Mark Tinguely [Tue, 4 Dec 2012 23:18:02 +0000 (17:18 -0600)]
xfs: use b_maps[] for discontiguous buffers
Commits starting at 77c1a08 introduced a multiple segment support
to xfs_buf. xfs_trans_buf_item_match() could not find a multi-segment
buffer in the transaction because it was looking at the single segment
block number rather than the multi-segment b_maps[0].bm.bn. This
results on a recursive buffer lock that can never be satisfied.
This patch:
1) Changed the remaining b_map accesses to be b_maps[0] accesses.
2) Renames the single segment b_map structure to __b_map to avoid
future confusion.
Andrew Cooper [Wed, 16 Jan 2013 12:00:55 +0000 (12:00 +0000)]
xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
This fixes CVE-2013-0190 / XSA-40
There has been an error on the xen_failsafe_callback path for failed
iret, which causes the stack pointer to be wrong when entering the
iret_exc error path. This can result in the kernel crashing.
In the classic kernel case, the relevant code looked a little like:
popl %eax # Error code from hypervisor
jz 5f
addl $16,%esp
jmp iret_exc # Hypervisor said iret fault
5: addl $16,%esp
# Hypervisor said segment selector fault
Here, there are two identical addls on either option of a branch which
appears to have been optimised by hoisting it above the jz, and
converting it to an lea, which leaves the flags register unaffected.
In the PVOPS case, the code looks like:
popl_cfi %eax # Error from the hypervisor
lea 16(%esp),%esp # Add $16 before choosing fault path
CFI_ADJUST_CFA_OFFSET -16
jz 5f
addl $16,%esp # Incorrectly adjust %esp again
jmp iret_exc
It is possible unprivileged userspace applications to cause this
behaviour, for example by loading an LDT code selector, then changing
the code selector to be not-present. At this point, there is a race
condition where it is possible for the hypervisor to return back to
userspace from an interrupt, fault on its own iret, and inject a
failsafe_callback into the kernel.
This bug has been present since the introduction of Xen PVOPS support
in commit 5ead97c84 (xen: Core Xen implementation), in 2.6.23.
Tushar Behera [Mon, 14 Jan 2013 19:39:01 +0000 (19:39 +0000)]
usbnet: dm9601: Fix incorrect command
commit 24b1042c4eb2 ("usbnet: dm9601: apply introduced usb command
APIs") removes the distiction between DM_WRITE_REG and DM_WRITE_REGS
command. The distiction is reintroduced to the driver so that the
functionality of the driver remains same.
Kirill Smelkov [Fri, 2 Nov 2012 11:41:01 +0000 (15:41 +0400)]
Tell the world we gave up on pushing CC_OPTIMIZE_FOR_SIZE
In commit 281dc5c5ec0f ("Give up on pushing CC_OPTIMIZE_FOR_SIZE") we
already changed the actual default value, but the help-text still
suggested 'y'. Fix the help text too, for all the same reasons.
Sadly, -Os keeps on generating some very suboptimal code for certain
cases, to the point where any I$ miss upside is swamped by the downside.
The main ones are:
- using "rep movsb" for memcpy, even on CPU's where that is
horrendously bad for performance.
- not honoring branch prediction information, so any I$ footprint you
win from smaller code, you lose from less code density in the I$.
- using divide instructions when that is very expensive.
I changed my email because the vyatta.com mail server is now
redirected to brocade.com; and the Brocade mail system
is not friendly to Linux desktop users.
Jiri Kosina [Tue, 15 Jan 2013 19:12:37 +0000 (20:12 +0100)]
lockdep, rwsem: fix down_write_nest_lock() if !CONFIG_DEBUG_LOCK_ALLOC
Commit 1b963c81b145 ("lockdep, rwsem: provide down_write_nest_lock()")
contains a bug in a codepath when CONFIG_DEBUG_LOCK_ALLOC is disabled,
which causes down_read() to be called instead of down_write() by mistake
on such configurations. Fix that.
Linus Torvalds [Wed, 16 Jan 2013 19:33:52 +0000 (11:33 -0800)]
Merge tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull second round of sound fixes from Takashi Iwai:
"Yet a few more fixes popped up in this week.
The biggest change here is the addition of pinctrl support for Atmel,
which turned out to be almost mandatory to make things working.
The rest are a few fixes for M-Audio usb-audio device and a fix for
regression of HD-audio HDMI codecs with alsactl in the recent kernel."
* tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/hdmi - Work around "alsactl restore" errors
ALSA: usb-audio: selector map for M-Audio FT C400
ALSA: usb-audio: M-Audio FT C400 skip packet quirk
ALSA: usb-audio: correct M-Audio C400 clock source quirk
ALSA: usb - fix race in creation of M-Audio Fast track pro driver
ASoC: atmel-ssc: add pinctrl selection to driver
ARM: at91/dts: add pinctrl support for SSC peripheral
Pull scsi target fixes from Nicholas Bellinger:
"This includes an important >= v3.6 regression bugfix for active I/O
shutdown (Roland), some TMR related failure / corner cases fixes for
long outstanding I/O (Roland), two FCoE target mode fabric fabric role
fixes (MDR), a fix for an incorrect sense code during LUN
communication failure (Dr. Hannes), plus a handful of other minor
fixes.
