commit 3729ed7c6aa8c5b9eee8f832e4a246b8fa1d56b5
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed Nov 13 12:05:59 2013 +0900
Linux 3.10.19
commit cfa234b144de51eb96e877ee0bee47a3420e8bed
Author: Jon Mason <jon.mason@intel.com>
Date: Tue Jul 30 15:58:49 2013 -0700
NTB: Correct debugfs to work with more than 1 NTB Device
commit 1517a3f21a1dd321f16bcf44204bddff9d21abd0 upstream.
Debugfs was setup in NTB to only have a single debugfs directory. This
resulted in the leaking of debugfs directories and files when multiple
NTB devices were present, due to each device stomping on the variables
containing the previous device's values (thus preventing them from being
freed on cleanup). Correct this by creating a secondary directory of
the PCI BDF for each device present, and nesting the previously existing
information in those directories.
Signed-off-by: Jon Mason <jon.mason@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8293fc2416f0eb13ff81501b31f0206c5331b9cb
Author: Jon Mason <jon.mason@intel.com>
Date: Fri May 31 14:05:53 2013 -0700
NTB: Correct USD/DSD Identification
commit b6750cfe0710a14fd147ba27fddbecae8ba88c77 upstream.
Due to ambiguous documentation, the USD/DSD identification is backward
when compared to the setting in BIOS. Correct the bits to match the
BIOS setting.
Signed-off-by: Jon Mason <jon.mason@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 576db18cb68483e6e54f18dfda4b9c24f7e07dfe
Author: Jon Mason <jon.mason@intel.com>
Date: Mon Jul 15 15:26:14 2013 -0700
NTB: Correct Number of Scratch Pad Registers
commit 87034511519815259e37336f52edf06d114d43b6 upstream.
The NTB Xeon hardware has 16 scratch pad registers and 16 back-to-back
scratch pad registers. Correct the #define to represent this and update
the variable names to reflect their usage.
Signed-off-by: Jon Mason <jon.mason@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 21720562911f038d7406654e7ea0c171cfac47b8
Author: Jon Mason <jon.mason@intel.com>
Date: Mon Jul 15 13:23:47 2013 -0700
NTB: Add Error Handling in ntb_device_setup
commit 3b12a0d15bd1559e72ad21d9d807fd2a6706f0ab upstream.
If an error is encountered in ntb_device_setup, it is possible that the
spci_cmd isn't populated. Writes to the offset can result in a NULL
pointer dereference. This issue is easily encountered by running in
NTB-RP mode, as it currently is not supported and will generate an
error. To get around this issue, return if an error is encountered
prior to attempting to write to the spci_cmd offset.
Signed-off-by: Jon Mason <jon.mason@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dad483b78d280665a110591fd418535e0f9791dc
Author: Gu Zheng <guz.fnst@cn.fujitsu.com>
Date: Fri Oct 25 18:15:06 2013 +0800
seq_file: always update file->f_pos in seq_lseek()
commit 05e16745c0c471bba313961b605b6da3b21a853d upstream.
This issue was first pointed out by Jiaxing Wang several months ago, but no
further comments:
https://lkml.org/lkml/2013/6/29/41
As we know pread() does not change f_pos, so after pread(), file->f_pos
and m->read_pos become different. And seq_lseek() does not update file->f_pos
if offset equals to m->read_pos, so after pread() and seq_lseek()(lseek to
m->read_pos), then a subsequent read may read from a wrong position, the
following program produces the problem:
char str1[32] = { 0 };
char str2[32] = { 0 };
int poffset = 10;
int count = 20;
/*open any seq file*/
int fd = open("/proc/modules", O_RDONLY);
pread(fd, str1, count, poffset);
printf("pread:%s\n", str1);
/*seek to where m->read_pos is*/
lseek(fd, poffset+count, SEEK_SET);
/*supposed to read from poffset+count, but this read from position 0*/
read(fd, str2, count);
printf("read:%s\n", str2);
out put:
pread:
ck_netbios_ns 12665
read:
nf_conntrack_netbios
/proc/modules:
nf_conntrack_netbios_ns 12665 0 - Live 0xffffffffa038b000
nf_conntrack_broadcast 12589 1 nf_conntrack_netbios_ns, Live 0xffffffffa0386000
So we always update file->f_pos to offset in seq_lseek() to fix this issue.
Signed-off-by: Jiaxing Wang <hello.wjx@gmail.com>
Signed-off-by: Gu Zheng <guz.fnst@cn.fujitsu.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jonghwan Choi <jhbird.choi@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2233b4db914786e69960d717a3019c87ba3bb5a5
Author: Alex Deucher <alexander.deucher@amd.com>
Date: Thu Oct 10 16:45:27 2013 -0400
drm/radeon/atom: workaround vbios bug in transmitter table on rs780
commit c23632d4e57c0dd20bf50eca08fa0eb8ad3ff680 upstream.
Some rs780 asics seem to be affected as well.
See:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=91f3a6aaf280294b07c05dfe606e6c27b7ba3c72
Fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=60791
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9c1aab0da00ed04f096fabc4136241cb45f92cc1
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Wed Oct 16 09:49:02 2013 +0100
drm: Pad drm_mode_get_connector to 64-bit boundary
commit bc5bd37ce48c66e9192ad2e7231e9678880f6f8e upstream.
Pavel Roskin reported that DRM_IOCTL_MODE_GETCONNECTOR was overwritting
the 4 bytes beyond the end of its structure with a 32-bit userspace
running on a 64-bit kernel. This is due to the padding gcc inserts as
the drm_mode_get_connector struct includes a u64 and its size is not a
natural multiple of u64s.
64-bit kernel:
sizeof(drm_mode_get_connector)=80, alignof=8
sizeof(drm_mode_get_encoder)=20, alignof=4
sizeof(drm_mode_modeinfo)=68, alignof=4
32-bit userspace:
sizeof(drm_mode_get_connector)=76, alignof=4
sizeof(drm_mode_get_encoder)=20, alignof=4
sizeof(drm_mode_modeinfo)=68, alignof=4
Fortuituously we can insert explicit padding to the tail of our
structures without breaking ABI.
Reported-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Dave Airlie <airlied@redhat.com>
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 45da934f7431181cd1ccc33b4d138dc41c2cd1ba
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Wed Oct 16 11:22:44 2013 +0100
drm: Prevent overwriting from userspace underallocating core ioctl structs
commit b062672e305ce071f21eb9e18b102c2a430e0999 upstream.
Apply the protections from
commit 1b2f1489633888d4a06028315dc19d65768a1c05
Author: Dave Airlie <airlied@redhat.com>
Date: Sat Aug 14 20:20:34 2010 +1000
drm: block userspace under allocating buffer and having drivers overwrite it (v2)
to the core ioctl structs as well, for we found one instance where there
is a 32-/64-bit size mismatch and were guilty of writing beyond the end
of the user's buffer.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Dave Airlie <airlied@redhat.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 09c2c79ce6e82b226262e667971db7f4a666e430
Author: Thomas Hellstrom <thellstrom@vmware.com>
Date: Wed Oct 9 01:42:51 2013 -0700
drm/vmwgfx: Don't kill clients on VT switch
commit c4249855ac5b2a383704d31e040d3831d6a25c6f upstream.
DRI clients that tried to grab the TTM lock when the master (X server) was
switched away during a VT switch were sent the SIGTERM signal by the
kernel. Fix this so that they are only sent that signal when the master has
exited.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Jakob Bornecrantz <jakob@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0d6d09974ba93877afa53f5ce5ce89f20b3dfe20
Author: Thomas Hellstrom <thellstrom@vmware.com>
Date: Wed Oct 9 01:42:50 2013 -0700
drm/vmwgfx: Don't put resources with invalid id's on lru list
commit 26682480c202e7360cbcdc3bc9e962bf749c6b8d upstream.
