summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-04-11x86/mm/cpa: Convert noop to functional fixAndrea Arcangeli
Commit: a8aed3e0752b ("x86/mm/pageattr: Prevent PSE and GLOABL leftovers to confuse pmd/pte_present and pmd_huge") introduced a valid fix but one location that didn't trigger the bug that lead to finding those (small) problems, wasn't updated using the right variable. The wrong variable was also initialized for no good reason, that may have been the source of the confusion. Remove the noop initialization accordingly. Commit a8aed3e0752b also erroneously removed one canon_pgprot pass meant to clear pmd bitflags not supported in hardware by older CPUs, that automatically gets corrected by this patch too by applying it to the right variable in the new location. Reported-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Acked-by: Borislav Petkov <bp@alien8.de> Cc: Andy Whitcroft <apw@canonical.com> Cc: Mel Gorman <mgorman@suse.de> Link: http://lkml.kernel.org/r/1365600505-19314-1-git-send-email-aarcange@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-04-10Merge tag 'char-misc-3.9-rc6' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc fix from Greg Kroah-Hartman: "Here is a single Kconfig dependancy build fix for 3.9. It's been in linux-next for a while, and fixes a problem that has been reported multiple times." * tag 'char-misc-3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: misc/vmw_vmci: Add dependency on CONFIG_NET
2013-04-10Merge tag 'tty-3.9-rc6' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg Kroah-Hartman: "Here are 4 small tty/serial fixes for 3.9. One fixes a bug where we broke the documentation build, and the others fix reported problems in some serial drivers. All have been in linux-next for a while" * tag 'tty-3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: mxser: fix cycle termination condition in mxser_probe() and mxser_module_init() Revert "tty/8250_pnp: serial port detection regression since v3.7" OMAP/serial: Revert bad fix of Rx FIFO threshold granularity tty: Documentation: fix a path in a DocBook template
2013-04-10Merge tag 'stable/for-linus-3.9-rc6-tag' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen Pull Xen fixes from Konrad Rzeszutek Wilk: "Two bug-fixes: - Early bootup issue found on DL380 machines - Fix for the timer interrupt not being processed right awaym leading to quite delayed time skew on certain workloads" * tag 'stable/for-linus-3.9-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen/mmu: On early bootup, flush the TLB when changing RO->RW bits Xen provided pagetables. xen/events: Handle VIRQ_TIMER before any other hardirq in event loop.
2013-04-10Merge tag 'trace-fixes-3.9-rc-v2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "Namhyung Kim fixed a long standing bug that can cause a kernel panic. If the function profiler fails to allocate memory for everything, it will do a double free on the same pointer which can cause a panic" * tag 'trace-fixes-3.9-rc-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Fix double free when function profile init failed
2013-04-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking fixes from David Miller: 1) cfg80211_conn_scan() must be called with the sched_scan_mutex, fix from Artem Savkov. 2) Fix regression in TCP ICMPv6 processing, we do not want to treat redirects as socket errors, from Christoph Paasch. 3) Fix several recvmsg() msg_name kernel memory leaks into userspace, in ATM, AX25, Bluetooth, CAIF, IRDA, s390 IUCV, L2TP, LLC, Netrom, NFC, Rose, TIPC, and VSOCK. From Mathias Krause and Wei Yongjun. 4) Fix AF_IUCV handling of segmented SKBs in recvmsg(), from Ursula Braun and Eric Dumazet. 5) CAN gw.c code does kfree() on SLAB cache memory, use kmem_cache_free() instead. Fix from Wei Yongjun. 6) Fix LSM regression on TCP SYN/ACKs, some LSMs such as SELINUX want an skb->sk socket context available for these packets, but nothing else requires it. From Eric Dumazet and Paul Moore. 7) Fix ipv4 address lifetime processing so that we don't perform sleepable acts inside of rcu_read_lock() sections, do them in an rtnl_lock() section instead. From Jiri Pirko. 8) mvneta driver accidently sets HW features after device registry, it should do so beforehand. Fix from Willy Tarreau. 9) Fix bonding unload races more correctly, from Nikolay Aleksandrov and Veaceslav Falico. 10) rtnl_dump_ifinfo() and rtnl_calcit() invoke nlmsg_parse() with wrong header size argument. Fix from Michael Riesch. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits) lsm: add the missing documentation for the security_skb_owned_by() hook bnx2x: Prevent null pointer dereference in AFEX mode e100: Add dma mapping error check selinux: add a skb_owned_by() hook can: gw: use kmem_cache_free() instead of kfree() netrom: fix invalid use of sizeof in nr_recvmsg() qeth: fix qeth_wait_for_threads() deadlock for OSN devices af_iucv: fix recvmsg by replacing skb_pull() function rtnetlink: Call nlmsg_parse() with correct header length bonding: fix bonding_masters race condition in bond unloading Revert "bonding: remove sysfs before removing devices" net: mvneta: enable features before registering the driver hyperv: Fix RNDIS send_completion code path hyperv: Fix a kernel warning from netvsc_linkstatus_callback() net: ipv4: fix schedule while atomic bug in check_lifetime() net: ipv4: reset check_lifetime_work after changing lifetime bnx2x: Fix KR2 rapid link flap sctp: remove 'sridhar' from maintainers list VSOCK: Fix missing msg_namelen update in vsock_stream_recvmsg() VSOCK: vmci - fix possible info leak in vmci_transport_dgram_dequeue() ...
