Commit Graph

312017 Commits

Author SHA1 Message Date
Sage Weil 5bdca4e076 libceph: fix messenger retry
In ancient times, the messenger could both initiate and accept connections.
An artifact if that was data structures to store/process an incoming
ceph_msg_connect request and send an outgoing ceph_msg_connect_reply.
Sadly, the negotiation code was referencing those structures and ignoring
important information (like the peer's connect_seq) from the correct ones.

Among other things, this fixes tight reconnect loops where the server sends
RETRY_SESSION and we (the client) retries with the same connect_seq as last
time.  This bug pretty easily triggered by injecting socket failures on the
MDS and running some fs workload like workunits/direct_io/test_sync_io.

Signed-off-by: Sage Weil <sage@inktank.com>
2012-07-17 19:35:59 -07:00
Linus Torvalds a018540141 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) IPVS oops'ers:
   a) Should not reset skb->nf_bridge in forwarding hook (Lin Ming)
   b) 3.4 commit can cause ip_vs_control_cleanup to be invoked after
      the ipvs_core_ops are unregistered during rmmod (Julian ANastasov)

 2) ixgbevf bringup failure can crash in TX descriptor cleanup
    (Alexander Duyck)

 3) AX25 switch missing break statement hoses ROSE sockets (Alan Cox)

 4) CAIF accesses freed per-net memory (Sjur Brandeland)

 5) Network cgroup code has out-or-bounds accesses (Eric DUmazet), and
    accesses freed memory (Gao Feng)

 6) Fix a crash in SCTP reported by Dave Jones caused by freeing an
    association still on a list (Neil HOrman)

 7) __netdev_alloc_skb() regresses on GFP_DMA using drivers because that
    GFP flag is not being retained for the allocation (Eric Dumazet).

 8) Missing NULL hceck in sch_sfb netlink message parsing (Alan Cox)

 9) bnx2 crashes because TX index iteration is not bounded correctly
    (Michael Chan)

10) IPoIB generates warnings in TCP queue collapsing (via
    skb_try_coalesce) because it does not set skb->truesize correctly
    (Eric Dumazet)

11) vlan_info objects leak for the implicit vlan with ID 0 (Amir
    Hanania)

12) A fix for TX time stamp handling in gianfar does not transfer socket
    ownership from one packet to another correctly, resulting in a
    socket write space imbalance (Eric Dumazet)

13) Julia Lawall found several cases where we do a list iteration, and
    then at the loop termination unconditionally assume we ended up with
    real list object, rather than the list head itself (CNIC, RXRPC,
    mISDN).

14) The bonding driver handles procfs moving incorrectly when a device
    it manages is moved from one namespace to another (Eric Biederman)

15) Missing memory barriers in stmmac descriptor accesses result in
    various crashes (Deepak Sikri)

16) Fix handling of broadcast packets in batman-adv (Simon Wunderlich)

17) Properly check the sanity of sendmsg() lengths in ieee802154's
    dgram_sendmsg().  Dave Jones and others have hit and reported this
    bug (Sasha Levin)

18) Some drivers (b44 and b43legacy) on 64-bit machines stopped working
    because of how netdev_alloc_skb() was adjusted.  Such drivers should
    now use alloc_skb() for obtaining bounce buffers.  (Eric Dumazet)

19) atl1c mis-managed it's link state in that it stops the queue by hand
    on link down.  The generic networking takes care of that and this
    double stop locks the queue down.  So simply removing the driver's
    queue stop call fixes the problem (Cloud Ren)

20) Fix out-of-memory due to mis-accounting in net_em packet scheduler
    (Eric Dumazet)

21) If DCB and SR-IOV are configured at the same time in IXGBE the chip
    will hang because this is not supported (Alexander Duyck)

22) A commit to stop drivers using netdev->base_addr broke the CNIC
    driver (Michael Chan)

23) Timeout regression in ipset caused by an attempt to fix an overflow
    bug (Jozsef Kadlecsik).

24) mac80211 minstrel code allocates memory using incorrect size
    (Thomas Huehn)

25) llcp_sock_getname() needs to check for a NULL device otherwise we
    OOPS (Sasha Levin)

26) mwifiex leaks memory (Bing Zhao)

27) Propagate iwlwifi fix to iwlegacy, even when we're not associated
    we need to monitor for stuck queues in the watchdog handler
    (Stanislaw Geuszka)

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
  ipvs: fix oops in ip_vs_dst_event on rmmod
  ipvs: fix oops on NAT reply in br_nf context
  ixgbevf: Fix panic when loading driver
  ax25: Fix missing break
  MAINTAINERS: reflect actual changes in IEEE 802.15.4 maintainership
  caif: Fix access to freed pernet memory
  net: cgroup: fix access the unallocated memory in netprio cgroup
  ixgbevf: Prevent RX/TX statistics getting reset to zero
  sctp: Fix list corruption resulting from freeing an association on a list
  net: respect GFP_DMA in __netdev_alloc_skb()
  e1000e: fix test for PHY being accessible on 82577/8/9 and I217
  e1000e: Correct link check logic for 82571 serdes
  sch_sfb: Fix missing NULL check
  bnx2: Fix bug in bnx2_free_tx_skbs().
  IPoIB: fix skb truesize underestimatiom
  net: Fix memory leak - vlan_info struct
  gianfar: fix potential sk_wmem_alloc imbalance
  drivers/net/ethernet/broadcom/cnic.c: remove invalid reference to list iterator variable
  net/rxrpc/ar-peer.c: remove invalid reference to list iterator variable
  drivers/isdn/mISDN/stack.c: remove invalid reference to list iterator variable
  ...
2012-07-17 08:44:51 -07:00
Linus Torvalds 635ac11964 A single rpmsg fix for 3.5, coming from Federico Fuga, which
eliminates the dependency on arbitrary initialization orders.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQBUQoAAoJELLolMlTRIoMNJ8QAJpBXCsTpE4cZ/C4FkmAbZeJ
 uk5rBqZEWZBtIxBXbcpL0bCFmBFoPdlrfg1F64As67c/R+eXBju2LykrsNWgIDqp
 FOhQhDecdm3wFdpfulio6hd5AHSuwCmFAz0mZL3qGMTjfgnv6725cAoFJ06LkSWW
 EajZGWXKNBFS9sddGim9anZxCVtbF5+b1wDgfhVUnrI4I3TKg65KZTIamg3LXRn9
 fj5j97YVc0jCLKIjNkS9WVRS3E/lVEwVQXoWgFjvrwF+6b1E2dSzB+WOBYPzrP+h
 lOBauKgQiD+XIELw7f4hcQzb294WIAW0YQmppmEnQe6u3V6q0uRJrv5cQHFDCU8w
 zR7B+aAip264ADKdN5AaYH75k+oy/fsqCb1eZi6+GuxJG1jA3O3rM4UFzPC5bZxn
 CMAGiChnWUWUWqn86trVtOyp/t4Gl55JMv+aGos9hNSI5fRCRcskzd3WqWowbVNQ
 aVsYD6bG08g0ceFec6xE2O6+eMhMye/TzpITEtS0vz2X0e/nuR7ggwwb6bQnm+Ph
 4cknnvQiKrbNUCgziCgsqx6Oe7RXha+qxA8lMY6Vl9WpMnLRQcSV0OVa4DjamUb+
 VVSLB56s+MCPifQQECKZNMvj/NW+FyZ3VN927NH49luf5Zyv3pANxFuMHDhpIUkP
 vO+z2vShV8p+rRXGXyee
 =JsP6
 -----END PGP SIGNATURE-----

Merge tag 'single-rpmsg-3.5-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/rpmsg

Pull rpmsg fix from Ohad Ben-Cohen:
 "A single rpmsg fix for 3.5, coming from Federico Fuga, which
  eliminates the dependency on arbitrary initialization orders."

