Commit Graph

336424 Commits

Author SHA1 Message Date
Linus Torvalds bbec0270bd blkdev_max_block: make private to fs/buffer.c
We really don't want to look at the block size for the raw block device
accesses in fs/block-dev.c, because it may be changing from under us.
So get rid of the max_block logic entirely, since the caller should
already have done it anyway.

That leaves the only user of this function in fs/buffer.c, so move the
whole function there and make it static.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-29 17:48:12 -08:00
Linus Torvalds ab73857e35 direct-io: don't read inode->i_blkbits multiple times
Since directio can work on a raw block device, and the block size of the
device can change under it, we need to do the same thing that
fs/buffer.c now does: read the block size a single time, using
ACCESS_ONCE().

Reading it multiple times can get different results, which will then
confuse the code because it actually encodes the i_blksize in
relationship to the underlying logical blocksize.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-29 12:38:44 -08:00
Linus Torvalds 1e8b33328a blockdev: remove bd_block_size_semaphore again
This reverts the block-device direct access code to the previous
unlocked code, now that fs/buffer.c no longer needs external locking.

With this, fs/block_dev.c is back to the original version, apart from a
whitespace cleanup that I didn't want to revert.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-29 10:52:19 -08:00
Linus Torvalds 45bce8f3e3 fs/buffer.c: make block-size be per-page and protected by the page lock
This makes the buffer size handling be a per-page thing, which allows us
to not have to worry about locking too much when changing the buffer
size.  If a page doesn't have buffers, we still need to read the block
size from the inode, but we can do that with ACCESS_ONCE(), so that even
if the size is changing, we get a consistent value.

This doesn't convert all functions - many of the buffer functions are
used purely by filesystems, which in turn results in the buffer size
being fixed at mount-time.  So they don't have the same consistency
issues that the raw device access can have.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-29 10:47:20 -08:00
nikolay@redhat.com e196c0e579 bonding: fix race condition in bonding_store_slaves_active
Race between bonding_store_slaves_active() and slave manipulation
 functions. The bond_for_each_slave use in bonding_store_slaves_active()
 is not protected by any synchronization mechanism.
 NULL pointer dereference is easy to reach.
 Fixed by acquiring the bond->lock for the slave walk.

 v2: Make description text < 75 columns

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-29 13:13:15 -05:00
nikolay@redhat.com 90fb6250c5 bonding: make arp_ip_target parameter checks consistent with sysfs
The module can be loaded with arp_ip_target="255.255.255.255" which makes
 it impossible to remove as the function in sysfs checks for that value,
 so we make the parameter checks consistent with sysfs.

 v2: Fix formatting
 v3: Make description text < 75 columns

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-29 13:13:15 -05:00
nikolay@redhat.com fbb0c41b81 bonding: fix miimon and arp_interval delayed work race conditions
First I would give three observations which will be used later.
Observation 1: if (delayed_work_pending(wq)) cancel_delayed_work(wq)
 This usage is wrong because the pending bit is cleared just before the
 work's fn is executed and if the function re-arms itself we might end up
 with the work still running. It's safe to call cancel_delayed_work_sync()
 even if the work is not queued at all.
Observation 2: Use of INIT_DELAYED_WORK()
 Work needs to be initialized only once prior to (de/en)queueing.
Observation 3: IFF_UP is set only after ndo_open is called

Related race conditions:
1. Race between bonding_store_miimon() and bonding_store_arp_interval()
 Because of Obs.1 we can end up having both works enqueued.
2. Multiple races with INIT_DELAYED_WORK()
 Since the works are not protected by anything between INIT_DELAYED_WORK()
 and calls to (en/de)queue it is possible for races between the following
 functions:
 (races are also possible between the calls to INIT_DELAYED_WORK()
  and workqueue code)
 bonding_store_miimon() - bonding_store_arp_interval(), bond_close(),
			  bond_open(), enqueued functions
 bonding_store_arp_interval() - bonding_store_miimon(), bond_close(),
				bond_open(), enqueued functions
3. By Obs.1 we need to change bond_cancel_all()

Bugs 1 and 2 are fixed by moving all work initializations in bond_open
which by Obs. 2 and Obs. 3 and the fact that we make sure that all works
are cancelled in bond_close(), is guaranteed not to have any work
enqueued.
Also RTNL lock is now acquired in bonding_store_miimon/arp_interval so
they can't race with bond_close and bond_open. The opposing work is
cancelled only if the IFF_UP flag is set and it is cancelled
unconditionally. The opposing work is already cancelled if the interface
is down so no need to cancel it again. This way we don't need new
synchronizations for the bonding workqueue. These bugs (and fixes) are
tied together and belong in the same patch.
Note: I have left 1 line intentionally over 80 characters (84) because I
      didn't like how it looks broken down. If you'd prefer it otherwise,
      then simply break it.

