* [PATCH] [0/99] 2.6.35.14 longterm review
@ 2011-07-27 21:47 Andi Kleen
2011-07-27 21:47 ` [PATCH] [1/99] x86, amd: Do not enable ARAT feature on AMD processors below Andi Kleen
` (98 more replies)
0 siblings, 99 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:47 UTC (permalink / raw)
To: linux-kernel, stable, tim.bird
This is the start of the longterm review cycle for the 2.6.35.14 release.
There are a large number of patches in this series, which will be posted as a
response to this one. If anyone has any issues with these being applied,
please let me know. If anyone is a maintainer of the proper subsystem, and
wants to add a Signed-off-by: line to the patch, please respond with it.
I'm posting the patches in 100 patch chunks to not overload the mailing
list. The next chunk will come tomorrow.
The full quilt queue can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/longterm/longterm-queue-2.6.35
Responses should be made within 48 hours.
-Andi
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [1/99] x86, amd: Do not enable ARAT feature on AMD processors below
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
@ 2011-07-27 21:47 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [2/99] x86, amd: Use _safe() msr access for GartTlbWlk disable code Andi Kleen
` (97 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:47 UTC (permalink / raw)
To: ostr, ak, borislav.petkov, Hans.Rosenfeld, Andreas.Herrmann3,
cebbert, hpa, gregkh, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Boris Ostrovsky <ostr@amd64.org>
commit e9cdd343a5e42c43bcda01e609fa23089e026470 upstream.
Commit b87cf80af3ba4b4c008b4face3c68d604e1715c6 added support for
ARAT (Always Running APIC timer) on AMD processors that are not
affected by erratum 400. This erratum is present on certain processor
families and prevents APIC timer from waking up the CPU when it
is in a deep C state, including C1E state.
Determining whether a processor is affected by this erratum may
have some corner cases and handling these cases is somewhat
complicated. In the interest of simplicity we won't claim ARAT
support on processor families below 0x12 and will go back to
broadcasting timer when going idle.
Signed-off-by: Boris Ostrovsky <ostr@amd64.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Link: http://lkml.kernel.org/r/1306423192-19774-1-git-send-email-ostr@amd64.org
Tested-by: Boris Petkov <borislav.petkov@amd.com>
Cc: Hans Rosenfeld <Hans.Rosenfeld@amd.com>
Cc: Andreas Herrmann <Andreas.Herrmann3@amd.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/kernel/cpu/amd.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/arch/x86/kernel/cpu/amd.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/kernel/cpu/amd.c
+++ linux-2.6.35.y/arch/x86/kernel/cpu/amd.c
@@ -565,8 +565,11 @@ static void __cpuinit init_amd(struct cp
}
#endif
- /* As a rule processors have APIC timer running in deep C states */
- if (c->x86 > 0xf && !cpu_has_amd_erratum(amd_erratum_400))
+ /*
+ * Family 0x12 and above processors have APIC timer
+ * running in deep C states.
+ */
+ if (c->x86 > 0x11)
set_cpu_cap(c, X86_FEATURE_ARAT);
/*
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [2/99] x86, amd: Use _safe() msr access for GartTlbWlk disable code
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
2011-07-27 21:47 ` [PATCH] [1/99] x86, amd: Do not enable ARAT feature on AMD processors below Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [3/99] rcu: Fix unpaired rcu_irq_enter() from locking selftests Andi Kleen
` (96 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: Joerg.Roedel, joerg.roedel, rjw, maciej.rutecki, avi, akpm,
mingo, gregkh, ak, linux-kernel, stable, tim.bird
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1864 bytes --]
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: "Roedel, Joerg" <Joerg.Roedel@amd.com>
commit d47cc0db8fd6011de2248df505fc34990b7451bf upstream.
The workaround for Bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=33012
introduced a read and a write to the MC4 mask msr.
Unfortunatly this MSR is not emulated by the KVM hypervisor
so that the kernel will get a #GP and crashes when applying
this workaround when running inside KVM.
This issue was reported as:
https://bugzilla.kernel.org/show_bug.cgi?id=35132
and is fixed with this patch. The change just let the kernel
ignore any #GP it gets while accessing this MSR by using the
_safe msr access methods.
Reported-by: Török Edwin <edwintorok@gmail.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Maciej Rutecki <maciej.rutecki@gmail.com>
Cc: Avi Kivity <avi@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
arch/x86/kernel/cpu/amd.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
Index: linux-2.6.35.y/arch/x86/kernel/cpu/amd.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/kernel/cpu/amd.c
+++ linux-2.6.35.y/arch/x86/kernel/cpu/amd.c
@@ -585,10 +585,13 @@ static void __cpuinit init_amd(struct cp
* Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=33012
*/
u64 mask;
+ int err;
- rdmsrl(MSR_AMD64_MCx_MASK(4), mask);
- mask |= (1 << 10);
- wrmsrl(MSR_AMD64_MCx_MASK(4), mask);
+ err = rdmsrl_safe(MSR_AMD64_MCx_MASK(4), &mask);
+ if (err == 0) {
+ mask |= (1 << 10);
+ checking_wrmsrl(MSR_AMD64_MCx_MASK(4), mask);
+ }
}
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [3/99] rcu: Fix unpaired rcu_irq_enter() from locking selftests
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
2011-07-27 21:47 ` [PATCH] [1/99] x86, amd: Do not enable ARAT feature on AMD processors below Andi Kleen
2011-07-27 21:48 ` [PATCH] [2/99] x86, amd: Use _safe() msr access for GartTlbWlk disable code Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [4/99] staging: usbip: fix wrong endian conversion Andi Kleen
` (95 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: fweisbec, paulmck, mingo, a.p.zijlstra, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Frederic Weisbecker <fweisbec@gmail.com>
commit ba9f207c9f82115aba4ce04b22e0081af0ae300f upstream.
HARDIRQ_ENTER() maps to irq_enter() which calls rcu_irq_enter().
But HARDIRQ_EXIT() maps to __irq_exit() which doesn't call
rcu_irq_exit().
So for every locking selftest that simulates hardirq disabled,
we create an imbalance in the rcu extended quiescent state
internal state.
As a result, after the first missing rcu_irq_exit(), subsequent
irqs won't exit dyntick-idle mode after leaving the interrupt
handler. This means that RCU won't see the affected CPU as being
in an extended quiescent state, resulting in long grace-period
delays (as in grace periods extending for hours).
To fix this, just use __irq_enter() to simulate the hardirq
context. This is sufficient for the locking selftests as we
don't need to exit any extended quiescent state or perform
any check that irqs normally do when they wake up from idle.
As a side effect, this patch makes it possible to restore
"rcu: Decrease memory-barrier usage based on semi-formal proof",
which eventually helped finding this bug.
Reported-and-tested-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
lib/locking-selftest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/lib/locking-selftest.c
===================================================================
--- linux-2.6.35.y.orig/lib/locking-selftest.c
+++ linux-2.6.35.y/lib/locking-selftest.c
@@ -144,7 +144,7 @@ static void init_shared_classes(void)
#define HARDIRQ_ENTER() \
local_irq_disable(); \
- irq_enter(); \
+ __irq_enter(); \
WARN_ON(!in_irq());
#define HARDIRQ_EXIT() \
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [4/99] staging: usbip: fix wrong endian conversion
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (2 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [3/99] rcu: Fix unpaired rcu_irq_enter() from locking selftests Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [5/99] Fix for buffer overflow in ldm_frag_add not sufficient Andi Kleen
` (94 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: dchang, arjan.mels, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: David Chang <dchang@novell.com>
commit cacd18a8476ce145ca5dcd46dc5b75585fd1289c upstream.
Fix number_of_packets wrong endian conversion in function
correct_endian_ret_submit()
Signed-off-by: David Chang <dchang@novell.com>
Acked-by: Arjan Mels <arjan.mels@gmx.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/staging/usbip/usbip_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/staging/usbip/usbip_common.c
===================================================================
--- linux-2.6.35.y.orig/drivers/staging/usbip/usbip_common.c
+++ linux-2.6.35.y/drivers/staging/usbip/usbip_common.c
@@ -709,7 +709,7 @@ static void correct_endian_ret_submit(st
be32_to_cpus(&pdu->status);
be32_to_cpus(&pdu->actual_length);
be32_to_cpus(&pdu->start_frame);
- cpu_to_be32s(&pdu->number_of_packets);
+ be32_to_cpus(&pdu->number_of_packets);
be32_to_cpus(&pdu->error_count);
}
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [5/99] Fix for buffer overflow in ldm_frag_add not sufficient
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (3 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [4/99] staging: usbip: fix wrong endian conversion Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [6/99] seqlock: Don't smp_rmb in seqlock reader spin loop Andi Kleen
` (93 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: Warns, warns, torvalds, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Timo Warns <Warns@pre-sense.de>
commit cae13fe4cc3f24820ffb990c09110626837e85d4 upstream.
As Ben Hutchings discovered [1], the patch for CVE-2011-1017 (buffer
overflow in ldm_frag_add) is not sufficient. The original patch in
commit c340b1d64000 ("fs/partitions/ldm.c: fix oops caused by corrupted
partition table") does not consider that, for subsequent fragments,
previously allocated memory is used.
[1] http://lkml.org/lkml/2011/5/6/407
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Timo Warns <warns@pre-sense.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/partitions/ldm.c | 5 +++++
1 file changed, 5 insertions(+)
Index: linux-2.6.35.y/fs/partitions/ldm.c
===================================================================
--- linux-2.6.35.y.orig/fs/partitions/ldm.c
+++ linux-2.6.35.y/fs/partitions/ldm.c
@@ -1335,6 +1335,11 @@ static bool ldm_frag_add (const u8 *data
list_add_tail (&f->list, frags);
found:
+ if (rec >= f->num) {
+ ldm_error("REC value (%d) exceeds NUM value (%d)", rec, f->num);
+ return false;
+ }
+
if (f->map & (1 << rec)) {
ldm_error ("Duplicate VBLK, part %d.", rec);
f->map &= 0x7F; /* Mark the group as broken */
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [6/99] seqlock: Don't smp_rmb in seqlock reader spin loop
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (4 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [5/99] Fix for buffer overflow in ldm_frag_add not sufficient Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [7/99] ALSA: HDA: Use one dmic only for Dell Studio 1558 Andi Kleen
` (92 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: miltonm, linuxppc-dev, torvalds, andi, npiggin, benh, anton,
paulmck, eric.dumazet, ak, tglx, gregkh, linux-kernel, stable,
tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Milton Miller <miltonm@bga.com>
commit 5db1256a5131d3b133946fa02ac9770a784e6eb2 upstream.
Move the smp_rmb after cpu_relax loop in read_seqlock and add
ACCESS_ONCE to make sure the test and return are consistent.
A multi-threaded core in the lab didn't like the update
from 2.6.35 to 2.6.36, to the point it would hang during
boot when multiple threads were active. Bisection showed
af5ab277ded04bd9bc6b048c5a2f0e7d70ef0867 (clockevents:
Remove the per cpu tick skew) as the culprit and it is
supported with stack traces showing xtime_lock waits including
tick_do_update_jiffies64 and/or update_vsyscall.
Experimentation showed the combination of cpu_relax and smp_rmb
was significantly slowing the progress of other threads sharing
the core, and this patch is effective in avoiding the hang.
A theory is the rmb is affecting the whole core while the
cpu_relax is causing a resource rebalance flush, together they
cause an interfernce cadance that is unbroken when the seqlock
reader has interrupts disabled.
At first I was confused why the refactor in
3c22cd5709e8143444a6d08682a87f4c57902df3 (kernel: optimise
seqlock) didn't affect this patch application, but after some
study that affected seqcount not seqlock. The new seqcount was
not factored back into the seqlock. I defer that the future.
While the removal of the timer interrupt offset created
contention for the xtime lock while a cpu does the
additonal work to update the system clock, the seqlock
implementation with the tight rmb spin loop goes back much
further, and is just waiting for the right trigger.
Signed-off-by: Milton Miller <miltonm@bga.com>
Cc: <linuxppc-dev@lists.ozlabs.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Nick Piggin <npiggin@kernel.dk>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Anton Blanchard <anton@samba.org>
Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Link: http://lkml.kernel.org/r/%3Cseqlock-rmb%40mdm.bga.com%3E
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/seqlock.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/include/linux/seqlock.h
===================================================================
--- linux-2.6.35.y.orig/include/linux/seqlock.h
+++ linux-2.6.35.y/include/linux/seqlock.h
@@ -88,12 +88,12 @@ static __always_inline unsigned read_seq
unsigned ret;
repeat:
- ret = sl->sequence;
- smp_rmb();
+ ret = ACCESS_ONCE(sl->sequence);
if (unlikely(ret & 1)) {
cpu_relax();
goto repeat;
}
+ smp_rmb();
return ret;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [7/99] ALSA: HDA: Use one dmic only for Dell Studio 1558
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (5 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [6/99] seqlock: Don't smp_rmb in seqlock reader spin loop Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [8/99] ASoC: Ensure output PGA is enabled for line outputs in Andi Kleen
` (91 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: david.henningsson, tiwai, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: David Henningsson <david.henningsson@canonical.com>
commit e033ebfb399227e01686260ac271029011bc6b47 upstream.
There are no signs of a dmic at node 0x0b, so the user is left with
an additional internal mic which does not exist. This commit removes
that non-existing mic.
BugLink: http://bugs.launchpad.net/bugs/731706
Reported-by: James Page <james.page@canonical.com>
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
sound/pci/hda/patch_sigmatel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/sound/pci/hda/patch_sigmatel.c
===================================================================
--- linux-2.6.35.y.orig/sound/pci/hda/patch_sigmatel.c
+++ linux-2.6.35.y/sound/pci/hda/patch_sigmatel.c
@@ -1623,7 +1623,7 @@ static struct snd_pci_quirk stac92hd73xx
SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x02fe,
"Dell Studio XPS 1645", STAC_DELL_M6_BOTH),
SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x0413,
- "Dell Studio 1558", STAC_DELL_M6_BOTH),
+ "Dell Studio 1558", STAC_DELL_M6_DMIC),
{} /* terminator */
};
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [8/99] ASoC: Ensure output PGA is enabled for line outputs in
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (6 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [7/99] ALSA: HDA: Use one dmic only for Dell Studio 1558 Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [9/99] ASoC: Add some missing volume update bit sets for wm_hubs Andi Kleen
` (90 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: broonie, lrg, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@opensource.wolfsonmicro.com>
commit d0b48af6c2b887354d0893e598d92911ce52620e upstream.
Also fix a left/right typo while we're at it.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
sound/soc/codecs/wm_hubs.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
Index: linux-2.6.35.y/sound/soc/codecs/wm_hubs.c
===================================================================
--- linux-2.6.35.y.orig/sound/soc/codecs/wm_hubs.c
+++ linux-2.6.35.y/sound/soc/codecs/wm_hubs.c
@@ -752,17 +752,17 @@ static const struct snd_soc_dapm_route a
static const struct snd_soc_dapm_route lineout1_diff_routes[] = {
{ "LINEOUT1 Mixer", "IN1L Switch", "IN1L PGA" },
{ "LINEOUT1 Mixer", "IN1R Switch", "IN1R PGA" },
- { "LINEOUT1 Mixer", "Output Switch", "Left Output Mixer" },
+ { "LINEOUT1 Mixer", "Output Switch", "Left Output PGA" },
{ "LINEOUT1N Driver", NULL, "LINEOUT1 Mixer" },
{ "LINEOUT1P Driver", NULL, "LINEOUT1 Mixer" },
};
static const struct snd_soc_dapm_route lineout1_se_routes[] = {
- { "LINEOUT1N Mixer", "Left Output Switch", "Left Output Mixer" },
- { "LINEOUT1N Mixer", "Right Output Switch", "Left Output Mixer" },
+ { "LINEOUT1N Mixer", "Left Output Switch", "Left Output PGA" },
+ { "LINEOUT1N Mixer", "Right Output Switch", "Right Output PGA" },
- { "LINEOUT1P Mixer", "Left Output Switch", "Left Output Mixer" },
+ { "LINEOUT1P Mixer", "Left Output Switch", "Left Output PGA" },
{ "LINEOUT1N Driver", NULL, "LINEOUT1N Mixer" },
{ "LINEOUT1P Driver", NULL, "LINEOUT1P Mixer" },
@@ -771,17 +771,17 @@ static const struct snd_soc_dapm_route l
static const struct snd_soc_dapm_route lineout2_diff_routes[] = {
{ "LINEOUT2 Mixer", "IN2L Switch", "IN2L PGA" },
{ "LINEOUT2 Mixer", "IN2R Switch", "IN2R PGA" },
- { "LINEOUT2 Mixer", "Output Switch", "Right Output Mixer" },
+ { "LINEOUT2 Mixer", "Output Switch", "Right Output PGA" },
{ "LINEOUT2N Driver", NULL, "LINEOUT2 Mixer" },
{ "LINEOUT2P Driver", NULL, "LINEOUT2 Mixer" },
};
static const struct snd_soc_dapm_route lineout2_se_routes[] = {
- { "LINEOUT2N Mixer", "Left Output Switch", "Left Output Mixer" },
- { "LINEOUT2N Mixer", "Right Output Switch", "Left Output Mixer" },
+ { "LINEOUT2N Mixer", "Left Output Switch", "Left Output PGA" },
+ { "LINEOUT2N Mixer", "Right Output Switch", "Right Output PGA" },
- { "LINEOUT2P Mixer", "Right Output Switch", "Right Output Mixer" },
+ { "LINEOUT2P Mixer", "Right Output Switch", "Right Output PGA" },
{ "LINEOUT2N Driver", NULL, "LINEOUT2N Mixer" },
{ "LINEOUT2P Driver", NULL, "LINEOUT2P Mixer" },
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [9/99] ASoC: Add some missing volume update bit sets for wm_hubs
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (7 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [8/99] ASoC: Ensure output PGA is enabled for line outputs in Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [10/99] mm/page_alloc.c: prevent unending loop in Andi Kleen
` (89 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: broonie, lrg, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@opensource.wolfsonmicro.com>
commit fb5af53d421d80725172427e9076f6e889603df6 upstream.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
sound/soc/codecs/wm_hubs.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/sound/soc/codecs/wm_hubs.c
===================================================================
--- linux-2.6.35.y.orig/sound/soc/codecs/wm_hubs.c
+++ linux-2.6.35.y/sound/soc/codecs/wm_hubs.c
@@ -799,17 +799,21 @@ int wm_hubs_add_analogue_controls(struct
snd_soc_update_bits(codec, WM8993_RIGHT_LINE_INPUT_3_4_VOLUME,
WM8993_IN2_VU, WM8993_IN2_VU);
+ snd_soc_update_bits(codec, WM8993_SPEAKER_VOLUME_LEFT,
+ WM8993_SPKOUT_VU, WM8993_SPKOUT_VU);
snd_soc_update_bits(codec, WM8993_SPEAKER_VOLUME_RIGHT,
WM8993_SPKOUT_VU, WM8993_SPKOUT_VU);
snd_soc_update_bits(codec, WM8993_LEFT_OUTPUT_VOLUME,
- WM8993_HPOUT1L_ZC, WM8993_HPOUT1L_ZC);
+ WM8993_HPOUT1_VU | WM8993_HPOUT1L_ZC,
+ WM8993_HPOUT1_VU | WM8993_HPOUT1L_ZC);
snd_soc_update_bits(codec, WM8993_RIGHT_OUTPUT_VOLUME,
WM8993_HPOUT1_VU | WM8993_HPOUT1R_ZC,
WM8993_HPOUT1_VU | WM8993_HPOUT1R_ZC);
snd_soc_update_bits(codec, WM8993_LEFT_OPGA_VOLUME,
- WM8993_MIXOUTL_ZC, WM8993_MIXOUTL_ZC);
+ WM8993_MIXOUTL_ZC | WM8993_MIXOUT_VU,
+ WM8993_MIXOUTL_ZC | WM8993_MIXOUT_VU);
snd_soc_update_bits(codec, WM8993_RIGHT_OPGA_VOLUME,
WM8993_MIXOUTR_ZC | WM8993_MIXOUT_VU,
WM8993_MIXOUTR_ZC | WM8993_MIXOUT_VU);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [10/99] mm/page_alloc.c: prevent unending loop in
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (8 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [9/99] ASoC: Add some missing volume update bit sets for wm_hubs Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [11/99] loop: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
` (88 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: abarry, minchan.kim, riel, mgorman, akpm, torvalds, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Andrew Barry <abarry@cray.com>
commit cfa54a0fcfc1017c6f122b6f21aaba36daa07f71 upstream.
I believe I found a problem in __alloc_pages_slowpath, which allows a
process to get stuck endlessly looping, even when lots of memory is
available.
Running an I/O and memory intensive stress-test I see a 0-order page
allocation with __GFP_IO and __GFP_WAIT, running on a system with very
little free memory. Right about the same time that the stress-test gets
killed by the OOM-killer, the utility trying to allocate memory gets stuck
in __alloc_pages_slowpath even though most of the systems memory was freed
by the oom-kill of the stress-test.
The utility ends up looping from the rebalance label down through the
wait_iff_congested continiously. Because order=0,
__alloc_pages_direct_compact skips the call to get_page_from_freelist.
Because all of the reclaimable memory on the system has already been
reclaimed, __alloc_pages_direct_reclaim skips the call to
get_page_from_freelist. Since there is no __GFP_FS flag, the block with
__alloc_pages_may_oom is skipped. The loop hits the wait_iff_congested,
then jumps back to rebalance without ever trying to
get_page_from_freelist. This loop repeats infinitely.
The test case is pretty pathological. Running a mix of I/O stress-tests
that do a lot of fork() and consume all of the system memory, I can pretty
reliably hit this on 600 nodes, in about 12 hours. 32GB/node.
Signed-off-by: Andrew Barry <abarry@cray.com>
Signed-off-by: Minchan Kim <minchan.kim@gmail.com>
Reviewed-by: Rik van Riel<riel@redhat.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
mm/page_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/mm/page_alloc.c
===================================================================
--- linux-2.6.35.y.orig/mm/page_alloc.c
+++ linux-2.6.35.y/mm/page_alloc.c
@@ -2027,6 +2027,7 @@ restart:
*/
alloc_flags = gfp_to_alloc_flags(gfp_mask);
+rebalance:
/* This is the last chance, in general, before the goto nopage. */
page = get_page_from_freelist(gfp_mask, nodemask, order, zonelist,
high_zoneidx, alloc_flags & ~ALLOC_NO_WATERMARKS,
@@ -2034,7 +2035,6 @@ restart:
if (page)
goto got_pg;
-rebalance:
/* Allocate without watermarks if the context allows */
if (alloc_flags & ALLOC_NO_WATERMARKS) {
page = __alloc_pages_high_priority(gfp_mask, order,
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [11/99] loop: limit 'max_part' module param to DISK_MAX_PARTS
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (9 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [10/99] mm/page_alloc.c: prevent unending loop in Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [12/99] loop: handle on-demand devices correctly Andi Kleen
` (87 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: namhyung, Laurent.Vivier, jaxboe, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@gmail.com>
commit 78f4bb367fd147a0e7e3998ba6e47109999d8814 upstream.
The 'max_part' parameter controls the number of maximum partition
a loop block device can have. However if a user specifies very
large value it would exceed the limitation of device minor number
and can cause a kernel panic (or, at least, produce invalid
device nodes in some cases).
On my desktop system, following command kills the kernel. On qemu,
it triggers similar oops but the kernel was alive:
$ sudo modprobe loop max_part0000
------------[ cut here ]------------
kernel BUG at /media/Linux_Data/project/linux/fs/sysfs/group.c:65!
invalid opcode: 0000 [#1] SMP
last sysfs file:
CPU 0
Modules linked in: loop(+)
Pid: 43, comm: insmod Tainted: G W 2.6.39-qemu+ #155 Bochs Bochs
RIP: 0010:[<ffffffff8113ce61>] [<ffffffff8113ce61>] internal_create_group=
+0x2a/0x170
RSP: 0018:ffff880007b3fde8 EFLAGS: 00000246
RAX: 00000000ffffffef RBX: ffff880007b3d878 RCX: 00000000000007b4
RDX: ffffffff8152da50 RSI: 0000000000000000 RDI: ffff880007b3d878
RBP: ffff880007b3fe38 R08: ffff880007b3fde8 R09: 0000000000000000
R10: ffff88000783b4a8 R11: ffff880007b3d878 R12: ffffffff8152da50
R13: ffff880007b3d868 R14: 0000000000000000 R15: ffff880007b3d800
FS: 0000000002137880(0063) GS:ffff880007c00000(0000) knlGS:00000000000000=
00
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000422680 CR3: 0000000007b50000 CR4: 00000000000006b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
Process insmod (pid: 43, threadinfo ffff880007b3e000, task ffff880007afb9c=
0)
Stack:
ffff880007b3fe58 ffffffff811e66dd ffff880007b3fe58 ffffffff811e570b
0000000000000010 ffff880007b3d800 ffff880007a7b390 ffff880007b3d868
0000000000400920 ffff880007b3d800 ffff880007b3fe48 ffffffff8113cfc8
Call Trace:
[<ffffffff811e66dd>] ? device_add+0x4bc/0x5af
[<ffffffff811e570b>] ? dev_set_name+0x3c/0x3e
[<ffffffff8113cfc8>] sysfs_create_group+0xe/0x12
[<ffffffff810b420e>] blk_trace_init_sysfs+0x14/0x16
[<ffffffff8116a090>] blk_register_queue+0x47/0xf7
[<ffffffff8116f527>] add_disk+0xdf/0x290
[<ffffffffa00060eb>] loop_init+0xeb/0x1b8 [loop]
[<ffffffffa0006000>] ? 0xffffffffa0005fff
[<ffffffff8100020a>] do_one_initcall+0x7a/0x12e
[<ffffffff81096804>] sys_init_module+0x9c/0x1e0
[<ffffffff813329bb>] system_call_fastpath+0x16/0x1b
Code: c3 55 48 89 e5 41 57 41 56 41 89 f6 41 55 41 54 49 89 d4 53 48 89 fb=
48 83 ec 28 48 85 ff 74 0b 85 f6 75 0b 48 83 7f 30 00 75 14 <0f> 0b eb fe =
48 83 7f 30 00 b9 ea ff ff ff 0f 84 18 01 00 00 49
RIP [<ffffffff8113ce61>] internal_create_group+0x2a/0x170
RSP <ffff880007b3fde8>
---[ end trace a123eb592043acad ]---
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Laurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/block/loop.c | 3 +++
1 file changed, 3 insertions(+)
Index: linux-2.6.35.y/drivers/block/loop.c
===================================================================
--- linux-2.6.35.y.orig/drivers/block/loop.c
+++ linux-2.6.35.y/drivers/block/loop.c
@@ -1612,6 +1612,9 @@ static int __init loop_init(void)
if (max_part > 0)
part_shift = fls(max_part);
+ if ((1UL << part_shift) > DISK_MAX_PARTS)
+ return -EINVAL;
+
if (max_loop > 1UL << (MINORBITS - part_shift))
return -EINVAL;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [12/99] loop: handle on-demand devices correctly
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (10 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [11/99] loop: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [13/99] USB: CP210x Add 4 Device IDs for AC-Services Devices Andi Kleen
` (86 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: namhyung, Laurent.Vivier, jaxboe, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@gmail.com>
commit a1c15c59feee36267c43142a41152fbf7402afb6 upstream.
When finding or allocating a loop device, loop_probe() did not take
partition numbers into account so that it can result to a different
device. Consider following example:
$ sudo modprobe loop max_part=15
$ ls -l /dev/loop*
brw-rw---- 1 root disk 7, 0 2011-05-24 22:16 /dev/loop0
brw-rw---- 1 root disk 7, 16 2011-05-24 22:16 /dev/loop1
brw-rw---- 1 root disk 7, 32 2011-05-24 22:16 /dev/loop2
brw-rw---- 1 root disk 7, 48 2011-05-24 22:16 /dev/loop3
brw-rw---- 1 root disk 7, 64 2011-05-24 22:16 /dev/loop4
brw-rw---- 1 root disk 7, 80 2011-05-24 22:16 /dev/loop5
brw-rw---- 1 root disk 7, 96 2011-05-24 22:16 /dev/loop6
brw-rw---- 1 root disk 7, 112 2011-05-24 22:16 /dev/loop7
$ sudo mknod /dev/loop8 b 7 128
$ sudo losetup /dev/loop8 ~/temp/disk-with-3-parts.img
$ sudo losetup -a
/dev/loop128: [0805]:278201 (/home/namhyung/temp/disk-with-3-parts.img)
$ ls -l /dev/loop*
brw-rw---- 1 root disk 7, 0 2011-05-24 22:16 /dev/loop0
brw-rw---- 1 root disk 7, 16 2011-05-24 22:16 /dev/loop1
brw-rw---- 1 root disk 7, 2048 2011-05-24 22:18 /dev/loop128
brw-rw---- 1 root disk 7, 2049 2011-05-24 22:18 /dev/loop128p1
brw-rw---- 1 root disk 7, 2050 2011-05-24 22:18 /dev/loop128p2
brw-rw---- 1 root disk 7, 2051 2011-05-24 22:18 /dev/loop128p3
brw-rw---- 1 root disk 7, 32 2011-05-24 22:16 /dev/loop2
brw-rw---- 1 root disk 7, 48 2011-05-24 22:16 /dev/loop3
brw-rw---- 1 root disk 7, 64 2011-05-24 22:16 /dev/loop4
brw-rw---- 1 root disk 7, 80 2011-05-24 22:16 /dev/loop5
brw-rw---- 1 root disk 7, 96 2011-05-24 22:16 /dev/loop6
brw-rw---- 1 root disk 7, 112 2011-05-24 22:16 /dev/loop7
brw-r--r-- 1 root root 7, 128 2011-05-24 22:17 /dev/loop8
After this patch, /dev/loop8 - instead of /dev/loop128 - was
accessed correctly.
In addition, 'range' passed to blk_register_region() should
include all range of dev_t that LOOP_MAJOR can address. It does
not need to be limited by partition numbers unless 'max_loop'
param was specified.
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Laurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/block/loop.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: linux-2.6.35.y/drivers/block/loop.c
===================================================================
--- linux-2.6.35.y.orig/drivers/block/loop.c
+++ linux-2.6.35.y/drivers/block/loop.c
@@ -1579,7 +1579,7 @@ static struct kobject *loop_probe(dev_t
struct kobject *kobj;
mutex_lock(&loop_devices_mutex);
- lo = loop_init_one(dev & MINORMASK);
+ lo = loop_init_one(MINOR(dev) >> part_shift);
kobj = lo ? get_disk(lo->lo_disk) : ERR_PTR(-ENOMEM);
mutex_unlock(&loop_devices_mutex);
@@ -1620,10 +1620,10 @@ static int __init loop_init(void)
if (max_loop) {
nr = max_loop;
- range = max_loop;
+ range = max_loop << part_shift;
} else {
nr = 8;
- range = 1UL << (MINORBITS - part_shift);
+ range = 1UL << MINORBITS;
}
if (register_blkdev(LOOP_MAJOR, "loop"))
@@ -1662,7 +1662,7 @@ static void __exit loop_exit(void)
unsigned long range;
struct loop_device *lo, *next;
- range = max_loop ? max_loop : 1UL << (MINORBITS - part_shift);
+ range = max_loop ? max_loop << part_shift : 1UL << MINORBITS;
list_for_each_entry_safe(lo, next, &loop_devices, lo_list)
loop_del_one(lo);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [13/99] USB: CP210x Add 4 Device IDs for AC-Services Devices
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (11 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [12/99] loop: handle on-demand devices correctly Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [14/99] USB: moto_modem: Add USB identifier for the Motorola VE240 Andi Kleen
` (85 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: craig, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Craig Shelley <craig@microtron.org.uk>
commit 4eff0b40a7174896b860312910e0db51f2dcc567 upstream.
This patch adds 4 device IDs for CP2102 based devices manufactured by
AC-Services. See http://www.ac-services.eu for further info.
Signed-off-by: Craig Shelley <craig@microtron.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/serial/cp210x.c | 4 ++++
1 file changed, 4 insertions(+)
Index: linux-2.6.35.y/drivers/usb/serial/cp210x.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/cp210x.c
+++ linux-2.6.35.y/drivers/usb/serial/cp210x.c
@@ -112,6 +112,10 @@ static const struct usb_device_id id_tab
{ USB_DEVICE(0x10C4, 0x8418) }, /* IRZ Automation Teleport SG-10 GSM/GPRS Modem */
{ USB_DEVICE(0x10C4, 0x846E) }, /* BEI USB Sensor Interface (VCP) */
{ USB_DEVICE(0x10C4, 0x8477) }, /* Balluff RFID */
+ { USB_DEVICE(0x10C4, 0x85EA) }, /* AC-Services IBUS-IF */
+ { USB_DEVICE(0x10C4, 0x85EB) }, /* AC-Services CIS-IBUS */
+ { USB_DEVICE(0x10C4, 0x8664) }, /* AC-Services CAN-IF */
+ { USB_DEVICE(0x10C4, 0x8665) }, /* AC-Services OBD-IF */
{ USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */
{ USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */
{ USB_DEVICE(0x10C4, 0xEA71) }, /* Infinity GPS-MIC-1 Radio Monophone */
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [14/99] USB: moto_modem: Add USB identifier for the Motorola VE240.
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (12 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [13/99] USB: CP210x Add 4 Device IDs for AC-Services Devices Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [15/99] USB: serial: ftdi_sio: adding support for TavIR STK500 Andi Kleen
` (84 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: elizabeth, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Elizabeth Jennifer Myers <elizabeth@sporksirc.net>
commit 3938a0b32dc12229e76735679b37095bc2bc1578 upstream.
Tested on my phone, the ttyUSB device is created and is fully
functional.