There are still some outstanding zero-length control CDB regression
fixes that need to be addressed for v3.8, that will be coming in a
follow-up PULL request."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
iscsi-target: Fix CmdSN comparison (use cmd->cmd_sn instead of cmd->stat_sn)
target: Release se_cmd when LUN lookup fails for TMR
target: Fix use-after-free in LUN RESET handling
target: Fix missing CMD_T_ACTIVE bit regression for pending WRITEs
tcm_fc: Do not report target role when target is not defined
tcm_fc: Do not indicate retry capability to initiators
target: Use TCM_NO_SENSE for initialisation
target: Introduce TCM_NO_SENSE
target: use correct sense code for LUN communication failure
Linus Torvalds [Wed, 16 Jan 2013 18:55:10 +0000 (10:55 -0800)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull ext3 and udf fixes from Jan Kara:
"One ext3 performance regression fix and one udf regression fix (oops
on interrupted mount)."
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
UDF: Fix a null pointer dereference in udf_sb_free_partitions
jbd: don't wake kjournald unnecessarily
Maxime Ripard [Mon, 14 Jan 2013 18:53:54 +0000 (19:53 +0100)]
ARM: sunxi: Use the Synosys APB UART instead of ns8250
The UART controller used in the A10/A13 is the Synopsys DesignWare 8250.
The wrong use of a regular 8250 driver may lead to a oops during kernel
boot with "irq 17: nobody cared", because the apb UART as an extra
interrupt that gets raised when writing to the LCR when busy.
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
arm64: compat: add syscall table entries for new syscalls
arm64: mm: introduce present, faulting entries for PAGE_NONE
arm64: mm: only wrprotect clean ptes if they are present
arm64: vdso: remove broken, redundant sequence counting for timezones
Linus Torvalds [Wed, 16 Jan 2013 17:11:50 +0000 (09:11 -0800)]
Merge branch 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Peter Anvin:
"This is mainly a workaround for a bug in Sandy Bridge graphics which
causes corruption of certain memory pages."
* 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
x86/Sandy Bridge: mark arrays in __init functions as __initconst
x86/Sandy Bridge: reserve pages when integrated graphics is present
x86, efi: correct precedence of operators in setup_efi_pci
Tejun Heo [Wed, 16 Jan 2013 02:52:51 +0000 (18:52 -0800)]
module, async: async_synchronize_full() on module init iff async is used
If the default iosched is built as module, the kernel may deadlock
while trying to load the iosched module on device probe if the probing
was running off async. This is because async_synchronize_full() at
the end of module init ends up waiting for the async job which
initiated the module loading.
async A modprobe
1. finds a device
2. registers the block device
3. request_module(default iosched)
4. modprobe in userland
5. load and init module
6. async_synchronize_full()
Async A waits for modprobe to finish in request_module() and modprobe
waits for async A to finish in async_synchronize_full().
Because there's no easy to track dependency once control goes out to
userland, implementing properly nested flushing is difficult. For
now, make module init perform async_synchronize_full() iff module init
has queued async jobs as suggested by Linus.
This avoids the described deadlock because iosched module doesn't use
async and thus wouldn't invoke async_synchronize_full(). This is
hacky and incomplete. It will deadlock if async module loading nests;
however, this works around the known problem case and seems to be the
best of bad options.
For more details, please refer to the following thread.
Nicolas Pitre [Tue, 15 Jan 2013 17:51:32 +0000 (18:51 +0100)]
ARM: 7628/1: head.S: map one extra section for the ATAG/DTB area
We currently use a temporary 1MB section aligned to a 1MB boundary for
mapping the provided device tree until the final page table is created.
However, if the device tree happens to cross that 1MB boundary, the end
of it remains unmapped and the kernel crashes when it attempts to access
it. Given no restriction on the location of that DTB, it could end up
with only a few bytes mapped at the end of a section.
Solve this issue by mapping two consecutive sections.
Stephen Boyd [Mon, 14 Jan 2013 18:50:42 +0000 (19:50 +0100)]
ARM: 7627/1: Predicate preempt logic on PREEMP_COUNT not PREEMPT alone
Patrik Kluba reports that the preempt count becomes invalid due
to the preempt_enable() call being unbalanced with a
preempt_disable() call in the vfp assembly routines. This happens
because preempt_enable() and preempt_disable() update preempt
counts under PREEMPT_COUNT=y but the vfp assembly routines do so
under PREEMPT=y. In a configuration where PREEMPT=n and
DEBUG_ATOMIC_SLEEP=y, PREEMPT_COUNT=y and so the preempt_enable()
call in VFP_bounce() keeps subtracting from the preempt count
until it goes negative.
Fix this by always using PREEMPT_COUNT to decided when to update
preempt counts in the ARM assembly code.
Mark Brown [Wed, 16 Jan 2013 15:33:36 +0000 (00:33 +0900)]
regmap: debugfs: Fix seeking from the cache
We don't want to bomb out early if we failed to get the cache any more,
just soldier on instead and we won't get confused and always return the
first block.
Sebastian Ott [Tue, 15 Jan 2013 18:02:01 +0000 (19:02 +0100)]
s390/chsc: fix SEI usage
cbc0dd1 "s390/pci: CHSC PCI support for error and availability events"
introduced a new SEI notification type as part of pci support.
