* [3.13.y.z extended stable] Linux 3.13.11.7 stable review
@ 2014-09-15 22:06 Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 001/187] net: sctp: inherit auth_capable on INIT collisions Kamal Mostafa
` (187 more replies)
0 siblings, 188 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Kamal Mostafa
This is the start of the review cycle for the Linux 3.13.11.7 stable kernel.
This version contains 187 new patches, summarized below. The new patches are
posted as replies to this message and also available in this git branch:
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=linux-3.13.y-review;a=shortlog
git://kernel.ubuntu.com/ubuntu/linux.git linux-3.13.y-review
The review period for version 3.13.11.7 will be open for the next three days.
To report a problem, please reply to the relevant follow-up patch message.
For more information about the Linux 3.13.y.z extended stable kernel version,
see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable .
-Kamal
--
Documentation/sound/alsa/ALSA-Configuration.txt | 4 +-
Documentation/stable_kernel_rules.txt | 3 +
Documentation/x86/x86_64/mm.txt | 2 +
arch/arm/mach-omap2/control.c | 3 +-
arch/ia64/pci/fixup.c | 22 ++
arch/mips/include/asm/ptrace.h | 2 +-
arch/mips/include/asm/reg.h | 260 +++++++++++-------
arch/mips/kernel/binfmt_elfo32.c | 32 +--
arch/mips/kernel/irq-gic.c | 6 +-
arch/mips/kernel/ptrace.c | 192 ++++++++++---
arch/mips/kernel/unaligned.c | 1 -
arch/mips/mm/tlbex.c | 1 +
arch/powerpc/include/asm/machdep.h | 6 +-
arch/powerpc/include/asm/pgtable-ppc64.h | 2 +-
arch/powerpc/include/asm/pte-hash64-64k.h | 30 ++-
arch/powerpc/kvm/book3s_pr_papr.c | 9 +-
arch/powerpc/mm/hash_native_64.c | 40 +--
arch/powerpc/mm/hugepage-hash64.c | 88 +++++-
arch/powerpc/mm/numa.c | 2 +-
arch/powerpc/mm/pgtable_64.c | 38 +--
arch/powerpc/mm/tlb_hash64.c | 2 +-
arch/powerpc/platforms/pseries/hotplug-memory.c | 2 +-
arch/powerpc/platforms/pseries/lpar.c | 20 +-
arch/powerpc/platforms/pseries/pci_dlpar.c | 4 +-
arch/s390/Kconfig | 1 +
arch/sparc/include/asm/pgtable_64.h | 89 +++---
arch/sparc/include/asm/tlbflush_64.h | 12 +-
arch/sparc/include/asm/tsb.h | 3 +-
arch/sparc/kernel/head_64.S | 4 +-
arch/sparc/kernel/ktlb.S | 2 +-
arch/sparc/kernel/ldc.c | 2 +-
arch/sparc/kernel/smp_64.c | 6 +-
arch/sparc/kernel/sys32.S | 2 +-
arch/sparc/kernel/unaligned_64.c | 12 +-
arch/sparc/lib/NG2memcpy.S | 1 +
arch/sparc/math-emu/math_32.c | 2 +-
arch/sparc/mm/fault_64.c | 98 +++----
arch/sparc/mm/gup.c | 2 +-
arch/sparc/mm/init_64.c | 43 ++-
arch/sparc/mm/tlb.c | 26 +-
arch/sparc/mm/tsb.c | 14 +-
arch/x86/Kconfig | 26 +-
arch/x86/include/asm/espfix.h | 16 ++
arch/x86/include/asm/irqflags.h | 2 +-
arch/x86/include/asm/pgtable_64_types.h | 2 +
arch/x86/include/asm/setup.h | 2 +
arch/x86/include/asm/vga.h | 6 -
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/entry_32.S | 12 +
arch/x86/kernel/entry_64.S | 77 +++++-
arch/x86/kernel/espfix_64.c | 209 ++++++++++++++
arch/x86/kernel/ldt.c | 10 +-
arch/x86/kernel/paravirt_patch_64.c | 2 -
arch/x86/kernel/resource.c | 8 +-
arch/x86/kernel/smpboot.c | 7 +
arch/x86/kernel/vsyscall_64.c | 8 +-
arch/x86/kvm/emulate.c | 4 +
arch/x86/kvm/irq.c | 2 +-
arch/x86/kvm/lapic.c | 52 +++-
arch/x86/mm/dump_pagetables.c | 40 ++-
arch/x86/pci/fixup.c | 21 ++
arch/x86/pci/i386.c | 4 +
arch/x86/vdso/vdso32-setup.c | 8 -
arch/x86/xen/time.c | 2 +-
block/blk-mq.c | 2 +
drivers/acpi/acpica/utcopy.c | 6 +
drivers/bluetooth/btmrvl_drv.h | 1 +
drivers/bluetooth/btmrvl_main.c | 25 +-
drivers/char/tpm/tpm-interface.c | 7 +-
drivers/char/tpm/tpm_i2c_stm_st33.c | 1 +
drivers/crypto/ux500/cryp/cryp_core.c | 25 +-
drivers/gpu/drm/i915/intel_ringbuffer.c | 3 +
drivers/gpu/drm/nouveau/nouveau_drm.h | 4 +-
drivers/gpu/drm/radeon/ci_dpm.c | 13 +-
drivers/gpu/drm/radeon/cik.c | 18 +-
drivers/gpu/drm/radeon/radeon.h | 3 +
drivers/gpu/drm/radeon/radeon_atombios.c | 39 ++-
drivers/gpu/drm/radeon/radeon_kms.c | 9 +-
drivers/gpu/drm/radeon/radeon_pm.c | 8 +-
drivers/gpu/drm/radeon/si.c | 2 +-
drivers/gpu/drm/tegra/dc.c | 1 +
drivers/gpu/drm/tegra/gr2d.c | 1 +
drivers/gpu/drm/tegra/gr3d.c | 1 +
drivers/gpu/drm/tegra/hdmi.c | 1 +
drivers/gpu/drm/tilcdc/tilcdc_drv.c | 7 +-
drivers/gpu/drm/tilcdc/tilcdc_panel.c | 5 +-
drivers/gpu/drm/tilcdc/tilcdc_slave.c | 1 +
drivers/gpu/drm/tilcdc/tilcdc_tfp410.c | 1 +
drivers/gpu/drm/ttm/ttm_page_alloc.c | 29 +-
drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 34 +--
drivers/hwmon/ads1015.c | 4 +-
drivers/hwmon/amc6821.c | 17 +-
drivers/hwmon/dme1737.c | 33 +--
drivers/hwmon/gpio-fan.c | 2 +-
drivers/hwmon/lm78.c | 2 +-
drivers/hwmon/lm85.c | 9 +-
drivers/hwmon/sis5595.c | 2 +-
drivers/i2c/busses/i2c-at91.c | 4 +-
drivers/infiniband/core/iwcm.c | 27 ++
drivers/infiniband/ulp/srp/ib_srp.c | 38 ++-
drivers/md/raid1.c | 8 +-
drivers/md/raid10.c | 11 +-
drivers/media/media-device.c | 2 -
drivers/media/platform/vsp1/vsp1_video.c | 2 -
drivers/media/platform/vsp1/vsp1_video.h | 1 -
drivers/media/tuners/xc4000.c | 20 +-
drivers/media/tuners/xc5000.c | 22 +-
drivers/media/usb/au0828/au0828-video.c | 34 +--
drivers/mfd/omap-usb-host.c | 2 +-
drivers/misc/mei/client.c | 17 +-
drivers/mtd/ftl.c | 1 -
drivers/net/ethernet/allwinner/sun4i-emac.c | 6 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 21 ++
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 4 +-
drivers/net/macvlan.c | 1 +
drivers/net/ppp/pptp.c | 2 +-
drivers/net/wireless/ath/carl9170/carl9170.h | 1 +
drivers/net/wireless/ath/carl9170/usb.c | 31 ++-
drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c | 25 +-
drivers/net/wireless/iwlwifi/mvm/mvm.h | 1 +
drivers/pci/pci.c | 12 +-
drivers/regulator/arizona-ldo1.c | 2 -
drivers/sbus/char/bbc_envctrl.c | 6 +
drivers/sbus/char/bbc_i2c.c | 11 +-
drivers/scsi/bfa/bfa_ioc.h | 2 +-
drivers/scsi/hpsa.c | 2 +-
drivers/scsi/scsi_devinfo.c | 1 +
drivers/scsi/scsi_scan.c | 10 +-
drivers/scsi/sd.c | 5 +
drivers/scsi/storvsc_drv.c | 113 +++++---
drivers/spi/spi-orion.c | 10 +-
drivers/tty/serial/serial_core.c | 3 +
drivers/tty/serial/sunsab.c | 9 +
drivers/usb/core/devio.c | 2 +-
drivers/usb/core/hub.c | 41 +++
drivers/usb/host/ehci-pci.c | 25 ++
drivers/usb/host/ohci-dbg.c | 9 +-
drivers/usb/host/ohci-hcd.c | 10 +-
drivers/usb/host/ohci-q.c | 46 ++--
drivers/usb/serial/ftdi_sio.c | 2 +
drivers/usb/serial/ftdi_sio_ids.h | 13 +-
drivers/video/efifb.c | 39 ---
fs/btrfs/backref.c | 11 +-
fs/btrfs/file-item.c | 2 +-
fs/btrfs/ulist.h | 15 ++
fs/cifs/file.c | 4 +-
fs/cifs/smb2maperror.c | 2 +-
fs/debugfs/inode.c | 33 ++-
fs/ext4/ext4.h | 4 +-
fs/ext4/indirect.c | 281 +++++++++++++------
fs/ext4/inode.c | 2 +-
fs/ext4/mballoc.c | 21 +-
fs/nfs/client.c | 95 ++++---
fs/nfs/inode.c | 3 +-
fs/nfs/internal.h | 9 +
fs/nfs/netns.h | 3 +
fs/nfs/nfs4client.c | 7 +-
fs/nfsd/nfssvc.c | 5 +-
fs/proc/array.c | 11 +-
fs/xfs/xfs_log_recover.c | 51 ++--
include/linux/capability.h | 5 +-
include/linux/sunrpc/rpc_pipe_fs.h | 5 +-
include/net/inetpeer.h | 16 +-
include/net/ip.h | 31 +--
include/net/ipv6.h | 2 -
include/net/netlabel.h | 34 ++-
include/net/secure_seq.h | 2 -
include/scsi/scsi_device.h | 1 +
include/scsi/scsi_devinfo.h | 3 +
init/main.c | 4 +
kernel/audit.c | 2 +-
kernel/capability.c | 4 +
kernel/smp.c | 2 +-
kernel/trace/ring_buffer.c | 31 +--
mm/util.c | 9 +-
net/batman-adv/fragmentation.c | 10 +-
net/bluetooth/l2cap_sock.c | 3 +-
net/bluetooth/rfcomm/core.c | 7 +-
net/bluetooth/rfcomm/sock.c | 3 +-
net/bluetooth/sco.c | 6 +-
net/ceph/messenger.c | 2 +-
net/core/iovec.c | 4 +
net/core/secure_seq.c | 25 --
net/core/skbuff.c | 2 +-
net/ipv4/cipso_ipv4.c | 21 +-
net/ipv4/igmp.c | 4 +-
net/ipv4/inetpeer.c | 18 --
net/ipv4/ip_output.c | 7 +-
net/ipv4/ip_tunnel_core.c | 2 +-
net/ipv4/ipmr.c | 2 +-
net/ipv4/raw.c | 2 +-
net/ipv4/route.c | 67 +++--
net/ipv4/tcp_vegas.c | 3 +-
net/ipv4/tcp_veno.c | 2 +-
net/ipv4/xfrm4_mode_tunnel.c | 2 +-
net/ipv6/ip6_output.c | 14 +
net/ipv6/output_core.c | 23 --
net/netfilter/ipvs/ip_vs_xmit.c | 2 +-
net/netlabel/netlabel_kapi.c | 300 +++++++++++++++------
net/sctp/associola.c | 1 +
net/sctp/output.c | 2 +-
net/sunrpc/auth_gss/auth_gss.c | 17 +-
net/sunrpc/netns.h | 3 +-
net/sunrpc/rpc_pipe.c | 107 +++++++-
net/sunrpc/sunrpc_syms.c | 8 +-
security/commoncap.c | 3 +
security/selinux/ss/ebitmap.c | 127 ++++-----
security/smack/smack_access.c | 7 +-
sound/pci/Kconfig | 4 +-
sound/pci/hda/patch_ca0132.c | 7 +-
sound/pci/hda/patch_sigmatel.c | 12 +
sound/pci/oxygen/virtuoso.c | 1 +
sound/pci/oxygen/xonar_pcm179x.c | 12 +-
sound/soc/blackfin/bf5xx-i2s-pcm.c | 8 +-
sound/soc/codecs/adau1701.c | 6 +-
sound/soc/codecs/max98090.c | 2 +-
sound/soc/codecs/wm8994.c | 9 +-
sound/soc/codecs/wm_adsp.c | 2 +
sound/soc/samsung/i2s.c | 16 +-
sound/soc/soc-pcm.c | 1 +
sound/usb/quirks-table.h | 58 ++++
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/mount/Makefile | 17 ++
.../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++
virt/kvm/ioapic.c | 7 +-
virt/kvm/iommu.c | 19 +-
227 files changed, 3190 insertions(+), 1332 deletions(-)
Alan Stern (2):
USB: OHCI: fix bugs in debug routines
USB: OHCI: don't lose track of EDs when a controller dies
Alex Deucher (7):
drm/radeon: load the lm63 driver for an lm64 thermal chip.
drm/radeon/atom: add new voltage fetch function for hawaii
drm/radeon/dpm: handle voltage info fetching on hawaii
drm/radeon: re-enable dpm by default on cayman
drm/radeon: re-enable dpm by default on BTC
drm/radeon: use packet2 for nop on hawaii with old firmware
drm/radeon: tweak ACCEL_WORKING2 query for hawaii
Alex Smith (4):
MIPS: ptrace: Test correct task's flags in task_user_regset_view()
MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same time
MIPS: ptrace: Change GP regset to use correct core dump register layout
MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts
Alexander Usyskin (2):
mei: start disconnect request timer consistently
mei: fix return value on disconnect timeout
Andrey Utkin (2):
arch/sparc/math-emu/math_32.c: drop stray break operator
powerpc/mm/numa: Fix break placement
Andy Lutomirski (2):
x86_64/entry/xen: Do not invoke espfix64 on Xen
x86_64/vsyscall: Fix warn_bad_vsyscall log output
Aneesh Kumar K.V (7):
powerpc/thp: Add write barrier after updating the valid bit
powerpc/thp: Don't recompute vsid and ssize in loop on invalidate
powerpc/thp: Invalidate old 64K based hash page mapping before insert of 4k pte
powerpc/thp: Handle combo pages in invalidate
powerpc/thp: Invalidate with vpn in loop
powerpc/thp: Use ACCESS_ONCE when loading pmdp
powerpc/mm: Use read barrier when creating real_pte
Arnd Bergmann (1):
crypto: ux500 - make interrupt mode plausible
Axel Lin (6):
hwmon: (ads1015) Fix off-by-one for valid channel index checking
hwmon: (amc6821) Fix possible race condition bug
hwmon: (gpio-fan) Prevent overflow problem when writing large limits
hwmon: (sis5595) Prevent overflow problem when writing large limits
hwmon: (ads1015) Fix out-of-bounds array access
hwmon: (dme1737) Prevent overflow problem when writing large limits
Bart Van Assche (1):
IB/srp: Fix deadlock between host removal and multipathd
Ben Hutchings (1):
bfa: Fix undefined bit shift on big-endian architectures with 32-bit DMA address
Bryan O'Donoghue (1):
USB: ehci-pci: USB host controller support for Intel Quark X1000
Charles Keepax (1):
ASoC: wm8994: Prevent double lock of accdet_lock mutex on wm1811
Chin-Ran Lo (1):
Bluetooth: btmrvl: wait for HOST_SLEEP_ENABLE event in suspend
Christian Borntraeger (1):
s390/locking: Reenable optimistic spinning
Christian König (1):
drm/radeon: set VM base addr using the PFP v2
Christoph Paasch (2):
tcp: Fix integer-overflows in TCP veno
tcp: Fix integer-overflow in TCP vegas
Christoph Schulz (1):
x86: don't exclude low BIOS area when allocating address space for non-PCI cards
Christopher Alexander Tobias Schulze (2):
bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000
sunsab: Fix detection of BREAK on sunsab serial console
Clemens Ladisch (3):
ALSA: usb-audio: fix BOSS ME-25 MIDI regression
ALSA: virtuoso: add Xonar Essence STX II support
ALSA: usb-audio: fix BOSS ME-25 MIDI regression
Daniel Borkmann (1):
net: sctp: inherit auth_capable on INIT collisions
Daniel Mack (1):
ASoC: adau1701: fix adau1701_reg_read()
Dave Chiluk (1):
stable_kernel_rules: Add pointer to netdev-FAQ for network patches
Dave Chinner (1):
xfs: ensure verifiers are attached to recovered buffers
David E. Box (1):
ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject
David S. Miller (17):
sparc64: Fix argument sign extension for compat_sys_futex().
sparc64: Fix executable bit testing in set_pmd_at() paths.
sparc64: Fix huge PMD invalidation.
sparc64: Fix bugs in get_user_pages_fast() wrt. THP.
sparc64: Fix hex values in comment above pte_modify().
sparc64: Don't use _PAGE_PRESENT in pte_modify() mask.
sparc64: Handle 32-bit tasks properly in compute_effective_address().
sparc64: Fix top-level fault handling bugs.
sparc64: Fix range check in kern_addr_valid().
sparc64: Use 'ILOG2_4MB' instead of constant '22'.
sparc64: Add basic validations to {pud,pmd}_bad().
sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill pte_ERROR().
sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit fault addresses.
sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus.
sparc64: Add membar to Niagara2 memcpy code.
sparc64: Do not insert non-valid PTEs into the TSB hash table.
sparc64: Guard against flushing openfirmware mappings.
David Vrabel (1):
x86/xen: resume timer irqs early
Dmitry Kravkov (1):
bnx2x: fix crash during TSO tunneling
Eric Dumazet (3):
inetpeer: get rid of ip_id_count
ip: make IP identifiers less predictable
sctp: fix possible seqlock seadlock in sctp_packet_transmit()
Eric Paris (1):
CAPABILITIES: remove undefined caps from all processes
Eric W. Biederman (2):
mnt: Add tests for unprivileged remount cases that have found to be faulty
NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
Filipe Manana (1):
Btrfs: fix csum tree corruption, duplicate and outdated checksums
Gavin Shan (1):
powerpc/pseries: Failure on removing device node
Guenter Roeck (2):
hwmon: (lm85) Fix various errors on attribute writes
hwmon: (lm78) Fix overflow problems seen when writing large temperature limits
Guido Martínez (6):
drm/tilcdc: panel: fix dangling sysfs connector node
drm/tilcdc: slave: fix dangling sysfs connector node
drm/tilcdc: tfp410: fix dangling sysfs connector node
drm/tilcdc: panel: fix leak when unloading the module
drm/tilcdc: fix release order on exit
drm/tilcdc: fix double kfree
H. Peter Anvin (6):
Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option"
x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
x86, espfix: Move espfix definitions into a separate header file
x86, espfix: Fix broken header guard
x86, espfix: Make espfix64 a Kconfig option, fix UML
x86, espfix: Make it possible to disable 16-bit support
Huacai Chen (2):
MIPS: tlbex: Fix a missing statement for HUGETLB
MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade()
Hui Wang (1):
ALSA: hda - fix an external mic jack problem on a HP machine
Ilan Peer (1):
iwlwifi: mvm: Add a missed beacons threshold
Ilya Dryomov (1):
libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly
Jan Kara (1):
ext4: Fix block zeroing when punching holes in indirect block files
Janusz Dziemidowicz (1):
scsi: do not issue SCSI RSOC command to Promise Vtrak E610f
Jarkko Nikula (1):
ASoC: max98090: Fix missing free_irq
Jarkko Sakkinen (1):
tpm: missing tpm_chip_put in tpm_get_random()
Jason Gunthorpe (1):
tpm: Add missing tpm_do_selftest to ST33 I2C driver
Jeff Layton (3):
sunrpc: create a new dummy pipe for gssd to hold open
sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check
nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call
Jeffrey Deans (1):
MIPS: GIC: Prevent array overrun
Jeremy Vial (1):
ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX rev3.1.2 case.
Jiri Kosina (1):
drm/i915: read HEAD register back in init_ring_common() to enforce ordering
K. Y. Srinivasan (7):
Drivers: scsi: storvsc: Change the limits to reflect the values on the host
Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host
Drivers: scsi: storvsc: Filter commands based on the storage protocol version
Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version
Drivers: scsi: storvsc: Implement a eh_timed_out handler
drivers: scsi: storvsc: Set srb_flags in all cases
drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure
Kamal Mostafa (1):
x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup()
Kevin Hao (1):
mtd/ftl: fix the double free of the buffers allocated in build_maps()
Kinglong Mee (1):
NFSD: Decrease nfsd_users in nfsd_startup_generic fail
Kirill Tkhai (1):
sparc64: Make itc_sync_lock raw
Laurent Pinchart (1):
[media] v4l: vsp1: Remove the unneeded vsp1_video_buffer video field
Lukas Czerner (1):
ext4: fix punch hole on files with indirect mapping
Marc Zyngier (1):
net: sun4i-emac: fix memory leak on bad packet
Mario Kleiner (1):
drm/nouveau: Bump version from 1.1.1 to 1.1.2
Martin K. Petersen (1):
scsi: add a blacklist flag which enables VPD page inquiries
Matt Fleming (1):
x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub
Mauro Carvalho Chehab (3):
[media] au0828: Only alt setting logic when needed
[media] xc5000: Fix get_frequency()
[media] xc4000: Fix get_frequency()
Michael S. Tsirkin (1):
kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
Michael Welling (1):
mfd: omap-usb-host: Fix improper mask use.
Ming Lei (1):
blk-mq: fix initializing request's start time
Nadav Amit (1):
KVM: x86: Inter-privilege level ret emulation is not implemeneted
NeilBrown (1):
md/raid1,raid10: always abort recover on write error.
Nikesh Oswal (1):
regulator: arizona-ldo1: remove bypass functionality
Oleg Nesterov (1):
vm_is_stack: use for_each_thread() rather then buggy while_each_thread()
Oliver Neukum (1):
USB: devio: fix issue with log flooding
Paolo Bonzini (1):
KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir table
Patrick Riphagen (2):
USB: serial: ftdi_sio: Annotate the current Xsens PID assignments
USB: serial: ftdi_sio: Add support for new Xsens devices
Paul Burton (1):
MIPS: Prevent user from setting FCSR cause bits
Paul Mackerras (1):
KVM: PPC: Book3S PR: Take SRCU read lock around RTAS kvm_read_guest() call
Paul Moore (5):
selinux: fix the default socket labeling in sock_graft()
Revert "selinux: fix the default socket labeling in sock_graft()"
netlabel: fix a problem when setting bits below the previously lowest bit
netlabel: fix the horribly broken catmap functions
netlabel: fix the catmap walking functions
Pavel Shilovsky (2):
CIFS: Fix async reading on reconnects
CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2
Peter Hurley (1):
serial: core: Preserve termios c_cflag for console resume
Pratyush Anand (1):
USB: Fix persist resume of some SS USB devices
Praveen Diwakar (1):
ASoC: wm_adsp: Add missing MODULE_LICENSE
Qiao Zhou (1):
ASoC: pcm: fix dpcm_path_put in dpcm runtime update
Ronald Wahl (1):
carl9170: fix sending URBs with wrong type when using full-speed
Salva Peiró (1):
[media] media-device: Remove duplicated memset() in media_enum_entities()
Sasha Levin (2):
iovec: make sure the caller actually wants anything in memcpy_fromiovecend
kernel/smp.c:on_each_cpu_cond(): fix warning in fallback path
Scott Jiang (1):
ASoC: blackfin: use samples to set silence
Sowmini Varadhan (1):
sparc64: ldc_connect() should not return EINVAL when handshake is in progress.
Stephen M. Cameron (1):
hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl
Stephen Warren (1):
drm/tegra: add MODULE_DEVICE_TABLEs
Steve Wise (1):
RDMA/iwcm: Use a default listen backlog if needed
Steven Rostedt (1):
debugfs: Fix corrupted loop in debugfs_remove_recursive
Steven Rostedt (Red Hat) (2):
ring-buffer: Up rb_iter_peek() loop count to 3
ring-buffer: Always reset iterator to reader page
Sven Eckelmann (1):
batman-adv: Fix out-of-order fragmentation support
Sylwester Nawrocki (1):
ASoC: samsung: Correct I2S DAI suspend/resume ops
Takashi Iwai (2):
ALSA: hda/ca0132 - Don't try loading firmware at resume when already failed
Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch
Tetsuo Handa (5):
drm/ttm: Fix possible division by 0 in ttm_dma_pool_shrink_scan().
drm/ttm: Choose a pool to shrink correctly in ttm_dma_pool_shrink_scan().
drm/ttm: Use mutex_trylock() to avoid deadlock inside shrinker functions.
drm/ttm: Fix possible stack overflow by recursive shrinker calls.
drm/ttm: Pass GFP flags in order to avoid deadlock.
Theodore Ts'o (1):
ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct
Thomas Petazzoni (1):
spi: orion: fix incorrect handling of cell-index DT property
Tyrel Datwyler (1):
powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal
Vidya Sagar (1):
PCI: Configure ASPM when enabling device
Vignesh Raman (1):
Bluetooth: Avoid use of session socket after the session gets freed
Vlad Yasevich (2):
macvlan: Initialize vlan_features to turn on offload support.
net: Correctly set segment mac_len in skb_segment().
Vladimir Davydov (1):
Bluetooth: never linger on process exit
Wanpeng Li (1):
KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use
Wolfram Sang (1):
drivers/i2c/busses: use correct type for dma_map/unmap
wenxiong@linux.vnet.ibm.com (2):
bnx2x: Fix kernel crash and data miscompare after EEH recovery
bnx2x: Adapter not recovery from EEH error injection
^ permalink raw reply [flat|nested] 202+ messages in thread
* [PATCH 3.13 001/187] net: sctp: inherit auth_capable on INIT collisions
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 002/187] kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) Kamal Mostafa
` (186 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Daniel Borkmann, Vlad Yasevich, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <dborkman@redhat.com>
commit 1be9a950c646c9092fb3618197f7b6bfb50e82aa upstream.
Jason reported an oops caused by SCTP on his ARM machine with
SCTP authentication enabled:
Internal error: Oops: 17 [#1] ARM
CPU: 0 PID: 104 Comm: sctp-test Not tainted 3.13.0-68744-g3632f30c9b20-dirty #1
task: c6eefa40 ti: c6f52000 task.ti: c6f52000
PC is at sctp_auth_calculate_hmac+0xc4/0x10c
LR is at sg_init_table+0x20/0x38
pc : [<c024bb80>] lr : [<c00f32dc>] psr: 40000013
sp : c6f538e8 ip : 00000000 fp : c6f53924
r10: c6f50d80 r9 : 00000000 r8 : 00010000
r7 : 00000000 r6 : c7be4000 r5 : 00000000 r4 : c6f56254
r3 : c00c8170 r2 : 00000001 r1 : 00000008 r0 : c6f1e660
Flags: nZcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 0005397f Table: 06f28000 DAC: 00000015
Process sctp-test (pid: 104, stack limit = 0xc6f521c0)
Stack: (0xc6f538e8 to 0xc6f54000)
[...]
Backtrace:
[<c024babc>] (sctp_auth_calculate_hmac+0x0/0x10c) from [<c0249af8>] (sctp_packet_transmit+0x33c/0x5c8)
[<c02497bc>] (sctp_packet_transmit+0x0/0x5c8) from [<c023e96c>] (sctp_outq_flush+0x7fc/0x844)
[<c023e170>] (sctp_outq_flush+0x0/0x844) from [<c023ef78>] (sctp_outq_uncork+0x24/0x28)
[<c023ef54>] (sctp_outq_uncork+0x0/0x28) from [<c0234364>] (sctp_side_effects+0x1134/0x1220)
[<c0233230>] (sctp_side_effects+0x0/0x1220) from [<c02330b0>] (sctp_do_sm+0xac/0xd4)
[<c0233004>] (sctp_do_sm+0x0/0xd4) from [<c023675c>] (sctp_assoc_bh_rcv+0x118/0x160)
[<c0236644>] (sctp_assoc_bh_rcv+0x0/0x160) from [<c023d5bc>] (sctp_inq_push+0x6c/0x74)
[<c023d550>] (sctp_inq_push+0x0/0x74) from [<c024a6b0>] (sctp_rcv+0x7d8/0x888)
While we already had various kind of bugs in that area
ec0223ec48a9 ("net: sctp: fix sctp_sf_do_5_1D_ce to verify if
we/peer is AUTH capable") and b14878ccb7fa ("net: sctp: cache
auth_enable per endpoint"), this one is a bit of a different
kind.
Giving a bit more background on why SCTP authentication is
needed can be found in RFC4895:
SCTP uses 32-bit verification tags to protect itself against
blind attackers. These values are not changed during the
lifetime of an SCTP association.
Looking at new SCTP extensions, there is the need to have a
method of proving that an SCTP chunk(s) was really sent by
the original peer that started the association and not by a
malicious attacker.
To cause this bug, we're triggering an INIT collision between
peers; normal SCTP handshake where both sides intent to
authenticate packets contains RANDOM; CHUNKS; HMAC-ALGO
parameters that are being negotiated among peers:
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
-------------------- COOKIE-ECHO -------------------->
<-------------------- COOKIE-ACK ---------------------
RFC4895 says that each endpoint therefore knows its own random
number and the peer's random number *after* the association
has been established. The local and peer's random number along
with the shared key are then part of the secret used for
calculating the HMAC in the AUTH chunk.
Now, in our scenario, we have 2 threads with 1 non-blocking
SEQ_PACKET socket each, setting up common shared SCTP_AUTH_KEY
and SCTP_AUTH_ACTIVE_KEY properly, and each of them calling
sctp_bindx(3), listen(2) and connect(2) against each other,
thus the handshake looks similar to this, e.g.:
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
<--------- INIT[RANDOM; CHUNKS; HMAC-ALGO] -----------
-------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] -------->
...
Since such collisions can also happen with verification tags,
the RFC4895 for AUTH rather vaguely says under section 6.1:
In case of INIT collision, the rules governing the handling
of this Random Number follow the same pattern as those for
the Verification Tag, as explained in Section 5.2.4 of
RFC 2960 [5]. Therefore, each endpoint knows its own Random
Number and the peer's Random Number after the association
has been established.
In RFC2960, section 5.2.4, we're eventually hitting Action B:
B) In this case, both sides may be attempting to start an
association at about the same time but the peer endpoint
started its INIT after responding to the local endpoint's
INIT. Thus it may have picked a new Verification Tag not
being aware of the previous Tag it had sent this endpoint.
The endpoint should stay in or enter the ESTABLISHED
state but it MUST update its peer's Verification Tag from
the State Cookie, stop any init or cookie timers that may
running and send a COOKIE ACK.
In other words, the handling of the Random parameter is the
same as behavior for the Verification Tag as described in
Action B of section 5.2.4.
Looking at the code, we exactly hit the sctp_sf_do_dupcook_b()
case which triggers an SCTP_CMD_UPDATE_ASSOC command to the
side effect interpreter, and in fact it properly copies over
peer_{random, hmacs, chunks} parameters from the newly created
association to update the existing one.
Also, the old asoc_shared_key is being released and based on
the new params, sctp_auth_asoc_init_active_key() updated.
However, the issue observed in this case is that the previous
asoc->peer.auth_capable was 0, and has *not* been updated, so
that instead of creating a new secret, we're doing an early
return from the function sctp_auth_asoc_init_active_key()
leaving asoc->asoc_shared_key as NULL. However, we now have to
authenticate chunks from the updated chunk list (e.g. COOKIE-ACK).
That in fact causes the server side when responding with ...
<------------------ AUTH; COOKIE-ACK -----------------
... to trigger a NULL pointer dereference, since in
sctp_packet_transmit(), it discovers that an AUTH chunk is
being queued for xmit, and thus it calls sctp_auth_calculate_hmac().
Since the asoc->active_key_id is still inherited from the
endpoint, and the same as encoded into the chunk, it uses
asoc->asoc_shared_key, which is still NULL, as an asoc_key
and dereferences it in ...
crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len)
... causing an oops. All this happens because sctp_make_cookie_ack()
called with the *new* association has the peer.auth_capable=1
and therefore marks the chunk with auth=1 after checking
sctp_auth_send_cid(), but it is *actually* sent later on over
the then *updated* association's transport that didn't initialize
its shared key due to peer.auth_capable=0. Since control chunks
in that case are not sent by the temporary association which
are scheduled for deletion, they are issued for xmit via
SCTP_CMD_REPLY in the interpreter with the context of the
*updated* association. peer.auth_capable was 0 in the updated
association (which went from COOKIE_WAIT into ESTABLISHED state),
since all previous processing that performed sctp_process_init()
was being done on temporary associations, that we eventually
throw away each time.
The correct fix is to update to the new peer.auth_capable
value as well in the collision case via sctp_assoc_update(),
so that in case the collision migrated from 0 -> 1,
sctp_auth_asoc_init_active_key() can properly recalculate
the secret. This therefore fixes the observed server panic.
Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2014-5077
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sctp/associola.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 6524fa8..6a4c5a7 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1197,6 +1197,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
asoc->c = new->c;
asoc->peer.rwnd = new->peer.rwnd;
asoc->peer.sack_needed = new->peer.sack_needed;
+ asoc->peer.auth_capable = new->peer.auth_capable;
asoc->peer.i = new->peer.i;
sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
asoc->peer.i.initial_tsn, GFP_ATOMIC);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 002/187] kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 001/187] net: sctp: inherit auth_capable on INIT collisions Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 003/187] bnx2x: fix crash during TSO tunneling Kamal Mostafa
` (185 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michael S. Tsirkin, Paolo Bonzini, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Michael S. Tsirkin" <mst@redhat.com>
commit 350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 upstream.
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
By making gfn very large, malicious guest or userspace can cause kvm to
go to this error path, and subsequently to pass a huge value as size.
Alternatively if gfn is small, then pages would be pinned but never
unpinned, causing host memory leak and local DOS.
Passing a reasonable but large value could be the most dangerous case,
because it would unpin a page that should have stayed pinned, and thus
allow the device to DMA into arbitrary memory. However, this cannot
happen because of the condition that can trigger the error:
- out of memory (where you can't allocate even a single page)
should not be possible for the attacker to trigger
- when exceeding the iommu's address space, guest pages after gfn
will also exceed the iommu's address space, and inside
kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The
page thus would not be unpinned at all.