* tag 'single-rpmsg-3.5-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/rpmsg:
  rpmsg: fix dependency on initialization order
2012-07-17 08:44:07 -07:00
Linus Torvalds 5bb93f1a21 Merge branch 'fixes-for-linus' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping
Pull CMA and DMA-mapping fixes from Marek Szyprowski:
 "Another set of minor fixups for recently merged Contiguous Memory
  Allocator and ARM DMA-mapping changes.  Those patches fix mysterious
  crashes on systems with CMA and Himem enabled as well as some corner
  cases caused by typical off-by-one bug."

* 'fixes-for-linus' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping:
  ARM: dma-mapping: modify condition check while freeing pages
  mm: cma: fix condition check when setting global cma area
  mm: cma: don't replace lowmem pages with highmem
2012-07-17 08:43:12 -07:00
David S. Miller 602e65a3b0 Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says:

====================
I know that we're in fairly late stage to request pulls, but the IPVS people
pinged me with little patches with oops fixes last week.

One of them was recently introduced (during the 3.4 development cycle) while
cleaning up the IPVS netns support. They are:

* Fix one regression introduced in 3.4 while cleaning up the
  netns support for IPVS, from Julian Anastasov.

* Fix one oops triggered due to resetting the conntrack attached to the skb
  instead of just putting it in the forward hook, from Lin Ming. This problem
  seems to be there since 2.6.37 according to Simon Horman.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-17 03:19:33 -07:00
Federico Fuga 9634252617 rpmsg: fix dependency on initialization order
When rpmsg drivers are built into the kernel, they must not initialize
before the rpmsg bus does, otherwise they'd trigger a BUG() in
drivers/base/driver.c line 169 (driver_register()).

To fix that, and to stop depending on arbitrary linkage ordering of
those built-in rpmsg drivers, we make the rpmsg bus initialize at
subsys_initcall.

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Federico Fuga <fuga@studiofuga.com>
[ohad: rewrite the commit log]
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
2012-07-17 13:10:38 +03:00
Julian Anastasov 283283c4da ipvs: fix oops in ip_vs_dst_event on rmmod
After commit 39f618b4fd (3.4)
"ipvs: reset ipvs pointer in netns" we can oops in
ip_vs_dst_event on rmmod ip_vs because ip_vs_control_cleanup
is called after the ipvs_core_ops subsys is unregistered and
net->ipvs is NULL. Fix it by exiting early from ip_vs_dst_event
if ipvs is NULL. It is safe because all services and dests
for the net are already freed.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-07-17 12:00:58 +02:00
Lin Ming 9e33ce453f ipvs: fix oops on NAT reply in br_nf context
IPVS should not reset skb->nf_bridge in FORWARD hook
by calling nf_reset for NAT replies. It triggers oops in
br_nf_forward_finish.

[  579.781508] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
[  579.781669] IP: [<ffffffff817b1ca5>] br_nf_forward_finish+0x58/0x112
[  579.781792] PGD 218f9067 PUD 0
[  579.781865] Oops: 0000 [#1] SMP
[  579.781945] CPU 0
[  579.781983] Modules linked in:
[  579.782047]
[  579.782080]
[  579.782114] Pid: 4644, comm: qemu Tainted: G        W    3.5.0-rc5-00006-g95e69f9 #282 Hewlett-Packard  /30E8
[  579.782300] RIP: 0010:[<ffffffff817b1ca5>]  [<ffffffff817b1ca5>] br_nf_forward_finish+0x58/0x112
[  579.782455] RSP: 0018:ffff88007b003a98  EFLAGS: 00010287
[  579.782541] RAX: 0000000000000008 RBX: ffff8800762ead00 RCX: 000000000001670a
[  579.782653] RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff8800762ead00
[  579.782845] RBP: ffff88007b003ac8 R08: 0000000000016630 R09: ffff88007b003a90
[  579.782957] R10: ffff88007b0038e8 R11: ffff88002da37540 R12: ffff88002da01a02
[  579.783066] R13: ffff88002da01a80 R14: ffff88002d83c000 R15: ffff88002d82a000
[  579.783177] FS:  0000000000000000(0000) GS:ffff88007b000000(0063) knlGS:00000000f62d1b70
[  579.783306] CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
[  579.783395] CR2: 0000000000000004 CR3: 00000000218fe000 CR4: 00000000000027f0
[  579.783505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  579.783684] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  579.783795] Process qemu (pid: 4644, threadinfo ffff880021b20000, task ffff880021aba760)
[  579.783919] Stack:
[  579.783959]  ffff88007693cedc ffff8800762ead00 ffff88002da01a02 ffff8800762ead00
[  579.784110]  ffff88002da01a02 ffff88002da01a80 ffff88007b003b18 ffffffff817b26c7
[  579.784260]  ffff880080000000 ffffffff81ef59f0 ffff8800762ead00 ffffffff81ef58b0
[  579.784477] Call Trace:
[  579.784523]  <IRQ>
[  579.784562]
[  579.784603]  [<ffffffff817b26c7>] br_nf_forward_ip+0x275/0x2c8
[  579.784707]  [<ffffffff81704b58>] nf_iterate+0x47/0x7d
[  579.784797]  [<ffffffff817ac32e>] ? br_dev_queue_push_xmit+0xae/0xae
[  579.784906]  [<ffffffff81704bfb>] nf_hook_slow+0x6d/0x102
[  579.784995]  [<ffffffff817ac32e>] ? br_dev_queue_push_xmit+0xae/0xae
[  579.785175]  [<ffffffff8187fa95>] ? _raw_write_unlock_bh+0x19/0x1b
[  579.785179]  [<ffffffff817ac417>] __br_forward+0x97/0xa2
[  579.785179]  [<ffffffff817ad366>] br_handle_frame_finish+0x1a6/0x257
[  579.785179]  [<ffffffff817b2386>] br_nf_pre_routing_finish+0x26d/0x2cb
[  579.785179]  [<ffffffff817b2cf0>] br_nf_pre_routing+0x55d/0x5c1
[  579.785179]  [<ffffffff81704b58>] nf_iterate+0x47/0x7d
[  579.785179]  [<ffffffff817ad1c0>] ? br_handle_local_finish+0x44/0x44
[  579.785179]  [<ffffffff81704bfb>] nf_hook_slow+0x6d/0x102
[  579.785179]  [<ffffffff817ad1c0>] ? br_handle_local_finish+0x44/0x44
[  579.785179]  [<ffffffff81551525>] ? sky2_poll+0xb35/0xb54
[  579.785179]  [<ffffffff817ad62a>] br_handle_frame+0x213/0x229
[  579.785179]  [<ffffffff817ad417>] ? br_handle_frame_finish+0x257/0x257
[  579.785179]  [<ffffffff816e3b47>] __netif_receive_skb+0x2b4/0x3f1
[  579.785179]  [<ffffffff816e69fc>] process_backlog+0x99/0x1e2
[  579.785179]  [<ffffffff816e6800>] net_rx_action+0xdf/0x242
[  579.785179]  [<ffffffff8107e8a8>] __do_softirq+0xc1/0x1e0
[  579.785179]  [<ffffffff8135a5ba>] ? trace_hardirqs_off_thunk+0x3a/0x6c
[  579.785179]  [<ffffffff8188812c>] call_softirq+0x1c/0x30

The steps to reproduce as follow,

1. On Host1, setup brige br0(192.168.1.106)
2. Boot a kvm guest(192.168.1.105) on Host1 and start httpd
3. Start IPVS service on Host1
   ipvsadm -A -t 192.168.1.106:80 -s rr
   ipvsadm -a -t 192.168.1.106:80 -r 192.168.1.105:80 -m
4. Run apache benchmark on Host2(192.168.1.101)
   ab -n 1000 http://192.168.1.106/

ip_vs_reply4
  ip_vs_out
    handle_response
      ip_vs_notrack
        nf_reset()
        {
          skb->nf_bridge = NULL;
        }

Actually, IPVS wants in this case just to replace nfct
with untracked version. So replace the nf_reset(skb) call
in ip_vs_notrack() with a nf_conntrack_put(skb->nfct) call.