The evict code may try to swap them out causing a BUG in the destroy
function.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Jakob Bornecrantz <jakob@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7bff7accd427da171501b558457ef8fa81ee2767
Author: Zhang Yanfei <zhangyanfei.yes@gmail.com>
Date: Mon Jul 8 16:00:19 2013 -0700
mm/vmalloc.c: fix an overflow bug in alloc_vmap_area()
commit bcb615a81b1765864c71c50afb56631e7a1e5283 upstream.
When searching a vmap area in the vmalloc space, we use (addr + size -
1) to check if the value is less than addr, which is an overflow. But
we assign (addr + size) to vmap_area->va_end.
So if we come across the below case:
(addr + size - 1) : not overflow
(addr + size) : overflow
we will assign an overflow value (e.g 0) to vmap_area->va_end, And this
will trigger BUG in __insert_vmap_area, causing system panic.
So using (addr + size) to check the overflow should be the correct
behaviour, not (addr + size - 1).
Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
Reported-by: Ghennadi Procopciuc <unix140@gmail.com>
Tested-by: Daniel Baluta <dbaluta@ixiacom.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Anatoly Muliarski <x86ever@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 18b683a2334848c003fe89e3002244ca298544f4
Author: Chen LinX <linx.z.chen@intel.com>
Date: Wed Oct 30 13:56:18 2013 -0700
mm/pagewalk.c: fix walk_page_range() access of wrong PTEs
commit 3017f079efd6af199b0852b5c425364513db460e upstream.
When walk_page_range walk a memory map's page tables, it'll skip
VM_PFNMAP area, then variable 'next' will to assign to vma->vm_end, it
maybe larger than 'end'. In next loop, 'addr' will be larger than
'next'. Then in /proc/XXXX/pagemap file reading procedure, the 'addr'
will growing forever in pagemap_pte_range, pte_to_pagemap_entry will
access the wrong pte.
BUG: Bad page map in process procrank pte:8437526f pmd:785de067
addr:9108d000 vm_flags:00200073 anon_vma:f0d99020 mapping: (null) index:9108d
CPU: 1 PID: 4974 Comm: procrank Tainted: G B W O 3.10.1+ #1
Call Trace:
dump_stack+0x16/0x18
print_bad_pte+0x114/0x1b0
vm_normal_page+0x56/0x60
pagemap_pte_range+0x17a/0x1d0
walk_page_range+0x19e/0x2c0
pagemap_read+0x16e/0x200
vfs_read+0x84/0x150
SyS_read+0x4a/0x80
syscall_call+0x7/0xb
Signed-off-by: Liu ShuoX <shuox.liu@intel.com>
Signed-off-by: Chen LinX <linx.z.chen@intel.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e86100b54cd487c13956f09f2c38955f1a1a0909
Author: Mel Gorman <mgorman@suse.de>
Date: Mon Oct 7 11:28:47 2013 +0100
mm: Account for a THP NUMA hinting update as one PTE update
commit 0255d491848032f6c601b6410c3b8ebded3a37b1 upstream.
A THP PMD update is accounted for as 512 pages updated in vmstat. This is
large difference when estimating the cost of automatic NUMA balancing and
can be misleading when comparing results that had collapsed versus split
THP. This patch addresses the accounting issue.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1381141781-10992-10-git-send-email-mgorman@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a490bb33b51d0fc625c87ed5fff1edfd3a2afeb0
Author: Mel Gorman <mgorman@suse.de>
Date: Mon Oct 7 11:28:46 2013 +0100
mm: Close races between THP migration and PMD numa clearing
commit 3f926ab945b60a5824369d21add7710622a2eac0 upstream.
THP migration uses the page lock to guard against parallel allocations
but there are cases like this still open
Task A Task B
--------------------- ---------------------
do_huge_pmd_numa_page do_huge_pmd_numa_page
lock_page
mpol_misplaced == -1
unlock_page
goto clear_pmdnuma
lock_page
mpol_misplaced == 2
migrate_misplaced_transhuge
pmd = pmd_mknonnuma
set_pmd_at
During hours of testing, one crashed with weird errors and while I have
no direct evidence, I suspect something like the race above happened.
This patch extends the page lock to being held until the pmd_numa is
cleared to prevent migration starting in parallel while the pmd_numa is
being cleared. It also flushes the old pmd entry and orders pagetable
insertion before rmap insertion.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1381141781-10992-9-git-send-email-mgorman@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 174dfa40d63b2250e299d5376937d200e4662b7c
Author: Mel Gorman <mgorman@suse.de>
Date: Mon Oct 7 11:28:45 2013 +0100
mm: numa: Sanitize task_numa_fault() callsites
commit c61109e34f60f6e85bb43c5a1cd51c0e3db40847 upstream.
There are three callers of task_numa_fault():
- do_huge_pmd_numa_page():
Accounts against the current node, not the node where the
page resides, unless we migrated, in which case it accounts
against the node we migrated to.
- do_numa_page():
Accounts against the current node, not the node where the
page resides, unless we migrated, in which case it accounts
against the node we migrated to.
- do_pmd_numa_page():
Accounts not at all when the page isn't migrated, otherwise
accounts against the node we migrated towards.
This seems wrong to me; all three sites should have the same
sementaics, furthermore we should accounts against where the page
really is, we already know where the task is.
So modify all three sites to always account; we did after all receive
the fault; and always account to where the page is after migration,
regardless of success.
They all still differ on when they clear the PTE/PMD; ideally that
would get sorted too.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1381141781-10992-8-git-send-email-mgorman@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 299723f2297726ca4c0a9d8ef3548ece5466431d
Author: Mel Gorman <mgorman@suse.de>
Date: Mon Oct 7 11:28:44 2013 +0100
mm: Prevent parallel splits during THP migration
commit 587fe586f44a48f9691001ba6c45b86c8e4ba21f upstream.
THP migrations are serialised by the page lock but on its own that does
not prevent THP splits. If the page is split during THP migration then
the pmd_same checks will prevent page table corruption but the unlock page
and other fix-ups potentially will cause corruption. This patch takes the
anon_vma lock to prevent parallel splits during migration.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1381141781-10992-7-git-send-email-mgorman@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2e39395e03fe936171a8b45894cbf75ccfae0375
Author: Mel Gorman <mgorman@suse.de>
Date: Mon Oct 7 11:28:43 2013 +0100
mm: Wait for THP migrations to complete during NUMA hinting faults
commit 42836f5f8baa33085f547098b74aa98991ee9216 upstream.
The locking for migrating THP is unusual. While normal page migration
prevents parallel accesses using a migration PTE, THP migration relies on
a combination of the page_table_lock, the page lock and the existance of
the NUMA hinting PTE to guarantee safety but there is a bug in the scheme.
If a THP page is currently being migrated and another thread traps a
fault on the same page it checks if the page is misplaced. If it is not,
then pmd_numa is cleared. The problem is that it checks if the page is
misplaced without holding the page lock meaning that the racing thread
can be migrating the THP when the second thread clears the NUMA bit
and faults a stale page.
This patch checks if the page is potentially being migrated and stalls
using the lock_page if it is potentially being migrated before checking
if the page is misplaced or not.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1381141781-10992-6-git-send-email-mgorman@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 699ba929e88a0c2b172e7beebf10fd37ef120142
Author: Mel Gorman <mgorman@suse.de>
Date: Mon Oct 7 11:28:42 2013 +0100
mm: numa: Do not account for a hinting fault if we raced
commit 1dd49bfa3465756b3ce72214b58a33e4afb67aa3 upstream.