2013-04-10Merge tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreamingLinus Torvalds
Pull C6X fix from Mark Salter. Final (?) fix from the barrier discussion. * tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming: add memory barrier to arch_local_irq_restore
2013-04-10cifs: Allow passwords which begin with a delimitorSachin Prabhu
Fixes a regression in cifs_parse_mount_options where a password which begins with a delimitor is parsed incorrectly as being a blank password. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Steve French <sfrench@us.ibm.com>
2013-04-10lsm: add the missing documentation for the security_skb_owned_by() hookPaul Moore
Unfortunately we didn't catch the missing comments earlier when the patch was merged. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-10bnx2x: Prevent null pointer dereference in AFEX modeYuval Mintz
The cnic module is responsible for initializing various bnx2x structs via callbacks provided by the bnx2x module. One such struct is the queue object for the FCoE queue. If a device is working in AFEX mode and its configuration allows FCoE yet the cnic module is not loaded, it's very likely a null pointer dereference will occur, as the bnx2x will erroneously access the FCoE's queue object. Prevent said access until cnic properly registers itself. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-10e100: Add dma mapping error checkNeil Horman
e100 uses pci_map_single, but fails to check for a dma mapping error after its use, resulting in a stack trace: [ 46.656594] ------------[ cut here ]------------ [ 46.657004] WARNING: at lib/dma-debug.c:933 check_unmap+0x47b/0x950() [ 46.657004] Hardware name: To Be Filled By O.E.M. [ 46.657004] e100 0000:00:0e.0: DMA-API: device driver failed to check map error[device address=0x000000007a4540fa] [size=90 bytes] [mapped as single] [ 46.657004] Modules linked in: [ 46.657004] w83627hf hwmon_vid snd_via82xx ppdev snd_ac97_codec ac97_bus snd_seq snd_pcm snd_mpu401 snd_mpu401_uart ns558 snd_rawmidi gameport parport_pc e100 snd_seq_device parport snd_page_alloc snd_timer snd soundcore skge shpchp k8temp mii edac_core i2c_viapro edac_mce_amd nfsd auth_rpcgss nfs_acl lockd sunrpc binfmt_misc uinput ata_generic pata_acpi radeon i2c_algo_bit drm_kms_helper ttm firewire_ohci drm firewire_core pata_via sata_via i2c_core sata_promise crc_itu_t [ 46.657004] Pid: 792, comm: ip Not tainted 3.8.0-0.rc6.git0.1.fc19.x86_64 #1 [ 46.657004] Call Trace: [ 46.657004] <IRQ> [<ffffffff81065ed0>] warn_slowpath_common+0x70/0xa0 [ 46.657004] [<ffffffff81065f4c>] warn_slowpath_fmt+0x4c/0x50 [ 46.657004] [<ffffffff81364cfb>] check_unmap+0x47b/0x950 [ 46.657004] [<ffffffff8136522f>] debug_dma_unmap_page+0x5f/0x70 [ 46.657004] [<ffffffffa030f0f0>] ? e100_tx_clean+0x30/0x210 [e100] [ 46.657004] [<ffffffffa030f1a8>] e100_tx_clean+0xe8/0x210 [e100] [ 46.657004] [<ffffffffa030fc6f>] e100_poll+0x56f/0x6c0 [e100] [ 46.657004] [<ffffffff8159dce1>] ? net_rx_action+0xa1/0x370 [ 46.657004] [<ffffffff8159ddb2>] net_rx_action+0x172/0x370 [ 46.657004] [<ffffffff810703bf>] __do_softirq+0xef/0x3d0 [ 46.657004] [<ffffffff816e4ebc>] call_softirq+0x1c/0x30 [ 46.657004] [<ffffffff8101c485>] do_softirq+0x85/0xc0 [ 46.657004] [<ffffffff81070885>] irq_exit+0xd5/0xe0 [ 46.657004] [<ffffffff816e5756>] do_IRQ+0x56/0xc0 [ 46.657004] [<ffffffff816dacb2>] common_interrupt+0x72/0x72 [ 46.657004] <EOI> [<ffffffff816da1eb>] ? _raw_spin_unlock_irqrestore+0x3b/0x70 [ 46.657004] [<ffffffff816d124d>] __slab_free+0x58/0x38b [ 46.657004] [<ffffffff81214424>] ? fsnotify_clear_marks_by_inode+0x34/0x120 [ 46.657004] [<ffffffff811b0417>] ? kmem_cache_free+0x97/0x320 [ 46.657004] [<ffffffff8157fc14>] ? sock_destroy_inode+0x34/0x40 [ 46.657004] [<ffffffff8157fc14>] ? sock_destroy_inode+0x34/0x40 [ 46.657004] [<ffffffff811b0692>] kmem_cache_free+0x312/0x320 [ 46.657004] [<ffffffff8157fc14>] sock_destroy_inode+0x34/0x40 [ 46.657004] [<ffffffff811e8c28>] destroy_inode+0x38/0x60 [ 46.657004] [<ffffffff811e8d5e>] evict+0x10e/0x1a0 [ 46.657004] [<ffffffff811e9605>] iput+0xf5/0x180 [ 46.657004] [<ffffffff811e4338>] dput+0x248/0x310 [ 46.657004] [<ffffffff811ce0e1>] __fput+0x171/0x240 [ 46.657004] [<ffffffff811ce26e>] ____fput+0xe/0x10 [ 