summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-10-26net/mlx4_en: Fix double-release-range in tx-ringsJack Morgenstein
The QP range is reserved as a single block. However, when freeing the en resources, the tx-ring QPs are released both in mlx4_en_destroy_tx_ring (one at a time) and in mlx4_en_free_resources (as a block release). Fix by eliminating the one-at-a-time release in mlx4_en_destroy_tx_ring. Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-10-26bas_gigaset: fix pre_reset handlingTilman Schmidt
The delayed work function int_in_work() may call usb_reset_device() and thus, indirectly, the driver's pre_reset method. Trying to cancel the work synchronously in that situation would deadlock. Fix by avoiding cancel_work_sync() in the pre_reset method. If the reset was NOT initiated by int_in_work() this might cause int_in_work() to run after the post_reset method, with urb_int_in already resubmitted, so handle that case gracefully. Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-10-26Revert "ARM: dma-mapping: support debug_dma_mapping_error"Marek Szyprowski
This reverts commit 871ae57adc5ed092c1341f411514d0e8482e2611, which is scheduled for v3.8 and accidently got into v3.7-rc series. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
2012-10-26ktest: Fix ktest confusion with CONFIG_MODULES_USE_ELF_RELASteven Rostedt
In order to decide if ktest should bother installing modules on the target box, it checks if the config file has CONFIG_MODULES=y. But it also checks if the '=y' part exists. It only will install modules if the config exists and is set with '=y'. But as the regex that was used tests: /^CONFIG_MODULES(=y)?/ this will also match: CONFIG_MODULES_USE_ELF_RELA as the '=y' part was optional and it did not test the rest of the line. When this happens, ktest will stop checking the rest of the configs but it will also think that no modules are needed to be installed. What it should do is only jump out of the loop if it actually found a CONFIG_MODULES that is set to true. Otherwise, ktest wont install the necessary modules needed for proper booting of the test target. Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2012-10-25Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linuxLinus Torvalds
Pull drm radeon fixes from Dave Airlie: "Just radeon fixes in this one: - some new PCI IDs - ATPX regression fix - async VM regression fixes - some module options fixes" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon: fix ATPX regression in acpi rework drm/radeon: fix ATPX function documentation drm/radeon: move the retry to gem_object_create drm/radeon: move size limits to gem_object_create. drm/radeon: use vzalloc for gart pages drm/radeon: fix and simplify pot argument checks v3 drm/radeon: fix header size estimation in VM code drm/radeon: remove set_page check from VM code drm/radeon: fix si_set_page v2 drm/radeon: fix cayman_vm_set_page v2 drm/radeon: fix PFP sync in vm_flush drm/radeon: add error output if VM CS fails on cayman drm/radeon: give each backlight a unique id drm/radeon: fix sparse warning drm/radeon: add some new SI PCI ids
2012-10-25Merge tag 'nfs-for-3.7-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds
Pull NFS bugfixes from Trond Myklebust: - Fix the NFSv2/v3 kernel statd protocol, which broke due to net namespace related changes. - Fix a number of races in the SUNRPC TCP disconnect/reconnect code. * tag 'nfs-for-3.7-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: LOCKD: Clear ln->nsm_clnt only when ln->nsm_users is zero LOCKD: fix races in nsm_client_get SUNRPC: Get rid of the xs_error_report socket callback SUNRPC: Prevent races in xs_abort_connection() Revert "SUNRPC: Ensure we close the socket on EPIPE errors too..." SUNRPC: Clear the connect flag when socket state is TCP_CLOSE_WAIT
2012-10-26Merge branch 'drm-fixes-3.7' of git://people.freedesktop.org/~agd5f/linux ↵Dave Airlie