The way SEI was called with nt2 and nt0 consecutive broke the nt0
stuff used for channel subsystem notifications.
The reason why this was broken with the mentioned patch is that you
cannot selectively disable type 0 notifications (so even when asked
for type 2 only, type 0 could be presented).
The way to do it is to tell SEI which types of notification you can
process and -this is the important part- look at the SEI result which
notification type you actually received.
Heiko Carstens [Mon, 14 Jan 2013 15:55:55 +0000 (16:55 +0100)]
s390/time: fix sched_clock() overflow
Converting a 64 Bit TOD format value to nanoseconds means that the value
must be divided by 4.096. In order to achieve that we multiply with 125
and divide by 512.
When used within sched_clock() this triggers an overflow after appr.
417 days. Resulting in a sched_clock() return value that is much smaller
than previously and therefore may cause all sort of weird things in
subsystems that rely on a monotonic sched_clock() behaviour.
To fix this implement a tod_to_ns() helper function which converts TOD
values without overflow and call this function from both places that
open coded the conversion: sched_clock() and kvm_s390_handle_wait().
mac80211: Optimize scans on current operating channel.
we do not disable PS while going back to operational channel (on
ieee80211_scan_state_suspend) and deffer that until scan finish.
But since we are allowed to send frames, we can send a frame to AP
without PM bit set, so disable PS on AP side. Then when we switch
to off-channel (in ieee80211_scan_state_resume) we do not enable PS.
Hence we are off-channel with PS disabled, frames are not buffered
by AP.
To fix remove offchannel_ps_disable argument and always enable PS when
going off-channel and disable it when going on-channel, like it was
before.
Johannes Berg [Fri, 11 Jan 2013 13:34:25 +0000 (14:34 +0100)]
mac80211: fix FT roaming
During FT roaming, wpa_supplicant attempts to set the
key before association. This used to be rejected, but
as a side effect of my commit 66e67e418908442389d3a9e
("mac80211: redesign auth/assoc") the key was accepted
causing hardware crypto to not be used for it as the
station isn't added to the driver yet.
It would be possible to accept the key and then add it
to the driver when the station has been added. However,
this may run into issues with drivers using the state-
based station adding if they accept the key only after
association like it used to be.
For now, revert to the behaviour from before the auth
and assoc change.
The rate scaling won't treat the information in a frame
with IEEE80211_TX_CTL_AMPDU set if IEEE80211_TX_STAT_AMPDU
is cleared. But all the frames coming from an AGG tx queue
have IEEE80211_TX_CTL_AMPDU set, and IEEE80211_TX_STAT_AMPDU
is set only if the frame was sent in an AMPDU.
This means that all the data in frames in AGG tx queues that
aren't sent as an AMPDU is thrown away.
This is even more harmful when in bad link conditions, the
frames are sent in an AMPDU and then finally sent as single
frame. So a lot of failures weren't reported and the rate
scaling got stuck in high rates leading to very poor
connectivity.
Fix that by clearing IEEE80211_TX_CTL_AMPDU when the frame
isn't part of an AMPDU.
Chris Wilson [Tue, 15 Jan 2013 16:17:54 +0000 (16:17 +0000)]
drm/i915: Invalidate the relocation presumed_offsets along the slow path
In the slow path, we are forced to copy the relocations prior to
acquiring the struct mutex in order to handle pagefaults. We forgo
copying the new offsets back into the relocation entries in order to
prevent a recursive locking bug should we trigger a pagefault whilst
holding the mutex for the reservations of the execbuffer. Therefore, we
need to reset the presumed_offsets just in case the objects are rebound
back into their old locations after relocating for this exexbuffer - if
that were to happen we would assume the relocations were valid and leave
the actual pointers to the kernels dangling, instant hang.
Jani Nikula [Wed, 16 Jan 2013 08:53:40 +0000 (10:53 +0200)]
drm/i915/eDP: do not write power sequence registers for ghost eDP
Some machines detect an eDP port even if it's not really there, and eDP
initialization has a fail path for this. Typically such machines have an
LVDS display instead. A regression introduced in
Jacob Keller [Wed, 5 Dec 2012 07:53:38 +0000 (07:53 +0000)]
ixgbe: Fix overwriting of rx_mtrl in ixgbe_ptp_hwtstamp_ioctl
This patch corrects a bug introduced by commit f3444d8b. The rxmtrl value for
the UDP port to timestamp on was moved above the switch statement, but was
overwritten to 0 if the ioctl selected one of the V1 filters.
Jacob Keller [Sat, 8 Dec 2012 09:04:25 +0000 (09:04 +0000)]
ixgbe: only compile ixgbe_debugfs.o when enabled
This patch modifies ixgbe_debugfs.c and the Makefile for the ixgbe
driver to only compile the file when the config is enabled. This means
we can remove the #ifdef inside the ixgbe_debugfs.c file.
channing [Wed, 16 Jan 2013 05:14:20 +0000 (13:14 +0800)]
serial:ifx6x60:Keep word size accordance with SPI controller
As protocol driver, IFX SPI driver initiate to setup SPI master with default
SPI word size as 16 bit/word, however, SPI master may not adopt this default
value due to SPI controller's capability, it might choose an available value by
itself and set it to spi_device.bits_per_word. In order to keep align with
Controller, IFX driver should make use of this value during SPI transfer,
but the default one.