Signed-off-by: Lin Ming <mlin@ss.pku.edu.cn>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-07-17 12:00:46 +02:00
Alexander Duyck 10cc1bdd5e ixgbevf: Fix panic when loading driver
This patch addresses a kernel panic seen when setting up the interface.
Specifically we see a NULL pointer dereference on the Tx descriptor cleanup
path when enabling interrupts.  This change corrects that so it cannot
occur.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Acked-by: Greg Rose <gregory.v.rose@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-17 02:56:53 -07:00
Alan Cox ef764a13b8 ax25: Fix missing break
At least there seems to be no reason to disallow ROSE sockets when
NETROM is loaded.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 23:22:36 -07:00
Dmitry Eremin-Solenikov 68653359be MAINTAINERS: reflect actual changes in IEEE 802.15.4 maintainership
As the life flows, developers priorities shifts a bit. Reflect actual
changes in the maintainership of IEEE 802.15.4 code: Sergey mostly
stopped cared about this piece of code. Most of the work recently was
done by Alexander, so put him to the MAINTAINERS file to reflect his
status and to ease the life of respective patches.

Also add new net/mac802154/ directory to the list of maintained files.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Cc: Alexander Smirnov <alex.bluesman.smirnov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 23:19:49 -07:00
David S. Miller 5dcaba7ed5 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net
Jeff Kirsher says:

====================
This series contains fixes to e1000e.
 ...
Bruce Allan (1):
  e1000e: fix test for PHY being accessible on 82577/8/9 and I217

Tushar Dave (1):
  e1000e: Correct link check logic for 82571 serdes
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 23:19:26 -07:00
Sjur Brændeland 96f80d123e caif: Fix access to freed pernet memory
unregister_netdevice_notifier() must be called before
unregister_pernet_subsys() to avoid accessing already freed
pernet memory. This fixes the following oops when doing rmmod:

Call Trace:
 [<ffffffffa0f802bd>] caif_device_notify+0x4d/0x5a0 [caif]
 [<ffffffff81552ba9>] unregister_netdevice_notifier+0xb9/0x100
 [<ffffffffa0f86dcc>] caif_device_exit+0x1c/0x250 [caif]
 [<ffffffff810e7734>] sys_delete_module+0x1a4/0x300
 [<ffffffff810da82d>] ? trace_hardirqs_on_caller+0x15d/0x1e0
 [<ffffffff813517de>] ? trace_hardirqs_on_thunk+0x3a/0x3
 [<ffffffff81696bad>] system_call_fastpath+0x1a/0x1f

RIP
 [<ffffffffa0f7f561>] caif_get+0x51/0xb0 [caif]

Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 23:06:20 -07:00
Gao feng ef209f1598 net: cgroup: fix access the unallocated memory in netprio cgroup
there are some out of bound accesses in netprio cgroup.

now before accessing the dev->priomap.priomap array,we only check
if the dev->priomap exist.and because we don't want to see
additional bound checkings in fast path, so we should make sure
that dev->priomap is null or array size of dev->priomap.priomap
is equal to max_prioidx + 1;

so in write_priomap logic,we should call extend_netdev_table when
dev->priomap is null and dev->priomap.priomap_len < max_len.
and in cgrp_create->update_netdev_tables logic,we should call
extend_netdev_table only when dev->priomap exist and
dev->priomap.priomap_len < max_len.

and it's not needed to call update_netdev_tables in write_priomap,
we can only allocate the net device's priomap which we change through
net_prio.ifpriomap.

this patch also add a return value for update_netdev_tables &
extend_netdev_table, so when new_priomap is allocated failed,
write_priomap will stop to access the priomap,and return -ENOMEM
back to the userspace to tell the user what happend.

Change From v3:
1. add rtnl protect when reading max_prioidx in write_priomap.

2. only call extend_netdev_table when map->priomap_len < max_len,
   this will make sure array size of dev->map->priomap always
   bigger than any prioidx.

3. add a function write_update_netdev_table to make codes clear.

Change From v2:
1. protect extend_netdev_table by RTNL.
2. when extend_netdev_table failed,call dev_put to reduce device's refcount.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Eric Dumazet <edumazet@google.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 23:00:43 -07:00
Narendra K 936597631d ixgbevf: Prevent RX/TX statistics getting reset to zero
The commit 4197aa7bb8 implements 64 bit
per ring statistics. But the driver resets the 'total_bytes' and
'total_packets' from RX and TX rings in the RX and TX interrupt
handlers to zero. This results in statistics being lost and user space
reporting RX and TX statistics as zero. This patch addresses the
issue by preventing the resetting of RX and TX ring statistics to
zero.

Signed-off-by: Narendra K <narendra_k@dell.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 22:44:36 -07:00
Neil Horman 2eebc1e188 sctp: Fix list corruption resulting from freeing an association on a list
A few days ago Dave Jones reported this oops:

[22766.294255] general protection fault: 0000 [#1] PREEMPT SMP
[22766.295376] CPU 0
[22766.295384] Modules linked in:
[22766.387137]  ffffffffa169f292 6b6b6b6b6b6b6b6b ffff880147c03a90
ffff880147c03a74
[22766.387135] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 00000000000
[22766.387136] Process trinity-watchdo (pid: 10896, threadinfo ffff88013e7d2000,
[22766.387137] Stack:
[22766.387140]  ffff880147c03a10
[22766.387140]  ffffffffa169f2b6
[22766.387140]  ffff88013ed95728
[22766.387143]  0000000000000002
[22766.387143]  0000000000000000
[22766.387143]  ffff880003fad062
[22766.387144]  ffff88013c120000
[22766.387144]
[22766.387145] Call Trace:
[22766.387145]  <IRQ>
[22766.387150]  [<ffffffffa169f292>] ? __sctp_lookup_association+0x62/0xd0
[sctp]
[22766.387154]  [<ffffffffa169f2b6>] __sctp_lookup_association+0x86/0xd0 [sctp]
[22766.387157]  [<ffffffffa169f597>] sctp_rcv+0x207/0xbb0 [sctp]
[22766.387161]  [<ffffffff810d4da8>] ? trace_hardirqs_off_caller+0x28/0xd0
[22766.387163]  [<ffffffff815827e3>] ? nf_hook_slow+0x133/0x210
[22766.387166]  [<ffffffff815902fc>] ? ip_local_deliver_finish+0x4c/0x4c0
[22766.387168]  [<ffffffff8159043d>] ip_local_deliver_finish+0x18d/0x4c0
[22766.387169]  [<ffffffff815902fc>] ? ip_local_deliver_finish+0x4c/0x4c0
[22766.387171]  [<ffffffff81590a07>] ip_local_deliver+0x47/0x80
[22766.387172]  [<ffffffff8158fd80>] ip_rcv_finish+0x150/0x680
[22766.387174]  [<ffffffff81590c54>] ip_rcv+0x214/0x320
[22766.387176]  [<ffffffff81558c07>] __netif_receive_skb+0x7b7/0x910
[22766.387178]  [<ffffffff8155856c>] ? __netif_receive_skb+0x11c/0x910
[22766.387180]  [<ffffffff810d423e>] ? put_lock_stats.isra.25+0xe/0x40
[22766.387182]  [<ffffffff81558f83>] netif_receive_skb+0x23/0x1f0
[22766.387183]  [<ffffffff815596a9>] ? dev_gro_receive+0x139/0x440
[22766.387185]  [<ffffffff81559280>] napi_skb_finish+0x70/0xa0
[22766.387187]  [<ffffffff81559cb5>] napi_gro_receive+0xf5/0x130
[22766.387218]  [<ffffffffa01c4679>] e1000_receive_skb+0x59/0x70 [e1000e]
[22766.387242]  [<ffffffffa01c5aab>] e1000_clean_rx_irq+0x28b/0x460 [e1000e]
[22766.387266]  [<ffffffffa01c9c18>] e1000e_poll+0x78/0x430 [e1000e]
[22766.387268]  [<ffffffff81559fea>] net_rx_action+0x1aa/0x3d0
[22766.387270]  [<ffffffff810a495f>] ? account_system_vtime+0x10f/0x130
[22766.387273]  [<ffffffff810734d0>] __do_softirq+0xe0/0x420
[22766.387275]  [<ffffffff8169826c>] call_softirq+0x1c/0x30
[22766.387278]  [<ffffffff8101db15>] do_softirq+0xd5/0x110
[22766.387279]  [<ffffffff81073bc5>] irq_exit+0xd5/0xe0
[22766.387281]  [<ffffffff81698b03>] do_IRQ+0x63/0xd0
[22766.387283]  [<ffffffff8168ee2f>] common_interrupt+0x6f/0x6f
[22766.387283]  <EOI>
[22766.387284]
[22766.387285]  [<ffffffff8168eed9>] ? retint_swapgs+0x13/0x1b
[22766.387285] Code: c0 90 5d c3 66 0f 1f 44 00 00 4c 89 c8 5d c3 0f 1f 00 55 48
89 e5 48 83
ec 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 66 66 66 66 90 <0f> b7 87 98 00 00 00
48 89 fb
49 89 f5 66 c1 c0 08 66 39 46 02
[22766.387307]
[22766.387307] RIP
[22766.387311]  [<ffffffffa168a2c9>] sctp_assoc_is_match+0x19/0x90 [sctp]
[22766.387311]  RSP <ffff880147c039b0>
[22766.387142]  ffffffffa16ab120
[22766.599537] ---[ end trace 3f6dae82e37b17f5 ]---
[22766.601221] Kernel panic - not syncing: Fatal exception in interrupt