If another task handled a hinting fault in parallel then do not double
account for it.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1381141781-10992-5-git-send-email-mgorman@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 165b4f8bf37ba929924e9099bd9a1ee5031cf4e7
Author: Jonathan Austin <jonathan.austin@arm.com>
Date: Tue Jul 23 16:42:18 2013 +0100
clk: fixup argument order when setting VCO parameters
commit 2f9f64bc5aa31836810cd25301aa4772ad73ebab upstream.
The order of arguments in the call to vco_set() for the ICST clocks appears to
have been switched in error, which results in the VCO not being initialised
correctly. This in turn stops the integrated LCD on things like Integrator/CP
from working correctly.
This patch fixes the order and restores the expected functionality.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Jonathan Austin <jonathan.austin@arm.com>
Signed-off-by: Mike Turquette <mturquette@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a33ed3974e7b75af36553589e7810da9d8b22382
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue Oct 29 22:11:06 2013 +0300
aacraid: missing capable() check in compat ioctl
commit f856567b930dfcdbc3323261bf77240ccdde01f5 upstream.
In commit d496f94d22d1 ('[SCSI] aacraid: fix security weakness') we
added a check on CAP_SYS_RAWIO to the ioctl. The compat ioctls need the
check as well.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e14594cd658f655ae3384fcc3ec8c345b36cd4d0
Author: Ming Lei <ming.lei@canonical.com>
Date: Thu Oct 31 16:34:17 2013 -0700
lib/scatterlist.c: don't flush_kernel_dcache_page on slab page
commit 3d77b50c5874b7e923be946ba793644f82336b75 upstream.
Commit b1adaf65ba03 ("[SCSI] block: add sg buffer copy helper
functions") introduces two sg buffer copy helpers, and calls
flush_kernel_dcache_page() on pages in SG list after these pages are
written to.
Unfortunately, the commit may introduce a potential bug:
- Before sending some SCSI commands, kmalloc() buffer may be passed to
block layper, so flush_kernel_dcache_page() can see a slab page
finally
- According to cachetlb.txt, flush_kernel_dcache_page() is only called
on "a user page", which surely can't be a slab page.
- ARCH's implementation of flush_kernel_dcache_page() may use page
mapping information to do optimization so page_mapping() will see the
slab page, then VM_BUG_ON() is triggered.
Aaro Koskinen reported the bug on ARM/kirkwood when DEBUG_VM is enabled,
and this patch fixes the bug by adding test of '!PageSlab(miter->page)'
before calling flush_kernel_dcache_page().
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Tested-by: Simon Baatz <gmbnomis@gmail.com>
Cc: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Tejun Heo <tj@kernel.org>
Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c79c7ad9d1398787f907f85afc44cf7d6623027d
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue Oct 29 10:21:34 2013 -0700
Fix a few incorrectly checked [io_]remap_pfn_range() calls
commit 7314e613d5ff9f0934f7a0f74ed7973b903315d1 upstream.
Nico Golde reports a few straggling uses of [io_]remap_pfn_range() that
really should use the vm_iomap_memory() helper. This trivially converts
two of them to the helper, and comments about why the third one really
needs to continue to use remap_pfn_range(), and adds the missing size
check.
Reported-by: Nico Golde <nico@ngolde.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f1e65e494c7914220ac6d87caa126114f46ac462
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat May 11 12:37:38 2013 -0400
au1200fb: io_remap_pfn_range() sets VM_IO
commit 1fca06fafb235a88c4fa91294aa1726c0e22855b upstream.
... and single return is quite sufficient to get out of function, TYVM
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a4c8ae2e72bdb85f6dfdfad82bec0df1e2749ac5
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat May 11 12:38:38 2013 -0400
au1100fb: VM_IO is set by io_remap_pfn_range()
commit c607f450f6e49f5794f27617bedc638b51044d2e upstream.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5fa25ee0bde3ad47e99e9877313a36a9ace95b72
Author: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Date: Wed Aug 7 13:02:53 2013 +0200
uio: provide vm access to UIO_MEM_PHYS maps
commit 7294151d0592e0ff48c61fca9fd7c93d613134da upstream.
This makes it possible to let gdb access mappings of the process that is
being debugged.
uio_mmap_logical was moved and uio_vm_ops renamed to group related code
and differentiate to new stuff.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f80d1c35d87072b46bf47f323f8051c4a5073fb4
Author: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Date: Wed Aug 7 13:02:52 2013 +0200
mm: make generic_access_phys available for modules
commit 5a73633ef01cd8772defa6a3c34a588376a1df4c upstream.
In the next commit this function will be used in the uio subsystem
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 54a702cb065e49976f61d2130c16f585bfba6c44
Author: Baruch Siach <baruch@tkos.co.il>
Date: Tue Oct 15 02:22:43 2013 +0400
xtensa: don't use alternate signal stack on threads
commit cba9a90053e3b7973eff4f1946f33032e98eeed5 upstream.
According to create_thread(3): "The new thread does not inherit the creating
thread's alternate signal stack". Since commit f9a3879a (Fix sigaltstack
corruption among cloned threads), current->sas_ss_size is set to 0 for cloned
processes sharing VM with their parent. Don't use the (nonexistent) alternate
signal stack in this case. This has been broken since commit 29c4dfd9 ([XTENSA]
Remove non-rt signal handling).
Fixes the SA_ONSTACK part of the nptl/tst-cancel20 test from uClibc.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Chris Zankel <chris@zankel.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 079584656265347f310c75fac6f863a6280a17e4
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue Oct 29 22:06:04 2013 +0300
uml: check length in exitcode_proc_write()
commit 201f99f170df14ba52ea4c52847779042b7a623b upstream.
We don't cap the size of buffer from the user so we could write past the
end of the array here. Only root can write to this file.
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e668dd8e47c2bc39c7bc31529dbe21c6169290bf
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue Oct 29 23:00:15 2013 +0300
staging: wlags49_h2: buffer overflow setting station name
commit b5e2f339865fb443107e5b10603e53bbc92dc054 upstream.
We need to check the length parameter before doing the memcpy(). I've
actually changed it to strlcpy() as well so that it's NUL terminated.
You need CAP_NET_ADMIN to trigger these so it's not the end of the
world.
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2958a1199ee79b5ad4cb80a4bf8da95ac602d796
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue Oct 29 23:01:43 2013 +0300
Staging: sb105x: info leak in mp_get_count()
commit a8b33654b1e3b0c74d4a1fed041c9aae50b3c427 upstream.
The icount.reserved[] array isn't initialized so it leaks stack
information to userspace.
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 421a5dcd03c36833cfe3923b6943e999c3770973
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue Oct 29 23:01:11 2013 +0300
Staging: bcm: info leak in ioctl
commit 8d1e72250c847fa96498ec029891de4dc638a5ba upstream.
The DevInfo.u32Reserved[] array isn't initialized so it leaks kernel
information to user space.
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a2f8eb6acf8b40793f3b798b0a63800f38707444
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue Oct 29 22:07:47 2013 +0300
staging: ozwpan: prevent overflow in oz_cdev_write()
commit c2c65cd2e14ada6de44cb527e7f1990bede24e15 upstream.
We need to check "count" so we don't overflow the ei->data buffer.
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2ca317899d45d60805b0b5dc9b6f879a8f93f7c6
Author: Takashi Iwai <tiwai@suse.de>
Date: Mon Oct 28 14:21:49 2013 +0100
ASoC: dapm: Fix source list debugfs outputs
commit ff18620c2157671a8ee21ebb8e6a3520ea209b1f upstream.
... due to a copy & paste error.