into drm-fixes Alex writes: "Fixes pull request for radeon. The main things here are fixing a ATPX regression from the acpi rework, fixing some fallout from the async VM work, and fixing some module options that were broken in certain cases. Other than that, mainly just bug fixes." * 'drm-fixes-3.7' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: fix ATPX regression in acpi rework drm/radeon: fix ATPX function documentation drm/radeon: move the retry to gem_object_create drm/radeon: move size limits to gem_object_create. drm/radeon: use vzalloc for gart pages drm/radeon: fix and simplify pot argument checks v3 drm/radeon: fix header size estimation in VM code drm/radeon: remove set_page check from VM code drm/radeon: fix si_set_page v2 drm/radeon: fix cayman_vm_set_page v2 drm/radeon: fix PFP sync in vm_flush drm/radeon: add error output if VM CS fails on cayman drm/radeon: give each backlight a unique id drm/radeon: fix sparse warning drm/radeon: add some new SI PCI ids
2012-10-25Merge branch 'akpm' (Andrew's fixes)Linus Torvalds
Merge misc fixes from Andrew Morton: "18 total. 15 fixes and some updates to a device_cgroup patchset which bring it up to date with the version which I should have merged in the first place." * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (18 patches) fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check gen_init_cpio: avoid stack overflow when expanding drivers/rtc/rtc-imxdi.c: add missing spin lock initialization mm, numa: avoid setting zone_reclaim_mode unless a node is sufficiently distant pidns: limit the nesting depth of pid namespaces drivers/dma/dw_dmac: make driver's endianness configurable mm/mmu_notifier: allocate mmu_notifier in advance tools/testing/selftests/epoll/test_epoll.c: fix build UAPI: fix tools/vm/page-types.c mm/page_alloc.c:alloc_contig_range(): return early for err path rbtree: include linux/compiler.h for definition of __always_inline genalloc: stop crashing the system when destroying a pool backlight: ili9320: add missing SPI dependency device_cgroup: add proper checking when changing default behavior device_cgroup: stop using simple_strtoul() device_cgroup: rename deny_all to behavior cgroup: fix invalid rcu dereference mm: fix XFS oops due to dirty pages without buffers on s390
2012-10-26ACPI: missing breakAlan Cox
We handle NOTIFY_THROTTLING so don't then fall through to unsupported event. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2012-10-25Input: wacom - add touch sensor support for Cintiq 24HD touchJason Gerecke
Decode multitouch reports from the touch sensor of the Cintiq 24HD touch. Signed-off-by: Jason Gerecke <killertofu@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25Input: wacom - handle split-sensor devices with internal hubsJason Gerecke
Like our other pen-and-touch products, the Cintiq 24HD touch needs data to be shared between its two sensors to facilitate proximity-based palm rejection. Unlike other tablets that report sensor data through separate interfaces of the same USB device, the Cintiq 24HD touch has separate USB devices that are connected to an internal USB hub. This patch makes it possible to designate the USB VID/PID of the other device so that the two may share data. To ensure we don't accidentally link to a sensor from a physically separate device (if several have been plugged in), we limit the search to siblings (i.e., devices directly connected to the same hub). Signed-off-by: Jason Gerecke <killertofu@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25Makefile: Documentation for external tool should be correctH. Peter Anvin
If one includes documentation for an external tool, it should be correct. This is not: 1. Overriding the input to rngd should typically be neither necessary nor desired. This is especially so since newer versions of rngd support a number of different *types* of sources. 2. The default kernel-exported device is called /dev/hwrng not /dev/hwrandom nor /dev/hw_random (both of which were used in the past; however, kernel and udev seem to have converged on /dev/hwrng.) Overall it is better if the documentation for rngd is kept with rngd rather than in a kernel Makefile. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Cc: David Howells <dhowells@redhat.com> Cc: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-armLinus Torvalds
Pull ARM fixes from Russell King: "A random collection of various fixes, mainly from Arnd and a few other people. Not thing really stands out here." * 'fixes' of git://git.linaro.org/people/rmk/linux-arm: ARM: drop experimental status for hotplug and Thumb2 ARM: 7560/1: SMP_TWD: use DIV_ROUND_CLOSEST() for periodic mode ARM: 7559/1: smp: switch away from the idmap before updating init_mm.mm_count ARM: 7556/1: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD ARM: 7555/1: kexec: fix segment memory addresses check ARM: warnings in arch/arm/include/asm/uaccess.h ARM: binfmt_flat: unused variable 'persistent' ARM: be really quiet when building with 'make -s' ARM: pass -marm to gcc by default for both C and assembler ARM: Xen: fix initial build problems ARM: export default read_current_timer ARM: Fix another build warning in arch/arm/mm/alignment.c ARM: export set_irq_flags ARM: kprobes: make more tests conditional
