Commit Graph

322186 Commits

Author SHA1 Message Date
Michal Hocko eb48c07146 mm: hugetlbfs: correctly populate shared pmd
Each page mapped in a process's address space must be correctly
accounted for in _mapcount.  Normally the rules for this are
straightforward but hugetlbfs page table sharing is different.  The page
table pages at the PMD level are reference counted while the mapcount
remains the same.

If this accounting is wrong, it causes bugs like this one reported by
Larry Woodman:

  kernel BUG at mm/filemap.c:135!
  invalid opcode: 0000 [#1] SMP
  CPU 22
  Modules linked in: bridge stp llc sunrpc binfmt_misc dcdbas microcode pcspkr acpi_pad acpi]
  Pid: 18001, comm: mpitest Tainted: G        W    3.3.0+ #4 Dell Inc. PowerEdge R620/07NDJ2
  RIP: 0010:[<ffffffff8112cfed>]  [<ffffffff8112cfed>] __delete_from_page_cache+0x15d/0x170
  Process mpitest (pid: 18001, threadinfo ffff880428972000, task ffff880428b5cc20)
  Call Trace:
    delete_from_page_cache+0x40/0x80
    truncate_hugepages+0x115/0x1f0
    hugetlbfs_evict_inode+0x18/0x30
    evict+0x9f/0x1b0
    iput_final+0xe3/0x1e0
    iput+0x3e/0x50
    d_kill+0xf8/0x110
    dput+0xe2/0x1b0
    __fput+0x162/0x240

During fork(), copy_hugetlb_page_range() detects if huge_pte_alloc()
shared page tables with the check dst_pte == src_pte.  The logic is if
the PMD page is the same, they must be shared.  This assumes that the
sharing is between the parent and child.  However, if the sharing is
with a different process entirely then this check fails as in this
diagram:

  parent
    |
    ------------>pmd
                 src_pte----------> data page
                                        ^
  other--------->pmd--------------------|
                  ^
  child-----------|
                 dst_pte

For this situation to occur, it must be possible for Parent and Other to
have faulted and failed to share page tables with each other.  This is
possible due to the following style of race.

  PROC A                                          PROC B
  copy_hugetlb_page_range                         copy_hugetlb_page_range
    src_pte == huge_pte_offset                      src_pte == huge_pte_offset
    !src_pte so no sharing                          !src_pte so no sharing

  (time passes)

  hugetlb_fault                                   hugetlb_fault
    huge_pte_alloc                                  huge_pte_alloc
      huge_pmd_share                                 huge_pmd_share
        LOCK(i_mmap_mutex)
        find nothing, no sharing
        UNLOCK(i_mmap_mutex)
                                                      LOCK(i_mmap_mutex)
                                                      find nothing, no sharing
                                                      UNLOCK(i_mmap_mutex)
      pmd_alloc                                       pmd_alloc
      LOCK(instantiation_mutex)
      fault
      UNLOCK(instantiation_mutex)
                                                  LOCK(instantiation_mutex)
                                                  fault
                                                  UNLOCK(instantiation_mutex)

These two processes are not poing to the same data page but are not
sharing page tables because the opportunity was missed.  When either
process later forks, the src_pte == dst pte is potentially insufficient.
As the check falls through, the wrong PTE information is copied in
(harmless but wrong) and the mapcount is bumped for a page mapped by a
shared page table leading to the BUG_ON.

This patch addresses the issue by moving pmd_alloc into huge_pmd_share
which guarantees that the shared pud is populated in the same critical
section as pmd.  This also means that huge_pte_offset test in
huge_pmd_share is serialized correctly now which in turn means that the
success of the sharing will be higher as the racing tasks see the pud
and pmd populated together.

Race identified and changelog written mostly by Mel Gorman.

{akpm@linux-foundation.org: attempt to make the huge_pmd_share() comment comprehensible, clean up coding style]
Reported-by: Larry Woodman <lwoodman@redhat.com>
Tested-by: Larry Woodman <lwoodman@redhat.com>
Reviewed-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Ken Chen <kenchen@google.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Hillf Danton <dhillf@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-21 16:45:02 -07:00
Stephen M. Cameron b0cf0b118c cciss: fix incorrect scsi status reporting
Delete code which sets SCSI status incorrectly as it's already been set
correctly above this incorrect code.  The bug was introduced in 2009 by
commit b0e15f6db1 ("cciss: fix typo that causes scsi status to be
lost.")

Signed-off-by: Stephen M. Cameron <scameron@beardog.cce.hp.com>
Reported-by: Roel van Meer <roel.vanmeer@bokxing.nl>
Tested-by: Roel van Meer <roel.vanmeer@bokxing.nl>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-21 16:45:02 -07:00
Namjae Jeon d65226e2bf Documentation: update mount option in filesystem/vfat.txt
Update two mount options(discard, nfs) in vfat.txt.

Signed-off-by: Namjae Jeon <linkinjeon@gmail.com>
Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-21 16:45:02 -07:00
Hugh Dickins f9aed62a2b mm: change nr_ptes BUG_ON to WARN_ON
Occasionally an isolated BUG_ON(mm->nr_ptes) gets reported, indicating
that not all the page tables allocated could be found and freed when
exit_mmap() tore down the user address space.

There's usually nothing we can say about it, beyond that it's probably a
sign of some bad memory or memory corruption; though it might still
indicate a bug in vma or page table management (and did recently reveal a
race in THP, fixed a few months ago).

But one overdue change we can make is from BUG_ON to WARN_ON.

It's fairly likely that the system will crash shortly afterwards in some
other way (for example, the BUG_ON(page_mapped(page)) in
__delete_from_page_cache(), once an inode mapped into the lost page tables
gets evicted); but might tell us more before that.

Change the BUG_ON(page_mapped) to WARN_ON too?  Later perhaps: I'm less
eager, since that one has several times led to fixes.

Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-21 16:45:02 -07:00
Jens Rottmann 61e01be22e cs5535-clockevt: typo, it's MFGPT, not MFPGT
Signed-off-by: Jens Rottmann <JRottmann@LiPPERTEmbedded.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-21 16:45:02 -07:00
Sachin Kamat 27fc4f1c0b drm: Add missing static storage class specifiers in drm_proc.c file
Fixes the following sparse warning:
drivers/gpu/drm/drm_proc.c:92:5:
warning: symbol 'drm_proc_create_files' was not declared. Should it be static?
drivers/gpu/drm/drm_proc.c:175:5:
warning: symbol 'drm_proc_remove_files' was not declared. Should it be static?

Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-08-22 09:30:00 +10:00
Dave Airlie d5c2c20e35 drm/udl: dpms off the crtc when disabled.
This turns off the crtc when its been disabled,
fixes it not turning off properly the whole time.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2012-08-22 09:27:47 +10:00
Damien Lespiau 04ccfe77f1 drm: Remove two unused fields from struct drm_display_mode
Signed-off-by: Damien Lespiau <damien.lespiau@intel.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-08-22 09:27:27 +10:00
Alan Cox f5869a8308 drm: stop vmgfx driver explosion
If you do a page flip with no flags set then event is NULL. If event is
NULL then the vmw_gfx driver likes to go digging into NULL and extracts
NULL->base.file_priv.

On a modern kernel with NULL mapping protection it's just another oops,
without it there are some "intriguing" possibilities.

What it should do is an open question but that for the driver owners to
sort out.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Reviewed-by: Jakob Bornecrantz <jakob@vmware.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-08-22 09:26:50 +10:00
Dave Airlie 85119c16b3 Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes
Daniel writes:

" Nothing too major:
- A few fixes around the edid handling from Jani, also fixing a regression
  in 3.5 due to us using gmbus by default.
- Fixup hsw uncached pte flags.
- Fix suspend/resume crash when using hw contexts, from Ben.
- Try to tune gpu turbo a bit better, seems to help with some oddball
  power regressions."

* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
  drm/i915: use hsw rps tuning values everywhere on gen6+
  drm/i915: fall back to bit-banging if GMBUS fails in CRT EDID reads
  drm/i915: extract connector update from intel_ddc_get_modes() for reuse
  drm/i915: fix hsw uncached pte
  drm/i915/contexts: fix list corruption
  drm/i915: fix EDID memory leak in SDVO
2012-08-22 09:19:40 +10:00
Dave Airlie e2be2cd804 Merge branch 'drm-fixes-3.6' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Alex writes:

"This is the current set of radeon fixes for 3.6.  Nothing too major.

Highlights:
- fix vbios fetch on pure uefi systems
- fix vbios fetch on thunderbolt systems
- MSAA fixes
- lockup timeout fix
- modesetting fix"

* 'drm-fixes-3.6' of git://people.freedesktop.org/~agd5f/linux:
  drm/radeon/ss: use num_crtc rather than hardcoded 6
  Revert "drm/radeon: fix bo creation retry path"
  drm/radeon: split ATRM support out from the ATPX handler (v3)
  drm/radeon: convert radeon vfct code to use acpi_get_table_with_size
  ACPI: export symbol acpi_get_table_with_size
  drm/radeon: implement ACPI VFCT vbios fetch (v3)
  drm/radeon/kms: extend the Fujitsu D3003-S2 board connector quirk to cover later silicon stepping
  drm/radeon: fix checking of MSAA renderbuffers on r600-r700
  drm/radeon: allow CMASK and FMASK in the CS checker on r600-r700
  drm/radeon: init lockup timeout on ring init
  drm/radeon: avoid turning off spread spectrum for used pll
2012-08-22 09:18:49 +10:00
Sage Weil 45f2e081f5 ceph: avoid divide by zero in __validate_layout()
If "l->stripe_unit" is zero the the mod on the next line will cause a
divide by zero bug.  This comes from the copy_from_user() in
ceph_ioctl_set_layout_policy().  Passing 0 is valid, though (it means
"do not change") so avoid the % check in that case.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
2012-08-21 15:55:28 -07:00
Jim Schutt 6d4221b537 libceph: avoid truncation due to racing banners
Because the Ceph client messenger uses a non-blocking connect, it is
possible for the sending of the client banner to race with the
arrival of the banner sent by the peer.

When ceph_sock_state_change() notices the connect has completed, it
schedules work to process the socket via con_work().  During this
time the peer is writing its banner, and arrival of the peer banner
races with con_work().

If con_work() calls try_read() before the peer banner arrives, there
is nothing for it to do, after which con_work() calls try_write() to
send the client's banner.  In this case Ceph's protocol negotiation
can complete succesfully.

The server-side messenger immediately sends its banner and addresses
after accepting a connect request, *before* actually attempting to
read or verify the banner from the client.  As a result, it is
possible for the banner from the server to arrive before con_work()
calls try_read().  If that happens, try_read() will read the banner
and prepare protocol negotiation info via prepare_write_connect().
prepare_write_connect() calls con_out_kvec_reset(), which discards
the as-yet-unsent client banner.  Next, con_work() calls
try_write(), which sends the protocol negotiation info rather than
the banner that the peer is expecting.

The result is that the peer sees an invalid banner, and the client
reports "negotiation failed".

Fix this by moving con_out_kvec_reset() out of
prepare_write_connect() to its callers at all locations except the
one where the banner might still need to be sent.

[elder@inktak.com: added note about server-side behavior]

Signed-off-by: Jim Schutt <jaschut@sandia.gov>
Reviewed-by: Alex Elder <elder@inktank.com>
2012-08-21 15:55:27 -07:00
Sage Weil 6c5e50fa61 ceph: tolerate (and warn on) extraneous dentry from mds
If the MDS gives us a dentry and we weren't prepared to handle it,
WARN_ON_ONCE instead of crashing.

Reported-by: Yan, Zheng <zheng.z.yan@intel.com>
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
2012-08-21 15:55:25 -07:00
Alex Deucher 5317670692 drm/radeon/ss: use num_crtc rather than hardcoded 6
When checking if a pll is in use.

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2012-08-21 18:52:56 -04:00
Eric Dumazet e0e3cea46d af_netlink: force credentials passing [CVE-2012-3520]
Pablo Neira Ayuso discovered that avahi and
potentially NetworkManager accept spoofed Netlink messages because of a
kernel bug.  The kernel passes all-zero SCM_CREDENTIALS ancillary data
to the receiver if the sender did not provide such data, instead of not
including any such data at all or including the correct data from the
peer (as it is the case with AF_UNIX).

This bug was introduced in commit 16e5726269
(af_unix: dont send SCM_CREDENTIALS by default)

This patch forces passing credentials for netlink, as
before the regression.

Another fix would be to not add SCM_CREDENTIALS in
netlink messages if not provided by the sender, but it
might break some programs.

With help from Florian Weimer & Petr Matousek

This issue is designated as CVE-2012-3520

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-21 14:53:01 -07:00
Eric Dumazet a9915a1b52 ipv4: fix ip header ident selection in __ip_make_skb()
Christian Casteyde reported a kmemcheck 32-bit read from uninitialized
memory in __ip_select_ident().

It turns out that __ip_make_skb() called ip_select_ident() before
properly initializing iph->daddr.

This is a bug uncovered by commit 1d861aa4b3 (inet: Minimize use of
cached route inetpeer.)

Addresses https://bugzilla.kernel.org/show_bug.cgi?id=46131

Reported-by: Christian Casteyde <casteyde.christian@free.fr>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-21 14:51:06 -07:00
Christoph Paasch 1a7b27c97c ipv4: Use newinet->inet_opt in inet_csk_route_child_sock()
Since 0e73441992 ("ipv4: Use inet_csk_route_child_sock() in DCCP and
TCP."), inet_csk_route_child_sock() is called instead of
inet_csk_route_req().

However, after creating the child-sock in tcp/dccp_v4_syn_recv_sock(),
ireq->opt is set to NULL, before calling inet_csk_route_child_sock().
Thus, inside inet_csk_route_child_sock() opt is always NULL and the
SRR-options are not respected anymore.
Packets sent by the server won't have the correct destination-IP.

This patch fixes it by accessing newinet->inet_opt instead of ireq->opt
inside inet_csk_route_child_sock().

Reported-by: Luca Boccassi <luca.boccassi@gmail.com>
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-21 14:49:11 -07:00
Eric Dumazet 144d56e910 tcp: fix possible socket refcount problem
Commit 6f458dfb40 (tcp: improve latencies of timer triggered events)
added bug leading to following trace :