Reported-by: Jack Morgenstein <jackm@mellanox.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
virt/kvm/iommu.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index 0df7d4b..714b949 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -61,6 +61,14 @@ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
return pfn;
}
+static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
+{
+ unsigned long i;
+
+ for (i = 0; i < npages; ++i)
+ kvm_release_pfn_clean(pfn + i);
+}
+
int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
{
gfn_t gfn, end_gfn;
@@ -123,6 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
if (r) {
printk(KERN_ERR "kvm_iommu_map_address:"
"iommu failed to map pfn=%llx\n", pfn);
+ kvm_unpin_pages(kvm, pfn, page_size);
goto unmap_pages;
}
@@ -134,7 +143,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
return 0;
unmap_pages:
- kvm_iommu_put_pages(kvm, slot->base_gfn, gfn);
+ kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn);
return r;
}
@@ -266,14 +275,6 @@ out_unlock:
return r;
}
-static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
-{
- unsigned long i;
-
- for (i = 0; i < npages; ++i)
- kvm_release_pfn_clean(pfn + i);
-}
-
static void kvm_iommu_put_pages(struct kvm *kvm,
gfn_t base_gfn, unsigned long npages)
{
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 003/187] bnx2x: fix crash during TSO tunneling
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 001/187] net: sctp: inherit auth_capable on INIT collisions Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 002/187] kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 004/187] inetpeer: get rid of ip_id_count Kamal Mostafa
` (184 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michal Schmidt, Dmitry Kravkov, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Kravkov <Dmitry.Kravkov@qlogic.com>
[ Upstream commit fe26566d8a05151ba1dce75081f6270f73ec4ae1 ]
When TSO packet is transmitted additional BD w/o mapping is used
to describe the packed. The BD needs special handling in tx
completion.
kernel: Call Trace:
kernel: <IRQ> [<ffffffff815e19ba>] dump_stack+0x19/0x1b
kernel: [<ffffffff8105dee1>] warn_slowpath_common+0x61/0x80
kernel: [<ffffffff8105df5c>] warn_slowpath_fmt+0x5c/0x80
kernel: [<ffffffff814a8c0d>] ? find_iova+0x4d/0x90
kernel: [<ffffffff814ab0e2>] intel_unmap_page.part.36+0x142/0x160
kernel: [<ffffffff814ad0e6>] intel_unmap_page+0x26/0x30
kernel: [<ffffffffa01f55d7>] bnx2x_free_tx_pkt+0x157/0x2b0 [bnx2x]
kernel: [<ffffffffa01f8dac>] bnx2x_tx_int+0xac/0x220 [bnx2x]
kernel: [<ffffffff8101a0d9>] ? read_tsc+0x9/0x20
kernel: [<ffffffffa01f8fdb>] bnx2x_poll+0xbb/0x3c0 [bnx2x]
kernel: [<ffffffff814d041a>] net_rx_action+0x15a/0x250
kernel: [<ffffffff81067047>] __do_softirq+0xf7/0x290
kernel: [<ffffffff815f3a5c>] call_softirq+0x1c/0x30
kernel: [<ffffffff81014d25>] do_softirq+0x55/0x90
kernel: [<ffffffff810673e5>] irq_exit+0x115/0x120
kernel: [<ffffffff815f4358>] do_IRQ+0x58/0xf0
kernel: [<ffffffff815e94ad>] common_interrupt+0x6d/0x6d
kernel: <EOI> [<ffffffff810bbff7>] ? clockevents_notify+0x127/0x140
kernel: [<ffffffff814834df>] ? cpuidle_enter_state+0x4f/0xc0
kernel: [<ffffffff81483615>] cpuidle_idle_call+0xc5/0x200
kernel: [<ffffffff8101bc7e>] arch_cpu_idle+0xe/0x30
kernel: [<ffffffff810b4725>] cpu_startup_entry+0xf5/0x290
kernel: [<ffffffff815cfee1>] start_secondary+0x265/0x27b
kernel: ---[ end trace 11aa7726f18d7e80 ]---
Fixes: a848ade408b ("bnx2x: add CSUM and TSO support for encapsulation protocols")
Reported-by: Yulong Pei <ypei@redhat.com>
Cc: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: Dmitry Kravkov <Dmitry.Kravkov@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 +++++++++
2 files changed, 10 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
index ec61190..a162f82 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
@@ -337,6 +337,7 @@ struct sw_tx_bd {
u8 flags;
/* Set on the first BD descriptor when there is a split BD */
#define BNX2X_TSO_SPLIT_BD (1<<0)
+#define BNX2X_HAS_SECOND_PBD (1<<1)
};
struct sw_rx_page {
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index db7654a..6089bc4 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -186,6 +186,12 @@ static u16 bnx2x_free_tx_pkt(struct bnx2x *bp, struct bnx2x_fp_txdata *txdata,
--nbd;
bd_idx = TX_BD(NEXT_TX_IDX(bd_idx));
+ if (tx_buf->flags & BNX2X_HAS_SECOND_PBD) {
+ /* Skip second parse bd... */
+ --nbd;
+ bd_idx = TX_BD(NEXT_TX_IDX(bd_idx));
+ }
+
/* TSO headers+data bds share a common mapping. See bnx2x_tx_split() */
if (tx_buf->flags & BNX2X_TSO_SPLIT_BD) {
tx_data_bd = &txdata->tx_desc_ring[bd_idx].reg_bd;
@@ -3825,6 +3831,9 @@ netdev_tx_t bnx2x_start_xmit(struct sk_buff *skb, struct net_device *dev)
/* set encapsulation flag in start BD */
SET_FLAG(tx_start_bd->general_data,
ETH_TX_START_BD_TUNNEL_EXIST, 1);
+
+ tx_buf->flags |= BNX2X_HAS_SECOND_PBD;
+
nbd++;
} else if (xmit_type & XMIT_CSUM) {
/* Set PBD in checksum offload case w/o encapsulation */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 004/187] inetpeer: get rid of ip_id_count
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (2 preceding siblings ...)
2014-09-15 22:06 ` [PATCH 3.13 003/187] bnx2x: fix crash during TSO tunneling Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 005/187] ip: make IP identifiers less predictable Kamal Mostafa
` (183 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 73f156a6e8c1074ac6327e0abd1169e95eb66463 ]
Ideally, we would need to generate IP ID using a per destination IP
generator.
linux kernels used inet_peer cache for this purpose, but this had a huge
cost on servers disabling MTU discovery.
1) each inet_peer struct consumes 192 bytes
2) inetpeer cache uses a binary tree of inet_peer structs,
with a nominal size of ~66000 elements under load.
3) lookups in this tree are hitting a lot of cache lines, as tree depth
is about 20.
4) If server deals with many tcp flows, we have a high probability of
not finding the inet_peer, allocating a fresh one, inserting it in
the tree with same initial ip_id_count, (cf secure_ip_id())
5) We garbage collect inet_peer aggressively.
IP ID generation do not have to be 'perfect'
Goal is trying to avoid duplicates in a short period of time,
so that reassembly units have a chance to complete reassembly of
fragments belonging to one message before receiving other fragments
with a recycled ID.
We simply use an array of generators, and a Jenkin hash using the dst IP
as a key.
ipv6_select_ident() is put back into net/ipv6/ip6_output.c where it
belongs (it is only used from this file)
secure_ip_id() and secure_ipv6_id() no longer are needed.
Rename ip_select_ident_more() to ip_select_ident_segs() to avoid
unnecessary decrement/increment of the number of segments.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ppp/pptp.c | 2 +-
include/net/inetpeer.h | 16 +++------------
include/net/ip.h | 40 ++++++++++++++++++++----------------
include/net/ipv6.h | 2 --
include/net/secure_seq.h | 2 --
net/core/secure_seq.c | 25 -----------------------
net/ipv4/igmp.c | 4 ++--
net/ipv4/inetpeer.c | 18 -----------------
net/ipv4/ip_output.c | 7 +++----
net/ipv4/ip_tunnel_core.c | 2 +-
net/ipv4/ipmr.c | 2 +-
net/ipv4/raw.c | 2 +-
net/ipv4/route.c | 45 +++++++++++++++--------------------------
net/ipv4/xfrm4_mode_tunnel.c | 2 +-
net/ipv6/ip6_output.c | 12 +++++++++++
net/ipv6/output_core.c | 23 ---------------------
net/netfilter/ipvs/ip_vs_xmit.c | 2 +-
17 files changed, 65 insertions(+), 141 deletions(-)
diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
index 0180531..1aff970 100644
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -281,7 +281,7 @@ static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
nf_reset(skb);
skb->ip_summed = CHECKSUM_NONE;
- ip_select_ident(skb, &rt->dst, NULL);
+ ip_select_ident(skb, NULL);
ip_send_check(iph);
ip_local_out(skb);
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
index 9a93930..83cf417 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -41,14 +41,13 @@ struct inet_peer {
struct rcu_head gc_rcu;
};
/*
- * Once inet_peer is queued for deletion (refcnt == -1), following fields
- * are not available: rid, ip_id_count
+ * Once inet_peer is queued for deletion (refcnt == -1), following field
+ * is not available: rid
* We can share memory with rcu_head to help keep inet_peer small.
*/
union {
struct {
atomic_t rid; /* Frag reception counter */
- atomic_t ip_id_count; /* IP ID for the next packet */
};
struct rcu_head rcu;
struct inet_peer *gc_next;
@@ -166,7 +165,7 @@ void inetpeer_invalidate_tree(struct inet_peer_base *);
void inetpeer_invalidate_family(int family);
/*
- * temporary check to make sure we dont access rid, ip_id_count, tcp_ts,
+ * temporary check to make sure we dont access rid, tcp_ts,
* tcp_ts_stamp if no refcount is taken on inet_peer
*/
static inline void inet_peer_refcheck(const struct inet_peer *p)
@@ -174,13 +173,4 @@ static inline void inet_peer_refcheck(const struct inet_peer *p)
WARN_ON_ONCE(atomic_read(&p->refcnt) <= 0);
}
-
-/* can be called with or without local BH being disabled */
-static inline int inet_getid(struct inet_peer *p, int more)
-{
- more++;
- inet_peer_refcheck(p);
- return atomic_add_return(more, &p->ip_id_count) - more;
-}
-
#endif /* _NET_INETPEER_H */
diff --git a/include/net/ip.h b/include/net/ip.h
index 5a25f36..3bd9cef 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -269,9 +269,19 @@ int ip_dont_fragment(struct sock *sk, struct dst_entry *dst)
!(dst_metric_locked(dst, RTAX_MTU)));
}
-void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more);
+#define IP_IDENTS_SZ 2048u
+extern atomic_t *ip_idents;
-static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk)
+static inline u32 ip_idents_reserve(u32 hash, int segs)
+{
+ atomic_t *id_ptr = ip_idents + hash % IP_IDENTS_SZ;
+
+ return atomic_add_return(segs, id_ptr) - segs;
+}
+
+void __ip_select_ident(struct iphdr *iph, int segs);
+
+static inline void ip_select_ident_segs(struct sk_buff *skb, struct sock *sk, int segs)
{
struct iphdr *iph = ip_hdr(skb);
@@ -281,24 +291,20 @@ static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry *dst, s
* does not change, they drop every other packet in
* a TCP stream using header compression.
*/
- iph->id = (sk && inet_sk(sk)->inet_daddr) ?
- htons(inet_sk(sk)->inet_id++) : 0;
- } else
- __ip_select_ident(iph, dst, 0);
-}
-
-static inline void ip_select_ident_more(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk, int more)
-{
- struct iphdr *iph = ip_hdr(skb);
-
- if ((iph->frag_off & htons(IP_DF)) && !skb->local_df) {
if (sk && inet_sk(sk)->inet_daddr) {
iph->id = htons(inet_sk(sk)->inet_id);
- inet_sk(sk)->inet_id += 1 + more;
- } else
+ inet_sk(sk)->inet_id += segs;
+ } else {
iph->id = 0;
- } else
- __ip_select_ident(iph, dst, more);
+ }
+ } else {
+ __ip_select_ident(iph, segs);
+ }
+}
+
+static inline void ip_select_ident(struct sk_buff *skb, struct sock *sk)
+{
+ ip_select_ident_segs(skb, sk, 1);
}
/*
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 488316e..d164d0c 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -660,8 +660,6 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add
return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
}
-void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt);
-
int ip6_dst_hoplimit(struct dst_entry *dst);
/*
diff --git a/include/net/secure_seq.h b/include/net/secure_seq.h
index f257486..3f36d45 100644
--- a/include/net/secure_seq.h
+++ b/include/net/secure_seq.h
@@ -3,8 +3,6 @@
#include <linux/types.h>
-__u32 secure_ip_id(__be32 daddr);
-__u32 secure_ipv6_id(const __be32 daddr[4]);
u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
__be16 dport);
diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c
index 897da56..ba71212 100644
--- a/net/core/secure_seq.c
+++ b/net/core/secure_seq.c
@@ -85,31 +85,6 @@ EXPORT_SYMBOL(secure_ipv6_port_ephemeral);
#endif
#ifdef CONFIG_INET
-__u32 secure_ip_id(__be32 daddr)
-{
- u32 hash[MD5_DIGEST_WORDS];
-
- net_secret_init();
- hash[0] = (__force __u32) daddr;
- hash[1] = net_secret[13];
- hash[2] = net_secret[14];
- hash[3] = net_secret[15];
-
- md5_transform(hash, net_secret);
-
- return hash[0];
-}
-
-__u32 secure_ipv6_id(const __be32 daddr[4])
-{
- __u32 hash[4];
-
- net_secret_init();
- memcpy(hash, daddr, 16);
- md5_transform(hash, net_secret);
-
- return hash[0];
-}
__u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
__be16 sport, __be16 dport)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 9fa5c09..94d40cc 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -369,7 +369,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
pip->saddr = fl4.saddr;
pip->protocol = IPPROTO_IGMP;
pip->tot_len = 0; /* filled in later */
- ip_select_ident(skb, &rt->dst, NULL);
+ ip_select_ident(skb, NULL);
((u8 *)&pip[1])[0] = IPOPT_RA;
((u8 *)&pip[1])[1] = 4;
((u8 *)&pip[1])[2] = 0;
@@ -714,7 +714,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
iph->daddr = dst;
iph->saddr = fl4.saddr;
iph->protocol = IPPROTO_IGMP;
- ip_select_ident(skb, &rt->dst, NULL);
+ ip_select_ident(skb, NULL);
((u8 *)&iph[1])[0] = IPOPT_RA;
((u8 *)&iph[1])[1] = 4;
((u8 *)&iph[1])[2] = 0;
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index 33d5537..67140ef 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -26,20 +26,7 @@
* Theory of operations.
* We keep one entry for each peer IP address. The nodes contains long-living
* information about the peer which doesn't depend on routes.
- * At this moment this information consists only of ID field for the next
- * outgoing IP packet. This field is incremented with each packet as encoded
- * in inet_getid() function (include/net/inetpeer.h).
- * At the moment of writing this notes identifier of IP packets is generated
- * to be unpredictable using this code only for packets subjected
- * (actually or potentially) to defragmentation. I.e. DF packets less than
- * PMTU in size when local fragmentation is disabled use a constant ID and do
- * not use this code (see ip_select_ident() in include/net/ip.h).
*
- * Route cache entries hold references to our nodes.
- * New cache entries get references via lookup by destination IP address in
- * the avl tree. The reference is grabbed only when it's needed i.e. only
- * when we try to output IP packet which needs an unpredictable ID (see
- * __ip_select_ident() in net/ipv4/route.c).
* Nodes are removed only when reference counter goes to 0.
* When it's happened the node may be removed when a sufficient amount of
* time has been passed since its last use. The less-recently-used entry can
@@ -62,7 +49,6 @@
* refcnt: atomically against modifications on other CPU;
* usually under some other lock to prevent node disappearing
* daddr: unchangeable
- * ip_id_count: atomic value (no lock needed)
*/
static struct kmem_cache *peer_cachep __read_mostly;
@@ -504,10 +490,6 @@ relookup:
p->daddr = *daddr;
atomic_set(&p->refcnt, 1);
atomic_set(&p->rid, 0);
- atomic_set(&p->ip_id_count,
- (daddr->family == AF_INET) ?
- secure_ip_id(daddr->addr.a4) :
- secure_ipv6_id(daddr->addr.a6));
p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW;
p->rate_tokens = 0;
/* 60*HZ is arbitrary, but chosen enough high so that the first
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index df18461..5352214 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -148,7 +148,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr);
iph->saddr = saddr;
iph->protocol = sk->sk_protocol;
- ip_select_ident(skb, &rt->dst, sk);
+ ip_select_ident(skb, sk);
if (opt && opt->opt.optlen) {
iph->ihl += opt->opt.optlen>>2;
@@ -386,8 +386,7 @@ packet_routed:
ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0);
}
- ip_select_ident_more(skb, &rt->dst, sk,
- (skb_shinfo(skb)->gso_segs ?: 1) - 1);
+ ip_select_ident_segs(skb, sk, skb_shinfo(skb)->gso_segs ?: 1);
skb->priority = sk->sk_priority;
skb->mark = sk->sk_mark;
@@ -1339,7 +1338,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk,
iph->ttl = ttl;
iph->protocol = sk->sk_protocol;
ip_copy_addrs(iph, fl4);
- ip_select_ident(skb, &rt->dst, sk);
+ ip_select_ident(skb, sk);
if (opt) {
iph->ihl += opt->optlen>>2;
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 42ffbc8..67bd005 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -74,7 +74,7 @@ int iptunnel_xmit(struct rtable *rt, struct sk_buff *skb,
iph->daddr = dst;
iph->saddr = src;
iph->ttl = ttl;
- __ip_select_ident(iph, &rt->dst, (skb_shinfo(skb)->gso_segs ?: 1) - 1);
+ __ip_select_ident(iph, skb_shinfo(skb)->gso_segs ?: 1);
err = ip_local_out(skb);
if (unlikely(net_xmit_eval(err)))
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 6fbf339..648ba5e 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1661,7 +1661,7 @@ static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr)
iph->protocol = IPPROTO_IPIP;
iph->ihl = 5;
iph->tot_len = htons(skb->len);
- ip_select_ident(skb, skb_dst(skb), NULL);
+ ip_select_ident(skb, NULL);
ip_send_check(iph);
memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 23c3e5b..3022aed 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -389,7 +389,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
iph->check = 0;
iph->tot_len = htons(length);
if (!iph->id)
- ip_select_ident(skb, &rt->dst, NULL);
+ ip_select_ident(skb, NULL);
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
}
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 566bfa5..4d52f74 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -89,6 +89,7 @@
#include <linux/rcupdate.h>
#include <linux/times.h>
#include <linux/slab.h>
+#include <linux/jhash.h>
#include <net/dst.h>
#include <net/net_namespace.h>
#include <net/protocol.h>
@@ -465,39 +466,19 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
return neigh_create(&arp_tbl, pkey, dev);
}
-/*
- * Peer allocation may fail only in serious out-of-memory conditions. However
- * we still can generate some output.
- * Random ID selection looks a bit dangerous because we have no chances to
- * select ID being unique in a reasonable period of time.
- * But broken packet identifier may be better than no packet at all.
- */
-static void ip_select_fb_ident(struct iphdr *iph)
-{
- static DEFINE_SPINLOCK(ip_fb_id_lock);
- static u32 ip_fallback_id;
- u32 salt;
+atomic_t *ip_idents __read_mostly;
+EXPORT_SYMBOL(ip_idents);
- spin_lock_bh(&ip_fb_id_lock);
- salt = secure_ip_id((__force __be32)ip_fallback_id ^ iph->daddr);
- iph->id = htons(salt & 0xFFFF);
- ip_fallback_id = salt;
- spin_unlock_bh(&ip_fb_id_lock);
-}
-
-void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
+void __ip_select_ident(struct iphdr *iph, int segs)
{
- struct net *net = dev_net(dst->dev);
- struct inet_peer *peer;
+ static u32 ip_idents_hashrnd __read_mostly;
+ u32 hash, id;
- peer = inet_getpeer_v4(net->ipv4.peers, iph->daddr, 1);
- if (peer) {
- iph->id = htons(inet_getid(peer, more));
- inet_putpeer(peer);
- return;
- }
+ net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
- ip_select_fb_ident(iph);
+ hash = jhash_1word((__force u32)iph->daddr, ip_idents_hashrnd);
+ id = ip_idents_reserve(hash, segs);
+ iph->id = htons(id);
}
EXPORT_SYMBOL(__ip_select_ident);
@@ -2716,6 +2697,12 @@ int __init ip_rt_init(void)
{
int rc = 0;
+ ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL);
+ if (!ip_idents)
+ panic("IP: failed to allocate ip_idents\n");
+
+ prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
+
#ifdef CONFIG_IP_ROUTE_CLASSID
ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
if (!ip_rt_acct)
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index 31b1815..1f564a1 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -117,12 +117,12 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
- ip_select_ident(skb, dst->child, NULL);
top_iph->ttl = ip4_dst_hoplimit(dst->child);
top_iph->saddr = x->props.saddr.a4;
top_iph->daddr = x->id.daddr.a4;
+ ip_select_ident(skb, NULL);
return 0;
}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index e86c22e..726f113 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -516,6 +516,18 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
skb_copy_secmark(to, from);
}
+static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
+{
+ static u32 ip6_idents_hashrnd __read_mostly;
+ u32 hash, id;
+
+ net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
+
+ hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
+ id = ip_idents_reserve(hash, 1);
+ fhdr->identification = htonl(id);
+}
+
int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
{
struct sk_buff *frag;
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
index b31a012..798eb0f 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -7,29 +7,6 @@
#include <net/ip6_fib.h>
#include <net/addrconf.h>
-void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
-{
- static atomic_t ipv6_fragmentation_id;
- int ident;
-
-#if IS_ENABLED(CONFIG_IPV6)
- if (rt && !(rt->dst.flags & DST_NOPEER)) {
- struct inet_peer *peer;
- struct net *net;
-
- net = dev_net(rt->dst.dev);
- peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
- if (peer) {
- fhdr->identification = htonl(inet_getid(peer, 0));
- inet_putpeer(peer);
- return;
- }
- }
-#endif
- ident = atomic_inc_return(&ipv6_fragmentation_id);
- fhdr->identification = htonl(ident);
-}
-EXPORT_SYMBOL(ipv6_select_ident);
int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
{
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index c47444e..7f0e1cf 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -883,7 +883,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
iph->daddr = cp->daddr.ip;
iph->saddr = saddr;
iph->ttl = old_iph->ttl;
- ip_select_ident(skb, &rt->dst, NULL);
+ ip_select_ident(skb, NULL);
/* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 005/187] ip: make IP identifiers less predictable
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (3 preceding siblings ...)
2014-09-15 22:06 ` [PATCH 3.13 004/187] inetpeer: get rid of ip_id_count Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 006/187] tcp: Fix integer-overflows in TCP veno Kamal Mostafa
` (182 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Willy Tarreau, Hannes Frederic Sowa,
David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 04ca6973f7c1a0d8537f2d9906a0cf8e69886d75 ]
In "Counting Packets Sent Between Arbitrary Internet Hosts", Jeffrey and
Jedidiah describe ways exploiting linux IP identifier generation to
infer whether two machines are exchanging packets.
With commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count"), we
changed IP id generation, but this does not really prevent this
side-channel technique.
This patch adds a random amount of perturbation so that IP identifiers
for a given destination [1] are no longer monotonically increasing after
an idle period.
Note that prandom_u32_max(1) returns 0, so if generator is used at most
once per jiffy, this patch inserts no hole in the ID suite and do not
increase collision probability.
This is jiffies based, so in the worst case (HZ=1000), the id can
rollover after ~65 seconds of idle time, which should be fine.
We also change the hash used in __ip_select_ident() to not only hash
on daddr, but also saddr and protocol, so that ICMP probes can not be
used to infer information for other protocols.
For IPv6, adds saddr into the hash as well, but not nexthdr.
If I ping the patched target, we can see ID are now hard to predict.
21:57:11.008086 IP (...)
A > target: ICMP echo request, seq 1, length 64
21:57:11.010752 IP (... id 2081 ...)
target > A: ICMP echo reply, seq 1, length 64
21:57:12.013133 IP (...)
A > target: ICMP echo request, seq 2, length 64
21:57:12.015737 IP (... id 3039 ...)
target > A: ICMP echo reply, seq 2, length 64
21:57:13.016580 IP (...)
A > target: ICMP echo request, seq 3, length 64
21:57:13.019251 IP (... id 3437 ...)
target > A: ICMP echo reply, seq 3, length 64
[1] TCP sessions uses a per flow ID generator not changed by this patch.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jeffrey Knockel <jeffk@cs.unm.edu>
Reported-by: Jedidiah R. Crandall <crandall@cs.unm.edu>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Hannes Frederic Sowa <hannes@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/ip.h | 11 +----------
net/ipv4/route.c | 36 +++++++++++++++++++++++++++++++++---
net/ipv6/ip6_output.c | 2 ++
3 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/include/net/ip.h b/include/net/ip.h
index 3bd9cef..d48b2e8 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -269,16 +269,7 @@ int ip_dont_fragment(struct sock *sk, struct dst_entry *dst)
!(dst_metric_locked(dst, RTAX_MTU)));
}
-#define IP_IDENTS_SZ 2048u
-extern atomic_t *ip_idents;
-
-static inline u32 ip_idents_reserve(u32 hash, int segs)
-{
- atomic_t *id_ptr = ip_idents + hash % IP_IDENTS_SZ;
-
- return atomic_add_return(segs, id_ptr) - segs;
-}
-
+u32 ip_idents_reserve(u32 hash, int segs);
void __ip_select_ident(struct iphdr *iph, int segs);
static inline void ip_select_ident_segs(struct sk_buff *skb, struct sock *sk, int segs)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 4d52f74..caadba0 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -466,8 +466,35 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
return neigh_create(&arp_tbl, pkey, dev);
}
-atomic_t *ip_idents __read_mostly;
-EXPORT_SYMBOL(ip_idents);
+#define IP_IDENTS_SZ 2048u
+struct ip_ident_bucket {
+ atomic_t id;
+ u32 stamp32;
+};
+
+static struct ip_ident_bucket *ip_idents __read_mostly;
+
+/* In order to protect privacy, we add a perturbation to identifiers
+ * if one generator is seldom used. This makes hard for an attacker
+ * to infer how many packets were sent between two points in time.
+ */
+u32 ip_idents_reserve(u32 hash, int segs)
+{
+ struct ip_ident_bucket *bucket = ip_idents + hash % IP_IDENTS_SZ;
+ u32 old = ACCESS_ONCE(bucket->stamp32);
+ u32 now = (u32)jiffies;
+ u32 delta = 0;
+
+ if (old != now && cmpxchg(&bucket->stamp32, old, now) == old) {
+ u64 x = prandom_u32();
+
+ x *= (now - old);
+ delta = (u32)(x >> 32);
+ }
+
+ return atomic_add_return(segs + delta, &bucket->id) - segs;
+}
+EXPORT_SYMBOL(ip_idents_reserve);
void __ip_select_ident(struct iphdr *iph, int segs)
{
@@ -476,7 +503,10 @@ void __ip_select_ident(struct iphdr *iph, int segs)
net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
- hash = jhash_1word((__force u32)iph->daddr, ip_idents_hashrnd);
+ hash = jhash_3words((__force u32)iph->daddr,
+ (__force u32)iph->saddr,
+ iph->protocol,
+ ip_idents_hashrnd);
id = ip_idents_reserve(hash, segs);
iph->id = htons(id);
}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 726f113..6622e14 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -524,6 +524,8 @@ static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
+ hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash);
+
id = ip_idents_reserve(hash, 1);
fhdr->identification = htonl(id);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 006/187] tcp: Fix integer-overflows in TCP veno
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (4 preceding siblings ...)
2014-09-15 22:06 ` [PATCH 3.13 005/187] ip: make IP identifiers less predictable Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 007/187] tcp: Fix integer-overflow in TCP vegas Kamal Mostafa
` (181 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christoph Paasch, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Paasch <christoph.paasch@uclouvain.be>
[ Upstream commit 45a07695bc64b3ab5d6d2215f9677e5b8c05a7d0 ]
In veno we do a multiplication of the cwnd and the rtt. This
may overflow and thus their result is stored in a u64. However, we first
need to cast the cwnd so that actually 64-bit arithmetic is done.
A first attempt at fixing 76f1017757aa0 ([TCP]: TCP Veno congestion
control) was made by 159131149c2 (tcp: Overflow bug in Vegas), but it
failed to add the required cast in tcp_veno_cong_avoid().
Fixes: 76f1017757aa0 ([TCP]: TCP Veno congestion control)
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/tcp_veno.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_veno.c b/net/ipv4/tcp_veno.c
index 326475a..603ad49 100644
--- a/net/ipv4/tcp_veno.c
+++ b/net/ipv4/tcp_veno.c
@@ -145,7 +145,7 @@ static void tcp_veno_cong_avoid(struct sock *sk, u32 ack, u32 acked,
rtt = veno->minrtt;
- target_cwnd = (tp->snd_cwnd * veno->basertt);
+ target_cwnd = (u64)tp->snd_cwnd * veno->basertt;
target_cwnd <<= V_PARAM_SHIFT;
do_div(target_cwnd, rtt);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 007/187] tcp: Fix integer-overflow in TCP vegas
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (5 preceding siblings ...)
2014-09-15 22:06 ` [PATCH 3.13 006/187] tcp: Fix integer-overflows in TCP veno Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 008/187] macvlan: Initialize vlan_features to turn on offload support Kamal Mostafa
` (180 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Stephen Hemminger, Neal Cardwell, Eric Dumazet, David Laight,
Doug Leith, Christoph Paasch, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Paasch <christoph.paasch@uclouvain.be>
[ Upstream commit 1f74e613ded11517db90b2bd57e9464d9e0fb161 ]
In vegas we do a multiplication of the cwnd and the rtt. This
may overflow and thus their result is stored in a u64. However, we first
need to cast the cwnd so that actually 64-bit arithmetic is done.
Then, we need to do do_div to allow this to be used on 32-bit arches.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Doug Leith <doug.leith@nuim.ie>
Fixes: 8d3a564da34e (tcp: tcp_vegas cong avoid fix)
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ipv4/tcp_vegas.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_vegas.c b/net/ipv4/tcp_vegas.c
index 06cae62..6b1a5fd 100644
--- a/net/ipv4/tcp_vegas.c
+++ b/net/ipv4/tcp_vegas.c
@@ -219,7 +219,8 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked,
* This is:
* (actual rate in segments) * baseRTT
*/
- target_cwnd = tp->snd_cwnd * vegas->baseRTT / rtt;
+ target_cwnd = (u64)tp->snd_cwnd * vegas->baseRTT;
+ do_div(target_cwnd, rtt);
/* Calculate the difference between the window we had,
* and the window we would like to have. This quantity
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 008/187] macvlan: Initialize vlan_features to turn on offload support.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (6 preceding siblings ...)
2014-09-15 22:06 ` [PATCH 3.13 007/187] tcp: Fix integer-overflow in TCP vegas Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 009/187] net: Correctly set segment mac_len in skb_segment() Kamal Mostafa
` (179 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Vlad Yasevich, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Yasevich <vyasevic@redhat.com>
[ Upstream commit 081e83a78db9b0ae1f5eabc2dedecc865f509b98 ]
Macvlan devices do not initialize vlan_features. As a result,
any vlan devices configured on top of macvlans perform very poorly.
Initialize vlan_features based on the vlan features of the lower-level
device.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/macvlan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 333f8bc..a430b99 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -549,6 +549,7 @@ static int macvlan_init(struct net_device *dev)
(lowerdev->state & MACVLAN_STATE_MASK);
dev->features = lowerdev->features & MACVLAN_FEATURES;
dev->features |= ALWAYS_ON_FEATURES;
+ dev->vlan_features = lowerdev->vlan_features & MACVLAN_FEATURES;
dev->gso_max_size = lowerdev->gso_max_size;
dev->iflink = lowerdev->ifindex;
dev->hard_header_len = lowerdev->hard_header_len;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 009/187] net: Correctly set segment mac_len in skb_segment().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (7 preceding siblings ...)
2014-09-15 22:06 ` [PATCH 3.13 008/187] macvlan: Initialize vlan_features to turn on offload support Kamal Mostafa
@ 2014-09-15 22:06 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 010/187] iovec: make sure the caller actually wants anything in memcpy_fromiovecend Kamal Mostafa
` (178 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:06 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Vlad Yasevich, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Yasevich <vyasevic@redhat.com>
[ Upstream commit fcdfe3a7fa4cb74391d42b6a26dc07c20dab1d82 ]
When performing segmentation, the mac_len value is copied right
out of the original skb. However, this value is not always set correctly
(like when the packet is VLAN-tagged) and we'll end up copying a bad
value.
One way to demonstrate this is to configure a VM which tags
packets internally and turn off VLAN acceleration on the forwarding
bridge port. The packets show up corrupt like this:
16:18:24.985548 52:54:00:ab:be:25 > 52:54:00:26:ce:a3, ethertype 802.1Q
(0x8100), length 1518: vlan 100, p 0, ethertype 0x05e0,
0x0000: 8cdb 1c7c 8cdb 0064 4006 b59d 0a00 6402 ...|...d@.....d.
0x0010: 0a00 6401 9e0d b441 0a5e 64ec 0330 14fa ..d....A.^d..0..
0x0020: 29e3 01c9 f871 0000 0101 080a 000a e833)....q.........3
0x0030: 000f 8c75 6e65 7470 6572 6600 6e65 7470 ...unetperf.netp
0x0040: 6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
0x0050: 6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
0x0060: 6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
...
This also leads to awful throughput as GSO packets are dropped and
cause retransmissions.
The solution is to set the mac_len using the values already available
in then new skb. We've already adjusted all of the header offset, so we
might as well correctly figure out the mac_len using skb_reset_mac_len().
After this change, packets are segmented correctly and performance
is restored.
CC: Eric Dumazet <edumazet@google.com>
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/core/skbuff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index f7eca05..808a270 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2872,9 +2872,9 @@ struct sk_buff *skb_segment(struct sk_buff *head_skb,
tail = nskb;
__copy_skb_header(nskb, head_skb);
- nskb->mac_len = head_skb->mac_len;
skb_headers_offset_update(nskb, skb_headroom(nskb) - headroom);
+ skb_reset_mac_len(nskb);
skb_copy_from_linear_data_offset(head_skb, -tnl_hlen,
nskb->data - tnl_hlen,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 010/187] iovec: make sure the caller actually wants anything in memcpy_fromiovecend
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (8 preceding siblings ...)
2014-09-15 22:06 ` [PATCH 3.13 009/187] net: Correctly set segment mac_len in skb_segment() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 011/187] batman-adv: Fix out-of-order fragmentation support Kamal Mostafa
` (177 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sasha Levin, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sasha Levin <sasha.levin@oracle.com>
[ Upstream commit 06ebb06d49486676272a3c030bfeef4bd969a8e6 ]
Check for cases when the caller requests 0 bytes instead of running off
and dereferencing potentially invalid iovecs.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/core/iovec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/core/iovec.c b/net/core/iovec.c
index a9c46ba..26dc006 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -107,6 +107,10 @@ EXPORT_SYMBOL(memcpy_toiovecend);
int memcpy_fromiovecend(unsigned char *kdata, const struct iovec *iov,
int offset, int len)
{
+ /* No data? Done! */
+ if (len == 0)
+ return 0;
+
/* Skip over the finished iovecs */
while (offset >= iov->iov_len) {
offset -= iov->iov_len;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 011/187] batman-adv: Fix out-of-order fragmentation support
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (9 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 010/187] iovec: make sure the caller actually wants anything in memcpy_fromiovecend Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 012/187] sctp: fix possible seqlock seadlock in sctp_packet_transmit() Kamal Mostafa
` (176 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sven Eckelmann, Marek Lindner, Antonio Quartulli, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven@narfation.org>
[ Upstream commit d9124268d84a836f14a6ead54ff9d8eee4c43be5 ]
batadv_frag_insert_packet was unable to handle out-of-order packets because it
dropped them directly. This is caused by the way the fragmentation lists is
checked for the correct place to insert a fragmentation entry.
The fragmentation code keeps the fragments in lists. The fragmentation entries
are kept in descending order of sequence number. The list is traversed and each
entry is compared with the new fragment. If the current entry has a smaller
sequence number than the new fragment then the new one has to be inserted
before the current entry. This ensures that the list is still in descending
order.
An out-of-order packet with a smaller sequence number than all entries in the
list still has to be added to the end of the list. The used hlist has no
information about the last entry in the list inside hlist_head and thus the
last entry has to be calculated differently. Currently the code assumes that
the iterator variable of hlist_for_each_entry can be used for this purpose
after the hlist_for_each_entry finished. This is obviously wrong because the
iterator variable is always NULL when the list was completely traversed.
Instead the information about the last entry has to be stored in a different
variable.
