 74 1e 83 7d 48 00 75 18 8b 85 08 07 00 00 31 c9 8b 95 0c 07 00 00 <0f> 01 d1 c7 45 48 01 00 00 00 c7 45 1c 01 00 00 00 0f ae f0 89 EIP: [<f8b9550c>] kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm] SS:ESP 0068:d7c63e70 QEMU first retrieves the supported features via KVM_GET_SUPPORTED_CPUID and then sets them later. So guest's X86_FEATURE_XSAVE should be masked out on hosts without X86_FEATURE_XSAVE, making kvm_set_cr4 with X86_CR4_OSXSAVE fail. Userspaces that allow specifying guest cpuid with X86_FEATURE_XSAVE even on hosts that do not support it, might be susceptible to this attack from inside the guest as well. Allow setting X86_CR4_OSXSAVE bit only if host has XSAVE support. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2012-11-12clk: ux500: Register slimbus clock lookups for u8500Ulf Hansson
At the same time the prcc bit for the kclk is corrected to bit 8 instead of 3. Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Acked-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Mike Turquette <mturquette@linaro.org>
2012-11-12clk: ux500: Update rtc clock lookup for u8500Ulf Hansson
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Acked-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Mike Turquette <mturquette@linaro.org>
2012-11-12clk: ux500: Register msp clock lookups for u8500Ulf Hansson
Cc: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Acked-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Mike Turquette <mturquette@linaro.org>
2012-11-12clk: ux500: Register ssp clock lookups for u8500Ulf Hansson
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Acked-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Mike Turquette <mturquette@linaro.org>
2012-11-12clk: ux500: Register i2c clock lookups for u8500Ulf Hansson
Cc: Ben Dooks <ben-linux@fluff.org> Cc: Wolfram Sang <w.sang@pengutronix.de> Acked-by: Linus Walleij <linus.walleij@linaro.org> Acked-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Signed-off-by: Mike Turquette <mturquette@linaro.org>
2012-11-12ALSA: hda - Add a missing quirk entry for iMac 9,1Takashi Iwai
This is another variant of iMac 9,1 with a different codec SSID. Reported-and-tested-by: Everaldo Canuto <everaldo.canuto@gmail.com> Cc: <stable@vger.kernel.org> [v3.3+] Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-11-11ledtrig-cpu: kill useless mutex to fix sleep in atomic contextNathan Lynch
Seeing the following every time the CPU enters or leaves idle on a Beagleboard: BUG: sleeping function called from invalid context at kernel/mutex.c:269 in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper/0 no locks held by swapper/0/0. [<c001659c>] (unwind_backtrace+0x0/0xf8) from [<c05aaa7c>] (mutex_lock_nested+0x24/0x380) [<c05aaa7c>] (mutex_lock_nested+0x24/0x380) from [<c043bd1c>] (ledtrig_cpu+0x38/0x88) [<c043bd1c>] (ledtrig_cpu+0x38/0x88) from [<c000f4b0>] (cpu_idle+0xf4/0x120) [<c000f4b0>] (cpu_idle+0xf4/0x120) from [<c07e47c8>] (start_kernel+0x2bc/0x30c) Miles Lane has reported seeing similar splats during system suspend. The mutex in struct led_trigger_cpu appears to have no function: it resides in a per-cpu data structure which never changes after the trigger is registered. So just remove it. Reported-by: Miles Lane <miles.lane@gmail.com> Signed-off-by: Nathan Lynch <ntl@pobox.com> Signed-off-by: Bryan Wu <roc@roc-samos.(none)>
2012-11-11Linux 3.7-rc5v3.7-rc5Linus Torvalds
2012-11-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking fixes from David Miller: "Bug fixes galore, mostly in drivers as is often the case: 1) USB gadget and cdc_eem drivers need adjustments to their frame size lengths in order to handle VLANs correctly. From Ian Coolidge. 2) TIPC and several network drivers erroneously call tasklet_disable before tasklet_kill, fix from Xiaotian Feng. 3) r8169 driver needs to apply the WOL suspend quirk to more chipsets, fix from Cyril Brulebois. 4) Fix multicast filters on RTL_GIGA_MAC_VER_35 r8169 chips, from Nathan Walp. 5) FDB netlink dumps should use RTM_NEWNEIGH as the message type, not zero. From John Fastabend. 6) Fix smsc95xx tx checksum offload on big-endian, from Steve Glendinning. 