 v2: Make description text < 75 columns

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-29 13:13:15 -05:00
Arnd Bergmann 9434d24b11 Merge branch 'v3.7-samsung-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes
From Kukjin Kim <kgene.kim@samsung.com>:

Samsung fixes for v3.7

* 'v3.7-samsung-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
  ARM: S3C24XX: Fix potential NULL pointer dereference error

This would have been ok to delay to 3.8 according to Kukjin, but since
it's an obvious bug fix and a potential NULL pointer dereference, it
seem appropriate for a late 3.7 submission.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2012-11-29 15:07:27 +01:00
Ohad Ben-Cohen dab55bbafd remoteproc: fix error path of ->find_vqs
Eliminate an erroneous invocation of rproc_shutdown inside
the error path of rproc_virtio_find_vqs.

Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
2012-11-29 10:05:09 +02:00
Linus Torvalds e9296e89b8 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "Some more fixes trickled in over the past few days:

   1) PIM device names can overflow the IFNAMSIZ buffer unless we
      properly limit the allowed indexes, fix from Eric Dumazet.

   2) Under heavy load we can OOPS in icmp reply processing due to an
      unchecked inet_putpeer() call.  Fix from Neal Cardwell.

   3) SCTP round trip calculations need to use 64-bit math to avoid
      overflows, fix from Schoch Christian.

   4) Fix a memory leak and an error return flub in SCTP and IRDA
      triggerable by userspace.  Fix from Tommi Rantala and found by the
      syscall fuzzer (trinity).

   5) MLX4 driver gives bogus size to memcpy() call, fix from Amir
      Vadai.

   6) Fix length calculation in VHOST descriptor translation, from
      Michael S Tsirkin.

   7) Ambassador ATM driver loops forever while loading firmware, fix
      from Dan Carpenter.

   8) Over MTU packets in openvswitch warn about wrong device, fix from
      Jesse Gross.

   9) Netfilter IPSET's netlink code can overrun a string buffer because
      it's not properly limited to IFNAMSIZ.  Fix from Florian Westphal.

  10) PCAN USB driver sets wrong timestamp in SKB, from Oliver Hartkopp.

  11) Make sure the RX ifindex always has a valid value in the CAN BCM
      driver, even if we haven't received a frame yet.  Fix also from
      Oliver Hartkopp."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  team: fix hw_features setup
  atm: forever loop loading ambassador firmware
  vhost: fix length for cross region descriptor
  irda: irttp: fix memory leak in irttp_open_tsap() error path
  net: qmi_wwan: add Huawei E173
  net/mlx4_en: Can set maxrate only for TC0
  sctp: Error in calculation of RTTvar
  sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall
  sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails
  net: ipmr: limit MRT_TABLE identifiers
  ipv4: avoid passing NULL to inet_putpeer() in icmpv4_xrlim_allow()
  can: bcm: initialize ifindex for timeouts without previous frame reception
  can: peak_usb: fix hwtstamp assignment
  netfilter: ipset: fix netiface set name overflow
  openvswitch: Store flow key len if ARP opcode is not request or reply.
  openvswitch: Print device when warning about over MTU packets.
2012-11-28 21:54:07 -08:00
Al Viro 02232f8d2b microblaze: rt_sigreturn is too trigger-happy about sigaltstack errors
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-11-28 21:46:12 -05:00
Al Viro afd3f96dc3 score: do_sigaltstack() expects a userland pointer...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-11-28 21:46:12 -05:00
Al Viro 9dc87c7b5b sh64: fix altstack switching on sigreturn
incidentally, declaring a local variable as __user (!) to make
sparse STFU is really sick.  Especially since sparse had been
100% right - it *is* a bug.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-11-28 21:46:11 -05:00
Al Viro d26654e5f9 openrisk: fix altstack switching on sigreturn
do_sigaltstack() expects _userland_ address, TYVM...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-11-28 21:46:11 -05:00
Al Viro 9436d5c32b um: get_safe_registers() should be done in flush_thread(), not start_thread()
... or we'll end up buggering the results of ELF_PLAT_INIT()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-11-28 21:46:03 -05:00
David S. Miller a45085f6a7 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch
Two small openswitch fixes from Jesse Gross.