This problem was introduced in 610bfc6bc99bc83680d190ebc69359a05fc7f605
("batman-adv: Receive fragmented packets and merge").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/batman-adv/fragmentation.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
index a674034..8a1d4b54 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -130,6 +130,7 @@ static bool batadv_frag_insert_packet(struct batadv_orig_node *orig_node,
{
struct batadv_frag_table_entry *chain;
struct batadv_frag_list_entry *frag_entry_new = NULL, *frag_entry_curr;
+ struct batadv_frag_list_entry *frag_entry_last = NULL;
struct batadv_frag_packet *frag_packet;
uint8_t bucket;
uint16_t seqno, hdr_size = sizeof(struct batadv_frag_packet);
@@ -182,11 +183,14 @@ static bool batadv_frag_insert_packet(struct batadv_orig_node *orig_node,
ret = true;
goto out;
}
+
+ /* store current entry because it could be the last in list */
+ frag_entry_last = frag_entry_curr;
}
- /* Reached the end of the list, so insert after 'frag_entry_curr'. */
- if (likely(frag_entry_curr)) {
- hlist_add_after(&frag_entry_curr->list, &frag_entry_new->list);
+ /* Reached the end of the list, so insert after 'frag_entry_last'. */
+ if (likely(frag_entry_last)) {
+ hlist_add_after(&frag_entry_last->list, &frag_entry_new->list);
chain->size += skb->len - hdr_size;
chain->timestamp = jiffies;
ret = true;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 012/187] sctp: fix possible seqlock seadlock in sctp_packet_transmit()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (10 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 011/187] batman-adv: Fix out-of-order fragmentation support Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 013/187] sparc64: Fix argument sign extension for compat_sys_futex() Kamal Mostafa
` (175 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Dumazet, Hannes Frederic Sowa, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 757efd32d5ce31f67193cc0e6a56e4dffcc42fb1 ]
Dave reported following splat, caused by improper use of
IP_INC_STATS_BH() in process context.
BUG: using __this_cpu_add() in preemptible [00000000] code: trinity-c117/14551
caller is __this_cpu_preempt_check+0x13/0x20
CPU: 3 PID: 14551 Comm: trinity-c117 Not tainted 3.16.0+ #33
ffffffff9ec898f0 0000000047ea7e23 ffff88022d32f7f0 ffffffff9e7ee207
0000000000000003 ffff88022d32f818 ffffffff9e397eaa ffff88023ee70b40
ffff88022d32f970 ffff8801c026d580 ffff88022d32f828 ffffffff9e397ee3
Call Trace:
[<ffffffff9e7ee207>] dump_stack+0x4e/0x7a
[<ffffffff9e397eaa>] check_preemption_disabled+0xfa/0x100
[<ffffffff9e397ee3>] __this_cpu_preempt_check+0x13/0x20
[<ffffffffc0839872>] sctp_packet_transmit+0x692/0x710 [sctp]
[<ffffffffc082a7f2>] sctp_outq_flush+0x2a2/0xc30 [sctp]
[<ffffffff9e0d985c>] ? mark_held_locks+0x7c/0xb0
[<ffffffff9e7f8c6d>] ? _raw_spin_unlock_irqrestore+0x5d/0x80
[<ffffffffc082b99a>] sctp_outq_uncork+0x1a/0x20 [sctp]
[<ffffffffc081e112>] sctp_cmd_interpreter.isra.23+0x1142/0x13f0 [sctp]
[<ffffffffc081c86b>] sctp_do_sm+0xdb/0x330 [sctp]
[<ffffffff9e0b8f1b>] ? preempt_count_sub+0xab/0x100
[<ffffffffc083b350>] ? sctp_cname+0x70/0x70 [sctp]
[<ffffffffc08389ca>] sctp_primitive_ASSOCIATE+0x3a/0x50 [sctp]
[<ffffffffc083358f>] sctp_sendmsg+0x88f/0xe30 [sctp]
[<ffffffff9e0d673a>] ? lock_release_holdtime.part.28+0x9a/0x160
[<ffffffff9e0d62ce>] ? put_lock_stats.isra.27+0xe/0x30
[<ffffffff9e73b624>] inet_sendmsg+0x104/0x220
[<ffffffff9e73b525>] ? inet_sendmsg+0x5/0x220
[<ffffffff9e68ac4e>] sock_sendmsg+0x9e/0xe0
[<ffffffff9e1c0c09>] ? might_fault+0xb9/0xc0
[<ffffffff9e1c0bae>] ? might_fault+0x5e/0xc0
[<ffffffff9e68b234>] SYSC_sendto+0x124/0x1c0
[<ffffffff9e0136b0>] ? syscall_trace_enter+0x250/0x330
[<ffffffff9e68c3ce>] SyS_sendto+0xe/0x10
[<ffffffff9e7f9be4>] tracesys+0xdd/0xe2
This is a followup of commits f1d8cba61c3c4b ("inet: fix possible
seqlock deadlocks") and 7f88c6b23afbd315 ("ipv6: fix possible seqlock
deadlock in ip6_finish_output2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Reported-by: Dave Jones <davej@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/sctp/output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sctp/output.c b/net/sctp/output.c
index 0fb140f..e867326 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -601,7 +601,7 @@ out:
return err;
no_route:
kfree_skb(nskb);
- IP_INC_STATS_BH(sock_net(asoc->base.sk), IPSTATS_MIB_OUTNOROUTES);
+ IP_INC_STATS(sock_net(asoc->base.sk), IPSTATS_MIB_OUTNOROUTES);
/* FIXME: Returning the 'err' will effect all the associations
* associated with a socket, although only one of the paths of the
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 013/187] sparc64: Fix argument sign extension for compat_sys_futex().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (11 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 012/187] sctp: fix possible seqlock seadlock in sctp_packet_transmit() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 014/187] sparc64: Make itc_sync_lock raw Kamal Mostafa
` (174 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit aa3449ee9c87d9b7660dd1493248abcc57769e31 ]
Only the second argument, 'op', is signed.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/kernel/sys32.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sparc/kernel/sys32.S b/arch/sparc/kernel/sys32.S
index f7c72b6..d066eb1 100644
--- a/arch/sparc/kernel/sys32.S
+++ b/arch/sparc/kernel/sys32.S
@@ -44,7 +44,7 @@ SIGN1(sys32_timer_settime, compat_sys_timer_settime, %o1)
SIGN1(sys32_io_submit, compat_sys_io_submit, %o1)
SIGN1(sys32_mq_open, compat_sys_mq_open, %o1)
SIGN1(sys32_select, compat_sys_select, %o0)
-SIGN3(sys32_futex, compat_sys_futex, %o1, %o2, %o5)
+SIGN1(sys32_futex, compat_sys_futex, %o1)
SIGN1(sys32_recvfrom, compat_sys_recvfrom, %o0)
SIGN1(sys32_recvmsg, compat_sys_recvmsg, %o0)
SIGN1(sys32_sendmsg, compat_sys_sendmsg, %o0)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 014/187] sparc64: Make itc_sync_lock raw
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (12 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 013/187] sparc64: Fix argument sign extension for compat_sys_futex() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 015/187] sparc64: Fix executable bit testing in set_pmd_at() paths Kamal Mostafa
` (173 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kirill Tkhai, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Kirill Tkhai <tkhai@yandex.ru>
[ Upstream commit 49b6c01f4c1de3b5e5427ac5aba80f9f6d27837a ]
One more place where we must not be able
to be preempted or to be interrupted in RT.
Always actually disable interrupts during
synchronization cycle.
Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/kernel/smp_64.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
index b085311..8416d7f 100644
--- a/arch/sparc/kernel/smp_64.c
+++ b/arch/sparc/kernel/smp_64.c
@@ -151,7 +151,7 @@ void cpu_panic(void)
#define NUM_ROUNDS 64 /* magic value */
#define NUM_ITERS 5 /* likewise */
-static DEFINE_SPINLOCK(itc_sync_lock);
+static DEFINE_RAW_SPINLOCK(itc_sync_lock);
static unsigned long go[SLAVE + 1];
#define DEBUG_TICK_SYNC 0
@@ -259,7 +259,7 @@ static void smp_synchronize_one_tick(int cpu)
go[MASTER] = 0;
membar_safe("#StoreLoad");
- spin_lock_irqsave(&itc_sync_lock, flags);
+ raw_spin_lock_irqsave(&itc_sync_lock, flags);
{
for (i = 0; i < NUM_ROUNDS*NUM_ITERS; i++) {
while (!go[MASTER])
@@ -270,7 +270,7 @@ static void smp_synchronize_one_tick(int cpu)
membar_safe("#StoreLoad");
}
}
- spin_unlock_irqrestore(&itc_sync_lock, flags);
+ raw_spin_unlock_irqrestore(&itc_sync_lock, flags);
}
#if defined(CONFIG_SUN_LDOMS) && defined(CONFIG_HOTPLUG_CPU)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 015/187] sparc64: Fix executable bit testing in set_pmd_at() paths.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (13 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 014/187] sparc64: Make itc_sync_lock raw Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 016/187] sparc64: Fix huge PMD invalidation Kamal Mostafa
` (172 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 5b1e94fa439a3227beefad58c28c17f68287a8e9 ]
This code was mistakenly using the exec bit from the PMD in all
cases, even when the PMD isn't a huge PMD.
If it's not a huge PMD, test the exec bit in the individual ptes down
in tlb_batch_pmd_scan().
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/mm/tlb.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
index ad3bf4b..3999297 100644
--- a/arch/sparc/mm/tlb.c
+++ b/arch/sparc/mm/tlb.c
@@ -135,7 +135,7 @@ no_cache_flush:
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr,
- pmd_t pmd, bool exec)
+ pmd_t pmd)
{
unsigned long end;
pte_t *pte;
@@ -143,8 +143,11 @@ static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr,
pte = pte_offset_map(&pmd, vaddr);
end = vaddr + HPAGE_SIZE;
while (vaddr < end) {
- if (pte_val(*pte) & _PAGE_VALID)
+ if (pte_val(*pte) & _PAGE_VALID) {
+ bool exec = pte_exec(*pte);
+
tlb_batch_add_one(mm, vaddr, exec);
+ }
pte++;
vaddr += PAGE_SIZE;
}
@@ -178,15 +181,15 @@ void set_pmd_at(struct mm_struct *mm, unsigned long addr,
}
if (!pmd_none(orig)) {
- pte_t orig_pte = __pte(pmd_val(orig));
- bool exec = pte_exec(orig_pte);
-
addr &= HPAGE_MASK;
if (pmd_trans_huge(orig)) {
+ pte_t orig_pte = __pte(pmd_val(orig));
+ bool exec = pte_exec(orig_pte);
+
tlb_batch_add_one(mm, addr, exec);
tlb_batch_add_one(mm, addr + REAL_HPAGE_SIZE, exec);
} else {
- tlb_batch_pmd_scan(mm, addr, orig, exec);
+ tlb_batch_pmd_scan(mm, addr, orig);
}
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 016/187] sparc64: Fix huge PMD invalidation.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (14 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 015/187] sparc64: Fix executable bit testing in set_pmd_at() paths Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 017/187] sparc64: Fix bugs in get_user_pages_fast() wrt. THP Kamal Mostafa
` (171 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 51e5ef1bb7ab0e5fa7de4e802da5ab22fe35f0bf ]
On sparc64 "present" and "valid" are seperate PTE bits, this allows us to
naturally distinguish between the user explicitly asking for PROT_NONE
with mprotect() and other situations.
However we weren't handling this properly in the huge PMD paths.
First of all, the page table walker in the TSB miss path only checks
for _PAGE_PMD_HUGE. So the generic pmdp_invalidate() would clear
_PAGE_PRESENT but the TLB miss paths would still load it into the TLB
as a valid huge PMD.
Fix this by clearing the valid bit in pmdp_invalidate(), and also
checking the valid bit in USER_PGTABLE_CHECK_PMD_HUGE using "brgez"
since _PAGE_VALID is bit 63 in both the sun4u and sun4v pte layouts.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 18 ++++--------------
arch/sparc/include/asm/tsb.h | 3 ++-
arch/sparc/mm/tlb.c | 11 +++++++++++
3 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index 0f9e945..e3db4b8 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -719,20 +719,6 @@ static inline pmd_t pmd_mkwrite(pmd_t pmd)
return __pmd(pte_val(pte));
}
-static inline pmd_t pmd_mknotpresent(pmd_t pmd)
-{
- unsigned long mask;
-
- if (tlb_type == hypervisor)
- mask = _PAGE_PRESENT_4V;
- else
- mask = _PAGE_PRESENT_4U;
-
- pmd_val(pmd) &= ~mask;
-
- return pmd;
-}
-
static inline pmd_t pmd_mksplitting(pmd_t pmd)
{
pte_t pte = __pte(pmd_val(pmd));
@@ -893,6 +879,10 @@ extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *);
extern void update_mmu_cache_pmd(struct vm_area_struct *vma, unsigned long addr,
pmd_t *pmd);
+#define __HAVE_ARCH_PMDP_INVALIDATE
+extern void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
+ pmd_t *pmdp);
+
#define __HAVE_ARCH_PGTABLE_DEPOSIT
extern void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
pgtable_t pgtable);
diff --git a/arch/sparc/include/asm/tsb.h b/arch/sparc/include/asm/tsb.h
index 2230f80..90916f9 100644
--- a/arch/sparc/include/asm/tsb.h
+++ b/arch/sparc/include/asm/tsb.h
@@ -171,7 +171,8 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
andcc REG1, REG2, %g0; \
be,pt %xcc, 700f; \
sethi %hi(4 * 1024 * 1024), REG2; \
- andn REG1, REG2, REG1; \
+ brgez,pn REG1, FAIL_LABEL; \
+ andn REG1, REG2, REG1; \
and VADDR, REG2, REG2; \
brlz,pt REG1, PTE_LABEL; \
or REG1, REG2, REG1; \
diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
index 3999297..28ae593 100644
--- a/arch/sparc/mm/tlb.c
+++ b/arch/sparc/mm/tlb.c
@@ -194,6 +194,17 @@ void set_pmd_at(struct mm_struct *mm, unsigned long addr,
}
}
+void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
+ pmd_t *pmdp)
+{
+ pmd_t entry = *pmdp;
+
+ pmd_val(entry) &= ~_PAGE_VALID;
+
+ set_pmd_at(vma->vm_mm, address, pmdp, entry);
+ flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE);
+}
+
void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
pgtable_t pgtable)
{
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 017/187] sparc64: Fix bugs in get_user_pages_fast() wrt. THP.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (15 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 016/187] sparc64: Fix huge PMD invalidation Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 018/187] sparc64: Fix hex values in comment above pte_modify() Kamal Mostafa
` (170 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 04df419de34104d8818b8c5cffaa062fa36d20ea ]
The large PMD path needs to check _PAGE_VALID not _PAGE_PRESENT, to
decide if it needs to bail and return 0.
pmd_large() should therefore just check _PAGE_PMD_HUGE.
Calls to gup_huge_pmd() are guarded with a check of pmd_large(), so we
just need to add a valid bit check.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 2 +-
arch/sparc/mm/gup.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index e3db4b8..1f28103 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -633,7 +633,7 @@ static inline unsigned long pmd_large(pmd_t pmd)
{
pte_t pte = __pte(pmd_val(pmd));
- return (pte_val(pte) & _PAGE_PMD_HUGE) && pte_present(pte);
+ return pte_val(pte) & _PAGE_PMD_HUGE;
}
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
index c4d3da6..1aed043 100644
--- a/arch/sparc/mm/gup.c
+++ b/arch/sparc/mm/gup.c
@@ -73,7 +73,7 @@ static int gup_huge_pmd(pmd_t *pmdp, pmd_t pmd, unsigned long addr,
struct page *head, *page, *tail;
int refs;
- if (!pmd_large(pmd))
+ if (!(pmd_val(pmd) & _PAGE_VALID))
return 0;
if (write && !pmd_write(pmd))
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 018/187] sparc64: Fix hex values in comment above pte_modify().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (16 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 017/187] sparc64: Fix bugs in get_user_pages_fast() wrt. THP Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 019/187] sparc64: Don't use _PAGE_PRESENT in pte_modify() mask Kamal Mostafa
` (169 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit c2e4e676adb40ea764af79d3e08be954e14a0f4c ]
When _PAGE_SPECIAL and _PAGE_PMD_HUGE were added to the mask, the
comment was not updated.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index 1f28103..50b2d78 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -258,8 +258,8 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t prot)
{
unsigned long mask, tmp;
- /* SUN4U: 0x600307ffffffecb8 (negated == 0x9ffcf80000001347)
- * SUN4V: 0x30ffffffffffee17 (negated == 0xcf000000000011e8)
+ /* SUN4U: 0x630107ffffffecb8 (negated == 0x9cfef80000001347)
+ * SUN4V: 0x33ffffffffffee17 (negated == 0xcc000000000011e8)
*
* Even if we use negation tricks the result is still a 6
* instruction sequence, so don't try to play fancy and just
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 019/187] sparc64: Don't use _PAGE_PRESENT in pte_modify() mask.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (17 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 018/187] sparc64: Fix hex values in comment above pte_modify() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 020/187] sparc64: Handle 32-bit tasks properly in compute_effective_address() Kamal Mostafa
` (168 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit eaf85da82669b057f20c4e438dc2566b51a83af6 ]
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index 50b2d78..ac5f708 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -258,8 +258,8 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t prot)
{
unsigned long mask, tmp;
- /* SUN4U: 0x630107ffffffecb8 (negated == 0x9cfef80000001347)
- * SUN4V: 0x33ffffffffffee17 (negated == 0xcc000000000011e8)
+ /* SUN4U: 0x630107ffffffec38 (negated == 0x9cfef800000013c7)
+ * SUN4V: 0x33ffffffffffee07 (negated == 0xcc000000000011f8)
*
* Even if we use negation tricks the result is still a 6
* instruction sequence, so don't try to play fancy and just
@@ -289,10 +289,10 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t prot)
" .previous\n"
: "=r" (mask), "=r" (tmp)
: "i" (_PAGE_PADDR_4U | _PAGE_MODIFIED_4U | _PAGE_ACCESSED_4U |
- _PAGE_CP_4U | _PAGE_CV_4U | _PAGE_E_4U | _PAGE_PRESENT_4U |
+ _PAGE_CP_4U | _PAGE_CV_4U | _PAGE_E_4U |
_PAGE_SPECIAL | _PAGE_PMD_HUGE | _PAGE_SZALL_4U),
"i" (_PAGE_PADDR_4V | _PAGE_MODIFIED_4V | _PAGE_ACCESSED_4V |
- _PAGE_CP_4V | _PAGE_CV_4V | _PAGE_E_4V | _PAGE_PRESENT_4V |
+ _PAGE_CP_4V | _PAGE_CV_4V | _PAGE_E_4V |
_PAGE_SPECIAL | _PAGE_PMD_HUGE | _PAGE_SZALL_4V));
return __pte((pte_val(pte) & mask) | (pgprot_val(prot) & ~mask));
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 020/187] sparc64: Handle 32-bit tasks properly in compute_effective_address().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (18 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 019/187] sparc64: Don't use _PAGE_PRESENT in pte_modify() mask Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 021/187] sparc64: Fix top-level fault handling bugs Kamal Mostafa
` (167 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit d037d16372bbe4d580342bebbb8826821ad9edf0 ]
If we have a 32-bit task we must chop off the top 32-bits of the
64-bit value just as the cpu would.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/kernel/unaligned_64.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c
index 3c1a7cb..35ab8b6 100644
--- a/arch/sparc/kernel/unaligned_64.c
+++ b/arch/sparc/kernel/unaligned_64.c
@@ -166,17 +166,23 @@ static unsigned long *fetch_reg_addr(unsigned int reg, struct pt_regs *regs)
unsigned long compute_effective_address(struct pt_regs *regs,
unsigned int insn, unsigned int rd)
{
+ int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
unsigned int rs1 = (insn >> 14) & 0x1f;
unsigned int rs2 = insn & 0x1f;
- int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
+ unsigned long addr;
if (insn & 0x2000) {
maybe_flush_windows(rs1, 0, rd, from_kernel);
- return (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
+ addr = (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
} else {
maybe_flush_windows(rs1, rs2, rd, from_kernel);
- return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
+ addr = (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
}
+
+ if (!from_kernel && test_thread_flag(TIF_32BIT))
+ addr &= 0xffffffff;
+
+ return addr;
}
/* This is just to make gcc think die_if_kernel does return... */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 021/187] sparc64: Fix top-level fault handling bugs.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (19 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 020/187] sparc64: Handle 32-bit tasks properly in compute_effective_address() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 022/187] sparc64: Fix range check in kern_addr_valid() Kamal Mostafa
` (166 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 70ffc6ebaead783ac8dafb1e87df0039bb043596 ]
Make get_user_insn() able to cope with huge PMDs.
Next, make do_fault_siginfo() more robust when get_user_insn() can't
actually fetch the instruction. In particular, use the MMU announced
fault address when that happens, instead of calling
compute_effective_address() and computing garbage.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/mm/fault_64.c | 82 ++++++++++++++++++++++++++++++------------------
1 file changed, 52 insertions(+), 30 deletions(-)
diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
index 69bb818..a8ff0d1 100644
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -96,38 +96,51 @@ static unsigned int get_user_insn(unsigned long tpc)
pte_t *ptep, pte;
unsigned long pa;
u32 insn = 0;
- unsigned long pstate;
- if (pgd_none(*pgdp))
- goto outret;
+ if (pgd_none(*pgdp) || unlikely(pgd_bad(*pgdp)))
+ goto out;
pudp = pud_offset(pgdp, tpc);
- if (pud_none(*pudp))
- goto outret;
- pmdp = pmd_offset(pudp, tpc);
- if (pmd_none(*pmdp))
- goto outret;
+ if (pud_none(*pudp) || unlikely(pud_bad(*pudp)))
+ goto out;
/* This disables preemption for us as well. */
- __asm__ __volatile__("rdpr %%pstate, %0" : "=r" (pstate));
- __asm__ __volatile__("wrpr %0, %1, %%pstate"
- : : "r" (pstate), "i" (PSTATE_IE));
- ptep = pte_offset_map(pmdp, tpc);
- pte = *ptep;
- if (!pte_present(pte))
- goto out;
+ local_irq_disable();
- pa = (pte_pfn(pte) << PAGE_SHIFT);
- pa += (tpc & ~PAGE_MASK);
+ pmdp = pmd_offset(pudp, tpc);
+ if (pmd_none(*pmdp) || unlikely(pmd_bad(*pmdp)))
+ goto out_irq_enable;
+
+#ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ if (pmd_trans_huge(*pmdp)) {
+ if (pmd_trans_splitting(*pmdp))
+ goto out_irq_enable;
- /* Use phys bypass so we don't pollute dtlb/dcache. */
- __asm__ __volatile__("lduwa [%1] %2, %0"
- : "=r" (insn)
- : "r" (pa), "i" (ASI_PHYS_USE_EC));
+ pa = pmd_pfn(*pmdp) << PAGE_SHIFT;
+ pa += tpc & ~HPAGE_MASK;
+ /* Use phys bypass so we don't pollute dtlb/dcache. */
+ __asm__ __volatile__("lduwa [%1] %2, %0"
+ : "=r" (insn)
+ : "r" (pa), "i" (ASI_PHYS_USE_EC));
+ } else
+#endif
+ {
+ ptep = pte_offset_map(pmdp, tpc);
+ pte = *ptep;
+ if (pte_present(pte)) {
+ pa = (pte_pfn(pte) << PAGE_SHIFT);
+ pa += (tpc & ~PAGE_MASK);
+
+ /* Use phys bypass so we don't pollute dtlb/dcache. */
+ __asm__ __volatile__("lduwa [%1] %2, %0"
+ : "=r" (insn)
+ : "r" (pa), "i" (ASI_PHYS_USE_EC));
+ }
+ pte_unmap(ptep);
+ }
+out_irq_enable:
+ local_irq_enable();
out:
- pte_unmap(ptep);
- __asm__ __volatile__("wrpr %0, 0x0, %%pstate" : : "r" (pstate));
-outret:
return insn;
}
@@ -153,7 +166,8 @@ show_signal_msg(struct pt_regs *regs, int sig, int code,
}
static void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
- unsigned int insn, int fault_code)
+ unsigned long fault_addr, unsigned int insn,
+ int fault_code)
{
unsigned long addr;
siginfo_t info;
@@ -161,10 +175,18 @@ static void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
info.si_code = code;
info.si_signo = sig;
info.si_errno = 0;
- if (fault_code & FAULT_CODE_ITLB)
+ if (fault_code & FAULT_CODE_ITLB) {
addr = regs->tpc;
- else
- addr = compute_effective_address(regs, insn, 0);
+ } else {
+ /* If we were able to probe the faulting instruction, use it
+ * to compute a precise fault address. Otherwise use the fault
+ * time provided address which may only have page granularity.
+ */
+ if (insn)
+ addr = compute_effective_address(regs, insn, 0);
+ else
+ addr = fault_addr;
+ }
info.si_addr = (void __user *) addr;
info.si_trapno = 0;
@@ -239,7 +261,7 @@ static void __kprobes do_kernel_fault(struct pt_regs *regs, int si_code,
/* The si_code was set to make clear whether
* this was a SEGV_MAPERR or SEGV_ACCERR fault.
*/
- do_fault_siginfo(si_code, SIGSEGV, regs, insn, fault_code);
+ do_fault_siginfo(si_code, SIGSEGV, regs, address, insn, fault_code);
return;
}
@@ -525,7 +547,7 @@ do_sigbus:
* Send a sigbus, regardless of whether we were in kernel
* or user mode.
*/
- do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, insn, fault_code);
+ do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, address, insn, fault_code);
/* Kernel mode? Handle exceptions or die */
if (regs->tstate & TSTATE_PRIV)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 022/187] sparc64: Fix range check in kern_addr_valid().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (20 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 021/187] sparc64: Fix top-level fault handling bugs Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 023/187] sparc64: Use 'ILOG2_4MB' instead of constant '22' Kamal Mostafa
` (165 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit ee73887e92a69ae0a5cda21c68ea75a27804c944 ]
In commit b2d438348024b75a1ee8b66b85d77f569a5dfed8 ("sparc64: Make
PAGE_OFFSET variable."), the MAX_PHYS_ADDRESS_BITS value was increased
(to 47).
This constant reference to '41UL' was missed.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index ac5f708..ff97960 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -916,7 +916,7 @@ static inline bool kern_addr_valid(unsigned long addr)
{
unsigned long paddr = __pa(addr);
- if ((paddr >> 41UL) != 0UL)
+ if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
return false;
return test_bit(paddr >> 22, sparc64_valid_addr_bitmap);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 023/187] sparc64: Use 'ILOG2_4MB' instead of constant '22'.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (21 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 022/187] sparc64: Fix range check in kern_addr_valid() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 024/187] sparc64: Add basic validations to {pud,pmd}_bad() Kamal Mostafa
` (164 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 0eef331a3d0ee970dcbebd1bd5fcb57ca33ece01 ]
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 2 +-
arch/sparc/kernel/head_64.S | 4 ++--
arch/sparc/kernel/ktlb.S | 2 +-
arch/sparc/mm/init_64.c | 12 ++++++------
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index ff97960..0ad0a12 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -918,7 +918,7 @@ static inline bool kern_addr_valid(unsigned long addr)
if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
return false;
- return test_bit(paddr >> 22, sparc64_valid_addr_bitmap);
+ return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
}
extern int page_in_phys_avail(unsigned long paddr);
diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
index 26b706a..452f04f 100644
--- a/arch/sparc/kernel/head_64.S
+++ b/arch/sparc/kernel/head_64.S
@@ -282,8 +282,8 @@ sun4v_chip_type:
stx %l2, [%l4 + 0x0]
ldx [%sp + 2047 + 128 + 0x50], %l3 ! physaddr low
/* 4MB align */
- srlx %l3, 22, %l3
- sllx %l3, 22, %l3
+ srlx %l3, ILOG2_4MB, %l3
+ sllx %l3, ILOG2_4MB, %l3
stx %l3, [%l4 + 0x8]
/* Leave service as-is, "call-method" */
diff --git a/arch/sparc/kernel/ktlb.S b/arch/sparc/kernel/ktlb.S
index 542e96a..605d492 100644
--- a/arch/sparc/kernel/ktlb.S
+++ b/arch/sparc/kernel/ktlb.S
@@ -277,7 +277,7 @@ kvmap_dtlb_load:
#ifdef CONFIG_SPARSEMEM_VMEMMAP
kvmap_vmemmap:
sub %g4, %g5, %g5
- srlx %g5, 22, %g5
+ srlx %g5, ILOG2_4MB, %g5
sethi %hi(vmemmap_table), %g1
sllx %g5, 3, %g5
or %g1, %lo(vmemmap_table), %g1
diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
index 5322e53..848bea7 100644
--- a/arch/sparc/mm/init_64.c
+++ b/arch/sparc/mm/init_64.c
@@ -588,7 +588,7 @@ static void __init remap_kernel(void)
int i, tlb_ent = sparc64_highest_locked_tlbent();
tte_vaddr = (unsigned long) KERNBASE;
- phys_page = (prom_boot_mapping_phys_low >> 22UL) << 22UL;
+ phys_page = (prom_boot_mapping_phys_low >> ILOG2_4MB) << ILOG2_4MB;
tte_data = kern_large_tte(phys_page);
kern_locked_tte_data = tte_data;
@@ -1880,7 +1880,7 @@ void __init paging_init(void)
BUILD_BUG_ON(NR_CPUS > 4096);
- kern_base = (prom_boot_mapping_phys_low >> 22UL) << 22UL;
+ kern_base = (prom_boot_mapping_phys_low >> ILOG2_4MB) << ILOG2_4MB;
kern_size = (unsigned long)&_end - (unsigned long)KERNBASE;
/* Invalidate both kernel TSBs. */
@@ -1936,7 +1936,7 @@ void __init paging_init(void)
shift = kern_base + PAGE_OFFSET - ((unsigned long)KERNBASE);
real_end = (unsigned long)_end;
- num_kernel_image_mappings = DIV_ROUND_UP(real_end - KERNBASE, 1 << 22);
+ num_kernel_image_mappings = DIV_ROUND_UP(real_end - KERNBASE, 1 << ILOG2_4MB);
printk("Kernel: Using %d locked TLB entries for main kernel image.\n",
num_kernel_image_mappings);
@@ -2093,7 +2093,7 @@ static void __init setup_valid_addr_bitmap_from_pavail(unsigned long *bitmap)
if (new_start <= old_start &&
new_end >= (old_start + PAGE_SIZE)) {
- set_bit(old_start >> 22, bitmap);
+ set_bit(old_start >> ILOG2_4MB, bitmap);
goto do_next_page;
}
}
@@ -2142,7 +2142,7 @@ void __init mem_init(void)
addr = PAGE_OFFSET + kern_base;
last = PAGE_ALIGN(kern_size) + addr;
while (addr < last) {
- set_bit(__pa(addr) >> 22, sparc64_valid_addr_bitmap);
+ set_bit(__pa(addr) >> ILOG2_4MB, sparc64_valid_addr_bitmap);
addr += PAGE_SIZE;
}
@@ -2266,7 +2266,7 @@ int __meminit vmemmap_populate(unsigned long vstart, unsigned long vend,
void *block;
if (!(*vmem_pp & _PAGE_VALID)) {
- block = vmemmap_alloc_block(1UL << 22, node);
+ block = vmemmap_alloc_block(1UL << ILOG2_4MB, node);
if (!block)
return -ENOMEM;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 024/187] sparc64: Add basic validations to {pud,pmd}_bad().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (22 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 023/187] sparc64: Use 'ILOG2_4MB' instead of constant '22' Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 025/187] sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill pte_ERROR() Kamal Mostafa
` (163 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 26cf432551d749e7d581db33529507a711c6eaab ]
Instead of returning false we should at least check the most basic
things, otherwise page table corruptions will be very difficult to
debug.
PMD and PTE tables are of size PAGE_SIZE, so none of the sub-PAGE_SIZE
bits should be set.
We also complement this with a check that the physical address the
pud/pmd points to is valid memory.
PowerPC was used as a guide while implementating this.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 46 +++++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 15 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index 0ad0a12..baccf35 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -71,6 +71,23 @@
#include <linux/sched.h>
+extern unsigned long sparc64_valid_addr_bitmap[];
+
+/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
+static inline bool __kern_addr_valid(unsigned long paddr)
+{
+ if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
+ return false;
+ return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
+}
+
+static inline bool kern_addr_valid(unsigned long addr)
+{
+ unsigned long paddr = __pa(addr);
+
+ return __kern_addr_valid(paddr);
+}
+
/* Entries per page directory level. */
#define PTRS_PER_PTE (1UL << (PAGE_SHIFT-3))
#define PTRS_PER_PMD (1UL << PMD_BITS)
@@ -743,6 +760,20 @@ static inline int pmd_present(pmd_t pmd)
#define pmd_none(pmd) (!pmd_val(pmd))
+/* pmd_bad() is only called on non-trans-huge PMDs. Our encoding is
+ * very simple, it's just the physical address. PTE tables are of
+ * size PAGE_SIZE so make sure the sub-PAGE_SIZE bits are clear and
+ * the top bits outside of the range of any physical address size we
+ * support are clear as well. We also validate the physical itself.
+ */
+#define pmd_bad(pmd) ((pmd_val(pmd) & ~PAGE_MASK) || \
+ !__kern_addr_valid(pmd_val(pmd)))
+
+#define pud_none(pud) (!pud_val(pud))
+
+#define pud_bad(pud) ((pud_val(pud) & ~PAGE_MASK) || \
+ !__kern_addr_valid(pud_val(pud)))
+
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
extern void set_pmd_at(struct mm_struct *mm, unsigned long addr,
pmd_t *pmdp, pmd_t pmd);
@@ -776,10 +807,7 @@ static inline unsigned long __pmd_page(pmd_t pmd)
#define pud_page_vaddr(pud) \
((unsigned long) __va(pud_val(pud)))
#define pud_page(pud) virt_to_page((void *)pud_page_vaddr(pud))
-#define pmd_bad(pmd) (0)
#define pmd_clear(pmdp) (pmd_val(*(pmdp)) = 0UL)
-#define pud_none(pud) (!pud_val(pud))
-#define pud_bad(pud) (0)
#define pud_present(pud) (pud_val(pud) != 0U)
#define pud_clear(pudp) (pud_val(*(pudp)) = 0UL)
@@ -909,18 +937,6 @@ extern unsigned long pte_file(pte_t);
extern pte_t pgoff_to_pte(unsigned long);
#define PTE_FILE_MAX_BITS (64UL - PAGE_SHIFT - 1UL)
-extern unsigned long sparc64_valid_addr_bitmap[];
-
-/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
-static inline bool kern_addr_valid(unsigned long addr)
-{
- unsigned long paddr = __pa(addr);
-
- if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
- return false;
- return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
-}
-
extern int page_in_phys_avail(unsigned long paddr);
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 025/187] sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill pte_ERROR().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (23 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 024/187] sparc64: Add basic validations to {pud,pmd}_bad() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 026/187] sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit fault addresses Kamal Mostafa
` (162 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit fe866433f843b080246ce729b5e6b27b5f5d9a58 ]
pte_ERROR() is not used anywhere, delete it.
For pgd_ERROR() and pmd_ERROR(), output something similar to x86, giving the address
of the pgd/pmd as well as it's value.
Also provide the caller, since these macros are invoked from pgd_clear_bad() and
pmd_clear_bad() which provides little context as to what high level operation was
occuring when the BAD state was detected.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index baccf35..fde5aba 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -96,9 +96,12 @@ static inline bool kern_addr_valid(unsigned long addr)
/* Kernel has a separate 44bit address space. */
#define FIRST_USER_ADDRESS 0
-#define pte_ERROR(e) __builtin_trap()
-#define pmd_ERROR(e) __builtin_trap()
-#define pgd_ERROR(e) __builtin_trap()
+#define pmd_ERROR(e) \
+ pr_err("%s:%d: bad pmd %p(%016lx) seen at (%pS)\n", \
+ __FILE__, __LINE__, &(e), pmd_val(e), __builtin_return_address(0))
+#define pgd_ERROR(e) \
+ pr_err("%s:%d: bad pgd %p(%016lx) seen at (%pS)\n", \
+ __FILE__, __LINE__, &(e), pgd_val(e), __builtin_return_address(0))
#endif /* !(__ASSEMBLY__) */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 026/187] sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit fault addresses.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (24 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 025/187] sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill pte_ERROR() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 027/187] sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus Kamal Mostafa
` (161 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit e5c460f46ae7ee94831cb55cb980f942aa9e5a85 ]
This was found using Dave Jone's trinity tool.