46.657004] [<ffffffff8108d54c>] task_work_run+0xac/0xe0 [ 46.657004] [<ffffffff8106c6ed>] do_exit+0x26d/0xc30 [ 46.657004] [<ffffffff8109eccc>] ? finish_task_switch+0x7c/0x120 [ 46.657004] [<ffffffff816dad58>] ? retint_swapgs+0x13/0x1b [ 46.657004] [<ffffffff8106d139>] do_group_exit+0x49/0xc0 [ 46.657004] [<ffffffff8106d1c4>] sys_exit_group+0x14/0x20 [ 46.657004] [<ffffffff816e3b19>] system_call_fastpath+0x16/0x1b [ 46.657004] ---[ end trace 4468c44e2156e7d1 ]--- [ 46.657004] Mapped at: [ 46.657004] [<ffffffff813663d1>] debug_dma_map_page+0x91/0x140 [ 46.657004] [<ffffffffa030e8eb>] e100_xmit_prepare+0x12b/0x1c0 [e100] [ 46.657004] [<ffffffffa030c924>] e100_exec_cb+0x84/0x140 [e100] [ 46.657004] [<ffffffffa030e56a>] e100_xmit_frame+0x3a/0x190 [e100] [ 46.657004] [<ffffffff8159ee89>] dev_hard_start_xmit+0x259/0x6c0 Easy fix, modify the cb paramter to e100_exec_cb to return an error, and do the dma_mapping_error check in the obvious place This was reported previously here: http://article.gmane.org/gmane.linux.network/257893 But nobody stepped up and fixed it. CC: Josh Boyer <jwboyer@redhat.com> CC: e1000-devel@lists.sourceforge.net Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Reported-by: Michal Jaegermann <michal@harddata.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-10x86, mm: Patch out arch_flush_lazy_mmu_mode() when running on bare metalBoris Ostrovsky
Invoking arch_flush_lazy_mmu_mode() results in calls to preempt_enable()/disable() which may have performance impact. Since lazy MMU is not used on bare metal we can patch away arch_flush_lazy_mmu_mode() so that it is never called in such environment. [ hpa: the previous patch "Fix vmalloc_fault oops during lazy MMU updates" may cause a minor performance regression on bare metal. This patch resolves that performance regression. It is somewhat unclear to me if this is a good -stable candidate. ] Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Link: http://lkml.kernel.org/r/1364045796-10720-2-git-send-email-konrad.wilk@oracle.com Tested-by: Josh Boyer <jwboyer@redhat.com> Tested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Borislav Petkov <bp@suse.de> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Cc: <stable@vger.kernel.org> SEE NOTE ABOVE
2013-04-10x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updatesSamu Kallio
In paravirtualized x86_64 kernels, vmalloc_fault may cause an oops when lazy MMU updates are enabled, because set_pgd effects are being deferred. One instance of this problem is during process mm cleanup with memory cgroups enabled. The chain of events is as follows: - zap_pte_range enables lazy MMU updates - zap_pte_range eventually calls mem_cgroup_charge_statistics, which accesses the vmalloc'd mem_cgroup per-cpu stat area - vmalloc_fault is triggered which tries to sync the corresponding PGD entry with set_pgd, but the update is deferred - vmalloc_fault oopses due to a mismatch in the PUD entries The OOPs usually looks as so: ------------[ cut here ]------------ kernel BUG at arch/x86/mm/fault.c:396! invalid opcode: 0000 [#1] SMP .. snip .. CPU 1 Pid: 10866, comm: httpd Not tainted 3.6.10-4.fc18.x86_64 #1 RIP: e030:[<ffffffff816271bf>] [<ffffffff816271bf>] vmalloc_fault+0x11f/0x208 .. snip .. Call Trace: [<ffffffff81627759>] do_page_fault+0x399/0x4b0 [<ffffffff81004f4c>] ? xen_mc_extend_args+0xec/0x110 [<ffffffff81624065>] page_fault+0x25/0x30 [<ffffffff81184d03>] ? mem_cgroup_charge_statistics.isra.13+0x13/0x50 [<ffffffff81186f78>] __mem_cgroup_uncharge_common+0xd8/0x350 [<ffffffff8118aac7>] mem_cgroup_uncharge_page+0x57/0x60 [<ffffffff8115fbc0>] page_remove_rmap+0xe0/0x150 [<ffffffff8115311a>] ? vm_normal_page+0x1a/0x80 [<ffffffff81153e61>] unmap_single_vma+0x531/0x870 [<ffffffff81154962>] unmap_vmas+0x52/0xa0 [<ffffffff81007442>] ? pte_mfn_to_pfn+0x72/0x100 [<ffffffff8115c8f8>] exit_mmap+0x98/0x170 [<ffffffff810050d9>] ? __raw_callee_save_xen_pmd_val+0x11/0x1e [<ffffffff81059ce3>] mmput+0x83/0xf0 [<ffffffff810624c4>] exit_mm+0x104/0x130 [<ffffffff8106264a>] do_exit+0x15a/0x8c0 [<ffffffff810630ff>] do_group_exit+0x3f/0xa0 [<ffffffff81063177>] sys_exit_group+0x17/0x20 [<ffffffff8162bae9>] system_call_fastpath+0x16/0x1b Calling arch_flush_lazy_mmu_mode immediately after set_pgd makes the changes visible to the consistency checks. Cc: <stable@vger.kernel.org> RedHat-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=914737 Tested-by: Josh Boyer <jwboyer@redhat.com> Reported-and-Tested-by: Krishna Raman <kraman@redhat.com> Signed-off-by: Samu Kallio <samu.kallio@aberdeencloud.com> Link: http://lkml.kernel.org/r/1364045796-10720-1-git-send-email-konrad.wilk@oracle.com Tested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2013-04-10Merge tag 'nfs-for-3.9-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds
Pull another nfs fixlet from Trond Myklebust: "I suddenly noticed that a one-line issue that I _thought_ I had fixed with the nfs41_walk_client_list patch was apparently still there in the pull request I sent earlier today. I'm very sorry for not catching that in time. - Fix a brain fart in nfs41_walk_client_list" * tag 'nfs-for-3.9-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4: Doh! Typo in the fix to nfs41_walk_client_list
2013-04-10arm: mvebu: Fix the irq map function in SMP modeGregory CLEMENT
This patch fix the regression introduced by the commit 3202bf0157ccb "arm: mvebu: Improve the SMP support of the interrupt controller": GPIO IRQ were no longer delivered to the CPUs. To be delivered to a CPU an interrupt must be enabled at CPU level and at interrupt source level. Before the offending patch, all the interrupts were enabled at source level during map() function. Mask() and unmask() was done by handling the per-CPU part. It was fine when running in UP with only one CPU. The offending patch added support for SMP, in this case mask() and unmask() was done by handling the interrupt source level part. The per-CPU level part was handled by the affinity API to select the CPU which will receive the interrupt. (Due to some hardware limitation only one CPU at a time can received a given interrupt). For "normal" interrupt __setup_irq() was called when an irq was registered. irq_set_affinity() is called from this function, which enabled the interrupt on one of the CPUs. Whereas for GPIO IRQ which were chained interrupts, the irq_set_affinity() was never called and none of the CPUs was selected to receive the interrupt. With this patch all the interrupt are enable on the current CPU during map() function. Enabling the interrupts on a CPU doesn't depend anymore on irq_set_affinity() and then the chained irq are not anymore a special case. However the CPU which will receive the irq can still be modify later using irq_set_affinity(). Tested with Mirabox (A370) and Openblocks AX3 (AXP), rootfs mounted over NFS, compiled with CONFIG_SMP=y/N. Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com> Reported-by: Ryan Press <ryan@presslab.us> Investigated-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com> Tested-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com> Tested-by: Ryan Press <ryan@presslab.us> Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2013-04-10NFSv4: Doh! Typo in the fix to nfs41_walk_client_listTrond Myklebust
Make sure that we set the status to 0 on success. Missed in testing because it never appears when doing multiple mounts to _different_ servers. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: <stable@vger.kernel.org> # 3.7.x: 7b1f1fd: NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list
2013-04-10Fix GE0/GE1 init on ix2-200 as GE0 has no PHYNigel Roberts
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2013-04-10Merge tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds
Pull NFS client bugfixes from Trond Myklebust: - fix for memory corruption issues in nfs4[01]_walk_client_list (stable) - fix for an Oopsable bug in rpc_clone_client (stable) - another state manager deadlock in the NFSv4 open code - memory leaks in nfs4_discover_server_trunking and rpc_new_client * tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4: Fix another potential state manager deadlock SUNRPC: Fix a potential memory leak in rpc_new_client NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list NFSv4: Fix a memory leak in nfs4_discover_server_trunking SUNRPC: Remove extra xprt_put()
2013-04-10dmaengine: omap-dma: Start DMA without delay for cyclic channelsPeter Ujfalusi