[ 2866.131281] IPv4: Attempt to release TCP socket in state 1 ffff880019ec0000
[ 2866.131726]
[ 2866.132188] =========================
[ 2866.132281] [ BUG: held lock freed! ]
[ 2866.132281] 3.6.0-rc1+ #622 Not tainted
[ 2866.132281] -------------------------
[ 2866.132281] kworker/0:1/652 is freeing memory ffff880019ec0000-ffff880019ec0a1f, with a lock still held there!
[ 2866.132281]  (sk_lock-AF_INET-RPC){+.+...}, at: [<ffffffff81903619>] tcp_sendmsg+0x29/0xcc6
[ 2866.132281] 4 locks held by kworker/0:1/652:
[ 2866.132281]  #0:  (rpciod){.+.+.+}, at: [<ffffffff81083567>] process_one_work+0x1de/0x47f
[ 2866.132281]  #1:  ((&task->u.tk_work)){+.+.+.}, at: [<ffffffff81083567>] process_one_work+0x1de/0x47f
[ 2866.132281]  #2:  (sk_lock-AF_INET-RPC){+.+...}, at: [<ffffffff81903619>] tcp_sendmsg+0x29/0xcc6
[ 2866.132281]  #3:  (&icsk->icsk_retransmit_timer){+.-...}, at: [<ffffffff81078017>] run_timer_softirq+0x1ad/0x35f
[ 2866.132281]
[ 2866.132281] stack backtrace:
[ 2866.132281] Pid: 652, comm: kworker/0:1 Not tainted 3.6.0-rc1+ #622
[ 2866.132281] Call Trace:
[ 2866.132281]  <IRQ>  [<ffffffff810bc527>] debug_check_no_locks_freed+0x112/0x159
[ 2866.132281]  [<ffffffff818a0839>] ? __sk_free+0xfd/0x114
[ 2866.132281]  [<ffffffff811549fa>] kmem_cache_free+0x6b/0x13a
[ 2866.132281]  [<ffffffff818a0839>] __sk_free+0xfd/0x114
[ 2866.132281]  [<ffffffff818a08c0>] sk_free+0x1c/0x1e
[ 2866.132281]  [<ffffffff81911e1c>] tcp_write_timer+0x51/0x56
[ 2866.132281]  [<ffffffff81078082>] run_timer_softirq+0x218/0x35f
[ 2866.132281]  [<ffffffff81078017>] ? run_timer_softirq+0x1ad/0x35f
[ 2866.132281]  [<ffffffff810f5831>] ? rb_commit+0x58/0x85
[ 2866.132281]  [<ffffffff81911dcb>] ? tcp_write_timer_handler+0x148/0x148
[ 2866.132281]  [<ffffffff81070bd6>] __do_softirq+0xcb/0x1f9
[ 2866.132281]  [<ffffffff81a0a00c>] ? _raw_spin_unlock+0x29/0x2e
[ 2866.132281]  [<ffffffff81a1227c>] call_softirq+0x1c/0x30
[ 2866.132281]  [<ffffffff81039f38>] do_softirq+0x4a/0xa6
[ 2866.132281]  [<ffffffff81070f2b>] irq_exit+0x51/0xad
[ 2866.132281]  [<ffffffff81a129cd>] do_IRQ+0x9d/0xb4
[ 2866.132281]  [<ffffffff81a0a3ef>] common_interrupt+0x6f/0x6f
[ 2866.132281]  <EOI>  [<ffffffff8109d006>] ? sched_clock_cpu+0x58/0xd1
[ 2866.132281]  [<ffffffff81a0a172>] ? _raw_spin_unlock_irqrestore+0x4c/0x56
[ 2866.132281]  [<ffffffff81078692>] mod_timer+0x178/0x1a9
[ 2866.132281]  [<ffffffff818a00aa>] sk_reset_timer+0x19/0x26
[ 2866.132281]  [<ffffffff8190b2cc>] tcp_rearm_rto+0x99/0xa4
[ 2866.132281]  [<ffffffff8190dfba>] tcp_event_new_data_sent+0x6e/0x70
[ 2866.132281]  [<ffffffff8190f7ea>] tcp_write_xmit+0x7de/0x8e4
[ 2866.132281]  [<ffffffff818a565d>] ? __alloc_skb+0xa0/0x1a1
[ 2866.132281]  [<ffffffff8190f952>] __tcp_push_pending_frames+0x2e/0x8a
[ 2866.132281]  [<ffffffff81904122>] tcp_sendmsg+0xb32/0xcc6
[ 2866.132281]  [<ffffffff819229c2>] inet_sendmsg+0xaa/0xd5
[ 2866.132281]  [<ffffffff81922918>] ? inet_autobind+0x5f/0x5f
[ 2866.132281]  [<ffffffff810ee7f1>] ? trace_clock_local+0x9/0xb
[ 2866.132281]  [<ffffffff8189adab>] sock_sendmsg+0xa3/0xc4
[ 2866.132281]  [<ffffffff810f5de6>] ? rb_reserve_next_event+0x26f/0x2d5
[ 2866.132281]  [<ffffffff8103e6a9>] ? native_sched_clock+0x29/0x6f
[ 2866.132281]  [<ffffffff8103e6f8>] ? sched_clock+0x9/0xd
[ 2866.132281]  [<ffffffff810ee7f1>] ? trace_clock_local+0x9/0xb
[ 2866.132281]  [<ffffffff8189ae03>] kernel_sendmsg+0x37/0x43
[ 2866.132281]  [<ffffffff8199ce49>] xs_send_kvec+0x77/0x80
[ 2866.132281]  [<ffffffff8199cec1>] xs_sendpages+0x6f/0x1a0
[ 2866.132281]  [<ffffffff8107826d>] ? try_to_del_timer_sync+0x55/0x61
[ 2866.132281]  [<ffffffff8199d0d2>] xs_tcp_send_request+0x55/0xf1
[ 2866.132281]  [<ffffffff8199bb90>] xprt_transmit+0x89/0x1db
[ 2866.132281]  [<ffffffff81999bcd>] ? call_connect+0x3c/0x3c
[ 2866.132281]  [<ffffffff81999d92>] call_transmit+0x1c5/0x20e
[ 2866.132281]  [<ffffffff819a0d55>] __rpc_execute+0x6f/0x225
[ 2866.132281]  [<ffffffff81999bcd>] ? call_connect+0x3c/0x3c
[ 2866.132281]  [<ffffffff819a0f33>] rpc_async_schedule+0x28/0x34
[ 2866.132281]  [<ffffffff810835d6>] process_one_work+0x24d/0x47f
[ 2866.132281]  [<ffffffff81083567>] ? process_one_work+0x1de/0x47f
[ 2866.132281]  [<ffffffff819a0f0b>] ? __rpc_execute+0x225/0x225
[ 2866.132281]  [<ffffffff81083a6d>] worker_thread+0x236/0x317
[ 2866.132281]  [<ffffffff81083837>] ? process_scheduled_works+0x2f/0x2f
[ 2866.132281]  [<ffffffff8108b7b8>] kthread+0x9a/0xa2
[ 2866.132281]  [<ffffffff81a12184>] kernel_thread_helper+0x4/0x10
[ 2866.132281]  [<ffffffff81a0a4b0>] ? retint_restore_args+0x13/0x13
[ 2866.132281]  [<ffffffff8108b71e>] ? __init_kthread_worker+0x5a/0x5a
[ 2866.132281]  [<ffffffff81a12180>] ? gs_change+0x13/0x13
[ 2866.308506] IPv4: Attempt to release TCP socket in state 1 ffff880019ec0000
[ 2866.309689] =============================================================================
[ 2866.310254] BUG TCP (Not tainted): Object already free
[ 2866.310254] -----------------------------------------------------------------------------
[ 2866.310254]

The bug comes from the fact that timer set in sk_reset_timer() can run
before we actually do the sock_hold(). socket refcount reaches zero and
we free the socket too soon.

timer handler is not allowed to reduce socket refcnt if socket is owned
by the user, or we need to change sk_reset_timer() implementation.

We should take a reference on the socket in case TCP_DELACK_TIMER_DEFERRED
or TCP_DELACK_TIMER_DEFERRED bit are set in tsq_flags

Also fix a typo in tcp_delack_timer(), where TCP_WRITE_TIMER_DEFERRED
was used instead of TCP_DELACK_TIMER_DEFERRED.

For consistency, use same socket refcount change for TCP_MTU_REDUCED_DEFERRED,
even if not fired from a timer.