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 18:00:47 -05:00
Mark Salter 93bbd0c087 c6x: use generic kvm_para.h
Signed-off-by: Mark Salter <msalter@redhat.com>
2012-11-28 14:33:03 -05:00
Mark Salter de0eed2813 c6x: remove internal kernel symbols from exported setup.h
Some internal kernel symbols were referenced in the exported setup.h.
This splits out the internal bits from the exported uapi bits.

Signed-off-by: Mark Salter <msalter@redhat.com>
2012-11-28 14:32:54 -05:00
Jiri Pirko 3ed7147189 team: fix hw_features setup
Do this in the same way bonding does. This fixed setup resolves performance
issues when using some cards with certain offloading.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:39:22 -05:00
Dan Carpenter fcdc90b025 atm: forever loop loading ambassador firmware
There was a forever loop introduced here when we converted this to
request_firmware() back in 2008.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Chas Williams <chas@cmf.nrl.navy.mil>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:38:11 -05:00
David S. Miller 52f2ede1ce Merge branch 'master' of git://1984.lsi.us.es/nf
An interface name overflow fix in netfilter via Pablo Neira Ayuso.

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:29:43 -05:00
Michael S. Tsirkin bd97120fc3 vhost: fix length for cross region descriptor
If a single descriptor crosses a region, the
second chunk length should be decremented
by size translated so far, instead it includes
the full descriptor length.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:27:01 -05:00
Tommi Rantala c3b2c25819 irda: irttp: fix memory leak in irttp_open_tsap() error path
Cleanup the memory we allocated earlier in irttp_open_tsap() when we hit
this error path. The leak goes back to at least 1da177e4
("Linux-2.6.12-rc2").

Discovered with Trinity (the syscall fuzzer).

Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:25:29 -05:00
Bjørn Mork ba695af067 net: qmi_wwan: add Huawei E173
The Huawei E173 is a QMI/wwan device which normally appear
as 12d1:1436 in Linux. The descriptors displayed in that
mode will be picked up by cdc_ether.  But the modem has
another mode with a different device ID and a slightly
different set of descriptors. This is the mode used by
Windows like this:

3Modem:      USB\VID_12D1&PID_140C&MI_00\6&3A1D2012&0&0000
Networkcard: USB\VID_12D1&PID_140C&MI_01\6&3A1D2012&0&0001
Appli.Inter: USB\VID_12D1&PID_140C&MI_02\6&3A1D2012&0&0002
PC UI Inter: USB\VID_12D1&PID_140C&MI_03\6&3A1D2012&0&0003

Reported-by: Thomas Schäfer <tschaefer@t-online.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:23:41 -05:00
Amir Vadai 29bb8f4a8d net/mlx4_en: Can set maxrate only for TC0
Had a typo in memcpy.

Signed-off-by: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:15:32 -05:00
Schoch Christian 92d64c261e sctp: Error in calculation of RTTvar
The calculation of RTTVAR involves the subtraction of two unsigned
numbers which
may causes rollover and results in very high values of RTTVAR when RTT > SRTT.
With this patch it is possible to set RTOmin = 1 to get the minimum of RTO at
4 times the clock granularity.

Change Notes:

v2)
        *Replaced abs() by abs64() and long by __s64, changed patch
description.

Signed-off-by: Christian Schoch <e0326715@student.tuwien.ac.at>
CC: Vlad Yasevich <vyasevich@gmail.com>
CC: Sridhar Samudrala <sri@us.ibm.com>
CC: Neil Horman <nhorman@tuxdriver.com>
CC: linux-sctp@vger.kernel.org
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:13:40 -05:00
Tommi Rantala 6e51fe7572 sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall
Consider the following program, that sets the second argument to the
sendto() syscall incorrectly:

 #include <string.h>
 #include <arpa/inet.h>
 #include <sys/socket.h>

 int main(void)
 {
         int fd;
         struct sockaddr_in sa;

         fd = socket(AF_INET, SOCK_STREAM, 132 /*IPPROTO_SCTP*/);
         if (fd < 0)
                 return 1;

         memset(&sa, 0, sizeof(sa));
         sa.sin_family = AF_INET;
         sa.sin_addr.s_addr = inet_addr("127.0.0.1");
         sa.sin_port = htons(11111);

         sendto(fd, NULL, 1, 0, (struct sockaddr *)&sa, sizeof(sa));

         return 0;
 }

We get -ENOMEM:

 $ strace -e sendto ./demo
 sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ENOMEM (Cannot allocate memory)

Propagate the error code from sctp_user_addto_chunk(), so that we will
tell user space what actually went wrong:

 $ strace -e sendto ./demo
 sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EFAULT (Bad address)

Noticed while running Trinity (the syscall fuzzer).

Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:11:17 -05:00
Tommi Rantala be364c8c0f sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails
Trinity (the syscall fuzzer) discovered a memory leak in SCTP,
reproducible e.g. with the sendto() syscall by passing invalid
user space pointer in the second argument:

 #include <string.h>
 #include <arpa/inet.h>
 #include <sys/socket.h>

 int main(void)
 {
         int fd;
         struct sockaddr_in sa;

         fd = socket(AF_INET, SOCK_STREAM, 132 /*IPPROTO_SCTP*/);
         if (fd < 0)
                 return 1;

         memset(&sa, 0, sizeof(sa));
         sa.sin_family = AF_INET;
         sa.sin_addr.s_addr = inet_addr("127.0.0.1");
         sa.sin_port = htons(11111);

         sendto(fd, NULL, 1, 0, (struct sockaddr *)&sa, sizeof(sa));

         return 0;
 }

As far as I can tell, the leak has been around since ~2003.

Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-28 11:10:09 -05:00
Pavel Shilovsky c772aa92b6 CIFS: Fix wrong buffer pointer usage in smb_set_file_info
Commit 6bdf6dbd66 caused a regression
in setattr codepath that leads to files with wrong attributes.

Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
2012-11-28 10:02:46 -06:00
Mikulas Patocka 4b05a1c74d percpu-rwsem: use synchronize_sched_expedited
Use synchronize_sched_expedited() instead of synchronize_sched()
to improve mount speed.

This patch improves mount time from 0.500s to 0.013s for Jeff's
test-case.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-and-tested-by: Jeff Chua <jeff.chua.linux@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-28 07:33:50 -08:00
Will Deacon ea3aacf5f2 ARM: 7586/1: sp804: set cpumask to cpu_possible_mask for clock event device
The SP804 driver statically initialises the cpumask of the clock event
device to be cpu_all_mask, which is derived from the compile-time
constant NR_CPUS. This breaks SMP_ON_UP systems where the interrupt
controller handling the sp804 doesn't have the irq_set_affinity callback
on the irq_chip, because the common timer code fails to identify the
device as cpu-local and ends up treating it as a broadcast device
instead.

This patch fixes the problem by using cpu_possible_mask at runtime,
which will correctly represent the possible CPUs when SMP_ON_UP is being
used.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2012-11-28 09:46:57 +00:00
Prarit Bhargava 42709efb3a i7core_edac: fix panic when accessing sysfs files
The i7core_edac addrmatch_dev and chancounts_dev have sysfs files
associated with them.  The sysfs files, however, are coded so that the
parent device is is the mci device.  This is incorrect and the mci struct
should be obtained through the addrmatch_dev and chancounts_dev device's
private data field which is populated in i7core_create_sysfs_devices().

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-11-28 06:56:00 -02:00
Dave Airlie e548a83c34 Merge branch 'drm-fixes-3.7' of git://people.freedesktop.org/~agd5f/linux
Just a single pll/crtc regression fix.

* 'drm-fixes-3.7' of git://people.freedesktop.org/~agd5f/linux:
  radeon: fix pll/ctrc mapping on dce2 and dce3 hardware
2012-11-28 16:51:10 +10:00
Jerome Glisse fc58acdbf1 radeon: fix pll/ctrc mapping on dce2 and dce3 hardware
This fix black screen on resume issue that some people are
experiencing. There is a bug in the atombios code regarding
pll/crtc mapping. The atombios code reverse the logic for
the pll and crtc mapping.

agd5f: drop unnecessary crtc id check, cc stable in case
we miss 3.7.