Signed-off-by: Elizabeth Jennifer Myers <elizabeth@sporksirc.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/serial/moto_modem.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-2.6.35.y/drivers/usb/serial/moto_modem.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/moto_modem.c
+++ linux-2.6.35.y/drivers/usb/serial/moto_modem.c
@@ -25,6 +25,7 @@ static const struct usb_device_id id_tab
{ USB_DEVICE(0x05c6, 0x3197) }, /* unknown Motorola phone */
{ USB_DEVICE(0x0c44, 0x0022) }, /* unknown Mororola phone */
{ USB_DEVICE(0x22b8, 0x2a64) }, /* Motorola KRZR K1m */
+ { USB_DEVICE(0x22b8, 0x2c84) }, /* Motorola VE240 phone */
{ USB_DEVICE(0x22b8, 0x2c64) }, /* Motorola V950 phone */
{ },
};
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [15/99] USB: serial: ftdi_sio: adding support for TavIR STK500
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (13 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [14/99] USB: moto_modem: Add USB identifier for the Motorola VE240 Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [16/99] USB: gamin_gps: Fix for data transfer problems in native Andi Kleen
` (83 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: benedekl, gregkh, ak, linux-kernel, stable, tim.bird
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1635 bytes --]
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Benedek=20L=C3=A1szl=C3=B3?= <benedekl@gmail.com>
commit 37909fe588c9e09ab57cd267e98678a17ceda64a upstream.
Adding support for the TavIR STK500 (id 0403:FA33)
Atmel AVR programmer device based on FTDI FT232RL.
Signed-off-by: Benedek László <benedekl@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 5 +++++
2 files changed, 6 insertions(+)
Index: linux-2.6.35.y/drivers/usb/serial/ftdi_sio.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/ftdi_sio.c
+++ linux-2.6.35.y/drivers/usb/serial/ftdi_sio.c
@@ -565,6 +565,7 @@ static struct usb_device_id id_table_com
{ USB_DEVICE(FTDI_VID, FTDI_IBS_APP70_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_IBS_PEDO_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_IBS_PROD_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TAVIR_STK500_PID) },
/*
* ELV devices:
*/
Index: linux-2.6.35.y/drivers/usb/serial/ftdi_sio_ids.h
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/ftdi_sio_ids.h
+++ linux-2.6.35.y/drivers/usb/serial/ftdi_sio_ids.h
@@ -491,6 +491,11 @@
/* www.canusb.com Lawicel CANUSB device (FTDI_VID) */
#define FTDI_CANUSB_PID 0xFFA8 /* Product Id */
+/*
+ * TavIR AVR product ids (FTDI_VID)
+ */
+#define FTDI_TAVIR_STK500_PID 0xFA33 /* STK500 AVR programmer */
+
/********************************/
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [16/99] USB: gamin_gps: Fix for data transfer problems in native
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (14 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [15/99] USB: serial: ftdi_sio: adding support for TavIR STK500 Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [17/99] usb/gadget: at91sam9g20 fix end point max packet size Andi Kleen
` (82 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: herkne, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Hermann Kneissel <herkne@gmx.de>
commit b4026c4584cd70858d4d3450abfb1cd0714d4f32 upstream.
This patch fixes a problem where data received from the gps is sometimes
transferred incompletely to the serial port. If used in native mode now
all data received via the bulk queue will be forwarded to the serial
port.
Signed-off-by: Hermann Kneissel <herkne@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/serial/garmin_gps.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
Index: linux-2.6.35.y/drivers/usb/serial/garmin_gps.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/garmin_gps.c
+++ linux-2.6.35.y/drivers/usb/serial/garmin_gps.c
@@ -1,7 +1,7 @@
/*
* Garmin GPS driver
*
- * Copyright (C) 2006-2009 Hermann Kneissel herkne@users.sourceforge.net
+ * Copyright (C) 2006-2011 Hermann Kneissel herkne@gmx.de
*
* The latest version of the driver can be found at
* http://sourceforge.net/projects/garmin-gps/
@@ -51,7 +51,7 @@ static int debug;
*/
#define VERSION_MAJOR 0
-#define VERSION_MINOR 33
+#define VERSION_MINOR 36
#define _STR(s) #s
#define _DRIVER_VERSION(a, b) "v" _STR(a) "." _STR(b)
@@ -410,6 +410,7 @@ static int gsp_send_ack(struct garmin_da
*/
static int gsp_rec_packet(struct garmin_data *garmin_data_p, int count)
{
+ unsigned long flags;
const __u8 *recpkt = garmin_data_p->inbuffer+GSP_INITIAL_OFFSET;
__le32 *usbdata = (__le32 *) garmin_data_p->inbuffer;
@@ -458,7 +459,9 @@ static int gsp_rec_packet(struct garmin_
/* if this was an abort-transfer command, flush all
queued data. */
if (isAbortTrfCmnd(garmin_data_p->inbuffer)) {
+ spin_lock_irqsave(&garmin_data_p->lock, flags);
garmin_data_p->flags |= FLAGS_DROP_DATA;
+ spin_unlock_irqrestore(&garmin_data_p->lock, flags);
pkt_clear(garmin_data_p);
}
@@ -943,7 +946,7 @@ static int garmin_open(struct tty_struct
spin_lock_irqsave(&garmin_data_p->lock, flags);
garmin_data_p->mode = initial_mode;
garmin_data_p->count = 0;
- garmin_data_p->flags = 0;
+ garmin_data_p->flags &= FLAGS_SESSION_REPLY1_SEEN;
spin_unlock_irqrestore(&garmin_data_p->lock, flags);
/* shutdown any bulk reads that might be going on */
@@ -1178,7 +1181,8 @@ static int garmin_write_room(struct tty_
static void garmin_read_process(struct garmin_data *garmin_data_p,
- unsigned char *data, unsigned data_length)
+ unsigned char *data, unsigned data_length,
+ int bulk_data)
{
unsigned long flags;
@@ -1193,7 +1197,8 @@ static void garmin_read_process(struct g
send it directly to the tty port */
if (garmin_data_p->flags & FLAGS_QUEUING) {
pkt_add(garmin_data_p, data, data_length);
- } else if (getLayerId(data) == GARMIN_LAYERID_APPL) {
+ } else if (bulk_data ||
+ getLayerId(data) == GARMIN_LAYERID_APPL) {
spin_lock_irqsave(&garmin_data_p->lock, flags);
garmin_data_p->flags |= APP_RESP_SEEN;
@@ -1237,7 +1242,7 @@ static void garmin_read_bulk_callback(st
usb_serial_debug_data(debug, &port->dev,
__func__, urb->actual_length, data);
- garmin_read_process(garmin_data_p, data, urb->actual_length);
+ garmin_read_process(garmin_data_p, data, urb->actual_length, 1);
if (urb->actual_length == 0 &&
0 != (garmin_data_p->flags & FLAGS_BULK_IN_RESTART)) {
@@ -1347,7 +1352,7 @@ static void garmin_read_int_callback(str
__func__, garmin_data_p->serial_num);
}
- garmin_read_process(garmin_data_p, data, urb->actual_length);
+ garmin_read_process(garmin_data_p, data, urb->actual_length, 0);
port->interrupt_in_urb->dev = port->serial->dev;
retval = usb_submit_urb(urb, GFP_ATOMIC);
@@ -1462,6 +1467,7 @@ static int garmin_attach(struct usb_seri
garmin_data_p->timer.function = timeout_handler;
garmin_data_p->port = port;
garmin_data_p->state = 0;
+ garmin_data_p->flags = 0;
garmin_data_p->count = 0;
usb_set_serial_port_data(port, garmin_data_p);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [17/99] usb/gadget: at91sam9g20 fix end point max packet size
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (15 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [16/99] USB: gamin_gps: Fix for data transfer problems in native Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [18/99] usb: gadget: rndis: don't test against req->length Andi Kleen
` (81 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: plagnioj, nicolas.ferre, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
commit bf1f0a05d472e33dda8e5e69525be1584cdbd03a upstream.
on 9g20 they are the same as the 9260
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/gadget/at91_udc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/usb/gadget/at91_udc.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/gadget/at91_udc.c
+++ linux-2.6.35.y/drivers/usb/gadget/at91_udc.c
@@ -1701,7 +1701,7 @@ static int __init at91udc_probe(struct p
}
/* newer chips have more FIFO memory than rm9200 */
- if (cpu_is_at91sam9260()) {
+ if (cpu_is_at91sam9260() || cpu_is_at91sam9g20()) {
udc->ep[0].maxpacket = 64;
udc->ep[3].maxpacket = 64;
udc->ep[4].maxpacket = 512;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [18/99] usb: gadget: rndis: don't test against req->length
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (16 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [17/99] usb/gadget: at91sam9g20 fix end point max packet size Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [19/99] xhci: Fix full speed bInterval encoding Andi Kleen
` (80 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: balbi, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Felipe Balbi <balbi@ti.com>
commit 472b91274a6c6857877b5caddb875dcb5ecdfcb8 upstream.
composite.c always sets req->length to zero
and expects function driver's setup handlers
to return the amount of bytes to be used
on req->length. If we test against req->length
w_length will always be greater than req->length
thus making us always stall that particular
SEND_ENCAPSULATED_COMMAND request.
Tested against a Windows XP SP3.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/gadget/f_rndis.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: linux-2.6.35.y/drivers/usb/gadget/f_rndis.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/gadget/f_rndis.c
+++ linux-2.6.35.y/drivers/usb/gadget/f_rndis.c
@@ -420,8 +420,7 @@ rndis_setup(struct usb_function *f, cons
*/
case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
| USB_CDC_SEND_ENCAPSULATED_COMMAND:
- if (w_length > req->length || w_value
- || w_index != rndis->ctrl_id)
+ if (w_value || w_index != rndis->ctrl_id)
goto invalid;
/* read the request; process it later */
value = w_length;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [19/99] xhci: Fix full speed bInterval encoding.
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (17 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [18/99] usb: gadget: rndis: don't test against req->length Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [20/99] OHCI: work around for nVidia shutdown problem Andi Kleen
` (79 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: sarah.a.sharp, dtor, thomas.lindroth, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Sarah Sharp <sarah.a.sharp@linux.intel.com>
commit b513d44751bfb609a3c20463f764c8ce822d63e9 upstream.
Dmitry's patch
dfa49c4ad120a784ef1ff0717168aa79f55a483a USB: xhci - fix math in xhci_get_endpoint_interval()
introduced a bug. The USB 2.0 spec says that full speed isochronous endpoints'
bInterval must be decoded as an exponent to a power of two (e.g. interval =
2^(bInterval - 1)). Full speed interrupt endpoints, on the other hand, don't
use exponents, and the interval in frames is encoded straight into bInterval.
Dmitry's patch was supposed to fix up the full speed isochronous to parse
bInterval as an exponent, but instead it changed the *interrupt* endpoint
bInterval decoding. The isochronous endpoint encoding was the same.
This caused full speed devices with interrupt endpoints (including mice, hubs,
and USB to ethernet devices) to fail under NEC 0.96 xHCI host controllers:
[ 100.909818] xhci_hcd 0000:06:00.0: add ep 0x83, slot id 1, new drop flags = 0x0, new add flags = 0x99, new slot info = 0x38100000
[ 100.909821] xhci_hcd 0000:06:00.0: xhci_check_bandwidth called for udev ffff88011f0ea000
...
[ 100.910187] xhci_hcd 0000:06:00.0: ERROR: unexpected command completion code 0x11.
[ 100.910190] xhci_hcd 0000:06:00.0: xhci_reset_bandwidth called for udev ffff88011f0ea000
When the interrupt endpoint was added and a Configure Endpoint command was
issued to the host, the host controller would return a very odd error message
(0x11 means "Slot Not Enabled", which isn't true because the slot was enabled).
Probably the host controller was getting very confused with the bad encoding.
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: Dmitry Torokhov <dtor@vmware.com>
Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/host/xhci-mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/drivers/usb/host/xhci-mem.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/xhci-mem.c
+++ linux-2.6.35.y/drivers/usb/host/xhci-mem.c
@@ -1034,12 +1034,12 @@ static inline unsigned int xhci_get_endp
* nearest power of 2.
*/
case USB_SPEED_FULL:
- if (usb_endpoint_xfer_int(&ep->desc)) {
+ if (usb_endpoint_xfer_isoc(&ep->desc)) {
interval = xhci_parse_exponent_interval(udev, ep);
break;
}
/*
- * Fall through for isochronous endpoint interval decoding
+ * Fall through for interrupt endpoint interval decoding
* since it uses the same rules as low speed interrupt
* endpoints.
*/
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [20/99] OHCI: work around for nVidia shutdown problem
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (18 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [19/99] xhci: Fix full speed bInterval encoding Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [21/99] OHCI: fix regression caused by nVidia shutdown workaround Andi Kleen
` (78 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: stern, ak, david-b, pali.rohar, gregkh, linux-kernel, stable, tim.bird
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 6416 bytes --]
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
[ upstream commit 5f528de0ef9b3e092e276d95930830b847b33dc4 ]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit 3df7169e73fc1d71a39cffeacc969f6840cdf52b upstream.
This patch (as1417) fixes a problem affecting some (or all) nVidia
chipsets. When the computer is shut down, the OHCI controllers
continue to power the USB buses and evidently they drive a Reset
signal out all their ports. This prevents attached devices from going
to low power. Mouse LEDs stay on, for example, which is disconcerting
for users and a drain on laptop batteries.
The fix involves leaving each OHCI controller in the OPERATIONAL state
during system shutdown rather than putting it in the RESET state.
Although this nominally means the controller is running, in fact it's
not doing very much since all the schedules are all disabled. However
there is ongoing DMA to the Host Controller Communications Area, so
the patch also disables the bus-master capability of all PCI USB
controllers after the shutdown routine runs.
The fix is applied only to nVidia-based PCI OHCI controllers, so it
shouldn't cause problems on systems using other hardware. As an added
safety measure, in case the kernel encounters one of these running
controllers during boot, the patch changes quirk_usb_handoff_ohci()
(which runs early on during PCI discovery) to reset the controller
before anything bad can happen.
Reported-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
CC: David Brownell <david-b@pacbell.net>
Tested-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Index: linux-2.6.35.y/drivers/usb/core/hcd-pci.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/core/hcd-pci.c
+++ linux-2.6.35.y/drivers/usb/core/hcd-pci.c
@@ -317,8 +317,10 @@ void usb_hcd_pci_shutdown(struct pci_dev
if (!hcd)
return;
- if (hcd->driver->shutdown)
+ if (hcd->driver->shutdown) {
hcd->driver->shutdown(hcd);
+ pci_disable_device(dev);
+ }
}
EXPORT_SYMBOL_GPL(usb_hcd_pci_shutdown);
Index: linux-2.6.35.y/drivers/usb/host/ohci-hcd.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/ohci-hcd.c
+++ linux-2.6.35.y/drivers/usb/host/ohci-hcd.c
@@ -398,7 +398,14 @@ ohci_shutdown (struct usb_hcd *hcd)
ohci = hcd_to_ohci (hcd);
ohci_writel (ohci, OHCI_INTR_MIE, &ohci->regs->intrdisable);
- ohci_usb_reset (ohci);
+ ohci->hc_control = ohci_readl(ohci, &ohci->regs->control);
+
+ /* If the SHUTDOWN quirk is set, don't put the controller in RESET */
+ ohci->hc_control &= (ohci->flags & OHCI_QUIRK_SHUTDOWN ?
+ OHCI_CTRL_RWC | OHCI_CTRL_HCFS :
+ OHCI_CTRL_RWC);
+ ohci_writel(ohci, ohci->hc_control, &ohci->regs->control);
+
/* flush the writes */
(void) ohci_readl (ohci, &ohci->regs->control);
}
Index: linux-2.6.35.y/drivers/usb/host/ohci-pci.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/ohci-pci.c
+++ linux-2.6.35.y/drivers/usb/host/ohci-pci.c
@@ -201,6 +201,20 @@ static int ohci_quirk_amd700(struct usb_
return 0;
}
+/* nVidia controllers continue to drive Reset signalling on the bus
+ * even after system shutdown, wasting power. This flag tells the
+ * shutdown routine to leave the controller OPERATIONAL instead of RESET.
+ */
+static int ohci_quirk_nvidia_shutdown(struct usb_hcd *hcd)
+{
+ struct ohci_hcd *ohci = hcd_to_ohci(hcd);
+
+ ohci->flags |= OHCI_QUIRK_SHUTDOWN;
+ ohci_dbg(ohci, "enabled nVidia shutdown quirk\n");
+
+ return 0;
+}
+
/*
* The hardware normally enables the A-link power management feature, which
* lets the system lower the power consumption in idle states.
@@ -332,6 +346,10 @@ static const struct pci_device_id ohci_p
PCI_DEVICE(PCI_VENDOR_ID_ATI, 0x4399),
.driver_data = (unsigned long)ohci_quirk_amd700,
},
+ {
+ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID),
+ .driver_data = (unsigned long) ohci_quirk_nvidia_shutdown,
+ },
/* FIXME for some of the early AMD 760 southbridges, OHCI
* won't work at all. blacklist them.
Index: linux-2.6.35.y/drivers/usb/host/ohci.h
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/ohci.h
+++ linux-2.6.35.y/drivers/usb/host/ohci.h
@@ -403,6 +403,7 @@ struct ohci_hcd {
#define OHCI_QUIRK_HUB_POWER 0x100 /* distrust firmware power/oc setup */
#define OHCI_QUIRK_AMD_ISO 0x200 /* ISO transfers*/
#define OHCI_QUIRK_AMD_PREFETCH 0x400 /* pre-fetch for ISO transfer */
+#define OHCI_QUIRK_SHUTDOWN 0x800 /* nVidia power bug */
// there are also chip quirks/bugs in init logic
struct work_struct nec_work; /* Worker for NEC quirk */
Index: linux-2.6.35.y/drivers/usb/host/pci-quirks.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/pci-quirks.c
+++ linux-2.6.35.y/drivers/usb/host/pci-quirks.c
@@ -169,6 +169,7 @@ static int __devinit mmio_resource_enabl
static void __devinit quirk_usb_handoff_ohci(struct pci_dev *pdev)
{
void __iomem *base;
+ u32 control;
if (!mmio_resource_enabled(pdev, 0))
return;
@@ -177,10 +178,14 @@ static void __devinit quirk_usb_handoff_
if (base == NULL)
return;
+ control = readl(base + OHCI_CONTROL);
+
/* On PA-RISC, PDC can leave IR set incorrectly; ignore it there. */
-#ifndef __hppa__
-{
- u32 control = readl(base + OHCI_CONTROL);
+#ifdef __hppa__
+#define OHCI_CTRL_MASK (OHCI_CTRL_RWC | OHCI_CTRL_IR)
+#else
+#define OHCI_CTRL_MASK OHCI_CTRL_RWC
+
if (control & OHCI_CTRL_IR) {
int wait_time = 500; /* arbitrary; 5 seconds */
writel(OHCI_INTR_OC, base + OHCI_INTRENABLE);
@@ -194,13 +199,12 @@ static void __devinit quirk_usb_handoff_
dev_warn(&pdev->dev, "OHCI: BIOS handoff failed"
" (BIOS bug?) %08x\n",
readl(base + OHCI_CONTROL));
-
- /* reset controller, preserving RWC */
- writel(control & OHCI_CTRL_RWC, base + OHCI_CONTROL);
}
-}
#endif
+ /* reset controller, preserving RWC (and possibly IR) */
+ writel(control & OHCI_CTRL_MASK, base + OHCI_CONTROL);
+
/*
* disable interrupts
*/
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [21/99] OHCI: fix regression caused by nVidia shutdown workaround
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (19 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [20/99] OHCI: work around for nVidia shutdown problem Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [22/99] p54usb: add zoom 4410 usbid Andi Kleen
` (77 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: stern, andre.osku.schmidt, yurand2, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 2b7aaf503d56216b847c8265421d2a7d9b42df3e upstream.
This patch (as1463) fixes a regression caused by commit
3df7169e73fc1d71a39cffeacc969f6840cdf52b (OHCI: work around for nVidia
shutdown problem).
The original problem encountered by people using NVIDIA chipsets was
that USB devices were not turning off when the system shut down. For
example, the LED on an optical mouse would remain on, draining a
laptop's battery. The problem was caused by a bug in the chipset; an
OHCI controller in the Reset state would continue to drive a bus reset
signal even after system shutdown. The workaround was to put the
controllers into the Suspend state instead.
It turns out that later NVIDIA chipsets do not suffer from this bug.
Instead some have the opposite bug: If a system is shut down while an
OHCI controller is in the Suspend state, USB devices remain powered!
On other systems, shutting down with a Suspended controller causes the
system to reboot immediately. Thus, working around the original bug
on some machines exposes other bugs on other machines.
The best solution seems to be to limit the workaround to OHCI
controllers with a low-numbered PCI product ID. I don't know exactly
at what point NVIDIA changed their chipsets; the value used here is a
guess. So far it was worked out okay for all the people who have
tested it.
This fixes Bugzilla #35032.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Andre "Osku" Schmidt <andre.osku.schmidt@googlemail.com>
Tested-by: Yury Siamashka <yurand2@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/host/ohci-pci.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/drivers/usb/host/ohci-pci.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/ohci-pci.c
+++ linux-2.6.35.y/drivers/usb/host/ohci-pci.c
@@ -207,10 +207,18 @@ static int ohci_quirk_amd700(struct usb_
*/
static int ohci_quirk_nvidia_shutdown(struct usb_hcd *hcd)
{
+ struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
struct ohci_hcd *ohci = hcd_to_ohci(hcd);
- ohci->flags |= OHCI_QUIRK_SHUTDOWN;
- ohci_dbg(ohci, "enabled nVidia shutdown quirk\n");
+ /* Evidently nVidia fixed their later hardware; this is a guess at
+ * the changeover point.
+ */
+#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP51_USB 0x026d
+
+ if (pdev->device < PCI_DEVICE_ID_NVIDIA_NFORCE_MCP51_USB) {
+ ohci->flags |= OHCI_QUIRK_SHUTDOWN;
+ ohci_dbg(ohci, "enabled nVidia shutdown quirk\n");
+ }
return 0;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [22/99] p54usb: add zoom 4410 usbid
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (20 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [21/99] OHCI: fix regression caused by nVidia shutdown workaround Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [23/99] eCryptfs: Allow 2 scatterlist entries for encrypted Andi Kleen
` (76 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: chunkeey, linville, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Christian Lamparter <chunkeey@googlemail.com>
commit 9368a9a2378ab721f82f59430a135b4ce4ff5109 upstream.
Reported-by: Mark Davis <marked86@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/net/wireless/p54/p54usb.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-2.6.35.y/drivers/net/wireless/p54/p54usb.c
===================================================================
--- linux-2.6.35.y.orig/drivers/net/wireless/p54/p54usb.c
+++ linux-2.6.35.y/drivers/net/wireless/p54/p54usb.c
@@ -82,6 +82,7 @@ static struct usb_device_id p54u_table[]
{USB_DEVICE(0x06b9, 0x0121)}, /* Thomson SpeedTouch 121g */
{USB_DEVICE(0x0707, 0xee13)}, /* SMC 2862W-G version 2 */
{USB_DEVICE(0x083a, 0x4521)}, /* Siemens Gigaset USB Adapter 54 version 2 */
+ {USB_DEVICE(0x083a, 0xc501)}, /* Zoom Wireless-G 4410 */
{USB_DEVICE(0x083a, 0xf503)}, /* Accton FD7050E ver 1010ec */
{USB_DEVICE(0x0846, 0x4240)}, /* Netgear WG111 (v2) */
{USB_DEVICE(0x0915, 0x2000)}, /* Cohiba Proto board */
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [23/99] eCryptfs: Allow 2 scatterlist entries for encrypted
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (21 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [22/99] p54usb: add zoom 4410 usbid Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [24/99] UBIFS: fix a rare memory leak in ro to rw remounting path Andi Kleen
` (75 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: tyhicks, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
commit 8d08dab786ad5cc2aca2bf870de370144b78c85a upstream.
The buffers allocated while encrypting and decrypting long filenames can
sometimes straddle two pages. In this situation, virt_to_scatterlist()
will return -ENOMEM, causing the operation to fail and the user will get
scary error messages in their logs:
kernel: ecryptfs_write_tag_70_packet: Internal error whilst attempting
to convert filename memory to scatterlist; expected rc = 1; got rc =
[-12]. block_aligned_filename_size = [272]
kernel: ecryptfs_encrypt_filename: Error attempting to generate tag 70
packet; rc = [-12]
kernel: ecryptfs_encrypt_and_encode_filename: Error attempting to
encrypt filename; rc = [-12]
kernel: ecryptfs_lookup: Error attempting to encrypt and encode
filename; rc = [-12]
The solution is to allow up to 2 scatterlist entries to be used.
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/ecryptfs/keystore.c | 46 +++++++++++++++++++++-------------------------
1 file changed, 21 insertions(+), 25 deletions(-)
Index: linux-2.6.35.y/fs/ecryptfs/keystore.c
===================================================================
--- linux-2.6.35.y.orig/fs/ecryptfs/keystore.c
+++ linux-2.6.35.y/fs/ecryptfs/keystore.c
@@ -482,8 +482,8 @@ struct ecryptfs_write_tag_70_packet_sill
struct mutex *tfm_mutex;
char *block_aligned_filename;
struct ecryptfs_auth_tok *auth_tok;
- struct scatterlist src_sg;
- struct scatterlist dst_sg;
+ struct scatterlist src_sg[2];
+ struct scatterlist dst_sg[2];
struct blkcipher_desc desc;
char iv[ECRYPTFS_MAX_IV_BYTES];
char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
@@ -696,23 +696,21 @@ ecryptfs_write_tag_70_packet(char *dest,
memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
filename_size);
rc = virt_to_scatterlist(s->block_aligned_filename,
- s->block_aligned_filename_size, &s->src_sg, 1);
- if (rc != 1) {
+ s->block_aligned_filename_size, s->src_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
- "convert filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
+ "convert filename memory to scatterlist; rc = [%d]. "
"block_aligned_filename_size = [%zd]\n", __func__, rc,
s->block_aligned_filename_size);
goto out_release_free_unlock;
}
rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
- &s->dst_sg, 1);
- if (rc != 1) {
+ s->dst_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
"convert encrypted filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
- "block_aligned_filename_size = [%zd]\n", __func__, rc,
- s->block_aligned_filename_size);
+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+ __func__, rc, s->block_aligned_filename_size);
goto out_release_free_unlock;
}
/* The characters in the first block effectively do the job
@@ -735,7 +733,7 @@ ecryptfs_write_tag_70_packet(char *dest,
mount_crypt_stat->global_default_fn_cipher_key_bytes);
goto out_release_free_unlock;
}
- rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+ rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
s->block_aligned_filename_size);
if (rc) {
printk(KERN_ERR "%s: Error attempting to encrypt filename; "
@@ -767,8 +765,8 @@ struct ecryptfs_parse_tag_70_packet_sill
struct mutex *tfm_mutex;
char *decrypted_filename;
struct ecryptfs_auth_tok *auth_tok;
- struct scatterlist src_sg;
- struct scatterlist dst_sg;
+ struct scatterlist src_sg[2];
+ struct scatterlist dst_sg[2];
struct blkcipher_desc desc;
char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
char iv[ECRYPTFS_MAX_IV_BYTES];
@@ -873,13 +871,12 @@ ecryptfs_parse_tag_70_packet(char **file
}
mutex_lock(s->tfm_mutex);
rc = virt_to_scatterlist(&data[(*packet_size)],
- s->block_aligned_filename_size, &s->src_sg, 1);
- if (rc != 1) {
+ s->block_aligned_filename_size, s->src_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
"convert encrypted filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
- "block_aligned_filename_size = [%zd]\n", __func__, rc,
- s->block_aligned_filename_size);
+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+ __func__, rc, s->block_aligned_filename_size);
goto out_unlock;
}
(*packet_size) += s->block_aligned_filename_size;
@@ -893,13 +890,12 @@ ecryptfs_parse_tag_70_packet(char **file
goto out_unlock;
}
rc = virt_to_scatterlist(s->decrypted_filename,
- s->block_aligned_filename_size, &s->dst_sg, 1);
- if (rc != 1) {
+ s->block_aligned_filename_size, s->dst_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
"convert decrypted filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
- "block_aligned_filename_size = [%zd]\n", __func__, rc,
- s->block_aligned_filename_size);
+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+ __func__, rc, s->block_aligned_filename_size);
goto out_free_unlock;
}
/* The characters in the first block effectively do the job of
@@ -938,7 +934,7 @@ ecryptfs_parse_tag_70_packet(char **file
mount_crypt_stat->global_default_fn_cipher_key_bytes);
goto out_free_unlock;
}
- rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+ rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
s->block_aligned_filename_size);
if (rc) {
printk(KERN_ERR "%s: Error attempting to decrypt filename; "
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [24/99] UBIFS: fix a rare memory leak in ro to rw remounting path
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (22 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [23/99] eCryptfs: Allow 2 scatterlist entries for encrypted Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [25/99] i8k: Avoid lahf in 64-bit code Andi Kleen
` (74 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: Artem.Bityutskiy, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
commit eaeee242c531cd4b0a4a46e8b5dd7ef504380c42 upstream.
When re-mounting from R/O mode to R/W mode and the LEB count in the superblock
is not up-to date, because for the underlying UBI volume became larger, we
re-write the superblock. We allocate RAM for these purposes, but never free it.
So this is a memory leak, although very rare one.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/ubifs/sb.c | 3 ++-
fs/ubifs/super.c | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/fs/ubifs/sb.c
===================================================================
--- linux-2.6.35.y.orig/fs/ubifs/sb.c
+++ linux-2.6.35.y/fs/ubifs/sb.c
@@ -475,7 +475,8 @@ failed:
* @c: UBIFS file-system description object
*
* This function returns a pointer to the superblock node or a negative error
- * code.
+ * code. Note, the user of this function is responsible of kfree()'ing the
+ * returned superblock buffer.
*/
struct ubifs_sb_node *ubifs_read_sb_node(struct ubifs_info *c)
{
Index: linux-2.6.35.y/fs/ubifs/super.c
===================================================================
--- linux-2.6.35.y.orig/fs/ubifs/super.c
+++ linux-2.6.35.y/fs/ubifs/super.c
@@ -1545,6 +1545,7 @@ static int ubifs_remount_rw(struct ubifs
}
sup->leb_cnt = cpu_to_le32(c->leb_cnt);
err = ubifs_write_sb_node(c, sup);
+ kfree(sup);
if (err)
goto out;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [25/99] i8k: Avoid lahf in 64-bit code
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (23 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [24/99] UBIFS: fix a rare memory leak in ro to rw remounting path Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [26/99] cpuidle: menu: fixed wrapping timers at 4.294 seconds Andi Kleen
` (73 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: kronos.it, jrickman, w5pny, dz, khali, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Luca Tettamanti <kronos.it@gmail.com>
commit bc1f419c76a2d6450413ce4349f4e4a07be011d5 upstream.
i8k uses lahf to read the flag register in 64-bit code; early x86-64
CPUs, however, lack this instruction and we get an invalid opcode
exception at runtime.
Use pushf to load the flag register into the stack instead.
Signed-off-by: Luca Tettamanti <kronos.it@gmail.com>
Reported-by: Jeff Rickman <jrickman@myamigos.us>
Tested-by: Jeff Rickman <jrickman@myamigos.us>
Tested-by: Harry G McGavran Jr <w5pny@arrl.net>
Cc: Massimo Dal Zotto <dz@debian.org>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/char/i8k.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/drivers/char/i8k.c
===================================================================
--- linux-2.6.35.y.orig/drivers/char/i8k.c
+++ linux-2.6.35.y/drivers/char/i8k.c
@@ -138,8 +138,8 @@ static int i8k_smm(struct smm_regs *regs
"movl %%edi,20(%%rax)\n\t"
"popq %%rdx\n\t"
"movl %%edx,0(%%rax)\n\t"
- "lahf\n\t"
- "shrl $8,%%eax\n\t"
+ "pushfq\n\t"
+ "popq %%rax\n\t"
"andl $1,%%eax\n"
:"=a"(rc)
: "a"(regs)
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [26/99] cpuidle: menu: fixed wrapping timers at 4.294 seconds
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (24 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [25/99] i8k: Avoid lahf in 64-bit code Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [27/99] dm table: reject devices without request fns Andi Kleen
` (72 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: tero.kristo, len.brown, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Tero Kristo <tero.kristo@nokia.com>
commit 7467571f4480b273007517b26297c07154c73924 upstream.
Cpuidle menu governor is using u32 as a temporary datatype for storing
nanosecond values which wrap around at 4.294 seconds. This causes errors
in predicted sleep times resulting in higher than should be C state
selection and increased power consumption. This also breaks cpuidle
state residency statistics.
Signed-off-by: Tero Kristo <tero.kristo@nokia.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/cpuidle/governors/menu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/cpuidle/governors/menu.c
===================================================================
--- linux-2.6.35.y.orig/drivers/cpuidle/governors/menu.c
+++ linux-2.6.35.y/drivers/cpuidle/governors/menu.c
@@ -236,6 +236,7 @@ static int menu_select(struct cpuidle_de
int latency_req = pm_qos_request(PM_QOS_CPU_DMA_LATENCY);
int i;
int multiplier;
+ struct timespec t;
if (data->needs_update) {
menu_update(dev);
@@ -250,8 +251,9 @@ static int menu_select(struct cpuidle_de
return 0;
/* determine the expected residency time, round up */
+ t = ktime_to_timespec(tick_nohz_get_sleep_length());
data->expected_us =
- DIV_ROUND_UP((u32)ktime_to_ns(tick_nohz_get_sleep_length()), 1000);
+ t.tv_sec * USEC_PER_SEC + t.tv_nsec / NSEC_PER_USEC;
data->bucket = which_bucket(data->expected_us);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [27/99] dm table: reject devices without request fns
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (25 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [26/99] cpuidle: menu: fixed wrapping timers at 4.294 seconds Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [28/99] atm: expose ATM device index in sysfs Andi Kleen
` (71 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: mbroz, snitzer, agk, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Milan Broz <mbroz@redhat.com>
commit f4808ca99a203f20b4475601748e44b25a65bdec upstream.
This patch adds a check that a block device has a request function
defined before it is used. Otherwise, misconfiguration can cause an oops.
Because we are allowing devices with zero size e.g. an offline multipath
device as in commit 2cd54d9bedb79a97f014e86c0da393416b264eb3
("dm: allow offline devices") there needs to be an additional check
to ensure devices are initialised. Some block devices, like a loop
device without a backing file, exist but have no request function.