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Tested-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-21 14:42:23 -07:00
Roland Dreier af74115eed target: Remove unused se_cmd.cmd_spdtl
This was originally for helping fabrics to determine overflow/underflow
status, and has been superceeded by SCF_OVERFLOW_BIT + SCF_UNDERFLOW_BIT.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-21 14:27:35 -07:00
Linus Torvalds 1456c75a80 Merge branch 'audit-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Pull audit-tree fixes from Miklos Szeredi:
 "The audit subsystem maintainers (Al and Eric) are not responding to
  repeated resends.  Eric did ack them a while ago, but no response
  since then.  So I'm sending these directly to you."

* 'audit-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
  audit: clean up refcounting in audit-tree
  audit: fix refcounting in audit-tree
  audit: don't free_chunk() after fsnotify_add_mark()
2012-08-21 12:25:24 -07:00
Linus Torvalds a6b881a5b8 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu
Pull m68knommu arch fixes from Greg Ungerer:
 "This contains 2 fixes.  One fixes compilation of ColdFire clk code,
  the other makes sure we use the generic atomic64 support on all m68k
  targets."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68k: select CONFIG_GENERIC_ATOMIC64 for all m68k CPU types
  m68knommu: select CONFIG_HAVE_CLK for ColdFire CPU types
2012-08-21 10:08:39 -07:00
Linus Torvalds 8f6c1ca9be Pin control fixes for v3.6:
- Fixed Nomadik errorpath
 - Fixed documentation spelling errors
 - Forward-declare struct device in a header file
 - Remove some extraneous code lines when getting pinctrl states
 - Correct the i.MX51 configure register number
 - Fix the Nomadik keypad function group list
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iQIcBAABAgAGBQJQMmrMAAoJEEEQszewGV1zFpEP/0tTUOT60A12qbMMgW7smwRM
 jt/AqLxULX9iLawJtBZ3IY5iIoo8ZYpHDAUEIISKZEUnpCKGx3VDKHrHjsPxxfFf
 oBZ8PAQIVJYN0jiUkCeGAeKGzqzNGALt8NvBghlJJC6/CDk89Fe8fAjeRUXRCPjo
 hVY9hZ73TcqFAtZ80ETk5vDMMa3/OQukdbuVVBQTi+Y0mJ15zeFqNogPQRgX6oC7
 VJiIpPSUbcmgE+wWRUxIdf2y4isHZum62EWLjFPsgrK3ms1c2ap6RCr9P7ORXWc7
 lBq9uGDWa0ptXlI8drXVit8Pd4b98keEczyuNJFe7sSLYO4/BB8dUvp1jXdyjUWz
 kY6aIIvWrG0607rafPyg/5EbPQcX3NLmp3wevL0XEV/mwalu7ZcXaqnUWUVunRMM
 l8Y95T2uyoM+J4yPw8mUyPrRbN/THDqk9s53P+hQZEZjlkvGeaT2kRqbANkq/uKz
 XNaH2Zzdt1duvM0HO+S4gl+gz/iCpebjeb6gLf1bzd/NRqKlopmWw6L2cGbyTInq
 TohQQhYhvm+dib3a3teF4DEeJBRPmheNzdIoAnHQ1tbe6LNQzVSZzE3qEKGk7sSG
 Rk5SASW575LNBV+I/g8P4uuV4qMdr6jJikTLYGU4FsTBRNNhFvZtRTUWVTS6gdxt
 9KrpXkhZdV1dVElupOX/
 =E7f4
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-fixes-v3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:
 - Fixed Nomadik errorpath
 - Fixed documentation spelling errors
 - Forward-declare struct device in a header file
 - Remove some extraneous code lines when getting pinctrl states
 - Correct the i.MX51 configure register number
 - Fix the Nomadik keypad function group list

* tag 'pinctrl-fixes-v3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl/nomadik: add kp_b_2 keyboard function group list
  pinctrl: imx51: fix .conf_reg of MX51_PAD_SD2_CMD__CSPI_MOSI
  trivial: pinctrl core: remove extraneous code lines
  pinctrl: header: trivial: declare struct device
  Documentation/pinctrl.txt: Fix some misspelled macros
  pinctrl/nomadik: fix null in irqdomain errorpath
2012-08-21 10:07:41 -07:00
Linus Torvalds 4459f3974a Sound fixes for 3.6-rc3
This update became slightly bigger than usual for rc3, but most of the
 commits are small and trivial.  A large chunk is found for HD-audio
 ca0132 codec, which is mostly a clean up of the specific code, to make
 SPDIF working properly, and also in the new ASoC Arizona driver.
 
 One important fix is for usb-audio Oops fix since 3.5.  We still see
 some EHCI related bandwidth problem, but usb-audio should be more
 stabilized now.
 
 Other than that, a Kconfig fix is spread over files, and various
 HD-audio and ASoC fixes as usual, in addition to Julia's error path
 fixes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJQM0KtAAoJEGwxgFQ9KSmkgvkP/ifTaAQAJcuR15G8wHf4awPn
 cy/S7M5I02MRFe2c4IltJiK/y21jSsYLNvq3ISlcVxWrBod4r9ee2/23y/1veI2Z
 MhNXjN5vU/gNN/Ll5GTg/8dKaVTOSp3GqKJrEUDWhld42IZFS2OZwF6Qdx/jqoSS
 eCDEBQnkGj5mxLGC53ZwWURLCBrj8gIaaLXcm3121+/MAM3y8o7HaU45pJCPMVRR
 QdvVCW7FoPQ+S/j4eozElcGuACJTNvJnUhfSk0oAUoiZHfb8UThpexdF4K8l1qNB
 9PP3Pc1X2Fu7Ta1HDFenY3eOqNEOUY1Kj3isxEj0QOZugRpHYsp0k4GakAyDd8Ik
 2xUQumwzuxLEkkoHOVLM3lwppnD15KKm67OXeykNiI1xqlXNiuyhCL/pZIkxluuQ
 dPyG3EP+8yyFIuB709oaGlrMcscPZcxUw2RMeWBGTEUY0ECnrz8pCQRseazcmBP6
 LcyVlT3IWsmsogFU1OLGhl7kpmV3KisAJcUPPNNaq7wYEFtRxfUo0w3oXrn8jGe3
 sPiUhDm6WULJDsQYa9kss1GzXJVsdkCzoPw9vMTb9x9cXFO5XYigY0Qf6ujtjdQy
 WAvOYnuTfa2DAS+YCCFG0rO1H8Fv7SamDKyP4jJpnV7WHbDNOveWjtAC6VMcb9EY
 v+ko6dxRohfjUbvgdLiS
 =d2Si
 -----END PGP SIGNATURE-----

Merge tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "This update became slightly bigger than usual for rc3, but most of the
  commits are small and trivial.  A large chunk is found for HD-audio
  ca0132 codec, which is mostly a clean up of the specific code, to make
  SPDIF working properly, and also in the new ASoC Arizona driver.

  One important fix is for usb-audio Oops fix since 3.5.  We still see
  some EHCI related bandwidth problem, but usb-audio should be more
  stabilized now.

  Other than that, a Kconfig fix is spread over files, and various
  HD-audio and ASoC fixes as usual, in addition to Julia's error path
  fixes."

* tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (42 commits)
  ALSA: snd-als100: fix suspend/resume
  ALSA: hda - Fix leftover codec->power_transition
  ALSA: hda - don't create dysfunctional mixer controls for ca0132
  ALSA: sound/ppc/snd_ps3.c: fix error return code
  ALSA: sound/pci/rme9652/hdspm.c: fix error return code
  ALSA: sound/pci/sis7019.c: fix error return code
  ALSA: sound/pci/ctxfi/ctatc.c: fix error return code
  ALSA: sound/atmel/ac97c.c: fix error return code
  ALSA: sound/atmel/abdac.c: fix error return code
  ALSA: fix pcm.h kernel-doc warning and notation
  sound: oss/sb_audio: prevent divide by zero bug
  ASoC: wm9712: Fix inverted capture volume
  ASoC: wm9712: Fix microphone source selection
  ASoC: wm5102: Remove DRC2
  ALSA: hda - Don't send invalid volume knob command on IDT 92hd75bxx
  ALSA: usb-audio: Fix scheduling-while-atomic bug in PCM capture stream
  ALSA: lx6464es: Add a missing error check
  ALSA: hda - Fix 'Beep Playback Switch' with no underlying mute switch
  ASoC: jack: Always notify full jack status
  ASoC: wm5110: Add missing input PGA routes
  ...
2012-08-21 09:17:05 -07:00
Eric Dumazet f341861fb0 task_work: add a scheduling point in task_work_run()
It seems commit 4a9d4b024a ("switch fput to task_work_add") re-
introduced the problem addressed in 944be0b224 ("close_files(): add
scheduling point")

If a server process with a lot of files (say 2 million tcp sockets) is
killed, we can spend a lot of time in task_work_run() and trigger a soft
lockup.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-21 09:11:44 -07:00
Dave Airlie ec5da7f8dc fbcon: fix race condition between console lock and cursor timer
So we've had a fair few reports of fbcon handover breakage between
efi/vesafb and i915 surface recently, so I dedicated a couple of
days to finding the problem.

Essentially the last thing we saw was the conflicting framebuffer
message and that was all.

So after much tracing with direct netconsole writes (printks
under console_lock not so useful), I think I found the race.

  Thread A (driver load)    Thread B (timer thread)
    unbind_con_driver ->              |
    bind_con_driver ->                |
    vc->vc_sw->con_deinit ->          |
    fbcon_deinit ->                   |
    console_lock()                    |
        |                             |
        |                       fbcon_flashcursor timer fires
        |                       console_lock() <- blocked for A
        |
        |
  fbcon_del_cursor_timer ->
    del_timer_sync
    (BOOM)

Of course because all of this is under the console lock,
we never see anything, also since we also just unbound the active
console guess what we never see anything.

Hopefully this fixes the problem for anyone seeing vesafb->kms
driver handoff.

Signed-off-by: David Airlie <airlied@redhat.com>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: stable@vger.kernel.org
Tested-by: Josh Boyer <jwboyer@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-21 09:08:50 -07:00
Alex Deucher 676bc2e1e4 Revert "drm/radeon: fix bo creation retry path"
This reverts commit d1c7871ddb.

ttm_bo_init() destroys the BO on failure. So this patch makes
the retry path work with freed memory.  This ends up causing
kernel panics when this path is hit.

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2012-08-21 09:55:01 -04:00
Ondrej Zary 53e1719f3d ALSA: snd-als100: fix suspend/resume
snd_card_als100_probe() does not set pcm field in struct snd_sb.
As a result, PCM is not suspended and applications don't know that they need
to resume the playback.

Tested with Labway A381-F20 card (ALS120).

Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-08-21 07:29:40 +02:00
Linus Torvalds 9160338de9 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
Pull PCI fixes from Bjorn Helgaas:
 "Here are two patches from Rafael Wysocki.

  One fixes an EHCI-related hibernation crash on ASUS boxes.  We fixed a
  similar suspend issue in v3.6-rc1, and this applies the same fix to
  the hibernate path.

  The other fixes D3/D3cold/D4 messages related to the D3cold support we
  merged in v3.6-rc1."

(Removed redundant top non-fast-forward merge commit from pulled branch)

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: EHCI: Fix crash during hibernation on ASUS computers
  PCI / PM: Fix D3/D3cold/D4 messages printed by acpi_pci_set_power_state()
2012-08-20 16:42:41 -07:00
Linus Torvalds 3b31fe9294 Clean out references to dead CONFIG_MISC_DEVICES option
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQMpkfAAoJEKurIx+X31iB3xsP+wX0Od5j2Nu4E5wIpowt/m7I
 8/G8thVVLGV76ZXnXQ6uPOcb4sshJH/HnsGdn/nIqy9ICHEeUOfTDSNrsa4gW0re
 iBhZWf8SorZYb9TIbr+SbpVdcWkzs7KpBInZBlG4XXAEHdtJt/525DkRr8Hyvfok
 AXwmrQ8l4gMXhjV4uu8dT3YAPeJnpCt98GUQpOOu9WsdgD5pTUZXHmeySjevwgEp
 Rpz2jaOafkvDi/4eX2/0zv1b6p+5S2bkFId2mL/gTsBNt5qR4DRS6Eh6M604LDGq
 V9cNtUX+JJ3+JcVVyEw09R3wp1prCyt6xbxx02+cA8IYA2zH+oTRz38GXSroJkTP
 8fdrPhT3rkKfQrq+QbnzxulD3A2KxhvgKraJb8hc/iEf3ctKeguh4pDl8v/lV1RN
 X5Ni3mTvRh7gSjexL3GyvDU+S+oCyJtR/epP1Al+ihqgqXRn50uTSa1q00ZUGZk0
 eozm1W6j5olgih8w3KNW4cx3s1piQ4M9oDym2VEWJ8sbgKLr24qUGoW//7EHBCz9
 wA6ZFYckXH/PYV+ZUqK6pR1sIJSo0hyy+alJt3WOlB6gy/FQNUhiicGqW/LEf5Eu
 WNexzdccTurdiI3OZ2lxoPVgZRCG2lhqwdvI5wxGJqduV46fr5ydgQ06AoElOjf4
 XHW7TR2qlJzovim2Vqh0
 =Epgu
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-ia64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

Pull config cleanup for ia64 from Tony Luck:
 "Clean out references to dead CONFIG_MISC_DEVICES option"

* tag 'please-pull-ia64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] defconfig: Remove CONFIG_MISC_DEVICES
2012-08-20 15:26:28 -07:00
Denis Efremov 08a16208c8 tcm_fc: rcu_deref outside rcu lock/unlock section
Use rcu_dereference_protected in order to prevent lockdep
complaint. Sequel of the patch 863555be

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Denis Efremov <yefremov.denis@gmail.com>
Acked-by: Mark D. Rustad <mark.d.rustad@intel.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-20 14:52:15 -07:00
Michael S. Tsirkin 6de7145ca3 tcm_vhost: Fix vhost_scsi_target structure alignment
Here TRANSPORT_IQN_LEN is 224, which is a multiple of 4.
Since vhost_tpgt is 2 bytes and abi_version is 4, the total size would
be 230.  But gcc needs struct size be aligned to first field size, which
is 4 bytes, so it pads the structure by extra 2 bytes to the total of
232.

This padding is very undesirable in an ABI:
- it can not be initialized easily
- it can not be checked easily
- it can leak information between kernel and userspace

Simplest solution is probably just to make the padding
explicit.

(v2: Add check for zero'ed backend->reserved field for VHOST_SCSI_SET_ENDPOINT
     and VHOST_SCSI_CLEAR_ENDPOINT ops as requested by MST)

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-08-20 14:52:11 -07:00
Linus Torvalds 10c63c9aec More USB patches for 3.6-rc3
Here are 10 more USB patches for 3.6-rc3.  They all fix reported
 problems (build problems for one of them, and easily repeatable oopses
 for the others.)
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
 iEYEABECAAYFAlAyjj4ACgkQMUfUDdst+yn8gQCgkNpc92Ux5hBYJIX/AQYoBrTB
 ktAAoLiXxIhVP+D4C42R1VLw9vGeB1QH
 =+8kb
 -----END PGP SIGNATURE-----

Merge tag 'usb-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull more USB patches from Greg Kroah-Hartman:
 "Here are 10 more USB patches for 3.6-rc3.  They all fix reported
  problems (build problems for one of them, and easily repeatable oopses
  for the others.)

  Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"

* tag 'usb-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  gpu/mfd/usb: Fix USB randconfig problems
  USB: CDC ACM: Fix NULL pointer dereference
  USB: emi62: remove __devinit* from the struct usb_device_id table
  USB: winbond: remove __devinit* from the struct usb_device_id table
  USB: vt6656: remove __devinit* from the struct usb_device_id table
  USB: rtl8187: remove __devinit* from the struct usb_device_id table
  USB: p54usb: remove __devinit* from the struct usb_device_id table
  USB: spca506: remove __devinit* from the struct usb_device_id table
  USB: jl2005bcd: remove __devinit* from the struct usb_device_id table
  USB: smsusb: remove __devinit* from the struct usb_device_id table
2012-08-20 13:14:22 -07:00
Linus Torvalds c3e2f79d2d dmesg fix for 3.6-rc3
Here is one fix for the dmesg line corruption problem that the previous
 set of patches caused.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
 iEYEABECAAYFAlAyh14ACgkQMUfUDdst+yn2RQCbBissjdBqDhaX9schGTKyrxPM
 UOUAn3o3KZpUzFWSGYXQGaSI7HtcyElz
 =GWkA
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull one more driver core fix from Greg Kroah-Hartman:
 "Here is one fix for the dmesg line corruption problem that the
  previous set of patches caused.

  Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"

* tag 'driver-core-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  dyndbg: fix for SOH in logging messages
2012-08-20 13:13:47 -07:00
Linus Torvalds b0fbfb0cec Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
Pull x86 platform driver update from Matthew Garrett:
 "Some small updates for a few drivers, and some hardware enablement for
  new Ideapads and the gmux hardware in the latest Macs.

  This code won't run on older devices and has been well tested on new
  ones, so low risk of regressions."

* 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86:
  ideapad: add Lenovo IdeaPad Z570 support (part 3)
  ideapad: add Lenovo IdeaPad Z570 support (part 2)
  ideapad: add Lenovo IdeaPad Z570 support (part 1)
  classmate-laptop: always call input_sync() after input_report_switch()
  thinkpad-acpi: recognize latest V-Series using DMI_BIOS_VENDOR
  dell-laptop: Fixed typo in touchpad LED quirk
  vga_switcheroo: Don't require handler init callback
  vga_switcheroo: Remove assumptions about registration/unregistration ordering
  apple-gmux: Add display mux support
  apple-gmux: Fix kconfig dependencies
  asus-wmi: record wlan status while controlled by userapp
  apple_gmux: Fix ACPI video unregister
  apple_gmux: Add support for newer hardware
  gmux: Add generic write32 function
2012-08-20 13:12:41 -07:00
Linus Torvalds 807b5169e2 One patch with section conflict fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQMRbfAAoJEMsfJm/On5mBG3AP/2zEQEmUuefWsifb8B2cBptO
 78bNB4pZx1u93GNv+qaTNS2q0dNgck4YOvpvDCgF5KD1VHDIEbJUxXGTB6M/i5qw
 yEU1NVYUj6j+FQTJDmitDkjW9dOFonJeGOQhKInNEq2WTseMAxNxAhhStYotLTwq
 u6gjwEE1MFttiWKcMwMdfpIfzjDrbFmxAT82YtapVhQFluKyZxmzALPFYgsiZPWy
 KPNdNpFx7SY0i45SR5eJRYxuJSpFg21rdW+NlcCDejugZ1V/V7vhqBy8HkjgT7xs
 iGJSlEcCTpEAXWVBv/wLHobTC/Jzq/s5mFKqygvwctIrcELh6i9kutDf8j0Vinas
 opg+ayxGsCRSwhuJMwRX2s/3+z9faDGdRVEDO/Jxs8SB6/qbdGoOnDO2Ox5xk6mg
 lFcXmBTIhs0rcik4SUmQkv18wQ8CQkhLi4yhXhK1t/5jGS5ZJz1d9MtQQqFtnF+l
 eyvyP1bO9iR+bDiFrGy18E7Z4ovDGzx8hRJvCFDndMXYmYGxkM8Ar8dKohZPY1WG
 RWsnvm3LqBPOIrTNR/0jxqpJzYpZvU3lIdYA23FJHNxzPhg2pTWAXu6ZpN7Jrh7K
 rKbOWBQL8vk6v7HnEG1RbJ6karWRtYPWGsyImfU6qLVGa5jnhvKATIFk+IrPJ+U5
 bOUrzrg8pfLAhV7OzH11
 =ln9n
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull a hwmon fix from Guenter Roeck:
 "One patch with section conflict fixes."

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  sections: Fix section conflicts in drivers/hwmon
2012-08-20 13:11:00 -07:00
Linus Torvalds 8a6b52140f spi: Updates for 3.6
Grant is still away so another pull request with some fairly minor
 fixes, the most notable of which are several fixes for some common error
 patterns with the reference counting spi_master_get/put do.
 -
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQLrxzAAoJEFJkBDiqVpZ4xHIP+wQ8wi6X/HkB4I7EA9aET/hO
 UzyUTZtK6UQGjpqOBK0S38BMweyC23rbeYCcyWgF7rKI7IEjlul1r4O3iChgmeWR
 0ksrDfAIajb+9r1VoN7JQXnqk6miIIFdK2rotLNPnpbNlJTFCmmXD2FK5Zfc/pNA
 e3OjFvtMcaOGjTo5xvN3RK3e2IcH3eKHLCeoj33bKqElT6loITHPnOaEWyIe6QCc
 ExNCiv+D4apTRZ7nlvrttJrNtoMrL49rMy4rz0Z68nsClf1RZeZlTbVeT9+le3LQ
 VhrHUeW8TqYYPBuyMgDyCCBmkVlTZCODBaW2ZtXaC32n72luJuDgq3cZBXhCYuKe
 OPibJSY9j1P9CQBlro6Ccb/3pMjfegaLKCKsSHOdaMF730z9CImT78a2hVgMCNjQ
 WsUDwsOp8l8iJpgTylD1ijQGhH5h7yfp1TXc8rdeEWsRlI2wovCJtU4G4okvFUID
 UQFWShim73f6tDE5dzSYhzigg1ikbaOe5CpO3xk1foyNOx/o3/7U7Da0P5t6yVBa
 zwW/zXdl3GWMLGkqL+oHHMDGLGPeALsgIzMwSMVQY6cK3qROL3fJI9ajk31a1zeP
 sbWx53G2/AHDOqmvvXbuM/GJ8FOrQx7qJ/A2kLp+Fd+y8j/X15C28qVjQYNCJCXi
 x/02RXln1MxLrFKVasvn
 =8RgT
 -----END PGP SIGNATURE-----

Merge tag 'spi-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc

Pull spi fixes from Mark Brown:
 "Grant is still away so another pull request with some fairly minor
  fixes, the most notable of which are several fixes for some common
  error patterns with the reference counting spi_master_get/put do."