cyclic DMA is only used by audio which needs DMA to be started without a delay. If the DMA for audio is started using the tasklet we experience random channel switch (to be more precise: channel shift). Reported-by: Peter Meerwald <pmeerw@pmeerw.net> CC: stable@vger.kernel.org # v3.7+ Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com> Acked-by: Santosh Shilimkar <santosh.shilimkar@ti.com> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2013-04-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds
Pull crypto fixes from Herbert Xu: "This fixes a GCM bug that breaks IPsec and a compile problem in ux500." * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: ux500 - add missing comma crypto: gcm - fix assumption that assoc has one segment
2013-04-09Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linuxLinus Torvalds
Pull drm fixes from Dave Airlie: "Just a spare semicolon in nouveau that caused some issues, and an mgag200 fix" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/mgag200: Index 24 in extended CRTC registers is 24 in hex, not decimal. drm/nouveau: fix unconditional return waiting on memory
2013-04-10drm/mgag200: Index 24 in extended CRTC registers is 24 in hex, not decimal.Christopher Harvey
This change properly enables the "requester" in G200ER cards that is responsible for getting pixels out of memory and clocking them out to the screen. Signed-off-by: Christopher Harvey <charvey@matrox.com> Cc: stable@vger.kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>
2013-04-09tracing: Fix double free when function profile init failedNamhyung Kim
On the failure path, stat->start and stat->pages will refer same page. So it'll attempt to free the same page again and get kernel panic. Link: http://lkml.kernel.org/r/1364820385-32027-1-git-send-email-namhyung@kernel.org Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Namhyung Kim <namhyung.kim@lge.com> Cc: stable@vger.kernel.org Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-04-09add memory barrier to arch_local_irq_restoreMark Salter
arch_local_irq_save() and friends are required to act as compiler memory barriers. This patch adds a "memory" clobber to the inline asm code in arch_local_irq_restore() which is used as the building block for other functions needing to set/clear the interrupt enable in the CSR register. Signed-off-by: Mark Salter <msalter@redhat.com>
2013-04-09Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro: "A nasty bug in fs/namespace.c caught by Andrey + a couple of less serious unpleasantness - ecryptfs misc device playing hopeless games with try_module_get() and palinfo procfs support being... not quite correctly done, to be polite." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: mnt: release locks on error path in do_loopback palinfo fixes procfs: add proc_remove_subtree() ecryptfs: close rmmod race
2013-04-09Merge tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfioLinus Torvalds
Pull vfio overflow fix from Alex Williamson. * tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfio: vfio-pci: Fix possible integer overflow
2013-04-09Merge tag 'for-linus-20130409' of git://git.kernel.dk/linux-blockLinus Torvalds
Pull block fixes from Jens Axboe: "I've got a few smaller fixes queued up for 3.9 that should go in. The major one is the loop regression, the others are nice fixes on their own though. It contains: - Fix for unitialized var in the block sysfs code, courtesy of Arnd and gcc-4.8. - Two fixes for mtip32xx, fixing probe and command timeout. Also a debug measure that could have waited for 3.10, but it's driver only, so I let it slip in. - Revert the loop partition cleanup fix, it could cause a deadlock on auto-teardown as part of umount. The fix is clear, but at this point we just want to revert it and get a real fix in for 3.10." * tag 'for-linus-20130409' of git://git.kernel.dk/linux-block: Revert "loop: cleanup partitions when detaching loop device" mtip32xx: fix two smatch warnings mtip32xx: Add debugfs entry device_status mtip32xx: return 0 from pci probe in case of rebuild mtip32xx: recovery from command timeout block: avoid using uninitialized value in from queue_var_store
2013-04-09mnt: release locks on error path in do_loopbackAndrey Vagin