2012-10-25Merge branch 'fixes_for_linus' of ↵Linus Torvalds
git://git.linaro.org/people/mszyprowski/linux-dma-mapping Pull CMA and DMA-mapping fixes from Marek Szyprowski: "This consists mainly of a set of one-liner fixes and cleanups for a few minor issues identified in both Contiguous Memory Allocator code and ARM DMA-mapping subsystem." * 'fixes_for_linus' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping: ARM: mm: Remove unused arm_vmregion priv field ARM: dma-mapping: fix build warning in __dma_alloc() ARM: dma-mapping: support debug_dma_mapping_error mm: cma: alloc_contig_range: return early for err path drivers: cma: Fix wrong CMA selected region size default value drivers: dma-coherent: Fix typo in dma_mmap_from_coherent documentation drivers: dma-contiguous: Don't redefine SZ_1M
2012-10-25x86, mm: Undo incorrect revert in arch/x86/mm/init.cYinghai Lu
Commit 844ab6f9 x86, mm: Find_early_table_space based on ranges that are actually being mapped added back some lines back wrongly that has been removed in commit 7b16bbf97 Revert "x86/mm: Fix the size calculation of mapping tables" remove them again. Signed-off-by: Yinghai Lu <yinghai@kernel.org> Link: http://lkml.kernel.org/r/CAE9FiQW_vuaYQbmagVnxT2DGsYc=9tNeAbdBq53sYkitPOwxSQ@mail.gmail.com Acked-by: Jacob Shin <jacob.shin@amd.com> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2012-10-25fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error checkKees Cook
The compat ioctl for VIDEO_SET_SPU_PALETTE was missing an error check while converting ioctl arguments. This could lead to leaking kernel stack contents into userspace. Patch extracted from existing fix in grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: David Miller <davem@davemloft.net> Cc: Brad Spengler <spender@grsecurity.net> Cc: PaX Team <pageexec@freemail.hu> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25gen_init_cpio: avoid stack overflow when expandingKees Cook
Fix possible overflow of the buffer used for expanding environment variables when building file list. In the extremely unlikely case of an attacker having control over the environment variables visible to gen_init_cpio, control over the contents of the file gen_init_cpio parses, and gen_init_cpio was built without compiler hardening, the attacker can gain arbitrary execution control via a stack buffer overflow. $ cat usr/crash.list file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0 $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list *** buffer overflow detected ***: ./usr/gen_init_cpio terminated This also replaces the space-indenting with tabs. Patch based on existing fix extracted from grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Brad Spengler <spender@grsecurity.net> Cc: PaX Team <pageexec@freemail.hu> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25drivers/rtc/rtc-imxdi.c: add missing spin lock initializationJan Luebbe
Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Cc: Alessandro Zummo <a.zummo@towertech.it> Cc: Roland Stigge <stigge@antcom.de> Cc: Grant Likely <grant.likely@secretlab.ca> Tested-by: Roland Stigge <stigge@antcom.de> Cc: Sascha Hauer <kernel@pengutronix.de> Cc: Russell King <linux@arm.linux.org.uk> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25mm, numa: avoid setting zone_reclaim_mode unless a node is sufficiently distantDavid Rientjes
Commit 957f822a0ab9 ("mm, numa: reclaim from all nodes within reclaim distance") caused zone_reclaim_mode to be set for all systems where two nodes are within RECLAIM_DISTANCE of each other. This is the opposite of what we actually want: zone_reclaim_mode should be set if two nodes are sufficiently distant. Signed-off-by: David Rientjes <rientjes@google.com> Reported-by: Julian Wollrath <jwollrath@web.de> Tested-by: Julian Wollrath <jwollrath@web.de> Cc: Hugh Dickins <hughd@google.com> Cc: Patrik Kullman <patrik.kullman@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25pidns: limit the nesting depth of pid namespacesAndrew Vagin