* tag 'spi-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc:
  spi/coldfire-qspi: Drop extra calls to spi_master_get in suspend/resume functions
  spi: spi-coldfire-qspi: Drop extra spi_master_put in device remove function
  spi/pl022: fix spi-pl022 pm enable at probe
  spi/bcm63xx: Ensure that memory is freed only after it is no longer used
  spi: omap2-mcspi: Fix the error handling in probe
  spi/s3c64xx: Add missing static storage class specifiers
2012-08-20 13:05:27 -07:00
Fabio Estevam 7c3ea4859a [IA64] defconfig: Remove CONFIG_MISC_DEVICES
commit 7c5763b845 (drivers:misc: Remove MISC_DEVICES config option) removed
CONFIG_MISC_DEVICES option, so remove the occurrences from the config files
as well.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2012-08-20 13:04:29 -07:00
Linus Torvalds fd4d3328b2 regulator: Updates for 3.6
A bunch of fixes which are a combination of minor fixes that have been
 shaken down due to greater testing exposure, the biggest block of which
 are for the Palmas driver which hadn't had all the changes required for
 mainline properly tested when it was merged.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQLsN2AAoJEFJkBDiqVpZ4po4QAKdrLVeV3LgNQJEIbig+sDkx
 7buj8nFez4RzjM0JOj7k1bJc4kDW8XaBSOsMEO2T4yFk7uEsAHfbusqeBwl3imQe
 I6bdoo5AClDzvkWIoPQ0ssuRv9DWj2s0B9S5QtMFL7WdnlQyaOCweResOcRyV0OJ
 8CwoX9/oQszAEkpgjEF+CW40DLeaevogz0SQg4vMzYT5yzMUtYIVO2K+NDNMoTMg
 Kwc8mKj9feEP8ilkyM86iz2/YASMf3YP0Vj+VmZQ52BxFhDBytIZJk3xKqkuVNJg
 qd8TLMsF4gz2Jc+KtEWKOA0DW7N0DrE4SaweDOgNrL8A0odegOL5Hk7SQRv1c8BX
 qyJEBSS19L7OYW44gGrZG6pWdSI9PuThjaibzBd5J/PfbpTBMWCz8i7S9n2yMlil
 KyNWxrWiHY7y6xBii6qWtnU5sdVVqLfeQxLv++vPexy+DMROrUdN43oJef5eomY5
 0SYo1ElPmb8EsTEX1DQqHEKEH3yTbrGzjgpyCtvhn/3+cmJwlBUJzxSSjsg13y1Z
 P72aQhuNBYjjeuTss0ZlX6luHUhlLB0x4DYnMs7E89CuqnJ2iBhVgnwRTpU6SS/E
 2pZWYsfeHrraGYmiRdiOEUEvaVxtgXNrgobfSqyiz8jnzkM0GtwBPNXy0lLyMEzI
 69vhwu3OjSKKSE0rYJ1B
 =gocn
 -----END PGP SIGNATURE-----

Merge tag 'regulator-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "A bunch of fixes which are a combination of minor fixes that have been
  shaken down due to greater testing exposure, the biggest block of
  which are for the Palmas driver which hadn't had all the changes
  required for mainline properly tested when it was merged."

* tag 'regulator-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: twl-regulator: fix up VINTANA1/VINTANA2
  regulator: core: request only valid gpio pins for regulator enable
  regulator: twl: Remove references to the twl4030 regulator
  regulator: gpio-regulator: Split setting of voltages and currents
  regulator: ab3100: add missing voltage table
  regulator: anatop: Fix wrong mask used in anatop_get_voltage_sel
  regulator: tps6586x: correct vin pin for sm0/sm1/sm2
  regulator: palmas: Fix palmas_probe error handling
  regulator: palmas: Call palmas_ldo_[read|write] in palmas_ldo_init
  regulator: palmas: Fix regmap offsets for PALMAS_REG_SMPS10 vsel_reg
  regulator: palmas: Fix calculating selector in palmas_map_voltage_ldo
2012-08-20 12:59:51 -07:00
Linus Torvalds d408ea2a0d IOMMU Fixes for Linux v3.6-rc2
Two fixes are necessary. One patch fixes a boot crash on MacBook Air
 with interrupt remapping enabled and the other patch fixes a regression
 (which causes a boot crash on AMD IOMMUv2 systems too) in the init code
 of the AMD IOMMU driver.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQMgntAAoJECvwRC2XARrjhTgP/jW6k9NYwJD4QOyrDkj7957V
 KkOfTF+TsPVlhtxwyY+hauvtKywf4rNK5l5/pYTiZlV4m06qZIlwpl/fYxjLKESA
 +xMgRc7GAGK0g3RKBgSqBXzmwCLPMuUab83GgmKHvjMvq7SbhMDgWklsGKRA9uni
 38nOnLby1TZfTctJlZ/6SqBkYYMz13GGqdxcdlCls8OSQVa+MbgyE7eWBhhwgWVA
 gvuCKL6vWkl6xMZYP8lR+rf6v0DRU01aHdCduIXdpqAUr5r4qXd7yxOQEYVXPE4s
 xgnq4AA2un0O4c2OibrXUBCzZhKVo/yKYpTThMAmuC0RTqPhfrZ6VMyuRvbBWKgE
 ozRKqsKq7TrwYebGvDWVFe9wHqX7BBha4p4C5wuhX411qFXLtynYs2dcHDhf7qBk
 mSivpWj9K+Gmetl+HaeJ4kOpMCPLtxMu7EytsZAlfunb3VzARtv6JDLx6zceuk8g
 rImHNdT6kh3Oat7K1a5/tBimRm/o+3MHVCE8EDg1/XPKRWa1a5VyWaeRx4CLVxZ3
 Cjqo8yvwj7EgVbyHzCMMISUEm70+Yn+l2dVJYRXCnlPaH99YXn1WLSOvlqWGpmQI
 rSUqH78mTPu2r5mfwqUT3cEzCgjQQfbVQ2wVBH2uY7/R5xAExukz/+6swVOdZiD/
 Mo2fAVGUBz+YaaUJnqWi
 =nnta
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v3.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:
 "Two fixes are necessary.  One patch fixes a boot crash on MacBook Air
  with interrupt remapping enabled and the other patch fixes a
  regression (which causes a boot crash on AMD IOMMUv2 systems too) in
  the init code of the AMD IOMMU driver."

* tag 'iommu-fixes-v3.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: Fix wrong check for ARRAY_SIZE()
  irq_remap: disable IRQ remapping if any IOAPIC lacks an IOMMU
2012-08-20 12:59:08 -07:00
Takashi Iwai 535b6c51fe ALSA: hda - Fix leftover codec->power_transition
When the codec turn-on operation is canceled by the immediate
power-on, the driver left the power_transition flag as is.
This caused the persistent avoidance of power-save behavior.

Cc: <stable@vger.kernel.org> [v3.5+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-08-20 21:25:22 +02:00
Takashi Iwai f0b433e9f3 ASoC: Additional updates for 3.6
A batch more bugfixes, all driver-specific and fairly small and
 unremarkable in a global context.  The biggest batch are for the newly
 added Arizona drivers.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQLsRjAAoJEFJkBDiqVpZ4HI0QALREeI4Hq7xGxOEPsY9QV+Eh
 0zs+Q2KnlGKlm87cm3PfsIpI+atf8WGVAO5/nTk7TPewvPbkvJp8p6zgzaMwvq1r
 5TqTdwTOwg0UuoiFakmET6x7mHmYvks0U1uAm5VwPzdNbahvHLArCsRgufXtNsEz
 4M9FmLL/+e9r/n3EKXMoNYab4krvmyVft5QCUxFkHgfcbfv95KIn9So54T5H/jG9
 fzhmKjMMGUja7Q7nLtpr6OHkJLZd1iPTu8xdjsQB7htNW7P8KPaseVt0oAUXNkXS
 K0WhTjqtQbDtm9KfrifY0vpdWNLbTi1R+vnm6FwQiDN0fZ1Tm18992veNZfaOAUE
 QWlGzt5Av2sCGwNXA55SF0cLo1lbxD1kwGN9o45zztGw0wW5qjkH9VF92XkpqISh
 zdE+bQoQk7I9UBtwql/YtY17QLn3KUBoDlHDaOQqrmQYXW69J8RnnjUMskoO/2Tu
 LTMPWLPnudVXIcfW+C/j1GSBN0l0q3FHGBYVfoCWwXShwjIr3Fzg8hhtHwL056/J
 YhEykqucR4iDJaOpjSxKiiKWjFfMQBkzipuTL6p/vqQJ3fPTp9LjQTABUnzsGqYQ
 mIx9W3BqZ1q/LiZYPYEExiIChdlE3g6+aFZfukk0sQQ0/dpipC/0qXRWMb8Kks6W
 18HFsHL5jX5s5e8qG5ac
 =X06H
 -----END PGP SIGNATURE-----