7) __inet_diag_dump() needs to repsect and report the error value returned from inet_diag_lock_handler() rather than ignore it. Otherwise if an inet diag handler is not available for a particular protocol, we essentially report success instead of giving an error indication. Fix from Cyrill Gorcunov. 8) When the QFQ packet scheduler sees TSO/GSO packets it does not handle things properly, and in fact ends up corrupting it's datastructures as well as mis-schedule packets. Fix from Paolo Valente. 9) Fix oopser in skb_loop_sk(), from Eric Leblond. 10) CXGB4 passes partially uninitialized datastructures in to FW commands, fix from Vipul Pandya. 11) When we send unsolicited ipv6 neighbour advertisements, we should send them to the link-local allnodes multicast address, as per RFC4861. Fix from Hannes Frederic Sowa. 12) There is some kind of bug in the usbnet's kevent deferral mechanism, but more immediately when it triggers an uncontrolled stream of kernel messages spam the log. Rate limit the error log message triggered when this problem occurs, as sending thousands of error messages into the kernel log doesn't help matters at all, and in fact makes further diagnosis more difficult. From Steve Glendinning. 13) Fix gianfar restore from hibernation, from Wang Dongsheng. 14) The netlink message attribute sizes are wrong in the ipv6 GRE driver, it was using the size of ipv4 addresses instead of ipv6 ones :-) Fix from Nicolas Dichtel." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: gre6: fix rtnl dump messages gianfar: ethernet vanishes after restoring from hibernation usbnet: ratelimit kevent may have been dropped warnings ipv6: send unsolicited neighbour advertisements to all-nodes net: usb: cdc_eem: Fix rx skb allocation for 802.1Q VLANs usb: gadget: g_ether: fix frame size check for 802.1Q cxgb4: Fix initialization of SGE_CONTROL register isdn: Make CONFIG_ISDN depend on CONFIG_NETDEVICES cxgb4: Initialize data structures before using. af-packet: fix oops when socket is not present pkt_sched: enable QFQ to support TSO/GSO net: inet_diag -- Return error code if protocol handler is missed net: bnx2x: Fix typo in bnx2x driver smsc95xx: fix tx checksum offload for big endian rtnetlink: Use nlmsg type RTM_NEWNEIGH from dflt fdb dump ptp: update adjfreq callback description r8169: allow multicast packets on sub-8168f chipset. r8169: Fix WoL on RTL8168d/8111d. drivers/net: use tasklet_kill in device remove/close process tipc: do not use tasklet_disable before tasklet_kill
2012-11-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds
Pull sparc fixes from David Miller: "Several build/bug fixes for sparc, including: 1) Configuring a mix of static vs. modular sparc64 crypto modules didn't work, remove an ill-conceived attempt to only have to build the device match table for these drivers once to fix the problem. Reported by Meelis Roos. 2) Make the montgomery multiple/square and mpmul instructions actually usable in 32-bit tasks. Essentially this involves providing 32-bit userspace with a way to use a 64-bit stack when it needs to. 3) Our sparc64 atomic backoffs don't yield cpu strands properly on Niagara chips. Use pause instruction when available to achieve this, otherwise use a benign instruction we know blocks the strand for some time. 4) Wire up kcmp 5) Fix the build of various drivers by removing the unnecessary blocking of OF_GPIO when SPARC. 6) Fix unintended regression wherein of_address_to_resource stopped being provided. Fix from Andreas Larsson. 7) Fix NULL dereference in leon_handle_ext_irq(), also from Andreas Larsson." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix build with mix of modular vs. non-modular crypto drivers. sparc: Support atomic64_dec_if_positive properly. of/address: sparc: Declare of_address_to_resource() as an extern function for sparc again sparc32, leon: Check for existent irq_map entry in leon_handle_ext_irq sparc: Add sparc support for platform_get_irq() sparc: Allow OF_GPIO on sparc. qlogicpti: Fix build warning. sparc: Wire up sys_kcmp. sparc64: Improvde documentation and readability of atomic backoff code. sparc64: Use pause instruction when available. sparc64: Fix cpu strand yielding. sparc64: Make montmul/montsqr/mpmul usable in 32-bit threads.