Spotted by coverity CID 710923.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0492665d67bb7bdff10f3027a26b9c145fe73ddb
Author: Takashi Iwai <tiwai@suse.de>
Date: Wed Oct 30 08:35:02 2013 +0100
ASoC: wm_hubs: Add missing break in hp_supply_event()
commit 268ff14525edba31da29a12a9dd693cdd6a7872e upstream.
Spotted by coverity CID 115170.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 58dc7706bb9becb535e8861c7b8f33d604381710
Author: Russell King <rmk+kernel@arm.linux.org.uk>
Date: Thu Oct 31 15:01:37 2013 +0000
ALSA: fix oops in snd_pcm_info() caused by ASoC DPCM
commit a4461f41b94cb52e0141af717dcf4ef6558c8e2e upstream.
Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = d5300000
[00000008] *pgd=0d265831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT ARM
CPU: 0 PID: 2295 Comm: vlc Not tainted 3.11.0+ #755
task: dee74800 ti: e213c000 task.ti: e213c000
PC is at snd_pcm_info+0xc8/0xd8
LR is at 0x30232065
pc : [<c031b52c>] lr : [<30232065>] psr: a0070013
sp : e213dea8 ip : d81cb0d0 fp : c05f7678
r10: c05f7770 r9 : fffffdfd r8 : 00000000
r7 : d8a968a8 r6 : d8a96800 r5 : d8a96200 r4 : d81cb000
r3 : 00000000 r2 : d81cb000 r1 : 00000001 r0 : d8a96200
Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 10c5387d Table: 15300019 DAC: 00000015
Process vlc (pid: 2295, stack limit = 0xe213c248)
[<c031b52c>] (snd_pcm_info) from [<c031b570>] (snd_pcm_info_user+0x34/0x9c)
[<c031b570>] (snd_pcm_info_user) from [<c03164a4>] (snd_pcm_control_ioctl+0x274/0x280)
[<c03164a4>] (snd_pcm_control_ioctl) from [<c0311458>] (snd_ctl_ioctl+0xc0/0x55c)
[<c0311458>] (snd_ctl_ioctl) from [<c00eca84>] (do_vfs_ioctl+0x80/0x31c)
[<c00eca84>] (do_vfs_ioctl) from [<c00ecd5c>] (SyS_ioctl+0x3c/0x60)
[<c00ecd5c>] (SyS_ioctl) from [<c000e500>] (ret_fast_syscall+0x0/0x48)
Code: e1a00005 e59530dc e3a01001 e1a02004 (e5933008)
---[ end trace cb3d9bdb8dfefb3c ]---
This is provoked when the ASoC front end is open along with its backend,
(which causes the backend to have a runtime assigned to it) and then the
SNDRV_CTL_IOCTL_PCM_INFO is requested for the (visible) backend device.
Resolve this by ensuring that ASoC internal backend devices are not
visible to userspace, just as the commentry for snd_pcm_new_internal()
says it should be.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f08830dbf7af3b9c551d3112425a2d1b3c2757df
Author: Takashi Iwai <tiwai@suse.de>
Date: Wed Oct 30 12:29:40 2013 +0100
ALSA: hda - Add a fixup for ASUS N76VZ
commit 6fc16e58adf50c0f1e4478538983fb5ff6f453d4 upstream.
ASUS N76VZ needs the same fixup as N56VZ for supporting the boost
speaker.
Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=846529
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c9e32ffdbe042276914daac9cdc737b8896eace6
Author: Takashi Iwai <tiwai@suse.de>
Date: Thu Oct 24 01:20:24 2013 +0200
ALSA: hda - Fix unbalanced runtime PM refcount after S3/S4
commit e6bbe666673ab044a3d39ddb74e4d9a401cf1d6f upstream.
When a machine goes to S3/S4 after power-save is enabled, the runtime
PM refcount might be incorrectly decreased because the power-down
triggered soon after resume assumes that the controller was already
powered up, and issues the pm_notify down.
This patch fixes the incorrect pm_notify call simply by checking the
current value properly.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8fde18bd74c8f30094bc47edf2c9ed19478661de
Author: Takashi Iwai <tiwai@suse.de>
Date: Fri Oct 25 23:43:10 2013 +0200
ALSA: hda - Add missing initial vmaster hook at build_controls callback
commit b63eae0a6c84839275a4638a7baa391be965cd0e upstream.
The generic parser has a support of vmaster hook, but this is
initialized only in the init callback with the check of the presence
of the corresponding kctl. However, since kctl is NULL at the very
first init callback that is called before build_controls callback, the
vmaster hook sync is skipped there. Eventually this leads to the
uninitialized state depending on the hook implementation.
This patch adds a simple workaround, just calling the sync function
explicitly at build_controls callback.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 40a894023d9a4c58379eb4f2ac12e40a2fe014d3
Author: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Date: Sat Nov 2 17:47:49 2013 +0530
ARC: Incorrect mm reference used in vmalloc fault handler
commit 9c41f4eeb9d51f3ece20428d35a3ea32cf3b5622 upstream.
A vmalloc fault needs to sync up PGD/PTE entry from init_mm to current
task's "active_mm". ARC vmalloc fault handler however was using mm.
A vmalloc fault for non user task context (actually pre-userland, from
init thread's open for /dev/console) caused the handler to deref NULL mm
(for mm->pgd)
The reasons it worked so far is amazing:
1. By default (!SMP), vmalloc fault handler uses a cached value of PGD.
In SMP that MMU register is repurposed hence need for mm pointer deref.
2. In pre-3.12 SMP kernel, the problem triggering vmalloc didn't exist in
pre-userland code path - it was introduced with commit 20bafb3d23d108bc
"n_tty: Move buffers into n_tty_data"
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: Noam Camus <noamc@ezchip.com>
Cc: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 27b840ea211f8a36fadabaa07ef94fb1b45730c3
Author: Ming Lei <tom.leiming@gmail.com>
Date: Sat Nov 2 09:11:33 2013 +1030
scripts/kallsyms: filter symbols not in kernel address space
commit f6537f2f0eba4eba3354e48dbe3047db6d8b6254 upstream.
This patch uses CONFIG_PAGE_OFFSET to filter symbols which
are not in kernel address space because these symbols are
generally for generating code purpose and can't be run at
kernel mode, so we needn't keep them in /proc/kallsyms.
For example, on ARM there are some symbols which may be
linked in relocatable code section, then perf can't parse
symbols any more from /proc/kallsyms, this patch fixes the
problem (introduced b9b32bf70f2fb710b07c94e13afbc729afe221da)
Cc: Russell King <linux@arm.linux.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Michal Marek <mmarek@suse.cz>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit daa73ffb82d3e6135de12ca879c373bbd5a9f41b
Author: Helge Deller <deller@gmx.de>
Date: Sat Oct 26 23:19:25 2013 +0200
parisc: Do not crash 64bit SMP kernels on machines with >= 4GB RAM
commit 54e181e073fc1415e41917d725ebdbd7de956455 upstream.
Since the beginning of the parisc-linux port, sometimes 64bit SMP kernels were
not able to bring up other CPUs than the monarch CPU and instead crashed the
kernel. The reason was unclear, esp. since it involved various machines (e.g.
J5600, J6750 and SuperDome). Testing showed, that those crashes didn't happened
when less than 4GB were installed, or if a 32bit Linux kernel was booted.
In the end, the fix for those SMP problems is trivial:
During the early phase of the initialization of the CPUs, including the monarch
CPU, the PDC_PSW firmware function to enable WIDE (=64bit) mode is called.
It's documented that this firmware function may clobber various registers, and
one one of those possibly clobbered registers is %cr30 which holds the task
thread info pointer.
Now, if %cr30 would always have been clobbered, then this bug would have been
detected much earlier. But lots of testing finally showed, that - at least for
%cr30 - on some machines only the upper 32bits of the 64bit register suddenly
turned zero after the firmware call.