Merge tag 'asoc-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Additional updates for 3.6

A batch more bugfixes, all driver-specific and fairly small and
unremarkable in a global context.  The biggest batch are for the newly
added Arizona drivers.
2012-08-20 21:26:04 +02:00
Guenter Roeck 8f057d7bca gpu/mfd/usb: Fix USB randconfig problems
Fix config warning:

warning: ( ... && DRM_USB) selects USB which has unmet direct dependencies
(USB_SUPPORT && USB_ARCH_HAS_HCD)

and build error:
ERROR: "usb_speed_string" [drivers/usb/core/usbcore.ko] undefined!

by adding the missing dependency on USB_ARCH_HAS_HCD to DRM_UDL and DRM_USB.

This exposes:
drivers/video/Kconfig:36:error: recursive dependency detected!
drivers/video/Kconfig:36:       symbol FB is selected by DRM_KMS_HELPER
drivers/gpu/drm/Kconfig:28:     symbol DRM_KMS_HELPER is selected by DRM_UDL
drivers/gpu/drm/udl/Kconfig:1:  symbol DRM_UDL depends on USB_ARCH_HAS_HCD
drivers/usb/Kconfig:78: symbol USB_ARCH_HAS_HCD depends on USB_ARCH_HAS_OHCI
drivers/usb/Kconfig:16: symbol USB_ARCH_HAS_OHCI depends on I2C
drivers/i2c/Kconfig:5:  symbol I2C is selected by FB_DDC
drivers/video/Kconfig:86:       symbol FB_DDC is selected by FB_CYBER2000_DDC
drivers/video/Kconfig:385:      symbol FB_CYBER2000_DDC depends on FB_CYBER2000
drivers/video/Kconfig:373:      symbol FB_CYBER2000 depends on FB

which is due to drivers/usb/Kconfig:
config USB_ARCH_HAS_OHCI
	...
	default y if ARCH_PNX4008 && I2C

Fix by dropping I2C from the above dependency; logic is that this is not a
platform dependency but a configuration dependency: the _architecture_ still
supports USB even is I2C is not selected.

This exposes:
drivers/video/Kconfig:36:error: recursive dependency detected!
drivers/video/Kconfig:36:       symbol FB is selected by DRM_KMS_HELPER
drivers/gpu/drm/Kconfig:28:     symbol DRM_KMS_HELPER is selected by DRM_UDL
drivers/gpu/drm/udl/Kconfig:1:  symbol DRM_UDL depends on USB_ARCH_HAS_HCD
drivers/usb/Kconfig:78: symbol USB_ARCH_HAS_HCD depends on USB_ARCH_HAS_OHCI
drivers/usb/Kconfig:17: symbol USB_ARCH_HAS_OHCI depends on MFD_TC6393XB
drivers/mfd/Kconfig:396:        symbol MFD_TC6393XB depends on GPIOLIB
drivers/gpio/Kconfig:35:        symbol GPIOLIB is selected by FB_VIA
drivers/video/Kconfig:1560:     symbol FB_VIA depends on FB

which can be fixed by having MFD_TC6393XB select GPIOLIB instead of depending on
it.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-20 11:52:41 -07:00
Daniel Vetter 1ee9ae3244 drm/i915: use hsw rps tuning values everywhere on gen6+
James Bottomley reported [1] a massive power regression, due to the
enabling of semaphores by default in 3.5. A workaround for him is to
again disable semaphores. And indeed, his system has a very hard time
to enter rc6 with semaphores enabled.

Ben Widawsky run around with a kill-a-watt a lot and noticed:
- There are indeed a few rare systems that seem to have a hard time
  entering rc6 when desktop-idle.
- One machine, The Indestructible Toshiba regressed in this behaviour
  between 3.5 and 3.6 in a merge commit! So rc6 behaviour with the
  current setting seems to be highly timing dependent and not robust
  at all.
- The behaviour James reported wrt semaphores seems to be a freak
  timing thing that only happens on his specific machine, confirming
  that enabling semaphores shouldn't reduce rc6 residency.

Now furthermore the Google ChromeOS guys reported [2] a while ago that
at least on some machines a simply a blinking cursor can keep the gpu
turbo at the highest frequency. This is because the current rps limits
used on snb/ivb are highly asymmetric.

On the theory that gpu turbo and rc6 tuning values are related, we've
tried whether the much saner looking (since much less asymmetric) rps
tuning values used for hsw would also help entering rc6 more robustly.

And it seems to mostly work, and we don't really have the resources to
through-roughly tune things in any better way: The values from the
ChromeOS ppl seem to fare a bit worse for James' machine, so I guess
we better stick with something vpg (the gpu hw/windows group)
provided, hoping that they've done their jobs.

Reference[1]: http://lists.freedesktop.org/archives/dri-devel/2012-July/025675.html
Reference[2]: http://lists.freedesktop.org/archives/intel-gfx/2012-July/018692.html
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=53393
Tested-by: Ben Widawsky <ben@bwidawsk.net>
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
2012-08-20 20:49:19 +02:00
Linus Torvalds c71a35520f Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar.

A x32 socket ABI fix with a -stable backport tag among other fixes.

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x32: Use compat shims for {g,s}etsockopt
  Revert "x86-64/efi: Use EFI to deal with platform wall clock"
  x86, apic: fix broken legacy interrupts in the logical apic mode
  x86, build: Globally set -fno-pic
  x86, avx: don't use avx instructions with "noxsave" boot param
2012-08-20 10:36:18 -07:00
Linus Torvalds 53795ced6e Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar.

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched: Fix migration thread runtime bogosity
  sched,rt: fix isolated CPUs leaving root_task_group indefinitely throttled
  sched,cgroup: Fix up task_groups list
  sched: fix divide by zero at {thread_group,task}_times
  sched, cgroup: Reduce rq->lock hold times for large cgroup hierarchies
2012-08-20 10:35:05 -07:00
Linus Torvalds f78602ab7c Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 perf fixes from Ingo Molnar.

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86: disable PEBS on a guest entry.
  perf/x86: Add Intel Westmere-EX uncore support
  perf/x86: Fixes for Nehalem-EX uncore driver
  perf, x86: Fix uncore_types_exit section mismatch
2012-08-20 10:34:21 -07:00
Linus Torvalds fb34438914 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull a mutex fix from Ingo Molnar.

Fix the fastpath_lock failure contention flag for xchg-based mutexes.

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  mutex: Place lock in contended state after fastpath_lock failure
2012-08-20 10:30:57 -07:00
Al Viro 0e665d5d11 vfs: missed source of ->f_pos races
compat_sys_{read,write}v() need the same "pass a copy of file->f_pos" thing
as sys_{read,write}{,v}().

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-20 10:11:47 -07:00
Sage Weil d1c338a509 libceph: delay debugfs initialization until we learn global_id
The debugfs directory includes the cluster fsid and our unique global_id.
We need to delay the initialization of the debug entry until we have
learned both the fsid and our global_id from the monitor or else the
second client can't create its debugfs entry and will fail (and multiple
client instances aren't properly reflected in debugfs).

Reported by: Yan, Zheng <zheng.z.yan@intel.com>
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
2012-08-20 10:03:15 -07:00