'struct pid' is a "variable sized struct" - a header with an array of upids at the end. The size of the array depends on a level (depth) of pid namespaces. Now a level of pidns is not limited, so 'struct pid' can be more than one page. Looks reasonable, that it should be less than a page. MAX_PIS_NS_LEVEL is not calculated from PAGE_SIZE, because in this case it depends on architectures, config options and it will be reduced, if someone adds a new fields in struct pid or struct upid. I suggest to set MAX_PIS_NS_LEVEL = 32, because it saves ability to expand "struct pid" and it's more than enough for all known for me use-cases. When someone finds a reasonable use case, we can add a config option or a sysctl parameter. In addition it will reduce the effect of another problem, when we have many nested namespaces and the oldest one starts dying. zap_pid_ns_processe will be called for each namespace and find_vpid will be called for each process in a namespace. find_vpid will be called minimum max_level^2 / 2 times. The reason of that is that when we found a bit in pidmap, we can't determine this pidns is top for this process or it isn't. vpid is a heavy operation, so a fork bomb, which create many nested namespace, can make a system inaccessible for a long time. For example my system becomes inaccessible for a few minutes with 4000 processes. [akpm@linux-foundation.org: return -EINVAL in response to excessive nesting, not -ENOMEM] Signed-off-by: Andrew Vagin <avagin@openvz.org> Acked-by: Oleg Nesterov <oleg@redhat.com> Cc: Cyrill Gorcunov <gorcunov@openvz.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25drivers/dma/dw_dmac: make driver's endianness configurableHein Tibosch
The dw_dmac driver was originally developed for avr32 to be used with the Synopsys DesignWare AHB DMA controller. Starting from 2.6.38, access to the device's i/o memory was done with the little-endian readl/writel functions(1) This broke the driver for the avr32 platform, because it needs big (native) endian accessors. This patch makes the endianness configurable using 'DW_DMAC_BIG_ENDIAN_IO', which will default be true for AVR32 I submitted this patch before(2) but then waited for Andy to finish other changes to the same module(3). (1) https://patchwork.kernel.org/patch/608211 (2) https://lkml.org/lkml/2012/8/26/148 (3) https://lkml.org/lkml/2012/9/21/173 Signed-off-by: Hein Tibosch <hein_tibosch@yahoo.es> Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: Viresh Kumar <viresh.kumar@linaro.org> Cc: Hans-Christian Egtvedt <egtvedt@samfundet.no> Cc: Ludovic Desroches <ludovic.desroches@atmel.com> Cc: Havard Skinnemoen <havard@skinnemoen.net> Cc: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25mm/mmu_notifier: allocate mmu_notifier in advanceGavin Shan
While allocating mmu_notifier with parameter GFP_KERNEL, swap would start to work in case of tight available memory. Eventually, that would lead to a deadlock while the swap deamon swaps anonymous pages. It was caused by commit e0f3c3f78da29b ("mm/mmu_notifier: init notifier if necessary"). ================================= [ INFO: inconsistent lock state ] 3.7.0-rc1+ #518 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage. kswapd0/35 [HC0[0]:SC0[0]:HE1:SE1] takes: (&mapping->i_mmap_mutex){+.+.?.}, at: page_referenced+0x9c/0x2e0 {RECLAIM_FS-ON-W} state was registered at: mark_held_locks+0x86/0x150 lockdep_trace_alloc+0x67/0xc0 kmem_cache_alloc_trace+0x33/0x230 do_mmu_notifier_register+0x87/0x180 mmu_notifier_register+0x13/0x20 kvm_dev_ioctl+0x428/0x510 do_vfs_ioctl+0x98/0x570 sys_ioctl+0x91/0xb0 system_call_fastpath+0x16/0x1b irq event stamp: 825 hardirqs last enabled at (825): _raw_spin_unlock_irq+0x30/0x60 hardirqs last disabled at (824): _raw_spin_lock_irq+0x19/0x80 softirqs last enabled at (0): copy_process+0x630/0x17c0 softirqs last disabled at (0): (null) ... Simply back out the above commit, which was a small performance optimization. Signed-off-by: Gavin Shan <shangw@linux.vnet.ibm.com> Reported-by: Andrea Righi <andrea@betterlinux.com> Tested-by: Andrea Righi <andrea@betterlinux.com> Cc: Wanpeng Li <liwanp@linux.vnet.ibm.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Avi Kivity <avi@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Marcelo Tosatti <mtosatti@redhat.com> Cc: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> Cc: Sagi Grimberg <sagig@mellanox.co.il> Cc: Haggai Eran <haggaie@mellanox.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25tools/testing/selftests/epoll/test_epoll.c: fix buildDaniel Hazelton