do_loopback calls lock_mount(path) and forget to unlock_mount if clone_mnt or copy_mnt fails. [ 77.661566] ================================================ [ 77.662939] [ BUG: lock held when returning to user space! ] [ 77.664104] 3.9.0-rc5+ #17 Not tainted [ 77.664982] ------------------------------------------------ [ 77.666488] mount/514 is leaving the kernel with locks still held! [ 77.668027] 2 locks held by mount/514: [ 77.668817] #0: (&sb->s_type->i_mutex_key#7){+.+.+.}, at: [<ffffffff811cca22>] lock_mount+0x32/0xe0 [ 77.671755] #1: (&namespace_sem){+++++.}, at: [<ffffffff811cca3a>] lock_mount+0x4a/0xe0 Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-04-09palinfo fixesAl Viro
* check for proc_mkdir() failures * fix buffer overrun - sizeof(format string) is *not* enough to hold sprintf() result. * use proc_remove_subtree(); life's much easier with it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-04-09procfs: add proc_remove_subtree()Al Viro
just what it sounds like; do that only to procfs subtrees you've created - doing that to something shared with another driver is not only antisocial, but might cause interesting races with proc_create() and its ilk. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-04-09ecryptfs: close rmmod raceAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-04-09spinlocks and preemption points need to be at least compiler barriersLinus Torvalds
In UP and non-preempt respectively, the spinlocks and preemption disable/enable points are stubbed out entirely, because there is no regular code that can ever hit the kind of concurrency they are meant to protect against. However, while there is no regular code that can cause scheduling, we _do_ end up having some exceptional (literally!) code that can do so, and that we need to make sure does not ever get moved into the critical region by the compiler. In particular, get_user() and put_user() is generally implemented as inline asm statements (even if the inline asm may then make a call instruction to call out-of-line), and can obviously cause a page fault and IO as a result. If that inline asm has been scheduled into the middle of a preemption-safe (or spinlock-protected) code region, we obviously lose. Now, admittedly this is *very* unlikely to actually ever happen, and we've not seen examples of actual bugs related to this. But partly exactly because it's so hard to trigger and the resulting bug is so subtle, we should be extra careful to get this right. So make sure that even when preemption is disabled, and we don't have to generate any actual *code* to explicitly tell the system that we are in a preemption-disabled region, we need to at least tell the compiler not to move things around the critical region. This patch grew out of the same discussion that caused commits 79e5f05edcbf ("ARC: Add implicit compiler barrier to raw_local_irq* functions") and 3e2e0d2c222b ("tile: comment assumption about __insn_mtspr for <asm/irqflags.h>") to come about. Note for stable: use discretion when/if applying this. As mentioned, this bug may never have actually bitten anybody, and gcc may never have done the required code motion for it to possibly ever trigger in practice. Cc: stable@vger.kernel.org Cc: Steven Rostedt <srostedt@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-09Merge branch 'fixes-for-3.9' of git://gitorious.org/linux-can/linux-canDavid S. Miller
Marc Kleine-Budde says: ==================== here's a fix for the v3.9 release cycle, if not too late: Wei Yongjun contributes a patch for the can-gw protocoll. The patch fixes the memory allocated with kmem_cache_alloc(), is now freed using kmem_cache_free(), not kfree(). ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-09selinux: add a skb_owned_by() hookEric Dumazet
Commit 90ba9b1986b5ac (tcp: tcp_make_synack() can use alloc_skb()) broke certain SELinux/NetLabel configurations by no longer correctly assigning the sock to the outgoing SYNACK packet. Cost of atomic operations on the LISTEN socket is quite big, and we would like it to happen only if really needed. This patch introduces a new security_ops->skb_owned_by() method, that is a void operation unless selinux is active. Reported-by: Miroslav Vadkerti <mvadkert@redhat.com> Diagnosed-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-security-module@vger.kernel.org Acked-by: James Morris <james.l.morris@oracle.com> Tested-by: Paul Moore <pmoore@redhat.com> Acked-by: Paul Moore <pmoore@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-09NFSv4: Fix another potential state manager deadlockTrond Myklebust