This fixes the root cause that was worked around by commits:
drm/radeon: allocate PPLLs from low to high
drm/radeon/dce3: switch back to old pll allocation order for discrete

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2012-11-27 16:59:03 -05:00
Linus Torvalds e23739b4ad Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
 "For some media fixes:
   - dvb_usb_v2: some fixes at the core
   - Some fixes on some embedded drivers: soc_camera, adv7604, omap3isp,
     exynos/s5p
   - Several Exynos4/5 camera fixes
   - a fix at stv0900 driver
   - a few USB ID additions to detect more variants of rtl28xxu-based
     sticks"

* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (25 commits)
  [media] rtl28xxu: 0ccd:00d7 TerraTec Cinergy T Stick+
  [media] rtl28xxu: 1d19:1102 Dexatek DK mini DVB-T Dongle
  [media] mt9v022: fix the V4L2_CID_EXPOSURE control
  [media] mx2_camera: fix missing unlock on error in mx2_start_streaming()
  [media] media: omap1_camera: fix const cropping related warnings
  [media] media: mx1_camera: use the default .set_crop() implementation
  [media] media: mx2_camera: fix const cropping related warnings
  [media] media: mx3_camera: fix const cropping related warnings
  [media] media: pxa_camera: fix const cropping related warnings
  [media] media: sh_mobile_ceu_camera: fix const cropping related warnings
  [media] media: sh_vou: fix const cropping related warnings
  [media] adv7604: restart STDI once if format is not found
  [media] adv7604: use presets where possible
  [media] adv7604: Replace prim_mode by mode
  [media] adv7604: cleanup references
  [media] dvb_usb_v2: switch interruptible mutex to normal
  [media] dvb_usb_v2: fix pid_filter callback error logging
  [media] exynos-gsc: change driver compatible string
  [media] omap3isp: Fix warning caused by bad subdev events operations prototypes
  [media] omap3isp: video: Fix warning caused by bad vidioc_s_crop prototype
  ...
2012-11-27 12:27:37 -08:00
Jeff Layton 3a98b86143 cifs: fix writeback race with file that is growing
Commit eddb079deb created a regression in the writepages codepath.
Previously, whenever it needed to check the size of the file, it did so
by consulting the inode->i_size field directly. With that patch, the
i_size was fetched once on entry into the writepages code and that value
was used henceforth.

If the file is changing size though (for instance, if someone is writing
to it or has truncated it), then that value is likely to be wrong. This
can lead to data corruption. Pages past the EOF at the time that the
writepages call was issued may be silently dropped and ignored because
cifs_writepages wrongly assumes that the file must have been truncated
in the interim.

Fix cifs_writepages to properly fetch the size from the inode->i_size
field instead to properly account for this possibility.

Original bug report is here:

    https://bugzilla.kernel.org/show_bug.cgi?id=50991

Reported-and-Tested-by: Maxim Britov <ungifted01@gmail.com>
Reviewed-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
2012-11-27 13:46:12 -06:00
H. Peter Anvin 6662c34fa9 x86-32: Unbreak booting on some 486 clones
There appear to have been some 486 clones, including the "enhanced"
version of Am486, which have CPUID but not CR4.  These 486 clones had
only the FPU flag, if any, unlike the Intel 486s with CPUID, which
also had VME and therefore needed CR4.

Therefore, look at the basic CPUID flags and require at least one bit
other than bit 0 before we modify CR4.

Thanks to Christian Ludloff of sandpile.org for confirming this as a
problem.

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2012-11-27 09:26:33 -08:00
Dave Airlie 64b1e1bad7 Merge branch 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos
Inki writes:
This pull request fixes minor issues and includes code cleanup.

* 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
  drm/exynos: Fix potential NULL pointer dereference in exynos_drm_encoder.c
  drm/exynos: Make exynos4/5_fimd_driver_data static
  drm/exynos: fix overlay updating issue
  drm/exynos: remove unnecessary code.
  drm/exynos: fix linux framebuffer address setting.
2012-11-27 14:41:37 +10:00
Dave Airlie efc15e0488 Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel
Daniel writes:
- Unbreak mbp retina, this time with a much more fine-grained approach
   (since the previous "completely ignore edp vbt bpp value" regressed some
   machines even after fixing a bug in our dp bw code).
- Disable cloning on sdvo. It just doesn't work (yeah took us a while to
   figure out), leading to jittery outputs in the best case.
- Revert rc6 for ilk again. It seems to help a few of the gpu hang
  reporters at least, and it's definitely the best we've got.
  Head-against-the-wall-banging is still ongoing for what really breaks
  (and how we can reproduce the non-rc6 hangs and how to reproduce on
  gen4).
* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
  Revert "drm/i915: enable rc6 on ilk again"
  drm/i915: do not default to 18 bpp for eDP if missing from VBT
  drm/i915: disable cloning on sdvo
2012-11-27 14:40:13 +10:00
Linus Torvalds 2844a48706 Merge branch 'akpm' (Fixes from Andrew)
Merge misc fixes from Andrew Morton:
 "8 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (8 patches)
  futex: avoid wake_futex() for a PI futex_q
  watchdog: using u64 in get_sample_period()
  writeback: put unused inodes to LRU after writeback completion
  mm: vmscan: check for fatal signals iff the process was throttled
  Revert "mm: remove __GFP_NO_KSWAPD"
  proc: check vma->vm_file before dereferencing
  UAPI: strip the _UAPI prefix from header guards during header installation
  include/linux/bug.h: fix sparse warning related to BUILD_BUG_ON_INVALID
2012-11-26 18:33:33 -08:00
Linus Torvalds 5687100aad TTY fix for 3.7-rc7
Here is a single fix for a reported regression in 3.7-rc5 for the tty
 layer.  This fix has been in the linux-next tree and solves the reported
 problem.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iEYEABECAAYFAlCz9SgACgkQMUfUDdst+ylwJACgrm6WSMdZy+Dcg+4lY+zLftUq
 UhQAn1Y00nwte19cNvJLqWYgJlqkcUBw
 =NAlw
 -----END PGP SIGNATURE-----