When a user process which is 32-bit performs a load or a store, the
cpu chops off the top 32-bits of the effective address before
translating it.
This is because we run 32-bit tasks with the PSTATE_AM (address
masking) bit set.
We can't run the kernel with that bit set, so when the kernel accesses
userspace no address masking occurs.
Since a 32-bit process will have no mappings in that region we will
properly fault, so we don't try to handle this using access_ok(),
which can safely just be a NOP on sparc64.
Real faults from 32-bit processes should never generate such addresses
so a bug check was added long ago, and it barks in the logs if this
happens.
But it also barks when a kernel user access causes this condition, and
that _can_ happen. For example, if a pointer passed into a system call
is "0xfffffffc" and the kernel access 4 bytes offset from that pointer.
Just handle such faults normally via the exception entries.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/mm/fault_64.c | 16 +---------------
1 file changed, 1 insertion(+), 15 deletions(-)
diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
index a8ff0d1..4ced3fc 100644
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -281,18 +281,6 @@ static void noinline __kprobes bogus_32bit_fault_tpc(struct pt_regs *regs)
show_regs(regs);
}
-static void noinline __kprobes bogus_32bit_fault_address(struct pt_regs *regs,
- unsigned long addr)
-{
- static int times;
-
- if (times++ < 10)
- printk(KERN_ERR "FAULT[%s:%d]: 32-bit process "
- "reports 64-bit fault address [%lx]\n",
- current->comm, current->pid, addr);
- show_regs(regs);
-}
-
asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
{
enum ctx_state prev_state = exception_enter();
@@ -322,10 +310,8 @@ asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
goto intr_or_no_mm;
}
}
- if (unlikely((address >> 32) != 0)) {
- bogus_32bit_fault_address(regs, address);
+ if (unlikely((address >> 32) != 0))
goto intr_or_no_mm;
- }
}
if (regs->tstate & TSTATE_PRIV) {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 027/187] sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (25 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 026/187] sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit fault addresses Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 028/187] sparc64: Add membar to Niagara2 memcpy code Kamal Mostafa
` (160 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit b18eb2d779240631a098626cb6841ee2dd34fda0 ]
Access to the TSB hash tables during TLB misses requires that there be
an atomic 128-bit quad load available so that we fetch a matching TAG
and DATA field at the same time.
On cpus prior to UltraSPARC-III only virtual address based quad loads
are available. UltraSPARC-III and later provide physical address
based variants which are easier to use.
When we only have virtual address based quad loads available this
means that we have to lock the TSB into the TLB at a fixed virtual
address on each cpu when it runs that process. We can't just access
the PAGE_OFFSET based aliased mapping of these TSBs because we cannot
take a recursive TLB miss inside of the TLB miss handler without
risking running out of hardware trap levels (some trap combinations
can be deep, such as those generated by register window spill and fill
traps).
Without huge pages it's working perfectly fine, but when the huge TSB
got added another chunk of fixed virtual address space was not
allocated for this second TSB mapping.
So we were mapping both the 8K and 4MB TSBs to the same exact virtual
address, causing multiple TLB matches which gives undefined behavior.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/pgtable_64.h | 6 ++++--
arch/sparc/mm/tsb.c | 14 +++++++++++++-
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
index fde5aba..1a49ffd 100644
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -24,7 +24,8 @@
/* The kernel image occupies 0x4000000 to 0x6000000 (4MB --> 96MB).
* The page copy blockops can use 0x6000000 to 0x8000000.
- * The TSB is mapped in the 0x8000000 to 0xa000000 range.
+ * The 8K TSB is mapped in the 0x8000000 to 0x8400000 range.
+ * The 4M TSB is mapped in the 0x8400000 to 0x8800000 range.
* The PROM resides in an area spanning 0xf0000000 to 0x100000000.
* The vmalloc area spans 0x100000000 to 0x200000000.
* Since modules need to be in the lowest 32-bits of the address space,
@@ -33,7 +34,8 @@
* 0x400000000.
*/
#define TLBTEMP_BASE _AC(0x0000000006000000,UL)
-#define TSBMAP_BASE _AC(0x0000000008000000,UL)
+#define TSBMAP_8K_BASE _AC(0x0000000008000000,UL)
+#define TSBMAP_4M_BASE _AC(0x0000000008400000,UL)
#define MODULES_VADDR _AC(0x0000000010000000,UL)
#define MODULES_LEN _AC(0x00000000e0000000,UL)
#define MODULES_END _AC(0x00000000f0000000,UL)
diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c
index 3b3a360..10a69f4 100644
--- a/arch/sparc/mm/tsb.c
+++ b/arch/sparc/mm/tsb.c
@@ -133,7 +133,19 @@ static void setup_tsb_params(struct mm_struct *mm, unsigned long tsb_idx, unsign
mm->context.tsb_block[tsb_idx].tsb_nentries =
tsb_bytes / sizeof(struct tsb);
- base = TSBMAP_BASE;
+ switch (tsb_idx) {
+ case MM_TSB_BASE:
+ base = TSBMAP_8K_BASE;
+ break;
+#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
+ case MM_TSB_HUGE:
+ base = TSBMAP_4M_BASE;
+ break;
+#endif
+ default:
+ BUG();
+ }
+
tte = pgprot_val(PAGE_KERNEL_LOCKED);
tsb_paddr = __pa(mm->context.tsb_block[tsb_idx].tsb);
BUG_ON(tsb_paddr & (tsb_bytes - 1UL));
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 028/187] sparc64: Add membar to Niagara2 memcpy code.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (26 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 027/187] sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 029/187] sparc64: Do not insert non-valid PTEs into the TSB hash table Kamal Mostafa
` (159 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 5aa4ecfd0ddb1e6dcd1c886e6c49677550f581aa ]
This is the prevent previous stores from overlapping the block stores
done by the memcpy loop.
Based upon a glibc patch by Jose E. Marchesi
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/lib/NG2memcpy.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/sparc/lib/NG2memcpy.S b/arch/sparc/lib/NG2memcpy.S
index 2c20ad6..30eee6e 100644
--- a/arch/sparc/lib/NG2memcpy.S
+++ b/arch/sparc/lib/NG2memcpy.S
@@ -236,6 +236,7 @@ FUNC_NAME: /* %o0=dst, %o1=src, %o2=len */
*/
VISEntryHalf
+ membar #Sync
alignaddr %o1, %g0, %g0
add %o1, (64 - 1), %o4
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 029/187] sparc64: Do not insert non-valid PTEs into the TSB hash table.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (27 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 028/187] sparc64: Add membar to Niagara2 memcpy code Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 030/187] sparc64: Guard against flushing openfirmware mappings Kamal Mostafa
` (158 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 18f38132528c3e603c66ea464727b29e9bbcb91b ]
The assumption was that update_mmu_cache() (and the equivalent for PMDs) would
only be called when the PTE being installed will be accessible by the user.
This is not true for code paths originating from remove_migration_pte().
There are dire consequences for placing a non-valid PTE into the TSB. The TLB
miss frramework assumes thatwhen a TSB entry matches we can just load it into
the TLB and return from the TLB miss trap.
So if a non-valid PTE is in there, we will deadlock taking the TLB miss over
and over, never satisfying the miss.
Just exit early from update_mmu_cache() and friends in this situation.
Based upon a report and patch from Christopher Alexander Tobias Schulze.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/mm/init_64.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
index 848bea7..16b61aa 100644
--- a/arch/sparc/mm/init_64.c
+++ b/arch/sparc/mm/init_64.c
@@ -350,6 +350,10 @@ void update_mmu_cache(struct vm_area_struct *vma, unsigned long address, pte_t *
mm = vma->vm_mm;
+ /* Don't insert a non-valid PTE into the TSB, we'll deadlock. */
+ if (!pte_accessible(mm, pte))
+ return;
+
spin_lock_irqsave(&mm->context.lock, flags);
#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
@@ -2613,6 +2617,10 @@ void update_mmu_cache_pmd(struct vm_area_struct *vma, unsigned long addr,
pte = pmd_val(entry);
+ /* Don't insert a non-valid PMD into the TSB, we'll deadlock. */
+ if (!(pte & _PAGE_VALID))
+ return;
+
/* We are fabricating 8MB pages using 4MB real hw pages. */
pte |= (addr & (1UL << REAL_HPAGE_SHIFT));
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 030/187] sparc64: Guard against flushing openfirmware mappings.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (28 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 029/187] sparc64: Do not insert non-valid PTEs into the TSB hash table Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 031/187] bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000 Kamal Mostafa
` (157 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 4ca9a23765da3260058db3431faf5b4efd8cf926 ]
Based almost entirely upon a patch by Christopher Alexander Tobias
Schulze.
In commit db64fe02258f1507e13fe5212a989922323685ce ("mm: rewrite vmap
layer") lazy VMAP tlb flushing was added to the vmalloc layer. This
causes problems on sparc64.
Sparc64 has two VMAP mapped regions and they are not contiguous with
eachother. First we have the malloc mapping area, then another
unrelated region, then the vmalloc region.
This "another unrelated region" is where the firmware is mapped.
If the lazy TLB flushing logic in the vmalloc code triggers after
we've had both a module unload and a vfree or similar, it will pass an
address range that goes from somewhere inside the malloc region to
somewhere inside the vmalloc region, and thus covering the
openfirmware area entirely.
The sparc64 kernel learns about openfirmware's dynamic mappings in
this region early in the boot, and then services TLB misses in this
area. But openfirmware has some locked TLB entries which are not
mentioned in those dynamic mappings and we should thus not disturb
them.
These huge lazy TLB flush ranges causes those openfirmware locked TLB
entries to be removed, resulting in all kinds of problems including
hard hangs and crashes during reboot/reset.
Besides causing problems like this, such huge TLB flush ranges are
also incredibly inefficient. A plea has been made with the author of
the VMAP lazy TLB flushing code, but for now we'll put a safety guard
into our flush_tlb_kernel_range() implementation.
Since the implementation has become non-trivial, stop defining it as a
macro and instead make it a function in a C source file.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/include/asm/tlbflush_64.h | 12 ++----------
arch/sparc/mm/init_64.c | 23 +++++++++++++++++++++++
2 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h
index 3c3c89f..7f9bab2 100644
--- a/arch/sparc/include/asm/tlbflush_64.h
+++ b/arch/sparc/include/asm/tlbflush_64.h
@@ -34,6 +34,8 @@ static inline void flush_tlb_range(struct vm_area_struct *vma,
{
}
+void flush_tlb_kernel_range(unsigned long start, unsigned long end);
+
#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE
extern void flush_tlb_pending(void);
@@ -48,11 +50,6 @@ extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end);
#ifndef CONFIG_SMP
-#define flush_tlb_kernel_range(start,end) \
-do { flush_tsb_kernel_range(start,end); \
- __flush_tlb_kernel_range(start,end); \
-} while (0)
-
static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
{
__flush_tlb_page(CTX_HWBITS(mm->context), vaddr);
@@ -63,11 +60,6 @@ static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vad
extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end);
extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr);
-#define flush_tlb_kernel_range(start, end) \
-do { flush_tsb_kernel_range(start,end); \
- smp_flush_tlb_kernel_range(start, end); \
-} while (0)
-
#define global_flush_tlb_page(mm, vaddr) \
smp_flush_tlb_page(mm, vaddr)
diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
index 16b61aa..e275cde 100644
--- a/arch/sparc/mm/init_64.c
+++ b/arch/sparc/mm/init_64.c
@@ -2701,3 +2701,26 @@ void hugetlb_setup(struct pt_regs *regs)
}
}
#endif
+
+#ifdef CONFIG_SMP
+#define do_flush_tlb_kernel_range smp_flush_tlb_kernel_range
+#else
+#define do_flush_tlb_kernel_range __flush_tlb_kernel_range
+#endif
+
+void flush_tlb_kernel_range(unsigned long start, unsigned long end)
+{
+ if (start < HI_OBP_ADDRESS && end > LOW_OBP_ADDRESS) {
+ if (start < LOW_OBP_ADDRESS) {
+ flush_tsb_kernel_range(start, LOW_OBP_ADDRESS);
+ do_flush_tlb_kernel_range(start, LOW_OBP_ADDRESS);
+ }
+ if (end > HI_OBP_ADDRESS) {
+ flush_tsb_kernel_range(end, HI_OBP_ADDRESS);
+ do_flush_tlb_kernel_range(end, HI_OBP_ADDRESS);
+ }
+ } else {
+ flush_tsb_kernel_range(start, end);
+ do_flush_tlb_kernel_range(start, end);
+ }
+}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 031/187] bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (29 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 030/187] sparc64: Guard against flushing openfirmware mappings Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 032/187] sunsab: Fix detection of BREAK on sunsab serial console Kamal Mostafa
` (156 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christopher Alexander Tobias Schulze, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net>
[ Upstream commit 5cdceab3d5e02eb69ea0f5d8fa9181800baf6f77 ]
Fix regression in bbc i2c temperature and fan control on some Sun systems
that causes the driver to refuse to load due to the bbc_i2c_bussel resource not
being present on the (second) i2c bus where the temperature sensors and fan
control are located. (The check for the number of resources was removed when
the driver was ported to a pure OF driver in mid 2008.)
Signed-off-by: Christopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/sbus/char/bbc_envctrl.c | 6 ++++++
drivers/sbus/char/bbc_i2c.c | 11 ++++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/sbus/char/bbc_envctrl.c b/drivers/sbus/char/bbc_envctrl.c
index 160e751..0787b97 100644
--- a/drivers/sbus/char/bbc_envctrl.c
+++ b/drivers/sbus/char/bbc_envctrl.c
@@ -452,6 +452,9 @@ static void attach_one_temp(struct bbc_i2c_bus *bp, struct platform_device *op,
if (!tp)
return;
+ INIT_LIST_HEAD(&tp->bp_list);
+ INIT_LIST_HEAD(&tp->glob_list);
+
tp->client = bbc_i2c_attach(bp, op);
if (!tp->client) {
kfree(tp);
@@ -497,6 +500,9 @@ static void attach_one_fan(struct bbc_i2c_bus *bp, struct platform_device *op,
if (!fp)
return;
+ INIT_LIST_HEAD(&fp->bp_list);
+ INIT_LIST_HEAD(&fp->glob_list);
+
fp->client = bbc_i2c_attach(bp, op);
if (!fp->client) {
kfree(fp);
diff --git a/drivers/sbus/char/bbc_i2c.c b/drivers/sbus/char/bbc_i2c.c
index c1441ed..e0e6cd6 100644
--- a/drivers/sbus/char/bbc_i2c.c
+++ b/drivers/sbus/char/bbc_i2c.c
@@ -301,13 +301,18 @@ static struct bbc_i2c_bus * attach_one_i2c(struct platform_device *op, int index
if (!bp)
return NULL;
+ INIT_LIST_HEAD(&bp->temps);
+ INIT_LIST_HEAD(&bp->fans);
+
bp->i2c_control_regs = of_ioremap(&op->resource[0], 0, 0x2, "bbc_i2c_regs");
if (!bp->i2c_control_regs)
goto fail;
- bp->i2c_bussel_reg = of_ioremap(&op->resource[1], 0, 0x1, "bbc_i2c_bussel");
- if (!bp->i2c_bussel_reg)
- goto fail;
+ if (op->num_resources == 2) {
+ bp->i2c_bussel_reg = of_ioremap(&op->resource[1], 0, 0x1, "bbc_i2c_bussel");
+ if (!bp->i2c_bussel_reg)
+ goto fail;
+ }
bp->waiting = 0;
init_waitqueue_head(&bp->wq);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 032/187] sunsab: Fix detection of BREAK on sunsab serial console
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (30 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 031/187] bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000 Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 033/187] sparc64: ldc_connect() should not return EINVAL when handshake is in progress Kamal Mostafa
` (155 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christopher Alexander Tobias Schulze, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net>
[ Upstream commit fe418231b195c205701c0cc550a03f6c9758fd9e ]
Fix detection of BREAK on sunsab serial console: BREAK detection was only
performed when there were also serial characters received simultaneously.
To handle all BREAKs correctly, the check for BREAK and the corresponding
call to uart_handle_break() must also be done if count == 0, therefore
duplicate this code fragment and pull it out of the loop over the received
characters.
Patch applies to 3.16-rc6.
Signed-off-by: Christopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/tty/serial/sunsab.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/tty/serial/sunsab.c b/drivers/tty/serial/sunsab.c
index 380fb53..1c0e2a4 100644
--- a/drivers/tty/serial/sunsab.c
+++ b/drivers/tty/serial/sunsab.c
@@ -157,6 +157,15 @@ receive_chars(struct uart_sunsab_port *up,
(up->port.line == up->port.cons->index))
saw_console_brk = 1;
+ if (count == 0) {
+ if (unlikely(stat->sreg.isr1 & SAB82532_ISR1_BRK)) {
+ stat->sreg.isr0 &= ~(SAB82532_ISR0_PERR |
+ SAB82532_ISR0_FERR);
+ up->port.icount.brk++;
+ uart_handle_break(&up->port);
+ }
+ }
+
for (i = 0; i < count; i++) {
unsigned char ch = buf[i], flag;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 033/187] sparc64: ldc_connect() should not return EINVAL when handshake is in progress.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (31 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 032/187] sunsab: Fix detection of BREAK on sunsab serial console Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 034/187] arch/sparc/math-emu/math_32.c: drop stray break operator Kamal Mostafa
` (154 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sowmini Varadhan, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
[ Upstream commit 4ec1b01029b4facb651b8ef70bc20a4be4cebc63 ]
The LDC handshake could have been asynchronously triggered
after ldc_bind() enables the ldc_rx() receive interrupt-handler
(and thus intercepts incoming control packets)
and before vio_port_up() calls ldc_connect(). If that is the case,
ldc_connect() should return 0 and let the state-machine
progress.
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Karl Volz <karl.volz@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/kernel/ldc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sparc/kernel/ldc.c b/arch/sparc/kernel/ldc.c
index e01d75d..66dacd5 100644
--- a/arch/sparc/kernel/ldc.c
+++ b/arch/sparc/kernel/ldc.c
@@ -1336,7 +1336,7 @@ int ldc_connect(struct ldc_channel *lp)
if (!(lp->flags & LDC_FLAG_ALLOCED_QUEUES) ||
!(lp->flags & LDC_FLAG_REGISTERED_QUEUES) ||
lp->hs_state != LDC_HS_OPEN)
- err = -EINVAL;
+ err = ((lp->hs_state > LDC_HS_OPEN) ? 0 : -EINVAL);
else
err = start_handshake(lp);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 034/187] arch/sparc/math-emu/math_32.c: drop stray break operator
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (32 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 033/187] sparc64: ldc_connect() should not return EINVAL when handshake is in progress Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 035/187] sunrpc: create a new dummy pipe for gssd to hold open Kamal Mostafa
` (153 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrey Utkin, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Utkin <andrey.krieger.utkin@gmail.com>
[ Upstream commit 093758e3daede29cb4ce6aedb111becf9d4bfc57 ]
This commit is a guesswork, but it seems to make sense to drop this
break, as otherwise the following line is never executed and becomes
dead code. And that following line actually saves the result of
local calculation by the pointer given in function argument. So the
proposed change makes sense if this code in the whole makes sense (but I
am unable to analyze it in the whole).
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=81641
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Andrey Utkin <andrey.krieger.utkin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/sparc/math-emu/math_32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sparc/math-emu/math_32.c b/arch/sparc/math-emu/math_32.c
index aa4d55b..5ce8f2f 100644
--- a/arch/sparc/math-emu/math_32.c
+++ b/arch/sparc/math-emu/math_32.c
@@ -499,7 +499,7 @@ static int do_one_mathemu(u32 insn, unsigned long *pfsr, unsigned long *fregs)
case 0: fsr = *pfsr;
if (IR == -1) IR = 2;
/* fcc is always fcc0 */
- fsr &= ~0xc00; fsr |= (IR << 10); break;
+ fsr &= ~0xc00; fsr |= (IR << 10);
*pfsr = fsr;
break;
case 1: rd->s = IR; break;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 035/187] sunrpc: create a new dummy pipe for gssd to hold open
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (33 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 034/187] arch/sparc/math-emu/math_32.c: drop stray break operator Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 036/187] sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check Kamal Mostafa
` (152 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jeff Layton, Trond Myklebust, Stefan Bader, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@redhat.com>
commit 4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 upstream.
rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows
up under rpc_pipefs. That behavior gives us a reliable mechanism to tell
whether it's actually running or not.
Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted.
Under that directory create another directory called "clntXX", and then
within that a pipe called "gssd".
We'll never send an upcall along that pipe, and any downcall written to
it will just return -EINVAL.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
[ kamal: 3.13-stable prereq for 6aa23d76 "nfs: check if gssd is running
before attempting to use krb5i auth in SETCLIENTID call" ]
Cc: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/sunrpc/rpc_pipe_fs.h | 3 +-
net/sunrpc/netns.h | 1 +
net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++++--
net/sunrpc/sunrpc_syms.c | 8 +++-
4 files changed, 100 insertions(+), 5 deletions(-)
diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
index a353e03..85f1342 100644
--- a/include/linux/sunrpc/rpc_pipe_fs.h
+++ b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -84,7 +84,8 @@ enum {
extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb,
const unsigned char *dir_name);
-extern void rpc_pipefs_init_net(struct net *net);
+extern int rpc_pipefs_init_net(struct net *net);
+extern void rpc_pipefs_exit_net(struct net *net);
extern struct super_block *rpc_get_sb_net(const struct net *net);
extern void rpc_put_sb_net(const struct net *net);
diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h
index 3a260e4..c804ed4 100644
--- a/net/sunrpc/netns.h
+++ b/net/sunrpc/netns.h
@@ -14,6 +14,7 @@ struct sunrpc_net {
struct cache_detail *rsi_cache;
struct super_block *pipefs_sb;
+ struct rpc_pipe *gssd_dummy;
struct mutex pipefs_sb_lock;
struct list_head all_clients;
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index bf04b30..c23458b 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -38,7 +38,7 @@
#define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "")
static struct file_system_type rpc_pipe_fs_type;
-
+static const struct rpc_pipe_ops gssd_dummy_pipe_ops;
static struct kmem_cache *rpc_inode_cachep __read_mostly;
@@ -1159,6 +1159,7 @@ enum {
RPCAUTH_nfsd4_cb,
RPCAUTH_cache,
RPCAUTH_nfsd,
+ RPCAUTH_gssd,
RPCAUTH_RootEOF
};
@@ -1195,6 +1196,10 @@ static const struct rpc_filelist files[] = {
.name = "nfsd",
.mode = S_IFDIR | S_IRUGO | S_IXUGO,
},
+ [RPCAUTH_gssd] = {
+ .name = "gssd",
+ .mode = S_IFDIR | S_IRUGO | S_IXUGO,
+ },
};
/*
@@ -1208,13 +1213,25 @@ struct dentry *rpc_d_lookup_sb(const struct super_block *sb,
}
EXPORT_SYMBOL_GPL(rpc_d_lookup_sb);
-void rpc_pipefs_init_net(struct net *net)
+int rpc_pipefs_init_net(struct net *net)
{
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
+ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0);
+ if (IS_ERR(sn->gssd_dummy))
+ return PTR_ERR(sn->gssd_dummy);
+
mutex_init(&sn->pipefs_sb_lock);
sn->gssd_running = 1;
sn->pipe_version = -1;
+ return 0;
+}
+
+void rpc_pipefs_exit_net(struct net *net)
+{
+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
+
+ rpc_destroy_pipe_data(sn->gssd_dummy);
}
/*
@@ -1244,11 +1261,73 @@ void rpc_put_sb_net(const struct net *net)
}
EXPORT_SYMBOL_GPL(rpc_put_sb_net);
+static const struct rpc_filelist gssd_dummy_clnt_dir[] = {
+ [0] = {
+ .name = "clntXX",
+ .mode = S_IFDIR | S_IRUGO | S_IXUGO,
+ },
+};
+
+static ssize_t
+dummy_downcall(struct file *filp, const char __user *src, size_t len)
+{
+ return -EINVAL;
+}
+
+static const struct rpc_pipe_ops gssd_dummy_pipe_ops = {
+ .upcall = rpc_pipe_generic_upcall,
+ .downcall = dummy_downcall,
+};
+
+/**
+ * rpc_gssd_dummy_populate - create a dummy gssd pipe
+ * @root: root of the rpc_pipefs filesystem
+ * @pipe_data: pipe data created when netns is initialized
+ *
+ * Create a dummy set of directories and a pipe that gssd can hold open to
+ * indicate that it is up and running.
+ */
+static struct dentry *
+rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data)
+{
+ int ret = 0;
+ struct dentry *gssd_dentry;
+ struct dentry *clnt_dentry = NULL;
+ struct dentry *pipe_dentry = NULL;
+ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name,
+ strlen(files[RPCAUTH_gssd].name));
+
+ /* We should never get this far if "gssd" doesn't exist */
+ gssd_dentry = d_hash_and_lookup(root, &q);
+ if (!gssd_dentry)
+ return ERR_PTR(-ENOENT);
+
+ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL);
+ if (ret) {
+ pipe_dentry = ERR_PTR(ret);
+ goto out;
+ }
+
+ q.name = gssd_dummy_clnt_dir[0].name;
+ q.len = strlen(gssd_dummy_clnt_dir[0].name);
+ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q);
+ if (!clnt_dentry) {
+ pipe_dentry = ERR_PTR(-ENOENT);
+ goto out;
+ }
+
+ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data);
+out:
+ dput(clnt_dentry);
+ dput(gssd_dentry);
+ return pipe_dentry;
+}
+
static int
rpc_fill_super(struct super_block *sb, void *data, int silent)
{
struct inode *inode;
- struct dentry *root;
+ struct dentry *root, *gssd_dentry;
struct net *net = data;
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
int err;
@@ -1266,6 +1345,13 @@ rpc_fill_super(struct super_block *sb, void *data, int silent)
return -ENOMEM;
if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL))
return -ENOMEM;
+
+ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy);
+ if (IS_ERR(gssd_dentry)) {
+ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF);
+ return PTR_ERR(gssd_dentry);
+ }
+
dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n",
net, NET_NAME(net));
mutex_lock(&sn->pipefs_sb_lock);
@@ -1280,6 +1366,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent)
return 0;
err_depopulate:
+ dput(gssd_dentry);
blocking_notifier_call_chain(&rpc_pipefs_notifier_list,
RPC_PIPEFS_UMOUNT,
sb);
diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
index 3d6498a..cd30120 100644
--- a/net/sunrpc/sunrpc_syms.c
+++ b/net/sunrpc/sunrpc_syms.c
@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(struct net *net)
if (err)
goto err_unixgid;
- rpc_pipefs_init_net(net);
+ err = rpc_pipefs_init_net(net);
+ if (err)
+ goto err_pipefs;
+
INIT_LIST_HEAD(&sn->all_clients);
spin_lock_init(&sn->rpc_client_lock);
spin_lock_init(&sn->rpcb_clnt_lock);
return 0;
+err_pipefs:
+ unix_gid_cache_destroy(net);
err_unixgid:
ip_map_cache_destroy(net);
err_ipmap:
@@ -60,6 +65,7 @@ err_proc:
static __net_exit void sunrpc_exit_net(struct net *net)
{
+ rpc_pipefs_exit_net(net);
unix_gid_cache_destroy(net);
ip_map_cache_destroy(net);
rpc_proc_exit(net);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 036/187] sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (34 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 035/187] sunrpc: create a new dummy pipe for gssd to hold open Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 037/187] nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call Kamal Mostafa
` (151 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jeff Layton, Trond Myklebust, Stefan Bader, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@redhat.com>
commit 89f842435c630f8426f414e6030bc2ffea0d6f81 upstream.
Now that we have a more reliable method to tell if gssd is running, we
can replace the sn->gssd_running flag with a function that will query to
see if it's up and running.
There's also no need to attempt an upcall that we know will fail, so
just return -EACCES if gssd isn't running. Finally, fix the warn_gss()
message not to claim that that the upcall timed out since we don't
necesarily perform one now when gssd isn't running, and remove the
extraneous newline from the message.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
[ kamal: 3.13-stable prereq for 6aa23d76 "nfs: check if gssd is running
before attempting to use krb5i auth in SETCLIENTID call" ]
Cc: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/sunrpc/rpc_pipe_fs.h | 2 ++
net/sunrpc/auth_gss/auth_gss.c | 17 +++++++----------
net/sunrpc/netns.h | 2 --
net/sunrpc/rpc_pipe.c | 14 ++++++++++----
4 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
index 85f1342..7f490be 100644
--- a/include/linux/sunrpc/rpc_pipe_fs.h
+++ b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -131,5 +131,7 @@ extern int rpc_unlink(struct dentry *);
extern int register_rpc_pipefs(void);
extern void unregister_rpc_pipefs(void);
+extern bool gssd_running(struct net *net);
+
#endif
#endif
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 1eebf22..154c504 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -541,8 +541,7 @@ static void warn_gssd(void)
unsigned long now = jiffies;
if (time_after(now, ratelimit)) {
- printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
- "Please check user daemon is running.\n");
+ pr_warn("RPC: AUTH_GSS upcall failed. Please check user daemon is running.\n");
ratelimit = now + 15*HZ;
}
}
@@ -605,7 +604,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
struct rpc_pipe *pipe;
struct rpc_cred *cred = &gss_cred->gc_base;
struct gss_upcall_msg *gss_msg;
- unsigned long timeout;
DEFINE_WAIT(wait);
int err;
@@ -613,17 +611,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
__func__, from_kuid(&init_user_ns, cred->cr_uid));
retry:
err = 0;
- /* Default timeout is 15s unless we know that gssd is not running */
- timeout = 15 * HZ;
- if (!sn->gssd_running)
- timeout = HZ >> 2;
+ /* if gssd is down, just skip upcalling altogether */
+ if (!gssd_running(net)) {
+ warn_gssd();
+ return -EACCES;
+ }
gss_msg = gss_setup_upcall(gss_auth, cred);
if (PTR_ERR(gss_msg) == -EAGAIN) {
err = wait_event_interruptible_timeout(pipe_version_waitqueue,
- sn->pipe_version >= 0, timeout);
+ sn->pipe_version >= 0, 15 * HZ);
if (sn->pipe_version < 0) {
- if (err == 0)
- sn->gssd_running = 0;
warn_gssd();
err = -EACCES;
}
diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h
index c804ed4..df58268 100644
--- a/net/sunrpc/netns.h
+++ b/net/sunrpc/netns.h
@@ -32,8 +32,6 @@ struct sunrpc_net {
int pipe_version;
atomic_t pipe_users;
struct proc_dir_entry *use_gssp_proc;
-
- unsigned int gssd_running;
};
extern int sunrpc_net_id;
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index c23458b..5cd7ad1 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode)
static int
rpc_pipe_open(struct inode *inode, struct file *filp)
{
- struct net *net = inode->i_sb->s_fs_info;
- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
struct rpc_pipe *pipe;
int first_open;
int res = -ENXIO;
mutex_lock(&inode->i_mutex);
- sn->gssd_running = 1;
pipe = RPC_I(inode)->pipe;
if (pipe == NULL)
goto out;
@@ -1222,7 +1219,6 @@ int rpc_pipefs_init_net(struct net *net)
return PTR_ERR(sn->gssd_dummy);
mutex_init(&sn->pipefs_sb_lock);
- sn->gssd_running = 1;
sn->pipe_version = -1;
return 0;
}
@@ -1376,6 +1372,16 @@ err_depopulate:
return err;
}
+bool
+gssd_running(struct net *net)
+{
+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
+ struct rpc_pipe *pipe = sn->gssd_dummy;
+
+ return pipe->nreaders || pipe->nwriters;
+}
+EXPORT_SYMBOL_GPL(gssd_running);
+
static struct dentry *
rpc_mount(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 037/187] nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (35 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 036/187] sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 038/187] Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option" Kamal Mostafa
` (150 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jeff Layton, Trond Myklebust, Stefan Bader, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@redhat.com>
commit 6aa23d76a7b549521a03b63b6d5b7880ea87eab7 upstream.
Currently, the client will attempt to use krb5i in the SETCLIENTID call
even if rpc.gssd isn't running. When that fails, it'll then fall back to
RPC_AUTH_UNIX. This introduced a delay when mounting if rpc.gssd isn't
running, and causes warning messages to pop up in the ring buffer.
Check to see if rpc.gssd is running before even attempting to use krb5i
auth, and just silently skip trying to do so if it isn't. In the event
that the admin is actually trying to mount with krb5*, it will still
fail at a later stage of the mount attempt.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/nfs/nfs4client.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
index cb70bdd..4c7bd2c 100644
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -10,6 +10,7 @@
#include <linux/sunrpc/auth.h>
#include <linux/sunrpc/xprt.h>
#include <linux/sunrpc/bc_xprt.h>
+#include <linux/sunrpc/rpc_pipe_fs.h>
#include "internal.h"
#include "callback.h"
#include "delegation.h"
@@ -370,7 +371,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp,
__set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags);
__set_bit(NFS_CS_DISCRTRY, &clp->cl_flags);
__set_bit(NFS_CS_NO_RETRANS_TIMEOUT, &clp->cl_flags);
- error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I);
+
+ error = -EINVAL;
+ if (gssd_running(clp->cl_net))
+ error = nfs_create_rpc_client(clp, timeparms,
+ RPC_AUTH_GSS_KRB5I);
if (error == -EINVAL)
error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX);
if (error < 0)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 038/187] Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option"
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (36 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 037/187] nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 039/187] x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack Kamal Mostafa
` (149 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: H. Peter Anvin, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "H. Peter Anvin" <hpa@zytor.com>
commit 7ed6fb9b5a5510e4ef78ab27419184741169978a upstream.
This reverts commit fa81511bb0bbb2b1aace3695ce869da9762624ff in
preparation of merging in the proper fix (espfix64).
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kernel/ldt.c | 4 +---
arch/x86/vdso/vdso32-setup.c | 8 --------
2 files changed, 1 insertion(+), 11 deletions(-)
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index dcbbaa1..af1d14a 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -20,8 +20,6 @@
#include <asm/mmu_context.h>
#include <asm/syscalls.h>
-int sysctl_ldt16 = 0;
-
#ifdef CONFIG_SMP
static void flush_ldt(void *current_mm)
{
@@ -236,7 +234,7 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
* IRET leaking the high bits of the kernel stack address.
*/
#ifdef CONFIG_X86_64
- if (!ldt_info.seg_32bit && !sysctl_ldt16) {
+ if (!ldt_info.seg_32bit) {
error = -EINVAL;
goto out_unlock;
}
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index f1d633a..d6bfb87 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -41,7 +41,6 @@ enum {
#ifdef CONFIG_X86_64
#define vdso_enabled sysctl_vsyscall32
#define arch_setup_additional_pages syscall32_setup_pages
-extern int sysctl_ldt16;
#endif
/*
@@ -381,13 +380,6 @@ static struct ctl_table abi_table2[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
- {
- .procname = "ldt16",
- .data = &sysctl_ldt16,
- .maxlen = sizeof(int),
- .mode = 0644,
- .proc_handler = proc_dointvec
- },
{}
};
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 039/187] x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (37 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 038/187] Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option" Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 040/187] x86, espfix: Move espfix definitions into a separate header file Kamal Mostafa
` (148 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: H. Peter Anvin, Konrad Rzeszutek Wilk, Borislav Petkov,
Andrew Lutomriski, Linus Torvalds, Dirk Hohndel,
Arjan van de Ven, comex, Alexander van Heukelum, Boris Ostrovsky,
Luis Henriques, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "H. Peter Anvin" <hpa@linux.intel.com>
commit 3891a04aafd668686239349ea58f3314ea2af86b upstream.