Reproducer is trivial: dm-mirror on unbound loop device
(no backing file on loop devices)
dmsetup create x --table "0 8 mirror core 2 8 sync 2 /dev/loop0 0 /dev/loop1 0"
and mirror resync will immediatelly cause OOps.
BUG: unable to handle kernel NULL pointer dereference at (null)
? generic_make_request+0x2bd/0x590
? kmem_cache_alloc+0xad/0x190
submit_bio+0x53/0xe0
? bio_add_page+0x3b/0x50
dispatch_io+0x1ca/0x210 [dm_mod]
? read_callback+0x0/0xd0 [dm_mirror]
dm_io+0xbb/0x290 [dm_mod]
do_mirror+0x1e0/0x748 [dm_mirror]
Signed-off-by: Milan Broz <mbroz@redhat.com>
Reported-by: Zdenek Kabelac <zkabelac@redhat.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/md/dm-table.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
Index: linux-2.6.35.y/drivers/md/dm-table.c
===================================================================
--- linux-2.6.35.y.orig/drivers/md/dm-table.c
+++ linux-2.6.35.y/drivers/md/dm-table.c
@@ -352,6 +352,7 @@ static void close_dev(struct dm_dev_inte
static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
sector_t start, sector_t len, void *data)
{
+ struct request_queue *q;
struct queue_limits *limits = data;
struct block_device *bdev = dev->bdev;
sector_t dev_size =
@@ -360,6 +361,22 @@ static int device_area_is_invalid(struct
limits->logical_block_size >> SECTOR_SHIFT;
char b[BDEVNAME_SIZE];
+ /*
+ * Some devices exist without request functions,
+ * such as loop devices not yet bound to backing files.
+ * Forbid the use of such devices.
+ */
+ q = bdev_get_queue(bdev);
+ if (!q || !q->make_request_fn) {
+ DMWARN("%s: %s is not yet initialised: "
+ "start=%llu, len=%llu, dev_size=%llu",
+ dm_device_name(ti->table->md), bdevname(bdev, b),
+ (unsigned long long)start,
+ (unsigned long long)len,
+ (unsigned long long)dev_size);
+ return 1;
+ }
+
if (!dev_size)
return 0;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [28/99] atm: expose ATM device index in sysfs
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (26 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [27/99] dm table: reject devices without request fns Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [29/99] brd: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
` (70 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: dcbw, eric.dumazet, dwmw2, davem, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Dan Williams <dcbw@redhat.com>
commit e7a46b4d0839c2a3aa2e0ae0b145f293f6738498 upstream.
It's currently exposed only through /proc which, besides requiring
screen-scraping, doesn't allow userspace to distinguish between two
identical ATM adapters with different ATM indexes. The ATM device index
is required when using PPPoATM on a system with multiple ATM adapters.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/atm/atm_sysfs.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Index: linux-2.6.35.y/net/atm/atm_sysfs.c
===================================================================
--- linux-2.6.35.y.orig/net/atm/atm_sysfs.c
+++ linux-2.6.35.y/net/atm/atm_sysfs.c
@@ -59,6 +59,14 @@ static ssize_t show_atmaddress(struct de
return pos - buf;
}
+static ssize_t show_atmindex(struct device *cdev,
+ struct device_attribute *attr, char *buf)
+{
+ struct atm_dev *adev = to_atm_dev(cdev);
+
+ return sprintf(buf, "%d\n", adev->number);
+}
+
static ssize_t show_carrier(struct device *cdev,
struct device_attribute *attr, char *buf)
{
@@ -99,6 +107,7 @@ static ssize_t show_link_rate(struct dev
static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
static DEVICE_ATTR(atmaddress, S_IRUGO, show_atmaddress, NULL);
+static DEVICE_ATTR(atmindex, S_IRUGO, show_atmindex, NULL);
static DEVICE_ATTR(carrier, S_IRUGO, show_carrier, NULL);
static DEVICE_ATTR(type, S_IRUGO, show_type, NULL);
static DEVICE_ATTR(link_rate, S_IRUGO, show_link_rate, NULL);
@@ -106,6 +115,7 @@ static DEVICE_ATTR(link_rate, S_IRUGO, s
static struct device_attribute *atm_attrs[] = {
&dev_attr_atmaddress,
&dev_attr_address,
+ &dev_attr_atmindex,
&dev_attr_carrier,
&dev_attr_type,
&dev_attr_link_rate,
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [29/99] brd: limit 'max_part' module param to DISK_MAX_PARTS
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (27 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [28/99] atm: expose ATM device index in sysfs Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [30/99] brd: handle on-demand devices correctly Andi Kleen
` (69 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: namhyung, Laurent.Vivier, jaxboe, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@gmail.com>
commit 315980c8688c4b06713c1a5fe9d64cdf8ab57a72 upstream.
The 'max_part' parameter controls the number of maximum partition
a brd device can have. However if a user specifies very large
value it would exceed the limitation of device minor number and
can cause a kernel panic (or, at least, produce invalid device
nodes in some cases).
On my desktop system, following command kills the kernel. On qemu,
it triggers similar oops but the kernel was alive:
$ sudo modprobe brd max_part=100000
BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
IP: [<ffffffff81110a9a>] sysfs_create_dir+0x2d/0xae
PGD 7af1067 PUD 7b19067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file:
CPU 0
Modules linked in: brd(+)
Pid: 44, comm: insmod Tainted: G W 2.6.39-qemu+ #158 Bochs Bochs
RIP: 0010:[<ffffffff81110a9a>] [<ffffffff81110a9a>] sysfs_create_dir+0x2d/0xae
RSP: 0018:ffff880007b15d78 EFLAGS: 00000286
RAX: ffff880007b05478 RBX: ffff880007a52760 RCX: ffff880007b15dc8
RDX: ffff880007a4f900 RSI: ffff880007b15e48 RDI: ffff880007a52760
RBP: ffff880007b15da8 R08: 0000000000000002 R09: 0000000000000000
R10: ffff880007b15e48 R11: ffff880007b05478 R12: 0000000000000000
R13: ffff880007b05478 R14: 0000000000400920 R15: 0000000000000063
FS: 0000000002160880(0063) GS:ffff880007c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000058 CR3: 0000000007b1c000 CR4: 00000000000006b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
Process insmod (pid: 44, threadinfo ffff880007b14000, task ffff880007acb980)
Stack:
ffff880007b15dc8 ffff880007b05478 ffff880007b15da8 00000000fffffffe
ffff880007a52760 ffff880007b05478 ffff880007b15de8 ffffffff81143c0a
0000000000400920 ffff880007a52760 ffff880007b05478 0000000000000000
Call Trace:
[<ffffffff81143c0a>] kobject_add_internal+0xdf/0x1a0
[<ffffffff81143da1>] kobject_add_varg+0x41/0x50
[<ffffffff81143e6b>] kobject_add+0x64/0x66
[<ffffffff8113bbe7>] blk_register_queue+0x5f/0xb8
[<ffffffff81140f72>] add_disk+0xdf/0x289
[<ffffffffa00040df>] brd_init+0xdf/0x1aa [brd]
[<ffffffffa0004000>] ? 0xffffffffa0003fff
[<ffffffffa0004000>] ? 0xffffffffa0003fff
[<ffffffff8100020a>] do_one_initcall+0x7a/0x12e
[<ffffffff8108516c>] sys_init_module+0x9c/0x1dc
[<ffffffff812ff4bb>] system_call_fastpath+0x16/0x1b
Code: 89 e5 41 55 41 54 53 48 89 fb 48 83 ec 18 48 85 ff 75 04 0f 0b eb fe 48 8b 47 18 49 c7 c4 70 1e 4d 81 48 85 c0 74 04 4c 8b 60 30
8b 44 24 58 45 31 ed 0f b6 c4 85 c0 74 0d 48 8b 43 28 48 89
RIP [<ffffffff81110a9a>] sysfs_create_dir+0x2d/0xae
RSP <ffff880007b15d78>
CR2: 0000000000000058
---[ end trace aebb1175ce1f6739 ]---
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Laurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/block/brd.c | 3 +++
1 file changed, 3 insertions(+)
Index: linux-2.6.35.y/drivers/block/brd.c
===================================================================
--- linux-2.6.35.y.orig/drivers/block/brd.c
+++ linux-2.6.35.y/drivers/block/brd.c
@@ -582,6 +582,9 @@ static int __init brd_init(void)
if (max_part > 0)
part_shift = fls(max_part);
+ if ((1UL << part_shift) > DISK_MAX_PARTS)
+ return -EINVAL;
+
if (rd_nr > 1UL << (MINORBITS - part_shift))
return -EINVAL;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [30/99] brd: handle on-demand devices correctly
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (28 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [29/99] brd: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [31/99] SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change Andi Kleen
` (68 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: namhyung, Laurent.Vivier, jaxboe, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@gmail.com>
commit af46566885a373b0a526932484cd8fef8de7b598 upstream.
When finding or allocating a ram disk device, brd_probe() did not take
partition numbers into account so that it can result to a different
device. Consider following example (I set CONFIG_BLK_DEV_RAM_COUNT=4
for simplicity) :
$ sudo modprobe brd max_part=15
$ ls -l /dev/ram*
brw-rw---- 1 root disk 1, 0 2011-05-25 15:41 /dev/ram0
brw-rw---- 1 root disk 1, 16 2011-05-25 15:41 /dev/ram1
brw-rw---- 1 root disk 1, 32 2011-05-25 15:41 /dev/ram2
brw-rw---- 1 root disk 1, 48 2011-05-25 15:41 /dev/ram3
$ sudo mknod /dev/ram4 b 1 64
$ sudo dd if=/dev/zero of=/dev/ram4 bs=4k count=256
256+0 records in
256+0 records out
1048576 bytes (1.0 MB) copied, 0.00215578 s, 486 MB/s
namhyung@leonhard:linux$ ls -l /dev/ram*
brw-rw---- 1 root disk 1, 0 2011-05-25 15:41 /dev/ram0
brw-rw---- 1 root disk 1, 16 2011-05-25 15:41 /dev/ram1
brw-rw---- 1 root disk 1, 32 2011-05-25 15:41 /dev/ram2
brw-rw---- 1 root disk 1, 48 2011-05-25 15:41 /dev/ram3
brw-r--r-- 1 root root 1, 64 2011-05-25 15:45 /dev/ram4
brw-rw---- 1 root disk 1, 1024 2011-05-25 15:44 /dev/ram64
After this patch, /dev/ram4 - instead of /dev/ram64 - was
accessed correctly.
In addition, 'range' passed to blk_register_region() should
include all range of dev_t that RAMDISK_MAJOR can address.
It does not need to be limited by partition numbers unless
'rd_nr' param was specified.
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Laurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/block/brd.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: linux-2.6.35.y/drivers/block/brd.c
===================================================================
--- linux-2.6.35.y.orig/drivers/block/brd.c
+++ linux-2.6.35.y/drivers/block/brd.c
@@ -549,7 +549,7 @@ static struct kobject *brd_probe(dev_t d
struct kobject *kobj;
mutex_lock(&brd_devices_mutex);
- brd = brd_init_one(dev & MINORMASK);
+ brd = brd_init_one(MINOR(dev) >> part_shift);
kobj = brd ? get_disk(brd->brd_disk) : ERR_PTR(-ENOMEM);
mutex_unlock(&brd_devices_mutex);
@@ -590,10 +590,10 @@ static int __init brd_init(void)
if (rd_nr) {
nr = rd_nr;
- range = rd_nr;
+ range = rd_nr << part_shift;
} else {
nr = CONFIG_BLK_DEV_RAM_COUNT;
- range = 1UL << (MINORBITS - part_shift);
+ range = 1UL << MINORBITS;
}
if (register_blkdev(RAMDISK_MAJOR, "ramdisk"))
@@ -632,7 +632,7 @@ static void __exit brd_exit(void)
unsigned long range;
struct brd_device *brd, *next;
- range = rd_nr ? rd_nr : 1UL << (MINORBITS - part_shift);
+ range = rd_nr ? rd_nr << part_shift : 1UL << MINORBITS;
list_for_each_entry_safe(brd, next, &brd_devices, brd_list)
brd_del_one(brd);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [31/99] SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (29 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [30/99] brd: handle on-demand devices correctly Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [32/99] PCI: Add quirk for setting valid class for TI816X Endpoint Andi Kleen
` (67 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: Trond.Myklebust, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit fe19a96b10032035a35779f42ad59e35d6dd8ffd upstream.
The TCP connection state code depends on the state_change() callback
being called when the SYN_SENT state is set. However the networking layer
doesn't actually call us back in that case.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/sunrpc/xprtsock.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
Index: linux-2.6.35.y/net/sunrpc/xprtsock.c
===================================================================
--- linux-2.6.35.y.orig/net/sunrpc/xprtsock.c
+++ linux-2.6.35.y/net/sunrpc/xprtsock.c
@@ -1345,7 +1345,6 @@ static void xs_tcp_state_change(struct s
case TCP_CLOSE_WAIT:
/* The server initiated a shutdown of the socket */
xprt_force_disconnect(xprt);
- case TCP_SYN_SENT:
xprt->connect_cookie++;
case TCP_CLOSING:
/*
@@ -1807,6 +1806,7 @@ static void xs_tcp_reuse_connection(stru
static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock)
{
struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
+ int ret = -ENOTCONN;
if (!transport->inet) {
struct sock *sk = sock->sk;
@@ -1838,12 +1838,22 @@ static int xs_tcp_finish_connecting(stru
}
if (!xprt_bound(xprt))
- return -ENOTCONN;
+ goto out;
/* Tell the socket layer to start connecting... */
xprt->stat.connect_count++;
xprt->stat.connect_start = jiffies;
- return kernel_connect(sock, xs_addr(xprt), xprt->addrlen, O_NONBLOCK);
+ ret = kernel_connect(sock, xs_addr(xprt), xprt->addrlen, O_NONBLOCK);
+ switch (ret) {
+ case 0:
+ case -EINPROGRESS:
+ /* SYN_SENT! */
+ xprt->connect_cookie++;
+ if (xprt->reestablish_timeout < XS_TCP_INIT_REEST_TO)
+ xprt->reestablish_timeout = XS_TCP_INIT_REEST_TO;
+ }
+out:
+ return ret;
}
/**
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [32/99] PCI: Add quirk for setting valid class for TI816X Endpoint
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (30 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [31/99] SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [33/99] xen mmu: fix a race window causing leave_mm BUG() Andi Kleen
` (66 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: hemantp, jbarnes, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Hemant Pedanekar <hemantp@ti.com>
commit 63c4408074cbcc070ac17fc10e524800eb9bd0b0 upstream.
TI816X (common name for DM816x/C6A816x/AM389x family) devices configured
to boot as PCIe Endpoint have class code = 0. This makes kernel PCI bus
code to skip allocating BARs to these devices resulting into following
type of error when trying to enable them:
"Device 0000:01:00.0 not available because of resource collisions"
The device cannot be operated because of the above issue.
This patch adds a ID specific (TI VENDOR ID and 816X DEVICE ID based)
'early' fixup quirk to replace class code with
PCI_CLASS_MULTIMEDIA_VIDEO as class.
Signed-off-by: Hemant Pedanekar <hemantp@ti.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/pci/quirks.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Index: linux-2.6.35.y/drivers/pci/quirks.c
===================================================================
--- linux-2.6.35.y.orig/drivers/pci/quirks.c
+++ linux-2.6.35.y/drivers/pci/quirks.c
@@ -2727,6 +2727,16 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_IN
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x3c28, vtd_mask_spec_errors);
#endif
+static void __devinit fixup_ti816x_class(struct pci_dev* dev)
+{
+ /* TI 816x devices do not have class code set when in PCIe boot mode */
+ if (dev->class == PCI_CLASS_NOT_DEFINED) {
+ dev_info(&dev->dev, "Setting PCI class for 816x PCIe device\n");
+ dev->class = PCI_CLASS_MULTIMEDIA_VIDEO;
+ }
+}
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_TI, 0xb800, fixup_ti816x_class);
+
static void pci_do_fixups(struct pci_dev *dev, struct pci_fixup *f,
struct pci_fixup *end)
{
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [33/99] xen mmu: fix a race window causing leave_mm BUG()
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (31 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [32/99] PCI: Add quirk for setting valid class for TI816X Endpoint Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [34/99] UBIFS: fix shrinker object count reports Andi Kleen
` (65 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: kevin.tian, ak, tinnycloud, konrad.wilk, gregkh, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: "Tian, Kevin" <kevin.tian@intel.com>
commit 7899891c7d161752f29abcc9bc0a9c6c3a3af26c upstream.
There's a race window in xen_drop_mm_ref, where remote cpu may exit
dirty bitmap between the check on this cpu and the point where remote
cpu handles drop request. So in drop_other_mm_ref we need check
whether TLB state is still lazy before calling into leave_mm. This
bug is rarely observed in earlier kernel, but exaggerated by the
commit 831d52bc153971b70e64eccfbed2b232394f22f8
("x86, mm: avoid possible bogus tlb entries by clearing prev mm_cpumask after switching mm")
which clears bitmap after changing the TLB state. the call trace is as below:
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---------------------------------
kernel BUG at arch/x86/mm/tlb.c:61!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/devices/system/xen_memory/xen_memory0/info/current_kb
CPU 1
Modules linked in: 8021q garp xen_netback xen_blkback blktap blkback_pagemap nbd bridge stp llc autofs4 ipmi_devintf ipmi_si ipmi_msghandler lockd sunrpc bonding ipv6 xenfs dm_multipath video output sbs sbshc parport_pc lp parport ses enclosure snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device serio_raw bnx2 snd_pcm_oss snd_mixer_oss snd_pcm snd_timer iTCO_wdt snd soundcore snd_page_alloc i2c_i801 iTCO_vendor_support i2c_core pcs pkr pata_acpi ata_generic ata_piix shpchp mptsas mptscsih mptbase [last unloaded: freq_table]
Pid: 25581, comm: khelper Not tainted 2.6.32.36fixxen #1 Tecal RH2285
RIP: e030:[<ffffffff8103a3cb>] [<ffffffff8103a3cb>] leave_mm+0x15/0x46
RSP: e02b:ffff88002805be48 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88015f8e2da0
RDX: ffff88002805be78 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffff88002805be48 R08: ffff88009d662000 R09: dead000000200200
R10: dead000000100100 R11: ffffffff814472b2 R12: ffff88009bfc1880
R13: ffff880028063020 R14: 00000000000004f6 R15: 0000000000000000
FS: 00007f62362d66e0(0000) GS:ffff880028058000(0000) knlGS:0000000000000000
CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000003aabc11909 CR3: 000000009b8ca000 CR4: 0000000000002660
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000 00
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process khelper (pid: 25581, threadinfo ffff88007691e000, task ffff88009b92db40)
Stack:
ffff88002805be68 ffffffff8100e4ae 0000000000000001 ffff88009d733b88
<0> ffff88002805be98 ffffffff81087224 ffff88002805be78 ffff88002805be78
<0> ffff88015f808360 00000000000004f6 ffff88002805bea8 ffffffff81010108
Call Trace:
<IRQ>
[<ffffffff8100e4ae>] drop_other_mm_ref+0x2a/0x53
[<ffffffff81087224>] generic_smp_call_function_single_interrupt+0xd8/0xfc
[<ffffffff81010108>] xen_call_function_single_interrupt+0x13/0x28
[<ffffffff810a936a>] handle_IRQ_event+0x66/0x120
[<ffffffff810aac5b>] handle_percpu_irq+0x41/0x6e
[<ffffffff8128c1c0>] __xen_evtchn_do_upcall+0x1ab/0x27d
[<ffffffff8128dd11>] xen_evtchn_do_upcall+0x33/0x46
[<ffffffff81013efe>] xen_do_hyper visor_callback+0x1e/0x30
<EOI>
[<ffffffff814472b2>] ? _spin_unlock_irqrestore+0x15/0x17
[<ffffffff8100f8cf>] ? xen_restore_fl_direct_end+0x0/0x1
[<ffffffff81113f71>] ? flush_old_exec+0x3ac/0x500
[<ffffffff81150dc5>] ? load_elf_binary+0x0/0x17ef
[<ffffffff81150dc5>] ? load_elf_binary+0x0/0x17ef
[<ffffffff8115115d>] ? load_elf_binary+0x398/0x17ef
[<ffffffff81042fcf>] ? need_resched+0x23/0x2d
[<ffffffff811f4648>] ? process_measurement+0xc0/0xd7
[<ffffffff81150dc5>] ? load_elf_binary+0x0/0x17ef
[<ffffffff81113094>] ? search_binary_handler+0xc8/0x255
[<ffffffff81114362>] ? do_execve+0x1c3/0x29e
[<ffffffff8101155d>] ? sys_execve+0x43/0x5d
[<ffffffff8106fc45>] ? __call_usermodehelper+0x0/0x6f
[<ffffffff81013e28>] ? kernel_execve+0x68/0xd0
[<ffffffff 8106fc45>] ? __call_usermodehelper+0x0/0x6f
[<ffffffff8100f8cf>] ? xen_restore_fl_direct_end+0x0/0x1
[<ffffffff8106fb64>] ? ____call_usermodehelper+0x113/0x11e
[<ffffffff81013daa>] ? child_rip+0xa/0x20
[<ffffffff8106fc45>] ? __call_usermodehelper+0x0/0x6f
[<ffffffff81012f91>] ? int_ret_from_sys_call+0x7/0x1b
[<ffffffff8101371d>] ? retint_restore_args+0x5/0x6
[<ffffffff81013da0>] ? child_rip+0x0/0x20
Code: 41 5e 41 5f c9 c3 55 48 89 e5 0f 1f 44 00 00 e8 17 ff ff ff c9 c3 55 48 89 e5 0f 1f 44 00 00 65 8b 04 25 c8 55 01 00 ff c8 75 04 <0f> 0b eb fe 65 48 8b 34 25 c0 55 01 00 48 81 c6 b8 02 00 00 e8
RIP [<ffffffff8103a3cb>] leave_mm+0x15/0x46
RSP <ffff88002805be48>
---[ end trace ce9cee6832a9c503 ]---
Tested-by: Maoxiaoyun<tinnycloud@hotmail.com>
Signed-off-by: Kevin Tian <kevin.tian@intel.com>
[v1: Fleshed out the git description a bit]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/xen/mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/arch/x86/xen/mmu.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/xen/mmu.c
+++ linux-2.6.35.y/arch/x86/xen/mmu.c
@@ -1142,7 +1142,7 @@ static void drop_other_mm_ref(void *info
active_mm = percpu_read(cpu_tlbstate.active_mm);
- if (active_mm == mm)
+ if (active_mm == mm && percpu_read(cpu_tlbstate.state) != TLBSTATE_OK)
leave_mm(smp_processor_id());
/* If this cpu still has a stale cr3 reference, then make sure
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [34/99] UBIFS: fix shrinker object count reports
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (32 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [33/99] xen mmu: fix a race window causing leave_mm BUG() Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [35/99] UBIFS: fix memory leak on error path Andi Kleen
` (64 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: Artem.Bityutskiy, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
commit cf610bf4199770420629d3bc273494bd27ad6c1d upstream.
Sometimes VM asks the shrinker to return amount of objects it can shrink,
and we return the ubifs_clean_zn_cnt in that case. However, it is possible
that this counter is negative for a short period of time, due to the way
UBIFS TNC code updates it. And I can observe the following warnings sometimes:
shrink_slab: ubifs_shrinker+0x0/0x2b7 [ubifs] negative objects to delete nr=-8541616642706119788
This patch makes sure UBIFS never returns negative count of objects.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/ubifs/shrinker.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/fs/ubifs/shrinker.c
===================================================================
--- linux-2.6.35.y.orig/fs/ubifs/shrinker.c
+++ linux-2.6.35.y/fs/ubifs/shrinker.c
@@ -283,7 +283,11 @@ int ubifs_shrinker(struct shrinker *shri
long clean_zn_cnt = atomic_long_read(&ubifs_clean_zn_cnt);
if (nr == 0)
- return clean_zn_cnt;
+ /*
+ * Due to the way UBIFS updates the clean znode counter it may
+ * temporarily be negative.
+ */
+ return clean_zn_cnt >= 0 ? clean_zn_cnt : 1;
if (!clean_zn_cnt) {
/*
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [35/99] UBIFS: fix memory leak on error path
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (33 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [34/99] UBIFS: fix shrinker object count reports Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [36/99] nbd: limit module parameters to a sane value Andi Kleen
` (63 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: Artem.Bityutskiy, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
commit 812eb258311f89bcd664a34a620f249d54a2cd83 upstream.
UBIFS leaks memory on error path in 'ubifs_jnl_update()' in case of write
failure because it forgets to free the 'struct ubifs_dent_node *dent' object.
Although the object is small, the alignment can make it large - e.g., 2KiB
if the min. I/O unit is 2KiB.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/ubifs/journal.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-2.6.35.y/fs/ubifs/journal.c
===================================================================
--- linux-2.6.35.y.orig/fs/ubifs/journal.c
+++ linux-2.6.35.y/fs/ubifs/journal.c
@@ -665,6 +665,7 @@ out_free:
out_release:
release_head(c, BASEHD);
+ kfree(dent);
out_ro:
ubifs_ro_mode(c, err);
if (last_reference)
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [36/99] nbd: limit module parameters to a sane value
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (34 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [35/99] UBIFS: fix memory leak on error path Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [37/99] block: export blk_{get,put}_queue() Andi Kleen
` (62 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: namhyung, Laurent.Vivier, Paul.Clements, jaxboe, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@gmail.com>
commit 3b2710824e00d238554c13b5add347e6c701ab1a upstream.
The 'max_part' parameter controls the number of maximum partition
a nbd device can have. However if a user specifies very large
value it would exceed the limitation of device minor number and
can cause a kernel oops (or, at least, produce invalid device
nodes in some cases).
In addition, specifying large 'nbds_max' value causes same
problem for the same reason.
On my desktop, following command results to the kernel bug:
$ sudo modprobe nbd max_part=100000
kernel BUG at /media/Linux_Data/project/linux/fs/sysfs/group.c:65!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/devices/virtual/block/nbd4/range
CPU 1
Modules linked in: nbd(+) bridge stp llc kvm_intel kvm asus_atk0110 sg sr_mod cdrom
Pid: 2522, comm: modprobe Tainted: G W 2.6.39-leonard+ #159 System manufacturer System Product Name/P5G41TD-M PRO
RIP: 0010:[<ffffffff8115aa08>] [<ffffffff8115aa08>] internal_create_group+0x2f/0x166
RSP: 0018:ffff8801009f1de8 EFLAGS: 00010246
RAX: 00000000ffffffef RBX: ffff880103920478 RCX: 00000000000a7bd3
RDX: ffffffff81a2dbe0 RSI: 0000000000000000 RDI: ffff880103920478
RBP: ffff8801009f1e38 R08: ffff880103920468 R09: ffff880103920478
R10: ffff8801009f1de8 R11: ffff88011eccbb68 R12: ffffffff81a2dbe0
R13: ffff880103920468 R14: 0000000000000000 R15: ffff880103920400
FS: 00007f3c49de9700(0000) GS:ffff88011f800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f3b7fe7c000 CR3: 00000000cd58d000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process modprobe (pid: 2522, threadinfo ffff8801009f0000, task ffff8801009a93a0)
Stack:
ffff8801009f1e58 ffffffff812e8f6e ffff8801009f1e58 ffffffff812e7a80
ffff880000000010 ffff880103920400 ffff8801002fd0c0 ffff880103920468
0000000000000011 ffff880103920400 ffff8801009f1e48 ffffffff8115ab6a
Call Trace:
[<ffffffff812e8f6e>] ? device_add+0x4f1/0x5e4
[<ffffffff812e7a80>] ? dev_set_name+0x41/0x43
[<ffffffff8115ab6a>] sysfs_create_group+0x13/0x15
[<ffffffff810b857e>] blk_trace_init_sysfs+0x14/0x16
[<ffffffff811ee58b>] blk_register_queue+0x4c/0xfd
[<ffffffff811f3bdf>] add_disk+0xe4/0x29c
[<ffffffffa007e2ab>] nbd_init+0x2ab/0x30d [nbd]
[<ffffffffa007e000>] ? 0xffffffffa007dfff
[<ffffffff8100020f>] do_one_initcall+0x7f/0x13e
[<ffffffff8107ab0a>] sys_init_module+0xa1/0x1e3
[<ffffffff814f3542>] system_call_fastpath+0x16/0x1b
Code: 41 57 41 56 41 55 41 54 53 48 83 ec 28 0f 1f 44 00 00 48 89 fb 41 89 f6 49 89 d4 48 85 ff 74 0b 85 f6 75 0b 48 83
7f 30 00 75 14 <0f> 0b eb fe b9 ea ff ff ff 48 83 7f 30 00 0f 84 09 01 00 00 49
RIP [<ffffffff8115aa08>] internal_create_group+0x2f/0x166
RSP <ffff8801009f1de8>
---[ end trace 753285ffbf72c57c ]---
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Laurent Vivier <Laurent.Vivier@bull.net>
Cc: Paul Clements <Paul.Clements@steeleye.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/block/nbd.c | 6 ++++++
1 file changed, 6 insertions(+)
Index: linux-2.6.35.y/drivers/block/nbd.c
===================================================================
--- linux-2.6.35.y.orig/drivers/block/nbd.c
+++ linux-2.6.35.y/drivers/block/nbd.c
@@ -755,6 +755,12 @@ static int __init nbd_init(void)
if (max_part > 0)
part_shift = fls(max_part);
+ if ((1UL << part_shift) > DISK_MAX_PARTS)
+ return -EINVAL;
+
+ if (nbds_max > 1UL << (MINORBITS - part_shift))
+ return -EINVAL;
+
for (i = 0; i < nbds_max; i++) {
struct gendisk *disk = alloc_disk(1 << part_shift);
if (!disk)
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [37/99] block: export blk_{get,put}_queue()
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (35 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [36/99] nbd: limit module parameters to a sane value Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [38/99] Fix oops caused by queue refcounting failure Andi Kleen
` (61 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: jaxboe, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <jaxboe@fusionio.com>
commit d86e0e83b32bc84600adb0b6ea1fce389b266682 upstream.
We need them in SCSI to fix a bug, but currently they are not
exported to modules. Export them.
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
block/blk-core.c | 2 ++
1 file changed, 2 insertions(+)
Index: linux-2.6.35.y/block/blk-core.c
===================================================================
--- linux-2.6.35.y.orig/block/blk-core.c
+++ linux-2.6.35.y/block/blk-core.c
@@ -311,6 +311,7 @@ void blk_unplug_timeout(unsigned long da
trace_block_unplug_timer(q);
kblockd_schedule_work(q, &q->unplug_work);
}
+EXPORT_SYMBOL(blk_put_queue);
void blk_unplug(struct request_queue *q)
{
@@ -640,6 +641,7 @@ int blk_get_queue(struct request_queue *
return 1;
}
+EXPORT_SYMBOL(blk_get_queue);
static inline void blk_free_request(struct request_queue *q, struct request *rq)
{
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [38/99] Fix oops caused by queue refcounting failure
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (36 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [37/99] block: export blk_{get,put}_queue() Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [39/99] mm: fix ENOSPC returned by handle_mm_fault() Andi Kleen
` (60 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: James.Bottomley, jbottomley, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: James Bottomley <James.Bottomley@HansenPartnership.com>
commit e73e079bf128d68284efedeba1fbbc18d78610f9 upstream.
In certain circumstances, we can get an oops from a torn down device.
Most notably this is from CD roms trying to call scsi_ioctl. The root
cause of the problem is the fact that after scsi_remove_device() has
been called, the queue is fully torn down. This is actually wrong
since the queue can be used until the sdev release function is called.
Therefore, we add an extra reference to the queue which is released in
sdev->release, so the queue always exists.
Reported-by: Parag Warudkar <parag.lkml@gmail.com>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/scsi/scsi_scan.c | 2 +-
drivers/scsi/scsi_sysfs.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/scsi/scsi_scan.c
===================================================================
--- linux-2.6.35.y.orig/drivers/scsi/scsi_scan.c
+++ linux-2.6.35.y/drivers/scsi/scsi_scan.c
@@ -295,7 +295,7 @@ static struct scsi_device *scsi_alloc_sd
kfree(sdev);
goto out;
}
-
+ blk_get_queue(sdev->request_queue);
sdev->request_queue->queuedata = sdev;
scsi_adjust_queue_depth(sdev, 0, sdev->host->cmd_per_lun);
Index: linux-2.6.35.y/drivers/scsi/scsi_sysfs.c
===================================================================
--- linux-2.6.35.y.orig/drivers/scsi/scsi_sysfs.c
+++ linux-2.6.35.y/drivers/scsi/scsi_sysfs.c
@@ -319,6 +319,7 @@ static void scsi_device_dev_release_user
kfree(evt);
}
+ blk_put_queue(sdev->request_queue);
/* NULL queue means the device can't be used */
sdev->request_queue = NULL;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [39/99] mm: fix ENOSPC returned by handle_mm_fault()
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (37 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [38/99] Fix oops caused by queue refcounting failure Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [40/99] PCI: Set PCIE maxpayload for card during hotplug insertion Andi Kleen
` (59 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: hughd, viro, torvalds, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Hugh Dickins <hughd@google.com>
commit e0dcd8a05be438b3d2e49ef61441ea3a463663f8 upstream.
Al Viro observes that in the hugetlb case, handle_mm_fault() may return
a value of the kind ENOSPC when its caller is expecting a value of the
kind VM_FAULT_SIGBUS: fix alloc_huge_page()'s failure returns.