Merge tag 'tty-3.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull TTY fix from Greg Kroah-Hartman:
 "Here is a single fix for a reported regression in 3.7-rc5 for the tty
  layer.  This fix has been in the linux-next tree and solves the
  reported problem.

  Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"

* tag 'tty-3.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  tty vt: Fix a regression in command line edition
2012-11-26 17:46:36 -08:00
Linus Torvalds c854539d71 This is the MFD pull request for 3.7 fixes.
We have:
 
 - A twl fix preventing a buffer overflow.
 - A wm5102 register patch fix.
 - A wm5110 error misreport fix.
 - Arizona fixes: Use the right array size when adding subdevices, correctly
   report underclocked events, synchronize register cache after reset.
 - A twl4030 fix for preventing the system to hang from an interrupt flood.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQs33KAAoJEIqAPN1PVmxKlI8P/2wz99BLHEGG4uEZyRprOnA1
 B1I0TYmrHidz9XqX9rB/ytWnyVg3ZumpwJOWETGcpGE842/jw9yKtYcra9R2JZ7H
 IdobU2dQxlB+7J5Yoj7SuK9gY4eAN3/krKb7F0x8YKYjHleAwWwjzBVHXsK4I0oJ
 wPuN5NnmEs7wqT9y74WgLwZCZmbvjDYBFNW3ZrwD28KJAHKak1FE2RxtiTuwUv4o
 21j4s9XKlyI0mNgNPXQ0v5P6KZdceGBwXrjDa1+1onEuOsdXQF0ZHXfIfU24j/TB
 rRzcWo8sycAf35HvPdfHOd6vwdmIEx36i9nuJLVUJEAxkkEGKar0ZfIhDXuvGFCm
 bVS05+ZdZTbEWgiRRivpOuiL9P5KFElG5N/QhVhpNRkcOCKo3eGn/NDjIuv7hl/p
 Y+nJFrqSmdzvdN2MUCh+dXoe4LTb3jdB1qRpNr3VMlyL0I/8w7YW9ypB2bitN+IE
 0rZ4oK/BDHHRvQLIr4+frNbhG4OwH7XZmmtdiB10GMLw12akOkO2L0Zm2TTG/68g
 asVECywpqEGLBvyn96n0PYO489Obk72VU9oUz1KftIdRTxd9xj+Eo0v9W4lIMb47
 rscgjCrWTZs/kar52Em3Wc3q6eHfTG/h8uqN/R/ONwQzPwBXonHk1UxJI5+a1VXK
 tvHiz+RvjfH0UW58Bc5w
 =tHAv
 -----END PGP SIGNATURE-----

Merge tag 'mfd-for-linus-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6

Pull MFD fixes from Samuel Ortiz:

 - A twl fix preventing a buffer overflow.

 - A wm5102 register patch fix.

 - A wm5110 error misreport fix.

 - Arizona fixes: Use the right array size when adding subdevices,
   correctly report underclocked events, synchronize register cache
   after reset.

 - A twl4030 fix for preventing the system to hang from an interrupt
   flood.

* tag 'mfd-for-linus-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6:
  mfd: twl4030: Fix chained irq handling on resume from suspend
  mfd: arizona: Sync regcache after reset
  mfd: arizona: Correctly report when AIF2/AIF1 is underclocked
  mfd: arizona: Use correct array for ARRAY_SIZE in mfd_add_devices call
  mfd: wm5110: Disable control interface error report for WM5110 rev B
  mfd: wm5102: Update register patch for latest evaluation
  mfd: twl-core: Fix chip ID for the twl6030-pwm module
2012-11-26 17:45:16 -08:00
Linus Torvalds 33057692c2 Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM fixes from Russell King:
 "Not much here, just a couple minor/cosmetic fixes and a patch for the
  decompressor which fixes problems with modern GCC and CPUs."

* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
  ARM: 7583/1: decompressor: Enable unaligned memory access for v6 and above
  ARM: 7572/1: proc-v6.S: fix comment
  ARM: 7570/1: quiet down the non make -s output
2012-11-26 17:43:10 -08:00
Linus Torvalds 87726c334b Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull ext3 regression fix from Jan Kara:
 "Fix an ext3 regression introduced during 3.7 merge window.  It leads
  to deadlock if you stress the filesystem in the right way (luckily
  only if blocksize < pagesize)."

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  jbd: Fix lock ordering bug in journal_unmap_buffer()
2012-11-26 17:42:07 -08:00
Darren Hart aa10990e02 futex: avoid wake_futex() for a PI futex_q
Dave Jones reported a bug with futex_lock_pi() that his trinity test
exposed.  Sometime between queue_me() and taking the q.lock_ptr, the
lock_ptr became NULL, resulting in a crash.

While futex_wake() is careful to not call wake_futex() on futex_q's with
a pi_state or an rt_waiter (which are either waiting for a
futex_unlock_pi() or a PI futex_requeue()), futex_wake_op() and
futex_requeue() do not perform the same test.

Update futex_wake_op() and futex_requeue() to test for q.pi_state and
q.rt_waiter and abort with -EINVAL if detected.  To ensure any future
breakage is caught, add a WARN() to wake_futex() if the same condition
is true.

This fix has seen 3 hours of testing with "trinity -c futex" on an
x86_64 VM with 4 CPUS.

[akpm@linux-foundation.org: tidy up the WARN()]
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Reported-by: Dave Jones <davej@redat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: John Kacur <jkacur@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-26 17:41:24 -08:00
Chuansheng Liu 8ffeb9b0e6 watchdog: using u64 in get_sample_period()
In get_sample_period(), unsigned long is not enough:

  watchdog_thresh * 2 * (NSEC_PER_SEC / 5)

case1:
  watchdog_thresh is 10 by default, the sample value will be: 0xEE6B2800

case2:
 set watchdog_thresh is 20, the sample value will be: 0x1 DCD6 5000

In case2, we need use u64 to express the sample period.  Otherwise,
changing the threshold thru proc often can not be successful.

Signed-off-by: liu chuansheng <chuansheng.liu@intel.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-26 17:41:24 -08:00
Jan Kara 4eff96dd52 writeback: put unused inodes to LRU after writeback completion
Commit 169ebd9013 ("writeback: Avoid iput() from flusher thread")
removed iget-iput pair from inode writeback.  As a side effect, inodes
that are dirty during iput_final() call won't be ever added to inode LRU
(iput_final() doesn't add dirty inodes to LRU and later when the inode
is cleaned there's noone to add the inode there).  Thus inodes are
effectively unreclaimable until someone looks them up again.

The practical effect of this bug is limited by the fact that inodes are
pinned by a dentry for long enough that the inode gets cleaned.  But
still the bug can have nasty consequences leading up to OOM conditions
under certain circumstances.  Following can easily reproduce the
problem:

  for (( i = 0; i < 1000; i++ )); do
    mkdir $i
    for (( j = 0; j < 1000; j++ )); do
      touch $i/$j
      echo 2 > /proc/sys/vm/drop_caches
    done
  done

then one needs to run 'sync; ls -lR' to make inodes reclaimable again.

We fix the issue by inserting unused clean inodes into the LRU after
writeback finishes in inode_sync_complete().

Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Dave Chinner <david@fromorbit.com>
Cc: <stable@vger.kernel.org>		[3.5+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-26 17:41:24 -08:00
Mel Gorman 50694c28f1 mm: vmscan: check for fatal signals iff the process was throttled
Commit 5515061d22 ("mm: throttle direct reclaimers if PF_MEMALLOC
reserves are low and swap is backed by network storage") introduced a
check for fatal signals after a process gets throttled for network
storage.  The intention was that if a process was throttled and got
killed that it should not trigger the OOM killer.  As pointed out by
Minchan Kim and David Rientjes, this check is in the wrong place and too
broad.  If a system is in am OOM situation and a process is exiting, it
can loop in __alloc_pages_slowpath() and calling direct reclaim in a
loop.  As the fatal signal is pending it returns 1 as if it is making
forward progress and can effectively deadlock.