So, after finding the root cause, the explanation for the various crashes
became clear:
- On 32bit SMP Linux kernels all upper 32bit were zero, so we didn't faced this
problem.
- Monarch CPUs in 64bit mode always booted sucessfully, because the inital task
thread info pointer was below 4GB.
- Secondary CPUs booted sucessfully on machines with less than 4GB RAM because
the upper 32bit were zero anyay.
- Secondary CPus failed to boot if we had more than 4GB RAM and the task thread
info pointer was located above the 4GB boundary.
Finally, the patch to fix this problem is trivial by saving the %cr30 register
before the firmware call and restoring it afterwards.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b5b02b140665d016236918cb88b88f6249050605
Author: Thomas Gleixner <tglx@linutronix.de>
Date: Tue Sep 24 21:50:23 2013 +0200
clockevents: Sanitize ticks to nsec conversion
commit 97b9410643475d6557d2517c2aff9fd2221141a9 upstream.
Marc Kleine-Budde pointed out, that commit 77cc982 "clocksource: use
clockevents_config_and_register() where possible" caused a regression
for some of the converted subarchs.
The reason is, that the clockevents core code converts the minimal
hardware tick delta to a nanosecond value for core internal
usage. This conversion is affected by integer math rounding loss, so
the backwards conversion to hardware ticks will likely result in a
value which is less than the configured hardware limitation. The
affected subarchs used their own workaround (SIGH!) which got lost in
the conversion.
The solution for the issue at hand is simple: adding evt->mult - 1 to
the shifted value before the integer divison in the core conversion
function takes care of it. But this only works for the case where for
the scaled math mult/shift pair "mult <= 1 << shift" is true. For the
case where "mult > 1 << shift" we can apply the rounding add only for
the minimum delta value to make sure that the backward conversion is
not less than the given hardware limit. For the upper bound we need to
omit the rounding add, because the backwards conversion is always
larger than the original latch value. That would violate the upper
bound of the hardware device.
Though looking closer at the details of that function reveals another
bogosity: The upper bounds check is broken as well. Checking for a
resulting "clc" value greater than KTIME_MAX after the conversion is
pointless. The conversion does:
u64 clc = (latch << evt->shift) / evt->mult;
So there is no sanity check for (latch << evt->shift) exceeding the
64bit boundary. The latch argument is "unsigned long", so on a 64bit
arch the handed in argument could easily lead to an unnoticed shift
overflow. With the above rounding fix applied the calculation before
the divison is:
u64 clc = (latch << evt->shift) + evt->mult - 1;
So we need to make sure, that neither the shift nor the rounding add
is overflowing the u64 boundary.
[ukl: move assignment to rnd after eventually changing mult, fix build
issue and correct comment with the right math]
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: nicolas.ferre@atmel.com
Cc: Marc Pignat <marc.pignat@hevs.ch>
Cc: john.stultz@linaro.org
Cc: kernel@pengutronix.de
Cc: Ronald Wahl <ronald.wahl@raritan.com>
Cc: LAK <linux-arm-kernel@lists.infradead.org>
Cc: Ludovic Desroches <ludovic.desroches@atmel.com>
Link: http://lkml.kernel.org/r/1380052223-24139-1-git-send-email-u.kleine-koenig@pengutronix.de
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 722b78bc8a42b6910c291266e87abe2e63dc750f
Author: Nicholas Bellinger <nab@linux-iscsi.org>
Date: Fri Oct 25 10:44:15 2013 -0700
vhost/scsi: Fix incorrect usage of get_user_pages_fast write parameter
commit 60a01f558af9c48b0bb31f303c479e32721add3f upstream.
This patch addresses a long-standing bug where the get_user_pages_fast()
write parameter used for setting the underlying page table entry permission
bits was incorrectly set to write=1 for data_direction=DMA_TO_DEVICE, and
passed into get_user_pages_fast() via vhost_scsi_map_iov_to_sgl().
However, this parameter is intended to signal WRITEs to pinned userspace
PTEs for the virtio-scsi DMA_FROM_DEVICE -> READ payload case, and *not*
for the virtio-scsi DMA_TO_DEVICE -> WRITE payload case.
This bug would manifest itself as random process segmentation faults on
KVM host after repeated vhost starts + stops and/or with lots of vhost
endpoints + LUNs.
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Asias He <asias@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f21abb623ac78e2e9248057282d0de4e9b82e616
Author: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Date: Fri Oct 25 21:53:33 2013 +0800
target/pscsi: fix return value check
commit 58932e96e438cd78f75e765d7b87ef39d3533d15 upstream.
In case of error, the function scsi_host_lookup() returns NULL
pointer not ERR_PTR(). The IS_ERR() test in the return value check
should be replaced with NULL test.
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ed840bec21c6f2f99ca34e974a5905e4f2116c1b
Author: Lukasz Dorau <lukasz.dorau@intel.com>
Date: Thu Oct 24 12:55:17 2013 +1100
md: Fix skipping recovery for read-only arrays.
commit 61e4947c99c4494336254ec540c50186d186150b upstream.
Since:
commit 7ceb17e87bde79d285a8b988cfed9eaeebe60b86
md: Allow devices to be re-added to a read-only array.
spares are activated on a read-only array. In case of raid1 and raid10
personalities it causes that not-in-sync devices are marked in-sync
without checking if recovery has been finished.
If a read-only array is degraded and one of its devices is not in-sync
(because the array has been only partially recovered) recovery will be skipped.
This patch adds checking if recovery has been finished before marking a device
in-sync for raid1 and raid10 personalities. In case of raid5 personality
such condition is already present (at raid5.c:6029).
Bug was introduced in 3.10 and causes data corruption.
Signed-off-by: Pawel Baldysiak <pawel.baldysiak@intel.com>
Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0465496671f4769e0f4f00481ce5bc5598c5caa2
Author: Bian Yu <bianyu@kedacom.com>
Date: Sat Oct 12 01:10:03 2013 -0400
md: avoid deadlock when md_set_badblocks.
commit 905b0297a9533d7a6ee00a01a990456636877dd6 upstream.
When operate harddisk and hit errors, md_set_badblocks is called after
scsi_restart_operations which already disabled the irq. but md_set_badblocks
will call write_sequnlock_irq and enable irq. so softirq can preempt the
current thread and that may cause a deadlock. I think this situation should
use write_sequnlock_irqsave/irqrestore instead.