Latest Linus head run of "make selftests" in the tools directory failed with references to undefined variables. Reference was to 'write_thread_data' which is the name of a struct that is being used, not the variable itself. Change reference so it points to the variable. Signed-off-by: Daniel Hazelton <dshadowwolf@gmail.com> Cc: "Paton J. Lewis" <palewis@adobe.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25UAPI: fix tools/vm/page-types.cDavid Howells
Fix tools/vm/page-types.c to use the UAPI variant of linux/kernel-page-flags.h lest the following error appear: In file included from page-types.c:38:0: ../../include/linux/kernel-page-flags.h:4:42: fatal error: uapi/linux/kernel-page-flags.h: No such file or directory Reported-by: Daniel Hazelton <dshadowwolf@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Fengguang Wu <fengguang.wu@intel.com> Tested-by: Daniel Hazelton <dshadowwolf@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25mm/page_alloc.c:alloc_contig_range(): return early for err pathBob Liu
If start_isolate_page_range() failed, unset_migratetype_isolate() has been done inside it. Signed-off-by: Bob Liu <lliubbo@gmail.com> Cc: Ni zhan Chen <nizhan.chen@gmail.com> Cc: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25rbtree: include linux/compiler.h for definition of __always_inlineWill Deacon
rb_erase_augmented() is a static function annotated with __always_inline. This causes a compile failure when attempting to use the rbtree implementation as a library (e.g. kvm tool): rbtree_augmented.h:125:24: error: expected `=', `,', `;', `asm' or `__attribute__' before `void' Include linux/compiler.h in rbtree_augmented.h so that the __always_inline macro is resolved correctly. Signed-off-by: Will Deacon <will.deacon@arm.com> Cc: Pekka Enberg <penberg@kernel.org> Reviewed-by: Michel Lespinasse <walken@google.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25genalloc: stop crashing the system when destroying a poolThadeu Lima de Souza Cascardo
The genalloc code uses the bitmap API from include/linux/bitmap.h and lib/bitmap.c, which is based on long values. Both bitmap_set from lib/bitmap.c and bitmap_set_ll, which is the lockless version from genalloc.c, use BITMAP_LAST_WORD_MASK to set the first bits in a long in the bitmap. That one uses (1 << bits) - 1, 0b111, if you are setting the first three bits. This means that the API counts from the least significant bits (LSB from now on) to the MSB. The LSB in the first long is bit 0, then. The same works for the lookup functions. The genalloc code uses longs for the bitmap, as it should. In include/linux/genalloc.h, struct gen_pool_chunk has unsigned long bits[0] as its last member. When allocating the struct, genalloc should reserve enough space for the bitmap. This should be a proper number of longs that can fit the amount of bits in the bitmap. However, genalloc allocates an integer number of bytes that fit the amount of bits, but may not be an integer amount of longs. 9 bytes, for example, could be allocated for 70 bits. This is a problem in itself if the Least Significat Bit in a long is in the byte with the largest address, which happens in Big Endian machines. This means genalloc is not allocating the byte in which it will try to set or check for a bit. This may end up in memory corruption, where genalloc will try to set the bits it has not allocated. In fact, genalloc may not set these bits because it may find them already set, because they were not zeroed since they were not allocated. And that's what causes a BUG when gen_pool_destroy is called and check for any set bits. What really happens is that genalloc uses kmalloc_node with __GFP_ZERO on gen_pool_add_virt. With SLAB and SLUB, this means the whole slab will be cleared, not only the requested bytes. Since struct gen_pool_chunk has a size that is a multiple of 8, and slab sizes are multiples of 8, we get lucky and allocate and clear the right amount of bytes. Hower, this is not the case with SLOB or with older code that did memset after allocating instead of using __GFP_ZERO. So, a simple module as this (running 3.6.0), will cause a crash when