2012-11-10Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6Linus Torvalds
Pull cifs fixes from Jeff Layton. * 'for-linus' of git://git.samba.org/sfrench/cifs-2.6: cifs: Do not lookup hashed negative dentry in cifs_atomic_open cifs: fix potential buffer overrun in cifs.idmap handling code
2012-11-10Merge tag 'arm64-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64 Pull arm64 fixes from Catalin Marinas: - correct argument type (pgprot_t) when calling __ioremap() - PCI_IOBASE virtual address change - use architected event for CPU cycle counter - fix ELF core dumping - select CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION - missing completion for secondary CPU boot - booting on systems with all memory beyond 4GB * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64: arm64: mm: fix booting on systems with no memory below 4GB arm64: smp: add missing completion for secondary boot arm64: compat: select CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION arm64: elf: fix core dumping definitions for GP and FP registers arm64: perf: use architected event for CPU cycle counter arm64: Move PCI_IOBASE closer to MODULES_VADDR arm64: Use pgprot_t as the last argument when invoking __ioremap()
2012-11-10Merge tag 'stable/for-linus-3.7-rc5-tag' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen Pull Xen fixes from Konrad Rzeszutek Wilk: "There are three ARM compile fixes (we forgot to export certain functions and if the drivers are built as an module - we go belly-up). There is also an mismatch of irq_enter() / exit_idle() calls sequence which were fixed some time ago in other piece of codes, but failed to appear in the Xen code. Lastly a fix for to help in the field with troubleshooting in case we cannot get the appropriate parameter and also fallback code when working with very old hypervisors." Bug-fixes: - Fix compile issues on ARM. - Fix hypercall fallback code for old hypervisors. - Print out which HVM parameter failed if it fails. - Fix idle notifier call after irq_enter. * tag 'stable/for-linus-3.7-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen/arm: Fix compile errors when drivers are compiled as modules (export more). xen/arm: Fix compile errors when drivers are compiled as modules. xen/generic: Disable fallback build on ARM. xen/events: fix RCU warning, or Call idle notifier after irq_enter() xen/hvm: If we fail to fetch an HVM parameter print out which flag it is. xen/hypercall: fix hypercall fallback code for very old hypervisors
2012-11-09sparc64: Fix build with mix of modular vs. non-modular crypto drivers.David S. Miller
We tried linking in a single built object to hold the device table, but only works if all of the sparc64 crypto modules get built the same way (modular vs. non-modular). Just include the device ID stub into each driver source file so that the table gets compiled into the correct result in all cases. Reported-by: Meelis Roos <mroos@linux.ee> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-09sparc: Support atomic64_dec_if_positive properly.David S. Miller
Sparc32 already supported it, as a consequence of using the generic atomic64 implementation. And the sparc64 implementation is rather trivial. This allows us to set ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE for all of sparc, and avoid the annoying warning from lib/atomic64_test.c Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-09of/address: sparc: Declare of_address_to_resource() as an extern function ↵Andreas Larsson
for sparc again This bug-fix makes sure that of_address_to_resource is defined extern for sparc so that the sparc-specific implementation of of_address_to_resource() is once again used when including include/linux/of_address.h in a sparc context. A number of drivers in mainline relies on this function working for sparc. The bug was introduced in a850a7554442f08d3e910c6eeb4ee216868dda1e, "of/address: add empty static inlines for !CONFIG_OF". Contrary to that commit title, the static inlines are added for !CONFIG_OF_ADDRESS, and CONFIG_OF_ADDRESS is never defined for sparc. This is good behavior for the other functions in include/linux/of_address.h, as the extern functions defined in drivers/of/address.c only gets linked when OF_ADDRESS is configured. However, for of_address_to_resource there exists a sparc-specific implementation in arch/sparc/arch/sparc/kernel/of_device_common.c Solution suggested by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andreas Larsson <andreas@gaisler.com> Acked-by: Rob Herring <rob.herring@calxeda.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-09sparc32, leon: Check for existent irq_map entry in leon_handle_ext_irqAndreas Larsson
If an irq is being unlinked concurrently with leon_handle_ext_irq, irq_map[eirq] might be null in leon_handle_ext_irq. Make sure that this is not dereferenced. Signed-off-by: Andreas Larsson <andreas@gaisler.com> Acked-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: David S. Miller <davem@davemloft.net>