Thomas Abraham [Mon, 31 Dec 2012 21:42:45 +0000 (13:42 -0800)]
serial: samsung: remove redundant setting of line config during port reset
The setting of uart line control configuration in s3c24xx_serial_resetport
is can be removed since the 'set_termios' call will overwrite any ULCON
register setting which s3c24xx_serial_resetport does.
chao bi [Wed, 12 Dec 2012 03:40:56 +0000 (11:40 +0800)]
serial:ifx6x60:Delete SPI timer when shut down port
When shut down SPI port, it's possible that MRDY has been asserted and a SPI
timer was activated waiting for SRDY assert, in the case, it needs to delete
this timer.
Wei Yongjun [Sun, 2 Dec 2012 10:10:44 +0000 (05:10 -0500)]
tty: serial: vt8500: fix return value check in vt8500_serial_probe()
In case of error, function of_clk_get() returns ERR_PTR()
and never returns NULL. The NULL test in the return value
check should be replaced with IS_ERR().
Fix the following warning when building with W=1 option:
drivers/tty/serial/mxs-auart.c: In function 'mxs_auart_tx_chars':
drivers/tty/serial/mxs-auart.c:272:10: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
Steffen Trumtrar [Thu, 13 Dec 2012 13:27:43 +0000 (14:27 +0100)]
mxs: uart: fix setting RTS from software
With the patch "serial: mxs-auart: fix the wrong RTS hardware flow control" the
mainline mxs-uart driver now sets RTSEN only when hardware flow control is
enabled via software. It is not possible any longer to set RTS manually via
software. However, the manual modification is a valid operation.
Regain the possibility to set RTS via software and only set RTSEN when hardware
flow control is explicitly enabled via settermios cflag CRTSCTS.
Daniel De Graaf [Wed, 2 Jan 2013 22:57:13 +0000 (17:57 -0500)]
xen/gntdev: remove erronous use of copy_to_user
Since there is now a mapping of granted pages in kernel address space in
both PV and HVM, use it for UNMAP_NOTIFY_CLEAR_BYTE instead of accessing
memory via copy_to_user and triggering sleep-in-atomic warnings.
Daniel De Graaf [Wed, 2 Jan 2013 22:57:12 +0000 (22:57 +0000)]
xen/gntdev: correctly unmap unlinked maps in mmu notifier
If gntdev_ioctl_unmap_grant_ref is called on a range before unmapping
it, the entry is removed from priv->maps and the later call to
mn_invl_range_start won't find it to do the unmapping. Fix this by
creating another list of freeable maps that the mmu notifier can search
and use to unmap grants.
Daniel De Graaf [Wed, 2 Jan 2013 22:57:11 +0000 (22:57 +0000)]
xen/gntdev: fix unsafe vma access
In gntdev_ioctl_get_offset_for_vaddr, we need to hold mmap_sem while
calling find_vma() to avoid potentially having the result freed out from
under us. Similarly, the MMU notifier functions need to synchronize with
gntdev_vma_close to avoid map->vma being freed during their iteration.
* tag 'v3.7': (833 commits)
Linux 3.7
Input: matrix-keymap - provide proper module license
Revert "revert "Revert "mm: remove __GFP_NO_KSWAPD""" and associated damage
ipv4: ip_check_defrag must not modify skb before unsharing
Revert "mm: avoid waking kswapd for THP allocations when compaction is deferred or contended"
inet_diag: validate port comparison byte code to prevent unsafe reads
inet_diag: avoid unsafe and nonsensical prefix matches in inet_diag_bc_run()
inet_diag: validate byte code to prevent oops in inet_diag_bc_run()
inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state
mm: vmscan: fix inappropriate zone congestion clearing
vfs: fix O_DIRECT read past end of block device
net: gro: fix possible panic in skb_gro_receive()
tcp: bug fix Fast Open client retransmission
tmpfs: fix shared mempolicy leak
mm: vmscan: do not keep kswapd looping forever due to individual uncompactable zones
mm: compaction: validate pfn range passed to isolate_freepages_block
mmc: sh-mmcif: avoid oops on spurious interrupts (second try)
Revert misapplied "mmc: sh-mmcif: avoid oops on spurious interrupts"
mmc: sdhci-s3c: fix missing clock for gpio card-detect
lib/Makefile: Fix oid_registry build dependency
...
Signed-off-by: Konrad Rzeszutek Wilk <[email protected]>
Conflicts:
arch/arm/xen/enlighten.c
drivers/xen/Makefile
[We need to have the v3.7 base as the 'for-3.8' was based off v3.7-rc3
and there are some patches in v3.7-rc6 that we to have in our branch]
Matt Wilson [Tue, 15 Jan 2013 13:21:27 +0000 (13:21 +0000)]
xen/grant-table: correctly initialize grant table version 1
Commit 85ff6acb075a484780b3d763fdf41596d8fc0970 (xen/granttable: Grant
tables V2 implementation) changed the GREFS_PER_GRANT_FRAME macro from
a constant to a conditional expression. The expression depends on
grant_table_version being appropriately set. Unfortunately, at init
time grant_table_version will be 0. The GREFS_PER_GRANT_FRAME
conditional expression checks for "grant_table_version == 1", and
therefore returns the number of grant references per frame for v2.