It appears from his analysis and some staring at the code that this is likely
occuring because an association is getting freed while still on the
sctp_assoc_hashtable.  As a result, we get a gpf when traversing the hashtable
while a freed node corrupts part of the list.

Nominally I would think that an mibalanced refcount was responsible for this,
but I can't seem to find any obvious imbalance.  What I did note however was
that the two places where we create an association using
sctp_primitive_ASSOCIATE (__sctp_connect and sctp_sendmsg), have failure paths
which free a newly created association after calling sctp_primitive_ASSOCIATE.
sctp_primitive_ASSOCIATE brings us into the sctp_sf_do_prm_asoc path, which
issues a SCTP_CMD_NEW_ASOC side effect, which in turn adds a new association to
the aforementioned hash table.  the sctp command interpreter that process side
effects has not way to unwind previously processed commands, so freeing the
association from the __sctp_connect or sctp_sendmsg error path would lead to a
freed association remaining on this hash table.

I've fixed this but modifying sctp_[un]hash_established to use hlist_del_init,
which allows us to proerly use hlist_unhashed to check if the node is on a
hashlist safely during a delete.  That in turn alows us to safely call
sctp_unhash_established in the __sctp_connect and sctp_sendmsg error paths
before freeing them, regardles of what the associations state is on the hash
list.

I noted, while I was doing this, that the __sctp_unhash_endpoint was using
hlist_unhsashed in a simmilar fashion, but never nullified any removed nodes
pointers to make that function work properly, so I fixed that up in a simmilar
fashion.

I attempted to test this using a virtual guest running the SCTP_RR test from
netperf in a loop while running the trinity fuzzer, both in a loop.  I wasn't
able to recreate the problem prior to this fix, nor was I able to trigger the
failure after (neither of which I suppose is suprising).  Given the trace above
however, I think its likely that this is what we hit.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: davej@redhat.com
CC: davej@redhat.com
CC: "David S. Miller" <davem@davemloft.net>
CC: Vlad Yasevich <vyasevich@gmail.com>
CC: Sridhar Samudrala <sri@us.ibm.com>
CC: linux-sctp@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 22:32:26 -07:00
Linus Torvalds e5254a625d Merge branch 'gma500' (Alan's GMA patches)
Merge gma500 patches from Alan Cox.

* Merge emailed patches from Alan Cox <alan@lxorguk.ukuu.org.uk>: (3 commits)
  gma500,cdv: Fix the brightness base
  gma500: move the ASLE enable
  gma500: Fix lid related crash
2012-07-16 10:03:09 -07:00
Linus Torvalds fce667c574 xfs: regression fixes for 3.5-rc7
- Really fix a cursor leak in xfs_alloc_ag_vextent_near
  - Fix a performance regression related to doing allocation in workqueues
  - Prevent recursion in xfs_buf_iorequest which is causing stack overflows
  - Don't call xfs_bdstrat_cb in xfs_buf_iodone callbacks
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iQIcBAABAgAGBQJQAGW0AAoJENaLyazVq6ZOOyEP/0xLuQKFF71eB/VL8BFylEHY
 H22/aDEWTo9pWDxxwBirVioBeCU07ByEv7zeQM1nqEm9pXESTSzsBUYKX2tWSRzY
 YclXYA0rpdCK2cdXpuz+0kWBFr9Y1Q1BIYNll6C3ZqhADgubAMHa13rKVUQlQqpD
 EZhvGrh42ujRhckwmi1E3+g3Ll79fty47WzyzEOa18ij3LI3q5Dm7WZpZlhv/MVW
 Fj975Q+LdJVchoQZ7gTiddMkZ936TwjLxM4EtWZd46CMG2/YRcPHx2YaItI0k6Xa
 Q34pbUHidZjqzng28iO6Y6BaB/rPLX/f7KcoZib+rc85zt8sShoDFXS9eq+DdTeH
 f5AgkPzpFfr3QpK3Fv5ZjICj5SkC6KhI14qnxLZhVGIWgJLGD8lb0fYDwN2y5BHq
 HmA7G4hALBaZ+TOpXQ2+XfxFyrffkQcM/Ja57yfDj37aOKYxMubAco4JlADBzBkg
 m1gF2QebQrbZ49k9x85vpIvoNFXcAg6FeuesYXciMcORCpMXp4f0oLjGlfwf13Fo
 upZ2AGfcpIcMl3fZzliw64VuJpX4QswTzUZFqXH8+Vn9eB6cwFqA8PJpLxBSshCk
 Y6E+LE6oYbsN+T6R+6Xj0DsPl4OIE0eWlGPaZZu9eWku02e0vZMj57RxUWpNcOmH
 6lq8TJaS/N5Qri51NPVs
 =TP1A
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-v3.5-rc7' of git://oss.sgi.com/xfs/xfs

Pull xfs regression fixes from Ben Myers:
 - Really fix a cursor leak in xfs_alloc_ag_vextent_near
 - Fix a performance regression related to doing allocation in
   workqueues
 - Prevent recursion in xfs_buf_iorequest which is causing stack
   overflows
 - Don't call xfs_bdstrat_cb in xfs_buf_iodone callbacks

* tag 'for-linus-v3.5-rc7' of git://oss.sgi.com/xfs/xfs:
  xfs: do not call xfs_bdstrat_cb in xfs_buf_iodone_callbacks
  xfs: prevent recursion in xfs_buf_iorequest
  xfs: don't defer metadata allocation to the workqueue
  xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near
2012-07-16 10:02:36 -07:00
Thomas Gleixner 3e997130bd timekeeping: Add missing update call in timekeeping_resume()
The leap second rework unearthed another issue of inconsistent data.

On timekeeping_resume() the timekeeper data is updated, but nothing
calls timekeeping_update(), so now the update code in the timer
interrupt sees stale values.

This has been the case before those changes, but then the timer
interrupt was using stale data as well so this went unnoticed for quite
some time.

Add the missing update call, so all the data is consistent everywhere.