The IRET instruction, when returning to a 16-bit segment, only
restores the bottom 16 bits of the user space stack pointer. This
causes some 16-bit software to break, but it also leaks kernel state
to user space. We have a software workaround for that ("espfix") for
the 32-bit kernel, but it relies on a nonzero stack segment base which
is not available in 64-bit mode.
In checkin:
b3b42ac2cbae x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
we "solved" this by forbidding 16-bit segments on 64-bit kernels, with
the logic that 16-bit support is crippled on 64-bit kernels anyway (no
V86 support), but it turns out that people are doing stuff like
running old Win16 binaries under Wine and expect it to work.
This works around this by creating percpu "ministacks", each of which
is mapped 2^16 times 64K apart. When we detect that the return SS is
on the LDT, we copy the IRET frame to the ministack and use the
relevant alias to return to userspace. The ministacks are mapped
readonly, so if IRET faults we promote #GP to #DF which is an IST
vector and thus has its own stack; we then do the fixup in the #DF
handler.
(Making #GP an IST exception would make the msr_safe functions unsafe
in NMI/MC context, and quite possibly have other effects.)
Special thanks to:
- Andy Lutomirski, for the suggestion of using very small stack slots
and copy (as opposed to map) the IRET frame there, and for the
suggestion to mark them readonly and let the fault promote to #DF.
- Konrad Wilk for paravirt fixup and testing.
- Borislav Petkov for testing help and useful comments.
Reported-by: Brian Gerst <brgerst@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Link: http://lkml.kernel.org/r/1398816946-3351-1-git-send-email-hpa@linux.intel.com
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Andrew Lutomriski <amluto@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Dirk Hohndel <dirk@hohndel.org>
Cc: Arjan van de Ven <arjan.van.de.ven@intel.com>
Cc: comex <comexk@gmail.com>
Cc: Alexander van Heukelum <heukelum@fastmail.fm>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
[ luis: backported to 3.11: adjusted context ]
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
Documentation/x86/x86_64/mm.txt | 2 +
arch/x86/include/asm/pgtable_64_types.h | 2 +
arch/x86/include/asm/setup.h | 3 +
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/entry_64.S | 73 ++++++++++-
arch/x86/kernel/espfix_64.c | 208 ++++++++++++++++++++++++++++++++
arch/x86/kernel/ldt.c | 11 --
arch/x86/kernel/smpboot.c | 7 ++
arch/x86/mm/dump_pagetables.c | 40 ++++--
init/main.c | 4 +
10 files changed, 325 insertions(+), 26 deletions(-)
create mode 100644 arch/x86/kernel/espfix_64.c
diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt
index 881582f..bd43704 100644
--- a/Documentation/x86/x86_64/mm.txt
+++ b/Documentation/x86/x86_64/mm.txt
@@ -12,6 +12,8 @@ ffffc90000000000 - ffffe8ffffffffff (=45 bits) vmalloc/ioremap space
ffffe90000000000 - ffffe9ffffffffff (=40 bits) hole
ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB)
... unused hole ...
+ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks
+... unused hole ...
ffffffff80000000 - ffffffffa0000000 (=512 MB) kernel text mapping, from phys 0
ffffffffa0000000 - ffffffffff5fffff (=1525 MB) module mapping space
ffffffffff600000 - ffffffffffdfffff (=8 MB) vsyscalls
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
index 2d88344..b1609f2 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
@@ -61,6 +61,8 @@ typedef struct { pteval_t pte; } pte_t;
#define MODULES_VADDR _AC(0xffffffffa0000000, UL)
#define MODULES_END _AC(0xffffffffff000000, UL)
#define MODULES_LEN (MODULES_END - MODULES_VADDR)
+#define ESPFIX_PGD_ENTRY _AC(-2, UL)
+#define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT)
#define EARLY_DYNAMIC_PAGE_TABLES 64
diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
index 59bcf4e..edfaf6a 100644
--- a/arch/x86/include/asm/setup.h
+++ b/arch/x86/include/asm/setup.h
@@ -62,6 +62,9 @@ extern void x86_ce4100_early_setup(void);
static inline void x86_ce4100_early_setup(void) { }
#endif
+extern void init_espfix_bsp(void);
+extern void init_espfix_ap(void);
+
#ifndef _SETUP
/*
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 9b0a34e..92450ee 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -29,6 +29,7 @@ obj-$(CONFIG_X86_64) += sys_x86_64.o x8664_ksyms_64.o
obj-y += syscall_$(BITS).o
obj-$(CONFIG_X86_64) += vsyscall_64.o
obj-$(CONFIG_X86_64) += vsyscall_emu_64.o
+obj-$(CONFIG_X86_64) += espfix_64.o
obj-y += bootflag.o e820.o
obj-y += pci-dma.o quirks.o topology.o kdebugfs.o
obj-y += alternative.o i8253.o pci-nommu.o hw_breakpoint.o
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 1e96c36..bffaa98 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -58,6 +58,7 @@
#include <asm/asm.h>
#include <asm/context_tracking.h>
#include <asm/smap.h>
+#include <asm/pgtable_types.h>
#include <linux/err.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
@@ -1040,8 +1041,16 @@ restore_args:
RESTORE_ARGS 1,8,1
irq_return:
+ /*
+ * Are we returning to a stack segment from the LDT? Note: in
+ * 64-bit mode SS:RSP on the exception stack is always valid.
+ */
+ testb $4,(SS-RIP)(%rsp)
+ jnz irq_return_ldt
+
+irq_return_iret:
INTERRUPT_RETURN
- _ASM_EXTABLE(irq_return, bad_iret)
+ _ASM_EXTABLE(irq_return_iret, bad_iret)
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
@@ -1049,6 +1058,30 @@ ENTRY(native_iret)
_ASM_EXTABLE(native_iret, bad_iret)
#endif
+irq_return_ldt:
+ pushq_cfi %rax
+ pushq_cfi %rdi
+ SWAPGS
+ movq PER_CPU_VAR(espfix_waddr),%rdi
+ movq %rax,(0*8)(%rdi) /* RAX */
+ movq (2*8)(%rsp),%rax /* RIP */
+ movq %rax,(1*8)(%rdi)
+ movq (3*8)(%rsp),%rax /* CS */
+ movq %rax,(2*8)(%rdi)
+ movq (4*8)(%rsp),%rax /* RFLAGS */
+ movq %rax,(3*8)(%rdi)
+ movq (6*8)(%rsp),%rax /* SS */
+ movq %rax,(5*8)(%rdi)
+ movq (5*8)(%rsp),%rax /* RSP */
+ movq %rax,(4*8)(%rdi)
+ andl $0xffff0000,%eax
+ popq_cfi %rdi
+ orq PER_CPU_VAR(espfix_stack),%rax
+ SWAPGS
+ movq %rax,%rsp
+ popq_cfi %rax
+ jmp irq_return_iret
+
.section .fixup,"ax"
bad_iret:
/*
@@ -1110,9 +1143,41 @@ ENTRY(retint_kernel)
call preempt_schedule_irq
jmp exit_intr
#endif
-
CFI_ENDPROC
END(common_interrupt)
+
+ /*
+ * If IRET takes a fault on the espfix stack, then we
+ * end up promoting it to a doublefault. In that case,
+ * modify the stack to make it look like we just entered
+ * the #GP handler from user space, similar to bad_iret.
+ */
+ ALIGN
+__do_double_fault:
+ XCPT_FRAME 1 RDI+8
+ movq RSP(%rdi),%rax /* Trap on the espfix stack? */
+ sarq $PGDIR_SHIFT,%rax
+ cmpl $ESPFIX_PGD_ENTRY,%eax
+ jne do_double_fault /* No, just deliver the fault */
+ cmpl $__KERNEL_CS,CS(%rdi)
+ jne do_double_fault
+ movq RIP(%rdi),%rax
+ cmpq $irq_return_iret,%rax
+#ifdef CONFIG_PARAVIRT
+ je 1f
+ cmpq $native_iret,%rax
+#endif
+ jne do_double_fault /* This shouldn't happen... */
+1:
+ movq PER_CPU_VAR(kernel_stack),%rax
+ subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */
+ movq %rax,RSP(%rdi)
+ movq $0,(%rax) /* Missing (lost) #GP error code */
+ movq $general_protection,RIP(%rdi)
+ retq
+ CFI_ENDPROC
+END(__do_double_fault)
+
/*
* End of kprobes section
*/
@@ -1314,7 +1379,7 @@ zeroentry overflow do_overflow
zeroentry bounds do_bounds
zeroentry invalid_op do_invalid_op
zeroentry device_not_available do_device_not_available
-paranoiderrorentry double_fault do_double_fault
+paranoiderrorentry double_fault __do_double_fault
zeroentry coprocessor_segment_overrun do_coprocessor_segment_overrun
errorentry invalid_TSS do_invalid_TSS
errorentry segment_not_present do_segment_not_present
@@ -1601,7 +1666,7 @@ error_sti:
*/
error_kernelspace:
incl %ebx
- leaq irq_return(%rip),%rcx
+ leaq irq_return_iret(%rip),%rcx
cmpq %rcx,RIP+8(%rsp)
je error_swapgs
movl %ecx,%eax /* zero extend */
diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
new file mode 100644
index 0000000..8a64da3
--- /dev/null
+++ b/arch/x86/kernel/espfix_64.c
@@ -0,0 +1,208 @@
+/* ----------------------------------------------------------------------- *
+ *
+ * Copyright 2014 Intel Corporation; author: H. Peter Anvin
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * ----------------------------------------------------------------------- */
+
+/*
+ * The IRET instruction, when returning to a 16-bit segment, only
+ * restores the bottom 16 bits of the user space stack pointer. This
+ * causes some 16-bit software to break, but it also leaks kernel state
+ * to user space.
+ *
+ * This works around this by creating percpu "ministacks", each of which
+ * is mapped 2^16 times 64K apart. When we detect that the return SS is
+ * on the LDT, we copy the IRET frame to the ministack and use the
+ * relevant alias to return to userspace. The ministacks are mapped
+ * readonly, so if the IRET fault we promote #GP to #DF which is an IST
+ * vector and thus has its own stack; we then do the fixup in the #DF
+ * handler.
+ *
+ * This file sets up the ministacks and the related page tables. The
+ * actual ministack invocation is in entry_64.S.
+ */
+
+#include <linux/init.h>
+#include <linux/init_task.h>
+#include <linux/kernel.h>
+#include <linux/percpu.h>
+#include <linux/gfp.h>
+#include <linux/random.h>
+#include <asm/pgtable.h>
+#include <asm/pgalloc.h>
+#include <asm/setup.h>
+
+/*
+ * Note: we only need 6*8 = 48 bytes for the espfix stack, but round
+ * it up to a cache line to avoid unnecessary sharing.
+ */
+#define ESPFIX_STACK_SIZE (8*8UL)
+#define ESPFIX_STACKS_PER_PAGE (PAGE_SIZE/ESPFIX_STACK_SIZE)
+
+/* There is address space for how many espfix pages? */
+#define ESPFIX_PAGE_SPACE (1UL << (PGDIR_SHIFT-PAGE_SHIFT-16))
+
+#define ESPFIX_MAX_CPUS (ESPFIX_STACKS_PER_PAGE * ESPFIX_PAGE_SPACE)
+#if CONFIG_NR_CPUS > ESPFIX_MAX_CPUS
+# error "Need more than one PGD for the ESPFIX hack"
+#endif
+
+#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_REPEAT | __GFP_ZERO)
+
+/* This contains the *bottom* address of the espfix stack */
+DEFINE_PER_CPU_READ_MOSTLY(unsigned long, espfix_stack);
+DEFINE_PER_CPU_READ_MOSTLY(unsigned long, espfix_waddr);
+
+/* Initialization mutex - should this be a spinlock? */
+static DEFINE_MUTEX(espfix_init_mutex);
+
+/* Page allocation bitmap - each page serves ESPFIX_STACKS_PER_PAGE CPUs */
+#define ESPFIX_MAX_PAGES DIV_ROUND_UP(CONFIG_NR_CPUS, ESPFIX_STACKS_PER_PAGE)
+static void *espfix_pages[ESPFIX_MAX_PAGES];
+
+static __page_aligned_bss pud_t espfix_pud_page[PTRS_PER_PUD]
+ __aligned(PAGE_SIZE);
+
+static unsigned int page_random, slot_random;
+
+/*
+ * This returns the bottom address of the espfix stack for a specific CPU.
+ * The math allows for a non-power-of-two ESPFIX_STACK_SIZE, in which case
+ * we have to account for some amount of padding at the end of each page.
+ */
+static inline unsigned long espfix_base_addr(unsigned int cpu)
+{
+ unsigned long page, slot;
+ unsigned long addr;
+
+ page = (cpu / ESPFIX_STACKS_PER_PAGE) ^ page_random;
+ slot = (cpu + slot_random) % ESPFIX_STACKS_PER_PAGE;
+ addr = (page << PAGE_SHIFT) + (slot * ESPFIX_STACK_SIZE);
+ addr = (addr & 0xffffUL) | ((addr & ~0xffffUL) << 16);
+ addr += ESPFIX_BASE_ADDR;
+ return addr;
+}
+
+#define PTE_STRIDE (65536/PAGE_SIZE)
+#define ESPFIX_PTE_CLONES (PTRS_PER_PTE/PTE_STRIDE)
+#define ESPFIX_PMD_CLONES PTRS_PER_PMD
+#define ESPFIX_PUD_CLONES (65536/(ESPFIX_PTE_CLONES*ESPFIX_PMD_CLONES))
+
+#define PGTABLE_PROT ((_KERNPG_TABLE & ~_PAGE_RW) | _PAGE_NX)
+
+static void init_espfix_random(void)
+{
+ unsigned long rand;
+
+ /*
+ * This is run before the entropy pools are initialized,
+ * but this is hopefully better than nothing.
+ */
+ if (!arch_get_random_long(&rand)) {
+ /* The constant is an arbitrary large prime */
+ rdtscll(rand);
+ rand *= 0xc345c6b72fd16123UL;
+ }
+
+ slot_random = rand % ESPFIX_STACKS_PER_PAGE;
+ page_random = (rand / ESPFIX_STACKS_PER_PAGE)
+ & (ESPFIX_PAGE_SPACE - 1);
+}
+
+void __init init_espfix_bsp(void)
+{
+ pgd_t *pgd_p;
+ pteval_t ptemask;
+
+ ptemask = __supported_pte_mask;
+
+ /* Install the espfix pud into the kernel page directory */
+ pgd_p = &init_level4_pgt[pgd_index(ESPFIX_BASE_ADDR)];
+ pgd_populate(&init_mm, pgd_p, (pud_t *)espfix_pud_page);
+
+ /* Randomize the locations */
+ init_espfix_random();
+
+ /* The rest is the same as for any other processor */
+ init_espfix_ap();
+}
+
+void init_espfix_ap(void)
+{
+ unsigned int cpu, page;
+ unsigned long addr;
+ pud_t pud, *pud_p;
+ pmd_t pmd, *pmd_p;
+ pte_t pte, *pte_p;
+ int n;
+ void *stack_page;
+ pteval_t ptemask;
+
+ /* We only have to do this once... */
+ if (likely(this_cpu_read(espfix_stack)))
+ return; /* Already initialized */
+
+ cpu = smp_processor_id();
+ addr = espfix_base_addr(cpu);
+ page = cpu/ESPFIX_STACKS_PER_PAGE;
+
+ /* Did another CPU already set this up? */
+ stack_page = ACCESS_ONCE(espfix_pages[page]);
+ if (likely(stack_page))
+ goto done;
+
+ mutex_lock(&espfix_init_mutex);
+
+ /* Did we race on the lock? */
+ stack_page = ACCESS_ONCE(espfix_pages[page]);
+ if (stack_page)
+ goto unlock_done;
+
+ ptemask = __supported_pte_mask;
+
+ pud_p = &espfix_pud_page[pud_index(addr)];
+ pud = *pud_p;
+ if (!pud_present(pud)) {
+ pmd_p = (pmd_t *)__get_free_page(PGALLOC_GFP);
+ pud = __pud(__pa(pmd_p) | (PGTABLE_PROT & ptemask));
+ paravirt_alloc_pud(&init_mm, __pa(pmd_p) >> PAGE_SHIFT);
+ for (n = 0; n < ESPFIX_PUD_CLONES; n++)
+ set_pud(&pud_p[n], pud);
+ }
+
+ pmd_p = pmd_offset(&pud, addr);
+ pmd = *pmd_p;
+ if (!pmd_present(pmd)) {
+ pte_p = (pte_t *)__get_free_page(PGALLOC_GFP);
+ pmd = __pmd(__pa(pte_p) | (PGTABLE_PROT & ptemask));
+ paravirt_alloc_pmd(&init_mm, __pa(pte_p) >> PAGE_SHIFT);
+ for (n = 0; n < ESPFIX_PMD_CLONES; n++)
+ set_pmd(&pmd_p[n], pmd);
+ }
+
+ pte_p = pte_offset_kernel(&pmd, addr);
+ stack_page = (void *)__get_free_page(GFP_KERNEL);
+ pte = __pte(__pa(stack_page) | (__PAGE_KERNEL_RO & ptemask));
+ paravirt_alloc_pte(&init_mm, __pa(stack_page) >> PAGE_SHIFT);
+ for (n = 0; n < ESPFIX_PTE_CLONES; n++)
+ set_pte(&pte_p[n*PTE_STRIDE], pte);
+
+ /* Job is done for this CPU and any CPU which shares this page */
+ ACCESS_ONCE(espfix_pages[page]) = stack_page;
+
+unlock_done:
+ mutex_unlock(&espfix_init_mutex);
+done:
+ this_cpu_write(espfix_stack, addr);
+ this_cpu_write(espfix_waddr, (unsigned long)stack_page
+ + (addr & ~PAGE_MASK));
+}
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index af1d14a..ebc9873 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -229,17 +229,6 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
- /*
- * On x86-64 we do not support 16-bit segments due to
- * IRET leaking the high bits of the kernel stack address.
- */
-#ifdef CONFIG_X86_64
- if (!ldt_info.seg_32bit) {
- error = -EINVAL;
- goto out_unlock;
- }
-#endif
-
fill_ldt(&ldt, &ldt_info);
if (oldmode)
ldt.avl = 0;
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 85dc05a..b5c176a 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -243,6 +243,13 @@ static void notrace start_secondary(void *unused)
check_tsc_sync_target();
/*
+ * Enable the espfix hack for this CPU
+ */
+#ifdef CONFIG_X86_64
+ init_espfix_ap();
+#endif
+
+ /*
* We need to hold vector_lock so there the set of online cpus
* does not change while we are assigning vectors to cpus. Holding
* this lock ensures we don't half assign or remove an irq from a cpu.
diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
index 0002a3a..8f556f7 100644
--- a/arch/x86/mm/dump_pagetables.c
+++ b/arch/x86/mm/dump_pagetables.c
@@ -30,11 +30,13 @@ struct pg_state {
unsigned long start_address;
unsigned long current_address;
const struct addr_marker *marker;
+ unsigned long lines;
};
struct addr_marker {
unsigned long start_address;
const char *name;
+ unsigned long max_lines;
};
/* indices for address_markers; keep sync'd w/ address_markers below */
@@ -45,6 +47,7 @@ enum address_markers_idx {
LOW_KERNEL_NR,
VMALLOC_START_NR,
VMEMMAP_START_NR,
+ ESPFIX_START_NR,
HIGH_KERNEL_NR,
MODULES_VADDR_NR,
MODULES_END_NR,
@@ -67,6 +70,7 @@ static struct addr_marker address_markers[] = {
{ PAGE_OFFSET, "Low Kernel Mapping" },
{ VMALLOC_START, "vmalloc() Area" },
{ VMEMMAP_START, "Vmemmap" },
+ { ESPFIX_BASE_ADDR, "ESPfix Area", 16 },
{ __START_KERNEL_map, "High Kernel Mapping" },
{ MODULES_VADDR, "Modules" },
{ MODULES_END, "End Modules" },
@@ -163,7 +167,7 @@ static void note_page(struct seq_file *m, struct pg_state *st,
pgprot_t new_prot, int level)
{
pgprotval_t prot, cur;
- static const char units[] = "KMGTPE";
+ static const char units[] = "BKMGTPE";
/*
* If we have a "break" in the series, we need to flush the state that
@@ -178,6 +182,7 @@ static void note_page(struct seq_file *m, struct pg_state *st,
st->current_prot = new_prot;
st->level = level;
st->marker = address_markers;
+ st->lines = 0;
seq_printf(m, "---[ %s ]---\n", st->marker->name);
} else if (prot != cur || level != st->level ||
st->current_address >= st->marker[1].start_address) {
@@ -188,17 +193,21 @@ static void note_page(struct seq_file *m, struct pg_state *st,
/*
* Now print the actual finished series
*/
- seq_printf(m, "0x%0*lx-0x%0*lx ",
- width, st->start_address,
- width, st->current_address);
-
- delta = (st->current_address - st->start_address) >> 10;
- while (!(delta & 1023) && unit[1]) {
- delta >>= 10;
- unit++;
+ if (!st->marker->max_lines ||
+ st->lines < st->marker->max_lines) {
+ seq_printf(m, "0x%0*lx-0x%0*lx ",
+ width, st->start_address,
+ width, st->current_address);
+
+ delta = st->current_address - st->start_address;
+ while (!(delta & 1023) && unit[1]) {
+ delta >>= 10;
+ unit++;
+ }
+ seq_printf(m, "%9lu%c ", delta, *unit);
+ printk_prot(m, st->current_prot, st->level);
}
- seq_printf(m, "%9lu%c ", delta, *unit);
- printk_prot(m, st->current_prot, st->level);
+ st->lines++;
/*
* We print markers for special areas of address space,
@@ -206,7 +215,16 @@ static void note_page(struct seq_file *m, struct pg_state *st,
* This helps in the interpretation.
*/
if (st->current_address >= st->marker[1].start_address) {
+ if (st->marker->max_lines &&
+ st->lines > st->marker->max_lines) {
+ unsigned long nskip =
+ st->lines - st->marker->max_lines;
+ seq_printf(m, "... %lu entr%s skipped ... \n",
+ nskip,
+ nskip == 1 ? "y" : "ies");
+ }
st->marker++;
+ st->lines = 0;
seq_printf(m, "---[ %s ]---\n", st->marker->name);
}
diff --git a/init/main.c b/init/main.c
index febc511..da5d829 100644
--- a/init/main.c
+++ b/init/main.c
@@ -619,6 +619,10 @@ asmlinkage void __init start_kernel(void)
if (efi_enabled(EFI_RUNTIME_SERVICES))
efi_enter_virtual_mode();
#endif
+#ifdef CONFIG_X86_64
+ /* Should be run before the first non-init thread is created */
+ init_espfix_bsp();
+#endif
thread_info_cache_init();
cred_init();
fork_init(totalram_pages);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 040/187] x86, espfix: Move espfix definitions into a separate header file
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (38 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 039/187] x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 041/187] x86, espfix: Fix broken header guard Kamal Mostafa
` (147 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: H. Peter Anvin, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "H. Peter Anvin" <hpa@linux.intel.com>
commit e1fe9ed8d2a4937510d0d60e20705035c2609aea upstream.
Sparse warns that the percpu variables aren't declared before they are
defined. Rather than hacking around it, move espfix definitions into
a proper header file.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/include/asm/espfix.h | 16 ++++++++++++++++
arch/x86/include/asm/setup.h | 5 ++---
arch/x86/kernel/espfix_64.c | 1 +
3 files changed, 19 insertions(+), 3 deletions(-)
create mode 100644 arch/x86/include/asm/espfix.h
diff --git a/arch/x86/include/asm/espfix.h b/arch/x86/include/asm/espfix.h
new file mode 100644
index 0000000..729051c
--- /dev/null
+++ b/arch/x86/include/asm/espfix.h
@@ -0,0 +1,16 @@
+#ifdef _ASM_X86_ESPFIX_H
+#define _ASM_X86_ESPFIX_H
+
+#ifdef CONFIG_X86_64
+
+#include <asm/percpu.h>
+
+DECLARE_PER_CPU_READ_MOSTLY(unsigned long, espfix_stack);
+DECLARE_PER_CPU_READ_MOSTLY(unsigned long, espfix_waddr);
+
+extern void init_espfix_bsp(void);
+extern void init_espfix_ap(void);
+
+#endif /* CONFIG_X86_64 */
+
+#endif /* _ASM_X86_ESPFIX_H */
diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
index edfaf6a..c2003c0 100644
--- a/arch/x86/include/asm/setup.h
+++ b/arch/x86/include/asm/setup.h
@@ -62,11 +62,10 @@ extern void x86_ce4100_early_setup(void);
static inline void x86_ce4100_early_setup(void) { }
#endif
-extern void init_espfix_bsp(void);
-extern void init_espfix_ap(void);
-
#ifndef _SETUP
+#include <asm/espfix.h>
+
/*
* This is set up by the setup-routine at boot-time
*/
diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
index 8a64da3..6afbb16 100644
--- a/arch/x86/kernel/espfix_64.c
+++ b/arch/x86/kernel/espfix_64.c
@@ -40,6 +40,7 @@
#include <asm/pgtable.h>
#include <asm/pgalloc.h>
#include <asm/setup.h>
+#include <asm/espfix.h>
/*
* Note: we only need 6*8 = 48 bytes for the espfix stack, but round
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 041/187] x86, espfix: Fix broken header guard
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (39 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 040/187] x86, espfix: Move espfix definitions into a separate header file Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 042/187] x86, espfix: Make espfix64 a Kconfig option, fix UML Kamal Mostafa
` (146 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: H. Peter Anvin, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "H. Peter Anvin" <hpa@linux.intel.com>
commit 20b68535cd27183ebd3651ff313afb2b97dac941 upstream.
Header guard is #ifndef, not #ifdef...
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/include/asm/espfix.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/espfix.h b/arch/x86/include/asm/espfix.h
index 729051c..99efebb 100644
--- a/arch/x86/include/asm/espfix.h
+++ b/arch/x86/include/asm/espfix.h
@@ -1,4 +1,4 @@
-#ifdef _ASM_X86_ESPFIX_H
+#ifndef _ASM_X86_ESPFIX_H
#define _ASM_X86_ESPFIX_H
#ifdef CONFIG_X86_64
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 042/187] x86, espfix: Make espfix64 a Kconfig option, fix UML
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (40 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 041/187] x86, espfix: Fix broken header guard Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 043/187] x86, espfix: Make it possible to disable 16-bit support Kamal Mostafa
` (145 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: H. Peter Anvin, Richard Weinberger, Luis Henriques, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "H. Peter Anvin" <hpa@zytor.com>
commit 197725de65477bc8509b41388157c1a2283542bb upstream.
Make espfix64 a hidden Kconfig option. This fixes the x86-64 UML
build which had broken due to the non-existence of init_espfix_bsp()
in UML: since UML uses its own Kconfig, this option does not appear in
the UML build.
This also makes it possible to make support for 16-bit segments a
configuration option, for the people who want to minimize the size of
the kernel.
Reported-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: Richard Weinberger <richard@nod.at>
Link: http://lkml.kernel.org/r/1398816946-3351-1-git-send-email-hpa@linux.intel.com
[ luis: backported to 3.11: adjusted context ]
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/Kconfig | 4 ++++
arch/x86/kernel/Makefile | 2 +-
arch/x86/kernel/smpboot.c | 2 +-
init/main.c | 2 +-
4 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 9562fc3..ea1c3af 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -983,6 +983,10 @@ config VM86
XFree86 to initialize some video cards via BIOS. Disabling this
option saves about 6k.
+config X86_ESPFIX64
+ def_bool y
+ depends on X86_64
+
config TOSHIBA
tristate "Toshiba Laptop support"
depends on X86_32
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 92450ee..eb1d03b 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -29,7 +29,7 @@ obj-$(CONFIG_X86_64) += sys_x86_64.o x8664_ksyms_64.o
obj-y += syscall_$(BITS).o
obj-$(CONFIG_X86_64) += vsyscall_64.o
obj-$(CONFIG_X86_64) += vsyscall_emu_64.o
-obj-$(CONFIG_X86_64) += espfix_64.o
+obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o
obj-y += bootflag.o e820.o
obj-y += pci-dma.o quirks.o topology.o kdebugfs.o
obj-y += alternative.o i8253.o pci-nommu.o hw_breakpoint.o
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index b5c176a..a965665 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -245,7 +245,7 @@ static void notrace start_secondary(void *unused)
/*
* Enable the espfix hack for this CPU
*/
-#ifdef CONFIG_X86_64
+#ifdef CONFIG_X86_ESPFIX64
init_espfix_ap();
#endif
diff --git a/init/main.c b/init/main.c
index da5d829..aca4f33 100644
--- a/init/main.c
+++ b/init/main.c
@@ -619,7 +619,7 @@ asmlinkage void __init start_kernel(void)
if (efi_enabled(EFI_RUNTIME_SERVICES))
efi_enter_virtual_mode();
#endif
-#ifdef CONFIG_X86_64
+#ifdef CONFIG_X86_ESPFIX64
/* Should be run before the first non-init thread is created */
init_espfix_bsp();
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 043/187] x86, espfix: Make it possible to disable 16-bit support
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (41 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 042/187] x86, espfix: Make espfix64 a Kconfig option, fix UML Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 044/187] x86_64/entry/xen: Do not invoke espfix64 on Xen Kamal Mostafa
` (144 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: H. Peter Anvin, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "H. Peter Anvin" <hpa@zytor.com>
commit 34273f41d57ee8d854dcd2a1d754cbb546cb548f upstream.
Embedded systems, which may be very memory-size-sensitive, are
extremely unlikely to ever encounter any 16-bit software, so make it
a CONFIG_EXPERT option to turn off support for any 16-bit software
whatsoever.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Link: http://lkml.kernel.org/r/1398816946-3351-1-git-send-email-hpa@linux.intel.com
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/Kconfig | 23 ++++++++++++++++++-----
arch/x86/kernel/entry_32.S | 12 ++++++++++++
arch/x86/kernel/entry_64.S | 8 ++++++++
arch/x86/kernel/ldt.c | 5 +++++
4 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index ea1c3af..08fa7df 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -978,14 +978,27 @@ config VM86
default y
depends on X86_32
---help---
- This option is required by programs like DOSEMU to run 16-bit legacy
- code on X86 processors. It also may be needed by software like
- XFree86 to initialize some video cards via BIOS. Disabling this
- option saves about 6k.
+ This option is required by programs like DOSEMU to run
+ 16-bit real mode legacy code on x86 processors. It also may
+ be needed by software like XFree86 to initialize some video
+ cards via BIOS. Disabling this option saves about 6K.
+
+config X86_16BIT
+ bool "Enable support for 16-bit segments" if EXPERT
+ default y
+ ---help---
+ This option is required by programs like Wine to run 16-bit
+ protected mode legacy code on x86 processors. Disabling
+ this option saves about 300 bytes on i386, or around 6K text
+ plus 16K runtime memory on x86-64,
+
+config X86_ESPFIX32
+ def_bool y
+ depends on X86_16BIT && X86_32
config X86_ESPFIX64
def_bool y
- depends on X86_64
+ depends on X86_16BIT && X86_64
config TOSHIBA
tristate "Toshiba Laptop support"
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index c87810b..c5a9cb9 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -529,6 +529,7 @@ syscall_exit:
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
+#ifdef CONFIG_X86_ESPFIX32
movl PT_EFLAGS(%esp), %eax # mix EFLAGS, SS and CS
# Warning: PT_OLDSS(%esp) contains the wrong/random values if we
# are returning to the kernel.
@@ -539,6 +540,7 @@ restore_all_notrace:
cmpl $((SEGMENT_LDT << 8) | USER_RPL), %eax
CFI_REMEMBER_STATE
je ldt_ss # returning to user-space with LDT SS
+#endif
restore_nocheck:
RESTORE_REGS 4 # skip orig_eax/error_code
irq_return:
@@ -551,6 +553,7 @@ ENTRY(iret_exc)
.previous
_ASM_EXTABLE(irq_return,iret_exc)
+#ifdef CONFIG_X86_ESPFIX32
CFI_RESTORE_STATE
ldt_ss:
#ifdef CONFIG_PARAVIRT
@@ -594,6 +597,7 @@ ldt_ss:
lss (%esp), %esp /* switch to espfix segment */
CFI_ADJUST_CFA_OFFSET -8
jmp restore_nocheck
+#endif
CFI_ENDPROC
ENDPROC(system_call)
@@ -706,6 +710,7 @@ END(syscall_badsys)
* the high word of the segment base from the GDT and swiches to the
* normal stack and adjusts ESP with the matching offset.
*/
+#ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
@@ -715,8 +720,10 @@ END(syscall_badsys)
pushl_cfi %eax
lss (%esp), %esp /* switch to the normal stack segment */
CFI_ADJUST_CFA_OFFSET -8
+#endif
.endm
.macro UNWIND_ESPFIX_STACK
+#ifdef CONFIG_X86_ESPFIX32
movl %ss, %eax
/* see if on espfix stack */
cmpw $__ESPFIX_SS, %ax
@@ -727,6 +734,7 @@ END(syscall_badsys)
/* switch to normal stack */
FIXUP_ESPFIX_STACK
27:
+#endif
.endm
/*
@@ -1357,11 +1365,13 @@ END(debug)
ENTRY(nmi)
RING0_INT_FRAME
ASM_CLAC
+#ifdef CONFIG_X86_ESPFIX32
pushl_cfi %eax
movl %ss, %eax
cmpw $__ESPFIX_SS, %ax
popl_cfi %eax
je nmi_espfix_stack
+#endif
cmpl $ia32_sysenter_target,(%esp)
je nmi_stack_fixup
pushl_cfi %eax
@@ -1401,6 +1411,7 @@ nmi_debug_stack_check:
FIX_STACK 24, nmi_stack_correct, 1
jmp nmi_stack_correct
+#ifdef CONFIG_X86_ESPFIX32
nmi_espfix_stack:
/* We have a RING0_INT_FRAME here.
*
@@ -1422,6 +1433,7 @@ nmi_espfix_stack:
lss 12+4(%esp), %esp # back to espfix stack
CFI_ADJUST_CFA_OFFSET -24
jmp irq_return
+#endif
CFI_ENDPROC
END(nmi)
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index bffaa98..da0b9bd 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1045,8 +1045,10 @@ irq_return:
* Are we returning to a stack segment from the LDT? Note: in
* 64-bit mode SS:RSP on the exception stack is always valid.
*/
+#ifdef CONFIG_X86_ESPFIX64
testb $4,(SS-RIP)(%rsp)
jnz irq_return_ldt
+#endif
irq_return_iret:
INTERRUPT_RETURN
@@ -1058,6 +1060,7 @@ ENTRY(native_iret)
_ASM_EXTABLE(native_iret, bad_iret)
#endif
+#ifdef CONFIG_X86_ESPFIX64
irq_return_ldt:
pushq_cfi %rax
pushq_cfi %rdi
@@ -1081,6 +1084,7 @@ irq_return_ldt:
movq %rax,%rsp
popq_cfi %rax
jmp irq_return_iret
+#endif
.section .fixup,"ax"
bad_iret:
@@ -1152,6 +1156,7 @@ END(common_interrupt)
* modify the stack to make it look like we just entered
* the #GP handler from user space, similar to bad_iret.