This causes gnttab_init() to allocate fewer pages for gnttab_list, as
a frame can old half the number of v2 entries than v1 entries. After
gnttab_resume() is called, grant_table_version is appropriately
set. nr_init_grefs will then be miscalculated and gnttab_free_count
will hold a value larger than the actual number of free gref entries.
If a guest is heavily utilizing improperly initialized v1 grant
tables, memory corruption can occur. One common manifestation is
corruption of the vmalloc list, resulting in a poisoned pointer
derefrence when accessing /proc/meminfo or /proc/vmallocinfo:
[ 40.770064] BUG: unable to handle kernel paging request at 0000200200001407
[ 40.770083] IP: [<ffffffff811a6fb0>] get_vmalloc_info+0x70/0x110
[ 40.770102] PGD 0
[ 40.770107] Oops: 0000 [#1] SMP
[ 40.770114] CPU 10
This patch introduces a static variable, grefs_per_grant_frame, to
cache the calculated value. gnttab_init() now calls
gnttab_request_version() early so that grant_table_version and
grefs_per_grant_frame can be appropriately set. A few BUG_ON()s have
been added to prevent this type of bug from reoccurring in the future.
Olof Johansson [Tue, 15 Jan 2013 18:55:40 +0000 (10:55 -0800)]
Merge tag 'imx-fixes-3.8-2' of git://git.linaro.org/people/shawnguo/linux-2.6 into fixes
From Shawn Guo:
It's the second batch of fixes for 3.8, which includes one fixing for
!CONFIG_SMP build, two patches fixing broken imxfb driver caused by
multiplatform conversion, and a couple of pm/hotplug fixes.
* tag 'imx-fixes-3.8-2' of git://git.linaro.org/people/shawnguo/linux-2.6:
ARM: imx: correct low-power mode setting
ARM: imx: disable cpu in .cpu_kill hook
video: imxfb: fix imxfb_info configuration order
ARM: imx: platform-imx-fb: modifies platform device name
ARM: imx: fix build error with !CONFIG_SMP
Michael Neuling [Thu, 10 Jan 2013 14:25:34 +0000 (14:25 +0000)]
powerpc: Rename set_break to avoid naming conflict
With allmodconfig we are getting:
drivers/tty/synclink_gt.c:160:12: error: conflicting types for 'set_break'
arch/powerpc/include/asm/debug.h:49:5: note: previous declaration of 'set_break' was here
drivers/tty/synclinkmp.c:526:12: error: conflicting types for 'set_break'
arch/powerpc/include/asm/debug.h:49:5: note: previous declaration of 'set_break' was here
This renames set_break to set_breakpoint to avoid this naming conflict
Michael Neuling [Thu, 10 Jan 2013 16:11:11 +0000 (16:11 +0000)]
powerpc: Fix typo in breakpoint kgdb code.
Currently we are getting:
arch/powerpc/kernel/kgdb.c: In function 'kgdb_arch_exit':
arch/powerpc/kernel/kgdb.c:492:2: error: '__debugger_breakx_match' undeclared (first use in this function)
arch/powerpc/kernel/kgdb.c:492:2: note: each undeclared identifier is reported only once for each function it appears in
The DSCR (aka Data Stream Control Register) is supported on some
server PowerPC chips and allow some control over the prefetch
of data streams.
The kernel already supports DSCR value per thread but there is also
a need in a ability to change it from an external process for
the specific pid.
The patch adds new register index PT_DSCR (index=44) which can be
set/get by:
ptrace(PTRACE_POKEUSER, traced_process, PT_DSCR << 3, dscr);
dscr = ptrace(PTRACE_PEEKUSER, traced_process, PT_DSCR << 3, NULL);
The patch does not increase PT_REGS_COUNT as the pt_regs struct has not
been changed.
Alex Williamson [Tue, 15 Jan 2013 17:45:26 +0000 (10:45 -0700)]
vfio-pci: Fix buffer overfill
A read from a range hidden from the user (ex. MSI-X vector table)
attempts to fill the user buffer up to the end of the excluded range
instead of up to the requested count. Fix it.
Will Deacon [Mon, 14 Jan 2013 14:45:46 +0000 (14:45 +0000)]
arm64: compat: add syscall table entries for new syscalls
There have been a number of new syscalls introduced to arch/arm/ since
the compat layer was implemented for arm64, so add pointers to the
relevant functions to the compat syscall table.
Alex Deucher [Mon, 14 Jan 2013 16:04:39 +0000 (11:04 -0500)]
drm/radeon: clear reset flags if engines are idle
Fixes a hard lock in the gpu reset code after the
rework for DMA support (0ecebb9e0d14e9948e0b1529883a776758117d6f
"drm/radeon: switch to a finer grained reset for evergreen")
due to not bailing before the MC shutdown if the relevant engines
are idle.
Takashi Iwai [Tue, 15 Jan 2013 13:44:41 +0000 (14:44 +0100)]
ALSA: hda/hdmi - Work around "alsactl restore" errors
When "alsactl restore" is performed on HDMI codecs, it tries to
restore the channel map value since the channel map controls are
writable. But hdmi_chmap_ctl_put() returns -EBADFD when no PCM stream
is assigned yet, and this results in an error message from alsactl.
Although the error is harmless, it's certainly ugly and can be
regarded as a regression.