Reported-by: Andreas Schwab <schwab@linux-m68k.org>
Reported-and-tested-by: "Rafael J. Wysocki" <rjw@sisk.pl>
Reported-and-tested-by: Martin Steigerwald <Martin@lichtvoll.de>
Cc: LKML <linux-kernel@vger.kernel.org>
Cc: Linux PM list <linux-pm@vger.kernel.org>
Cc: John Stultz <johnstul@us.ibm.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>,
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: John Stultz <johnstul@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-16 10:02:17 -07:00
Alan Cox 6469195940 gma500,cdv: Fix the brightness base
Some desktop environments carefully save and restore the brightness
settings from the previous boot.  Unfortunately they don't all check to
see if the range has changed.  The end result is that they restore a
brightness of 100/lots not 100/100.

As the old driver and the non-free GMA36xx driver both use 0-100 we thus
need to go back doing the same thing to avoid users getting a mysterious
black screen after boot.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-16 09:20:33 -07:00
Alan Cox 166973e506 gma500: move the ASLE enable
Otherwise we end up getting the masks wrong, can get events before we
are doing power control and other ungood things.  Again this is a
regression fix where the ordering of handling was disturbed by other
work, and the user experience on some boxes is a blank screen.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-16 09:20:33 -07:00
Alan Cox f507598b06 gma500: Fix lid related crash
We now set up the lid timer before we set up the backlight.  On some
devices that causes a crash as we do a backlight change before or during
the setup.

As this fixes a crash on boot regression on some setups it ought to go
in ASAP, especially as all the user gets is a blank screen.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Tested-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-16 09:20:33 -07:00
Linus Torvalds 33d519feac Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
Pull x86 platform tree fixes from Matthew Garrett:
 "Small fixes to a couple of drivers plus a slightly larger number for
  sony-laptop that the maintainer thinks are appropriate, most of which
  fix problems with the earlier 3.5 updates.  These have been in -next
  for a while without complaint."

* 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86:
  intel_ips: blacklist HP ProBook laptops
  ideapad: uninitialized data in ideapad_acpi_add()
  sony-laptop: correct find_snc_handle failure checks
  sony-laptop: fix a couple signedness bugs
  sony-laptop: fix sony_nc_sysfs_store()
  sony-laptop: input initialization should be done before SNC
  sony-laptop: add lid backlight support for handle 0x143
  sony-laptop: store battery care limits on batteries
  sony-laptop: notify userspace of GFX switch position changes
  sony-laptop: use an enum for SNC event types
2012-07-16 08:35:44 -07:00
Anders Kaseorg 05d290d66b fifo: Do not restart open() if it already found a partner
If a parent and child process open the two ends of a fifo, and the
child immediately exits, the parent may receive a SIGCHLD before its
open() returns.  In that case, we need to make sure that open() will
return successfully after the SIGCHLD handler returns, instead of
throwing EINTR or being restarted.  Otherwise, the restarted open()
would incorrectly wait for a second partner on the other end.

The following test demonstrates the EINTR that was wrongly thrown from
the parent’s open().  Change .sa_flags = 0 to .sa_flags = SA_RESTART
to see a deadlock instead, in which the restarted open() waits for a
second reader that will never come.  (On my systems, this happens
pretty reliably within about 5 to 500 iterations.  Others report that
it manages to loop ~forever sometimes; YMMV.)

  #include <sys/stat.h>
  #include <sys/types.h>
  #include <sys/wait.h>
  #include <fcntl.h>
  #include <signal.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <unistd.h>

  #define CHECK(x) do if ((x) == -1) {perror(#x); abort();} while(0)

  void handler(int signum) {}

  int main()
  {
      struct sigaction act = {.sa_handler = handler, .sa_flags = 0};
      CHECK(sigaction(SIGCHLD, &act, NULL));
      CHECK(mknod("fifo", S_IFIFO | S_IRWXU, 0));
      for (;;) {
          int fd;
          pid_t pid;
          putc('.', stderr);
          CHECK(pid = fork());
          if (pid == 0) {
              CHECK(fd = open("fifo", O_RDONLY));
              _exit(0);
          }
          CHECK(fd = open("fifo", O_WRONLY));
          CHECK(close(fd));
          CHECK(waitpid(pid, NULL, 0));
      }
  }

This is what I suspect was causing the Git test suite to fail in
t9010-svn-fe.sh:

	http://bugs.debian.org/678852

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-16 08:33:14 -07:00
Linus Torvalds 1694a0a08e late pinctrl fixes for v3.5
- Two fixes to the i.MX driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQAfMcAAoJEEEQszewGV1z1rYP/2bYOSSQOvL5Gpxai/IT+meT
 ztG7KWujoWL6ds6k0LB7V+NPelQf+6i/7bkaSDoL8ANvkOGWBUtF/6ElCVMpW/U2
 /IYvKXxSkW46psBFZPdqZdsE2VOo16x5S5x0kNZNKwaTvX4bitKTCd7JxKaqQRxT
 L6b/5qQvr96ezhN8VPafuNIftYkjqui4XMZLke4FCqnpEBUg/ShWXXnRH8MpfPF/
 rpRyXfLjev/QMMSlIw6mcaBqxVHVuL6DXU9Lb2X36j2pnNATIriHS8i0pmR5RaeC
 7QnYXnggrpl8SR0qHjaseYUYWHibYt3EXIoHR50z5yG6HFIAxZhWnQC/nJlLaP23
 h1G+OuxiHUjmCD3AMa+su2zcrZl181hjvPxN8pdBboRxTGvY8xc65wlfEkg2LSAV
 AEP77KAyGc9TUSmW2KJEaIjRuxXCtc45TKwlFHyvN8AeaZRVno/FEXekmt+XDNgC
 hPPl/aL60iAGEYoDbo2tAA6vfbpF/AYk6Y61aTVBRyBPbhbfpTvCPssh4EiQtqIB
 qH0oFf5Q8NjWg5XlbU5IRStb4SgvLsSNpxT7XTp8hbvjSsOdZPiHqXOIRmPzndyO
 QLcCsES6Zc/0obj2eG4TaqruevpWAHTKbObRAJIRPzb1jQ9C8P9tkehXCvPk7Awu
 bdLMHzwj1JmFExZo3sz8
 =ucSC
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-v3.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull late pinctrl fixes from Linus Walleij:
- Two fixes to the i.MX driver