I met the situation and the call trace is below:
[ 638.919974] BUG: spinlock recursion on CPU#0, scsi_eh_13/1010
[ 638.921923] lock: 0xffff8800d4d51fc8, .magic: dead4ead, .owner: scsi_eh_13/1010, .owner_cpu: 0
[ 638.923890] CPU: 0 PID: 1010 Comm: scsi_eh_13 Not tainted 3.12.0-rc5+ #37
[ 638.925844] Hardware name: To be filled by O.E.M. To be filled by O.E.M./MAHOBAY, BIOS 4.6.5 03/05/2013
[ 638.927816] ffff880037ad4640 ffff880118c03d50 ffffffff8172ff85 0000000000000007
[ 638.929829] ffff8800d4d51fc8 ffff880118c03d70 ffffffff81730030 ffff8800d4d51fc8
[ 638.931848] ffffffff81a72eb0 ffff880118c03d90 ffffffff81730056 ffff8800d4d51fc8
[ 638.933884] Call Trace:
[ 638.935867] <IRQ> [<ffffffff8172ff85>] dump_stack+0x55/0x76
[ 638.937878] [<ffffffff81730030>] spin_dump+0x8a/0x8f
[ 638.939861] [<ffffffff81730056>] spin_bug+0x21/0x26
[ 638.941836] [<ffffffff81336de4>] do_raw_spin_lock+0xa4/0xc0
[ 638.943801] [<ffffffff8173f036>] _raw_spin_lock+0x66/0x80
[ 638.945747] [<ffffffff814a73ed>] ? scsi_device_unbusy+0x9d/0xd0
[ 638.947672] [<ffffffff8173fb1b>] ? _raw_spin_unlock+0x2b/0x50
[ 638.949595] [<ffffffff814a73ed>] scsi_device_unbusy+0x9d/0xd0
[ 638.951504] [<ffffffff8149ec47>] scsi_finish_command+0x37/0xe0
[ 638.953388] [<ffffffff814a75e8>] scsi_softirq_done+0xa8/0x140
[ 638.955248] [<ffffffff8130e32b>] blk_done_softirq+0x7b/0x90
[ 638.957116] [<ffffffff8104fddd>] __do_softirq+0xfd/0x330
[ 638.958987] [<ffffffff810b964f>] ? __lock_release+0x6f/0x100
[ 638.960861] [<ffffffff8174a5cc>] call_softirq+0x1c/0x30
[ 638.962724] [<ffffffff81004c7d>] do_softirq+0x8d/0xc0
[ 638.964565] [<ffffffff8105024e>] irq_exit+0x10e/0x150
[ 638.966390] [<ffffffff8174ad4a>] smp_apic_timer_interrupt+0x4a/0x60
[ 638.968223] [<ffffffff817499af>] apic_timer_interrupt+0x6f/0x80
[ 638.970079] <EOI> [<ffffffff810b964f>] ? __lock_release+0x6f/0x100
[ 638.971899] [<ffffffff8173fa6a>] ? _raw_spin_unlock_irq+0x3a/0x50
[ 638.973691] [<ffffffff8173fa60>] ? _raw_spin_unlock_irq+0x30/0x50
[ 638.975475] [<ffffffff81562393>] md_set_badblocks+0x1f3/0x4a0
[ 638.977243] [<ffffffff81566e07>] rdev_set_badblocks+0x27/0x80
[ 638.978988] [<ffffffffa00d97bb>] raid5_end_read_request+0x36b/0x4e0 [raid456]
[ 638.980723] [<ffffffff811b5a1d>] bio_endio+0x1d/0x40
[ 638.982463] [<ffffffff81304ff3>] req_bio_endio.isra.65+0x83/0xa0
[ 638.984214] [<ffffffff81306b9f>] blk_update_request+0x7f/0x350
[ 638.985967] [<ffffffff81306ea1>] blk_update_bidi_request+0x31/0x90
[ 638.987710] [<ffffffff813085e0>] __blk_end_bidi_request+0x20/0x50
[ 638.989439] [<ffffffff8130862f>] __blk_end_request_all+0x1f/0x30
[ 638.991149] [<ffffffff81308746>] blk_peek_request+0x106/0x250
[ 638.992861] [<ffffffff814a62a9>] ? scsi_kill_request.isra.32+0xe9/0x130
[ 638.994561] [<ffffffff814a633a>] scsi_request_fn+0x4a/0x3d0
[ 638.996251] [<ffffffff813040a7>] __blk_run_queue+0x37/0x50
[ 638.997900] [<ffffffff813045af>] blk_run_queue+0x2f/0x50
[ 638.999553] [<ffffffff814a5750>] scsi_run_queue+0xe0/0x1c0
[ 639.001185] [<ffffffff814a7721>] scsi_run_host_queues+0x21/0x40
[ 639.002798] [<ffffffff814a2e87>] scsi_restart_operations+0x177/0x200
[ 639.004391] [<ffffffff814a4fe9>] scsi_error_handler+0xc9/0xe0
[ 639.005996] [<ffffffff814a4f20>] ? scsi_unjam_host+0xd0/0xd0
[ 639.007600] [<ffffffff81072f6b>] kthread+0xdb/0xe0
[ 639.009205] [<ffffffff81072e90>] ? flush_kthread_worker+0x170/0x170
[ 639.010821] [<ffffffff81748cac>] ret_from_fork+0x7c/0xb0
[ 639.012437] [<ffffffff81072e90>] ? flush_kthread_worker+0x170/0x170
This bug was introduce in commit 2e8ac30312973dd20e68073653
(the first time rdev_set_badblock was call from interrupt context),
so this patch is appropriate for 3.5 and subsequent kernels.
Signed-off-by: Bian Yu <bianyu@kedacom.com>
Reviewed-by: Jianpeng Ma <majianpeng@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1946436e87d13b44bbf69a37cb7fe07477bb5117
Author: Gwendal Grignou <gwendal@google.com>
Date: Fri Aug 7 16:17:49 2009 -0700
libata: make ata_eh_qc_retry() bump scmd->allowed on bogus failures
commit f13e220161e738c2710b9904dcb3cf8bb0bcce61 upstream.
libata EH decrements scmd->retries when the command failed for reasons
unrelated to the command itself so that, for example, commands aborted
due to suspend / resume cycle don't get penalized; however,
decrementing scmd->retries isn't enough for ATA passthrough commands.
Without this fix, ATA passthrough commands are not resend to the
drive, and no error is signalled to the caller because:
- allowed retry count is 1
- ata_eh_qc_complete fill the sense data, so result is valid
- sense data is filled with untouched ATA registers.
Signed-off-by: Gwendal Grignou <gwendal@google.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 01e608d7276508fcafb76f2092db89885e62ef66
Author: Shaohua Li <shli@kernel.org>
Date: Sat Oct 19 14:51:42 2013 +0800
raid5: avoid finding "discard" stripe
commit d47648fcf0611812286f68131b40251c6fa54f5e upstream.
SCSI discard will damage discard stripe bio setting, eg, some fields are
changed. If the stripe is reused very soon, we have wrong bios setting. We
remove discard stripe from hash list, so next time the strip will be fully
initialized.
Suitable for backport to 3.7+.
Signed-off-by: Shaohua Li <shli@fusionio.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7e44a92662ce582268c4f35e68aad1f632ada8f8
Author: Shaohua Li <shli@kernel.org>
Date: Sat Oct 19 14:50:28 2013 +0800
raid5: set bio bi_vcnt 0 for discard request
commit 37c61ff31e9b5e3fcf3cc6579f5c68f6ad40c4b1 upstream.
SCSI layer will add new payload for discard request. If two bios are merged
to one, the second bio has bi_vcnt 1 which is set in raid5. This will confuse
SCSI and cause oops.
Suitable for backport to 3.7+
Reported-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Shaohua Li <shli@fusionio.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4053771449476d9c323bd00c0c87bbd390588e55
Author: Geyslan G. Bem <geyslan@gmail.com>
Date: Fri Oct 11 16:49:16 2013 -0300
ecryptfs: Fix memory leakage in keystore.c
commit 3edc8376c06133e3386265a824869cad03a4efd4 upstream.
In 'decrypt_pki_encrypted_session_key' function:
Initializes 'payload' pointer and releases it on exit.
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit da0d4136d107d926273c227fdeaf805159044f66
Author: Aaron Lu <aaron.lu@intel.com>
Date: Thu Oct 10 13:22:36 2013 +0800
SCSI: sd: call blk_pm_runtime_init before add_disk
commit 10c580e4239df5c3344ca00322eca86ab2de880b upstream.
Sujit has found a race condition that would make q->nr_pending
unbalanced, it occurs as Sujit explained:
"
sd_probe_async() ->
add_disk() ->
disk_add_event() ->
schedule(disk_events_workfn)
sd_revalidate_disk()
blk_pm_runtime_init()
return;
Let's say the disk_events_workfn() calls sd_check_events() which tries
to send test_unit_ready() and because of sd_revalidate_disk() trying to
send another commands the test_unit_ready() might be re-queued as the
tagged command queuing is disabled.