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
mm/hugetlb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/mm/hugetlb.c
===================================================================
--- linux-2.6.35.y.orig/mm/hugetlb.c
+++ linux-2.6.35.y/mm/hugetlb.c
@@ -1030,10 +1030,10 @@ static struct page *alloc_huge_page(stru
*/
chg = vma_needs_reservation(h, vma, addr);
if (chg < 0)
- return ERR_PTR(chg);
+ return ERR_PTR(-VM_FAULT_OOM);
if (chg)
if (hugetlb_get_quota(inode->i_mapping, chg))
- return ERR_PTR(-ENOSPC);
+ return ERR_PTR(-VM_FAULT_SIGBUS);
spin_lock(&hugetlb_lock);
page = dequeue_huge_page_vma(h, vma, addr, avoid_reserve);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [40/99] PCI: Set PCIE maxpayload for card during hotplug insertion
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (38 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [39/99] mm: fix ENOSPC returned by handle_mm_fault() Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [41/99] nl80211: fix check for valid SSID size in scan operations Andi Kleen
` (58 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: Jordan_Hargrave, kaneshige.kenji, jordan_hargrave, jbarnes,
gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: "Jordan_Hargrave@Dell.com" <Jordan_Hargrave@Dell.com>
commit e522a7126c7c144a1dd14c6f217ac31e71082b1d upstream.
The following patch sets the MaxPayload setting to match the parent
reading when inserting a PCIE card into a hotplug slot. On our system,
the upstream bridge is set to 256, but when inserting a card, the card
setting defaults to 128. As soon as I/O is performed to the card it
starts receiving errors since the payload size is too small.
Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Jordan Hargrave <jordan_hargrave@dell.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/pci/hotplug/pcihp_slot.c | 45 +++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
Index: linux-2.6.35.y/drivers/pci/hotplug/pcihp_slot.c
===================================================================
--- linux-2.6.35.y.orig/drivers/pci/hotplug/pcihp_slot.c
+++ linux-2.6.35.y/drivers/pci/hotplug/pcihp_slot.c
@@ -158,6 +158,47 @@ static void program_hpp_type2(struct pci
*/
}
+/* Program PCIE MaxPayload setting on device: ensure parent maxpayload <= device */
+static int pci_set_payload(struct pci_dev *dev)
+{
+ int pos, ppos;
+ u16 pctl, psz;
+ u16 dctl, dsz, dcap, dmax;
+ struct pci_dev *parent;
+
+ parent = dev->bus->self;
+ pos = pci_find_capability(dev, PCI_CAP_ID_EXP);
+ if (!pos)
+ return 0;
+
+ /* Read Device MaxPayload capability and setting */
+ pci_read_config_word(dev, pos + PCI_EXP_DEVCTL, &dctl);
+ pci_read_config_word(dev, pos + PCI_EXP_DEVCAP, &dcap);
+ dsz = (dctl & PCI_EXP_DEVCTL_PAYLOAD) >> 5;
+ dmax = (dcap & PCI_EXP_DEVCAP_PAYLOAD);
+
+ /* Read Parent MaxPayload setting */
+ ppos = pci_find_capability(parent, PCI_CAP_ID_EXP);
+ if (!ppos)
+ return 0;
+ pci_read_config_word(parent, ppos + PCI_EXP_DEVCTL, &pctl);
+ psz = (pctl & PCI_EXP_DEVCTL_PAYLOAD) >> 5;
+
+ /* If parent payload > device max payload -> error
+ * If parent payload > device payload -> set speed
+ * If parent payload <= device payload -> do nothing
+ */
+ if (psz > dmax)
+ return -1;
+ else if (psz > dsz) {
+ dev_info(&dev->dev, "Setting MaxPayload to %d\n", 128 << psz);
+ pci_write_config_word(dev, pos + PCI_EXP_DEVCTL,
+ (dctl & ~PCI_EXP_DEVCTL_PAYLOAD) +
+ (psz << 5));
+ }
+ return 0;
+}
+
void pci_configure_slot(struct pci_dev *dev)
{
struct pci_dev *cdev;
@@ -169,6 +210,10 @@ void pci_configure_slot(struct pci_dev *
(dev->class >> 8) == PCI_CLASS_BRIDGE_PCI)))
return;
+ ret = pci_set_payload(dev);
+ if (ret)
+ dev_warn(&dev->dev, "could not set device max payload\n");
+
memset(&hpp, 0, sizeof(hpp));
ret = pci_get_hp_params(dev, &hpp);
if (ret)
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [41/99] nl80211: fix check for valid SSID size in scan operations
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (39 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [40/99] PCI: Set PCIE maxpayload for card during hotplug insertion Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [42/99] lockdep: Fix lock_is_held() on recursion Andi Kleen
` (57 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: coelho, linville, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Luciano Coelho <coelho@ti.com>
commit 208c72f4fe44fe09577e7975ba0e7fa0278f3d03 upstream.
In both trigger_scan and sched_scan operations, we were checking for
the SSID length before assigning the value correctly. Since the
memory was just kzalloc'ed, the check was always failing and SSID with
over 32 characters were allowed to go through.
This was causing a buffer overflow when copying the actual SSID to the
proper place.
This bug has been there since 2.6.29-rc4.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/wireless/nl80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/net/wireless/nl80211.c
===================================================================
--- linux-2.6.35.y.orig/net/wireless/nl80211.c
+++ linux-2.6.35.y/net/wireless/nl80211.c
@@ -3179,12 +3179,12 @@ static int nl80211_trigger_scan(struct s
i = 0;
if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
+ request->ssids[i].ssid_len = nla_len(attr);
if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
err = -EINVAL;
goto out_free;
}
memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
- request->ssids[i].ssid_len = nla_len(attr);
i++;
}
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [42/99] lockdep: Fix lock_is_held() on recursion
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (40 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [41/99] nl80211: fix check for valid SSID size in scan operations Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [43/99] drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007 Andi Kleen
` (56 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: a.p.zijlstra, torvalds, ak, mingo, gregkh, linux-kernel, stable,
tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <a.p.zijlstra@chello.nl>
commit f2513cde93f0957d5dc6c09bc24b0cccd27d8e1d upstream.
The main lock_is_held() user is lockdep_assert_held(), avoid false
assertions in lockdep_off() sections by unconditionally reporting the
lock is taken.
[ the reason this is important is a lockdep_assert_held() in ttwu()
which triggers a warning under lockdep_off() as in printk() which
can trigger another wakeup and lock up due to spinlock
recursion, as reported and heroically debugged by Arne Jansen ]
Reported-and-tested-by: Arne Jansen <lists@die-jansens.de>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Link: http://lkml.kernel.org/r/1307398759.2497.966.camel@laptop
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
kernel/lockdep.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/kernel/lockdep.c
===================================================================
--- linux-2.6.35.y.orig/kernel/lockdep.c
+++ linux-2.6.35.y/kernel/lockdep.c
@@ -3250,7 +3250,7 @@ int lock_is_held(struct lockdep_map *loc
int ret = 0;
if (unlikely(current->lockdep_recursion))
- return ret;
+ return 1; /* avoid false negative lockdep_assert_held() */
raw_local_irq_save(flags);
check_flags(flags);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [43/99] drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (41 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [42/99] lockdep: Fix lock_is_held() on recursion Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [44/99] drm/radeon/kms: fix for radeon on systems >4GB without Andi Kleen
` (55 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: hdegoede, keithp, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 6a574b5b9b186e28abd3e571dfd1700c5220b510 upstream.
I found this while figuring out why gnome-shell would not run on my
Asus EeeBox PC EB1007. As a standalone "pc" this device cleary does not have
an internal panel, yet it claims it does. Add a quirk to fix this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/gpu/drm/i915/intel_lvds.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: linux-2.6.35.y/drivers/gpu/drm/i915/intel_lvds.c
===================================================================
--- linux-2.6.35.y.orig/drivers/gpu/drm/i915/intel_lvds.c
+++ linux-2.6.35.y/drivers/gpu/drm/i915/intel_lvds.c
@@ -832,6 +832,14 @@ static const struct dmi_system_id intel_
DMI_MATCH(DMI_PRODUCT_NAME, "U800"),
},
},
+ {
+ .callback = intel_no_lvds_dmi_callback,
+ .ident = "Asus EeeBox PC EB1007",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer INC."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "EB1007"),
+ },
+ },
{ } /* terminating entry */
};
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [44/99] drm/radeon/kms: fix for radeon on systems >4GB without
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (42 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [43/99] drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007 Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [45/99] fat: Fix corrupt inode flags when remove ATTR_SYS flag Andi Kleen
` (54 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: d.haid, alexdeucher, airlied, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Haid <d.haid@gogi.tv>
commit 62fff811d73095bd95579d72f558f03c78f7914a upstream.
On my x86_64 system with >4GB of ram and swiotlb instead of
a hardware iommu (because I have a VIA chipset), the call
to pci_set_dma_mask (see below) with 40bits returns an error.
But it seems that the radeon driver is designed to have
need_dma32 = true exactly if pci_set_dma_mask is called
with 32 bits and false if it is called with 40 bits.
I have read somewhere that the default are 32 bits. So if the
call fails I suppose that need_dma32 should be set to true.
And indeed the patch fixes the problem I have had before
and which I had described here:
http://choon.net/forum/read.php?21,106131,115940
Acked-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/gpu/drm/radeon/radeon_device.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-2.6.35.y/drivers/gpu/drm/radeon/radeon_device.c
===================================================================
--- linux-2.6.35.y.orig/drivers/gpu/drm/radeon/radeon_device.c
+++ linux-2.6.35.y/drivers/gpu/drm/radeon/radeon_device.c
@@ -645,6 +645,7 @@ int radeon_device_init(struct radeon_dev
dma_bits = rdev->need_dma32 ? 32 : 40;
r = pci_set_dma_mask(rdev->pdev, DMA_BIT_MASK(dma_bits));
if (r) {
+ rdev->need_dma32 = true;
printk(KERN_WARNING "radeon: No suitable DMA available.\n");
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [45/99] fat: Fix corrupt inode flags when remove ATTR_SYS flag
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (43 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [44/99] drm/radeon/kms: fix for radeon on systems >4GB without Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [46/99] xen: off by one errors in multicalls.c Andi Kleen
` (53 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: hirofumi, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
commit 1adffbae22332bb558c2a29de19d9aca391869f6 upstream.
We are clearly missing '~' in fat_ioctl_set_attributes().
Reported-by: Dmitry Dmitriev <dimondmm@yandex.ru>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/fat/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/fs/fat/file.c
===================================================================
--- linux-2.6.35.y.orig/fs/fat/file.c
+++ linux-2.6.35.y/fs/fat/file.c
@@ -102,7 +102,7 @@ static int fat_ioctl_set_attributes(stru
if (attr & ATTR_SYS)
inode->i_flags |= S_IMMUTABLE;
else
- inode->i_flags &= S_IMMUTABLE;
+ inode->i_flags &= ~S_IMMUTABLE;
}
fat_save_attrs(inode, attr);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [46/99] xen: off by one errors in multicalls.c
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (44 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [45/99] fat: Fix corrupt inode flags when remove ATTR_SYS flag Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [47/99] x86/amd-iommu: Fix 3 possible endless loops Andi Kleen
` (52 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: error27, konrad.wilk, jeremy.fitzhardinge, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <error27@gmail.com>
commit f124c6ae59e193705c9ddac57684d50006d710e6 upstream.
b->args[] has MC_ARGS elements, so the comparison here should be
">=" instead of ">". Otherwise we read past the end of the array
one space.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
arch/x86/xen/multicalls.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
Index: linux-2.6.35.y/arch/x86/xen/multicalls.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/xen/multicalls.c
+++ linux-2.6.35.y/arch/x86/xen/multicalls.c
@@ -189,10 +189,10 @@ struct multicall_space __xen_mc_entry(si
unsigned argidx = roundup(b->argidx, sizeof(u64));
BUG_ON(preemptible());
- BUG_ON(b->argidx > MC_ARGS);
+ BUG_ON(b->argidx >= MC_ARGS);
if (b->mcidx == MC_BATCH ||
- (argidx + args) > MC_ARGS) {
+ (argidx + args) >= MC_ARGS) {
mc_stats_flush(b->mcidx == MC_BATCH ? FL_SLOTS : FL_ARGS);
xen_mc_flush();
argidx = roundup(b->argidx, sizeof(u64));
@@ -206,7 +206,7 @@ struct multicall_space __xen_mc_entry(si
ret.args = &b->args[argidx];
b->argidx = argidx + args;
- BUG_ON(b->argidx > MC_ARGS);
+ BUG_ON(b->argidx >= MC_ARGS);
return ret;
}
@@ -216,7 +216,7 @@ struct multicall_space xen_mc_extend_arg
struct multicall_space ret = { NULL, NULL };
BUG_ON(preemptible());
- BUG_ON(b->argidx > MC_ARGS);
+ BUG_ON(b->argidx >= MC_ARGS);
if (b->mcidx == 0)
return ret;
@@ -224,14 +224,14 @@ struct multicall_space xen_mc_extend_arg
if (b->entries[b->mcidx - 1].op != op)
return ret;
- if ((b->argidx + size) > MC_ARGS)
+ if ((b->argidx + size) >= MC_ARGS)
return ret;
ret.mc = &b->entries[b->mcidx - 1];
ret.args = &b->args[b->argidx];
b->argidx += size;
- BUG_ON(b->argidx > MC_ARGS);
+ BUG_ON(b->argidx >= MC_ARGS);
return ret;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [47/99] x86/amd-iommu: Fix 3 possible endless loops
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (45 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [46/99] xen: off by one errors in multicalls.c Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [48/99] USB: cdc-acm: Adding second ACM channel support for Nokia E7 Andi Kleen
` (51 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: joerg.roedel, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Joerg Roedel <joerg.roedel@amd.com>
commit 0de66d5b35ee148455e268b2782873204ffdef4b upstream.
The driver contains several loops counting on an u16 value
where the exit-condition is checked against variables that
can have values up to 0xffff. In this case the loops will
never exit. This patch fixed 3 such loops.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
arch/x86/kernel/amd_iommu_init.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: linux-2.6.35.y/arch/x86/kernel/amd_iommu_init.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/kernel/amd_iommu_init.c
+++ linux-2.6.35.y/arch/x86/kernel/amd_iommu_init.c
@@ -650,8 +650,8 @@ static void __init init_iommu_from_acpi(
{
u8 *p = (u8 *)h;
u8 *end = p, flags = 0;
- u16 dev_i, devid = 0, devid_start = 0, devid_to = 0;
- u32 ext_flags = 0;
+ u16 devid = 0, devid_start = 0, devid_to = 0;
+ u32 dev_i, ext_flags = 0;
bool alias = false;
struct ivhd_entry *e;
@@ -806,7 +806,7 @@ static void __init init_iommu_from_acpi(
/* Initializes the device->iommu mapping for the driver */
static int __init init_iommu_devices(struct amd_iommu *iommu)
{
- u16 i;
+ u32 i;
for (i = iommu->first_device; i <= iommu->last_device; ++i)
set_iommu_for_device(iommu, i);
@@ -1095,7 +1095,7 @@ static int __init init_memory_definition
*/
static void init_device_table(void)
{
- u16 devid;
+ u32 devid;
for (devid = 0; devid <= amd_iommu_last_bdf; ++devid) {
set_dev_entry_bit(devid, DEV_ENTRY_VALID);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [48/99] USB: cdc-acm: Adding second ACM channel support for Nokia E7
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (46 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [47/99] x86/amd-iommu: Fix 3 possible endless loops Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [49/99] USB: core: Tolerate protocol stall during hub and port Andi Kleen
` (50 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: toby.gray, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Toby Gray <toby.gray@realvnc.com>
commit 4061fde2fa80f40cb27114f60500d38d0afcf350 upstream.
This adds the Nokia E7 and C7 to the list of devices in cdc-acm, allowing
the secondary ACM channel on the device to be exposed. Without this patch
the ACM driver won't claim this secondary channel as it's marked as
having a vendor-specific protocol.
Signed-off-by: Toby Gray <toby.gray@realvnc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/class/cdc-acm.c | 2 ++
1 file changed, 2 insertions(+)
Index: linux-2.6.35.y/drivers/usb/class/cdc-acm.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/class/cdc-acm.c
+++ linux-2.6.35.y/drivers/usb/class/cdc-acm.c
@@ -1619,6 +1619,8 @@ static const struct usb_device_id acm_id
{ NOKIA_PCSUITE_ACM_INFO(0x04ce), }, /* Nokia E90 */
{ NOKIA_PCSUITE_ACM_INFO(0x01d4), }, /* Nokia E55 */
{ NOKIA_PCSUITE_ACM_INFO(0x0302), }, /* Nokia N8 */
+ { NOKIA_PCSUITE_ACM_INFO(0x0335), }, /* Nokia E7 */
+ { NOKIA_PCSUITE_ACM_INFO(0x03cd), }, /* Nokia C7 */
{ SAMSUNG_PCSUITE_ACM_INFO(0x6651), }, /* Samsung GTi8510 (INNOV8) */
/* NOTE: non-Nokia COMM/ACM/0xff is likely MSFT RNDIS... NOT a modem! */
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [49/99] USB: core: Tolerate protocol stall during hub and port
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (47 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [48/99] USB: cdc-acm: Adding second ACM channel support for Nokia E7 Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [50/99] USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver Andi Kleen
` (49 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: lpechacek, stern, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Libor Pechacek <lpechacek@suse.cz>
commit 3824c1ddaf744be44b170a335332b9d6afe79254 upstream.
Protocol stall should not be fatal while reading port or hub status as it is
transient state. Currently hub EP0 STALL during port status read results in
failed device enumeration. This has been observed with ST-Ericsson (formerly
Philips) USB 2.0 Hub (04cc:1521) after connecting keyboard.
Signed-off-by: Libor Pechacek <lpechacek@suse.cz>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/core/hub.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/drivers/usb/core/hub.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/core/hub.c
+++ linux-2.6.35.y/drivers/usb/core/hub.c
@@ -327,7 +327,8 @@ static int get_hub_status(struct usb_dev
{
int i, status = -ETIMEDOUT;
- for (i = 0; i < USB_STS_RETRIES && status == -ETIMEDOUT; i++) {
+ for (i = 0; i < USB_STS_RETRIES &&
+ (status == -ETIMEDOUT || status == -EPIPE); i++) {
status = usb_control_msg(hdev, usb_rcvctrlpipe(hdev, 0),
USB_REQ_GET_STATUS, USB_DIR_IN | USB_RT_HUB, 0, 0,
data, sizeof(*data), USB_STS_TIMEOUT);
@@ -343,7 +344,8 @@ static int get_port_status(struct usb_de
{
int i, status = -ETIMEDOUT;
- for (i = 0; i < USB_STS_RETRIES && status == -ETIMEDOUT; i++) {
+ for (i = 0; i < USB_STS_RETRIES &&
+ (status == -ETIMEDOUT || status == -EPIPE); i++) {
status = usb_control_msg(hdev, usb_rcvctrlpipe(hdev, 0),
USB_REQ_GET_STATUS, USB_DIR_IN | USB_RT_PORT, 0, port1,
data, sizeof(*data), USB_STS_TIMEOUT);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [50/99] USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (48 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [49/99] USB: core: Tolerate protocol stall during hub and port Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [51/99] USB: xhci - fix interval calculation for FS isoc endpoints Andi Kleen
` (48 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: sledz, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Steffen Sledz <sledz@dresearch-fe.de>
commit a26d31cef06f43a76327c21235e75450869df2b8 upstream.
E.g. newer CAN 2.0 A/B <=> USB 2.0 converters report idProduct=f3c2.
Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 1 +
2 files changed, 2 insertions(+)
Index: linux-2.6.35.y/drivers/usb/serial/ftdi_sio.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/ftdi_sio.c
+++ linux-2.6.35.y/drivers/usb/serial/ftdi_sio.c
@@ -646,6 +646,7 @@ static struct usb_device_id id_table_com
{ USB_DEVICE(FTDI_VID, EVER_ECO_PRO_CDS) },
{ USB_DEVICE(FTDI_VID, FTDI_4N_GALAXY_DE_1_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_4N_GALAXY_DE_2_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_4N_GALAXY_DE_3_PID) },
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_0_PID) },
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_1_PID) },
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_2_PID) },
Index: linux-2.6.35.y/drivers/usb/serial/ftdi_sio_ids.h
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/serial/ftdi_sio_ids.h
+++ linux-2.6.35.y/drivers/usb/serial/ftdi_sio_ids.h
@@ -351,6 +351,7 @@
*/
#define FTDI_4N_GALAXY_DE_1_PID 0xF3C0
#define FTDI_4N_GALAXY_DE_2_PID 0xF3C1
+#define FTDI_4N_GALAXY_DE_3_PID 0xF3C2
/*
* Linx Technologies product ids
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [51/99] USB: xhci - fix interval calculation for FS isoc endpoints
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (49 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [50/99] USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [52/99] ALSA: hda: Fix quirk for Dell Inspiron 910 Andi Kleen
` (47 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: dtor, sarah.a.sharp, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Torokhov <dtor@vmware.com>
commit cd3c18ba2fac14b34d03cae111f215009735ea06 upstream.
Full-speed isoc endpoints specify interval in exponent based form in
frames, not microframes, so we need to adjust accordingly.
NEC xHCI host controllers will return an error code of 0x11 if a full
speed isochronous endpoint is added with the Interval field set to
something less than 3 (2^3 = 8 microframes, or one frame). It is
impossible for a full speed device to have an interval smaller than one
frame.
This was always an issue in the xHCI driver, but commit
dfa49c4ad120a784ef1ff0717168aa79f55a483a "USB: xhci - fix math in
xhci_get_endpoint_interval()" removed the clamping of the minimum value
in the Interval field, which revealed this bug.
This needs to be backported to stable kernels back to 2.6.31.
Reported-by: Matt Evans <matt@ozlabs.org>
Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/host/xhci-mem.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/drivers/usb/host/xhci-mem.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/xhci-mem.c
+++ linux-2.6.35.y/drivers/usb/host/xhci-mem.c
@@ -974,9 +974,19 @@ static unsigned int xhci_parse_exponent_
interval = clamp_val(ep->desc.bInterval, 1, 16) - 1;
if (interval != ep->desc.bInterval - 1)
dev_warn(&udev->dev,
- "ep %#x - rounding interval to %d microframes\n",
+ "ep %#x - rounding interval to %d %sframes\n",
ep->desc.bEndpointAddress,
- 1 << interval);
+ 1 << interval,
+ udev->speed == USB_SPEED_FULL ? "" : "micro");
+
+ if (udev->speed == USB_SPEED_FULL) {
+ /*
+ * Full speed isoc endpoints specify interval in frames,
+ * not microframes. We are using microframes everywhere,
+ * so adjust accordingly.
+ */
+ interval += 3; /* 1 frame = 2^3 uframes */
+ }
return interval;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [52/99] ALSA: hda: Fix quirk for Dell Inspiron 910
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (50 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [51/99] USB: xhci - fix interval calculation for FS isoc endpoints Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [53/99] oprofile, dcookies: Fix possible circular locking dependency Andi Kleen
` (46 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: crimsun, tiwai, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Daniel T Chen <crimsun@ubuntu.com>
commit 0a1896b27b030529ec770aefd790544a1bdb7d5a upstream.
BugLink: https://launchpad.net/bugs/792712
The original reporter states that sound from the internal speakers is
inaudible until using the model=auto quirk. This symptom is due to an
existing quirk mask for 0x102802b* that uses the model=dell quirk. To
limit the possible regressions, leave the existing quirk mask but add
a higher priority specific mask for the reporter's PCI SSID.
Reported-and-tested-by: rodni hipp
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-2.6.35.y/sound/pci/hda/patch_realtek.c
===================================================================
--- linux-2.6.35.y.orig/sound/pci/hda/patch_realtek.c
+++ linux-2.6.35.y/sound/pci/hda/patch_realtek.c
@@ -13296,6 +13296,7 @@ static struct snd_pci_quirk alc268_cfg_t
SND_PCI_QUIRK(0x1025, 0x015b, "Acer Aspire One",
ALC268_ACER_ASPIRE_ONE),
SND_PCI_QUIRK(0x1028, 0x0253, "Dell OEM", ALC268_DELL),
+ SND_PCI_QUIRK(0x1028, 0x02b0, "Dell Inspiron 910", ALC268_AUTO),
SND_PCI_QUIRK_MASK(0x1028, 0xfff0, 0x02b0,
"Dell Inspiron Mini9/Vostro A90", ALC268_DELL),
/* almost compatible with toshiba but with optional digital outs;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [53/99] oprofile, dcookies: Fix possible circular locking dependency
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (51 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [52/99] ALSA: hda: Fix quirk for Dell Inspiron 910 Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [54/99] CPUFREQ: Remove cpufreq_stats sysfs entries on module unload Andi Kleen
` (45 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: robert.richter, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Robert Richter <robert.richter@amd.com>
commit fe47ae7f53e179d2ef6771024feb000cbb86640f upstream.
The lockdep warning below detects a possible A->B/B->A locking
dependency of mm->mmap_sem and dcookie_mutex. The order in
sync_buffer() is mm->mmap_sem/dcookie_mutex, while in
sys_lookup_dcookie() it is vice versa.
Fixing it in sys_lookup_dcookie() by unlocking dcookie_mutex before
copy_to_user().
oprofiled/4432 is trying to acquire lock:
(&mm->mmap_sem){++++++}, at: [<ffffffff810b444b>] might_fault+0x53/0xa3
but task is already holding lock:
(dcookie_mutex){+.+.+.}, at: [<ffffffff81124d28>] sys_lookup_dcookie+0x45/0x149
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (dcookie_mutex){+.+.+.}:
[<ffffffff8106557f>] lock_acquire+0xf8/0x11e
[<ffffffff814634f0>] mutex_lock_nested+0x63/0x309
[<ffffffff81124e5c>] get_dcookie+0x30/0x144
[<ffffffffa0000fba>] sync_buffer+0x196/0x3ec [oprofile]
[<ffffffffa0001226>] task_exit_notify+0x16/0x1a [oprofile]
[<ffffffff81467b96>] notifier_call_chain+0x37/0x63
[<ffffffff8105803d>] __blocking_notifier_call_chain+0x50/0x67
[<ffffffff81058068>] blocking_notifier_call_chain+0x14/0x16
[<ffffffff8105a718>] profile_task_exit+0x1a/0x1c
[<ffffffff81039e8f>] do_exit+0x2a/0x6fc
[<ffffffff8103a5e4>] do_group_exit+0x83/0xae
[<ffffffff8103a626>] sys_exit_group+0x17/0x1b
[<ffffffff8146ad4b>] system_call_fastpath+0x16/0x1b
-> #0 (&mm->mmap_sem){++++++}:
[<ffffffff81064dfb>] __lock_acquire+0x1085/0x1711
[<ffffffff8106557f>] lock_acquire+0xf8/0x11e
[<ffffffff810b4478>] might_fault+0x80/0xa3
[<ffffffff81124de7>] sys_lookup_dcookie+0x104/0x149
[<ffffffff8146ad4b>] system_call_fastpath+0x16/0x1b
other info that might help us debug this:
1 lock held by oprofiled/4432:
#0: (dcookie_mutex){+.+.+.}, at: [<ffffffff81124d28>] sys_lookup_dcookie+0x45/0x149
stack backtrace:
Pid: 4432, comm: oprofiled Not tainted 2.6.39-00008-ge5a450d #9
Call Trace:
[<ffffffff81063193>] print_circular_bug+0xae/0xbc
[<ffffffff81064dfb>] __lock_acquire+0x1085/0x1711
[<ffffffff8102ef13>] ? get_parent_ip+0x11/0x42
[<ffffffff810b444b>] ? might_fault+0x53/0xa3
[<ffffffff8106557f>] lock_acquire+0xf8/0x11e
[<ffffffff810b444b>] ? might_fault+0x53/0xa3
[<ffffffff810d7d54>] ? path_put+0x22/0x27
[<ffffffff810b4478>] might_fault+0x80/0xa3
[<ffffffff810b444b>] ? might_fault+0x53/0xa3
[<ffffffff81124de7>] sys_lookup_dcookie+0x104/0x149
[<ffffffff8146ad4b>] system_call_fastpath+0x16/0x1b
References: https://bugzilla.kernel.org/show_bug.cgi?id=13809
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/dcookies.c | 3 +++
1 file changed, 3 insertions(+)
Index: linux-2.6.35.y/fs/dcookies.c
===================================================================
--- linux-2.6.35.y.orig/fs/dcookies.c
+++ linux-2.6.35.y/fs/dcookies.c
@@ -178,6 +178,8 @@ SYSCALL_DEFINE(lookup_dcookie)(u64 cooki
/* FIXME: (deleted) ? */
path = d_path(&dcs->path, kbuf, PAGE_SIZE);
+ mutex_unlock(&dcookie_mutex);
+
if (IS_ERR(path)) {
err = PTR_ERR(path);
goto out_free;
@@ -194,6 +196,7 @@ SYSCALL_DEFINE(lookup_dcookie)(u64 cooki
out_free:
kfree(kbuf);
+ return err;
out:
mutex_unlock(&dcookie_mutex);
return err;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [54/99] CPUFREQ: Remove cpufreq_stats sysfs entries on module unload.
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (52 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [53/99] oprofile, dcookies: Fix possible circular locking dependency Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [55/99] md: check ->hot_remove_disk when removing disk Andi Kleen
` (44 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: davej, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jones <davej@redhat.com>
commit 13f067537f34456443f61c950cd6dc37d1d5f3ee upstream.
cpufreq_stats leaves behind its sysfs entries, which causes a panic
when something stumbled across them.
(Discovered by unloading cpufreq_stats while powertop was loaded).
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/cpufreq/cpufreq_stats.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-2.6.35.y/drivers/cpufreq/cpufreq_stats.c
===================================================================
--- linux-2.6.35.y.orig/drivers/cpufreq/cpufreq_stats.c
+++ linux-2.6.35.y/drivers/cpufreq/cpufreq_stats.c
@@ -388,6 +388,7 @@ static void __exit cpufreq_stats_exit(vo
unregister_hotcpu_notifier(&cpufreq_stat_cpu_notifier);
for_each_online_cpu(cpu) {
cpufreq_stats_free_table(cpu);
+ cpufreq_stats_free_sysfs(cpu);
}
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [55/99] md: check ->hot_remove_disk when removing disk
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (53 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [54/99] CPUFREQ: Remove cpufreq_stats sysfs entries on module unload Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [56/99] md/raid5: fix raid5_set_bi_hw_segments Andi Kleen
` (43 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: namhyung, neilb, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@gmail.com>
commit 01393f3d5836b7d62e925e6f4658a7eb22b83a11 upstream.
Check pers->hot_remove_disk instead of pers->hot_add_disk in slot_store()
during disk removal. The linear personality only has ->hot_add_disk and
no ->hot_remove_disk, so that removing disk in the array resulted to
following kernel bug:
$ sudo mdadm --create /dev/md0 --level=linear --raid-devices=4 /dev/loop[0-3]
$ echo none | sudo tee /sys/block/md0/md/dev-loop2/slot
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [< (null)>] (null)
PGD c9f5d067 PUD 8575a067 PMD 0
Oops: 0010 [#1] SMP
CPU 2
Modules linked in: linear loop bridge stp llc kvm_intel kvm asus_atk0110 sr_mod cdrom sg
Pid: 10450, comm: tee Not tainted 3.0.0-rc1-leonard+ #173 System manufacturer System Product Name/P5G41TD-M PRO
RIP: 0010:[<0000000000000000>] [< (null)>] (null)
RSP: 0018:ffff880085757df0 EFLAGS: 00010282
RAX: ffffffffa00168e0 RBX: ffff8800d1431800 RCX: 000000000000006e
RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff88008543c000
RBP: ffff880085757e48 R08: 0000000000000002 R09: 000000000000000a
R10: 0000000000000000 R11: ffff88008543c2e0 R12: 00000000ffffffff
R13: ffff8800b4641000 R14: 0000000000000005 R15: 0000000000000000
FS: 00007fe8c9e05700(0000) GS:ffff88011fa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 00000000b4502000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process tee (pid: 10450, threadinfo ffff880085756000, task ffff8800c9f08000)
Stack:
ffffffff8138496a ffff8800b4641000 ffff88008543c268 0000000000000000
ffff8800b4641000 ffff88008543c000 ffff8800d1431868 ffffffff81a78a90
ffff8800b4641000 ffff88008543c000 ffff8800d1431800 ffff880085757e98
Call Trace:
[<ffffffff8138496a>] ? slot_store+0xaa/0x265
[<ffffffff81384bae>] rdev_attr_store+0x89/0xa8
[<ffffffff8115a96a>] sysfs_write_file+0x108/0x144
[<ffffffff81106b87>] vfs_write+0xb1/0x10d
[<ffffffff8106e6c0>] ? trace_hardirqs_on_caller+0x111/0x135
[<ffffffff81106cac>] sys_write+0x4d/0x77
[<ffffffff814fe702>] system_call_fastpath+0x16/0x1b
Code: Bad RIP value.
RIP [< (null)>] (null)
RSP <ffff880085757df0>
CR2: 0000000000000000
---[ end trace ba5fc64319a826fb ]---
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/md/md.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/md/md.c
===================================================================
--- linux-2.6.35.y.orig/drivers/md/md.c
+++ linux-2.6.35.y/drivers/md/md.c
@@ -2399,7 +2399,7 @@ slot_store(mdk_rdev_t *rdev, const char
if (rdev->raid_disk == -1)
return -EEXIST;
/* personality does all needed checks */
- if (rdev->mddev->pers->hot_add_disk == NULL)
+ if (rdev->mddev->pers->hot_remove_disk == NULL)
return -EINVAL;
err = rdev->mddev->pers->
hot_remove_disk(rdev->mddev, rdev->raid_disk);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [56/99] md/raid5: fix raid5_set_bi_hw_segments
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (54 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [55/99] md: check ->hot_remove_disk when removing disk Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [57/99] exec: delay address limit change until point of no return Andi Kleen
` (42 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: namhyung, neilb, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@gmail.com>
commit 9b2dc8b665932a8e681a7ab3237f60475e75e161 upstream.
The @bio->bi_phys_segments consists of active stripes count in the
lower 16 bits and processed stripes count in the upper 16 bits. So
logical-OR operator should be bitwise one.
This bug has been present since 2.6.27 and the fix is suitable for any
-stable kernel since then. Fortunately the bad code is only used on
error paths and is relatively unlikely to be hit.