*/
+#ifdef CONFIG_X86_ESPFIX64
ALIGN
__do_double_fault:
XCPT_FRAME 1 RDI+8
@@ -1177,6 +1182,9 @@ __do_double_fault:
retq
CFI_ENDPROC
END(__do_double_fault)
+#else
+# define __do_double_fault do_double_fault
+#endif
/*
* End of kprobes section
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index ebc9873..c37886d 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -229,6 +229,11 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
+ if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) {
+ error = -EINVAL;
+ goto out_unlock;
+ }
+
fill_ldt(&ldt, &ldt_info);
if (oldmode)
ldt.avl = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 044/187] x86_64/entry/xen: Do not invoke espfix64 on Xen
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (42 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 043/187] x86, espfix: Make it possible to disable 16-bit support Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-17 11:25 ` Ben Hutchings
2014-09-15 22:07 ` [PATCH 3.13 045/187] bnx2x: Fix kernel crash and data miscompare after EEH recovery Kamal Mostafa
` (143 subsequent siblings)
187 siblings, 1 reply; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andy Lutomirski, H. Peter Anvin, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto@amacapital.net>
commit 7209a75d2009dbf7745e2fd354abf25c3deb3ca3 upstream.
This moves the espfix64 logic into native_iret. To make this work,
it gets rid of the native patch for INTERRUPT_RETURN:
INTERRUPT_RETURN on native kernels is now 'jmp native_iret'.
This changes the 16-bit SS behavior on Xen from OOPSing to leaking
some bits of the Xen hypervisor's RSP (I think).
[ hpa: this is a nonzero cost on native, but probably not enough to
measure. Xen needs to fix this in their own code, probably doing
something equivalent to espfix64. ]
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/r/7b8f1d8ef6597cb16ae004a43c56980a7de3cf94.1406129132.git.luto@amacapital.net
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/include/asm/irqflags.h | 2 +-
arch/x86/kernel/entry_64.S | 28 ++++++++++------------------
arch/x86/kernel/paravirt_patch_64.c | 2 --
3 files changed, 11 insertions(+), 21 deletions(-)
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
index bba3cf8..0a8b519 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -129,7 +129,7 @@ static inline notrace unsigned long arch_local_irq_save(void)
#define PARAVIRT_ADJUST_EXCEPTION_FRAME /* */
-#define INTERRUPT_RETURN iretq
+#define INTERRUPT_RETURN jmp native_iret
#define USERGS_SYSRET64 \
swapgs; \
sysretq;
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index da0b9bd..03cd2a8 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1041,27 +1041,24 @@ restore_args:
RESTORE_ARGS 1,8,1
irq_return:
+ INTERRUPT_RETURN
+
+ENTRY(native_iret)
/*
* Are we returning to a stack segment from the LDT? Note: in
* 64-bit mode SS:RSP on the exception stack is always valid.
*/
#ifdef CONFIG_X86_ESPFIX64
testb $4,(SS-RIP)(%rsp)
- jnz irq_return_ldt
+ jnz native_irq_return_ldt
#endif
-irq_return_iret:
- INTERRUPT_RETURN
- _ASM_EXTABLE(irq_return_iret, bad_iret)
-
-#ifdef CONFIG_PARAVIRT
-ENTRY(native_iret)
+native_irq_return_iret:
iretq
- _ASM_EXTABLE(native_iret, bad_iret)
-#endif
+ _ASM_EXTABLE(native_irq_return_iret, bad_iret)
#ifdef CONFIG_X86_ESPFIX64
-irq_return_ldt:
+native_irq_return_ldt:
pushq_cfi %rax
pushq_cfi %rdi
SWAPGS
@@ -1083,7 +1080,7 @@ irq_return_ldt:
SWAPGS
movq %rax,%rsp
popq_cfi %rax
- jmp irq_return_iret
+ jmp native_irq_return_iret
#endif
.section .fixup,"ax"
@@ -1167,13 +1164,8 @@ __do_double_fault:
cmpl $__KERNEL_CS,CS(%rdi)
jne do_double_fault
movq RIP(%rdi),%rax
- cmpq $irq_return_iret,%rax
-#ifdef CONFIG_PARAVIRT
- je 1f
- cmpq $native_iret,%rax
-#endif
+ cmpq $native_irq_return_iret,%rax
jne do_double_fault /* This shouldn't happen... */
-1:
movq PER_CPU_VAR(kernel_stack),%rax
subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */
movq %rax,RSP(%rdi)
@@ -1674,7 +1666,7 @@ error_sti:
*/
error_kernelspace:
incl %ebx
- leaq irq_return_iret(%rip),%rcx
+ leaq native_irq_return_iret(%rip),%rcx
cmpq %rcx,RIP+8(%rsp)
je error_swapgs
movl %ecx,%eax /* zero extend */
diff --git a/arch/x86/kernel/paravirt_patch_64.c b/arch/x86/kernel/paravirt_patch_64.c
index 3f08f34..a1da673 100644
--- a/arch/x86/kernel/paravirt_patch_64.c
+++ b/arch/x86/kernel/paravirt_patch_64.c
@@ -6,7 +6,6 @@ DEF_NATIVE(pv_irq_ops, irq_disable, "cli");
DEF_NATIVE(pv_irq_ops, irq_enable, "sti");
DEF_NATIVE(pv_irq_ops, restore_fl, "pushq %rdi; popfq");
DEF_NATIVE(pv_irq_ops, save_fl, "pushfq; popq %rax");
-DEF_NATIVE(pv_cpu_ops, iret, "iretq");
DEF_NATIVE(pv_mmu_ops, read_cr2, "movq %cr2, %rax");
DEF_NATIVE(pv_mmu_ops, read_cr3, "movq %cr3, %rax");
DEF_NATIVE(pv_mmu_ops, write_cr3, "movq %rdi, %cr3");
@@ -50,7 +49,6 @@ unsigned native_patch(u8 type, u16 clobbers, void *ibuf,
PATCH_SITE(pv_irq_ops, save_fl);
PATCH_SITE(pv_irq_ops, irq_enable);
PATCH_SITE(pv_irq_ops, irq_disable);
- PATCH_SITE(pv_cpu_ops, iret);
PATCH_SITE(pv_cpu_ops, irq_enable_sysexit);
PATCH_SITE(pv_cpu_ops, usergs_sysret32);
PATCH_SITE(pv_cpu_ops, usergs_sysret64);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 045/187] bnx2x: Fix kernel crash and data miscompare after EEH recovery
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (43 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 044/187] x86_64/entry/xen: Do not invoke espfix64 on Xen Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 046/187] bnx2x: Adapter not recovery from EEH error injection Kamal Mostafa
` (142 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Milton Miller, Wen Xiong, David S. Miller, Andy Whitcroft, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "wenxiong@linux.vnet.ibm.com" <wenxiong@linux.vnet.ibm.com>
commit 9aaae044abe95de182d09004cc3fa181bf22e6e0 upstream.
A rmb() is required to ensure that the CQE is not read before it
is written by the adapter DMA. PCI ordering rules will make sure
the other fields are written before the marker at the end of struct
eth_fast_path_rx_cqe but without rmb() a weakly ordered processor can
process stale data.
Without the barrier we have observed various crashes including
bnx2x_tpa_start being called on queues not stopped (resulting in message
start of bin not in stop) and NULL pointer exceptions from bnx2x_rx_int.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index 6089bc4..a9324f4 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -868,6 +868,18 @@ int bnx2x_rx_int(struct bnx2x_fastpath *fp, int budget)
bd_prod = RX_BD(bd_prod);
bd_cons = RX_BD(bd_cons);
+ /* A rmb() is required to ensure that the CQE is not read
+ * before it is written by the adapter DMA. PCI ordering
+ * rules will make sure the other fields are written before
+ * the marker at the end of struct eth_fast_path_rx_cqe
+ * but without rmb() a weakly ordered processor can process
+ * stale data. Without the barrier TPA state-machine might
+ * enter inconsistent state and kernel stack might be
+ * provided with incorrect packet description - these lead
+ * to various kernel crashed.
+ */
+ rmb();
+
cqe_fp_flags = cqe_fp->type_error_flags;
cqe_fp_type = cqe_fp_flags & ETH_FAST_PATH_RX_CQE_TYPE;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 046/187] bnx2x: Adapter not recovery from EEH error injection
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (44 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 045/187] bnx2x: Fix kernel crash and data miscompare after EEH recovery Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 047/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression Kamal Mostafa
` (141 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Wen Xiong, David S. Miller, Andy Whitcroft, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "wenxiong@linux.vnet.ibm.com" <wenxiong@linux.vnet.ibm.com>
commit 0c0e63410a393aae4b615849625f539db775d586 upstream.
When injecting EEH error to bnx2x adapter, adapter couldn't be recovery
and caused recursive EEH errors. The patch fixes the issue.
Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
index 0067b97..71d3f0c 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
@@ -12998,8 +12998,8 @@ static int bnx2x_eeh_nic_unload(struct bnx2x *bp)
netdev_reset_tc(bp->dev);
del_timer_sync(&bp->timer);
- cancel_delayed_work(&bp->sp_task);
- cancel_delayed_work(&bp->period_task);
+ cancel_delayed_work_sync(&bp->sp_task);
+ cancel_delayed_work_sync(&bp->period_task);
spin_lock_bh(&bp->stats_lock);
bp->stats_state = STATS_STATE_DISABLED;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 047/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (45 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 046/187] bnx2x: Adapter not recovery from EEH error injection Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 048/187] blk-mq: fix initializing request's start time Kamal Mostafa
` (140 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Clemens Ladisch, Takashi Iwai, Tim Gardner, Kees van Veen, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Clemens Ladisch <clemens@ladisch.de>
commit 53da5ebfef66ea6e478ad9c6add3781472b79475 upstream.
The BOSS ME-25 turns out not to have any useful descriptors in its MIDI
interface, so its needs a quirk entry after all.
Reported-and-tested-by: Kees van Veen <kees.vanveen@gmail.com>
Fixes: 8e5ced83dd1c ("ALSA: usb-audio: remove superfluous Roland quirks")
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: Tim Gardner <tim.gardner@canonical.com>
Cc: Kees van Veen <kees.vanveen@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/usb/quirks-table.h | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
index f5f0595..0a81a51 100644
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -1582,6 +1582,35 @@ YAMAHA_DEVICE(0x7010, "UB99"),
}
},
{
+ /* BOSS ME-25 */
+ USB_DEVICE(0x0582, 0x0113),
+ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
+ .ifnum = QUIRK_ANY_INTERFACE,
+ .type = QUIRK_COMPOSITE,
+ .data = (const struct snd_usb_audio_quirk[]) {
+ {
+ .ifnum = 0,
+ .type = QUIRK_AUDIO_STANDARD_INTERFACE
+ },
+ {
+ .ifnum = 1,
+ .type = QUIRK_AUDIO_STANDARD_INTERFACE
+ },
+ {
+ .ifnum = 2,
+ .type = QUIRK_MIDI_FIXED_ENDPOINT,
+ .data = & (const struct snd_usb_midi_endpoint_info) {
+ .out_cables = 0x0001,
+ .in_cables = 0x0001
+ }
+ },
+ {
+ .ifnum = -1
+ }
+ }
+ }
+},
+{
/* only 44.1 kHz works at the moment */
USB_DEVICE(0x0582, 0x0120),
.driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 048/187] blk-mq: fix initializing request's start time
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (46 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 047/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 049/187] iwlwifi: mvm: Add a missed beacons threshold Kamal Mostafa
` (139 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ming Lei, Jens Axboe, Chris J Arges, Tim Gardner, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <tom.leiming@gmail.com>
commit 0fec08b4ecfc36fd8a64432343b2964fb86d2675 upstream.
blk_rq_init() is called in req's complete handler to initialize
the request, so the members of start_time and start_time_ns might
become inaccurate when it is allocated in future.
The patch initializes the two members in blk_mq_rq_ctx_init() to
fix the problem.
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Cc: Chris J Arges <chris.j.arges@canonical.com>
Cc: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
block/blk-mq.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 7f9b1f6..2192cf4 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -179,6 +179,8 @@ static void blk_mq_rq_ctx_init(struct request_queue *q, struct blk_mq_ctx *ctx,
rq->mq_ctx = ctx;
rq->cmd_flags = rw_flags;
+ rq->start_time = jiffies;
+ set_start_time_ns(rq);
ctx->rq_dispatched[rw_is_sync(rw_flags)]++;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 049/187] iwlwifi: mvm: Add a missed beacons threshold
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (47 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 048/187] blk-mq: fix initializing request's start time Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 050/187] ASoC: wm8994: Prevent double lock of accdet_lock mutex on wm1811 Kamal Mostafa
` (138 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ilan Peer, Emmanuel Grumbach, Seth Forshee, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
commit 12d423e816c69b0b4457bc047dda9a0a1c1a53c1 upstream.
Instead of always calling ieee80211_beacon_loss() on every missed
beacons notification, call this function only if the number of
consecutive missed beacons from last rx is higher than a predefined
threshold.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c | 25 ++++++++++++++++++++-----
drivers/net/wireless/iwlwifi/mvm/mvm.h | 1 +
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c b/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c
index 1fc0332..07d78ac 100644
--- a/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/iwlwifi/mvm/mac-ctxt.c
@@ -1148,10 +1148,18 @@ int iwl_mvm_rx_beacon_notif(struct iwl_mvm *mvm,
static void iwl_mvm_beacon_loss_iterator(void *_data, u8 *mac,
struct ieee80211_vif *vif)
{
- u16 *id = _data;
+ struct iwl_missed_beacons_notif *missed_beacons = _data;
struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
- if (mvmvif->id == *id)
+ if (mvmvif->id != (u16)le32_to_cpu(missed_beacons->mac_id))
+ return;
+
+ /*
+ * TODO: the threshold should be adjusted based on latency conditions,
+ * and/or in case of a CS flow on one of the other AP vifs.
+ */
+ if (le32_to_cpu(missed_beacons->consec_missed_beacons_since_last_rx) >
+ IWL_MVM_MISSED_BEACONS_THRESHOLD)
ieee80211_beacon_loss(vif);
}
@@ -1160,12 +1168,19 @@ int iwl_mvm_rx_missed_beacons_notif(struct iwl_mvm *mvm,
struct iwl_device_cmd *cmd)
{
struct iwl_rx_packet *pkt = rxb_addr(rxb);
- struct iwl_missed_beacons_notif *missed_beacons = (void *)pkt->data;
- u16 id = (u16)le32_to_cpu(missed_beacons->mac_id);
+ struct iwl_missed_beacons_notif *mb = (void *)pkt->data;
+
+ IWL_DEBUG_INFO(mvm,
+ "missed bcn mac_id=%u, consecutive=%u (%u, %u, %u)\n",
+ le32_to_cpu(mb->mac_id),
+ le32_to_cpu(mb->consec_missed_beacons),
+ le32_to_cpu(mb->consec_missed_beacons_since_last_rx),
+ le32_to_cpu(mb->num_recvd_beacons),
+ le32_to_cpu(mb->num_expected_beacons));
ieee80211_iterate_active_interfaces_atomic(mvm->hw,
IEEE80211_IFACE_ITER_NORMAL,
iwl_mvm_beacon_loss_iterator,
- &id);
+ mb);
return 0;
}
diff --git a/drivers/net/wireless/iwlwifi/mvm/mvm.h b/drivers/net/wireless/iwlwifi/mvm/mvm.h
index 17f1096..0f0de23 100644
--- a/drivers/net/wireless/iwlwifi/mvm/mvm.h
+++ b/drivers/net/wireless/iwlwifi/mvm/mvm.h
@@ -81,6 +81,7 @@
#define IWL_MVM_MAX_ADDRESSES 5
/* RSSI offset for WkP */
#define IWL_RSSI_OFFSET 50
+#define IWL_MVM_MISSED_BEACONS_THRESHOLD 8
enum iwl_mvm_tx_fifo {
IWL_MVM_TX_FIFO_BK = 0,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 050/187] ASoC: wm8994: Prevent double lock of accdet_lock mutex on wm1811
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (48 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 049/187] iwlwifi: mvm: Add a missed beacons threshold Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 051/187] [media] v4l: vsp1: Remove the unneeded vsp1_video_buffer video field Kamal Mostafa
` (137 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Charles Keepax, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
commit b38314179c9ccb789e6fe967cff171fa817e8978 upstream.
wm1811_micd_stop takes the accdet_lock mutex, and is called from two
places, one of which is already holding the accdet_lock. This obviously
causes a lock up.
This patch fixes this issue by removing the lock from wm1811_micd_stop
and ensuring that it is always locked externally.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/wm8994.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/sound/soc/codecs/wm8994.c b/sound/soc/codecs/wm8994.c
index 86426a1..c9ce977 100644
--- a/sound/soc/codecs/wm8994.c
+++ b/sound/soc/codecs/wm8994.c
@@ -3492,6 +3492,7 @@ static irqreturn_t wm8994_mic_irq(int irq, void *data)
return IRQ_HANDLED;
}
+/* Should be called with accdet_lock held */
static void wm1811_micd_stop(struct snd_soc_codec *codec)
{
struct wm8994_priv *wm8994 = snd_soc_codec_get_drvdata(codec);
@@ -3499,14 +3500,10 @@ static void wm1811_micd_stop(struct snd_soc_codec *codec)
if (!wm8994->jackdet)
return;
- mutex_lock(&wm8994->accdet_lock);
-
snd_soc_update_bits(codec, WM8958_MIC_DETECT_1, WM8958_MICD_ENA, 0);
wm1811_jackdet_set_mode(codec, WM1811_JACKDET_MODE_JACK);
- mutex_unlock(&wm8994->accdet_lock);
-
if (wm8994->wm8994->pdata.jd_ext_cap)
snd_soc_dapm_disable_pin(&codec->dapm,
"MICBIAS2");
@@ -3547,10 +3544,10 @@ static void wm8958_open_circuit_work(struct work_struct *work)
open_circuit_work.work);
struct device *dev = wm8994->wm8994->dev;
- wm1811_micd_stop(wm8994->hubs.codec);
-
mutex_lock(&wm8994->accdet_lock);
+ wm1811_micd_stop(wm8994->hubs.codec);
+
dev_dbg(dev, "Reporting open circuit\n");
wm8994->jack_mic = false;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 051/187] [media] v4l: vsp1: Remove the unneeded vsp1_video_buffer video field
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (49 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 050/187] ASoC: wm8994: Prevent double lock of accdet_lock mutex on wm1811 Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 052/187] ASoC: max98090: Fix missing free_irq Kamal Mostafa
` (136 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Laurent Pinchart, Mauro Carvalho Chehab, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
commit e51daefc228aa164adcc17fe8fce0f856ad0a1cc upstream.
The field is assigned but never read, remove it.
This fixes a bug caused by the struct vb2_buffer field not being be the
very first field of the vsp1_video_buffer buffer structure as required
by videobuf2.
Reported-by: Takanari Hayama <taki@igel.co.jp>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/platform/vsp1/vsp1_video.c | 2 --
drivers/media/platform/vsp1/vsp1_video.h | 1 -
2 files changed, 3 deletions(-)
diff --git a/drivers/media/platform/vsp1/vsp1_video.c b/drivers/media/platform/vsp1/vsp1_video.c
index 4b0ac07..daa992c 100644
--- a/drivers/media/platform/vsp1/vsp1_video.c
+++ b/drivers/media/platform/vsp1/vsp1_video.c
@@ -622,8 +622,6 @@ static int vsp1_video_buffer_prepare(struct vb2_buffer *vb)
if (vb->num_planes < format->num_planes)
return -EINVAL;
- buf->video = video;
-
for (i = 0; i < vb->num_planes; ++i) {
buf->addr[i] = vb2_dma_contig_plane_dma_addr(vb, i);
buf->length[i] = vb2_plane_size(vb, i);
diff --git a/drivers/media/platform/vsp1/vsp1_video.h b/drivers/media/platform/vsp1/vsp1_video.h
index d8612a3..47b7a8a 100644
--- a/drivers/media/platform/vsp1/vsp1_video.h
+++ b/drivers/media/platform/vsp1/vsp1_video.h
@@ -89,7 +89,6 @@ static inline struct vsp1_pipeline *to_vsp1_pipeline(struct media_entity *e)
}
struct vsp1_video_buffer {
- struct vsp1_video *video;
struct vb2_buffer buf;
struct list_head queue;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 052/187] ASoC: max98090: Fix missing free_irq
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (50 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 051/187] [media] v4l: vsp1: Remove the unneeded vsp1_video_buffer video field Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 053/187] KVM: x86: Inter-privilege level ret emulation is not implemeneted Kamal Mostafa
` (135 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jarkko Nikula, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Nikula <jarkko.nikula@linux.intel.com>
commit 4adeb0ccf86a5af1825bbfe290dee9e60a5ab870 upstream.
max98090.c doesn't free the threaded interrupt it requests. This causes
an oops when doing "cat /proc/interrupts" after snd-soc-max98090.ko is
unloaded.
Fix this by requesting the interrupt by using devm_request_threaded_irq().
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/max98090.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/max98090.c b/sound/soc/codecs/max98090.c
index 9ad8f01..764d0ea 100644
--- a/sound/soc/codecs/max98090.c
+++ b/sound/soc/codecs/max98090.c
@@ -2250,7 +2250,7 @@ static int max98090_probe(struct snd_soc_codec *codec)
/* Register for interrupts */
dev_dbg(codec->dev, "irq = %d\n", max98090->irq);
- ret = request_threaded_irq(max98090->irq, NULL,
+ ret = devm_request_threaded_irq(codec->dev, max98090->irq, NULL,
max98090_interrupt, IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
"max98090_interrupt", codec);
if (ret < 0) {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 053/187] KVM: x86: Inter-privilege level ret emulation is not implemeneted
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (51 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 052/187] ASoC: max98090: Fix missing free_irq Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 054/187] [media] au0828: Only alt setting logic when needed Kamal Mostafa
` (134 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Nadav Amit, Paolo Bonzini, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nadav Amit <namit@cs.technion.ac.il>
commit 9e8919ae793f4edfaa29694a70f71a515ae9942a upstream.
Return unhandlable error on inter-privilege level ret instruction. This is
since the current emulation does not check the privilege level correctly when
loading the CS, and does not pop RSP/SS as needed.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/emulate.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 07ffca0..7bff3e2 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2006,6 +2006,7 @@ static int em_ret_far(struct x86_emulate_ctxt *ctxt)
{
int rc;
unsigned long cs;
+ int cpl = ctxt->ops->cpl(ctxt);
rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes);
if (rc != X86EMUL_CONTINUE)
@@ -2015,6 +2016,9 @@ static int em_ret_far(struct x86_emulate_ctxt *ctxt)
rc = emulate_pop(ctxt, &cs, ctxt->op_bytes);
if (rc != X86EMUL_CONTINUE)
return rc;
+ /* Outer-privilege level return is not implemented */
+ if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
+ return X86EMUL_UNHANDLEABLE;
rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS);
return rc;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 054/187] [media] au0828: Only alt setting logic when needed
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (52 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 053/187] KVM: x86: Inter-privilege level ret emulation is not implemeneted Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 055/187] ASoC: pcm: fix dpcm_path_put in dpcm runtime update Kamal Mostafa
` (133 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Mauro Carvalho Chehab, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <m.chehab@samsung.com>
commit 64ea37bbd8a5815522706f0099ad3f11c7537e15 upstream.
It seems that there's a bug at au0828 hardware/firmware
related to alternate setting: when the device is already at
alt 5, a further call causes the URBs to receive -ESHUTDOWN.
I found two different encarnations of this issue:
1) at qv4l2, it fails the second time we try to open the
video screen;
2) at xawtv, when audio underrun occurs, with is very
frequent, at least on my test machine.
The fix is simple: just check if alt=5 before calling
set_usb_interface().
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/usb/au0828/au0828-video.c | 34 ++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/drivers/media/usb/au0828/au0828-video.c b/drivers/media/usb/au0828/au0828-video.c
index f615454..7ed75ef 100644
--- a/drivers/media/usb/au0828/au0828-video.c
+++ b/drivers/media/usb/au0828/au0828-video.c
@@ -787,11 +787,27 @@ static int au0828_i2s_init(struct au0828_dev *dev)
/*
* Auvitek au0828 analog stream enable
- * Please set interface0 to AS5 before enable the stream
*/
static int au0828_analog_stream_enable(struct au0828_dev *d)
{
+ struct usb_interface *iface;
+ int ret;
+
dprintk(1, "au0828_analog_stream_enable called\n");
+
+ iface = usb_ifnum_to_if(d->usbdev, 0);
+ if (iface && iface->cur_altsetting->desc.bAlternateSetting != 5) {
+ dprintk(1, "Changing intf#0 to alt 5\n");
+ /* set au0828 interface0 to AS5 here again */
+ ret = usb_set_interface(d->usbdev, 0, 5);
+ if (ret < 0) {
+ printk(KERN_INFO "Au0828 can't set alt setting to 5!\n");
+ return -EBUSY;
+ }
+ }
+
+ /* FIXME: size should be calculated using d->width, d->height */
+
au0828_writereg(d, AU0828_SENSORCTRL_VBI_103, 0x00);
au0828_writereg(d, 0x106, 0x00);
/* set x position */
@@ -1002,15 +1018,6 @@ static int au0828_v4l2_open(struct file *filp)
return -ERESTARTSYS;
}
if (dev->users == 0) {
- /* set au0828 interface0 to AS5 here again */
- ret = usb_set_interface(dev->usbdev, 0, 5);
- if (ret < 0) {
- mutex_unlock(&dev->lock);
- printk(KERN_INFO "Au0828 can't set alternate to 5!\n");
- kfree(fh);
- return -EBUSY;
- }
-
au0828_analog_stream_enable(dev);
au0828_analog_stream_reset(dev);
@@ -1252,13 +1259,6 @@ static int au0828_set_format(struct au0828_dev *dev, unsigned int cmd,
}
}
- /* set au0828 interface0 to AS5 here again */
- ret = usb_set_interface(dev->usbdev, 0, 5);
- if (ret < 0) {
- printk(KERN_INFO "Au0828 can't set alt setting to 5!\n");
- return -EBUSY;
- }
-
au0828_analog_stream_enable(dev);
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 055/187] ASoC: pcm: fix dpcm_path_put in dpcm runtime update
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (53 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 054/187] [media] au0828: Only alt setting logic when needed Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 056/187] crypto: ux500 - make interrupt mode plausible Kamal Mostafa
` (132 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Qiao Zhou, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiao Zhou <zhouqiao@marvell.com>
commit 7ed9de76ff342cbd717a9cf897044b99272cb8f8 upstream.
we need to release dapm widget list after dpcm_path_get in
soc_dpcm_runtime_update. otherwise, there will be potential memory
leak. add dpcm_path_put to fix it.
Signed-off-by: Qiao Zhou <zhouqiao@marvell.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/soc-pcm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
index 891b9a9..e683959 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -1908,6 +1908,7 @@ int soc_dpcm_runtime_update(struct snd_soc_card *card)
dpcm_be_disconnect(fe, SNDRV_PCM_STREAM_PLAYBACK);
}
+ dpcm_path_put(&list);
capture:
/* skip if FE doesn't have capture capability */
if (!fe->cpu_dai->driver->capture.channels_min)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 056/187] crypto: ux500 - make interrupt mode plausible
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (54 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 055/187] ASoC: pcm: fix dpcm_path_put in dpcm runtime update Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 057/187] Bluetooth: btmrvl: wait for HOST_SLEEP_ENABLE event in suspend Kamal Mostafa
` (131 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Arnd Bergmann, linux-crypto, Fabio Baltieri, Linus Walleij,
Herbert Xu, David S. Miller, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit e1f8859ee265fc89bd21b4dca79e8e983a044892 upstream.
The interrupt handler in the ux500 crypto driver has an obviously
incorrect way to access the data buffer, which for a while has
caused this build warning:
../ux500/cryp/cryp_core.c: In function 'cryp_interrupt_handler':
../ux500/cryp/cryp_core.c:234:5: warning: passing argument 1 of '__fswab32' makes integer from pointer without a cast [enabled by default]
writel_relaxed(ctx->indata,
^
In file included from ../include/linux/swab.h:4:0,
from ../include/uapi/linux/byteorder/big_endian.h:12,
from ../include/linux/byteorder/big_endian.h:4,
from ../arch/arm/include/uapi/asm/byteorder.h:19,
from ../include/asm-generic/bitops/le.h:5,
from ../arch/arm/include/asm/bitops.h:340,
from ../include/linux/bitops.h:33,
from ../include/linux/kernel.h:10,
from ../include/linux/clk.h:16,
from ../drivers/crypto/ux500/cryp/cryp_core.c:12:
../include/uapi/linux/swab.h:57:119: note: expected '__u32' but argument is of type 'const u8 *'
static inline __attribute_const__ __u32 __fswab32(__u32 val)
There are at least two, possibly three problems here:
a) when writing into the FIFO, we copy the pointer rather than the
actual data we want to give to the hardware
b) the data pointer is an array of 8-bit values, while the FIFO
is 32-bit wide, so both the read and write access fail to do
a proper type conversion
c) This seems incorrect for big-endian kernels, on which we need to
byte-swap any register access, but not normally FIFO accesses,
at least the DMA case doesn't do it either.
This converts the bogus loop to use the same readsl/writesl pair
that we use for the two other modes (DMA and polling). This is
more efficient and consistent, and probably correct for endianess.
The bug has existed since the driver was first merged, and was
probably never detected because nobody tried to use interrupt mode.
It might make sense to backport this fix to stable kernels, depending
on how the crypto maintainers feel about that.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: linux-crypto@vger.kernel.org
Cc: Fabio Baltieri <fabio.baltieri@linaro.org>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/crypto/ux500/cryp/cryp_core.c | 25 ++++++++++++-------------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/drivers/crypto/ux500/cryp/cryp_core.c b/drivers/crypto/ux500/cryp/cryp_core.c
index a999f53..92105f3 100644
--- a/drivers/crypto/ux500/cryp/cryp_core.c
+++ b/drivers/crypto/ux500/cryp/cryp_core.c
@@ -190,7 +190,7 @@ static void add_session_id(struct cryp_ctx *ctx)
static irqreturn_t cryp_interrupt_handler(int irq, void *param)
{
struct cryp_ctx *ctx;
- int i;
+ int count;
struct cryp_device_data *device_data;
if (param == NULL) {
@@ -215,12 +215,11 @@ static irqreturn_t cryp_interrupt_handler(int irq, void *param)
if (cryp_pending_irq_src(device_data,
CRYP_IRQ_SRC_OUTPUT_FIFO)) {
if (ctx->outlen / ctx->blocksize > 0) {
- for (i = 0; i < ctx->blocksize / 4; i++) {
- *(ctx->outdata) = readl_relaxed(
- &device_data->base->dout);
- ctx->outdata += 4;
- ctx->outlen -= 4;
- }
+ count = ctx->blocksize / 4;
+
+ readsl(&device_data->base->dout, ctx->outdata, count);
+ ctx->outdata += count;
+ ctx->outlen -= count;
if (ctx->outlen == 0) {
cryp_disable_irq_src(device_data,
@@ -230,12 +229,12 @@ static irqreturn_t cryp_interrupt_handler(int irq, void *param)
} else if (cryp_pending_irq_src(device_data,
CRYP_IRQ_SRC_INPUT_FIFO)) {
if (ctx->datalen / ctx->blocksize > 0) {
- for (i = 0 ; i < ctx->blocksize / 4; i++) {
- writel_relaxed(ctx->indata,
- &device_data->base->din);
- ctx->indata += 4;
- ctx->datalen -= 4;
- }
+ count = ctx->blocksize / 4;
+
+ writesl(&device_data->base->din, ctx->indata, count);
+
+ ctx->indata += count;
+ ctx->datalen -= count;
if (ctx->datalen == 0)
cryp_disable_irq_src(device_data,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 057/187] Bluetooth: btmrvl: wait for HOST_SLEEP_ENABLE event in suspend
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (55 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 056/187] crypto: ux500 - make interrupt mode plausible Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 058/187] ASoC: adau1701: fix adau1701_reg_read() Kamal Mostafa
` (130 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Chin-Ran Lo, Jeff CF Chen, Amitkumar Karwar, Bing Zhao,
Marcel Holtmann, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Chin-Ran Lo <crlo@marvell.com>
commit 396e04f4bb9afefb0744715dc76d9abe18ee5fb0 upstream.
After BT_CMD_HOST_SLEEP_ENABLE command finishes, driver should
wait until getting BT_EVENT_HOST_SLEEP_ENABLE event to complete
suspend procedure.
Without this patch the suspend handler would return success
earlier. By the time when the BT_EVENT_HOST_SLEEP_ENABLE event
comes in the controller driver could have already turned off the
bus clock. This causes kernel crash or system reboot eventually.
Signed-off-by: Chin-Ran Lo <crlo@marvell.com>
Signed-off-by: Jeff CF Chen <jeffc@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/bluetooth/btmrvl_drv.h | 1 +
drivers/bluetooth/btmrvl_main.c | 25 ++++++++++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btmrvl_drv.h b/drivers/bluetooth/btmrvl_drv.h
index f9d1833..c401de2 100644
--- a/drivers/bluetooth/btmrvl_drv.h
+++ b/drivers/bluetooth/btmrvl_drv.h
@@ -70,6 +70,7 @@ struct btmrvl_adapter {
u8 hs_state;
u8 wakeup_tries;
wait_queue_head_t cmd_wait_q;
+ wait_queue_head_t event_hs_wait_q;
u8 cmd_complete;
bool is_suspended;
};
diff --git a/drivers/bluetooth/btmrvl_main.c b/drivers/bluetooth/btmrvl_main.c
index 5cf31c4..245e9c7 100644
--- a/drivers/bluetooth/btmrvl_main.c
+++ b/drivers/bluetooth/btmrvl_main.c
@@ -115,6 +115,7 @@ int btmrvl_process_event(struct btmrvl_private *priv, struct sk_buff *skb)
adapter->hs_state = HS_ACTIVATED;
if (adapter->psmode)
adapter->ps_state = PS_SLEEP;
+ wake_up_interruptible(&adapter->event_hs_wait_q);
BT_DBG("HS ACTIVATED!");
} else {
BT_DBG("HS Enable failed");
@@ -254,11 +255,31 @@ EXPORT_SYMBOL_GPL(btmrvl_enable_ps);
int btmrvl_enable_hs(struct btmrvl_private *priv)
{
+ struct btmrvl_adapter *adapter = priv->adapter;
int ret;
ret = btmrvl_send_sync_cmd(priv, BT_CMD_HOST_SLEEP_ENABLE, NULL, 0);
- if (ret)
+ if (ret) {
BT_ERR("Host sleep enable command failed\n");
+ return ret;
+ }
+
+ ret = wait_event_interruptible_timeout(adapter->event_hs_wait_q,
+ adapter->hs_state,
+ msecs_to_jiffies(WAIT_UNTIL_HS_STATE_CHANGED));
+ if (ret < 0) {
+ BT_ERR("event_hs_wait_q terminated (%d): %d,%d,%d",
+ ret, adapter->hs_state, adapter->ps_state,
+ adapter->wakeup_tries);
+ } else if (!ret) {
+ BT_ERR("hs_enable timeout: %d,%d,%d", adapter->hs_state,
+ adapter->ps_state, adapter->wakeup_tries);
+ ret = -ETIMEDOUT;
+ } else {
+ BT_DBG("host sleep enabled: %d,%d,%d", adapter->hs_state,
+ adapter->ps_state, adapter->wakeup_tries);
+ ret = 0;
+ }
return ret;
}
@@ -344,6 +365,7 @@ static void btmrvl_init_adapter(struct btmrvl_private *priv)
priv->adapter->ps_state = PS_AWAKE;
init_waitqueue_head(&priv->adapter->cmd_wait_q);
+ init_waitqueue_head(&priv->adapter->event_hs_wait_q);
}
static void btmrvl_free_adapter(struct btmrvl_private *priv)
@@ -716,6 +738,7 @@ int btmrvl_remove_card(struct btmrvl_private *priv)
hdev = priv->btmrvl_dev.hcidev;
wake_up_interruptible(&priv->adapter->cmd_wait_q);
+ wake_up_interruptible(&priv->adapter->event_hs_wait_q);
kthread_stop(priv->main_thread.task);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 058/187] ASoC: adau1701: fix adau1701_reg_read()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (56 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 057/187] Bluetooth: btmrvl: wait for HOST_SLEEP_ENABLE event in suspend Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 059/187] ASoC: wm_adsp: Add missing MODULE_LICENSE Kamal Mostafa
` (129 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Daniel Mack, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Mack <zonque@gmail.com>
commit 3ad80b828b2533f37c221e2df155774efd6ed814 upstream.