As a workaround, this patch changes the return code in such a case to
be zero for making others happy. (A slight excuse is: when the chmap
is changed through the proper alsa-lib API, the PCM status is checked
there anyway, so we don't have to be too strict in the kernel side.)
Daniel Lezcano [Tue, 15 Jan 2013 13:18:04 +0000 (14:18 +0100)]
cpuidle: remove the power_specified field in the driver
We realized that the power usage field is never filled and when it
is filled for tegra, the power_specified flag is not set causing all
of these values to be reset when the driver is initialized with
set_power_state().
However, the power_specified flag can be simply removed under the
assumption that the states are always backward sorted, which is the
case with the current code.
This change allows the menu governor select function and the
cpuidle_play_dead() to be simplified. Moreover, the
set_power_states() function can removed as it does not make sense
any more.
Drop the power_specified flag from struct cpuidle_driver and make
the related changes as described above.
As a consequence, this also fixes the bug where on the dynamic
C-states system, the power fields are not initialized.
[rjw: Changelog]
References: https://bugzilla.kernel.org/show_bug.cgi?id=42870
References: https://bugzilla.kernel.org/show_bug.cgi?id=43349
References: https://lkml.org/lkml/2012/10/16/518 Signed-off-by: Daniel Lezcano <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]>
Chris Wilson [Tue, 15 Jan 2013 12:05:55 +0000 (12:05 +0000)]
drm/i915: Record DERRMR, FORCEWAKE and RING_CTL in error-state
These are useful for investigating hangs involving WAIT_FOR_EVENT.
Signed-off-by: Chris Wilson <[email protected]>
[danvet: Apply a droplet of Future-Proof in the if-ladder.] Signed-off-by: Daniel Vetter <[email protected]>
Namjae Jeon [Tue, 15 Jan 2013 10:58:47 +0000 (19:58 +0900)]
f2fs: fix the debugfs entry creation path
As the "status" debugfs entry will be maintained for entire F2FS filesystem
irrespective of the number of partitions.
So, we can move the initialization to the init part of the f2fs and destroy will
be done from exit part. After making changes, for individual partition mount -
entry creation code will not be executed.
Namjae Jeon [Tue, 15 Jan 2013 07:45:24 +0000 (16:45 +0900)]
f2fs: remove the blk_plug usage in f2fs_write_data_pages
Let's consider the usage of blk_plug in f2fs_write_data_pages().
We can come up with the two issues: lock contention and task awareness.
1. Merging bios prior to grabing "queue lock"
The f2fs merges consecutive IOs in the file system level before
submitting any bios, which is similar with the back merge by the
plugging mechanism in attempt_plug_merge(). Both of them need to acquire
no queue lock.
2. Merging policy with respect to tasks
The f2fs merges IOs as much as possible regardless of tasks, while
blk-plugging is conducted on a basis of tasks. As we can understand
there are trade-offs, f2fs tries to maximize the write performance with
well-merged bios.
As a result, if f2fs produces many consecutive but separated bios in
writepages(), it would be good to use blk-plugging since f2fs would be
able to avoid queue lock contention in the block layer by merging them.
But, f2fs merges IOs and submit one bio, which means that there are not
much chances to merge bios by attempt_plug_merge().
However, f2fs has already been used blk_plug by triggering generic_writepages()
in f2fs_write_data_pages().
So to make the overall code consistency, I'd like to remove blk_plug there.
Takashi Iwai [Tue, 15 Jan 2013 06:51:25 +0000 (07:51 +0100)]
Merge tag 'asoc-atmel-pinctrl' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: atmel: Fixes for pinctrl
Due to a series of problems with the handling of Atmel, a combination of
making changes that make other branches instantly buggy and a general
failure to deal with the resulting issues effectively, v3.8 Atmel audio
currently won't work at all for DT boards without adding pinctrl
definitions and a request for those.
Linus Torvalds [Tue, 15 Jan 2013 04:22:16 +0000 (20:22 -0800)]
Merge tag 'trace-3.8-rc3-regression-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing regression fixes from Steven Rostedt:
"The clean up patch commit 0fb9656d957d "tracing: Make tracing_enabled
be equal to tracing_on" caused two regressions.
1) The irqs off latency tracer no longer starts if tracing_on is off
when the tracer is set, and then tracing_on is enabled. The
tracing_on file needs the hook that tracing_enabled had to enable
tracers if they request it (call the tracer's start() method).
2) That commit had a separate change that really should have been a
separate patch, but it must have been added accidently with the -a
option of git commit. But as the change is still related to the
commit it wasn't noticed in review. That change, changed the way
blocking is done by the trace_pipe file with respect to the
tracing_on settings. I've been told that this change breaks
current userspace, and this specific change is being reverted."
* tag 'trace-3.8-rc3-regression-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Fix regression of trace_pipe
tracing: Fix regression with irqsoff tracer and tracing_on file
Linus Torvalds [Tue, 15 Jan 2013 04:20:44 +0000 (20:20 -0800)]
Merge tag 'regmap-debugfs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
Pull regmap debugfs optimisation fixes from Mark Brown:
"The debugfs optimisations merged in v3.8 weren't my finest hour, there
were a number of cases that the more complex algorithm made worse
especially around the error handling. This patch series should
address those issues."