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/md/raid5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/md/raid5.c
===================================================================
--- linux-2.6.35.y.orig/drivers/md/raid5.c
+++ linux-2.6.35.y/drivers/md/raid5.c
@@ -129,7 +129,7 @@ static inline int raid5_dec_bi_hw_segmen
static inline void raid5_set_bi_hw_segments(struct bio *bio, unsigned int cnt)
{
- bio->bi_phys_segments = raid5_bi_phys_segments(bio) || (cnt << 16);
+ bio->bi_phys_segments = raid5_bi_phys_segments(bio) | (cnt << 16);
}
/* Find first data disk in a raid6 stripe */
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [57/99] exec: delay address limit change until point of no return
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (55 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [56/99] md/raid5: fix raid5_set_bi_hw_segments Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [58/99] netfilter: IPv6: initialize TOS field in REJECT target module Andi Kleen
` (41 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: minipli, viro, torvalds, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Krause <minipli@googlemail.com>
commit dac853ae89043f1b7752875300faf614de43c74b upstream.
Unconditionally changing the address limit to USER_DS and not restoring
it to its old value in the error path is wrong because it prevents us
using kernel memory on repeated calls to this function. This, in fact,
breaks the fallback of hard coded paths to the init program from being
ever successful if the first candidate fails to load.
With this patch applied switching to USER_DS is delayed until the point
of no return is reached which makes it possible to have a multi-arch
rootfs with one arch specific init binary for each of the (hard coded)
probed paths.
Since the address limit is already set to USER_DS when start_thread()
will be invoked, this redundancy can be safely removed.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
arch/x86/kernel/process_32.c | 1 -
arch/x86/kernel/process_64.c | 1 -
fs/exec.c | 5 +----
3 files changed, 1 insertion(+), 6 deletions(-)
Index: linux-2.6.35.y/arch/x86/kernel/process_32.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/kernel/process_32.c
+++ linux-2.6.35.y/arch/x86/kernel/process_32.c
@@ -245,7 +245,6 @@ start_thread(struct pt_regs *regs, unsig
{
set_user_gs(regs, 0);
regs->fs = 0;
- set_fs(USER_DS);
regs->ds = __USER_DS;
regs->es = __USER_DS;
regs->ss = __USER_DS;
Index: linux-2.6.35.y/arch/x86/kernel/process_64.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/kernel/process_64.c
+++ linux-2.6.35.y/arch/x86/kernel/process_64.c
@@ -337,7 +337,6 @@ start_thread_common(struct pt_regs *regs
regs->cs = _cs;
regs->ss = _ss;
regs->flags = X86_EFLAGS_IF;
- set_fs(USER_DS);
/*
* Free the old FP and other extended state
*/
Index: linux-2.6.35.y/fs/exec.c
===================================================================
--- linux-2.6.35.y.orig/fs/exec.c
+++ linux-2.6.35.y/fs/exec.c
@@ -1024,6 +1024,7 @@ int flush_old_exec(struct linux_binprm *
bprm->mm = NULL; /* We're using it now */
+ set_fs(USER_DS);
current->flags &= ~PF_RANDOMIZE;
flush_thread();
current->personality &= ~bprm->per_clear;
@@ -1288,10 +1289,6 @@ int search_binary_handler(struct linux_b
if (retval)
return retval;
- /* kernel module loader fixup */
- /* so we don't try to load run modprobe in kernel space. */
- set_fs(USER_DS);
-
retval = audit_bprm(bprm);
if (retval)
return retval;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [58/99] netfilter: IPv6: initialize TOS field in REJECT target module
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (56 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [57/99] exec: delay address limit change until point of no return Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:48 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
` (40 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: fernando, pablo, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
commit 4319cc0cf5bb894b7368008cdf6dd20eb8868018 upstream.
The IPv6 header is not zeroed out in alloc_skb so we must initialize
it properly unless we want to see IPv6 packets with random TOS fields
floating around. The current implementation resets the flow label
but this could be changed if deemed necessary.
We stumbled upon this issue when trying to apply a mangle rule to
the RST packet generated by the REJECT target module.
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/ipv6/netfilter/ip6t_REJECT.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/net/ipv6/netfilter/ip6t_REJECT.c
===================================================================
--- linux-2.6.35.y.orig/net/ipv6/netfilter/ip6t_REJECT.c
+++ linux-2.6.35.y/net/ipv6/netfilter/ip6t_REJECT.c
@@ -45,6 +45,8 @@ static void send_reset(struct net *net,
int tcphoff, needs_ack;
const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
struct ipv6hdr *ip6h;
+#define DEFAULT_TOS_VALUE 0x0U
+ const __u8 tclass = DEFAULT_TOS_VALUE;
struct dst_entry *dst = NULL;
u8 proto;
struct flowi fl;
@@ -123,7 +125,7 @@ static void send_reset(struct net *net,
skb_put(nskb, sizeof(struct ipv6hdr));
skb_reset_network_header(nskb);
ip6h = ipv6_hdr(nskb);
- ip6h->version = 6;
+ *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20));
ip6h->hop_limit = dst_metric(dst, RTAX_HOPLIMIT);
ip6h->nexthdr = IPPROTO_TCP;
ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (57 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [58/99] netfilter: IPv6: initialize TOS field in REJECT target module Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-28 1:51 ` Fernando Luis Vazquez Cao
2011-07-27 21:48 ` [PATCH] [60/99] xen: events: do not unmask event channels on resume Andi Kleen
` (39 subsequent siblings)
98 siblings, 1 reply; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: fernando, pablo, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
commit 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 upstream.
The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/netfilter/xt_DSCP.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/net/netfilter/xt_DSCP.c
===================================================================
--- linux-2.6.35.y.orig/net/netfilter/xt_DSCP.c
+++ linux-2.6.35.y/net/netfilter/xt_DSCP.c
@@ -99,7 +99,7 @@ tos_tg6(struct sk_buff *skb, const struc
u_int8_t orig, nv;
orig = ipv6_get_dsfield(iph);
- nv = (orig & info->tos_mask) ^ info->tos_value;
+ nv = (orig & ~info->tos_mask) ^ info->tos_value;
if (orig != nv) {
if (!skb_make_writable(skb, sizeof(struct iphdr)))
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [60/99] xen: events: do not unmask event channels on resume
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (58 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
@ 2011-07-27 21:48 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [61/99] genirq: Add IRQF_FORCE_RESUME Andi Kleen
` (38 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:48 UTC (permalink / raw)
To: ian.campbell, jeremy.fitzhardinge, stefan.bader, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Ian Campbell <ian.campbell@citrix.com>
commit 6903591f314b8947d0e362bda7715e90eb9df75e upstream.
The IRQ core code will take care of disabling and reenabling
interrupts over suspend resume automatically, therefore we do not need
to do this in the Xen event channel code.
The only exception is those event channels marked IRQF_NO_SUSPEND
which the IRQ core ignores. We must unmask these ourselves, taking
care to obey the current IRQ_DISABLED status. Failure check for
IRQ_DISABLED leads to enabling polled only event channels, such as
that associated with the pv spinlocks, which must never be enabled:
[ 21.970432] ------------[ cut here ]------------
[ 21.970432] kernel BUG at arch/x86/xen/spinlock.c:343!
[ 21.970432] invalid opcode: 0000 [#1] SMP
[ 21.970432] last sysfs file: /sys/devices/virtual/net/lo/operstate
[ 21.970432] Modules linked in:
[ 21.970432]
[ 21.970432] Pid: 0, comm: swapper Not tainted (2.6.32.24-x86_32p-xen-01034-g787c727 #34)
[ 21.970432] EIP: 0061:[<c102e209>] EFLAGS: 00010046 CPU: 3
[ 21.970432] EIP is at dummy_handler+0x3/0x7
[ 21.970432] EAX: 0000021c EBX: dfc16880 ECX: 0000001a EDX: 00000000
[ 21.970432] ESI: dfc02c00 EDI: 00000001 EBP: dfc47e10 ESP: dfc47e10
[ 21.970432] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0069
[ 21.970432] Process swapper (pid: 0, ti=dfc46000 task=dfc39440 task.ti=dfc46000)
[ 21.970432] Stack:
[ 21.970432] dfc47e30 c10a39f0 0000021c 00000000 00000000 dfc16880 0000021c 00000001
[ 21.970432] <0> dfc47e40 c10a4f08 0000021c 00000000 dfc47e78 c12240a7 c1839284 c1839284
[ 21.970432] <0> 00000200 00000000 00000000 f5720000 c1f3d028 c1f3d02c 00000180 dfc47e90
[ 21.970432] Call Trace:
[ 21.970432] [<c10a39f0>] ? handle_IRQ_event+0x5f/0x122
[ 21.970432] [<c10a4f08>] ? handle_percpu_irq+0x2f/0x55
[ 21.970432] [<c12240a7>] ? __xen_evtchn_do_upcall+0xdb/0x15f
[ 21.970432] [<c122481e>] ? xen_evtchn_do_upcall+0x20/0x30
[ 21.970432] [<c1030d47>] ? xen_do_upcall+0x7/0xc
[ 21.970432] [<c102007b>] ? apic_reg_read+0xd3/0x22d
[ 21.970432] [<c1002227>] ? hypercall_page+0x227/0x1005
[ 21.970432] [<c102d30b>] ? xen_force_evtchn_callback+0xf/0x14
[ 21.970432] [<c102da7c>] ? check_events+0x8/0xc
[ 21.970432] [<c102da3b>] ? xen_irq_enable_direct_end+0x0/0x1
[ 21.970432] [<c105e485>] ? finish_task_switch+0x62/0xba
[ 21.970432] [<c14e3f84>] ? schedule+0x808/0x89d
[ 21.970432] [<c1084dc5>] ? hrtimer_start_expires+0x1a/0x22
[ 21.970432] [<c1085154>] ? tick_nohz_restart_sched_tick+0x15a/0x162
[ 21.970432] [<c102f43a>] ? cpu_idle+0x6d/0x6f
[ 21.970432] [<c14db29e>] ? cpu_bringup_and_idle+0xd/0xf
[ 21.970432] Code: 5d 0f 95 c0 0f b6 c0 c3 55 66 83 78 02 00 89 e5 5d 0f 95 \
c0 0f b6 c0 c3 55 b2 01 86 10 31 c0 84 d2 89 e5 0f 94 c0 5d c3 55 89 e5 <0f> 0b \
eb fe 55 80 3d 4c ce 84 c1 00 89 e5 57 56 89 c6 53 74 15
[ 21.970432] EIP: [<c102e209>] dummy_handler+0x3/0x7 SS:ESP 0069:dfc47e10
[ 21.970432] ---[ end trace c0b71f7e12cf3011 ]---
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/xen/events.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
Index: linux-2.6.35.y/drivers/xen/events.c
===================================================================
--- linux-2.6.35.y.orig/drivers/xen/events.c
+++ linux-2.6.35.y/drivers/xen/events.c
@@ -819,9 +819,6 @@ static void restore_cpu_virqs(unsigned i
evtchn_to_irq[evtchn] = irq;
irq_info[irq] = mk_virq_info(evtchn, virq);
bind_evtchn_to_cpu(evtchn, cpu);
-
- /* Ready for use. */
- unmask_evtchn(evtchn);
}
}
@@ -847,10 +844,6 @@ static void restore_cpu_ipis(unsigned in
evtchn_to_irq[evtchn] = irq;
irq_info[irq] = mk_ipi_info(evtchn, ipi);
bind_evtchn_to_cpu(evtchn, cpu);
-
- /* Ready for use. */
- unmask_evtchn(evtchn);
-
}
}
@@ -903,6 +896,7 @@ void xen_poll_irq(int irq)
void xen_irq_resume(void)
{
unsigned int cpu, irq, evtchn;
+ struct irq_desc *desc;
init_evtchn_cpu_bindings();
@@ -921,6 +915,23 @@ void xen_irq_resume(void)
restore_cpu_virqs(cpu);
restore_cpu_ipis(cpu);
}
+
+ /*
+ * Unmask any IRQF_NO_SUSPEND IRQs which are enabled. These
+ * are not handled by the IRQ core.
+ */
+ for_each_irq_desc(irq, desc) {
+ if (!desc->action || !(desc->action->flags & IRQF_NO_SUSPEND))
+ continue;
+ if (desc->status & IRQ_DISABLED)
+ continue;
+
+ evtchn = evtchn_from_irq(irq);
+ if (evtchn == -1)
+ continue;
+
+ unmask_evtchn(evtchn);
+ }
}
static struct irq_chip xen_dynamic_chip __read_mostly = {
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [61/99] genirq: Add IRQF_FORCE_RESUME
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (59 preceding siblings ...)
2011-07-27 21:48 ` [PATCH] [60/99] xen: events: do not unmask event channels on resume Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [62/99] xen: Use IRQF_FORCE_RESUME Andi Kleen
` (37 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: tglx, stefan.bader, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit dc5f219e88294b93009eef946251251ffffb6d60 upstream.
Xen needs to reenable interrupts which are marked IRQF_NO_SUSPEND in the
resume path. Add a flag to force the reenabling in the resume code.
Tested-and-acked-by: Ian Campbell <Ian.Campbell@eu.citrix.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
include/linux/interrupt.h | 3 ++-
kernel/irq/manage.c | 11 ++++++++++-
kernel/irq/pm.c | 3 ---
3 files changed, 12 insertions(+), 5 deletions(-)
Index: linux-2.6.35.y/include/linux/interrupt.h
===================================================================
--- linux-2.6.35.y.orig/include/linux/interrupt.h
+++ linux-2.6.35.y/include/linux/interrupt.h
@@ -54,7 +54,7 @@
* Used by threaded interrupts which need to keep the
* irq line disabled until the threaded handler has been run.
* IRQF_NO_SUSPEND - Do not disable this IRQ during suspend
- *
+ * IRQF_FORCE_RESUME - Force enable it on resume even if IRQF_NO_SUSPEND is set
*/
#define IRQF_DISABLED 0x00000020
#define IRQF_SAMPLE_RANDOM 0x00000040
@@ -66,6 +66,7 @@
#define IRQF_IRQPOLL 0x00001000
#define IRQF_ONESHOT 0x00002000
#define IRQF_NO_SUSPEND 0x00004000
+#define IRQF_FORCE_RESUME 0x00008000
#define IRQF_TIMER (__IRQF_TIMER | IRQF_NO_SUSPEND)
Index: linux-2.6.35.y/kernel/irq/manage.c
===================================================================
--- linux-2.6.35.y.orig/kernel/irq/manage.c
+++ linux-2.6.35.y/kernel/irq/manage.c
@@ -281,8 +281,17 @@ EXPORT_SYMBOL(disable_irq);
void __enable_irq(struct irq_desc *desc, unsigned int irq, bool resume)
{
- if (resume)
+ if (resume) {
+ if (!(desc->status & IRQ_SUSPENDED)) {
+ if (!desc->action)
+ return;
+ if (!(desc->action->flags & IRQF_FORCE_RESUME))
+ return;
+ /* Pretend that it got disabled ! */
+ desc->depth++;
+ }
desc->status &= ~IRQ_SUSPENDED;
+ }
switch (desc->depth) {
case 0:
Index: linux-2.6.35.y/kernel/irq/pm.c
===================================================================
--- linux-2.6.35.y.orig/kernel/irq/pm.c
+++ linux-2.6.35.y/kernel/irq/pm.c
@@ -53,9 +53,6 @@ void resume_device_irqs(void)
for_each_irq_desc(irq, desc) {
unsigned long flags;
- if (!(desc->status & IRQ_SUSPENDED))
- continue;
-
raw_spin_lock_irqsave(&desc->lock, flags);
__enable_irq(desc, irq, true);
raw_spin_unlock_irqrestore(&desc->lock, flags);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [62/99] xen: Use IRQF_FORCE_RESUME
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (60 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [61/99] genirq: Add IRQF_FORCE_RESUME Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [63/99] time: Compensate for rounding on odd-frequency clocksources Andi Kleen
` (36 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: tglx, konrad.wilk, stefan.bader, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit 676dc3cf5bc36a9e129a3ad8fe3bd7b2ebf20f5d upstream.
Mark the IRQF_NO_SUSPEND interrupts IRQF_FORCE_RESUME and remove the extra
walk through the interrupt descriptors.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/xen/events.c | 20 +-------------------
1 file changed, 1 insertion(+), 19 deletions(-)
Index: linux-2.6.35.y/drivers/xen/events.c
===================================================================
--- linux-2.6.35.y.orig/drivers/xen/events.c
+++ linux-2.6.35.y/drivers/xen/events.c
@@ -537,7 +537,7 @@ int bind_ipi_to_irqhandler(enum ipi_vect
if (irq < 0)
return irq;
- irqflags |= IRQF_NO_SUSPEND;
+ irqflags |= IRQF_NO_SUSPEND | IRQF_FORCE_RESUME;
retval = request_irq(irq, handler, irqflags, devname, dev_id);
if (retval != 0) {
unbind_from_irq(irq);
@@ -896,7 +896,6 @@ void xen_poll_irq(int irq)
void xen_irq_resume(void)
{
unsigned int cpu, irq, evtchn;
- struct irq_desc *desc;
init_evtchn_cpu_bindings();
@@ -915,23 +914,6 @@ void xen_irq_resume(void)
restore_cpu_virqs(cpu);
restore_cpu_ipis(cpu);
}
-
- /*
- * Unmask any IRQF_NO_SUSPEND IRQs which are enabled. These
- * are not handled by the IRQ core.
- */
- for_each_irq_desc(irq, desc) {
- if (!desc->action || !(desc->action->flags & IRQF_NO_SUSPEND))
- continue;
- if (desc->status & IRQ_DISABLED)
- continue;
-
- evtchn = evtchn_from_irq(irq);
- if (evtchn == -1)
- continue;
-
- unmask_evtchn(evtchn);
- }
}
static struct irq_chip xen_dynamic_chip __read_mostly = {
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [63/99] time: Compensate for rounding on odd-frequency clocksources
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (61 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [62/99] xen: Use IRQF_FORCE_RESUME Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode." Andi Kleen
` (35 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: kkp2010, johnstul, jkacur, williams, schwidefsky, akpm, tglx,
willtisdale, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Kasper Pedersen <kkp2010@kasperkp.dk>
commit a386b5af8edda1c742ce9f77891e112eefffc005 upstream.
When the clocksource is not a multiple of HZ, the clock will be off. For
acpi_pm, HZ=1000 the error is 127.111 ppm:
The rounding of cycle_interval ends up generating a false error term in
ntp_error accumulation since xtime_interval is not exactly 1/HZ. So, we
subtract out the error caused by the rounding.
This has been visible since 2.6.32-rc2
commit a092ff0f90cae22b2ac8028ecd2c6f6c1a9e4601
time: Implement logarithmic time accumulation
That commit raised NTP_INTERVAL_FREQ and exposed the rounding error.
testing tool: http://n1.taur.dk/permanent/testpmt.c
Also tested with ntpd and a frequency counter.
Signed-off-by: Kasper Pedersen <kkp2010@kasperkp.dk>
Acked-by: john stultz <johnstul@us.ibm.com>
Cc: John Kacur <jkacur@redhat.com>
Cc: Clark Williams <williams@redhat.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Will Tisdale <willtisdale@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
kernel/time/timekeeping.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/kernel/time/timekeeping.c
===================================================================
--- linux-2.6.35.y.orig/kernel/time/timekeeping.c
+++ linux-2.6.35.y/kernel/time/timekeeping.c
@@ -32,6 +32,8 @@ struct timekeeper {
cycle_t cycle_interval;
/* Number of clock shifted nano seconds in one NTP interval. */
u64 xtime_interval;
+ /* shifted nano seconds left over when rounding cycle_interval */
+ s64 xtime_remainder;
/* Raw nano seconds accumulated per NTP interval. */
u32 raw_interval;
@@ -62,7 +64,7 @@ struct timekeeper timekeeper;
static void timekeeper_setup_internals(struct clocksource *clock)
{
cycle_t interval;
- u64 tmp;
+ u64 tmp, ntpinterval;
timekeeper.clock = clock;
clock->cycle_last = clock->read(clock);
@@ -70,6 +72,7 @@ static void timekeeper_setup_internals(s
/* Do the ns -> cycle conversion first, using original mult */
tmp = NTP_INTERVAL_LENGTH;
tmp <<= clock->shift;
+ ntpinterval = tmp;
tmp += clock->mult/2;
do_div(tmp, clock->mult);
if (tmp == 0)
@@ -80,6 +83,7 @@ static void timekeeper_setup_internals(s
/* Go back from cycles -> shifted ns */
timekeeper.xtime_interval = (u64) interval * clock->mult;
+ timekeeper.xtime_remainder = ntpinterval - timekeeper.xtime_interval;
timekeeper.raw_interval =
((u64) interval * clock->mult) >> clock->shift;
@@ -765,7 +769,8 @@ static cycle_t logarithmic_accumulation(
/* Accumulate error between NTP and clock interval */
timekeeper.ntp_error += tick_length << shift;
- timekeeper.ntp_error -= timekeeper.xtime_interval <<
+ timekeeper.ntp_error -=
+ (timekeeper.xtime_interval + timekeeper.xtime_remainder) <<
(timekeeper.ntp_error_shift + shift);
return offset;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode."
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (62 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [63/99] time: Compensate for rounding on odd-frequency clocksources Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-28 8:24 ` Stanislaw Gruszka
2011-07-27 21:49 ` [PATCH] [65/99] ksm: fix NULL pointer dereference in scan_get_next_rmap_item() Andi Kleen
` (34 subsequent siblings)
98 siblings, 1 reply; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: gregkh, herton.krzesinski, gengor, donald.h.fry, wey-yi.w.guy,
sgruszka, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
This reverts commit 6f63415fc1b690cb50c2ad48ba6e9e6e88e271b4.
It turns out this is not what we want to have happen for the .32 and
.33-longterm kernels as it does not work properly at all.
This was reported by Gentoo, Arch, and Canonical developers as causing
problems for their users:
https://bugs.archlinux.org/task/24302
http://bugs.gentoo.org/show_bug.cgi?id=359445
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796336
Cc: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Cc: Gordon Malm <gengor@gentoo.org>
Cc: Don Fry <donald.h.fry@intel.com>
Cc: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/net/wireless/iwlwifi/iwl-5000.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/net/wireless/iwlwifi/iwl-5000.c
===================================================================
--- linux-2.6.35.y.orig/drivers/net/wireless/iwlwifi/iwl-5000.c
+++ linux-2.6.35.y/drivers/net/wireless/iwlwifi/iwl-5000.c
@@ -51,7 +51,7 @@
#include "iwl-agn-debugfs.h"
/* Highest firmware API version supported */
-#define IWL5000_UCODE_API_MAX 5
+#define IWL5000_UCODE_API_MAX 2
#define IWL5150_UCODE_API_MAX 2
/* Lowest firmware API version supported */
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [65/99] ksm: fix NULL pointer dereference in scan_get_next_rmap_item()
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (63 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode." Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [66/99] migrate: don't account swapcache as shmem Andi Kleen
` (33 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: hughd, andrea, aarcange, chrisw, akpm, torvalds, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Hugh Dickins <hughd@google.com>
commit 2b472611a32a72f4a118c069c2d62a1a3f087afd upstream.
Andrea Righi reported a case where an exiting task can race against
ksmd::scan_get_next_rmap_item (http://lkml.org/lkml/2011/6/1/742) easily
triggering a NULL pointer dereference in ksmd.
ksm_scan.mm_slot == &ksm_mm_head with only one registered mm
CPU 1 (__ksm_exit) CPU 2 (scan_get_next_rmap_item)
list_empty() is false
lock slot == &ksm_mm_head
list_del(slot->mm_list)
(list now empty)
unlock
lock
slot = list_entry(slot->mm_list.next)
(list is empty, so slot is still ksm_mm_head)
unlock
slot->mm == NULL ... Oops
Close this race by revalidating that the new slot is not simply the list
head again.
Andrea's test case:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>
#define BUFSIZE getpagesize()
int main(int argc, char **argv)
{
void *ptr;
if (posix_memalign(&ptr, getpagesize(), BUFSIZE) < 0) {
perror("posix_memalign");
exit(1);
}
if (madvise(ptr, BUFSIZE, MADV_MERGEABLE) < 0) {
perror("madvise");
exit(1);
}
*(char *)NULL = 0;
return 0;
}
Reported-by: Andrea Righi <andrea@betterlinux.com>
Tested-by: Andrea Righi <andrea@betterlinux.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
mm/ksm.c | 6 ++++++
1 file changed, 6 insertions(+)
Index: linux-2.6.35.y/mm/ksm.c
===================================================================
--- linux-2.6.35.y.orig/mm/ksm.c
+++ linux-2.6.35.y/mm/ksm.c
@@ -1272,6 +1272,12 @@ static struct rmap_item *scan_get_next_r
slot = list_entry(slot->mm_list.next, struct mm_slot, mm_list);
ksm_scan.mm_slot = slot;
spin_unlock(&ksm_mmlist_lock);
+ /*
+ * Although we tested list_empty() above, a racing __ksm_exit
+ * of the last mm on the list may have removed it since then.
+ */
+ if (slot == &ksm_mm_head)
+ return NULL;
next_mm:
ksm_scan.address = 0;
ksm_scan.rmap_list = &slot->rmap_list;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [66/99] migrate: don't account swapcache as shmem
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (64 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [65/99] ksm: fix NULL pointer dereference in scan_get_next_rmap_item() Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [67/99] xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped" Andi Kleen
` (32 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: aarcange, hughd, torvalds, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Andrea Arcangeli <aarcange@redhat.com>
commit 99a15e21d96f6857dafab1e5167e5e8183215c9c upstream.
swapcache will reach the below code path in migrate_page_move_mapping,
and swapcache is accounted as NR_FILE_PAGES but it's not accounted as
NR_SHMEM.
Hugh pointed out we must use PageSwapCache instead of comparing
mapping to &swapper_space, to avoid build failure with CONFIG_SWAP=n.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Acked-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
mm/migrate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/mm/migrate.c
===================================================================
--- linux-2.6.35.y.orig/mm/migrate.c
+++ linux-2.6.35.y/mm/migrate.c
@@ -266,7 +266,7 @@ static int migrate_page_move_mapping(str
*/
__dec_zone_page_state(page, NR_FILE_PAGES);
__inc_zone_page_state(newpage, NR_FILE_PAGES);
- if (PageSwapBacked(page)) {
+ if (!PageSwapCache(page) && PageSwapBacked(page)) {
__dec_zone_page_state(page, NR_SHMEM);
__inc_zone_page_state(newpage, NR_SHMEM);
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [67/99] xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped"
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (65 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [66/99] migrate: don't account swapcache as shmem Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [68/99] clocksource: Make watchdog robust vs. interruption Andi Kleen
` (31 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: stefano.stabellini, konrad.wilk, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
commit a91d92875ee94e4703fd017ccaadb48cfb344994 upstream.
We only need to set max_pfn_mapped to the last pfn mapped on x86_64 to
make sure that cleanup_highmap doesn't remove important mappings at
_end.
We don't need to do this on x86_32 because cleanup_highmap is not called
on x86_32. Besides lowering max_pfn_mapped on x86_32 has the unwanted
side effect of limiting the amount of memory available for the 1:1
kernel pagetable allocation.
This patch reverts the x86_32 part of the original patch.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
arch/x86/xen/mmu.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/arch/x86/xen/mmu.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/xen/mmu.c
+++ linux-2.6.35.y/arch/x86/xen/mmu.c
@@ -1641,6 +1641,11 @@ static __init void xen_map_identity_earl
for (pteidx = 0; pteidx < PTRS_PER_PTE; pteidx++, pfn++) {
pte_t pte;
+#ifdef CONFIG_X86_32
+ if (pfn > max_pfn_mapped)
+ max_pfn_mapped = pfn;
+#endif
+
if (!pte_none(pte_page[pteidx]))
continue;
@@ -1753,7 +1758,9 @@ __init pgd_t *xen_setup_kernel_pagetable
{
pmd_t *kernel_pmd;
- max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->mfn_list));
+ max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->pt_base) +
+ xen_start_info->nr_pt_frames * PAGE_SIZE +
+ 512*1024);
kernel_pmd = m2v(pgd[KERNEL_PGD_BOUNDARY].pgd);
memcpy(level2_kernel_pgt, kernel_pmd, sizeof(pmd_t) * PTRS_PER_PMD);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [68/99] clocksource: Make watchdog robust vs. interruption
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (66 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [67/99] xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped" Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [69/99] TTY: ldisc, do not close until there are readers Andi Kleen
` (30 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: tglx, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit b5199515c25cca622495eb9c6a8a1d275e775088 upstream.
The clocksource watchdog code is interruptible and it has been
observed that this can trigger false positives which disable the TSC.
The reason is that an interrupt storm or a long running interrupt
handler between the read of the watchdog source and the read of the
TSC brings the two far enough apart that the delta is larger than the
unstable treshold. Move both reads into a short interrupt disabled
region to avoid that.
Reported-and-tested-by: Vernon Mauery <vernux@us.ibm.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
include/linux/clocksource.h | 1 +
kernel/time/clocksource.c | 24 +++++++++++++-----------
2 files changed, 14 insertions(+), 11 deletions(-)
Index: linux-2.6.35.y/include/linux/clocksource.h
===================================================================
--- linux-2.6.35.y.orig/include/linux/clocksource.h
+++ linux-2.6.35.y/include/linux/clocksource.h
@@ -192,6 +192,7 @@ struct clocksource {
#ifdef CONFIG_CLOCKSOURCE_WATCHDOG
/* Watchdog related data, used by the framework */
struct list_head wd_list;
+ cycle_t cs_last;
cycle_t wd_last;
#endif
};
Index: linux-2.6.35.y/kernel/time/clocksource.c
===================================================================
--- linux-2.6.35.y.orig/kernel/time/clocksource.c
+++ linux-2.6.35.y/kernel/time/clocksource.c
@@ -184,7 +184,6 @@ static struct clocksource *watchdog;
static struct timer_list watchdog_timer;
static DECLARE_WORK(watchdog_work, clocksource_watchdog_work);
static DEFINE_SPINLOCK(watchdog_lock);
-static cycle_t watchdog_last;
static int watchdog_running;
static int clocksource_watchdog_kthread(void *data);
@@ -253,11 +252,6 @@ static void clocksource_watchdog(unsigne
if (!watchdog_running)
goto out;
- wdnow = watchdog->read(watchdog);
- wd_nsec = clocksource_cyc2ns((wdnow - watchdog_last) & watchdog->mask,
- watchdog->mult, watchdog->shift);
- watchdog_last = wdnow;
-
list_for_each_entry(cs, &watchdog_list, wd_list) {
/* Clocksource already marked unstable? */
@@ -267,19 +261,28 @@ static void clocksource_watchdog(unsigne
continue;
}
+ local_irq_disable();
csnow = cs->read(cs);
+ wdnow = watchdog->read(watchdog);
+ local_irq_enable();
/* Clocksource initialized ? */
if (!(cs->flags & CLOCK_SOURCE_WATCHDOG)) {
cs->flags |= CLOCK_SOURCE_WATCHDOG;
- cs->wd_last = csnow;
+ cs->wd_last = wdnow;
+ cs->cs_last = csnow;
continue;
}
- /* Check the deviation from the watchdog clocksource. */
- cs_nsec = clocksource_cyc2ns((csnow - cs->wd_last) &
+ wd_nsec = clocksource_cyc2ns((wdnow - cs->wd_last) & watchdog->mask,
+ watchdog->mult, watchdog->shift);
+
+ cs_nsec = clocksource_cyc2ns((csnow - cs->cs_last) &
cs->mask, cs->mult, cs->shift);
- cs->wd_last = csnow;
+ cs->cs_last = csnow;
+ cs->wd_last = wdnow;
+
+ /* Check the deviation from the watchdog clocksource. */
if (abs(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD) {
clocksource_unstable(cs, cs_nsec - wd_nsec);
continue;
@@ -317,7 +320,6 @@ static inline void clocksource_start_wat
return;
init_timer(&watchdog_timer);
watchdog_timer.function = clocksource_watchdog;
- watchdog_last = watchdog->read(watchdog);
watchdog_timer.expires = jiffies + WATCHDOG_INTERVAL;
add_timer_on(&watchdog_timer, cpumask_first(cpu_online_mask));
watchdog_running = 1;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [69/99] TTY: ldisc, do not close until there are readers
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (67 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [68/99] clocksource: Make watchdog robust vs. interruption Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-28 13:29 ` Jiri Slaby
2011-07-27 21:49 ` [PATCH] [70/99] xhci: Reject double add of active endpoints Andi Kleen
` (29 subsequent siblings)
98 siblings, 1 reply; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: jslaby, alan, torvalds, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Slaby <jslaby@suse.cz>
commit 92f6fa09bd453ffe3351fa1f1377a1b7cfa911e6 upstream.
We restored tty_ldisc_wait_idle in 100eeae2c5c (TTY: restore
tty_ldisc_wait_idle). We used it in the ldisc changing path to fix the
case where there are tasks in n_tty_read waiting for data and somebody
tries to change ldisc.
Similar to the case above, there may be also tasks waiting in
n_tty_read while hangup is performed. As 65b770468e98 (tty-ldisc: turn
ldisc user count into a proper refcount) removed the wait-until-idle
from all paths, hangup path won't wait for them to disappear either
now. So add it back even to the hangup path.
There is a difference, we need uninterruptible sleep as there is
obviously HUP signal pending. So tty_ldisc_wait_idle now sleeps
without possibility to be interrupted. This is what original
tty_ldisc_wait_idle did. After the wait idle reintroduction
(100eeae2c5c), we have had interruptible sleeps for the ldisc changing
path. But as there is a 5s timeout anyway, we don't allow it to be
interrupted from now on. It's not worth the added complexity of
deciding what kind of sleep we want.
Before 65b770468e98 tty_ldisc_release was called also from
tty_ldisc_release. It is called from tty_release, so I don't think we
need to restore that one.