Fix a long standing bug in the read register routing of adau1701.
The bytes arrive in the buffer in big-endian, so the result has to be
shifted before and-ing the bytes in the loop.
Signed-off-by: Daniel Mack <zonque@gmail.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/adau1701.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/adau1701.c b/sound/soc/codecs/adau1701.c
index adee866..56bfc67 100644
--- a/sound/soc/codecs/adau1701.c
+++ b/sound/soc/codecs/adau1701.c
@@ -230,8 +230,10 @@ static int adau1701_reg_read(void *context, unsigned int reg,
*value = 0;
- for (i = 0; i < size; i++)
- *value |= recv_buf[i] << (i * 8);
+ for (i = 0; i < size; i++) {
+ *value <<= 8;
+ *value |= recv_buf[i];
+ }
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 059/187] ASoC: wm_adsp: Add missing MODULE_LICENSE
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (57 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 058/187] ASoC: adau1701: fix adau1701_reg_read() Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 060/187] regulator: arizona-ldo1: remove bypass functionality Kamal Mostafa
` (128 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Praveen Diwakar, Vinod Koul, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Praveen Diwakar <praveen.diwakar@intel.com>
commit 0a37c6efec4a2fdc2563c5a8faa472b814deee80 upstream.
Since MODULE_LICENSE is missing the module load fails,
so add this for module.
Signed-off-by: Praveen Diwakar <praveen.diwakar@intel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Reviewed-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/codecs/wm_adsp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/codecs/wm_adsp.c b/sound/soc/codecs/wm_adsp.c
index 4fbcab6..07c99e8 100644
--- a/sound/soc/codecs/wm_adsp.c
+++ b/sound/soc/codecs/wm_adsp.c
@@ -1702,3 +1702,5 @@ int wm_adsp2_init(struct wm_adsp *adsp, bool dvfs)
return 0;
}
EXPORT_SYMBOL_GPL(wm_adsp2_init);
+
+MODULE_LICENSE("GPL v2");
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 060/187] regulator: arizona-ldo1: remove bypass functionality
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (58 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 059/187] ASoC: wm_adsp: Add missing MODULE_LICENSE Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 061/187] ASoC: samsung: Correct I2S DAI suspend/resume ops Kamal Mostafa
` (127 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Nikesh Oswal, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikesh Oswal <nikesh@opensource.wolfsonmicro.com>
commit 5b919f3ebb533cbe400664837e24f66a0836b907 upstream.
WM5110/8280 devices do not support bypass mode for LDO1 so remove
the bypass callbacks registered with regulator core.
Signed-off-by: Nikesh Oswal <nikesh@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/regulator/arizona-ldo1.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/regulator/arizona-ldo1.c b/drivers/regulator/arizona-ldo1.c
index f0ea4fd..8b963a7 100644
--- a/drivers/regulator/arizona-ldo1.c
+++ b/drivers/regulator/arizona-ldo1.c
@@ -141,8 +141,6 @@ static struct regulator_ops arizona_ldo1_ops = {
.map_voltage = regulator_map_voltage_linear,
.get_voltage_sel = regulator_get_voltage_sel_regmap,
.set_voltage_sel = regulator_set_voltage_sel_regmap,
- .get_bypass = regulator_get_bypass_regmap,
- .set_bypass = regulator_set_bypass_regmap,
};
static const struct regulator_desc arizona_ldo1 = {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 061/187] ASoC: samsung: Correct I2S DAI suspend/resume ops
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (59 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 060/187] regulator: arizona-ldo1: remove bypass functionality Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 062/187] drm/tilcdc: panel: fix dangling sysfs connector node Kamal Mostafa
` (126 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sylwester Nawrocki, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
commit d3d4e5247b013008a39e4d5f69ce4c60ed57f997 upstream.
We should save/restore relevant I2S registers regardless of
the dai->active flag, otherwise some settings are being lost
after system suspend/resume cycle. E.g. I2S slave mode set only
during dai initialization is not preserved and the device ends
up in master mode after system resume.
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/samsung/i2s.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/sound/soc/samsung/i2s.c b/sound/soc/samsung/i2s.c
index a5cbdb4..27ca0aa 100644
--- a/sound/soc/samsung/i2s.c
+++ b/sound/soc/samsung/i2s.c
@@ -915,11 +915,9 @@ static int i2s_suspend(struct snd_soc_dai *dai)
{
struct i2s_dai *i2s = to_info(dai);
- if (dai->active) {
- i2s->suspend_i2smod = readl(i2s->addr + I2SMOD);
- i2s->suspend_i2scon = readl(i2s->addr + I2SCON);
- i2s->suspend_i2spsr = readl(i2s->addr + I2SPSR);
- }
+ i2s->suspend_i2smod = readl(i2s->addr + I2SMOD);
+ i2s->suspend_i2scon = readl(i2s->addr + I2SCON);
+ i2s->suspend_i2spsr = readl(i2s->addr + I2SPSR);
return 0;
}
@@ -928,11 +926,9 @@ static int i2s_resume(struct snd_soc_dai *dai)
{
struct i2s_dai *i2s = to_info(dai);
- if (dai->active) {
- writel(i2s->suspend_i2scon, i2s->addr + I2SCON);
- writel(i2s->suspend_i2smod, i2s->addr + I2SMOD);
- writel(i2s->suspend_i2spsr, i2s->addr + I2SPSR);
- }
+ writel(i2s->suspend_i2scon, i2s->addr + I2SCON);
+ writel(i2s->suspend_i2smod, i2s->addr + I2SMOD);
+ writel(i2s->suspend_i2spsr, i2s->addr + I2SPSR);
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 062/187] drm/tilcdc: panel: fix dangling sysfs connector node
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (60 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 061/187] ASoC: samsung: Correct I2S DAI suspend/resume ops Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 063/187] drm/tilcdc: slave: " Kamal Mostafa
` (125 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guido Martínez, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Guido=20Mart=C3=ADnez?= <guido@vanguardiasur.com.ar>
commit e396900e649b0af31161634d87fe37076f46c12b upstream.
Add a drm_sysfs_connector_remove call when we destroy the panel to make
sure the connector node in sysfs gets deleted.
This is required for proper unload and re-load of this driver as a
module. Without this, we would get a warning at re-load time like so:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 824 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x54/0x74()
sysfs: cannot create duplicate filename '/class/drm/card0-LVDS-1'
Modules linked in: [...]
CPU: 0 PID: 824 Comm: modprobe Not tainted 3.15.0-rc4-00027-g6484f96-dirty #81
[<c0013bb8>] (unwind_backtrace) from [<c0011824>] (show_stack+0x10/0x14)
[<c0011824>] (show_stack) from [<c0034e8c>] (warn_slowpath_common+0x68/0x88)
[<c0034e8c>] (warn_slowpath_common) from [<c0034edc>] (warn_slowpath_fmt+0x30/0x40)
[<c0034edc>] (warn_slowpath_fmt) from [<c01243f4>] (sysfs_warn_dup+0x54/0x74)
[<c01243f4>] (sysfs_warn_dup) from [<c0124708>] (sysfs_do_create_link_sd.isra.2+0xb0/0xb8)
[<c0124708>] (sysfs_do_create_link_sd.isra.2) from [<c02ae37c>] (device_add+0x338/0x520)
[<c02ae37c>] (device_add) from [<c02ae6e8>] (device_create_groups_vargs+0xa0/0xc4)
[<c02ae6e8>] (device_create_groups_vargs) from [<c02ae758>] (device_create+0x24/0x2c)
[<c02ae758>] (device_create) from [<c029b4ec>] (drm_sysfs_connector_add+0x64/0x204)
[<c029b4ec>] (drm_sysfs_connector_add) from [<bf0b1fec>] (panel_modeset_init+0xb8/0x134 [tilcdc])
[<bf0b1fec>] (panel_modeset_init [tilcdc]) from [<bf0b2bf0>] (tilcdc_load+0x214/0x4c0 [tilcdc])
[<bf0b2bf0>] (tilcdc_load [tilcdc]) from [<c029955c>] (drm_dev_register+0xa4/0x104)
[ .. snip .. ]
---[ end trace b2d09cd9578b0497 ]---
[drm:drm_sysfs_connector_add] *ERROR* failed to register connector device: -17
Signed-off-by: Guido Martínez <guido@vanguardiasur.com.ar>
Tested-by: Darren Etheridge <detheridge@ti.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/tilcdc/tilcdc_panel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/tilcdc/tilcdc_panel.c b/drivers/gpu/drm/tilcdc/tilcdc_panel.c
index 86c6732..1943b2f 100644
--- a/drivers/gpu/drm/tilcdc/tilcdc_panel.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_panel.c
@@ -151,6 +151,7 @@ struct panel_connector {
static void panel_connector_destroy(struct drm_connector *connector)
{
struct panel_connector *panel_connector = to_panel_connector(connector);
+ drm_sysfs_connector_remove(connector);
drm_connector_cleanup(connector);
kfree(panel_connector);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 063/187] drm/tilcdc: slave: fix dangling sysfs connector node
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (61 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 062/187] drm/tilcdc: panel: fix dangling sysfs connector node Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 064/187] drm/tilcdc: tfp410: " Kamal Mostafa
` (124 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guido Martínez, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Guido=20Mart=C3=ADnez?= <guido@vanguardiasur.com.ar>
commit daa15b4cd1eee58eb1322062a3320b1dbe5dc96e upstream.
Add a drm_sysfs_connector_remove call when we destroy the panel to make
sure the connector node in sysfs gets deleted.
This is required for proper unload and re-load of this driver as a
module. Without this, we would get a warning at re-load time like so:
tda998x 0-0070: found TDA19988
------------[ cut here ]------------
WARNING: CPU: 0 PID: 825 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x54/0x74()
sysfs: cannot create duplicate filename '/class/drm/card0-HDMI-A-1'
Modules linked in: [..]
CPU: 0 PID: 825 Comm: modprobe Not tainted 3.15.0-rc4-00027-g9dcdef4 #82
[<c0013bb8>] (unwind_backtrace) from [<c0011824>] (show_stack+0x10/0x14)
[<c0011824>] (show_stack) from [<c0034e8c>] (warn_slowpath_common+0x68/0x88)
[<c0034e8c>] (warn_slowpath_common) from [<c0034edc>] (warn_slowpath_fmt+0x30/0x40)
[<c0034edc>] (warn_slowpath_fmt) from [<c01243f4>] (sysfs_warn_dup+0x54/0x74)
[<c01243f4>] (sysfs_warn_dup) from [<c0124708>] (sysfs_do_create_link_sd.isra.2+0xb0/0xb8)
[<c0124708>] (sysfs_do_create_link_sd.isra.2) from [<c02ae37c>] (device_add+0x338/0x520)
[<c02ae37c>] (device_add) from [<c02ae6e8>] (device_create_groups_vargs+0xa0/0xc4)
[<c02ae6e8>] (device_create_groups_vargs) from [<c02ae758>] (device_create+0x24/0x2c)
[<c02ae758>] (device_create) from [<c029b4ec>] (drm_sysfs_connector_add+0x64/0x204)
[<c029b4ec>] (drm_sysfs_connector_add) from [<bf0b1b40>] (slave_modeset_init+0x120/0x1bc [tilcdc])
[<bf0b1b40>] (slave_modeset_init [tilcdc]) from [<bf0b2be8>] (tilcdc_load+0x214/0x4c0 [tilcdc])
[<bf0b2be8>] (tilcdc_load [tilcdc]) from [<c029955c>] (drm_dev_register+0xa4/0x104)
[..snip..]
---[ end trace 4df8d614936ebdee ]---
[drm:drm_sysfs_connector_add] *ERROR* failed to register connector device: -17
Signed-off-by: Guido Martínez <guido@vanguardiasur.com.ar>
Tested-by: Darren Etheridge <detheridge@ti.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/tilcdc/tilcdc_slave.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/tilcdc/tilcdc_slave.c b/drivers/gpu/drm/tilcdc/tilcdc_slave.c
index 595068b..2f83ffb 100644
--- a/drivers/gpu/drm/tilcdc/tilcdc_slave.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_slave.c
@@ -166,6 +166,7 @@ struct slave_connector {
static void slave_connector_destroy(struct drm_connector *connector)
{
struct slave_connector *slave_connector = to_slave_connector(connector);
+ drm_sysfs_connector_remove(connector);
drm_connector_cleanup(connector);
kfree(slave_connector);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 064/187] drm/tilcdc: tfp410: fix dangling sysfs connector node
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (62 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 063/187] drm/tilcdc: slave: " Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 065/187] drm/tilcdc: panel: fix leak when unloading the module Kamal Mostafa
` (123 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guido Martínez, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Guido=20Mart=C3=ADnez?= <guido@vanguardiasur.com.ar>
commit 16dcbdef404f4e87dab985494381939fe0a2d456 upstream.
Add a drm_sysfs_connector_remove call when we destroy the panel to make
sure the connector node in sysfs gets deleted.
This is required for proper unload and re-load of this driver, otherwise
we will get a warning about a duplicate filename in sysfs.
Signed-off-by: Guido Martínez <guido@vanguardiasur.com.ar>
Tested-by: Darren Etheridge <detheridge@ti.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/tilcdc/tilcdc_tfp410.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c b/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c
index c38b56b..ce75ac8 100644
--- a/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c
@@ -167,6 +167,7 @@ struct tfp410_connector {
static void tfp410_connector_destroy(struct drm_connector *connector)
{
struct tfp410_connector *tfp410_connector = to_tfp410_connector(connector);
+ drm_sysfs_connector_remove(connector);
drm_connector_cleanup(connector);
kfree(tfp410_connector);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 065/187] drm/tilcdc: panel: fix leak when unloading the module
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (63 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 064/187] drm/tilcdc: tfp410: " Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 066/187] drm/tilcdc: fix release order on exit Kamal Mostafa
` (122 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guido Martínez, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Guido=20Mart=C3=ADnez?= <guido@vanguardiasur.com.ar>
commit 3a49012224ca9016658a831a327ff6a7fe5bb4f9 upstream.
The driver did not unregister the allocated framebuffer, which caused
memory leaks (and memory manager WARNs) when unloading. Also, the
framebuffer device under /dev still existed after unloading.
Add a call to drm_fbdev_cma_fini when unloading the module to prevent
both issues.
Signed-off-by: Guido Martínez <guido@vanguardiasur.com.ar>
Tested-by: Darren Etheridge <detheridge@ti.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/tilcdc/tilcdc_drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/tilcdc/tilcdc_drv.c b/drivers/gpu/drm/tilcdc/tilcdc_drv.c
index 116da19..247ab5d 100644
--- a/drivers/gpu/drm/tilcdc/tilcdc_drv.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.c
@@ -122,6 +122,7 @@ static int tilcdc_unload(struct drm_device *dev)
struct tilcdc_drm_private *priv = dev->dev_private;
struct tilcdc_module *mod, *cur;
+ drm_fbdev_cma_fini(priv->fbdev);
drm_kms_helper_poll_fini(dev);
drm_mode_config_cleanup(dev);
drm_vblank_cleanup(dev);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 066/187] drm/tilcdc: fix release order on exit
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (64 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 065/187] drm/tilcdc: panel: fix leak when unloading the module Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 067/187] drm/tilcdc: fix double kfree Kamal Mostafa
` (121 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guido Martínez, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Guido=20Mart=C3=ADnez?= <guido@vanguardiasur.com.ar>
commit eb565a2bbadc6a5030a6dbe58db1aa52453e7edf upstream.
Unregister resources in the correct order on tilcdc_drm_fini, which is
the reverse order they were registered during tilcdc_drm_init.
This also means unregistering the driver before releasing its resources.
Signed-off-by: Guido Martínez <guido@vanguardiasur.com.ar>
Tested-by: Darren Etheridge <detheridge@ti.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/tilcdc/tilcdc_drv.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/tilcdc/tilcdc_drv.c b/drivers/gpu/drm/tilcdc/tilcdc_drv.c
index 247ab5d..af1b17a 100644
--- a/drivers/gpu/drm/tilcdc/tilcdc_drv.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.c
@@ -629,10 +629,10 @@ static int __init tilcdc_drm_init(void)
static void __exit tilcdc_drm_fini(void)
{
DBG("fini");
- tilcdc_tfp410_fini();
- tilcdc_slave_fini();
- tilcdc_panel_fini();
platform_driver_unregister(&tilcdc_platform_driver);
+ tilcdc_panel_fini();
+ tilcdc_slave_fini();
+ tilcdc_tfp410_fini();
}
late_initcall(tilcdc_drm_init);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 067/187] drm/tilcdc: fix double kfree
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (65 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 066/187] drm/tilcdc: fix release order on exit Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 068/187] ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject Kamal Mostafa
` (120 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Guido Martínez, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Guido=20Mart=C3=ADnez?= <guido@vanguardiasur.com.ar>
commit c9a3ad25eddfdb898114a9d73cdb4c3472d9dfca upstream.
display_timings_release calls kfree on the display_timings object passed
to it. Calling kfree after it is wrong. SLUB debug showed the following
warning:
=============================================================================
BUG kmalloc-64 (Tainted: G W ): Object already free
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Allocated in of_get_display_timings+0x2c/0x214 age=601 cpu=0
pid=884
__slab_alloc.constprop.79+0x2e0/0x33c
kmem_cache_alloc+0xac/0xdc
of_get_display_timings+0x2c/0x214
panel_probe+0x7c/0x314 [tilcdc]
platform_drv_probe+0x18/0x48
[..snip..]
INFO: Freed in panel_destroy+0x18/0x3c [tilcdc] age=0 cpu=0 pid=907
__slab_free+0x34/0x330
panel_destroy+0x18/0x3c [tilcdc]
tilcdc_unload+0xd0/0x118 [tilcdc]
drm_dev_unregister+0x24/0x98
[..snip..]
Signed-off-by: Guido Martínez <guido@vanguardiasur.com.ar>
Tested-by: Darren Etheridge <detheridge@ti.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/tilcdc/tilcdc_panel.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/tilcdc/tilcdc_panel.c b/drivers/gpu/drm/tilcdc/tilcdc_panel.c
index 1943b2f..b085dcc 100644
--- a/drivers/gpu/drm/tilcdc/tilcdc_panel.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_panel.c
@@ -286,10 +286,8 @@ static void panel_destroy(struct tilcdc_module *mod)
{
struct panel_module *panel_mod = to_panel_module(mod);
- if (panel_mod->timings) {
+ if (panel_mod->timings)
display_timings_release(panel_mod->timings);
- kfree(panel_mod->timings);
- }
tilcdc_module_cleanup(mod);
kfree(panel_mod->info);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 068/187] ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (66 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 067/187] drm/tilcdc: fix double kfree Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 069/187] stable_kernel_rules: Add pointer to netdev-FAQ for network patches Kamal Mostafa
` (119 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: David E. Box, Bob Moore, Lv Zheng, Rafael J. Wysocki, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "David E. Box" <david.e.box@linux.intel.com>
commit 8aa5e56eeb61a099ea6519eb30ee399e1bc043ce upstream.
Adds return status check on copy routines to delete the allocated destination
object if either copy fails. Reported by Colin Ian King on bugs.acpica.org,
Bug 1087.
The last applicable commit:
Commit: 3371c19c294a4cb3649aa4e84606be8a1d999e61
Subject: ACPICA: Remove ACPI_GET_OBJECT_TYPE macro
Link: https://bugs.acpica.org/show_bug.cgi?id=1087
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/acpi/acpica/utcopy.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/acpi/acpica/utcopy.c b/drivers/acpi/acpica/utcopy.c
index edff4e6..c66bca1 100644
--- a/drivers/acpi/acpica/utcopy.c
+++ b/drivers/acpi/acpica/utcopy.c
@@ -1001,5 +1001,11 @@ acpi_ut_copy_iobject_to_iobject(union acpi_operand_object *source_desc,
status = acpi_ut_copy_simple_object(source_desc, *dest_desc);
}
+ /* Delete the allocated object if copy failed */
+
+ if (ACPI_FAILURE(status)) {
+ acpi_ut_remove_reference(*dest_desc);
+ }
+
return_ACPI_STATUS(status);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 069/187] stable_kernel_rules: Add pointer to netdev-FAQ for network patches
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (67 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 068/187] ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject Kamal Mostafa
@ 2014-09-15 22:07 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 070/187] USB: ehci-pci: USB host controller support for Intel Quark X1000 Kamal Mostafa
` (118 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:07 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dave Chiluk, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chiluk <chiluk@canonical.com>
commit b76fc285337b6b256e9ba20a40cfd043f70c27af upstream.
Stable_kernel_rules should point submitters of network stable patches to the
netdev_FAQ.txt as requests for stable network patches should go to netdev
first.
Signed-off-by: Dave Chiluk <chiluk@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
Documentation/stable_kernel_rules.txt | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Documentation/stable_kernel_rules.txt b/Documentation/stable_kernel_rules.txt
index b0714d8..8dfb6a5 100644
--- a/Documentation/stable_kernel_rules.txt
+++ b/Documentation/stable_kernel_rules.txt
@@ -29,6 +29,9 @@ Rules on what kind of patches are accepted, and which ones are not, into the
Procedure for submitting patches to the -stable tree:
+ - If the patch covers files in net/ or drivers/net please follow netdev stable
+ submission guidelines as described in
+ Documentation/networking/netdev-FAQ.txt
- Send the patch, after verifying that it follows the above rules, to
stable@vger.kernel.org. You must note the upstream commit ID in the
changelog of your submission, as well as the kernel version you wish
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 070/187] USB: ehci-pci: USB host controller support for Intel Quark X1000
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (68 preceding siblings ...)
2014-09-15 22:07 ` [PATCH 3.13 069/187] stable_kernel_rules: Add pointer to netdev-FAQ for network patches Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 071/187] debugfs: Fix corrupted loop in debugfs_remove_recursive Kamal Mostafa
` (117 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bryan O'Donoghue, Alvin (Weike) Chen, Greg Kroah-Hartman,
Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Bryan O'Donoghue <bryan.odonoghue@intel.com>
commit 6e693739e9b603b3ca9ce0d4f4178f0633458465 upstream.
The EHCI packet buffer in/out threshold is programmable for Intel Quark X1000
USB host controller, and the default value is 0x20 dwords. The in/out threshold
can be programmed to 0x80 dwords (512 Bytes) to maximize the perfomrance,
but only when isochronous/interrupt transactions are not initiated by the USB
host controller. This patch is to reconfigure the packet buffer in/out
threshold as maximal as possible to maximize the performance, and 0x7F dwords
(508 Bytes) should be used because the USB host controller initiates
isochronous/interrupt transactions.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@intel.com>
Signed-off-by: Alvin (Weike) Chen <alvin.chen@intel.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Reviewed-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/ehci-pci.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c
index 3e86bf4..ca7b964 100644
--- a/drivers/usb/host/ehci-pci.c
+++ b/drivers/usb/host/ehci-pci.c
@@ -35,6 +35,21 @@ static const char hcd_name[] = "ehci-pci";
#define PCI_DEVICE_ID_INTEL_CE4100_USB 0x2e70
/*-------------------------------------------------------------------------*/
+#define PCI_DEVICE_ID_INTEL_QUARK_X1000_SOC 0x0939
+static inline bool is_intel_quark_x1000(struct pci_dev *pdev)
+{
+ return pdev->vendor == PCI_VENDOR_ID_INTEL &&
+ pdev->device == PCI_DEVICE_ID_INTEL_QUARK_X1000_SOC;
+}
+
+/*
+ * 0x84 is the offset of in/out threshold register,
+ * and it is the same offset as the register of 'hostpc'.
+ */
+#define intel_quark_x1000_insnreg01 hostpc
+
+/* Maximum usable threshold value is 0x7f dwords for both IN and OUT */
+#define INTEL_QUARK_X1000_EHCI_MAX_THRESHOLD 0x007f007f
/* called after powerup, by probe or system-pm "wakeup" */
static int ehci_pci_reinit(struct ehci_hcd *ehci, struct pci_dev *pdev)
@@ -50,6 +65,16 @@ static int ehci_pci_reinit(struct ehci_hcd *ehci, struct pci_dev *pdev)
if (!retval)
ehci_dbg(ehci, "MWI active\n");
+ /* Reset the threshold limit */
+ if (is_intel_quark_x1000(pdev)) {
+ /*
+ * For the Intel QUARK X1000, raise the I/O threshold to the
+ * maximum usable value in order to improve performance.
+ */
+ ehci_writel(ehci, INTEL_QUARK_X1000_EHCI_MAX_THRESHOLD,
+ ehci->regs->intel_quark_x1000_insnreg01);
+ }
+
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 071/187] debugfs: Fix corrupted loop in debugfs_remove_recursive
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (69 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 070/187] USB: ehci-pci: USB host controller support for Intel Quark X1000 Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 072/187] selinux: fix the default socket labeling in sock_graft() Kamal Mostafa
` (116 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Steven Rostedt, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt <rostedt@goodmis.org>
commit 485d44022a152c0254dd63445fdb81c4194cbf0e upstream.
[ I'm currently running my tests on it now, and so far, after a few
hours it has yet to blow up. I'll run it for 24 hours which it never
succeeded in the past. ]
The tracing code has a way to make directories within the debugfs file
system as well as deleting them using mkdir/rmdir in the instance
directory. This is very limited in functionality, such as there is
no renames, and the parent directory "instance" can not be modified.
The tracing code creates the instance directory from the debugfs code
and then replaces the dentry->d_inode->i_op with its own to allow
for mkdir/rmdir to work.
When these are called, the d_entry and inode locks need to be released
to call the instance creation and deletion code. That code has its own
accounting and locking to serialize everything to prevent multiple
users from causing harm. As the parent "instance" directory can not
be modified this simplifies things.
I created a stress test that creates several threads that randomly
creates and deletes directories thousands of times a second. The code
stood up to this test and I submitted it a while ago.
Recently I added a new test that adds readers to the mix. While the
instance directories were being added and deleted, readers would read
from these directories and even enable tracing within them. This test
was able to trigger a bug:
general protection fault: 0000 [#1] PREEMPT SMP
Modules linked in: ...
CPU: 3 PID: 17789 Comm: rmdir Tainted: G W 3.15.0-rc2-test+ #41
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS SDBLI944.86P 05/08/2007
task: ffff88003786ca60 ti: ffff880077018000 task.ti: ffff880077018000
RIP: 0010:[<ffffffff811ed5eb>] [<ffffffff811ed5eb>] debugfs_remove_recursive+0x1bd/0x367
RSP: 0018:ffff880077019df8 EFLAGS: 00010246
RAX: 0000000000000002 RBX: ffff88006f0fe490 RCX: 0000000000000000
RDX: dead000000100058 RSI: 0000000000000246 RDI: ffff88003786d454
RBP: ffff88006f0fe640 R08: 0000000000000628 R09: 0000000000000000
R10: 0000000000000628 R11: ffff8800795110a0 R12: ffff88006f0fe640
R13: ffff88006f0fe640 R14: ffffffff81817d0b R15: ffffffff818188b7
FS: 00007ff13ae24700(0000) GS:ffff88007d580000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000003054ec7be0 CR3: 0000000076d51000 CR4: 00000000000007e0
Stack:
ffff88007a41ebe0 dead000000100058 00000000fffffffe ffff88006f0fe640
0000000000000000 ffff88006f0fe678 ffff88007a41ebe0 ffff88003793a000
00000000fffffffe ffffffff810bde82 ffff88006f0fe640 ffff88007a41eb28
Call Trace:
[<ffffffff810bde82>] ? instance_rmdir+0x15b/0x1de
[<ffffffff81132e2d>] ? vfs_rmdir+0x80/0xd3
[<ffffffff81132f51>] ? do_rmdir+0xd1/0x139
[<ffffffff8124ad9e>] ? trace_hardirqs_on_thunk+0x3a/0x3c
[<ffffffff814fea62>] ? system_call_fastpath+0x16/0x1b
Code: fe ff ff 48 8d 75 30 48 89 df e8 c9 fd ff ff 85 c0 75 13 48 c7 c6 b8 cc d2 81 48 c7 c7 b0 cc d2 81 e8 8c 7a f5 ff 48 8b 54 24 08 <48> 8b 82 a8 00 00 00 48 89 d3 48 2d a8 00 00 00 48 89 44 24 08
RIP [<ffffffff811ed5eb>] debugfs_remove_recursive+0x1bd/0x367
RSP <ffff880077019df8>
It took a while, but every time it triggered, it was always in the
same place:
list_for_each_entry_safe(child, next, &parent->d_subdirs, d_u.d_child) {
Where the child->d_u.d_child seemed to be corrupted. I added lots of
trace_printk()s to see what was wrong, and sure enough, it was always
the child's d_u.d_child field. I looked around to see what touches
it and noticed that in __dentry_kill() which calls dentry_free():
static void dentry_free(struct dentry *dentry)
{
/* if dentry was never visible to RCU, immediate free is OK */
if (!(dentry->d_flags & DCACHE_RCUACCESS))
__d_free(&dentry->d_u.d_rcu);
else
call_rcu(&dentry->d_u.d_rcu, __d_free);
}
I also noticed that __dentry_kill() unlinks the child->d_u.child
under the parent->d_lock spin_lock.
Looking back at the loop in debugfs_remove_recursive() it never takes the
parent->d_lock to do the list walk. Adding more tracing, I was able to
prove this was the issue:
ftrace-t-15385 1.... 246662024us : dentry_kill <ffffffff81138b91>: free ffff88006d573600
rmdir-15409 2.... 246662024us : debugfs_remove_recursive <ffffffff811ec7e5>: child=ffff88006d573600 next=dead000000100058
The dentry_kill freed ffff88006d573600 just as the remove recursive was walking
it.
In order to fix this, the list walk needs to be modified a bit to take
the parent->d_lock. The safe version is no longer necessary, as every
time we remove a child, the parent->d_lock must be released and the
list walk must start over. Each time a child is removed, even though it
may still be on the list, it should be skipped by the first check
in the loop:
if (!debugfs_positive(child))
continue;
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/debugfs/inode.c | 33 ++++++++++++++++++++++++++-------
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 9c0444c..1576195 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -533,7 +533,7 @@ EXPORT_SYMBOL_GPL(debugfs_remove);
*/
void debugfs_remove_recursive(struct dentry *dentry)
{
- struct dentry *child, *next, *parent;
+ struct dentry *child, *parent;
if (IS_ERR_OR_NULL(dentry))
return;
@@ -545,30 +545,49 @@ void debugfs_remove_recursive(struct dentry *dentry)
parent = dentry;
down:
mutex_lock(&parent->d_inode->i_mutex);
- list_for_each_entry_safe(child, next, &parent->d_subdirs, d_u.d_child) {
+ loop:
+ /*
+ * The parent->d_subdirs is protected by the d_lock. Outside that
+ * lock, the child can be unlinked and set to be freed which can
+ * use the d_u.d_child as the rcu head and corrupt this list.
+ */
+ spin_lock(&parent->d_lock);
+ list_for_each_entry(child, &parent->d_subdirs, d_u.d_child) {
if (!debugfs_positive(child))
continue;
/* perhaps simple_empty(child) makes more sense */
if (!list_empty(&child->d_subdirs)) {
+ spin_unlock(&parent->d_lock);
mutex_unlock(&parent->d_inode->i_mutex);
parent = child;
goto down;
}
- up:
+
+ spin_unlock(&parent->d_lock);
+
if (!__debugfs_remove(child, parent))
simple_release_fs(&debugfs_mount, &debugfs_mount_count);
+
+ /*
+ * The parent->d_lock protects agaist child from unlinking
+ * from d_subdirs. When releasing the parent->d_lock we can
+ * no longer trust that the next pointer is valid.
+ * Restart the loop. We'll skip this one with the
+ * debugfs_positive() check.
+ */
+ goto loop;
}
+ spin_unlock(&parent->d_lock);
mutex_unlock(&parent->d_inode->i_mutex);
child = parent;
parent = parent->d_parent;
mutex_lock(&parent->d_inode->i_mutex);
- if (child != dentry) {
- next = list_next_entry(child, d_u.d_child);
- goto up;
- }
+ if (child != dentry)
+ /* go up */
+ goto loop;
if (!__debugfs_remove(child, parent))
simple_release_fs(&debugfs_mount, &debugfs_mount_count);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 072/187] selinux: fix the default socket labeling in sock_graft()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (70 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 071/187] debugfs: Fix corrupted loop in debugfs_remove_recursive Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 073/187] x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup() Kamal Mostafa
` (115 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paul Moore, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Moore <pmoore@redhat.com>
commit 4da6daf4d3df5a977e4623963f141a627fd2efce upstream.
The sock_graft() hook has special handling for AF_INET, AF_INET, and
AF_UNIX sockets as those address families have special hooks which
label the sock before it is attached its associated socket.
Unfortunately, the sock_graft() hook was missing a default approach
to labeling sockets which meant that any other address family which
made use of connections or the accept() syscall would find the
returned socket to be in an "unlabeled" state. This was recently
demonstrated by the kcrypto/AF_ALG subsystem and the newly released
cryptsetup package (cryptsetup v1.6.5 and later).
This patch preserves the special handling in selinux_sock_graft(),
but adds a default behavior - setting the sock's label equal to the
associated socket - which resolves the problem with AF_ALG and
presumably any other address family which makes use of accept().
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/security.h | 5 ++++-
security/selinux/hooks.c | 13 +++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 5623a7f..e42af21 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -987,7 +987,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Retrieve the LSM-specific secid for the sock to enable caching of network
* authorizations.
* @sock_graft:
- * Sets the socket's isec sid to the sock's sid.
+ * This hook is called in response to a newly created sock struct being
+ * grafted onto an existing socket and allows the security module to
+ * perform whatever security attribute management is necessary for both
+ * the sock and socket.
* @inet_conn_request:
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
* @inet_csk_clone:
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 019749c..f66143d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4497,9 +4497,18 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
struct sk_security_struct *sksec = sk->sk_security;
- if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
- sk->sk_family == PF_UNIX)
+ switch (sk->sk_family) {
+ case PF_INET:
+ case PF_INET6:
+ case PF_UNIX:
isec->sid = sksec->sid;
+ break;
+ default:
+ /* by default there is no special labeling mechanism for the
+ * sksec label so inherit the label from the parent socket */
+ BUG_ON(sksec->sid != SECINITSID_UNLABELED);
+ sksec->sid = isec->sid;
+ }
sksec->sclass = isec->sclass;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 073/187] x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (71 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 072/187] selinux: fix the default socket labeling in sock_graft() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-16 6:05 ` Bruno Prémont
2014-09-15 22:08 ` [PATCH 3.13 074/187] serial: core: Preserve termios c_cflag for console resume Kamal Mostafa
` (114 subsequent siblings)
187 siblings, 1 reply; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bruno Prémont, Bjorn Helgaas, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Kamal Mostafa <kamal@canonical.com>
commit 20cde694027e7477cc532833e38ab9fcaa83fb64 upstream.
Commit b4aa0163056b ("efifb: Implement vga_default_device() (v2)") added
efifb vga_default_device() so EFI systems that do not load shadow VBIOS or
setup VGA get proper value for boot_vga PCI sysfs attribute on the
corresponding PCI device.
Xorg doesn't detect devices when boot_vga=0, e.g., on some EFI systems such
as MacBookAir2,1. Xorg detects the GPU and finds the DRI device but then
bails out with "no devices detected".
Note: When vga_default_device() is set boot_vga PCI sysfs attribute
reflects its state. When unset this attribute is 1 whenever
IORESOURCE_ROM_SHADOW flag is set.
With introduction of sysfb/simplefb/simpledrm efifb is getting obsolete
while having native drivers for the GPU also makes selecting sysfb/efifb
optional.