rmmod'ed. [root@phantom-lp2 foo]# cat foo.c #include <linux/kernel.h> #include <linux/module.h> #include <linux/init.h> #include <linux/genalloc.h> MODULE_LICENSE("GPL"); MODULE_VERSION("0.1"); static struct gen_pool *foo_pool; static __init int foo_init(void) { int ret; foo_pool = gen_pool_create(10, -1); if (!foo_pool) return -ENOMEM; ret = gen_pool_add(foo_pool, 0xa0000000, 32 << 10, -1); if (ret) { gen_pool_destroy(foo_pool); return ret; } return 0; } static __exit void foo_exit(void) { gen_pool_destroy(foo_pool); } module_init(foo_init); module_exit(foo_exit); [root@phantom-lp2 foo]# zcat /proc/config.gz | grep SLOB CONFIG_SLOB=y [root@phantom-lp2 foo]# insmod ./foo.ko [root@phantom-lp2 foo]# rmmod foo ------------[ cut here ]------------ kernel BUG at lib/genalloc.c:243! cpu 0x4: Vector: 700 (Program Check) at [c0000000bb0e7960] pc: c0000000003cb50c: .gen_pool_destroy+0xac/0x110 lr: c0000000003cb4fc: .gen_pool_destroy+0x9c/0x110 sp: c0000000bb0e7be0 msr: 8000000000029032 current = 0xc0000000bb0e0000 paca = 0xc000000006d30e00 softe: 0 irq_happened: 0x01 pid = 13044, comm = rmmod kernel BUG at lib/genalloc.c:243! [c0000000bb0e7ca0] d000000004b00020 .foo_exit+0x20/0x38 [foo] [c0000000bb0e7d20] c0000000000dff98 .SyS_delete_module+0x1a8/0x290 [c0000000bb0e7e30] c0000000000097d4 syscall_exit+0x0/0x94 --- Exception: c00 (System Call) at 000000800753d1a0 SP (fffd0b0e640) is in userspace Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com> Cc: Paul Gortmaker <paul.gortmaker@windriver.com> Cc: Benjamin Gaignard <benjamin.gaignard@stericsson.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25backlight: ili9320: add missing SPI dependencyJingoo Han
Add this missing SPI dependency and prevent the driver from building without SPI, because functions of the spi driver are used in this driver. drivers/video/backlight/ili9320.c:51: undefined reference to `spi_sync' Also, a prompt string for CONFIG_LCD_ILI9320 is added for explicit selection. Signed-off-by: Jingoo Han <jg1.han@samsung.com> Cc: Richard Purdie <rpurdie@rpsys.net> Cc: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25device_cgroup: add proper checking when changing default behaviorAristeu Rozanski
Before changing a group's default behavior to ALLOW, we must check if its parent's behavior is also ALLOW. Signed-off-by: Aristeu Rozanski <aris@redhat.com> Cc: Tejun Heo <tj@kernel.org> Cc: Li Zefan <lizefan@huawei.com> Cc: James Morris <jmorris@namei.org> Cc: Pavel Emelyanov <xemul@openvz.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25device_cgroup: stop using simple_strtoul()Aristeu Rozanski
Convert the code to use kstrtou32() instead of simple_strtoul() which is deprecated. The real size of the variables are u32, so use kstrtou32 instead of kstrtoul Signed-off-by: Aristeu Rozanski <aris@redhat.com> Cc: Dave Jones <davej@redhat.com> Cc: Tejun Heo <tj@kernel.org> Cc: Li Zefan <lizefan@huawei.com> Cc: James Morris <jmorris@namei.org> Cc: Pavel Emelyanov <xemul@openvz.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25device_cgroup: rename deny_all to behaviorAristeu Rozanski
This was done in a v2 patch but v1 ended up being committed. The variable name is less confusing and stores the default behavior when no matching exception exists. Signed-off-by: Aristeu Rozanski <aris@redhat.com> Cc: Dave Jones <davej@redhat.com> Cc: Tejun Heo <tj@kernel.org> Cc: Li Zefan <lizefan@huawei.com> Cc: James Morris <jmorris@namei.org> Cc: Pavel Emelyanov <xemul@openvz.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25cgroup: fix invalid rcu dereferenceJiri Slaby
Commit ad676077a2ae ("device_cgroup: convert device_cgroup internally to policy + exceptions") removed rcu locks which are needed in task_devcgroup called in this chain: devcgroup_inode_mknod OR __devcgroup_inode_permission -> __devcgroup_inode_permission -> task_devcgroup -> task_subsys_state -> task_subsys_state_check. Change the code so that task_devcgroup is safely called with rcu read lock held. =============================== [ INFO: suspicious RCU usage. ] 3.6.0-rc5-next-20120913+ #42 Not tainted ------------------------------- include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 2 locks held by kdevtmpfs/23: #0: (sb_writers){.+.+.+}, at: [<ffffffff8116873f>] mnt_want_write+0x1f/0x50 #1: (&sb->s_type->i_mutex_key#3/1){+.+.+.}, at: [<ffffffff811558af>] kern_path_create+0x7f/0x170 stack backtrace: Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42 Call Trace: lockdep_rcu_suspicious+0xfd/0x130 devcgroup_inode_mknod+0x19d/0x240 vfs_mknod+0x71/0xf0 handle_create.isra.2+0x72/0x200 devtmpfsd+0x114/0x140 ? handle_create.isra.2+0x200/0x200 kthread+0xd6/0xe0 kernel_thread_helper+0x4/0x10 Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Dave Jones <davej@redhat.com> Cc: Tejun Heo <tj@kernel.org> Cc: Li Zefan <lizefan@huawei.com> Cc: James Morris <jmorris@namei.org> Cc: Pavel Emelyanov <xemul@openvz.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25mm: fix XFS oops due to dirty pages without buffers on s390Jan Kara