This is nicely reproducible after constifying the timing when
drivers/tty/n_tty.c is patched as follows ("TTY: ntty, add one more
sanity check" patch is needed to actually see it explode):
%% -1548,6 +1549,7 @@ static int n_tty_open(struct tty_struct *tty)
/* These are ugly. Currently a malloc failure here can panic */
if (!tty->read_buf) {
+ msleep(100);
tty->read_buf = kzalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
if (!tty->read_buf)
return -ENOMEM;
%% -1785,6 +1788,7 @@ do_it_again:
break;
}
timeout = schedule_timeout(timeout);
+ msleep(20);
continue;
}
__set_current_state(TASK_RUNNING);
===== With a process: =====
while (1) {
int fd = open(argv[1], O_RDWR);
read(fd, buf, sizeof(buf));
close(fd);
}
===== and its child: =====
setsid();
while (1) {
int fd = open(tty, O_RDWR|O_NOCTTY);
ioctl(fd, TIOCSCTTY, 1);
vhangup();
close(fd);
usleep(100 * (10 + random() % 1000));
}
===== EOF =====
References: https://bugzilla.novell.com/show_bug.cgi?id=693374
References: https://bugzilla.novell.com/show_bug.cgi?id=694509
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/char/tty_ldisc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/char/tty_ldisc.c
===================================================================
--- linux-2.6.35.y.orig/drivers/char/tty_ldisc.c
+++ linux-2.6.35.y/drivers/char/tty_ldisc.c
@@ -543,7 +543,7 @@ static int tty_ldisc_halt(struct tty_str
static int tty_ldisc_wait_idle(struct tty_struct *tty)
{
int ret;
- ret = wait_event_interruptible_timeout(tty_ldisc_idle,
+ ret = wait_event_timeout(tty_ldisc_idle,
atomic_read(&tty->ldisc->users) == 1, 5 * HZ);
if (ret < 0)
return ret;
@@ -750,6 +750,8 @@ static int tty_ldisc_reinit(struct tty_s
if (IS_ERR(ld))
return -1;
+ WARN_ON_ONCE(tty_ldisc_wait_idle(tty));
+
tty_ldisc_close(tty, tty->ldisc);
tty_ldisc_put(tty->ldisc);
tty->ldisc = NULL;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [70/99] xhci: Reject double add of active endpoints.
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (68 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [69/99] TTY: ldisc, do not close until there are readers Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [71/99] PM: Free memory bitmaps if opening /dev/snapshot fails Andi Kleen
` (28 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: sarah.a.sharp, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Sarah Sharp <sarah.a.sharp@linux.intel.com>
commit fa75ac379e63c2864e9049b5e8615e40f65c1e70 upstream.
While trying to switch a UAS device from the BOT configuration to the UAS
configuration via the bConfigurationValue file, Tanya ran into an issue in
the USB core. usb_disable_device() sets entries in udev->ep_out and
udev->ep_out to NULL, but doesn't call into the xHCI bandwidth management
functions to remove the BOT configuration endpoints from the xHCI host's
internal structures.
The USB core would then attempt to add endpoints for the UAS
configuration, and some of the endpoints had the same address as endpoints
in the BOT configuration. The xHCI driver blindly added the endpoints
again, but the xHCI host controller rejected the Configure Endpoint
command because active endpoints were added without being dropped.
Make the xHCI driver reject calls to xhci_add_endpoint() that attempt to
add active endpoints without first calling xhci_drop_endpoint().
This should be backported to kernels as old as 2.6.31.
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Reported-by: Tanya Brokhman <tlinder@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/host/xhci.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
Index: linux-2.6.35.y/drivers/usb/host/xhci.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/host/xhci.c
+++ linux-2.6.35.y/drivers/usb/host/xhci.c
@@ -1016,6 +1016,7 @@ int xhci_add_endpoint(struct usb_hcd *hc
u32 added_ctxs;
unsigned int last_ctx;
u32 new_add_flags, new_drop_flags, new_slot_info;
+ struct xhci_virt_device *virt_dev;
int ret = 0;
ret = xhci_check_args(hcd, udev, ep, 1, __func__);
@@ -1044,11 +1045,25 @@ int xhci_add_endpoint(struct usb_hcd *hc
return -EINVAL;
}
- in_ctx = xhci->devs[udev->slot_id]->in_ctx;
- out_ctx = xhci->devs[udev->slot_id]->out_ctx;
+ virt_dev = xhci->devs[udev->slot_id];
+ in_ctx = virt_dev->in_ctx;
+ out_ctx = virt_dev->out_ctx;
ctrl_ctx = xhci_get_input_control_ctx(xhci, in_ctx);
ep_index = xhci_get_endpoint_index(&ep->desc);
ep_ctx = xhci_get_ep_ctx(xhci, out_ctx, ep_index);
+
+ /* If this endpoint is already in use, and the upper layers are trying
+ * to add it again without dropping it, reject the addition.
+ */
+ if (virt_dev->eps[ep_index].ring &&
+ !(le32_to_cpu(ctrl_ctx->drop_flags) &
+ xhci_get_endpoint_flag(&ep->desc))) {
+ xhci_warn(xhci, "Trying to add endpoint 0x%x "
+ "without dropping it.\n",
+ (unsigned int) ep->desc.bEndpointAddress);
+ return -EINVAL;
+ }
+
/* If the HCD has already noted the endpoint is enabled,
* ignore this request.
*/
@@ -1063,8 +1078,7 @@ int xhci_add_endpoint(struct usb_hcd *hc
* process context, not interrupt context (or so documenation
* for usb_set_interface() and usb_set_configuration() claim).
*/
- if (xhci_endpoint_init(xhci, xhci->devs[udev->slot_id],
- udev, ep, GFP_NOIO) < 0) {
+ if (xhci_endpoint_init(xhci, virt_dev, udev, ep, GFP_NOIO) < 0) {
dev_dbg(&udev->dev, "%s - could not initialize ep %#x\n",
__func__, ep->desc.bEndpointAddress);
return -ENOMEM;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [71/99] PM: Free memory bitmaps if opening /dev/snapshot fails
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (69 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [70/99] xhci: Reject double add of active endpoints Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [72/99] ath5k: fix memory leak when fewer than N_PD_CURVES are in use Andi Kleen
` (27 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: mkubecek, rjw, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Michal Kubecek <mkubecek@suse.cz>
commit 8440f4b19494467883f8541b7aa28c7bbf6ac92b upstream.
When opening /dev/snapshot device, snapshot_open() creates memory
bitmaps which are freed in snapshot_release(). But if any of the
callbacks called by pm_notifier_call_chain() returns NOTIFY_BAD, open()
fails, snapshot_release() is never called and bitmaps are not freed.
Next attempt to open /dev/snapshot then triggers BUG_ON() check in
create_basic_memory_bitmaps(). This happens e.g. when vmwatchdog module
is active on s390x.
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
kernel/power/user.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/kernel/power/user.c
===================================================================
--- linux-2.6.35.y.orig/kernel/power/user.c
+++ linux-2.6.35.y/kernel/power/user.c
@@ -113,8 +113,10 @@ static int snapshot_open(struct inode *i
if (error)
pm_notifier_call_chain(PM_POST_RESTORE);
}
- if (error)
+ if (error) {
+ free_basic_memory_bitmaps();
atomic_inc(&snapshot_device_available);
+ }
data->frozen = 0;
data->ready = 0;
data->platform_support = 0;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [72/99] ath5k: fix memory leak when fewer than N_PD_CURVES are in use
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (70 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [71/99] PM: Free memory bitmaps if opening /dev/snapshot fails Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [73/99] mm: fix negative commitlimit when gigantic hugepages are allocated Andi Kleen
` (26 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: dame_eugene, me, linville, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: "Eugene A. Shatokhin" <dame_eugene@mail.ru>
commit a0b8de350be458b33248e48b2174d9af8a4c4798 upstream.
We would free the proper number of curves, but in the wrong
slots, due to a missing level of indirection through
the pdgain_idx table.
It's simpler just to try to free all four slots, so do that.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/net/wireless/ath/ath5k/eeprom.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
Index: linux-2.6.35.y/drivers/net/wireless/ath/ath5k/eeprom.c
===================================================================
--- linux-2.6.35.y.orig/drivers/net/wireless/ath/ath5k/eeprom.c
+++ linux-2.6.35.y/drivers/net/wireless/ath/ath5k/eeprom.c
@@ -1592,14 +1592,12 @@ ath5k_eeprom_free_pcal_info(struct ath5k
if (!chinfo[pier].pd_curves)
continue;
- for (pdg = 0; pdg < ee->ee_pd_gains[mode]; pdg++) {
+ for (pdg = 0; pdg < AR5K_EEPROM_N_PD_CURVES; pdg++) {
struct ath5k_pdgain_info *pd =
&chinfo[pier].pd_curves[pdg];
- if (pd != NULL) {
- kfree(pd->pd_step);
- kfree(pd->pd_pwr);
- }
+ kfree(pd->pd_step);
+ kfree(pd->pd_pwr);
}
kfree(chinfo[pier].pd_curves);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [73/99] mm: fix negative commitlimit when gigantic hugepages are allocated
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (71 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [72/99] ath5k: fix memory leak when fewer than N_PD_CURVES are in use Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [74/99] uvcvideo: Remove buffers from the queues when freeing Andi Kleen
` (25 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: aquini, rja, aarcange, cl, akpm, torvalds, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Rafael Aquini <aquini@linux.com>
commit b0320c7b7d1ac1bd5c2d9dff3258524ab39bad32 upstream.
When 1GB hugepages are allocated on a system, free(1) reports less
available memory than what really is installed in the box. Also, if the
total size of hugepages allocated on a system is over half of the total
memory size, CommitLimit becomes a negative number.
The problem is that gigantic hugepages (order > MAX_ORDER) can only be
allocated at boot with bootmem, thus its frames are not accounted to
'totalram_pages'. However, they are accounted to hugetlb_total_pages()
What happens to turn CommitLimit into a negative number is this
calculation, in fs/proc/meminfo.c:
allowed = ((totalram_pages - hugetlb_total_pages())
* sysctl_overcommit_ratio / 100) + total_swap_pages;
A similar calculation occurs in __vm_enough_memory() in mm/mmap.c.
Also, every vm statistic which depends on 'totalram_pages' will render
confusing values, as if system were 'missing' some part of its memory.
Impact of this bug:
When gigantic hugepages are allocated and sysctl_overcommit_memory ==
OVERCOMMIT_NEVER. In a such situation, __vm_enough_memory() goes through
the mentioned 'allowed' calculation and might end up mistakenly returning
-ENOMEM, thus forcing the system to start reclaiming pages earlier than it
would be ususal, and this could cause detrimental impact to overall
system's performance, depending on the workload.
Besides the aforementioned scenario, I can only think of this causing
annoyances with memory reports from /proc/meminfo and free(1).
[akpm@linux-foundation.org: standardize comment layout]
Reported-by: Russ Anderson <rja@sgi.com>
Signed-off-by: Rafael Aquini <aquini@linux.com>
Acked-by: Russ Anderson <rja@sgi.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Christoph Lameter <cl@linux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
mm/hugetlb.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: linux-2.6.35.y/mm/hugetlb.c
===================================================================
--- linux-2.6.35.y.orig/mm/hugetlb.c
+++ linux-2.6.35.y/mm/hugetlb.c
@@ -1109,6 +1109,14 @@ static void __init gather_bootmem_preall
WARN_ON(page_count(page) != 1);
prep_compound_huge_page(page, h->order);
prep_new_huge_page(h, page, page_to_nid(page));
+ /*
+ * If we had gigantic hugepages allocated at boot time, we need
+ * to restore the 'stolen' pages to totalram_pages in order to
+ * fix confusing memory reports from free(1) and another
+ * side-effects, like CommitLimit going negative.
+ */
+ if (h->order > (MAX_ORDER - 1))
+ totalram_pages += 1 << h->order;
}
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [74/99] uvcvideo: Remove buffers from the queues when freeing
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (72 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [73/99] mm: fix negative commitlimit when gigantic hugepages are allocated Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [75/99] watchdog: mtx1-wdt: request gpio before using it Andi Kleen
` (24 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: sjoerd.simons, laurent.pinchart, mchehab, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
commit 8ca2c80b170c47eeb55f0c2a0f2b8edf85f35d49 upstream.
When freeing memory for the video buffers also remove them from the
irq & main queues.
This fixes an oops when doing the following:
open ("/dev/video", ..)
VIDIOC_REQBUFS
VIDIOC_QBUF
VIDIOC_REQBUFS
close ()
As the second VIDIOC_REQBUFS will cause the list entries of the buffers
to be cleared while they still hang around on the main and irc queues
Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/media/video/uvc/uvc_queue.c | 2 ++
1 file changed, 2 insertions(+)
Index: linux-2.6.35.y/drivers/media/video/uvc/uvc_queue.c
===================================================================
--- linux-2.6.35.y.orig/drivers/media/video/uvc/uvc_queue.c
+++ linux-2.6.35.y/drivers/media/video/uvc/uvc_queue.c
@@ -165,6 +165,8 @@ int uvc_free_buffers(struct uvc_video_qu
}
if (queue->count) {
+ uvc_queue_cancel(queue, 0);
+ INIT_LIST_HEAD(&queue->mainqueue);
vfree(queue->mem);
queue->count = 0;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [75/99] watchdog: mtx1-wdt: request gpio before using it
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (73 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [74/99] uvcvideo: Remove buffers from the queues when freeing Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [76/99] debugobjects: Fix boot crash when kmemleak and debugobjects enabled Andi Kleen
` (23 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: florian, wim, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <florian@openwrt.org>
commit 9b19d40aa3ebaf1078779da10555da2ab8512422 upstream.
Otherwise, the gpiolib autorequest feature will produce a WARN_ON():
WARNING: at drivers/gpio/gpiolib.c:101 0x8020ec6c()
autorequest GPIO-215
[...]
Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/watchdog/mtx-1_wdt.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: linux-2.6.35.y/drivers/watchdog/mtx-1_wdt.c
===================================================================
--- linux-2.6.35.y.orig/drivers/watchdog/mtx-1_wdt.c
+++ linux-2.6.35.y/drivers/watchdog/mtx-1_wdt.c
@@ -211,6 +211,12 @@ static int __devinit mtx1_wdt_probe(stru
int ret;
mtx1_wdt_device.gpio = pdev->resource[0].start;
+ ret = gpio_request_one(mtx1_wdt_device.gpio,
+ GPIOF_OUT_INIT_HIGH, "mtx1-wdt");
+ if (ret < 0) {
+ dev_err(&pdev->dev, "failed to request gpio");
+ return ret;
+ }
spin_lock_init(&mtx1_wdt_device.lock);
init_completion(&mtx1_wdt_device.stop);
@@ -236,6 +242,8 @@ static int __devexit mtx1_wdt_remove(str
mtx1_wdt_device.queue = 0;
wait_for_completion(&mtx1_wdt_device.stop);
}
+
+ gpio_free(mtx1_wdt_device.gpio);
misc_deregister(&mtx1_wdt_misc);
return 0;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [76/99] debugobjects: Fix boot crash when kmemleak and debugobjects enabled
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (74 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [75/99] watchdog: mtx1-wdt: request gpio before using it Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [77/99] cfq-iosched: fix locking around ioc->ioc_data assignment Andi Kleen
` (22 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: marcin.slusarz, catalin.marinas, tj, dipankar, paulmck, ak, tglx,
gregkh, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Marcin Slusarz <marcin.slusarz@gmail.com>
commit 161b6ae0e067e421b20bb35caf66bdb405c929ac upstream.
Order of initialization look like this:
...
debugobjects
kmemleak
...(lots of other subsystems)...
workqueues (through early initcall)
...
debugobjects use schedule_work for batch freeing of its data and kmemleak
heavily use debugobjects, so when it comes to freeing and workqueues were
not initialized yet, kernel crashes:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff810854d1>] __queue_work+0x29/0x41a
[<ffffffff81085910>] queue_work_on+0x16/0x1d
[<ffffffff81085abc>] queue_work+0x29/0x55
[<ffffffff81085afb>] schedule_work+0x13/0x15
[<ffffffff81242de1>] free_object+0x90/0x95
[<ffffffff81242f6d>] debug_check_no_obj_freed+0x187/0x1d3
[<ffffffff814b6504>] ? _raw_spin_unlock_irqrestore+0x30/0x4d
[<ffffffff8110bd14>] ? free_object_rcu+0x68/0x6d
[<ffffffff8110890c>] kmem_cache_free+0x64/0x12c
[<ffffffff8110bd14>] free_object_rcu+0x68/0x6d
[<ffffffff810b58bc>] __rcu_process_callbacks+0x1b6/0x2d9
...
because system_wq is NULL.
Fix it by checking if workqueues susbystem was initialized before using.
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Dipankar Sarma <dipankar@in.ibm.com>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Link: http://lkml.kernel.org/r/20110528112342.GA3068@joi.lan
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
lib/debugobjects.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/lib/debugobjects.c
===================================================================
--- linux-2.6.35.y.orig/lib/debugobjects.c
+++ linux-2.6.35.y/lib/debugobjects.c
@@ -198,7 +198,7 @@ static void free_object(struct debug_obj
* initialized:
*/
if (obj_pool_free > ODEBUG_POOL_SIZE && obj_cache)
- sched = !work_pending(&debug_obj_work);
+ sched = keventd_up() && !work_pending(&debug_obj_work);
hlist_add_head(&obj->node, &obj_pool);
obj_pool_free++;
obj_pool_used--;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [77/99] cfq-iosched: fix locking around ioc->ioc_data assignment
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (75 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [76/99] debugobjects: Fix boot crash when kmemleak and debugobjects enabled Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [78/99] cfq-iosched: fix a rcu warning Andi Kleen
` (21 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: jaxboe, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <jaxboe@fusionio.com>
commit ab4bd22d3cce6977dc039664cc2d052e3147d662 upstream.
Since we are modifying this RCU pointer, we need to hold
the lock protecting it around it.
This fixes a potential reuse and double free of a cfq
io_context structure. The bug has been in CFQ for a long
time, it hit very few people but those it did hit seemed
to see it a lot.
Tracked in RH bugzilla here:
https://bugzilla.redhat.com/show_bug.cgi?id=577968
Credit goes to Paul Bolle for figuring out that the issue
was around the one-hit ioc->ioc_data cache. Thanks to his
hard work the issue is now fixed.
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
block/cfq-iosched.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/block/cfq-iosched.c
===================================================================
--- linux-2.6.35.y.orig/block/cfq-iosched.c
+++ linux-2.6.35.y/block/cfq-iosched.c
@@ -2615,8 +2615,11 @@ static void __cfq_exit_single_io_context
smp_wmb();
cic->key = cfqd_dead_key(cfqd);
- if (ioc->ioc_data == cic)
+ if (rcu_dereference(ioc->ioc_data) == cic) {
+ spin_lock(&ioc->lock);
rcu_assign_pointer(ioc->ioc_data, NULL);
+ spin_unlock(&ioc->lock);
+ }
if (cic->cfqq[BLK_RW_ASYNC]) {
cfq_exit_cfqq(cfqd, cic->cfqq[BLK_RW_ASYNC]);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [78/99] cfq-iosched: fix a rcu warning
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (76 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [77/99] cfq-iosched: fix locking around ioc->ioc_data assignment Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [79/99] i2c-taos-evm: Fix log messages Andi Kleen
` (20 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: shaohua.li, jaxboe, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Shaohua Li <shaohua.li@intel.com>
commit 3181faa85bda3dc3f5e630a1846526c9caaa38e3 upstream.
I got a rcu warnning at boot. the ioc->ioc_data is rcu_deferenced, but
doesn't hold rcu_read_lock.
Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
block/cfq-iosched.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/block/cfq-iosched.c
===================================================================
--- linux-2.6.35.y.orig/block/cfq-iosched.c
+++ linux-2.6.35.y/block/cfq-iosched.c
@@ -2615,11 +2615,14 @@ static void __cfq_exit_single_io_context
smp_wmb();
cic->key = cfqd_dead_key(cfqd);
+ rcu_read_lock();
if (rcu_dereference(ioc->ioc_data) == cic) {
+ rcu_read_unlock();
spin_lock(&ioc->lock);
rcu_assign_pointer(ioc->ioc_data, NULL);
spin_unlock(&ioc->lock);
- }
+ } else
+ rcu_read_unlock();
if (cic->cfqq[BLK_RW_ASYNC]) {
cfq_exit_cfqq(cfqd, cic->cfqq[BLK_RW_ASYNC]);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [79/99] i2c-taos-evm: Fix log messages
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (77 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [78/99] cfq-iosched: fix a rcu warning Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [80/99] md: avoid endless recovery loop when waiting for fail device to complete Andi Kleen
` (19 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: khali, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Jean Delvare <khali@linux-fr.org>
commit 9b640f2e154268cb516efcaf9c434f2e73c6783e upstream.
* Print all error and information messages even when debugging is
disabled.
* Don't use adapter device to log messages before it is ready.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/i2c/busses/i2c-taos-evm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: linux-2.6.35.y/drivers/i2c/busses/i2c-taos-evm.c
===================================================================
--- linux-2.6.35.y.orig/drivers/i2c/busses/i2c-taos-evm.c
+++ linux-2.6.35.y/drivers/i2c/busses/i2c-taos-evm.c
@@ -234,7 +234,7 @@ static int taos_connect(struct serio *se
if (taos->state != TAOS_STATE_IDLE) {
err = -ENODEV;
- dev_dbg(&serio->dev, "TAOS EVM reset failed (state=%d, "
+ dev_err(&serio->dev, "TAOS EVM reset failed (state=%d, "
"pos=%d)\n", taos->state, taos->pos);
goto exit_close;
}
@@ -255,7 +255,7 @@ static int taos_connect(struct serio *se
msecs_to_jiffies(250));
if (taos->state != TAOS_STATE_IDLE) {
err = -ENODEV;
- dev_err(&adapter->dev, "Echo off failed "
+ dev_err(&serio->dev, "TAOS EVM echo off failed "
"(state=%d)\n", taos->state);
goto exit_close;
}
@@ -263,7 +263,7 @@ static int taos_connect(struct serio *se
err = i2c_add_adapter(adapter);
if (err)
goto exit_close;
- dev_dbg(&serio->dev, "Connected to TAOS EVM\n");
+ dev_info(&serio->dev, "Connected to TAOS EVM\n");
taos->client = taos_instantiate_device(adapter);
return 0;
@@ -288,7 +288,7 @@ static void taos_disconnect(struct serio
serio_set_drvdata(serio, NULL);
kfree(taos);
- dev_dbg(&serio->dev, "Disconnected from TAOS EVM\n");
+ dev_info(&serio->dev, "Disconnected from TAOS EVM\n");
}
static struct serio_device_id taos_serio_ids[] = {
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [80/99] md: avoid endless recovery loop when waiting for fail device to complete.
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (78 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [79/99] i2c-taos-evm: Fix log messages Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [81/99] SUNRPC: Ensure the RPC client only quits on fatal signals Andi Kleen
` (18 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: neilb, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.de>
commit 4274215d24633df7302069e51426659d4759c5ed upstream.
If a device fails in a way that causes pending request to take a while
to complete, md will not be able to immediately remove it from the
array in remove_and_add_spares.
It will then incorrectly look like a spare device and md will try to
recover it even though it is failed.
This leads to a recovery process starting and instantly aborting over
and over again.
We should check if the device is faulty before considering it to be a
spare. This will avoid trying to start a recovery that cannot
proceed.
This bug was introduced in 2.6.26 so that patch is suitable for any
kernel since then.
Reported-by: Jim Paradis <james.paradis@stratus.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/md/md.c | 1 +
1 file changed, 1 insertion(+)
Index: linux-2.6.35.y/drivers/md/md.c
===================================================================
--- linux-2.6.35.y.orig/drivers/md/md.c
+++ linux-2.6.35.y/drivers/md/md.c
@@ -6967,6 +6967,7 @@ static int remove_and_add_spares(mddev_t
list_for_each_entry(rdev, &mddev->disks, same_set) {
if (rdev->raid_disk >= 0 &&
!test_bit(In_sync, &rdev->flags) &&
+ !test_bit(Faulty, &rdev->flags) &&
!test_bit(Blocked, &rdev->flags))
spares++;
if (rdev->raid_disk < 0
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [81/99] SUNRPC: Ensure the RPC client only quits on fatal signals
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (79 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [80/99] md: avoid endless recovery loop when waiting for fail device to complete Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [82/99] 6pack,mkiss: fix lock inconsistency Andi Kleen
` (17 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: Trond.Myklebust, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit 5afa9133cfe67f1bfead6049a9640c9262a7101c upstream.
Fix a couple of instances where we were exiting the RPC client on
arbitrary signals. We should only do so on fatal signals.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/sunrpc/auth_gss/auth_gss.c | 4 ++--
net/sunrpc/clnt.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
Index: linux-2.6.35.y/net/sunrpc/auth_gss/auth_gss.c
===================================================================
--- linux-2.6.35.y.orig/net/sunrpc/auth_gss/auth_gss.c
+++ linux-2.6.35.y/net/sunrpc/auth_gss/auth_gss.c
@@ -575,13 +575,13 @@ retry:
}
inode = &gss_msg->inode->vfs_inode;
for (;;) {
- prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_INTERRUPTIBLE);
+ prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
spin_lock(&inode->i_lock);
if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
break;
}
spin_unlock(&inode->i_lock);
- if (signalled()) {
+ if (fatal_signal_pending(current)) {
err = -ERESTARTSYS;
goto out_intr;
}
Index: linux-2.6.35.y/net/sunrpc/clnt.c
===================================================================
--- linux-2.6.35.y.orig/net/sunrpc/clnt.c
+++ linux-2.6.35.y/net/sunrpc/clnt.c
@@ -928,7 +928,7 @@ call_allocate(struct rpc_task *task)
dprintk("RPC: %5u rpc_buffer allocation failed\n", task->tk_pid);
- if (RPC_IS_ASYNC(task) || !signalled()) {
+ if (RPC_IS_ASYNC(task) || !fatal_signal_pending(current)) {
task->tk_action = call_allocate;
rpc_delay(task, HZ>>4);
return;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [82/99] 6pack,mkiss: fix lock inconsistency
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (80 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [81/99] SUNRPC: Ensure the RPC client only quits on fatal signals Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [83/99] taskstats: don't allow duplicate entries in listener mode Andi Kleen
` (16 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: arnd, f6bvp, ralf, davem, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit 6e4e2f811bade330126d4029c88c831784a7efd9 upstream.
Lockdep found a locking inconsistency in the mkiss_close function:
> kernel: [ INFO: inconsistent lock state ]
> kernel: 2.6.39.1 #3
> kernel: ---------------------------------
> kernel: inconsistent {IN-SOFTIRQ-R} -> {SOFTIRQ-ON-W} usage.
> kernel: ax25ipd/2813 [HC0[0]:SC0[0]:HE1:SE1] takes:
> kernel: (disc_data_lock){+++?.-}, at: [<ffffffffa018552b>] mkiss_close+0x1b/0x90 [mkiss]
> kernel: {IN-SOFTIRQ-R} state was registered at:
The message hints that disc_data_lock is aquired with softirqs disabled,
but does not itself disable softirqs, which can in rare circumstances
lead to a deadlock.
The same problem is present in the 6pack driver, this patch fixes both
by using write_lock_bh instead of write_lock.
Reported-by: Bernard F6BVP <f6bvp@free.fr>
Tested-by: Bernard F6BVP <f6bvp@free.fr>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Ralf Baechle<ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/net/hamradio/6pack.c | 4 ++--
drivers/net/hamradio/mkiss.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
Index: linux-2.6.35.y/drivers/net/hamradio/6pack.c
===================================================================
--- linux-2.6.35.y.orig/drivers/net/hamradio/6pack.c
+++ linux-2.6.35.y/drivers/net/hamradio/6pack.c
@@ -692,10 +692,10 @@ static void sixpack_close(struct tty_str
{
struct sixpack *sp;
- write_lock(&disc_data_lock);
+ write_lock_bh(&disc_data_lock);
sp = tty->disc_data;
tty->disc_data = NULL;
- write_unlock(&disc_data_lock);
+ write_unlock_bh(&disc_data_lock);
if (!sp)
return;
Index: linux-2.6.35.y/drivers/net/hamradio/mkiss.c
===================================================================
--- linux-2.6.35.y.orig/drivers/net/hamradio/mkiss.c
+++ linux-2.6.35.y/drivers/net/hamradio/mkiss.c
@@ -813,10 +813,10 @@ static void mkiss_close(struct tty_struc
{
struct mkiss *ax;
- write_lock(&disc_data_lock);
+ write_lock_bh(&disc_data_lock);
ax = tty->disc_data;
tty->disc_data = NULL;
- write_unlock(&disc_data_lock);
+ write_unlock_bh(&disc_data_lock);
if (!ax)
return;
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [83/99] taskstats: don't allow duplicate entries in listener mode
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (81 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [82/99] 6pack,mkiss: fix lock inconsistency Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [84/99] USB: don't let errors prevent system sleep Andi Kleen
` (15 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: segoon, segooon, bsingharora, akpm, torvalds, gregkh, ak,
linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Vasiliy Kulikov <segoon@openwall.com>
commit 26c4caea9d697043cc5a458b96411b86d7f6babd upstream.
Currently a single process may register exit handlers unlimited times.
It may lead to a bloated listeners chain and very slow process
terminations.
Eg after 10KK sent TASKSTATS_CMD_ATTR_REGISTER_CPUMASKs ~300 Mb of
kernel memory is stolen for the handlers chain and "time id" shows 2-7
seconds instead of normal 0.003. It makes it possible to exhaust all
kernel memory and to eat much of CPU time by triggerring numerous exits
on a single CPU.
The patch limits the number of times a single process may register
itself on a single CPU to one.
One little issue is kept unfixed - as taskstats_exit() is called before
exit_files() in do_exit(), the orphaned listener entry (if it was not
explicitly deregistered) is kept until the next someone's exit() and
implicit deregistration in send_cpu_listeners(). So, if a process
registered itself as a listener exits and the next spawned process gets
the same pid, it would inherit taskstats attributes.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Cc: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
kernel/taskstats.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
Index: linux-2.6.35.y/kernel/taskstats.c
===================================================================
--- linux-2.6.35.y.orig/kernel/taskstats.c
+++ linux-2.6.35.y/kernel/taskstats.c
@@ -292,16 +292,18 @@ ret:
static int add_del_listener(pid_t pid, const struct cpumask *mask, int isadd)
{
struct listener_list *listeners;
- struct listener *s, *tmp;
+ struct listener *s, *tmp, *s2;
unsigned int cpu;
if (!cpumask_subset(mask, cpu_possible_mask))
return -EINVAL;
+ s = NULL;
if (isadd == REGISTER) {
for_each_cpu(cpu, mask) {
- s = kmalloc_node(sizeof(struct listener), GFP_KERNEL,
- cpu_to_node(cpu));
+ if (!s)
+ s = kmalloc_node(sizeof(struct listener),
+ GFP_KERNEL, cpu_to_node(cpu));
if (!s)
goto cleanup;
s->pid = pid;
@@ -310,9 +312,16 @@ static int add_del_listener(pid_t pid, c
listeners = &per_cpu(listener_array, cpu);
down_write(&listeners->sem);
+ list_for_each_entry_safe(s2, tmp, &listeners->list, list) {
+ if (s2->pid == pid)
+ goto next_cpu;
+ }
list_add(&s->list, &listeners->list);
+ s = NULL;
+next_cpu:
up_write(&listeners->sem);
}
+ kfree(s);
return 0;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [84/99] USB: don't let errors prevent system sleep
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (82 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [83/99] taskstats: don't allow duplicate entries in listener mode Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [85/99] USB: don't let the hub driver " Andi Kleen
` (14 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: stern, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 0af212ba8f123c2eba151af7726c34a50b127962 upstream.
This patch (as1464) implements the recommended policy that most errors
during suspend or hibernation should not prevent the system from going
to sleep. In particular, failure to suspend a USB driver or a USB
device should not prevent the sleep from succeeding:
Failure to suspend a device won't matter, because the device will
automatically go into suspend mode when the USB bus stops carrying
packets. (This might be less true for USB-3.0 devices, but let's not
worry about them now.)
Failure of a driver to suspend might lead to trouble later on when the
system wakes up, but it isn't sufficient reason to prevent the system
from going to sleep.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/core/driver.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/drivers/usb/core/driver.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/core/driver.c
+++ linux-2.6.35.y/drivers/usb/core/driver.c
@@ -1189,13 +1189,22 @@ static int usb_suspend_both(struct usb_d
for (i = n - 1; i >= 0; --i) {
intf = udev->actconfig->interface[i];
status = usb_suspend_interface(udev, intf, msg);
+
+ /* Ignore errors during system sleep transitions */
+ if (!(msg.event & PM_EVENT_AUTO))
+ status = 0;
if (status != 0)
break;
}
}
- if (status == 0)
+ if (status == 0) {
status = usb_suspend_device(udev, msg);
+ /* Again, ignore errors during system sleep transitions */
+ if (!(msg.event & PM_EVENT_AUTO))
+ status = 0;
+ }
+
/* If the suspend failed, resume interfaces that did get suspended */
if (status != 0) {
msg.event ^= (PM_EVENT_SUSPEND | PM_EVENT_RESUME);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [85/99] USB: don't let the hub driver prevent system sleep
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (83 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [84/99] USB: don't let errors prevent system sleep Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [86/99] uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc Andi Kleen
` (13 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: stern, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit cbb330045e5df8f665ac60227ff898421fc8fb92 upstream.
This patch (as1465) continues implementation of the policy that errors
during suspend or hibernation should not prevent the system from going
to sleep.
In this case, failure to turn on the Suspend feature for a hub port
shouldn't be reported as an error. There are situations where this
does actually occur (such as when the device plugged into that port
was disconnected in the recent past), and it turns out to be harmless.
There's no reason for it to prevent a system sleep.