This patch moves the fatal_signal_pending() check after throttling to
throttle_direct_reclaim() where it belongs.  If the process is killed
while throttled, it will return immediately without direct reclaim
except now it will have TIF_MEMDIE set and will use the PFMEMALLOC
reserves.

Minchan pointed out that it may be better to direct reclaim before
returning to avoid using the reserves because there may be pages that
can easily reclaim that would avoid using the reserves.  However, we do
no such targetted reclaim and there is no guarantee that suitable pages
are available.  As it is expected that this throttling happens when
swap-over-NFS is used there is a possibility that the process will
instead swap which may allocate network buffers from the PFMEMALLOC
reserves.  Hence, in the swap-over-nfs case where a process can be
throtted and be killed it can use the reserves to exit or it can
potentially use reserves to swap a few pages and then exit.  This patch
takes the option of using the reserves if necessary to allow the process
exit quickly.

If this patch passes review it should be considered a -stable candidate
for 3.6.

Signed-off-by: Mel Gorman <mgorman@suse.de>
Cc: David Rientjes <rientjes@google.com>
Cc: Luigi Semenzato <semenzato@google.com>
Cc: Dan Magenheimer <dan.magenheimer@oracle.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Sonny Rao <sonnyrao@google.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-26 17:41:24 -08:00
Mel Gorman 82b212f400 Revert "mm: remove __GFP_NO_KSWAPD"
With "mm: vmscan: scale number of pages reclaimed by reclaim/compaction
based on failures" reverted, Zdenek Kabelac reported the following

  Hmm,  so it's just took longer to hit the problem and observe
  kswapd0 spinning on my CPU again - it's not as endless like before -
  but still it easily eats minutes - it helps to	turn off  Firefox
  or TB  (memory hungry apps) so kswapd0 stops soon - and restart
  those apps again.  (And I still have like >1GB of cached memory)

  kswapd0         R  running task        0    30      2 0x00000000
  Call Trace:
    preempt_schedule+0x42/0x60
    _raw_spin_unlock+0x55/0x60
    put_super+0x31/0x40
    drop_super+0x22/0x30
    prune_super+0x149/0x1b0
    shrink_slab+0xba/0x510

The sysrq+m indicates the system has no swap so it'll never reclaim
anonymous pages as part of reclaim/compaction.  That is one part of the
problem but not the root cause as file-backed pages could also be
reclaimed.

The likely underlying problem is that kswapd is woken up or kept awake
for each THP allocation request in the page allocator slow path.

If compaction fails for the requesting process then compaction will be
deferred for a time and direct reclaim is avoided.  However, if there
are a storm of THP requests that are simply rejected, it will still be
the the case that kswapd is awake for a prolonged period of time as
pgdat->kswapd_max_order is updated each time.  This is noticed by the
main kswapd() loop and it will not call kswapd_try_to_sleep().  Instead
it will loopp, shrinking a small number of pages and calling
shrink_slab() on each iteration.

The temptation is to supply a patch that checks if kswapd was woken for
THP and if so ignore pgdat->kswapd_max_order but it'll be a hack and not
backed up by proper testing.  As 3.7 is very close to release and this
is not a bug we should release with, a safer path is to revert "mm:
remove __GFP_NO_KSWAPD" for now and revisit it with the view to ironing
out the balance_pgdat() logic in general.

Signed-off-by: Mel Gorman <mgorman@suse.de>
Cc: Zdenek Kabelac <zkabelac@redhat.com>
Cc: Seth Jennings <sjenning@linux.vnet.ibm.com>
Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Cc: Jiri Slaby <jirislaby@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Robert Jennings <rcj@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-26 17:41:24 -08:00
Stanislav Kinsbursky 05f564849d proc: check vma->vm_file before dereferencing
Commit 7b540d0646 ("proc_map_files_readdir(): don't bother with
grabbing files") switched proc_map_files_readdir() to use @f_mode
directly instead of grabbing @file reference, but same time the test for
@vm_file presence was lost leading to nil dereference.  The patch brings
the test back.

The all proc_map_files feature is CONFIG_CHECKPOINT_RESTORE wrapped
(which is set to 'n' by default) so the bug doesn't affect regular
kernels.

The regression is 3.7-rc1 only as far as I can tell.

[gorcunov@openvz.org: provided changelog]
Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-26 17:41:24 -08:00