Don't hold the NFSv4 sequence id while we check for open permission. The call to ACCESS may block due to reboot recovery. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-04-09tile: comment assumption about __insn_mtspr for <asm/irqflags.h>Chris Metcalf
The arch_local_irq_save(), etc., routines are required to function as compiler barriers. They do, but it's subtle and requires knowing that the gcc builtin __insn_mtspr() is marked as a memory clobber. Provide a comment explaining the assumption. Signed-off-by: Chris Metcalf <cmetcalf@tilera.com> [ This came about from me wondering about the synchronization rules of __insn_mtspr() - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-09regmap: Back out work buffer fixMark Brown
This reverts commit bc8ce4 (regmap: don't corrupt work buffer in _regmap_raw_write()) since it turns out that it can cause issues when taken in isolation from the other changes in -next that lead to its discovery. On the basis that nobody noticed the problems for quite some time without that subsequent work let's drop it from v3.9. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2013-04-09ASoC: wm5102: Correct lookup of arizona struct in SYSCLK eventMark Brown
Reported-by: Ryo Tsutsui <Ryo.Tsutsui@wolfsonmicro.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: stable@vger.kernel.org
2013-04-09ASoC: wm8903: Fix the bypass to HP/LINEOUT when no DAC or ADC is runningAlban Bedel
The Charge Pump needs the DSP clock to work properly, without it the bypass to HP/LINEOUT is not working properly. This requirement is not mentioned in the datasheet but has been confirmed by Mark Brown from Wolfson. Signed-off-by: Alban Bedel <alban.bedel@avionic-design.de> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: stable@vger.kernel.org
2013-04-09Merge tag 'samsung-fixes-for-v3.9' of ↵Arnd Bergmann
git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes From Kukjin Kim <kgene.kim@samsung.com>: samsung fixes can support s3c24xx for v3.9 * tag 'samsung-fixes-for-v3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung: ARM: S3C24XX: Fix interrupt pending register offset of the EINT controller ARM: S3C24XX: Correct NR_IRQS definition for s3c2440 Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2013-04-10ARM: S3C24XX: Fix interrupt pending register offset of the EINT controllerSylwester Nawrocki
The external pending interrupt register address (EINTPEND) offset is 0xa8, not 0x08. Without this patch the external interrupts are not properly acknowledged, which may lead to an interrupt storm and the system hang as soon as any external interrupt is requested. Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com> Reviewed-by: Heiko Stuebner <heiko@sntech.de> Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
2013-04-09ARM: S3C24XX: Correct NR_IRQS definition for s3c2440Sylwester Nawrocki
Due to NR_IRQS being incorrectly defined not all IRQ domains can be registered for S3C2440. It causes following errors on a s3c2440 SoC based board: NR_IRQS:89 S3C2440: IRQ Support irq: clearing pending status 00000002 ------------[ cut here ]------------ WARNING: at kernel/irq/irqdomain.c:234 0xc0056ed0() ... irq: could not create irq-domain ... s3c2410-wdt s3c2410-wdt: failed to install irq (-22) s3c2410-wdt: probe of s3c2410-wdt failed with error -22 ... samsung-uart s3c2440-uart.0: cannot get irq 74 Fix this by increasing NR_IRQS to at least (IRQ_S3C2443_AC97 + 1) if CPU_S3C2440 is selected, so the subintc IRQ domain gets properly registered. Signed-off-by: Tomasz Figa <tomasz.figa@gmail.com> Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com> Acked-by: Heiko Stuebner <heiko@sntech.de> Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
2013-04-09Merge tag 'imx-fixes-3.9-5' of ↵Arnd Bergmann