On s390 any write to a page (even from kernel itself) sets architecture specific page dirty bit. Thus when a page is written to via buffered write, HW dirty bit gets set and when we later map and unmap the page, page_remove_rmap() finds the dirty bit and calls set_page_dirty(). Dirtying of a page which shouldn't be dirty can cause all sorts of problems to filesystems. The bug we observed in practice is that buffers from the page get freed, so when the page gets later marked as dirty and writeback writes it, XFS crashes due to an assertion BUG_ON(!PagePrivate(page)) in page_buffers() called from xfs_count_page_state(). Similar problem can also happen when zero_user_segment() call from xfs_vm_writepage() (or block_write_full_page() for that matter) set the hardware dirty bit during writeback, later buffers get freed, and then page unmapped. Fix the issue by ignoring s390 HW dirty bit for page cache pages of mappings with mapping_cap_account_dirty(). This is safe because for such mappings when a page gets marked as writeable in PTE it is also marked dirty in do_wp_page() or do_page_fault(). When the dirty bit is cleared by clear_page_dirty_for_io(), the page gets writeprotected in page_mkclean(). So pagecache page is writeable if and only if it is dirty. Thanks to Hugh Dickins for pointing out mapping has to have mapping_cap_account_dirty() for things to work and proposing a cleaned up variant of the patch. The patch has survived about two hours of running fsx-linux on tmpfs while heavily swapping and several days of running on out build machines where the original problem was triggered. Signed-off-by: Jan Kara <jack@suse.cz> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Hugh Dickins <hughd@google.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: <stable@vger.kernel.org> [3.0+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-10-25Merge tag 'for-usb-linus-2012-10-25' of ↵Greg Kroah-Hartman
git://git.kernel.org/pub/scm/linux/kernel/git/sarah/xhci into usb-linus xHCI trivial fixes for 3.7 Hi Greg, Here's four trivial xHCI bug fixes for 3.7. They clean up some issues found while running Coverity across the xHCI driver. One is marked for stable. Sarah Sharp
2012-10-25freezer: exec should clear PF_NOFREEZE along with PF_KTHREADOleg Nesterov
flush_old_exec() clears PF_KTHREAD but forgets about PF_NOFREEZE. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Tejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2012-10-25xhci: trivial: Remove assigned but unused ep_ctx.Sarah Sharp
Remove the variable ep_ctx from xhci_add_endpoint(), since it is assigned but unused. Caught by Coverity. Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
2012-10-25xhci: trivial: Remove assigned but unused slot_ctx.Sarah Sharp
Remove the variable slot_ctx from xhci_dbg_ctx(), since it is assigned but unused. Caught by Coverity. Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
2012-10-25xhci: Fix missing break in xhci_evaluate_context_result.Sarah Sharp
Coverity complains that xhci_evaluate_context_result() is missing a break statement after the COMP_EBADSLT switch case. It's not a big deal, since we wanted to return the same error code as the case statement below it does. The end result would be one that a Slot Disabled error completion code would also print the warning message associated with a Context State error code. No other bad behavior would result. It's not worth backporting to stable kernels, since it only fixes an issue with too much debugging. Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
2012-10-25xhci: Fix potential NULL ptr deref in command cancellation.Sarah Sharp