* tag 'regmap-debugfs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: debugfs: Make sure we store the last entry in the offset cache
regmap: debugfs: Ensure a correct return value for empty caches
regmap: debugfs: Discard the cache if we fail to allocate an entry
regmap: debugfs: Fix check for block start in cached seeks
regmap: debugfs: Fix attempts to read nonexistant register blocks
Linus Torvalds [Tue, 15 Jan 2013 04:20:03 +0000 (20:20 -0800)]
Merge tag 'regulator-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A few fixes for the regulator subsystems, a few driver specific things
plus a fix for the interaction between regultor_can_change_voltage()
and continuous voltage ranges both of which were added for this
release."
* tag 'regulator-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: max8998: Ensure enough delay time for max8998_set_voltage_buck_time_sel
regulator: max8998: Use uV in voltage_map_desc
regulator: max8997: Use uV in voltage_map_desc
regulator: core: Fix comment for regulator_register()
regulator: core: Fix continuous_voltage_range case in regulator_can_change_voltage
regulator: s5m8767: Fix probe failure due to stack corruption
TG3_PHY_AUXCTL_SMDSP_ENABLE/DISABLE macros do a blind write to the phy
auxiliary control register and overwrite the EXT_PKT_LEN (bit 14) resulting
in intermittent crc errors on jumbo frames with some link partners. Change
the code to do a read/modify/write.
tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
When netconsole is enabled, logging messages generated during tg3_open
can result in a null pointer dereference for the uninitialized tg3
status block. Use the irq_sync flag to disable polling in the early
stages. irq_sync is cleared when the driver is enabling interrupts after
all initialization is completed.
Colin Ian King [Tue, 27 Nov 2012 14:09:40 +0000 (14:09 +0000)]
PCI: Allow pcie_aspm=force even when FADT indicates it is unsupported
Right now using pcie_aspm=force will not enable ASPM if the FADT indicates
ASPM is unsupported. However, the semantics of force should probably allow
for this, especially as they did before 3c076351c4 ("PCI: Rework ASPM
disable code")
This patch just skips the clearing of any ASPM setup that the firmware has
carried out on this bus if pcie_aspm=force is being used.
Paul Moore [Mon, 14 Jan 2013 07:12:19 +0000 (07:12 +0000)]
tun: fix LSM/SELinux labeling of tun/tap devices
This patch corrects some problems with LSM/SELinux that were introduced
with the multiqueue patchset. The problem stems from the fact that the
multiqueue work changed the relationship between the tun device and its
associated socket; before the socket persisted for the life of the
device, however after the multiqueue changes the socket only persisted
for the life of the userspace connection (fd open). For non-persistent
devices this is not an issue, but for persistent devices this can cause
the tun device to lose its SELinux label.
We correct this problem by adding an opaque LSM security blob to the
tun device struct which allows us to have the LSM security state, e.g.
SELinux labeling information, persist for the lifetime of the tun
device. In the process we tweak the LSM hooks to work with this new
approach to TUN device/socket labeling and introduce a new LSM hook,
security_tun_dev_attach_queue(), to approve requests to attach to a
TUN queue via TUNSETQUEUE.
The SELinux code has been adjusted to match the new LSM hooks, the
other LSMs do not make use of the LSM TUN controls. This patch makes
use of the recently added "tun_socket:attach_queue" permission to
restrict access to the TUNSETQUEUE operation. On older SELinux
policies which do not define the "tun_socket:attach_queue" permission
the access control decision for TUNSETQUEUE will be handled according
to the SELinux policy's unknown permission setting.
Namjae Jeon [Mon, 14 Jan 2013 21:53:47 +0000 (22:53 +0100)]
UDF: Fix a null pointer dereference in udf_sb_free_partitions
This patch fixes a regression caused by commit bff943af6fe "udf: Fix memory
leak when mounting" due to which it was triggering a kernel null point
dereference in case of interrupted mount OR when allocating memory to
sbi->s_partmaps failed in function udf_sb_alloc_partition_maps.
Eric Sandeen [Tue, 18 Dec 2012 17:03:57 +0000 (11:03 -0600)]
jbd: don't wake kjournald unnecessarily
Don't send an extra wakeup to kjournald in the case where we
already have the proper target in j_commit_request, i.e. that
commit has already been requested for commit.
commit d9b0193 "jbd: fix fsync() tid wraparound bug" changed
the logic leading to a wakeup, but it caused some extra wakeups
which were found to lead to a measurable performance regression.
Linus Torvalds [Mon, 14 Jan 2013 21:19:08 +0000 (13:19 -0800)]
Merge tag 'dt-fixes-for-3.8' of git://sources.calxeda.com/kernel/linux
Pull devicetree fixes from Rob Herring:
"Two fixes to prevent unconditional re-compile of dts files on arm and
arm64."
* tag 'dt-fixes-for-3.8' of git://sources.calxeda.com/kernel/linux:
ARM: dts: prevent *.dtb from always being rebuilt
arm64: dts: prevent *.dtb from always being rebuilt
Linus Torvalds [Mon, 14 Jan 2013 21:17:50 +0000 (13:17 -0800)]
vfs: add missing virtual cache flush after editing partial pages
Andrew Morton pointed this out a month ago, and then I completely forgot
about it.
If we read a partial last page of a block device, we will zero out the
end of the page, but since that page can then be mapped into user space,
we should also make sure to flush the cache on architectures that have
virtual caches. We have the flush_dcache_page() function for this, so
use it.