* tag 'fixes-for-v3.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: pinctrl-imx6q: add missed mux function for USBOTG_ID
  pinctrl: pinctrl-imx: only print debug message when DEBUG is defined
2012-07-16 08:32:06 -07:00
Eric Dumazet 310e158cc3 net: respect GFP_DMA in __netdev_alloc_skb()
Few drivers use GFP_DMA allocations, and netdev_alloc_frag()
doesn't allocate pages in DMA zone.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-16 04:17:49 -07:00
Prathyush K 46c87852e9 ARM: dma-mapping: modify condition check while freeing pages
WARNING: at mm/vmalloc.c:1471 __iommu_free_buffer+0xcc/0xd0()
Trying to vfree() nonexistent vm area (ef095000)
Modules linked in:
[<c0015a18>] (unwind_backtrace+0x0/0xfc) from [<c0025a94>] (warn_slowpath_common+0x54/0x64)
[<c0025a94>] (warn_slowpath_common+0x54/0x64) from [<c0025b38>] (warn_slowpath_fmt+0x30/0x40)
[<c0025b38>] (warn_slowpath_fmt+0x30/0x40) from [<c0016de0>] (__iommu_free_buffer+0xcc/0xd0)
[<c0016de0>] (__iommu_free_buffer+0xcc/0xd0) from [<c0229a5c>] (exynos_drm_free_buf+0xe4/0x138)
[<c0229a5c>] (exynos_drm_free_buf+0xe4/0x138) from [<c022b358>] (exynos_drm_gem_destroy+0x80/0xfc)
[<c022b358>] (exynos_drm_gem_destroy+0x80/0xfc) from [<c0211230>] (drm_gem_object_free+0x28/0x34)
[<c0211230>] (drm_gem_object_free+0x28/0x34) from [<c0211bd0>] (drm_gem_object_release_handle+0xcc/0xd8)
[<c0211bd0>] (drm_gem_object_release_handle+0xcc/0xd8) from [<c01abe10>] (idr_for_each+0x74/0xb8)
[<c01abe10>] (idr_for_each+0x74/0xb8) from [<c02114e4>] (drm_gem_release+0x1c/0x30)
[<c02114e4>] (drm_gem_release+0x1c/0x30) from [<c0210ae8>] (drm_release+0x608/0x694)
[<c0210ae8>] (drm_release+0x608/0x694) from [<c00b75a0>] (fput+0xb8/0x228)
[<c00b75a0>] (fput+0xb8/0x228) from [<c00b40c4>] (filp_close+0x64/0x84)
[<c00b40c4>] (filp_close+0x64/0x84) from [<c0029d54>] (put_files_struct+0xe8/0x104)
[<c0029d54>] (put_files_struct+0xe8/0x104) from [<c002b930>] (do_exit+0x608/0x774)
[<c002b930>] (do_exit+0x608/0x774) from [<c002bae4>] (do_group_exit+0x48/0xb4)
[<c002bae4>] (do_group_exit+0x48/0xb4) from [<c002bb60>] (sys_exit_group+0x10/0x18)
[<c002bb60>] (sys_exit_group+0x10/0x18) from [<c000ee80>] (ret_fast_syscall+0x0/0x30)

This patch modifies the condition while freeing to match the condition
used while allocation. This fixes the above warning which arises when
array size is equal to PAGE_SIZE where allocation is done using kzalloc
but free is done using vfree.

Signed-off-by: Prathyush K <prathyush.k@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
2012-07-16 08:59:55 +02:00
Linus Torvalds 84a1caf145 Linux 3.5-rc7 2012-07-14 15:40:28 -07:00
Silva Paulo 68d740d79c blk: fix wrong idr_pre_get() error check in loop.c
The idr_pre_get() function never returns a value < 0.  It returns 0 (no
memory) or 1 (OK).

Reported-by: Silva Paulo <psdasilva@yahoo.com>
[ Rewrote Silva's patch, but attributing it to Silva anyway  - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-14 15:39:58 -07:00
Dong Aisheng 4a5f7eff8b pinctrl: pinctrl-imx6q: add missed mux function for USBOTG_ID
The original pin registers table is derived from u-boot mainline,
but somehow it was found missing some mux functions for USBOTG_ID.
We added it at the bottom by following the exist pin function ids,
then it will not break the exist using of pin function id in dts file.

Reported-by: Richard Zhao <richard.zhao@freescale.com>
Signed-off-by: Dong Aisheng <dong.aisheng@linaro.org>
2012-07-14 22:32:10 +02:00
Dong Aisheng a6e7360b22 pinctrl: pinctrl-imx: only print debug message when DEBUG is defined
Fix regression for commit 3a86a5f8 (pinctrl: pinctrl-imx: free allocated
pinctrl_map structure only once and use kernel facilities for IMX_PMX_DUMP)
introduced in 3.5-rc3.
With above commit, the debug code will alway be excuted.
Change to excute it only when DEBUG is defined.

Signed-off-by: Dong Aisheng <dong.aisheng@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2012-07-14 22:31:02 +02:00
Linus Torvalds 1daaa5e4ff Sound fixes for 3.5-rc7
Containing the regression fixes for USB-audio due to the transition to
 the new streaming logic, mostly found on Logitech webcams.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJQAZmyAAoJEGwxgFQ9KSmk1rYP/2njHeYx9rrnd2zcxwn5kO1Q
 Sig3Zl57wOQBEwVCvkUriJQlpmjF20Fyj3kyTRFfUCssffIGbpJ9BVektSCmI5fK
 bVGeGnssFGvUIlkdHLGNof5nPPoZE1w+FyvIZKlaAf1l3ji2RR36HgkPkD2C4und
 kIuSiCgaHV/+S3zHWkvOSshalOZh4zzuwuuxi+52yZkETo74gaO4fpp/FodII8ME
 0SrfT55N3Pq++N4ZLYF8Q/ju+hWomVEXq+f2KXAh+5f58GYW04H36r+QwJfhq8zz
 OnDoupHOw58yTG+gv+ORyMNxrKgJUuiyb4hzNEZ3Gkn/yR3f7jh95x6IFkrGynqP
 8/5rpRGohg7jiSaUuuRLr9suUBCBVVHEjnEU6QBLGjfL2eWm6vizT+l8sHBukicX
 tj6u7IH2kjCdv7H0F8B2jqYps+6v7kHYWDFkJMd/gF3X3xBm67f7HZCDYWxqE7nw
 ROIYjhcNaxFIA0EccKv6q6wJyCAul0M9QlCbAYM27jvFSC2ObzqvCpVMSwMBxomY
 EE/4FZYJIEDVULLIt4hw3i3imMAgx2btxb/zflRhkQY1s+TGrsxival075pr5Akz
 aje92WJo9+HFbdP9kvuIzIFOHHXZYekCLwxFoLbm+U4JEiCjCIDVYXhZhEfKP0Pi
 I/E5VX+jG2rhUMxWrET2
 =W7/C
 -----END PGP SIGNATURE-----

Merge tag 'sound-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Containing the regression fixes for USB-audio due to the transition to
  the new streaming logic, mostly found on Logitech webcams."

* tag 'sound-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: snd-usb: move calls to usb_set_interface
  ALSA: usb-audio: Fix the first PCM interface assignment
2012-07-14 13:03:08 -07:00
Linus Torvalds c5b01acff1 Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux
Pull ACPI patch from Len Brown.

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
  ACPICA: Fix possible fault in return package object repair code
2012-07-14 12:44:26 -07:00
Will Drewry 09d314425f vsyscall_64: add missing ifdef CONFIG_SECCOMP
vsyscall_seccomp introduced a dependency on __secure_computing.  On
configurations with CONFIG_SECCOMP disabled, compilation will fail.

Reported-by: feng xiangjun <fengxj325@gmail.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-14 12:01:36 -07:00
Linus Torvalds a7559b13de cpufreq fix for 3.5-rc7
This fixes a regression preventing the ACPI cpufreq driver from loading on some
 systems where it worked previously without any problems.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
 iQIcBAABAgAGBQJQAWv6AAoJEKhOf7ml8uNsUXcQAINIZmqe/VCYC3jsYwn0OURQ
 Ua9g51czYvyFS+9tDc5V6b4DrG6B6rIjOBywO1qTXQkRyfpbEx4CVvCOij/0sApg
 Jw/VwImYlIL88uqfGniFv/LW1qUA4v1QcfyDcdbsBGGTwvQwekeYomLRwYWthqkO
 VEC/hYXtTAkfHnJJSWG2PtYpUbicmOdVDwh2SQuf/dmXVZXmMmljQFVvyPHNMwbd
 X6ENqhYiTr5tJ5k0e9mAGwfpRmG7YoXQE7pM1hl4kcv0CgdN3U71WEK3LfxJBeTW
 lGawcA0pu/4o/+X9NYJHo1QosXQAHAeqMkn38pv8K4EwqnnXqLK35+wTYBf00kdg
 lJHGNvg1kuQEp32nXT3y4kzASNHHnTV2IU2YbERZ61+2x3sU3DSLjNo2ZL/kqd8k
 fxN+RWXEBA1lI5TRL4ENENT0c/m+RDQCJkHXwAEOwTZwMZDUKWfiaZwoRcs1xTEC
 JjcBIe1wMmHJDxH+fh4KBdqjFiPDoBqHi4AWWIavJJG/W+LJLrd/i90o99GOHZ/0
 q/pouYurt05ec7dwX3rMqlLGQz8hVkp6flg0DgrJCe0tGaQarZ0bkp6RaQpEAfxi
 y1eIgYbCy61YvUMxhBp/SWoD9/wAoYuWZFtq1CgwYmkRJ25lT6zoOFiJAn3GF5PG
 2thM5M0vuLVhG/BPZMo3
 =XZHs
 -----END PGP SIGNATURE-----

Merge tag 'cpufreq-for-3.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull cpufreq fix from Rafael Wysocki:
 "This fixes a regression preventing the ACPI cpufreq driver from
  loading on some systems where it worked previously without any
  problems."