So the race condition is -
Thread 1 | Thread 2
sd_revalidate_disk() | sd_check_events()
...nr_pending = 0 as q->dev = NULL| scsi_queue_insert()
blk_runtime_pm_init() | blk_pm_requeue_request() ->
| nr_pending = -1 since
| q->dev != NULL
"
The problem is, the test_unit_ready request doesn't get counted the
first time it is queued, so the later decrement of q->nr_pending in
blk_pm_requeue_request makes it unbalanced.
Fix this by calling blk_pm_runtime_init before add_disk so that all
requests initiated there will all be counted.
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
Reported-and-tested-by: Sujit Reddy Thumma <sthumma@codeaurora.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d60241f65bdc363f1be2b099bd98ff13a96c1f0d
Author: Marc Kleine-Budde <mkl@pengutronix.de>
Date: Fri Oct 4 10:52:36 2013 +0200
can: flexcan: flexcan_chip_start: fix regression, mark one MB for TX and abort pending TX
commit d5a7b406c529e4595ce03dc8f6dcf7fa36f106fa upstream.
In patch
0d1862e can: flexcan: fix flexcan_chip_start() on imx6
the loop in flexcan_chip_start() that iterates over all mailboxes after the
soft reset of the CAN core was removed. This loop put all mailboxes (even the
ones marked as reserved 1...7) into EMPTY/INACTIVE mode. On mailboxes 8...63,
this aborts any pending TX messages.
After a cold boot there is random garbage in the mailboxes, which leads to
spontaneous transmit of CAN frames during first activation. Further if the
interface was disabled with a pending message (usually due to an error
condition on the CAN bus), this message is retransmitted after enabling the
interface again.
This patch fixes the regression by:
1) Limiting the maximum number of used mailboxes to 8, 0...7 are used by the RX
FIFO, 8 is used by TX.
2) Marking the TX mailbox as EMPTY/INACTIVE, so that any pending TX of that
mailbox is aborted.
Cc: Lothar Waßmann <LW@KARO-electronics.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e350ff50bcd46d650d56015a1416c622d057ec90
Author: Marc Kleine-Budde <mkl@pengutronix.de>
Date: Thu Oct 3 23:51:55 2013 +0200
can: flexcan: fix mx28 detection by rearanging OF match table
commit e358784297992b012e8071764d996191dd2b1a54 upstream.
The current implemetation of of_match_device() relies that the of_device_id
table in the driver is sorted from most specific to least specific compatible.
Without this patch the mx28 is detected as the less specific p1010. This leads
to a p1010 specific workaround is activated on the mx28, which is not needed.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1a64b62db0883ba42db1c3860a8aa25aa398e020
Author: Marc Kleine-Budde <mkl@pengutronix.de>
Date: Wed Oct 9 12:19:19 2013 +0200
can: at91-can: fix device to driver data mapping for platform devices
commit 5abbeea553c8260ed4e2ac4aae962aff800b6c6d upstream.
In commit:
3078cde7 can: at91_can: add dt support
device tree support was added to the at91_can driver. In this commit the
mapping of device to driver data was mixed up. This results in the sam9x5
parameters being used for the sam9263 and the workaround for the broken mailbox
0 on the sam9263 not being activated.
This patch fixes the broken platform_device_id table.
Cc: Ludovic Desroches <ludovic.desroches@atmel.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4ac4eb6520aa52f77be36780bbe5b17ca3bce983
Author: Dave Kleikamp <dave.kleikamp@oracle.com>
Date: Fri Sep 6 21:49:56 2013 -0500
jfs: fix error path in ialloc
commit 8660998608cfa1077e560034db81885af8e1e885 upstream.
If insert_inode_locked() fails, we shouldn't be calling
unlock_new_inode().
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Tested-by: Michael L. Semon <mlsemon35@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fa2025dc177d9bef300b48289b689a5d667f5ae9
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Tue Sep 24 19:34:26 2013 +0300
iwlwifi: pcie: add SKUs for 6000, 6005 and 6235 series
commit 08a5dd3842f2ac61c6d69661d2d96022df8ae359 upstream.
Add some new PCI IDs to the table for 6000, 6005 and 6235 series.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3af669ca9923d504d5476bcfe04eaf4bbde03515
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: Tue Oct 8 10:18:20 2013 -0500
rtlwifi: rtl8192cu: Fix error in pointer arithmetic
commit 9473ca6e920a3b9ca902753ce52833657f9221cc upstream.
An error in calculating the offset in an skb causes the driver to read
essential device info from the wrong locations. The main effect is that
automatic gain calculations are nonsense.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6f2c0ed7835fd30d6c137198cf1dc964f061f132
Author: Amitkumar Karwar <akarwar@marvell.com>
Date: Fri Sep 27 10:55:38 2013 -0700
mwifiex: fix SDIO interrupt lost issue
commit 453b0c3f6910672f79da354077af728d92f95c5b upstream.
601216e "mwifiex: process RX packets in SDIO IRQ thread directly"
introduced a command timeout issue which can be reproduced easily on
an AM33xx platform using a test application written by Daniel Mack:
https://gist.github.com/zonque/6579314
mwifiex_main_process() is called from both the SDIO handler and
the workqueue. In case an interrupt occurs right after the
int_status check, but before updating the mwifiex_processing flag,
this interrupt gets lost, resulting in a command timeout and
consequently a card reset.
Let main_proc_lock protect both int_status and mwifiex_processing
flag. This fixes the interrupt lost issue.
Reported-by: Sven Neumann <s.neumann@raumfeld.com>
Reported-by: Andreas Fenkart <andreas.fenkart@streamunlimited.com>
Tested-by: Daniel Mack <zonque@gmail.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Paul Stewart <pstew@chromium.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e83301f88258e3f204392cf59b0ffd706a051a26
Author: Bruno Randolf <br1@einfach.org>
Date: Thu Sep 26 16:55:28 2013 +0100
cfg80211: fix warning when using WEXT for IBSS
commit f478f33a93f9353dcd1fe55445343d76b1c3f84a upstream.
Fix kernel warning when using WEXT for configuring ad-hoc mode,
e.g. "iwconfig wlan0 essid test channel 1"
WARNING: at net/wireless/chan.c:373 cfg80211_chandef_usable+0x50/0x21c [cfg80211]()
The warning is caused by an uninitialized variable center_freq1.
Signed-off-by: Bruno Randolf <br1@einfach.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fc756d89ff073a9c7fb8e4788fa63705d3d8f2a2
Author: Felix Fietkau <nbd@openwrt.org>
Date: Sat Oct 5 14:09:30 2013 +0200
ath9k: fix tx queue scheduling after channel changes
commit ec30326ea773900da210c495e14cfeb532550ba2 upstream.
Otherwise, if queues are full during a scan, tx scheduling does not
resume after switching back to the home channel.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0b1621f62382e9b6f97b35861e9ade1a979b95b8
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri Oct 11 15:47:06 2013 +0200
mac80211: fix crash if bitrate calculation goes wrong
commit d86aa4f8ca58898ec6a94c0635da20b948171ed7 upstream.
If a frame's timestamp is calculated, and the bitrate
calculation goes wrong and returns zero, the system
will attempt to divide by zero and crash. Catch this
case and print the rate information that the driver
reported when this happens.
Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 31da12cec6d7882acb2bd968566b1cfbbcae695a
Author: Felix Fietkau <nbd@openwrt.org>
Date: Sun Sep 29 21:39:34 2013 +0200
mac80211: update sta->last_rx on acked tx frames
commit 0c5b93290b2f3c7a376567c03ae8d385b0e99851 upstream.
When clients are idle for too long, hostapd sends nullfunc frames for
probing. When those are acked by the client, the idle time needs to be
updated.