Also, don't allow the hub driver to fail a system suspend if the
downstream ports aren't all suspended. This is also harmless (and
should never happen, given the change mentioned above); printing a
warning message in the kernel log is all we really need to do.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
drivers/usb/core/hub.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
Index: linux-2.6.35.y/drivers/usb/core/hub.c
===================================================================
--- linux-2.6.35.y.orig/drivers/usb/core/hub.c
+++ linux-2.6.35.y/drivers/usb/core/hub.c
@@ -2233,6 +2233,10 @@ int usb_port_suspend(struct usb_device *
USB_DEVICE_REMOTE_WAKEUP, 0,
NULL, 0,
USB_CTRL_SET_TIMEOUT);
+
+ /* System sleep transitions should never fail */
+ if (!(msg.event & PM_EVENT_AUTO))
+ status = 0;
} else {
/* device has up to 10 msec to fully suspend */
dev_dbg(&udev->dev, "usb %ssuspend\n",
@@ -2470,16 +2474,15 @@ static int hub_suspend(struct usb_interf
struct usb_device *hdev = hub->hdev;
unsigned port1;
- /* fail if children aren't already suspended */
+ /* Warn if children aren't already suspended */
for (port1 = 1; port1 <= hdev->maxchild; port1++) {
struct usb_device *udev;
udev = hdev->children [port1-1];
if (udev && udev->can_submit) {
- if (!(msg.event & PM_EVENT_AUTO))
- dev_dbg(&intf->dev, "port %d nyet suspended\n",
- port1);
- return -EBUSY;
+ dev_warn(&intf->dev, "port %d nyet suspended\n", port1);
+ if (msg.event & PM_EVENT_AUTO)
+ return -EBUSY;
}
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [86/99] uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (84 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [85/99] USB: don't let the hub driver " Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [87/99] inet_diag: fix inet_diag_bc_audit() Andi Kleen
` (12 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: roland, jdike, viro, akpm, torvalds, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Roland McGrath <roland@redhat.com>
commit aa5fb4dbfd121296ca97c68cf90043a7ea97579d upstream.
With glibc 2.11 or later that was built with --enable-multi-arch, the UML
link fails with undefined references to __rel_iplt_start and similar
symbols. In recent binutils, the default linker script defines these
symbols (see ld --verbose). Fix the UML linker scripts to match the new
defaults for these sections.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
arch/um/kernel/dyn.lds.S | 14 ++++++++++++--
arch/um/kernel/uml.lds.S | 17 +++++++++++++++++
2 files changed, 29 insertions(+), 2 deletions(-)
Index: linux-2.6.35.y/arch/um/kernel/dyn.lds.S
===================================================================
--- linux-2.6.35.y.orig/arch/um/kernel/dyn.lds.S
+++ linux-2.6.35.y/arch/um/kernel/dyn.lds.S
@@ -50,8 +50,18 @@ SECTIONS
.rela.got : { *(.rela.got) }
.rel.bss : { *(.rel.bss .rel.bss.* .rel.gnu.linkonce.b.*) }
.rela.bss : { *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) }
- .rel.plt : { *(.rel.plt) }
- .rela.plt : { *(.rela.plt) }
+ .rel.plt : {
+ *(.rel.plt)
+ PROVIDE_HIDDEN(__rel_iplt_start = .);
+ *(.rel.iplt)
+ PROVIDE_HIDDEN(__rel_iplt_end = .);
+ }
+ .rela.plt : {
+ *(.rela.plt)
+ PROVIDE_HIDDEN(__rela_iplt_start = .);
+ *(.rela.iplt)
+ PROVIDE_HIDDEN(__rela_iplt_end = .);
+ }
.init : {
KEEP (*(.init))
} =0x90909090
Index: linux-2.6.35.y/arch/um/kernel/uml.lds.S
===================================================================
--- linux-2.6.35.y.orig/arch/um/kernel/uml.lds.S
+++ linux-2.6.35.y/arch/um/kernel/uml.lds.S
@@ -43,6 +43,23 @@ SECTIONS
__syscall_stub_end = .;
}
+ /*
+ * These are needed even in a static link, even if they wind up being empty.
+ * Newer glibc needs these __rel{,a}_iplt_{start,end} symbols.
+ */
+ .rel.plt : {
+ *(.rel.plt)
+ PROVIDE_HIDDEN(__rel_iplt_start = .);
+ *(.rel.iplt)
+ PROVIDE_HIDDEN(__rel_iplt_end = .);
+ }
+ .rela.plt : {
+ *(.rela.plt)
+ PROVIDE_HIDDEN(__rela_iplt_start = .);
+ *(.rela.iplt)
+ PROVIDE_HIDDEN(__rela_iplt_end = .);
+ }
+
#include "asm/common.lds.S"
init.data : { INIT_DATA }
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [87/99] inet_diag: fix inet_diag_bc_audit()
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (85 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [86/99] uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [88/99] PM / Hibernate: Fix free_unnecessary_pages() Andi Kleen
` (11 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: eric.dumazet, davem, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <eric.dumazet@gmail.com>
[ Upstream commit eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d ]
A malicious user or buggy application can inject code and trigger an
infinite loop in inet_diag_bc_audit()
Also make sure each instruction is aligned on 4 bytes boundary, to avoid
unaligned accesses.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/ipv4/inet_diag.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
Index: linux-2.6.35.y/net/ipv4/inet_diag.c
===================================================================
--- linux-2.6.35.y.orig/net/ipv4/inet_diag.c
+++ linux-2.6.35.y/net/ipv4/inet_diag.c
@@ -437,7 +437,7 @@ static int valid_cc(const void *bc, int
return 0;
if (cc == len)
return 1;
- if (op->yes < 4)
+ if (op->yes < 4 || op->yes & 3)
return 0;
len -= op->yes;
bc += op->yes;
@@ -447,11 +447,11 @@ static int valid_cc(const void *bc, int
static int inet_diag_bc_audit(const void *bytecode, int bytecode_len)
{
- const unsigned char *bc = bytecode;
+ const void *bc = bytecode;
int len = bytecode_len;
while (len > 0) {
- struct inet_diag_bc_op *op = (struct inet_diag_bc_op *)bc;
+ const struct inet_diag_bc_op *op = bc;
//printk("BC: %d %d %d {%d} / %d\n", op->code, op->yes, op->no, op[1].no, len);
switch (op->code) {
@@ -462,22 +462,20 @@ static int inet_diag_bc_audit(const void
case INET_DIAG_BC_S_LE:
case INET_DIAG_BC_D_GE:
case INET_DIAG_BC_D_LE:
- if (op->yes < 4 || op->yes > len + 4)
- return -EINVAL;
case INET_DIAG_BC_JMP:
- if (op->no < 4 || op->no > len + 4)
+ if (op->no < 4 || op->no > len + 4 || op->no & 3)
return -EINVAL;
if (op->no < len &&
!valid_cc(bytecode, bytecode_len, len - op->no))
return -EINVAL;
break;
case INET_DIAG_BC_NOP:
- if (op->yes < 4 || op->yes > len + 4)
- return -EINVAL;
break;
default:
return -EINVAL;
}
+ if (op->yes < 4 || op->yes > len + 4 || op->yes & 3)
+ return -EINVAL;
bc += op->yes;
len -= op->yes;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [88/99] PM / Hibernate: Fix free_unnecessary_pages()
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (86 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [87/99] inet_diag: fix inet_diag_bc_audit() Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [89/99] bug.h: Add WARN_RATELIMIT Andi Kleen
` (10 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: rjw, ak, gregkh, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: "Rafael J. Wysocki" <rjw@sisk.pl>
commit 4d4cf23cdde2f8f9324f5684a7f349e182039529 upstream.
There is a bug in free_unnecessary_pages() that causes it to
attempt to free too many pages in some cases, which triggers the
BUG_ON() in memory_bm_clear_bit() for copy_bm. Namely, if
count_data_pages() is initially greater than alloc_normal, we get
to_free_normal equal to 0 and "save" greater from 0. In that case,
if the sum of "save" and count_highmem_pages() is greater than
alloc_highmem, we subtract a positive number from to_free_normal.
Hence, since to_free_normal was 0 before the subtraction and is
an unsigned int, the result is converted to a huge positive number
that is used as the number of pages to free.
Fix this bug by checking if to_free_normal is actually greater
than or equal to the number we're going to subtract from it.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Reported-and-tested-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
kernel/power/snapshot.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/kernel/power/snapshot.c
===================================================================
--- linux-2.6.35.y.orig/kernel/power/snapshot.c
+++ linux-2.6.35.y/kernel/power/snapshot.c
@@ -1199,7 +1199,11 @@ static void free_unnecessary_pages(void)
to_free_highmem = alloc_highmem - save;
} else {
to_free_highmem = 0;
- to_free_normal -= save - alloc_highmem;
+ save -= alloc_highmem;
+ if (to_free_normal > save)
+ to_free_normal -= save;
+ else
+ to_free_normal = 0;
}
memory_bm_position_reset(©_bm);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [89/99] bug.h: Add WARN_RATELIMIT
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (87 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [88/99] PM / Hibernate: Fix free_unnecessary_pages() Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [90/99] net: filter: Use WARN_RATELIMIT Andi Kleen
` (9 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: joe, davem, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Joe Perches <joe@perches.com>
[ Upstream commit b3eec79b0776e5340a3db75b34953977c7e5086e ]
Add a generic mechanism to ratelimit WARN(foo, fmt, ...) messages
using a hidden per call site static struct ratelimit_state.
Also add an __WARN_RATELIMIT variant to be able to use a specific
struct ratelimit_state.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
include/asm-generic/bug.h | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
Index: linux-2.6.35.y/include/asm-generic/bug.h
===================================================================
--- linux-2.6.35.y.orig/include/asm-generic/bug.h
+++ linux-2.6.35.y/include/asm-generic/bug.h
@@ -53,6 +53,22 @@ struct bug_entry {
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while(0)
#endif
+#define __WARN_RATELIMIT(condition, state, format...) \
+({ \
+ int rtn = 0; \
+ if (unlikely(__ratelimit(state))) \
+ rtn = WARN(condition, format); \
+ rtn; \
+})
+
+#define WARN_RATELIMIT(condition, format...) \
+({ \
+ static DEFINE_RATELIMIT_STATE(_rs, \
+ DEFAULT_RATELIMIT_INTERVAL, \
+ DEFAULT_RATELIMIT_BURST); \
+ __WARN_RATELIMIT(condition, &_rs, format); \
+})
+
/*
* WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
* significant issues that need prompt attention if they should ever
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [90/99] net: filter: Use WARN_RATELIMIT
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (88 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [89/99] bug.h: Add WARN_RATELIMIT Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [91/99] af_packet: prevent information leak Andi Kleen
` (8 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: joe, davem, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Joe Perches <joe@perches.com>
[ Upstream commit 6c4a5cb219520c7bc937ee186ca53f03733bd09f ]
A mis-configured filter can spam the logs with lots of stack traces.
Rate-limit the warnings and add printout of the bogus filter information.
Original-patch-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/core/filter.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Index: linux-2.6.35.y/net/core/filter.c
===================================================================
--- linux-2.6.35.y.orig/net/core/filter.c
+++ linux-2.6.35.y/net/core/filter.c
@@ -292,7 +292,9 @@ load_b:
mem[f_k] = X;
continue;
default:
- WARN_ON(1);
+ WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n",
+ fentry->code, fentry->jt,
+ fentry->jf, fentry->k);
return 0;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [91/99] af_packet: prevent information leak
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (89 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [90/99] net: filter: Use WARN_RATELIMIT Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [92/99] net/ipv4: Check for mistakenly passed in non-IPv4 address Andi Kleen
` (7 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: eric.dumazet, ak, kaber, davem, gregkh, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <eric.dumazet@gmail.com>
[ Upstream commit 13fcb7bd322164c67926ffe272846d4860196dc6 ]
In 2.6.27, commit 393e52e33c6c2 (packet: deliver VLAN TCI to userspace)
added a small information leak.
Add padding field and make sure its zeroed before copy to user.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/if_packet.h | 2 ++
net/packet/af_packet.c | 2 ++
2 files changed, 4 insertions(+)
Index: linux-2.6.35.y/include/linux/if_packet.h
===================================================================
--- linux-2.6.35.y.orig/include/linux/if_packet.h
+++ linux-2.6.35.y/include/linux/if_packet.h
@@ -61,6 +61,7 @@ struct tpacket_auxdata {
__u16 tp_mac;
__u16 tp_net;
__u16 tp_vlan_tci;
+ __u16 tp_padding;
};
/* Rx ring - header status */
@@ -99,6 +100,7 @@ struct tpacket2_hdr {
__u32 tp_sec;
__u32 tp_nsec;
__u16 tp_vlan_tci;
+ __u16 tp_padding;
};
#define TPACKET2_HDRLEN (TPACKET_ALIGN(sizeof(struct tpacket2_hdr)) + sizeof(struct sockaddr_ll))
Index: linux-2.6.35.y/net/packet/af_packet.c
===================================================================
--- linux-2.6.35.y.orig/net/packet/af_packet.c
+++ linux-2.6.35.y/net/packet/af_packet.c
@@ -757,6 +757,7 @@ static int tpacket_rcv(struct sk_buff *s
h.h2->tp_sec = ts.tv_sec;
h.h2->tp_nsec = ts.tv_nsec;
h.h2->tp_vlan_tci = vlan_tx_tag_get(skb);
+ h.h2->tp_padding = 0;
hdrlen = sizeof(*h.h2);
break;
default:
@@ -1678,6 +1679,7 @@ static int packet_recvmsg(struct kiocb *
aux.tp_net = skb_network_offset(skb);
aux.tp_vlan_tci = vlan_tx_tag_get(skb);
+ aux.tp_padding = 0;
put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux);
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [92/99] net/ipv4: Check for mistakenly passed in non-IPv4 address
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (90 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [91/99] af_packet: prevent information leak Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [93/99] ipv6/udp: Use the correct variable to determine non-blocking condition Andi Kleen
` (6 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: meissner, max, davem, gregkh, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Marcus Meissner <meissner@suse.de>
[ Upstream commit d0733d2e29b652b2e7b1438ececa732e4eed98eb ]
Check against mistakenly passing in IPv6 addresses (which would result
in an INADDR_ANY bind) or similar incompatible sockaddrs.
Signed-off-by: Marcus Meissner <meissner@suse.de>
Cc: Reinhard Max <max@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/ipv4/af_inet.c | 3 +++
1 file changed, 3 insertions(+)
Index: linux-2.6.35.y/net/ipv4/af_inet.c
===================================================================
--- linux-2.6.35.y.orig/net/ipv4/af_inet.c
+++ linux-2.6.35.y/net/ipv4/af_inet.c
@@ -464,6 +464,9 @@ int inet_bind(struct socket *sock, struc
if (addr_len < sizeof(struct sockaddr_in))
goto out;
+ if (addr->sin_family != AF_INET)
+ goto out;
+
chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr);
/* Not specified by any standard per-se, however it breaks too
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [93/99] ipv6/udp: Use the correct variable to determine non-blocking condition
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (91 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [92/99] net/ipv4: Check for mistakenly passed in non-IPv4 address Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [94/99] udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet Andi Kleen
` (5 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: xufeng.zhang, paul.gortmaker, davem, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Xufeng Zhang <xufeng.zhang@windriver.com>
[ Upstream commit 32c90254ed4a0c698caa0794ebb4de63fcc69631 ]
udpv6_recvmsg() function is not using the correct variable to determine
whether or not the socket is in non-blocking operation, this will lead
to unexpected behavior when a UDP checksum error occurs.
Consider a non-blocking udp receive scenario: when udpv6_recvmsg() is
called by sock_common_recvmsg(), MSG_DONTWAIT bit of flags variable in
udpv6_recvmsg() is cleared by "flags & ~MSG_DONTWAIT" in this call:
err = sk->sk_prot->recvmsg(iocb, sk, msg, size, flags & MSG_DONTWAIT,
flags & ~MSG_DONTWAIT, &addr_len);
i.e. with udpv6_recvmsg() getting these values:
int noblock = flags & MSG_DONTWAIT
int flags = flags & ~MSG_DONTWAIT
So, when udp checksum error occurs, the execution will go to
csum_copy_err, and then the problem happens:
csum_copy_err:
...............
if (flags & MSG_DONTWAIT)
return -EAGAIN;
goto try_again;
...............
But it will always go to try_again as MSG_DONTWAIT has been cleared
from flags at call time -- only noblock contains the original value
of MSG_DONTWAIT, so the test should be:
if (noblock)
return -EAGAIN;
This is also consistent with what the ipv4/udp code does.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/ipv6/udp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.35.y/net/ipv6/udp.c
===================================================================
--- linux-2.6.35.y.orig/net/ipv6/udp.c
+++ linux-2.6.35.y/net/ipv6/udp.c
@@ -445,7 +445,7 @@ csum_copy_err:
}
unlock_sock_fast(sk, slow);
- if (flags & MSG_DONTWAIT)
+ if (noblock)
return -EAGAIN;
goto try_again;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [94/99] udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (92 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [93/99] ipv6/udp: Use the correct variable to determine non-blocking condition Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [95/99] mm: prevent concurrent unmap_mapping_range() on the same Andi Kleen
` (4 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: xufeng.zhang, paul.gortmaker, davem, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Xufeng Zhang <xufeng.zhang@windriver.com>
[ Upstream commit 9cfaa8def1c795a512bc04f2aec333b03724ca2e ]
Consider this scenario: When the size of the first received udp packet
is bigger than the receive buffer, MSG_TRUNC bit is set in msg->msg_flags.
However, if checksum error happens and this is a blocking socket, it will
goto try_again loop to receive the next packet. But if the size of the
next udp packet is smaller than receive buffer, MSG_TRUNC flag should not
be set, but because MSG_TRUNC bit is not cleared in msg->msg_flags before
receive the next packet, MSG_TRUNC is still set, which is wrong.
Fix this problem by clearing MSG_TRUNC flag when starting over for a
new packet.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
net/ipv4/udp.c | 3 +++
net/ipv6/udp.c | 3 +++
2 files changed, 6 insertions(+)
Index: linux-2.6.35.y/net/ipv4/udp.c
===================================================================
--- linux-2.6.35.y.orig/net/ipv4/udp.c
+++ linux-2.6.35.y/net/ipv4/udp.c
@@ -1206,6 +1206,9 @@ csum_copy_err:
if (noblock)
return -EAGAIN;
+
+ /* starting over for a new packet */
+ msg->msg_flags &= ~MSG_TRUNC;
goto try_again;
}
Index: linux-2.6.35.y/net/ipv6/udp.c
===================================================================
--- linux-2.6.35.y.orig/net/ipv6/udp.c
+++ linux-2.6.35.y/net/ipv6/udp.c
@@ -447,6 +447,9 @@ csum_copy_err:
if (noblock)
return -EAGAIN;
+
+ /* starting over for a new packet */
+ msg->msg_flags &= ~MSG_TRUNC;
goto try_again;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [95/99] mm: prevent concurrent unmap_mapping_range() on the same
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (93 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [94/99] udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [96/99] proc: restrict access to /proc/PID/io Andi Kleen
` (3 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: mszeredi, gurudas.pai, hughd, torvalds, gregkh, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Miklos Szeredi <mszeredi@suse.cz>
commit 2aa15890f3c191326678f1bd68af61ec6b8753ec upstream.
Michael Leun reported that running parallel opens on a fuse filesystem
can trigger a "kernel BUG at mm/truncate.c:475"
Gurudas Pai reported the same bug on NFS.
The reason is, unmap_mapping_range() is not prepared for more than
one concurrent invocation per inode. For example:
thread1: going through a big range, stops in the middle of a vma and
stores the restart address in vm_truncate_count.
thread2: comes in with a small (e.g. single page) unmap request on
the same vma, somewhere before restart_address, finds that the
vma was already unmapped up to the restart address and happily
returns without doing anything.
Another scenario would be two big unmap requests, both having to
restart the unmapping and each one setting vm_truncate_count to its
own value. This could go on forever without any of them being able to
finish.
Truncate and hole punching already serialize with i_mutex. Other
callers of unmap_mapping_range() do not, and it's difficult to get
i_mutex protection for all callers. In particular ->d_revalidate(),
which calls invalidate_inode_pages2_range() in fuse, may be called
with or without i_mutex.
This patch adds a new mutex to 'struct address_space' to prevent
running multiple concurrent unmap_mapping_range() on the same mapping.
[ We'll hopefully get rid of all this with the upcoming mm
preemptibility series by Peter Zijlstra, the "mm: Remove i_mmap_mutex
lockbreak" patch in particular. But that is for 2.6.39 ]
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Reported-by: Michael Leun <lkml20101129@newton.leun.net>
Reported-by: Gurudas Pai <gurudas.pai@oracle.com>
Tested-by: Gurudas Pai <gurudas.pai@oracle.com>
Acked-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/inode.c | 22 +++++++++++++++-------
fs/nilfs2/btnode.c | 13 -------------
fs/nilfs2/btnode.h | 1 -
fs/nilfs2/super.c | 2 +-
include/linux/fs.h | 2 ++
mm/memory.c | 2 ++
6 files changed, 20 insertions(+), 22 deletions(-)
Index: linux-2.6.35.y/fs/inode.c
===================================================================
--- linux-2.6.35.y.orig/fs/inode.c
+++ linux-2.6.35.y/fs/inode.c
@@ -245,6 +245,20 @@ void destroy_inode(struct inode *inode)
kmem_cache_free(inode_cachep, (inode));
}
+void address_space_init_once(struct address_space *mapping)
+{
+ memset(mapping, 0, sizeof(*mapping));
+ INIT_RADIX_TREE(&mapping->page_tree, GFP_ATOMIC);
+ spin_lock_init(&mapping->tree_lock);
+ spin_lock_init(&mapping->i_mmap_lock);
+ INIT_LIST_HEAD(&mapping->private_list);
+ spin_lock_init(&mapping->private_lock);
+ INIT_RAW_PRIO_TREE_ROOT(&mapping->i_mmap);
+ INIT_LIST_HEAD(&mapping->i_mmap_nonlinear);
+ mutex_init(&mapping->unmap_mutex);
+}
+EXPORT_SYMBOL(address_space_init_once);
+
/*
* These are initializations that only need to be done
* once, because the fields are idempotent across use
@@ -256,13 +270,7 @@ void inode_init_once(struct inode *inode
INIT_HLIST_NODE(&inode->i_hash);
INIT_LIST_HEAD(&inode->i_dentry);
INIT_LIST_HEAD(&inode->i_devices);
- INIT_RADIX_TREE(&inode->i_data.page_tree, GFP_ATOMIC);
- spin_lock_init(&inode->i_data.tree_lock);
- spin_lock_init(&inode->i_data.i_mmap_lock);
- INIT_LIST_HEAD(&inode->i_data.private_list);
- spin_lock_init(&inode->i_data.private_lock);
- INIT_RAW_PRIO_TREE_ROOT(&inode->i_data.i_mmap);
- INIT_LIST_HEAD(&inode->i_data.i_mmap_nonlinear);
+ address_space_init_once(&inode->i_data);
i_size_ordered_init(inode);
#ifdef CONFIG_INOTIFY
INIT_LIST_HEAD(&inode->inotify_watches);
Index: linux-2.6.35.y/fs/nilfs2/btnode.c
===================================================================
--- linux-2.6.35.y.orig/fs/nilfs2/btnode.c
+++ linux-2.6.35.y/fs/nilfs2/btnode.c
@@ -35,19 +35,6 @@
#include "btnode.h"
-void nilfs_btnode_cache_init_once(struct address_space *btnc)
-{
- memset(btnc, 0, sizeof(*btnc));
- INIT_RADIX_TREE(&btnc->page_tree, GFP_ATOMIC);
- spin_lock_init(&btnc->tree_lock);
- INIT_LIST_HEAD(&btnc->private_list);
- spin_lock_init(&btnc->private_lock);
-
- spin_lock_init(&btnc->i_mmap_lock);
- INIT_RAW_PRIO_TREE_ROOT(&btnc->i_mmap);
- INIT_LIST_HEAD(&btnc->i_mmap_nonlinear);
-}
-
static const struct address_space_operations def_btnode_aops = {
.sync_page = block_sync_page,
};
Index: linux-2.6.35.y/fs/nilfs2/btnode.h
===================================================================
--- linux-2.6.35.y.orig/fs/nilfs2/btnode.h
+++ linux-2.6.35.y/fs/nilfs2/btnode.h
@@ -37,7 +37,6 @@ struct nilfs_btnode_chkey_ctxt {
struct buffer_head *newbh;
};
-void nilfs_btnode_cache_init_once(struct address_space *);
void nilfs_btnode_cache_init(struct address_space *, struct backing_dev_info *);
void nilfs_btnode_cache_clear(struct address_space *);
struct buffer_head *nilfs_btnode_create_block(struct address_space *btnc,
Index: linux-2.6.35.y/fs/nilfs2/super.c
===================================================================
--- linux-2.6.35.y.orig/fs/nilfs2/super.c
+++ linux-2.6.35.y/fs/nilfs2/super.c
@@ -1120,7 +1120,7 @@ static void nilfs_inode_init_once(void *
#ifdef CONFIG_NILFS_XATTR
init_rwsem(&ii->xattr_sem);
#endif
- nilfs_btnode_cache_init_once(&ii->i_btnode_cache);
+ address_space_init_once(&ii->i_btnode_cache);
ii->i_bmap = (struct nilfs_bmap *)&ii->i_bmap_union;
inode_init_once(&ii->vfs_inode);
}
Index: linux-2.6.35.y/include/linux/fs.h
===================================================================
--- linux-2.6.35.y.orig/include/linux/fs.h
+++ linux-2.6.35.y/include/linux/fs.h
@@ -639,6 +639,7 @@ struct address_space {
spinlock_t private_lock; /* for use by the address_space */
struct list_head private_list; /* ditto */
struct address_space *assoc_mapping; /* ditto */
+ struct mutex unmap_mutex; /* to protect unmapping */
} __attribute__((aligned(sizeof(long))));
/*
* On most architectures that alignment is already the case; but
@@ -2160,6 +2161,7 @@ extern loff_t vfs_llseek(struct file *fi
extern int inode_init_always(struct super_block *, struct inode *);
extern void inode_init_once(struct inode *);
+extern void address_space_init_once(struct address_space *mapping);
extern void inode_add_to_lists(struct super_block *, struct inode *);
extern void iput(struct inode *);
extern struct inode * igrab(struct inode *);
Index: linux-2.6.35.y/mm/memory.c
===================================================================
--- linux-2.6.35.y.orig/mm/memory.c
+++ linux-2.6.35.y/mm/memory.c
@@ -2573,6 +2573,7 @@ void unmap_mapping_range(struct address_
details.last_index = ULONG_MAX;
details.i_mmap_lock = &mapping->i_mmap_lock;
+ mutex_lock(&mapping->unmap_mutex);
spin_lock(&mapping->i_mmap_lock);
/* Protect against endless unmapping loops */
@@ -2589,6 +2590,7 @@ void unmap_mapping_range(struct address_
if (unlikely(!list_empty(&mapping->i_mmap_nonlinear)))
unmap_mapping_range_list(&mapping->i_mmap_nonlinear, &details);
spin_unlock(&mapping->i_mmap_lock);
+ mutex_unlock(&mapping->unmap_mutex);
}
EXPORT_SYMBOL(unmap_mapping_range);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [96/99] proc: restrict access to /proc/PID/io
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (94 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [95/99] mm: prevent concurrent unmap_mapping_range() on the same Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [97/99] alpha: fix several security issues Andi Kleen
` (2 subsequent siblings)
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: segoon, torvalds, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Vasiliy Kulikov <segoon@openwall.com>
[ upstream commit 1d1221f375c94ef961ba8574ac4f85c8870ddd51 ]
/proc/PID/io may be used for gathering private information. E.g. for
openssh and vsftpd daemons wchars/rchars may be used to learn the
precise password length. Restrict it to processes being able to ptrace
the target process.
ptrace_may_access() is needed to prevent keeping open file descriptor of
"io" file, executing setuid binary and gathering io information of the
setuid'ed process.
Said to be CVE-2011-2495
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Index: linux-2.6.35.y/fs/proc/base.c
===================================================================
--- linux-2.6.35.y.orig/fs/proc/base.c
+++ linux-2.6.35.y/fs/proc/base.c
@@ -2514,6 +2514,9 @@ static int do_io_accounting(struct task_
struct task_io_accounting acct = task->ioac;
unsigned long flags;
+ if (!ptrace_may_access(task, PTRACE_MODE_READ))
+ return -EACCES;
+
if (whole && lock_task_sighand(task, &flags)) {
struct task_struct *t = task;
@@ -2636,7 +2639,7 @@ static const struct pid_entry tgid_base_
REG("coredump_filter", S_IRUGO|S_IWUSR, proc_coredump_filter_operations),
#endif
#ifdef CONFIG_TASK_IO_ACCOUNTING
- INF("io", S_IRUGO, proc_tgid_io_accounting),
+ INF("io", S_IRUSR, proc_tgid_io_accounting),
#endif
};
@@ -2972,7 +2975,7 @@ static const struct pid_entry tid_base_s
REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations),
#endif
#ifdef CONFIG_TASK_IO_ACCOUNTING
- INF("io", S_IRUGO, proc_tid_io_accounting),
+ INF("io", S_IRUSR, proc_tid_io_accounting),
#endif
};
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [97/99] alpha: fix several security issues
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (95 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [96/99] proc: restrict access to /proc/PID/io Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [98/99] x86: Make Dell Latitude E5420 use reboot=pci Andi Kleen
2011-07-27 21:49 ` [PATCH] [99/99] x86: Make Dell Latitude E6420 " Andi Kleen
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: drosenberg, rth, ink, mattst88, akpm, torvalds, ak, linux-kernel,
stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Dan Rosenberg <drosenberg@vsecurity.com>
[ upstream commit 21c5977a836e399fc710ff2c5367845ed5c2527f ]
Fix several security issues in Alpha-specific syscalls. Untested, but
mostly trivial.
1. Signedness issue in osf_getdomainname allows copying out-of-bounds
kernel memory to userland.
2. Signedness issue in osf_sysinfo allows copying large amounts of
kernel memory to userland.
3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy
size, allowing copying large amounts of kernel memory to userland.
4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows
privilege escalation via writing return value of sys_wait4 to kernel
memory.
Said to fix CVE-2011-2208 to CVE-2011-2211
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Index: linux-2.6.35.y/arch/alpha/kernel/osf_sys.c
===================================================================
--- linux-2.6.35.y.orig/arch/alpha/kernel/osf_sys.c
+++ linux-2.6.35.y/arch/alpha/kernel/osf_sys.c
@@ -432,7 +432,7 @@ SYSCALL_DEFINE2(osf_getdomainname, char
return -EFAULT;
len = namelen;
- if (namelen > 32)
+ if (len > 32)
len = 32;
down_read(&uts_sem);
@@ -619,7 +619,7 @@ SYSCALL_DEFINE3(osf_sysinfo, int, comman
down_read(&uts_sem);
res = sysinfo_table[offset];
len = strlen(res)+1;
- if (len > count)
+ if ((unsigned long)len > (unsigned long)count)
len = count;
if (copy_to_user(buf, res, len))
err = -EFAULT;
@@ -674,7 +674,7 @@ SYSCALL_DEFINE5(osf_getsysinfo, unsigned
return 1;
case GSI_GET_HWRPB:
- if (nbytes < sizeof(*hwrpb))
+ if (nbytes > sizeof(*hwrpb))
return -EINVAL;
if (copy_to_user(buffer, hwrpb, nbytes) != 0)
return -EFAULT;
@@ -1036,6 +1036,7 @@ SYSCALL_DEFINE4(osf_wait4, pid_t, pid, i
{
struct rusage r;
long ret, err;
+ unsigned int status = 0;
mm_segment_t old_fs;
if (!ur)
@@ -1044,13 +1045,15 @@ SYSCALL_DEFINE4(osf_wait4, pid_t, pid, i
old_fs = get_fs();
set_fs (KERNEL_DS);
- ret = sys_wait4(pid, ustatus, options, (struct rusage __user *) &r);
+ ret = sys_wait4(pid, (unsigned int __user *) &status, options,
+ (struct rusage __user *) &r);
set_fs (old_fs);
if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur)))
return -EFAULT;
err = 0;
+ err |= put_user(status, ustatus);
err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec);
err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec);
err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec);
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [98/99] x86: Make Dell Latitude E5420 use reboot=pci
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (96 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [97/99] alpha: fix several security issues Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
2011-07-27 21:49 ` [PATCH] [99/99] x86: Make Dell Latitude E6420 " Andi Kleen
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: daniel.blueman, ak, hpa, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Daniel J Blueman <daniel.blueman@gmail.com>
[ upstream commit b7798d28ec15d20fd34b70fa57eb13f0cf6d1ecd ]
Rebooting on the Dell E5420 often hangs with the keyboard or ACPI
methods, but is reliable via the PCI method.
[ hpa: this was deferred because we believed for a long time that the
recent reshuffling of the boot priorities in commit
660e34cebf0a11d54f2d5dd8838607452355f321 fixed this platform.
Unfortunately that turned out to be incorrect. ]
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Link: http://lkml.kernel.org/r/1305248699-2347-1-git-send-email-daniel.blueman@gmail.com
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: <stable@kernel.org>
Index: linux-2.6.35.y/arch/x86/kernel/reboot.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/kernel/reboot.c
+++ linux-2.6.35.y/arch/x86/kernel/reboot.c
@@ -477,6 +477,14 @@ static struct dmi_system_id __initdata p
DMI_MATCH(DMI_PRODUCT_NAME, "iMac9,1"),
},
},
+ { /* Handle problems with rebooting on the Latitude E5420. */
+ .callback = set_pci_reboot,
+ .ident = "Dell Latitude E5420",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Latitude E5420"),
+ },
+ },
{ }
};
^ permalink raw reply [flat|nested] 110+ messages in thread
* [PATCH] [99/99] x86: Make Dell Latitude E6420 use reboot=pci
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
` (97 preceding siblings ...)
2011-07-27 21:49 ` [PATCH] [98/99] x86: Make Dell Latitude E5420 use reboot=pci Andi Kleen
@ 2011-07-27 21:49 ` Andi Kleen
98 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-27 21:49 UTC (permalink / raw)
To: hpa, ak, linux-kernel, stable, tim.bird
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: H. Peter Anvin <hpa@zytor.com>
[ upstream commit a536877e77f73ea22d12d94a019fedd9671b6acd ]
Yet another variant of the Dell Latitude series which requires
reboot=pci.