* tag 'cpufreq-for-3.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpufreq / ACPI: Fix not loading acpi-cpufreq driver regression
2012-07-14 11:51:11 -07:00
Linus Torvalds e60d7458cb ARM: Samsung SoC fixes for 3.5-rc
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIVAwUAUAEdDGCrR//JCVInAQICJQ//TI0zo8zb/rarNH0MyftndekfGhsIt6+Y
 5QWEVCysvqnR919nTrGMOlj74ra62cmH8UjUaYoj9HW/b/yDU6RXvV1FZHpkVUht
 m0j2J30Sj3EGI1OlB12oe0VJgrXqSusFvljla9Hc7I0Dc2vlQPdNtkMLmPPJaKCL
 wFCaWsnWl7i7tVf7QwKwjScjlybuFDuOVGMQyqJoWyOoYVvj3nrt1Uv4XxR3eBSK
 0JZdTjsf0tcyolcsBpNQIlzxzwqipUG79WAbbpUVeK2YPc1PbaSX2bo/BmLK5oNd
 YJOMHl/G90jUgPwo+RJFgI26uqUO47O+XHCMG2ALM5nVDCZ0oNpb/JYj9KPcUzJf
 I3RhNgbf3VQsTdyfivFPQGBh9y7byPMaOhAipvn5upa6MXavPSnoMNmqA9+YDWVt
 BYIPeF52wLMG7j2GvtBX1yJVGmmleuMgldqaWylznj9Mx8ICOYTSKJotsmAeVZ/8
 Zk/urYoSunUgrcMwnjTg17g6zXniR446V7TpCBfRT/Wbcem5qin8jofmRPJk3IwV
 Hr91AsIPCiLtLGl+kCL/r7G6YU/+Sj6Kr28APeDui7/7eXhATB6yK9jLHsslYRKb
 p8+QZiZPhTZP+V6OzCCZBRL0M/DkH/cd2I5s4GD4LahbXxhT+jel9ktJ0j/H0Dt2
 QpO8F9JAMBk=
 =Oxb4
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM Samsung SoC fixes from Arnd Bergmann.

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: S3C24XX: Correct CAMIF interrupt definitions
  ARM: S3C24XX: Correct AC97 clock control bit for S3C2440
  ARM: SAMSUNG: fix race in s3c_adc_start for ADC
  ARM: SAMSUNG: Update default rate for xusbxti clock
  ARM: EXYNOS: register devices in 'need_restore' state for pm_domains
  ARM: EXYNOS: read initial state of power domain from hw registers
2012-07-14 11:50:36 -07:00
Linus Torvalds ab93eb8216 Merge branches 'core-urgent-for-linus', 'perf-urgent-for-linus' and 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull RCU, perf, and scheduler fixes from Ingo Molnar.

The RCU fix is a revert for an optimization that could cause deadlocks.

One of the scheduler commits (164c33c6ad "sched: Fix fork() error path
to not crash") is correct but not complete (some architectures like Tile
are not covered yet) - the resulting additional fixes are still WIP and
Ingo did not want to delay these pending fixes.  See this thread on
lkml:

  [PATCH] fork: fix error handling in dup_task()

The perf fixes are just trivial oneliners.

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  Revert "rcu: Move PREEMPT_RCU preemption to switch_to() invocation"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf kvm: Fix segfault with report and mixed guestmount use
  perf kvm: Fix regression with guest machine creation
  perf script: Fix format regression due to libtraceevent merge
  ring-buffer: Fix accounting of entries when removing pages
  ring-buffer: Fix crash due to uninitialized new_pages list head

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  MAINTAINERS/sched: Update scheduler file pattern
  sched/nohz: Rewrite and fix load-avg computation -- again
  sched: Fix fork() error path to not crash
2012-07-14 11:16:24 -07:00
Bob Moore 46befd6b38 ACPICA: Fix possible fault in return package object repair code
Fixes a problem that can occur when a lone package object is
wrapped with an outer package object in order to conform to
the ACPI specification. Can affect these predefined names:
_ALR,_MLS,_PSS,_TRT,_TSS,_PRT,_HPX,_DLM,_CSD,_PSD,_TSD

https://bugzilla.kernel.org/show_bug.cgi?id=44171

This problem was introduced in 3.4-rc1 by commit
6a99b1c94d
(ACPICA: Object repair code: Support to add Package wrappers)

Reported-by: Vlastimil Babka <caster@gentoo.org>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Cc: <stable@vger.kernel.org> # 3.4
Signed-off-by: Len Brown <len.brown@intel.com>
2012-07-14 11:38:41 -04:00
Bruce Allan a52359b56c e1000e: fix test for PHY being accessible on 82577/8/9 and I217
Occasionally, the PHY can be initially inaccessible when the first read of
a PHY register, e.g. PHY_ID1, happens (signified by the returned value
0xFFFF) but subsequent accesses of the PHY work as expected.  Add a retry
counter similar to how it is done in the generic e1000_get_phy_id().

Also, when the PHY is completely inaccessible (i.e. when subsequent reads
of the PHY_IDx registers returns all F's) and the MDIO access mode must be
set to slow before attempting to read the PHY ID again, the functions that
do these latter two actions expect the SW/FW/HW semaphore is not already
set so the semaphore must be released before and re-acquired after calling
them otherwise there is an unnecessarily inordinate amount of delay during
device initialization.

Reported-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-07-14 00:45:45 -07:00
Tushar Dave d0efa8f23a e1000e: Correct link check logic for 82571 serdes
SYNCH bit and IV bit of RXCW register are sticky. Before examining these bits,
RXCW should be read twice to filter out one-time false events and have correct
values for these bits. Incorrect values of these bits in link check logic can
cause weird link stability issues if auto-negotiation fails.

CC: stable <stable@vger.kernel.org> [2.6.38+]
Reported-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Tushar Dave <tushar.n.dave@intel.com>
Reviewed-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-07-14 00:43:27 -07:00
Arnd Bergmann df4732abf9 Merge branch 'v3.5-samsung-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes
From Kukjin Kim <kgene.kim@samsung.com>:

* 'v3.5-samsung-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
  ARM: S3C24XX: Correct CAMIF interrupt definitions
  ARM: S3C24XX: Correct AC97 clock control bit for S3C2440
  ARM: SAMSUNG: fix race in s3c_adc_start for ADC
  ARM: SAMSUNG: Update default rate for xusbxti clock
  ARM: EXYNOS: register devices in 'need_restore' state for pm_domains
  ARM: EXYNOS: read initial state of power domain from hw registers