git://git.linaro.org/people/shawnguo/linux-2.6 into fixes From Shawn Guo <shawn.guo@linaro.org>: The imx fixes for 3.9, take 5: * A couple imx35 clock fixes for regressions caused by common clock framework conversion. The admux and iomux get disabled by common clock framework late initcall, and hence causes problems. * Add missing twd clock lookup in device tree. This becomes required since commit bd60345 (ARM: use device tree to get smp_twd clock) forces all DT boot to find lookup from device tree. * Fix imx6q ldb_di clock parents mismatch per reference manual. * tag 'imx-fixes-3.9-5' of git://git.linaro.org/people/shawnguo/linux-2.6: (217 commits) ARM i.MX6: Fix ldb_di clock selection ARM: imx: provide twd clock lookup from device tree ARM: imx35 Bugfix admux clock ARM: clk-imx35: Bugfix iomux clock Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2013-04-09ARM i.MX6: Fix ldb_di clock selectionDirk Behme
According to the recent i.MX6 Quad technical reference manual, mode 0x4 (100b) of the CCM_CS2DCR register (address 0x020C402C) bits [11-9] and [14-12] select the PLL3 clock, and not the PLL3 PFD1 540M clock. In our code, the PLL3 root clock is named 'pll3_usb_otg', select this instead of the 540M clock. Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com> Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2013-04-09ARM: imx: provide twd clock lookup from device treeShawn Guo
While booting from device tree, imx6q used to provide twd clock lookup by calling clk_register_clkdev() in clock driver. However, the commit bd60345 (ARM: use device tree to get smp_twd clock) forces DT boot to look up the clock from device tree. It causes the failure below when twd driver tries to get the clock, and hence kernel has to calibrate the local timer frequency. smp_twd: clock not found -2 ... Calibrating local timer... 396.13MHz. Fix the regression by providing twd clock lookup from device tree, and remove the unused twd clk_register_clkdev() call from clock driver. Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2013-04-09ARM: imx35 Bugfix admux clockMarkus Pargmann
The admux clock seems to be the audmux clock as tests show. audmux does not work without this clock enabled. Currently imx35 does not register a clock device for audmux. This patch adds this registration. imx-audmux driver already handles a clock device, so no changes are necessary there. Signed-off-by: Markus Pargmann <mpa@pengutronix.de> Cc: stable@vger.kernel.org Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2013-04-09ARM: clk-imx35: Bugfix iomux clockMarkus Pargmann
This patch enables iomuxc_gate clock. It is necessary to be able to reconfigure iomux pads. Without this clock enabled, the clk_disable_unused function will disable this clock and the iomux pads are not configurable anymore. This happens at every boot. After a reboot (watchdog system reset) the clock is not enabled again, so all iomux pad reconfigurations in boot code are without effect. The iomux pads should be always configurable, so this patch always enables it. Signed-off-by: Markus Pargmann <mpa@pengutronix.de> Cc: stable@vger.kernel.org Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2013-04-09can: gw: use kmem_cache_free() instead of kfree()Wei Yongjun
Memory allocated by kmem_cache_alloc() should be freed using kmem_cache_free(), not kfree(). Cc: linux-stable <stable@vger.kernel.org> # >= v3.2 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2013-04-09m68k: define a local gpio_request_one() functionGreg Ungerer
Compiling for linux-3.9-rc1 and later fails with: drivers/gpio/devres.c: In function 'devm_gpio_request_one': drivers/gpio/devres.c:90:2: error: implicit declaration of function 'gpio_request_one' [-Werror=implicit-function-declaration] So provide a local gpio_request_one() function. Code largely borrowed from blackfin's local gpio_request_one() function. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Acked-by: Linus Walleij <linus.walleij@linaro.org>
2013-04-08netrom: fix invalid use of sizeof in nr_recvmsg()Wei Yongjun
sizeof() when applied to a pointer typed expression gives the size of the pointer, not that of the pointed data. Introduced by commit 3ce5ef(netrom: fix info leak via msg_name in nr_recvmsg) Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net>