The command cancellation code doesn't check whether find_trb_seg() couldn't find the segment that contains the TRB to be canceled. This could cause a NULL pointer deference later in the function when next_trb is called. It's unlikely to happen unless something is wrong with the command ring pointers, so add some debugging in case it happens. This patch should be backported to stable kernels as old as 3.0, that contain the commit b63f4053cc8aa22a98e3f9a97845afe6c15d0a0d "xHCI: handle command after aborting the command ring". Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Cc: stable@vger.kernel.org
2012-10-25Btrfs: do not bug when we fail to commit the transactionJosef Bacik
We BUG if we fail to commit the transaction when creating a snapshot, which is just obnoxious. Remove the BUG_ON(). Thanks, Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2012-10-25Btrfs: fix memory leak when cloning root's nodeLiu Bo
After cloning root's node, we forgot to dec the src's ref which can lead to a memory leak. Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2012-10-25Merge branch 'for-chris-fixed' of git://git.jan-o-sch.net/btrfs-unstableChris Mason
2012-10-25Btrfs: Use btrfs_update_inode_fallback when creating a snapshotJosef Bacik
On a really full file system I was getting ENOSPC back from btrfs_update_inode when trying to update the parent inode when creating a snapshot. Just use the fallback method so we can update the inode and not have to worry about having a delayed ref. Thanks, Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2012-10-25Btrfs: Send: preserve ownership (uid and gid) also for symlinks.Alex Lyakas
This patch also requires a change in the user-space part of "receive". We need to use "lchown" instead of "chown". We will do this in the following patch. Signed-off-by: Alex Lyakas <alex.btrfs@zadarastorage.com> if (S_ISREG(sctx->cur_inode_mode)) {
2012-10-25Btrfs: fix deadlock caused by the nested chunk allocationMiao Xie
Steps to reproduce: # mkfs.btrfs -m raid1 <disk1> <disk2> # btrfstune -S 1 <disk1> # mount <disk1> <mnt> # btrfs device add <disk3> <disk4> <mnt> # mount -o remount,rw <mnt> # dd if=/dev/zero of=<mnt>/tmpfile bs=1M count=1 Deadlock happened. It is because of the nested chunk allocation. When we wrote the data into the filesystem, we would allocate the data chunk because there was no data chunk in the filesystem. At the end of the data chunk allocation, we should insert the metadata of the data chunk into the extent tree, but there was no raid1 chunk, so we tried to lock the chunk allocation mutex to allocate the new chunk, but we had held the mutex, the deadlock happened. By rights, we would allocate the raid1 chunk when we added the second device because the profile of the seed filesystem is raid1 and we had two devices. But we didn't do that in fact. It is because the last step of the first device insertion didn't commit the transaction. So when we added the second device, we didn't cow the tree, and just inserted the relative metadata into the leaves which were generated by the first device insertion, and its profile was dup. So, I fix this problem by commiting the transaction at the end of the first device insertion. Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
2012-10-25btrfs: Return EINVAL when length to trim is less than FSBLukas Czerner
Currently if len argument in btrfs_ioctl_fitrim() is smaller than one FSB we will continue and finally return 0 bytes discarded. However if the length to discard is smaller then file system block we should really return EINVAL. Signed-off-by: Lukas Czerner <lczerner@redhat.com>
2012-10-25Btrfs: fix memory leak in btrfs_quota_enable()Tsutomu Itoh
We should free quota_root before returning from the error handling code. Signed-off-by: Tsutomu Itoh <t-itoh@jp.fujitsu.com>
2012-10-25Btrfs: send correct rdev and mode in btrfs-sendArne Jansen
When sending a device file, the stream was missing the mode. Also the rdev was encoded wrongly. Signed-off-by: Arne Jansen <sensille@gmx.net>
2012-10-25Btrfs: extended inode refs support for send mechanismJan Schmidt
This adds support for the new extended inode refs to btrfs send. Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>
2012-10-25Btrfs: Fix wrong error handling codeStefan Behrens
gcc says "warning: comparison of unsigned expression >= 0 is always true" because i is an unsigned long. And gcc is right this time. Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>