Now, in practice this really never matters, because nobody sane uses
virtual caches to begin with, and they largely exist on old broken RISC
arhitectures.
And even if you did run on one of those obsolete CPU's, the whole "mmap
and access the last partial page of a block device" behavior probably
doesn't actually exist. The normal IO functions (read/write) will never
see the zeroed-out part of the page that migth not be coherent in the
cache, because they honor the size of the device.
So I'm marking this for stable (3.7 only), but I'm not sure anybody will
ever care.
Felix Fietkau [Mon, 14 Jan 2013 15:56:46 +0000 (16:56 +0100)]
ath9k: disable the tasklet before taking the PCU lock
Fixes a reported CPU soft lockup where the tasklet tries to acquire the
lock and blocks while ath_prepare_reset (holding the lock) waits for it
to complete.
Felix Fietkau [Mon, 14 Jan 2013 09:50:15 +0000 (10:50 +0100)]
ath9k: remove sc->rx.rxbuflock to fix a deadlock
The commit "ath9k: fix rx flush handling" added a deadlock that happens
because ath_rx_tasklet is called in a section that has already taken the
rx buffer lock.
It seems that the only purpose of the rxbuflock was a band-aid fix to the
reset vs rx tasklet race, which has been properly fixed in the commit
"ath9k: add a better fix for the rx tasklet vs rx flush race".
Now that the fix is in, we can safely remove the lock to avoid such issues.
Linus Torvalds [Mon, 14 Jan 2013 18:56:05 +0000 (10:56 -0800)]
Merge tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Most of commits found here are for ASoC device specific fixes,
arizona, cs4271, wm5102, wm2200, etc, in addition to a couple of
memory leak fixes in ASoC core.
Other than that, regression fixes in HD-audio and USB-audio, and a fix
for new Realtek codecs."
* tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (30 commits)
ALSA: usb-audio: Fix NULL dereference by access to non-existing substream
ALSA: hda - Add support of new codec ALC284
ALSA: usb-audio: Make ebox44_table static
ALSA: hdspm - Fix wordclock status on AES32
Revert "ALSA: hda - Shut up pins at power-saving mode with Conexnat codecs"
ALSA: hda - Disable runtime D3 for Intel CPT & co
ALSA: pxa27x: fix ac97 warm reset
ALSA: pxa27x: fix ac97 cold reset
ASoC: wm_adsp: Ensure that block writes are from DMA aligned addresses
ASoC: wm2000: Fix sense of speech clarity enable
ASoC: wm5100: Remove DSP B and left justified formats
ASoC: arizona: Remove DSP B and left justified AIF modes
ASoC: wm2200: Remove DSP B and left justified AIF modes
ASoC: wm5102: Improve speaker enable performance
ASoC: core: fix the memory leak in case of remove_aux_dev()
ASoC: core: fix the memory leak in case of device_add() failure
ASoC: cs42l52: Catch no-match case in cs42l52_get_clk
ASoC: lm49453: Update lm49453_reg_defs values as per LM49453 HW revision-B
ASoC: lm49453: Fix adc, mic and sidetone volume ranges
ASoC: arizona: Correct FLL source definitions
...
Eric Sandeen [Sat, 12 Jan 2013 02:57:22 +0000 (02:57 +0000)]
btrfs: update timestamps on truncate()
truncate() vs. ftruncate() differ in the VFS; truncate()
doesn't set (ATTR_CTIME | ATTR_MTIME), and it's up to the
fs to do the timestamp updates if the size changes.
I have no idea if that -EEXIST is surprising, or not. Regardless, this
error handling should be cleaned up to handle other reasonable errors
(ENOMEM, EIO; whatever).
This seemed to be the only buggy freeing of the relatively rare IS_ERR
em so I opted to fix the caller rather than teach free_extent_map() to
use IS_ERR_OR_NULL().
Liu Bo [Mon, 7 Jan 2013 10:10:12 +0000 (10:10 +0000)]
Btrfs: fix a bug when llseek for delalloc bytes behind prealloc extents
xfstests case 285 complains.
It it because btrfs did not try to find unwritten delalloc
bytes(only dirty pages, not yet writeback) behind prealloc
extents, it ends up finding nothing while we're with SEEK_DATA.
Liu Bo [Thu, 27 Dec 2012 09:01:24 +0000 (09:01 +0000)]
Btrfs: let allocation start from the right raid type
This'd avoid us empty looping.
Say we have only one disk and the metadata raid type will be defaultly DUP,
and we do not need to start from index=0(RAID10) and get over two empty
loops to index=2(DUP).
Josef Bacik [Mon, 7 Jan 2013 22:03:21 +0000 (17:03 -0500)]
Btrfs: add orphan before truncating pagecache
Running xfstests 83 in a loop would sometimes fail the fsck. This happens
because if we invalidate a page that already has an ordered extent setup for
it we will complete the ordered extent ourselves, assuming that the truncate
will clean everything up. The problem with this is there is plenty of time
for the truncate to fail after we've done this work. So to fix this we need
to add the orphan item first to make sure the cleanup gets done properly,
and then we can truncate the pagecache and all that stuff and be safe. This
fixes the btrfsck failures I was seeing while running 83 in a loop. Thanks,
projects / linux.git / log