>From the E5420 bug report by Daniel J Blueman:
> The E6420 is affected also (same platform, different casing and
> features), which provides an external confirmation of the issue; I can
> submit a patch for that later or include it if you prefer:
> http://linux.koolsolutions.com/2009/08/04/howto-fix-linux-hangfreeze-during-reboots-and-restarts/
Reported-by: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: <stable@kernel.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Index: linux-2.6.35.y/arch/x86/kernel/reboot.c
===================================================================
--- linux-2.6.35.y.orig/arch/x86/kernel/reboot.c
+++ linux-2.6.35.y/arch/x86/kernel/reboot.c
@@ -485,6 +485,14 @@ static struct dmi_system_id __initdata p
DMI_MATCH(DMI_PRODUCT_NAME, "Latitude E5420"),
},
},
+ { /* Handle problems with rebooting on the Latitude E6420. */
+ .callback = set_pci_reboot,
+ .ident = "Dell Latitude E6420",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Latitude E6420"),
+ },
+ },
{ }
};
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code
2011-07-27 21:48 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
@ 2011-07-28 1:51 ` Fernando Luis Vazquez Cao
2011-07-28 1:53 ` [STABLE] [PATCH] IGMP snooping: set mrouters_only flag for IPv4 traffic properly Fernando Luis Vazquez Cao
2011-07-28 23:54 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
0 siblings, 2 replies; 110+ messages in thread
From: Fernando Luis Vazquez Cao @ 2011-07-28 1:51 UTC (permalink / raw)
To: Andi Kleen; +Cc: pablo, gregkh, ak, linux-kernel, stable, tim.bird
Hi Andi,
Thank you for picking up patches 58/99 (netfilter: IPv6: initialize TOS
field in REJECT target module) and 59/99 (netfilter: IPv6: fix DSCP
mangle code).
I would really appreciate it if you could also apply two IGMP snooping
fixes that are already upstream, without them multicast bridging does
not work at all in certain configurations. I will be replying to this
email with the patches.
Thanks,
Fernando
^ permalink raw reply [flat|nested] 110+ messages in thread
* [STABLE] [PATCH] IGMP snooping: set mrouters_only flag for IPv4 traffic properly
2011-07-28 1:51 ` Fernando Luis Vazquez Cao
@ 2011-07-28 1:53 ` Fernando Luis Vazquez Cao
2011-07-28 1:54 ` [STABLE][PATCH] IGMP snooping: set mrouters_only flag for IPv6 " Fernando Luis Vazquez Cao
2011-07-28 23:54 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
1 sibling, 1 reply; 110+ messages in thread
From: Fernando Luis Vazquez Cao @ 2011-07-28 1:53 UTC (permalink / raw)
To: Andi Kleen; +Cc: pablo, gregkh, ak, linux-kernel, stable, tim.bird
From: Fernando Luis Vázquez Cao <fernando@oss.ntt.co.jp>
commit 62b2bcb49cca72f6d3f39f831127a6ab315a475d upstream.
Upon reception of a IGMP/IGMPv2 membership report the kernel sets the
mrouters_only flag in a skb that may be a clone of the original skb, which
means that sometimes the bridge loses track of membership report packets (cb
buffers are tied to a specific skb and not shared) and it ends up forwading
join requests to the bridge interface.
This can cause unexpected membership timeouts and intermitent/permanent loss
of connectivity as described in RFC 4541 [2.1.1. IGMP Forwarding Rules]:
A snooping switch should forward IGMP Membership Reports only to
those ports where multicast routers are attached.
[...]
Sending membership reports to other hosts can result, for IGMPv1
and IGMPv2, in unintentionally preventing a host from joining a
specific multicast group.
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Tested-by: Hayato Kakuta <kakuta.hayato@oss.ntt.co.jp>
Signed-off-by: David S. Miller <davem@conan.davemloft.net>
---
diff -urNp linux-2.6.35.13-orig/net/bridge/br_multicast.c linux-2.6.35.13/net/bridge/br_multicast.c
--- linux-2.6.35.13-orig/net/bridge/br_multicast.c 2011-04-29 00:21:24.000000000 +0900
+++ linux-2.6.35.13/net/bridge/br_multicast.c 2011-07-28 10:28:08.505872639 +0900
@@ -1403,7 +1403,7 @@ static int br_multicast_ipv4_rcv(struct
switch (ih->type) {
case IGMP_HOST_MEMBERSHIP_REPORT:
case IGMPV2_HOST_MEMBERSHIP_REPORT:
- BR_INPUT_SKB_CB(skb2)->mrouters_only = 1;
+ BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
err = br_ip4_multicast_add_group(br, port, ih->group);
break;
case IGMPV3_HOST_MEMBERSHIP_REPORT:
^ permalink raw reply [flat|nested] 110+ messages in thread
* [STABLE][PATCH] IGMP snooping: set mrouters_only flag for IPv6 traffic properly
2011-07-28 1:53 ` [STABLE] [PATCH] IGMP snooping: set mrouters_only flag for IPv4 traffic properly Fernando Luis Vazquez Cao
@ 2011-07-28 1:54 ` Fernando Luis Vazquez Cao
0 siblings, 0 replies; 110+ messages in thread
From: Fernando Luis Vazquez Cao @ 2011-07-28 1:54 UTC (permalink / raw)
To: Andi Kleen; +Cc: pablo, gregkh, ak, linux-kernel, stable, tim.bird
From: Fernando Luis Vázquez Cao <fernando@oss.ntt.co.jp>
commit fc2af6c73fc9449cd5894a36bb76b8f8c0e49fd8 upstream.
Upon reception of a MGM report packet the kernel sets the mrouters_only flag
in a skb that is a clone of the original skb, which means that the bridge
loses track of MGM packets (cb buffers are tied to a specific skb and not
shared) and it ends up forwading join requests to the bridge interface.
This can cause unexpected membership timeouts and intermitent/permanent loss
of connectivity as described in RFC 4541 [2.1.1. IGMP Forwarding Rules]:
A snooping switch should forward IGMP Membership Reports only to
those ports where multicast routers are attached.
[...]
Sending membership reports to other hosts can result, for IGMPv1
and IGMPv2, in unintentionally preventing a host from joining a
specific multicast group.
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: David S. Miller <davem@conan.davemloft.net>
---
diff -urNp linux-2.6.35.13-orig/net/bridge/br_multicast.c linux-2.6.35.13/net/bridge/br_multicast.c
--- linux-2.6.35.13-orig/net/bridge/br_multicast.c 2011-07-28 10:29:17.818721561 +0900
+++ linux-2.6.35.13/net/bridge/br_multicast.c 2011-07-28 10:35:14.959083129 +0900
@@ -1517,7 +1517,7 @@ static int br_multicast_ipv6_rcv(struct
case ICMPV6_MGM_REPORT:
{
struct mld_msg *mld = (struct mld_msg *)icmp6h;
- BR_INPUT_SKB_CB(skb2)->mrouters_only = 1;
+ BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
err = br_ip6_multicast_add_group(br, port, &mld->mld_mca);
break;
}
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode."
2011-07-27 21:49 ` [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode." Andi Kleen
@ 2011-07-28 8:24 ` Stanislaw Gruszka
2011-07-28 13:45 ` Guy, Wey-Yi
2011-07-28 17:32 ` Andi Kleen
0 siblings, 2 replies; 110+ messages in thread
From: Stanislaw Gruszka @ 2011-07-28 8:24 UTC (permalink / raw)
To: Andi Kleen
Cc: gregkh, herton.krzesinski, gengor, donald.h.fry, wey-yi.w.guy,
ak, linux-kernel, stable, tim.bird
On Wed, Jul 27, 2011 at 02:49:03PM -0700, Andi Kleen wrote:
> 2.6.35-longterm review patch. If anyone has any objections, please let me know.
>
> ------------------
> This reverts commit 6f63415fc1b690cb50c2ad48ba6e9e6e88e271b4.
>
> It turns out this is not what we want to have happen for the .32 and
> .33-longterm kernels as it does not work properly at all.
Hmm, it does not work on .32 and .33 because they do not contain
the commit (which 2.6.35 has):
commit dd7a2509b3a79b290730a9c6a784bf03fedabb9a
Author: Johannes Berg <johannes.berg@intel.com>
Date: Wed Apr 28 23:33:10 2010 -0700
iwlagn: implement loading a new firmware file type
> This was reported by Gentoo, Arch, and Canonical developers as causing
> problems for their users:
> https://bugs.archlinux.org/task/24302
This is a bug about 2.6.32.
> http://bugs.gentoo.org/show_bug.cgi?id=359445
This looks like problem when only 8.83.5 (v5) firmware is available
on the system, but kernel is old and support only v2 version. This
should be solved by providing both old 8.24.2 (v2) and new 8.83.5 (v5)
firmware blobs in one package.
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796336
Also 2.6.32 case.
There could be reasons for this change, but I do not see them here.
Stanislaw
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [69/99] TTY: ldisc, do not close until there are readers
2011-07-27 21:49 ` [PATCH] [69/99] TTY: ldisc, do not close until there are readers Andi Kleen
@ 2011-07-28 13:29 ` Jiri Slaby
0 siblings, 0 replies; 110+ messages in thread
From: Jiri Slaby @ 2011-07-28 13:29 UTC (permalink / raw)
To: Andi Kleen; +Cc: alan, torvalds, gregkh, ak, linux-kernel, stable, tim.bird
On 07/28/2011 01:49 AM, Andi Kleen wrote:
> 2.6.35-longterm review patch. If anyone has any objections, please let me know.
>
> ------------------
> From: Jiri Slaby<jslaby@suse.cz>
>
> commit 92f6fa09bd453ffe3351fa1f1377a1b7cfa911e6 upstream.
>
> We restored tty_ldisc_wait_idle in 100eeae2c5c (TTY: restore
> tty_ldisc_wait_idle). We used it in the ldisc changing path to fix the
> case where there are tasks in n_tty_read waiting for data and somebody
> tries to change ldisc.
>
> Similar to the case above, there may be also tasks waiting in
> n_tty_read while hangup is performed. As 65b770468e98 (tty-ldisc: turn
> ldisc user count into a proper refcount) removed the wait-until-idle
> from all paths, hangup path won't wait for them to disappear either
> now. So add it back even to the hangup path.
>
> There is a difference, we need uninterruptible sleep as there is
> obviously HUP signal pending. So tty_ldisc_wait_idle now sleeps
> without possibility to be interrupted. This is what original
> tty_ldisc_wait_idle did. After the wait idle reintroduction
> (100eeae2c5c), we have had interruptible sleeps for the ldisc changing
> path. But as there is a 5s timeout anyway, we don't allow it to be
> interrupted from now on. It's not worth the added complexity of
> deciding what kind of sleep we want.
>
> Before 65b770468e98 tty_ldisc_release was called also from
> tty_ldisc_release. It is called from tty_release, so I don't think we
> need to restore that one.
>
> This is nicely reproducible after constifying the timing when
> drivers/tty/n_tty.c is patched as follows ("TTY: ntty, add one more
> sanity check" patch is needed to actually see it explode):
> %% -1548,6 +1549,7 @@ static int n_tty_open(struct tty_struct *tty)
>
> /* These are ugly. Currently a malloc failure here can panic */
> if (!tty->read_buf) {
> + msleep(100);
> tty->read_buf = kzalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
> if (!tty->read_buf)
> return -ENOMEM;
> %% -1785,6 +1788,7 @@ do_it_again:
> break;
> }
> timeout = schedule_timeout(timeout);
> + msleep(20);
> continue;
> }
> __set_current_state(TASK_RUNNING);
> ===== With a process: =====
> while (1) {
> int fd = open(argv[1], O_RDWR);
> read(fd, buf, sizeof(buf));
> close(fd);
> }
> ===== and its child: =====
> setsid();
> while (1) {
> int fd = open(tty, O_RDWR|O_NOCTTY);
> ioctl(fd, TIOCSCTTY, 1);
> vhangup();
> close(fd);
> usleep(100 * (10 + random() % 1000));
> }
> ===== EOF =====
>
> References: https://bugzilla.novell.com/show_bug.cgi?id=693374
> References: https://bugzilla.novell.com/show_bug.cgi?id=694509
> Signed-off-by: Jiri Slaby<jslaby@suse.cz>
> Cc: Alan Cox<alan@lxorguk.ukuu.org.uk>
> Cc: Linus Torvalds<torvalds@linux-foundation.org>
> Signed-off-by: Greg Kroah-Hartman<gregkh@suse.de>
> Signed-off-by: Andi Kleen<ak@linux.intel.com>
>
> ---
> drivers/char/tty_ldisc.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> Index: linux-2.6.35.y/drivers/char/tty_ldisc.c
> ===================================================================
> --- linux-2.6.35.y.orig/drivers/char/tty_ldisc.c
> +++ linux-2.6.35.y/drivers/char/tty_ldisc.c
> @@ -543,7 +543,7 @@ static int tty_ldisc_halt(struct tty_str
> static int tty_ldisc_wait_idle(struct tty_struct *tty)
> {
> int ret;
> - ret = wait_event_interruptible_timeout(tty_ldisc_idle,
> + ret = wait_event_timeout(tty_ldisc_idle,
> atomic_read(&tty->ldisc->users) == 1, 5 * HZ);
> if (ret< 0)
> return ret;
> @@ -750,6 +750,8 @@ static int tty_ldisc_reinit(struct tty_s
> if (IS_ERR(ld))
> return -1;
>
> + WARN_ON_ONCE(tty_ldisc_wait_idle(tty));
Please hold on for backporting this into stable, the WARN_ON is reported
to trigger in some cases.
> +
> tty_ldisc_close(tty, tty->ldisc);
> tty_ldisc_put(tty->ldisc);
> tty->ldisc = NULL;
regards,
--
js
suse labs
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode."
2011-07-28 8:24 ` Stanislaw Gruszka
@ 2011-07-28 13:45 ` Guy, Wey-Yi
2011-07-28 23:50 ` Andi Kleen
2011-07-28 17:32 ` Andi Kleen
1 sibling, 1 reply; 110+ messages in thread
From: Guy, Wey-Yi @ 2011-07-28 13:45 UTC (permalink / raw)
To: Stanislaw Gruszka
Cc: Andi Kleen, gregkh, herton.krzesinski, gengor, Fry, Donald H, ak,
linux-kernel, stable, tim.bird
On Thu, 2011-07-28 at 01:24 -0700, Stanislaw Gruszka wrote:
> On Wed, Jul 27, 2011 at 02:49:03PM -0700, Andi Kleen wrote:
> > 2.6.35-longterm review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> > This reverts commit 6f63415fc1b690cb50c2ad48ba6e9e6e88e271b4.
> >
> > It turns out this is not what we want to have happen for the .32 and
> > .33-longterm kernels as it does not work properly at all.
>
> Hmm, it does not work on .32 and .33 because they do not contain
> the commit (which 2.6.35 has):
>
> commit dd7a2509b3a79b290730a9c6a784bf03fedabb9a
> Author: Johannes Berg <johannes.berg@intel.com>
> Date: Wed Apr 28 23:33:10 2010 -0700
>
> iwlagn: implement loading a new firmware file type
>
> > This was reported by Gentoo, Arch, and Canonical developers as causing
> > problems for their users:
> > https://bugs.archlinux.org/task/24302
> This is a bug about 2.6.32.
>
> > http://bugs.gentoo.org/show_bug.cgi?id=359445
> This looks like problem when only 8.83.5 (v5) firmware is available
> on the system, but kernel is old and support only v2 version. This
> should be solved by providing both old 8.24.2 (v2) and new 8.83.5 (v5)
> firmware blobs in one package.
>
> > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796336
> Also 2.6.32 case.
>
> There could be reasons for this change, but I do not see them here.
>
The -5 version of firmware has addition TLV information in the firmware
file which provide the firmware capabilities to the driver. it is
important feature starting from -5 version of firmware; and it require
driver to parsing the new file type.
just like Gruszka mention, please include
commit dd7a2509b3a79b290730a9c6a784bf03fedabb9a
Thanks
Wey
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode."
2011-07-28 8:24 ` Stanislaw Gruszka
2011-07-28 13:45 ` Guy, Wey-Yi
@ 2011-07-28 17:32 ` Andi Kleen
2011-07-29 10:45 ` Stanislaw Gruszka
1 sibling, 1 reply; 110+ messages in thread
From: Andi Kleen @ 2011-07-28 17:32 UTC (permalink / raw)
To: Stanislaw Gruszka
Cc: Andi Kleen, gregkh, herton.krzesinski, gengor, donald.h.fry,
wey-yi.w.guy, ak, linux-kernel, stable, tim.bird
> commit dd7a2509b3a79b290730a9c6a784bf03fedabb9a
> Author: Johannes Berg <johannes.berg@intel.com>
> Date: Wed Apr 28 23:33:10 2010 -0700
>
> iwlagn: implement loading a new firmware file type
>
> > This was reported by Gentoo, Arch, and Canonical developers as causing
> > problems for their users:
> > https://bugs.archlinux.org/task/24302
> This is a bug about 2.6.32.
>
> > http://bugs.gentoo.org/show_bug.cgi?id=359445
> This looks like problem when only 8.83.5 (v5) firmware is available
> on the system, but kernel is old and support only v2 version. This
> should be solved by providing both old 8.24.2 (v2) and new 8.83.5 (v5)
> firmware blobs in one package.
>
> > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796336
> Also 2.6.32 case.
I took them from .32. Should I drop them?
>
> There could be reasons for this change, but I do not see them here.
Can you please clearly indicate which patches I should drop and which keep?
Thanks,
-Andi
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode."
2011-07-28 13:45 ` Guy, Wey-Yi
@ 2011-07-28 23:50 ` Andi Kleen
0 siblings, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-28 23:50 UTC (permalink / raw)
To: Guy, Wey-Yi
Cc: Stanislaw Gruszka, Andi Kleen, gregkh, herton.krzesinski, gengor,
Fry, Donald H, ak, linux-kernel, stable, tim.bird
> just like Gruszka mention, please include
> commit dd7a2509b3a79b290730a9c6a784bf03fedabb9a
That patch is already included.
Ok I dropped the revert for now. Let's see what happens.
-Andi
--
ak@linux.intel.com -- Speaking for myself only.
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code
2011-07-28 1:51 ` Fernando Luis Vazquez Cao
2011-07-28 1:53 ` [STABLE] [PATCH] IGMP snooping: set mrouters_only flag for IPv4 traffic properly Fernando Luis Vazquez Cao
@ 2011-07-28 23:54 ` Andi Kleen
1 sibling, 0 replies; 110+ messages in thread
From: Andi Kleen @ 2011-07-28 23:54 UTC (permalink / raw)
To: Fernando Luis Vazquez Cao
Cc: Andi Kleen, pablo, gregkh, ak, linux-kernel, stable, tim.bird
On Thu, Jul 28, 2011 at 10:51:13AM +0900, Fernando Luis Vazquez Cao wrote:
> Hi Andi,
>
> Thank you for picking up patches 58/99 (netfilter: IPv6: initialize TOS
> field in REJECT target module) and 59/99 (netfilter: IPv6: fix DSCP
> mangle code).
>
> I would really appreciate it if you could also apply two IGMP snooping
> fixes that are already upstream, without them multicast bridging does
> not work at all in certain configurations. I will be replying to this
> email with the patches.
Added thanks.
-Andi
^ permalink raw reply [flat|nested] 110+ messages in thread
* Re: [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode."
2011-07-28 17:32 ` Andi Kleen
@ 2011-07-29 10:45 ` Stanislaw Gruszka
0 siblings, 0 replies; 110+ messages in thread
From: Stanislaw Gruszka @ 2011-07-29 10:45 UTC (permalink / raw)
To: Andi Kleen
Cc: gregkh, herton.krzesinski, gengor, donald.h.fry, wey-yi.w.guy,
ak, linux-kernel, stable, tim.bird
On Thu, Jul 28, 2011 at 07:32:41PM +0200, Andi Kleen wrote:
> > commit dd7a2509b3a79b290730a9c6a784bf03fedabb9a
> > Author: Johannes Berg <johannes.berg@intel.com>
> > Date: Wed Apr 28 23:33:10 2010 -0700
> >
> > iwlagn: implement loading a new firmware file type
> >
> > > This was reported by Gentoo, Arch, and Canonical developers as causing
> > > problems for their users:
> > > https://bugs.archlinux.org/task/24302
> > This is a bug about 2.6.32.
> >
> > > http://bugs.gentoo.org/show_bug.cgi?id=359445
> > This looks like problem when only 8.83.5 (v5) firmware is available
> > on the system, but kernel is old and support only v2 version. This
> > should be solved by providing both old 8.24.2 (v2) and new 8.83.5 (v5)
> > firmware blobs in one package.
> >
> > > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796336
> > Also 2.6.32 case.
>
> I took them from .32. Should I drop them?
Reverting support for v5 firmware in .32 is ok.
> > There could be reasons for this change, but I do not see them here.
>
> Can you please clearly indicate which patches I should drop and which keep?
You already decided to drop this patch for now, good.
I can observe lot's of "Received BA when not expected" when new firmware
is used, not happen with old firmware. So this commit should be picked
from upstream:
commit bfd36103ec26599557c2bd3225a1f1c9267f8fcb
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Fri Apr 29 17:51:06 2011 +0200
iwlagn: fix "Received BA when not expected"
However we already applied it on 2.6.35 based Fedora-14 kernel (together with
some other iwlwifi patches), and get report about regression. So I need
to figure this out. I'm going to look more at the issue, and possibly
post some backport patches, when solve problems. For now, I think we should
not do anything with iwlwifi in 2.6.35, as long nobody will report some
regression.
Stanislaw
^ permalink raw reply [flat|nested] 110+ messages in thread
end of thread, other threads:[~2011-07-29 10:44 UTC | newest]
Thread overview: 110+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
2011-07-27 21:47 ` [PATCH] [1/99] x86, amd: Do not enable ARAT feature on AMD processors below Andi Kleen
2011-07-27 21:48 ` [PATCH] [2/99] x86, amd: Use _safe() msr access for GartTlbWlk disable code Andi Kleen
2011-07-27 21:48 ` [PATCH] [3/99] rcu: Fix unpaired rcu_irq_enter() from locking selftests Andi Kleen
2011-07-27 21:48 ` [PATCH] [4/99] staging: usbip: fix wrong endian conversion Andi Kleen
2011-07-27 21:48 ` [PATCH] [5/99] Fix for buffer overflow in ldm_frag_add not sufficient Andi Kleen
2011-07-27 21:48 ` [PATCH] [6/99] seqlock: Don't smp_rmb in seqlock reader spin loop Andi Kleen
2011-07-27 21:48 ` [PATCH] [7/99] ALSA: HDA: Use one dmic only for Dell Studio 1558 Andi Kleen
2011-07-27 21:48 ` [PATCH] [8/99] ASoC: Ensure output PGA is enabled for line outputs in Andi Kleen
2011-07-27 21:48 ` [PATCH] [9/99] ASoC: Add some missing volume update bit sets for wm_hubs Andi Kleen
2011-07-27 21:48 ` [PATCH] [10/99] mm/page_alloc.c: prevent unending loop in Andi Kleen
2011-07-27 21:48 ` [PATCH] [11/99] loop: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
2011-07-27 21:48 ` [PATCH] [12/99] loop: handle on-demand devices correctly Andi Kleen
2011-07-27 21:48 ` [PATCH] [13/99] USB: CP210x Add 4 Device IDs for AC-Services Devices Andi Kleen
2011-07-27 21:48 ` [PATCH] [14/99] USB: moto_modem: Add USB identifier for the Motorola VE240 Andi Kleen
2011-07-27 21:48 ` [PATCH] [15/99] USB: serial: ftdi_sio: adding support for TavIR STK500 Andi Kleen
2011-07-27 21:48 ` [PATCH] [16/99] USB: gamin_gps: Fix for data transfer problems in native Andi Kleen
2011-07-27 21:48 ` [PATCH] [17/99] usb/gadget: at91sam9g20 fix end point max packet size Andi Kleen
2011-07-27 21:48 ` [PATCH] [18/99] usb: gadget: rndis: don't test against req->length Andi Kleen
2011-07-27 21:48 ` [PATCH] [19/99] xhci: Fix full speed bInterval encoding Andi Kleen
2011-07-27 21:48 ` [PATCH] [20/99] OHCI: work around for nVidia shutdown problem Andi Kleen
2011-07-27 21:48 ` [PATCH] [21/99] OHCI: fix regression caused by nVidia shutdown workaround Andi Kleen
2011-07-27 21:48 ` [PATCH] [22/99] p54usb: add zoom 4410 usbid Andi Kleen
2011-07-27 21:48 ` [PATCH] [23/99] eCryptfs: Allow 2 scatterlist entries for encrypted Andi Kleen
2011-07-27 21:48 ` [PATCH] [24/99] UBIFS: fix a rare memory leak in ro to rw remounting path Andi Kleen
2011-07-27 21:48 ` [PATCH] [25/99] i8k: Avoid lahf in 64-bit code Andi Kleen
2011-07-27 21:48 ` [PATCH] [26/99] cpuidle: menu: fixed wrapping timers at 4.294 seconds Andi Kleen
2011-07-27 21:48 ` [PATCH] [27/99] dm table: reject devices without request fns Andi Kleen
2011-07-27 21:48 ` [PATCH] [28/99] atm: expose ATM device index in sysfs Andi Kleen
2011-07-27 21:48 ` [PATCH] [29/99] brd: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
2011-07-27 21:48 ` [PATCH] [30/99] brd: handle on-demand devices correctly Andi Kleen
2011-07-27 21:48 ` [PATCH] [31/99] SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change Andi Kleen
2011-07-27 21:48 ` [PATCH] [32/99] PCI: Add quirk for setting valid class for TI816X Endpoint Andi Kleen
2011-07-27 21:48 ` [PATCH] [33/99] xen mmu: fix a race window causing leave_mm BUG() Andi Kleen
2011-07-27 21:48 ` [PATCH] [34/99] UBIFS: fix shrinker object count reports Andi Kleen
2011-07-27 21:48 ` [PATCH] [35/99] UBIFS: fix memory leak on error path Andi Kleen
2011-07-27 21:48 ` [PATCH] [36/99] nbd: limit module parameters to a sane value Andi Kleen
2011-07-27 21:48 ` [PATCH] [37/99] block: export blk_{get,put}_queue() Andi Kleen
2011-07-27 21:48 ` [PATCH] [38/99] Fix oops caused by queue refcounting failure Andi Kleen
2011-07-27 21:48 ` [PATCH] [39/99] mm: fix ENOSPC returned by handle_mm_fault() Andi Kleen
2011-07-27 21:48 ` [PATCH] [40/99] PCI: Set PCIE maxpayload for card during hotplug insertion Andi Kleen
2011-07-27 21:48 ` [PATCH] [41/99] nl80211: fix check for valid SSID size in scan operations Andi Kleen
2011-07-27 21:48 ` [PATCH] [42/99] lockdep: Fix lock_is_held() on recursion Andi Kleen
2011-07-27 21:48 ` [PATCH] [43/99] drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007 Andi Kleen
2011-07-27 21:48 ` [PATCH] [44/99] drm/radeon/kms: fix for radeon on systems >4GB without Andi Kleen
2011-07-27 21:48 ` [PATCH] [45/99] fat: Fix corrupt inode flags when remove ATTR_SYS flag Andi Kleen
2011-07-27 21:48 ` [PATCH] [46/99] xen: off by one errors in multicalls.c Andi Kleen
2011-07-27 21:48 ` [PATCH] [47/99] x86/amd-iommu: Fix 3 possible endless loops Andi Kleen
2011-07-27 21:48 ` [PATCH] [48/99] USB: cdc-acm: Adding second ACM channel support for Nokia E7 Andi Kleen
2011-07-27 21:48 ` [PATCH] [49/99] USB: core: Tolerate protocol stall during hub and port Andi Kleen
2011-07-27 21:48 ` [PATCH] [50/99] USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver Andi Kleen
2011-07-27 21:48 ` [PATCH] [51/99] USB: xhci - fix interval calculation for FS isoc endpoints Andi Kleen
2011-07-27 21:48 ` [PATCH] [52/99] ALSA: hda: Fix quirk for Dell Inspiron 910 Andi Kleen
2011-07-27 21:48 ` [PATCH] [53/99] oprofile, dcookies: Fix possible circular locking dependency Andi Kleen
2011-07-27 21:48 ` [PATCH] [54/99] CPUFREQ: Remove cpufreq_stats sysfs entries on module unload Andi Kleen
2011-07-27 21:48 ` [PATCH] [55/99] md: check ->hot_remove_disk when removing disk Andi Kleen
2011-07-27 21:48 ` [PATCH] [56/99] md/raid5: fix raid5_set_bi_hw_segments Andi Kleen
2011-07-27 21:48 ` [PATCH] [57/99] exec: delay address limit change until point of no return Andi Kleen
2011-07-27 21:48 ` [PATCH] [58/99] netfilter: IPv6: initialize TOS field in REJECT target module Andi Kleen
2011-07-27 21:48 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
2011-07-28 1:51 ` Fernando Luis Vazquez Cao
2011-07-28 1:53 ` [STABLE] [PATCH] IGMP snooping: set mrouters_only flag for IPv4 traffic properly Fernando Luis Vazquez Cao
2011-07-28 1:54 ` [STABLE][PATCH] IGMP snooping: set mrouters_only flag for IPv6 " Fernando Luis Vazquez Cao
2011-07-28 23:54 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
2011-07-27 21:48 ` [PATCH] [60/99] xen: events: do not unmask event channels on resume Andi Kleen
2011-07-27 21:49 ` [PATCH] [61/99] genirq: Add IRQF_FORCE_RESUME Andi Kleen
2011-07-27 21:49 ` [PATCH] [62/99] xen: Use IRQF_FORCE_RESUME Andi Kleen
2011-07-27 21:49 ` [PATCH] [63/99] time: Compensate for rounding on odd-frequency clocksources Andi Kleen
2011-07-27 21:49 ` [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode." Andi Kleen
2011-07-28 8:24 ` Stanislaw Gruszka
2011-07-28 13:45 ` Guy, Wey-Yi
2011-07-28 23:50 ` Andi Kleen
2011-07-28 17:32 ` Andi Kleen
2011-07-29 10:45 ` Stanislaw Gruszka
2011-07-27 21:49 ` [PATCH] [65/99] ksm: fix NULL pointer dereference in scan_get_next_rmap_item() Andi Kleen
2011-07-27 21:49 ` [PATCH] [66/99] migrate: don't account swapcache as shmem Andi Kleen
2011-07-27 21:49 ` [PATCH] [67/99] xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped" Andi Kleen
2011-07-27 21:49 ` [PATCH] [68/99] clocksource: Make watchdog robust vs. interruption Andi Kleen
2011-07-27 21:49 ` [PATCH] [69/99] TTY: ldisc, do not close until there are readers Andi Kleen
2011-07-28 13:29 ` Jiri Slaby
2011-07-27 21:49 ` [PATCH] [70/99] xhci: Reject double add of active endpoints Andi Kleen
2011-07-27 21:49 ` [PATCH] [71/99] PM: Free memory bitmaps if opening /dev/snapshot fails Andi Kleen
2011-07-27 21:49 ` [PATCH] [72/99] ath5k: fix memory leak when fewer than N_PD_CURVES are in use Andi Kleen
2011-07-27 21:49 ` [PATCH] [73/99] mm: fix negative commitlimit when gigantic hugepages are allocated Andi Kleen
2011-07-27 21:49 ` [PATCH] [74/99] uvcvideo: Remove buffers from the queues when freeing Andi Kleen
2011-07-27 21:49 ` [PATCH] [75/99] watchdog: mtx1-wdt: request gpio before using it Andi Kleen
2011-07-27 21:49 ` [PATCH] [76/99] debugobjects: Fix boot crash when kmemleak and debugobjects enabled Andi Kleen
2011-07-27 21:49 ` [PATCH] [77/99] cfq-iosched: fix locking around ioc->ioc_data assignment Andi Kleen
2011-07-27 21:49 ` [PATCH] [78/99] cfq-iosched: fix a rcu warning Andi Kleen
2011-07-27 21:49 ` [PATCH] [79/99] i2c-taos-evm: Fix log messages Andi Kleen
2011-07-27 21:49 ` [PATCH] [80/99] md: avoid endless recovery loop when waiting for fail device to complete Andi Kleen
2011-07-27 21:49 ` [PATCH] [81/99] SUNRPC: Ensure the RPC client only quits on fatal signals Andi Kleen
2011-07-27 21:49 ` [PATCH] [82/99] 6pack,mkiss: fix lock inconsistency Andi Kleen
2011-07-27 21:49 ` [PATCH] [83/99] taskstats: don't allow duplicate entries in listener mode Andi Kleen
2011-07-27 21:49 ` [PATCH] [84/99] USB: don't let errors prevent system sleep Andi Kleen
2011-07-27 21:49 ` [PATCH] [85/99] USB: don't let the hub driver " Andi Kleen
2011-07-27 21:49 ` [PATCH] [86/99] uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc Andi Kleen
2011-07-27 21:49 ` [PATCH] [87/99] inet_diag: fix inet_diag_bc_audit() Andi Kleen
2011-07-27 21:49 ` [PATCH] [88/99] PM / Hibernate: Fix free_unnecessary_pages() Andi Kleen
2011-07-27 21:49 ` [PATCH] [89/99] bug.h: Add WARN_RATELIMIT Andi Kleen
2011-07-27 21:49 ` [PATCH] [90/99] net: filter: Use WARN_RATELIMIT Andi Kleen
2011-07-27 21:49 ` [PATCH] [91/99] af_packet: prevent information leak Andi Kleen
2011-07-27 21:49 ` [PATCH] [92/99] net/ipv4: Check for mistakenly passed in non-IPv4 address Andi Kleen
2011-07-27 21:49 ` [PATCH] [93/99] ipv6/udp: Use the correct variable to determine non-blocking condition Andi Kleen
2011-07-27 21:49 ` [PATCH] [94/99] udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet Andi Kleen
2011-07-27 21:49 ` [PATCH] [95/99] mm: prevent concurrent unmap_mapping_range() on the same Andi Kleen
2011-07-27 21:49 ` [PATCH] [96/99] proc: restrict access to /proc/PID/io Andi Kleen
2011-07-27 21:49 ` [PATCH] [97/99] alpha: fix several security issues Andi Kleen
2011-07-27 21:49 ` [PATCH] [98/99] x86: Make Dell Latitude E5420 use reboot=pci Andi Kleen
2011-07-27 21:49 ` [PATCH] [99/99] x86: Make Dell Latitude E6420 " Andi Kleen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.