To make this work (and to avoid unnecessary probing), update sta->last_rx
whenever an ACK was received for a tx packet. Only do this if the flag
IEEE80211_HW_REPORTS_TX_ACK_STATUS is set.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8d4f150d4e8d52a761e424f9f640c57cd118105f
Author: Felix Fietkau <nbd@openwrt.org>
Date: Sun Sep 29 21:39:33 2013 +0200
mac80211: use sta_info_get_bss() for nl80211 tx and client probing
commit 03bb7f42765ce596604f03d179f3137d7df05bba upstream.
This allows calls for clients in AP_VLANs (e.g. for 4-addr) to succeed
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d7da0fc72d073181e65970edad0a9461542e02c6
Author: Felix Fietkau <nbd@openwrt.org>
Date: Tue Sep 17 11:15:43 2013 +0200
mac80211: drop spoofed packets in ad-hoc mode
commit 6329b8d917adc077caa60c2447385554130853a3 upstream.
If an Ad-Hoc node receives packets with the Cell ID or its own MAC
address as source address, it hits a WARN_ON in sta_info_insert_check()
With many packets, this can massively spam the logs. One way that this
can easily happen is through having Cisco APs in the area with rouge AP
detection and countermeasures enabled.
Such Cisco APs will regularly send fake beacons, disassoc and deauth
packets that trigger these warnings.
To fix this issue, drop such spoofed packets early in the rx path.
Reported-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 715a606d73f63e94259e6251565e6e12e3271d0f
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Mon Sep 16 11:12:07 2013 +0300
mac80211: correctly close cancelled scans
commit a754055a1296fcbe6f32de3a5eaca6efb2fd1865 upstream.
__ieee80211_scan_completed is called from a worker. This
means that the following flow is possible.
* driver calls ieee80211_scan_completed
* mac80211 cancels the scan (that is already complete)
* __ieee80211_scan_completed runs
When scan_work will finally run, it will see that the scan
hasn't been aborted and might even trigger another scan on
another band. This leads to a situation where cfg80211's
scan is not done and no further scan can be issued.
Fix this by setting a new flag when a HW scan is being
cancelled so that no other scan will be triggered.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5be794dc4bb66266acc91eb589ace48e82a6c77e
Author: Anjana V Kumar <anjanavk12@gmail.com>
Date: Sat Oct 12 10:59:17 2013 +0800
cgroup: fix to break the while loop in cgroup_attach_task() correctly
commit ea84753c98a7ac6b74e530b64c444a912b3835ca upstream.
Both Anjana and Eunki reported a stall in the while_each_thread loop
in cgroup_attach_task().
It's because, when we attach a single thread to a cgroup, if the cgroup
is exiting or is already in that cgroup, we won't break the loop.
If the task is already in the cgroup, the bug can lead to another thread
being attached to the cgroup unexpectedly:
# echo 5207 > tasks
# cat tasks
5207
# echo 5207 > tasks
# cat tasks
5207
5215
What's worse, if the task to be attached isn't the leader of the thread
group, we might never exit the loop, hence cpu stall. Thanks for Oleg's
analysis.
This bug was introduced by commit 081aa458c38ba576bdd4265fc807fa95b48b9e79
("cgroup: consolidate cgroup_attach_task() and cgroup_attach_proc()")
[ lizf: - fixed the first continue, pointed out by Oleg,
- rewrote changelog. ]
Reported-by: Eunki Kim <eunki_kim@samsung.com>
Reported-by: Anjana V Kumar <anjanavk12@gmail.com>
Signed-off-by: Anjana V Kumar <anjanavk12@gmail.com>
Signed-off-by: Li Zefan <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 955a23e181561a792d6e4c1572848b7ba306499f
Author: Kent Overstreet <kmo@daterainc.com>
Date: Tue Oct 22 15:35:50 2013 -0700
bcache: Fixed incorrect order of arguments to bio_alloc_bioset()
commit d4eddd42f592a0cf06818fae694a3d271f842e4d upstream.
Signed-off-by: Kent Overstreet <kmo@daterainc.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f606b358df6e174cd57f0509e5f5299bd4a73854
Author: Dirk Brandewie <dirk.j.brandewie@intel.com>
Date: Tue Oct 15 11:06:14 2013 -0700
cpufreq / intel_pstate: Fix max_perf_pct on resume
commit 52e0a509e5d6f902ec26bc2a8bb02b137dc453be upstream.
If the system is suspended while max_perf_pct is less than 100 percent
or no_turbo set policy->{min,max} will be set incorrectly with scaled
values which turn the scaled values into hard limits.
References: https://bugzilla.kernel.org/show_bug.cgi?id=61241
Reported-by: Patrick Bartels <petzicus@googlemail.com>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 40f3a9e5aea1753ececbcbbfe483b0c05788b001
Author: Russ Anderson <rja@sgi.com>
Date: Mon Oct 14 11:17:34 2013 -0500
x86: Update UV3 hub revision ID
commit dd3c9c4b603c664fedc12facf180db0f1794aafe upstream.
The UV3 hub revision ID is different than expected. The first
revision was supposed to start at 1 but instead will start at 0.
Signed-off-by: Russ Anderson <rja@sgi.com>
Link: http://lkml.kernel.org/r/20131014161733.GA6274@sgi.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a73e47ff525d2a69d61767a5928ba00937f77e1b
Author: Алексей Крамаренко <alexeyk13@yandex.ru>
Date: Fri Nov 1 17:26:38 2013 +0400
USB: serial: ftdi_sio: add id for Z3X Box device
commit e1466ad5b1aeda303f9282463d55798d2eda218c upstream.
Custom VID/PID for Z3X Box device, popular tool for cellphone flashing.
Signed-off-by: Alexey E. Kramarenko <alexeyk13@yandex.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 59fa93ea76e2de29910bab0a49dbb14f56b79aea
Author: Oliver Neukum <oneukum@suse.de>
Date: Wed Oct 16 12:26:07 2013 +0200
USB: quirks: add touchscreen that is dazzeled by remote wakeup
commit 614ced91fc6fbb5a1cdd12f0f1b6c9197d9f1350 upstream.
The device descriptors are messed up after remote wakeup
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ac1acaf7b6cb48562f6466e4f793d0f24a5726d8
Author: Oliver Neukum <oneukum@suse.de>
Date: Mon Oct 14 16:22:40 2013 +0200
USB: quirks.c: add one device that cannot deal with suspension
commit 4294bca7b423d1a5aa24307e3d112a04075e3763 upstream.
The device is not responsive when resumed, unless it is reset.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 75094c77c2e413cf85ca797f9f352ecc4c3533ad
Author: Fangxiaozhi (Franko) <fangxiaozhi@huawei.com>
Date: Fri Oct 11 03:48:21 2013 +0000
USB: support new huawei devices in option.c
commit d544db293a44a2a3b09feab7dbd59668b692de71 upstream.
Add new supporting declarations to option.c, to support Huawei new
devices with new bInterfaceSubClass value.
Signed-off-by: fangxiaozhi <huananhu@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b910ef250be4f872e383c62d1dfc40641b6f1c5b
Author: Oliver Neukum <oneukum@suse.de>
Date: Mon Oct 14 15:24:55 2013 +0200
usb-storage: add quirk for mandatory READ_CAPACITY_16
commit 32c37fc30c52508711ea6a108cfd5855b8a07176 upstream.
Some USB drive enclosures do not correctly report an
overflow condition if they hold a drive with a capacity
over 2TB and are confronted with a READ_CAPACITY_10.
They answer with their capacity modulo 2TB.
The generic layer cannot cope with that. It must be told
to use READ_CAPACITY_16 from the beginning.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>