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2012-07-14 09:14:35 +02:00
Linus Torvalds fdb1335a82 md: One use-after-free bugfix for RAID1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
 iQIVAwUAUACxPznsnt1WYoG5AQJxDA//dD/5ZQ+35N0x6fpeOT0hxipmdk/iCmfZ
 eAxiN34YH3Zxk1oF+ZjRUzecL+I2Q3w8SAxeS5lowuJvUbPY6A5ttBZ2xJhC6oZ2
 5MgliHN7IjBfVul0DOodCN+lYG3ve7CO5fOz/QnMGBwQFdTHMMJYQw9Qf+QwsxfC
 YXxhDwt9lJrcQhUo50Na0WM0F7lC60A8Ny6ANtiLGRrfI/IDgCg2UN16VpchOWZT
 Szn9iPOB7wCGEpzCDMJf/dbZ/mQxrccfeG1F3qM9w5WNQ73SiNswCTvwjmW6O477
 32pqrK5xxPgYvqB28t93159lZpaY2GKNC9KvQ6vVqQPVih+zJxn+6qqvdvWNI3cD
 hTiUKW1O26lcQpeI8ADNrk9PQqX5o10Ypy42SgpUv8pfgcjLiJkXIv9GG5K3KfsT
 5Ea4W2Cru33d0VGsTw6rr2w1UwALjUWEXHOJRn+P5yrGJhfIXSV84RTzOWYYbBYl
 uAo1jLdlKI/jnnXMlOCi2w19PqGb1ZZpBwg5Gs5K0cBUBQCJAUU1MS1qJXEKo1oL
 i2ZMWmQxjPXLk3fadV1eoGOSpd2zOFdfCItf39qospLrC1Ym0C9p+1obkRLAQeTf
 bZMf261ZwIhH3bTCEVucOUvT1tlYaiE7s/zabWvjCajIzWEKIrWoOQw/U3eftJeZ
 SnnFsporIXk=
 =cy9g
 -----END PGP SIGNATURE-----

Merge tag 'md-3.5-fixes' of git://neil.brown.name/md

Pull use-after-free RAID1 bugfix from NeilBrown.

* tag 'md-3.5-fixes' of git://neil.brown.name/md:
  md/raid1: fix use-after-free bug in RAID1 data-check code.
2012-07-13 17:59:33 -07:00
Linus Torvalds d55e5bd020 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull the leap second fixes from Thomas Gleixner:
 "It's a rather large series, but well discussed, refined and reviewed.
  It got a massive testing by John, Prarit and tip.

  In theory we could split it into two parts.  The first two patches

    f55a6faa3843: hrtimer: Provide clock_was_set_delayed()
    4873fa070ae8: timekeeping: Fix leapsecond triggered load spike issue

  are merely preventing the stuff loops forever issues, which people
  have observed.

  But there is no point in delaying the other 4 commits which achieve
  full correctness into 3.6 as they are tagged for stable anyway.  And I
  rather prefer to have the full fixes merged in bulk than a "prevent
  the observable wreckage and deal with the hidden fallout later"
  approach."

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  hrtimer: Update hrtimer base offsets each hrtimer_interrupt
  timekeeping: Provide hrtimer update function
  hrtimers: Move lock held region in hrtimer_interrupt()
  timekeeping: Maintain ktime_t based offsets for hrtimers
  timekeeping: Fix leapsecond triggered load spike issue
  hrtimer: Provide clock_was_set_delayed()
2012-07-13 15:31:21 -07:00
Will Drewry 5651721ede x86/vsyscall: allow seccomp filter in vsyscall=emulate
If a seccomp filter program is installed, older static binaries and
distributions with older libc implementations (glibc 2.13 and earlier)
that rely on vsyscall use will be terminated regardless of the filter
program policy when executing time, gettimeofday, or getcpu.  This is
only the case when vsyscall emulation is in use (vsyscall=emulate is the
default).

This patch emulates system call entry inside a vsyscall=emulate by
populating regs->ax and regs->orig_ax with the system call number prior
to calling into seccomp such that all seccomp-dependencies function
normally.  Additionally, system call return behavior is emulated in line
with other vsyscall entrypoints for the trace/trap cases.

[ v2: fixed ip and sp on SECCOMP_RET_TRAP/TRACE (thanks to luto@mit.edu) ]
Reported-and-tested-by: Owen Kibel <qmewlo@gmail.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-13 14:25:55 -07:00
Christoph Hellwig 1632dcc93f xfs: do not call xfs_bdstrat_cb in xfs_buf_iodone_callbacks
xfs_bdstrat_cb only adds a check for a shutdown filesystem over
xfs_buf_iorequest, but xfs_buf_iodone_callbacks just checked for a shut down
filesystem a little earlier.  In addition the shutdown handling in
xfs_bdstrat_cb is not very suitable for this caller.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
2012-07-13 13:09:49 -05:00
Christoph Hellwig 40a9b7963d xfs: prevent recursion in xfs_buf_iorequest
If the b_iodone handler is run in calling context in xfs_buf_iorequest we
can run into a recursion where xfs_buf_iodone_callbacks keeps calling back
into xfs_buf_iorequest because an I/O error happened, which keeps calling
back into xfs_buf_iorequest.  This chain will usually not take long
because the filesystem gets shut down because of log I/O errors, but even
over a short time it can cause stack overflows if run on the same context.

As a short term workaround make sure we always call the iodone handler in
workqueue context.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
2012-07-13 13:09:39 -05:00
Dave Chinner aa292847b9 xfs: don't defer metadata allocation to the workqueue
Almost all metadata allocations come from shallow stack usage
situations. Avoid the overhead of switching the allocation to a
workqueue as we are not in danger of running out of stack when
making these allocations. Metadata allocations are already marked
through the args that are passed down, so this is trivial to do.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reported-by: Mel Gorman <mgorman@suse.de>
Tested-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Ben Myers <bpm@sgi.com>
2012-07-13 13:09:27 -05:00
Dave Chinner e3a746f5aa xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near
The current cursor is reallocated when retrying the allocation, so
the existing cursor needs to be destroyed in both the restart and
the failure cases.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Tested-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
2012-07-13 13:09:18 -05:00
Linus Torvalds ac7d181e32 Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging
Please pull one hwmon subsystem fix from Jean Delvare.

* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  hwmon: (it87) Preserve configuration register bits on init
2012-07-13 11:01:03 -07:00
Linus Torvalds 4264e6a263 NFS client bugfixes for Linux 3.5
- Fix an NFSv4 mount regression
 - Fix O_DIRECT list manipulation snafus
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQADo8AAoJEGcL54qWCgDyu8wP/2entLv4jYgM7zp+/kOBhps6
 RpAv57YYv86pLk5gxoZg/JJs3z4QzS3CjMRXK11CEzRMt1NUqJfI6587TIl11DYW
 0UJcrAQo4X3EgNR7CCKAJaHUmYLayjUgquL8OjdBTuXCrpJzGdHcnBa71oF3xaEb
 jJhsA0W+qqBpa0295HH8sdHkURX1+46OdSd47+Dg+PZurkr0CRhjZo+DX+AkaSsU
 blM+pYUgu20NFaNUEfBphib3XMnnCGXc84g3gqjeOldRMijJGv1VcmhfsmJwmyLA
 1mImwZ2HDzySVLrbA/D7yeddZfXuTaf8krFmyP07U6I7hIEXCAEr16DmqCQCF1UB
 ppzZM9lu8f6df9tIlmjdA/hGOfs5OSQzD1L9Irn8xpRIWYmg+mrxXSzIG6wZE8zu
 n1EURW5CrLrlz2d7rdhqA+Y/GIkAvIO0/iBbJnvkMUdMPsd9/ikFPkHGzMhsK1KN
 AxEi2r+n0e8Hwaueu0EP685QjrEjOyLDdKIsAzNy/UEGN4v297UoW8ZyYnrzEIJG
 mQg6l4ke34zuw3AxoR3X4SuW329rGpG7x0pXNwqJG292T9jki334dPzJCy1LbaGl
 o1g+Z0BcyMe9VC7tRwOFEiGsbcd/OYPRbVVhu/3RlrWuVvj46QDvVpQ7+1pOr2s/
 4Xu70AlKw3B02ge621+p
 =bX2K
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-3.5-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes from Trond Myklebust:
 - Fix an NFSv4 mount regression
 - Fix O_DIRECT list manipulation snafus

* tag 'nfs-for-3.5-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFSv4: Fix an NFSv4 mount regression
  NFS: Fix list manipulation snafus in fs/nfs/direct.c
2012-07-13 10:58:45 -07:00