Remove the efifb implementation of vga_default_device() and initialize
vgaarb's vga_default_device() with the PCI GPU that matches boot
screen_info in pci_fixup_video().
[bhelgaas: remove unused "dev" in efifb_setup()]
Fixes: b4aa0163056b ("efifb: Implement vga_default_device() (v2)")
Tested-by: Anibal Francisco Martinez Cortina <linuxkid.zeuz@gmail.com>
Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Matthew Garrett <matthew.garrett@nebula.com>
[ kamal: backport to 3.13-stable: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/ia64/pci/fixup.c | 22 ++++++++++++++++++++++
arch/x86/include/asm/vga.h | 6 ------
arch/x86/pci/fixup.c | 21 +++++++++++++++++++++
drivers/video/efifb.c | 39 ---------------------------------------
4 files changed, 43 insertions(+), 45 deletions(-)
diff --git a/arch/ia64/pci/fixup.c b/arch/ia64/pci/fixup.c
index 5dc969d..62fb9ba 100644
--- a/arch/ia64/pci/fixup.c
+++ b/arch/ia64/pci/fixup.c
@@ -5,6 +5,7 @@
#include <linux/pci.h>
#include <linux/init.h>
+#include <linux/screen_info.h>
#include <asm/machvec.h>
@@ -38,6 +39,27 @@ static void pci_fixup_video(struct pci_dev *pdev)
if ((pdev->class >> 8) != PCI_CLASS_DISPLAY_VGA)
return;
+ if (!vga_default_device()) {
+ resource_size_t start, end;
+ int i;
+
+ /* Does firmware framebuffer belong to us? */
+ for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
+ if (!(pci_resource_flags(pdev, i) & IORESOURCE_MEM))
+ continue;
+
+ start = pci_resource_start(pdev, i);
+ end = pci_resource_end(pdev, i);
+
+ if (!start || !end)
+ continue;
+
+ if (screen_info.lfb_base >= start &&
+ (screen_info.lfb_base + screen_info.lfb_size) < end)
+ vga_set_default_device(pdev);
+ }
+ }
+
/* Is VGA routed to us? */
bus = pdev->bus;
while (bus) {
diff --git a/arch/x86/include/asm/vga.h b/arch/x86/include/asm/vga.h
index 44282fb..c4b9dc2 100644
--- a/arch/x86/include/asm/vga.h
+++ b/arch/x86/include/asm/vga.h
@@ -17,10 +17,4 @@
#define vga_readb(x) (*(x))
#define vga_writeb(x, y) (*(y) = (x))
-#ifdef CONFIG_FB_EFI
-#define __ARCH_HAS_VGA_DEFAULT_DEVICE
-extern struct pci_dev *vga_default_device(void);
-extern void vga_set_default_device(struct pci_dev *pdev);
-#endif
-
#endif /* _ASM_X86_VGA_H */
diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
index b046e07..4ee44d4 100644
--- a/arch/x86/pci/fixup.c
+++ b/arch/x86/pci/fixup.c
@@ -325,6 +325,27 @@ static void pci_fixup_video(struct pci_dev *pdev)
struct pci_bus *bus;
u16 config;
+ if (!vga_default_device()) {
+ resource_size_t start, end;
+ int i;
+
+ /* Does firmware framebuffer belong to us? */
+ for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
+ if (!(pci_resource_flags(pdev, i) & IORESOURCE_MEM))
+ continue;
+
+ start = pci_resource_start(pdev, i);
+ end = pci_resource_end(pdev, i);
+
+ if (!start || !end)
+ continue;
+
+ if (screen_info.lfb_base >= start &&
+ (screen_info.lfb_base + screen_info.lfb_size) < end)
+ vga_set_default_device(pdev);
+ }
+ }
+
/* Is VGA routed to us? */
bus = pdev->bus;
while (bus) {
diff --git a/drivers/video/efifb.c b/drivers/video/efifb.c
index cd7c0df..201ab4f 100644
--- a/drivers/video/efifb.c
+++ b/drivers/video/efifb.c
@@ -19,8 +19,6 @@
static bool request_mem_succeeded = false;
-static struct pci_dev *default_vga;
-
static struct fb_var_screeninfo efifb_defined = {
.activate = FB_ACTIVATE_NOW,
.height = -1,
@@ -85,23 +83,10 @@ static struct fb_ops efifb_ops = {
.fb_imageblit = cfb_imageblit,
};
-struct pci_dev *vga_default_device(void)
-{
- return default_vga;
-}
-
-EXPORT_SYMBOL_GPL(vga_default_device);
-
-void vga_set_default_device(struct pci_dev *pdev)
-{
- default_vga = pdev;
-}
-
static int efifb_setup(char *options)
{
char *this_opt;
int i;
- struct pci_dev *dev = NULL;
if (options && *options) {
while ((this_opt = strsep(&options, ",")) != NULL) {
@@ -127,30 +112,6 @@ static int efifb_setup(char *options)
}
}
- for_each_pci_dev(dev) {
- int i;
-
- if ((dev->class >> 8) != PCI_CLASS_DISPLAY_VGA)
- continue;
-
- for (i=0; i < DEVICE_COUNT_RESOURCE; i++) {
- resource_size_t start, end;
-
- if (!(pci_resource_flags(dev, i) & IORESOURCE_MEM))
- continue;
-
- start = pci_resource_start(dev, i);
- end = pci_resource_end(dev, i);
-
- if (!start || !end)
- continue;
-
- if (screen_info.lfb_base >= start &&
- (screen_info.lfb_base + screen_info.lfb_size) < end)
- default_vga = dev;
- }
- }
-
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 074/187] serial: core: Preserve termios c_cflag for console resume
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (72 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 073/187] x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 075/187] mtd/ftl: fix the double free of the buffers allocated in build_maps() Kamal Mostafa
` (113 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Peter Hurley, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Hurley <peter@hurleysoftware.com>
commit ae84db9661cafc63d179e1d985a2c5b841ff0ac4 upstream.
When a tty is opened for the serial console, the termios c_cflag
settings are inherited from the console line settings.
However, if the tty is subsequently closed, the termios settings
are lost. This results in a garbled console if the console is later
suspended and resumed.
Preserve the termios c_cflag for the serial console when the tty
is shutdown; this reflects the most recent line settings.
Fixes: Bugzilla #69751, 'serial console does not wake from S3'
Reported-by: Valerio Vanni <valerio.vanni@inwind.it>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/tty/serial/serial_core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index 0f02351..b5180c1 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -235,6 +235,9 @@ static void uart_shutdown(struct tty_struct *tty, struct uart_state *state)
/*
* Turn off DTR and RTS early.
*/
+ if (uart_console(uport) && tty)
+ uport->cons->cflag = tty->termios.c_cflag;
+
if (!tty || (tty->termios.c_cflag & HUPCL))
uart_clear_mctrl(uport, TIOCM_DTR | TIOCM_RTS);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 075/187] mtd/ftl: fix the double free of the buffers allocated in build_maps()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (73 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 074/187] serial: core: Preserve termios c_cflag for console resume Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 076/187] ext4: Fix block zeroing when punching holes in indirect block files Kamal Mostafa
` (112 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Kevin Hao, Brian Norris, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Kevin Hao <haokexin@gmail.com>
commit a152056c912db82860a8b4c23d0bd3a5aa89e363 upstream.
I got the following panic on my fsl p5020ds board.
Unable to handle kernel paging request for data at address 0x7375627379737465
Faulting instruction address: 0xc000000000100778
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=24 CoreNet Generic
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.15.0-next-20140613 #145
task: c0000000fe080000 ti: c0000000fe088000 task.ti: c0000000fe088000
NIP: c000000000100778 LR: c00000000010073c CTR: 0000000000000000
REGS: c0000000fe08aa00 TRAP: 0300 Not tainted (3.15.0-next-20140613)
MSR: 0000000080029000 <CE,EE,ME> CR: 24ad2e24 XER: 00000000
DEAR: 7375627379737465 ESR: 0000000000000000 SOFTE: 1
GPR00: c0000000000c99b0 c0000000fe08ac80 c0000000009598e0 c0000000fe001d80
GPR04: 00000000000000d0 0000000000000913 c000000007902b20 0000000000000000
GPR08: c0000000feaae888 0000000000000000 0000000007091000 0000000000200200
GPR12: 0000000028ad2e28 c00000000fff4000 c0000000007abe08 0000000000000000
GPR16: c0000000007ab160 c0000000007aaf98 c00000000060ba68 c0000000007abda8
GPR20: c0000000007abde8 c0000000feaea6f8 c0000000feaea708 c0000000007abd10
GPR24: c000000000989370 c0000000008c6228 00000000000041ed c0000000fe00a400
GPR28: c00000000017c1cc 00000000000000d0 7375627379737465 c0000000fe001d80
NIP [c000000000100778] .__kmalloc_track_caller+0x70/0x168
LR [c00000000010073c] .__kmalloc_track_caller+0x34/0x168
Call Trace:
[c0000000fe08ac80] [c00000000087e6b8] uevent_sock_list+0x0/0x10 (unreliable)
[c0000000fe08ad20] [c0000000000c99b0] .kstrdup+0x44/0x90
[c0000000fe08adc0] [c00000000017c1cc] .__kernfs_new_node+0x4c/0x130
[c0000000fe08ae70] [c00000000017d7e4] .kernfs_new_node+0x2c/0x64
[c0000000fe08aef0] [c00000000017db00] .kernfs_create_dir_ns+0x34/0xc8
[c0000000fe08af80] [c00000000018067c] .sysfs_create_dir_ns+0x58/0xcc
[c0000000fe08b010] [c0000000002c711c] .kobject_add_internal+0xc8/0x384
[c0000000fe08b0b0] [c0000000002c7644] .kobject_add+0x64/0xc8
[c0000000fe08b140] [c000000000355ebc] .device_add+0x11c/0x654
[c0000000fe08b200] [c0000000002b5988] .add_disk+0x20c/0x4b4
[c0000000fe08b2c0] [c0000000003a21d4] .add_mtd_blktrans_dev+0x340/0x514
[c0000000fe08b350] [c0000000003a3410] .mtdblock_add_mtd+0x74/0xb4
[c0000000fe08b3e0] [c0000000003a32cc] .blktrans_notify_add+0x64/0x94
[c0000000fe08b470] [c00000000039b5b4] .add_mtd_device+0x1d4/0x368
[c0000000fe08b520] [c00000000039b830] .mtd_device_parse_register+0xe8/0x104
[c0000000fe08b5c0] [c0000000003b8408] .of_flash_probe+0x72c/0x734
[c0000000fe08b750] [c00000000035ba40] .platform_drv_probe+0x38/0x84
[c0000000fe08b7d0] [c0000000003599a4] .really_probe+0xa4/0x29c
[c0000000fe08b870] [c000000000359d3c] .__driver_attach+0x100/0x104
[c0000000fe08b900] [c00000000035746c] .bus_for_each_dev+0x84/0xe4
[c0000000fe08b9a0] [c0000000003593c0] .driver_attach+0x24/0x38
[c0000000fe08ba10] [c000000000358f24] .bus_add_driver+0x1c8/0x2ac
[c0000000fe08bab0] [c00000000035a3a4] .driver_register+0x8c/0x158
[c0000000fe08bb30] [c00000000035b9f4] .__platform_driver_register+0x6c/0x80
[c0000000fe08bba0] [c00000000084e080] .of_flash_driver_init+0x1c/0x30
[c0000000fe08bc10] [c000000000001864] .do_one_initcall+0xbc/0x238
[c0000000fe08bd00] [c00000000082cdc0] .kernel_init_freeable+0x188/0x268
[c0000000fe08bdb0] [c0000000000020a0] .kernel_init+0x1c/0xf7c
[c0000000fe08be30] [c000000000000884] .ret_from_kernel_thread+0x58/0xd4
Instruction dump:
41bd0010 480000c8 4bf04eb5 60000000 e94d0028 e93f0000 7cc95214 e8a60008
7fc9502a 2fbe0000 419e00c8 e93f0022 <7f7e482a> 39200000 88ed06b2 992d06b2
---[ end trace b4c9a94804a42d40 ]---
It seems that the corrupted partition header on my mtd device triggers
a bug in the ftl. In function build_maps() it will allocate the buffers
needed by the mtd partition, but if something goes wrong such as kmalloc
failure, mtd read error or invalid partition header parameter, it will
free all allocated buffers and then return non-zero. In my case, it
seems that partition header parameter 'NumTransferUnits' is invalid.
And the ftl_freepart() is a function which free all the partition
buffers allocated by build_maps(). Given the build_maps() is a self
cleaning function, so there is no need to invoke this function even
if build_maps() return with error. Otherwise it will causes the
buffers to be freed twice and then weird things would happen.
Signed-off-by: Kevin Hao <haokexin@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mtd/ftl.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/mtd/ftl.c b/drivers/mtd/ftl.c
index 19d6372..71e4f6c 100644
--- a/drivers/mtd/ftl.c
+++ b/drivers/mtd/ftl.c
@@ -1075,7 +1075,6 @@ static void ftl_add_mtd(struct mtd_blktrans_ops *tr, struct mtd_info *mtd)
return;
}
- ftl_freepart(partition);
kfree(partition);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 076/187] ext4: Fix block zeroing when punching holes in indirect block files
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (74 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 075/187] mtd/ftl: fix the double free of the buffers allocated in build_maps() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 077/187] ext4: fix punch hole on files with indirect mapping Kamal Mostafa
` (111 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jan Kara, Theodore Ts'o, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 77ea2a4ba657a1ad4fb7c64bc5cdce84b8a132b6 upstream.
free_holes_block() passed local variable as a block pointer
to ext4_clear_blocks(). Thus ext4_clear_blocks() zeroed out this local
variable instead of proper place in inode / indirect block. We later
zero out proper place in inode / indirect block but don't dirty the
inode / buffer again which can lead to subtle issues (some changes e.g.
to inode can be lost).
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext4/indirect.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c
index e6574d7..c30cbe2 100644
--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -1345,8 +1345,8 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode,
if (level == 0 ||
(bh && all_zeroes((__le32 *)bh->b_data,
(__le32 *)bh->b_data + addr_per_block))) {
- ext4_free_data(handle, inode, parent_bh, &blk, &blk+1);
- *i_data = 0;
+ ext4_free_data(handle, inode, parent_bh,
+ i_data, i_data + 1);
}
brelse(bh);
bh = NULL;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 077/187] ext4: fix punch hole on files with indirect mapping
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (75 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 076/187] ext4: Fix block zeroing when punching holes in indirect block files Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 078/187] x86: don't exclude low BIOS area when allocating address space for non-PCI cards Kamal Mostafa
` (110 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Lukas Czerner, Theodore Ts'o, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Czerner <lczerner@redhat.com>
commit 4f579ae7de560e5f449587a6c3f02594d53d4d51 upstream.
Currently punch hole code on files with direct/indirect mapping has some
problems which may lead to a data loss. For example (from Jan Kara):
fallocate -n -p 10240000 4096
will punch the range 10240000 - 12632064 instead of the range 1024000 -
10244096.
Also the code is a bit weird and it's not using infrastructure provided
by indirect.c, but rather creating it's own way.
This patch fixes the issues as well as making the operation to run 4
times faster from my testing (punching out 60GB file). It uses similar
approach used in ext4_ind_truncate() which takes advantage of
ext4_free_branches() function.
Also rename the ext4_free_hole_blocks() to something more sensible, like
the equivalent we have for extent mapped files. Call it
ext4_ind_remove_space().
This has been tested mostly with fsx and some xfstests which are testing
punch hole but does not require unwritten extents which are not
supported with direct/indirect mapping. Not problems showed up even with
1024k block size.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext4/ext4.h | 4 +-
fs/ext4/indirect.c | 281 ++++++++++++++++++++++++++++++++++++++---------------
fs/ext4/inode.c | 2 +-
3 files changed, 205 insertions(+), 82 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 62f024c..e531054 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -2151,8 +2151,8 @@ extern ssize_t ext4_ind_direct_IO(int rw, struct kiocb *iocb,
extern int ext4_ind_calc_metadata_amount(struct inode *inode, sector_t lblock);
extern int ext4_ind_trans_blocks(struct inode *inode, int nrblocks);
extern void ext4_ind_truncate(handle_t *, struct inode *inode);
-extern int ext4_free_hole_blocks(handle_t *handle, struct inode *inode,
- ext4_lblk_t first, ext4_lblk_t stop);
+extern int ext4_ind_remove_space(handle_t *handle, struct inode *inode,
+ ext4_lblk_t start, ext4_lblk_t end);
/* ioctl.c */
extern long ext4_ioctl(struct file *, unsigned int, unsigned long);
diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c
index c30cbe2..4353522 100644
--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -1297,97 +1297,220 @@ do_indirects:
}
}
-static int free_hole_blocks(handle_t *handle, struct inode *inode,
- struct buffer_head *parent_bh, __le32 *i_data,
- int level, ext4_lblk_t first,
- ext4_lblk_t count, int max)
+/**
+ * ext4_ind_remove_space - remove space from the range
+ * @handle: JBD handle for this transaction
+ * @inode: inode we are dealing with
+ * @start: First block to remove
+ * @end: One block after the last block to remove (exclusive)
+ *
+ * Free the blocks in the defined range (end is exclusive endpoint of
+ * range). This is used by ext4_punch_hole().
+ */
+int ext4_ind_remove_space(handle_t *handle, struct inode *inode,
+ ext4_lblk_t start, ext4_lblk_t end)
{
- struct buffer_head *bh = NULL;
+ struct ext4_inode_info *ei = EXT4_I(inode);
+ __le32 *i_data = ei->i_data;
int addr_per_block = EXT4_ADDR_PER_BLOCK(inode->i_sb);
- int ret = 0;
- int i, inc;
- ext4_lblk_t offset;
- __le32 blk;
-
- inc = 1 << ((EXT4_BLOCK_SIZE_BITS(inode->i_sb) - 2) * level);
- for (i = 0, offset = 0; i < max; i++, i_data++, offset += inc) {
- if (offset >= count + first)
- break;
- if (*i_data == 0 || (offset + inc) <= first)
- continue;
- blk = *i_data;
- if (level > 0) {
- ext4_lblk_t first2;
- ext4_lblk_t count2;
+ ext4_lblk_t offsets[4], offsets2[4];
+ Indirect chain[4], chain2[4];
+ Indirect *partial, *partial2;
+ ext4_lblk_t max_block;
+ __le32 nr = 0, nr2 = 0;
+ int n = 0, n2 = 0;
+ unsigned blocksize = inode->i_sb->s_blocksize;
- bh = sb_bread(inode->i_sb, le32_to_cpu(blk));
- if (!bh) {
- EXT4_ERROR_INODE_BLOCK(inode, le32_to_cpu(blk),
- "Read failure");
- return -EIO;
- }
- if (first > offset) {
- first2 = first - offset;
- count2 = count;
+ max_block = (EXT4_SB(inode->i_sb)->s_bitmap_maxbytes + blocksize-1)
+ >> EXT4_BLOCK_SIZE_BITS(inode->i_sb);
+ if (end >= max_block)
+ end = max_block;
+ if ((start >= end) || (start > max_block))
+ return 0;
+
+ n = ext4_block_to_path(inode, start, offsets, NULL);
+ n2 = ext4_block_to_path(inode, end, offsets2, NULL);
+
+ BUG_ON(n > n2);
+
+ if ((n == 1) && (n == n2)) {
+ /* We're punching only within direct block range */
+ ext4_free_data(handle, inode, NULL, i_data + offsets[0],
+ i_data + offsets2[0]);
+ return 0;
+ } else if (n2 > n) {
+ /*
+ * Start and end are on a different levels so we're going to
+ * free partial block at start, and partial block at end of
+ * the range. If there are some levels in between then
+ * do_indirects label will take care of that.
+ */
+
+ if (n == 1) {
+ /*
+ * Start is at the direct block level, free
+ * everything to the end of the level.
+ */
+ ext4_free_data(handle, inode, NULL, i_data + offsets[0],
+ i_data + EXT4_NDIR_BLOCKS);
+ goto end_range;
+ }
+
+
+ partial = ext4_find_shared(inode, n, offsets, chain, &nr);
+ if (nr) {
+ if (partial == chain) {
+ /* Shared branch grows from the inode */
+ ext4_free_branches(handle, inode, NULL,
+ &nr, &nr+1, (chain+n-1) - partial);
+ *partial->p = 0;
} else {
- first2 = 0;
- count2 = count - (offset - first);
+ /* Shared branch grows from an indirect block */
+ BUFFER_TRACE(partial->bh, "get_write_access");
+ ext4_free_branches(handle, inode, partial->bh,
+ partial->p,
+ partial->p+1, (chain+n-1) - partial);
}
- ret = free_hole_blocks(handle, inode, bh,
- (__le32 *)bh->b_data, level - 1,
- first2, count2,
- inode->i_sb->s_blocksize >> 2);
- if (ret) {
- brelse(bh);
- goto err;
+ }
+
+ /*
+ * Clear the ends of indirect blocks on the shared branch
+ * at the start of the range
+ */
+ while (partial > chain) {
+ ext4_free_branches(handle, inode, partial->bh,
+ partial->p + 1,
+ (__le32 *)partial->bh->b_data+addr_per_block,
+ (chain+n-1) - partial);
+ BUFFER_TRACE(partial->bh, "call brelse");
+ brelse(partial->bh);
+ partial--;
+ }
+
+end_range:
+ partial2 = ext4_find_shared(inode, n2, offsets2, chain2, &nr2);
+ if (nr2) {
+ if (partial2 == chain2) {
+ /*
+ * Remember, end is exclusive so here we're at
+ * the start of the next level we're not going
+ * to free. Everything was covered by the start
+ * of the range.
+ */
+ return 0;
+ } else {
+ /* Shared branch grows from an indirect block */
+ partial2--;
}
+ } else {
+ /*
+ * ext4_find_shared returns Indirect structure which
+ * points to the last element which should not be
+ * removed by truncate. But this is end of the range
+ * in punch_hole so we need to point to the next element
+ */
+ partial2->p++;
}
- if (level == 0 ||
- (bh && all_zeroes((__le32 *)bh->b_data,
- (__le32 *)bh->b_data + addr_per_block))) {
- ext4_free_data(handle, inode, parent_bh,
- i_data, i_data + 1);
+
+ /*
+ * Clear the ends of indirect blocks on the shared branch
+ * at the end of the range
+ */
+ while (partial2 > chain2) {
+ ext4_free_branches(handle, inode, partial2->bh,
+ (__le32 *)partial2->bh->b_data,
+ partial2->p,
+ (chain2+n2-1) - partial2);
+ BUFFER_TRACE(partial2->bh, "call brelse");
+ brelse(partial2->bh);
+ partial2--;
}
- brelse(bh);
- bh = NULL;
+ goto do_indirects;
}
-err:
- return ret;
-}
-
-int ext4_free_hole_blocks(handle_t *handle, struct inode *inode,
- ext4_lblk_t first, ext4_lblk_t stop)
-{
- int addr_per_block = EXT4_ADDR_PER_BLOCK(inode->i_sb);
- int level, ret = 0;
- int num = EXT4_NDIR_BLOCKS;
- ext4_lblk_t count, max = EXT4_NDIR_BLOCKS;
- __le32 *i_data = EXT4_I(inode)->i_data;
-
- count = stop - first;
- for (level = 0; level < 4; level++, max *= addr_per_block) {
- if (first < max) {
- ret = free_hole_blocks(handle, inode, NULL, i_data,
- level, first, count, num);
- if (ret)
- goto err;
- if (count > max - first)
- count -= max - first;
- else
- break;
- first = 0;
- } else {
- first -= max;
+ /* Punch happened within the same level (n == n2) */
+ partial = ext4_find_shared(inode, n, offsets, chain, &nr);
+ partial2 = ext4_find_shared(inode, n2, offsets2, chain2, &nr2);
+ /*
+ * ext4_find_shared returns Indirect structure which
+ * points to the last element which should not be
+ * removed by truncate. But this is end of the range
+ * in punch_hole so we need to point to the next element
+ */
+ partial2->p++;
+ while ((partial > chain) || (partial2 > chain2)) {
+ /* We're at the same block, so we're almost finished */
+ if ((partial->bh && partial2->bh) &&
+ (partial->bh->b_blocknr == partial2->bh->b_blocknr)) {
+ if ((partial > chain) && (partial2 > chain2)) {
+ ext4_free_branches(handle, inode, partial->bh,
+ partial->p + 1,
+ partial2->p,
+ (chain+n-1) - partial);
+ BUFFER_TRACE(partial->bh, "call brelse");
+ brelse(partial->bh);
+ BUFFER_TRACE(partial2->bh, "call brelse");
+ brelse(partial2->bh);
+ }
+ return 0;
}
- i_data += num;
- if (level == 0) {
- num = 1;
- max = 1;
+ /*
+ * Clear the ends of indirect blocks on the shared branch
+ * at the start of the range
+ */
+ if (partial > chain) {
+ ext4_free_branches(handle, inode, partial->bh,
+ partial->p + 1,
+ (__le32 *)partial->bh->b_data+addr_per_block,
+ (chain+n-1) - partial);
+ BUFFER_TRACE(partial->bh, "call brelse");
+ brelse(partial->bh);
+ partial--;
+ }
+ /*
+ * Clear the ends of indirect blocks on the shared branch
+ * at the end of the range
+ */
+ if (partial2 > chain2) {
+ ext4_free_branches(handle, inode, partial2->bh,
+ (__le32 *)partial2->bh->b_data,
+ partial2->p,
+ (chain2+n-1) - partial2);
+ BUFFER_TRACE(partial2->bh, "call brelse");
+ brelse(partial2->bh);
+ partial2--;
}
}
-err:
- return ret;
+do_indirects:
+ /* Kill the remaining (whole) subtrees */
+ switch (offsets[0]) {
+ default:
+ if (++n >= n2)
+ return 0;
+ nr = i_data[EXT4_IND_BLOCK];
+ if (nr) {
+ ext4_free_branches(handle, inode, NULL, &nr, &nr+1, 1);
+ i_data[EXT4_IND_BLOCK] = 0;
+ }
+ case EXT4_IND_BLOCK:
+ if (++n >= n2)
+ return 0;
+ nr = i_data[EXT4_DIND_BLOCK];
+ if (nr) {
+ ext4_free_branches(handle, inode, NULL, &nr, &nr+1, 2);
+ i_data[EXT4_DIND_BLOCK] = 0;
+ }
+ case EXT4_DIND_BLOCK:
+ if (++n >= n2)
+ return 0;
+ nr = i_data[EXT4_TIND_BLOCK];
+ if (nr) {
+ ext4_free_branches(handle, inode, NULL, &nr, &nr+1, 3);
+ i_data[EXT4_TIND_BLOCK] = 0;
+ }
+ case EXT4_TIND_BLOCK:
+ ;
+ }
+ return 0;
}
-
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 0fc189b..23e8c80 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3629,7 +3629,7 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
ret = ext4_ext_remove_space(inode, first_block,
stop_block - 1);
else
- ret = ext4_free_hole_blocks(handle, inode, first_block,
+ ret = ext4_ind_remove_space(handle, inode, first_block,
stop_block);
ext4_discard_preallocations(inode);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 078/187] x86: don't exclude low BIOS area when allocating address space for non-PCI cards
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (76 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 077/187] ext4: fix punch hole on files with indirect mapping Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 079/187] PCI: Configure ASPM when enabling device Kamal Mostafa
` (109 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christoph Schulz, Bjorn Helgaas, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Schulz <develop@kristov.de>
commit cbace46a9710a480cae51e4611697df5de41713e upstream.
Commit 30919b0bf356 ("x86: avoid low BIOS area when allocating address
space") moved the test for resource allocations that fall within the first
1MB of address space from the PCI-specific path to a generic path, such
that all resource allocations will avoid this area. However, this breaks
ISA cards which need to allocate a memory region within the first 1MB. An
example is the i82365 PCMCIA controller and derivatives like the Ricoh
RF5C296/396 which map part of the PCMCIA socket memory address space into
the first 1MB of system memory address space. They do not work anymore as
no usable memory region exists due to this change:
Intel ISA PCIC probe: Ricoh RF5C296/396 ISA-to-PCMCIA at port 0x3e0 ofs 0x00, 2 sockets
host opts [0]: none
host opts [1]: none
ISA irqs (scanned) = 3,4,5,9,10 status change on irq 10
pcmcia_socket pcmcia_socket1: pccard: PCMCIA card inserted into slot 1
pcmcia_socket pcmcia_socket0: cs: IO port probe 0xc00-0xcff: excluding 0xcf8-0xcff
pcmcia_socket pcmcia_socket0: cs: IO port probe 0xa00-0xaff: clean.
pcmcia_socket pcmcia_socket0: cs: IO port probe 0x100-0x3ff: excluding 0x170-0x177 0x1f0-0x1f7 0x2f8-0x2ff 0x370-0x37f 0x3c0-0x3e7 0x3f0-0x3ff
pcmcia_socket pcmcia_socket0: cs: memory probe 0x0a0000-0x0affff: excluding 0xa0000-0xaffff
pcmcia_socket pcmcia_socket0: cs: memory probe 0x0b0000-0x0bffff: excluding 0xb0000-0xbffff
pcmcia_socket pcmcia_socket0: cs: memory probe 0x0c0000-0x0cffff: excluding 0xc0000-0xcbfff
pcmcia_socket pcmcia_socket0: cs: memory probe 0x0d0000-0x0dffff: clean.
pcmcia_socket pcmcia_socket0: cs: memory probe 0x0e0000-0x0effff: clean.
pcmcia_socket pcmcia_socket0: cs: memory probe 0x60000000-0x60ffffff: clean.
pcmcia_socket pcmcia_socket0: cs: memory probe 0xa0000000-0xa0ffffff: clean.
pcmcia_socket pcmcia_socket1: cs: IO port probe 0xc00-0xcff: excluding 0xcf8-0xcff
pcmcia_socket pcmcia_socket1: cs: IO port probe 0xa00-0xaff: clean.
pcmcia_socket pcmcia_socket1: cs: IO port probe 0x100-0x3ff: excluding 0x170-0x177 0x1f0-0x1f7 0x2f8-0x2ff 0x370-0x37f 0x3c0-0x3e7 0x3f0-0x3ff
pcmcia_socket pcmcia_socket1: cs: memory probe 0x0a0000-0x0affff: excluding 0xa0000-0xaffff
pcmcia_socket pcmcia_socket1: cs: memory probe 0x0b0000-0x0bffff: excluding 0xb0000-0xbffff
pcmcia_socket pcmcia_socket1: cs: memory probe 0x0c0000-0x0cffff: excluding 0xc0000-0xcbfff
pcmcia_socket pcmcia_socket1: cs: memory probe 0x0d0000-0x0dffff: clean.
pcmcia_socket pcmcia_socket1: cs: memory probe 0x0e0000-0x0effff: clean.
pcmcia_socket pcmcia_socket1: cs: memory probe 0x60000000-0x60ffffff: clean.
pcmcia_socket pcmcia_socket1: cs: memory probe 0xa0000000-0xa0ffffff: clean.
pcmcia_socket pcmcia_socket1: cs: memory probe 0x0cc000-0x0effff: excluding 0xe0000-0xeffff
pcmcia_socket pcmcia_socket1: cs: unable to map card memory!
If filtering out the first 1MB is reverted, everything works as expected.
Tested-by: Robert Resch <fli4l@robert.reschpara.de>
Signed-off-by: Christoph Schulz <develop@kristov.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kernel/resource.c | 8 +++++---
arch/x86/pci/i386.c | 4 ++++
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/resource.c b/arch/x86/kernel/resource.c
index 2a26819..80eab01 100644
--- a/arch/x86/kernel/resource.c
+++ b/arch/x86/kernel/resource.c
@@ -37,10 +37,12 @@ static void remove_e820_regions(struct resource *avail)
void arch_remove_reservations(struct resource *avail)
{
- /* Trim out BIOS areas (low 1MB and high 2MB) and E820 regions */
+ /*
+ * Trim out BIOS area (high 2MB) and E820 regions. We do not remove
+ * the low 1MB unconditionally, as this area is needed for some ISA
+ * cards requiring a memory range, e.g. the i82365 PCMCIA controller.
+ */
if (avail->flags & IORESOURCE_MEM) {
- if (avail->start < BIOS_END)
- avail->start = BIOS_END;
resource_clip(avail, BIOS_ROM_BASE, BIOS_ROM_END);
remove_e820_regions(avail);
diff --git a/arch/x86/pci/i386.c b/arch/x86/pci/i386.c
index db6b1ab..96a159a 100644
--- a/arch/x86/pci/i386.c
+++ b/arch/x86/pci/i386.c
@@ -162,6 +162,10 @@ pcibios_align_resource(void *data, const struct resource *res,
return start;
if (start & 0x300)
start = (start + 0x3ff) & ~0x3ff;
+ } else if (res->flags & IORESOURCE_MEM) {
+ /* The low 1MB range is reserved for ISA cards */
+ if (start < BIOS_END)
+ start = BIOS_END;
}
return start;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 079/187] PCI: Configure ASPM when enabling device
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (77 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 078/187] x86: don't exclude low BIOS area when allocating address space for non-PCI cards Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 080/187] Bluetooth: never linger on process exit Kamal Mostafa
` (108 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Vidya Sagar, Bjorn Helgaas, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vidya Sagar <sagar.tv@gmail.com>
commit 1f6ae47ecff7f23da73417e068018b311f3b5583 upstream.
We can't do ASPM configuration at enumeration-time because enabling it
makes some defective hardware unresponsive, even if ASPM is disabled later
(see 41cd766b0659 ("PCI: Don't enable aspm before drivers have had a chance
to veto it"). Therefore, we have to do it after a driver claims the
device.
We previously configured ASPM in pci_set_power_state(), but that's not a
very good place because it's not really related to setting the PCI device
power state, and doing it there means:
- We incorrectly skipped ASPM config when setting a device that's
already in D0 to D0.
- We unnecessarily configured ASPM when setting a device to a low-power
state (the ASPM feature only applies when the device is in D0).
- We unnecessarily configured ASPM when called from a .resume() method
(ASPM configuration needs to be restored during resume, but
pci_restore_pcie_state() should already do this).
Move ASPM configuration from pci_set_power_state() to
do_pci_enable_device() so we do it when a driver enables a device.
[bhelgaas: changelog]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=79621
Fixes: db288c9c5f9d ("PCI / PM: restore the original behavior of pci_set_power_state()")
Suggested-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Vidya Sagar <sagar.tv@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/pci/pci.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 1a8a4fd..49ca284 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -782,12 +782,6 @@ int pci_set_power_state(struct pci_dev *dev, pci_power_t state)
if (!__pci_complete_power_transition(dev, state))
error = 0;
- /*
- * When aspm_policy is "powersave" this call ensures
- * that ASPM is configured.
- */
- if (!error && dev->bus->self)
- pcie_aspm_powersave_config_link(dev->bus->self);
return error;
}
@@ -1120,12 +1114,18 @@ EXPORT_SYMBOL_GPL(pci_load_and_free_saved_state);
static int do_pci_enable_device(struct pci_dev *dev, int bars)
{
int err;
+ struct pci_dev *bridge;
u16 cmd;
u8 pin;
err = pci_set_power_state(dev, PCI_D0);
if (err < 0 && err != -EIO)
return err;
+
+ bridge = pci_upstream_bridge(dev);
+ if (bridge)
+ pcie_aspm_powersave_config_link(bridge);
+
err = pcibios_enable_device(dev, bars);
if (err < 0)
return err;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 080/187] Bluetooth: never linger on process exit
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (78 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 079/187] PCI: Configure ASPM when enabling device Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 081/187] ASoC: blackfin: use samples to set silence Kamal Mostafa
` (107 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Vladimir Davydov, Marcel Holtmann, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vladimir Davydov <vdavydov@parallels.com>
commit 093facf3634da1b0c2cc7ed106f1983da901bbab upstream.
If the current process is exiting, lingering on socket close will make
it unkillable, so we should avoid it.
Reproducer:
#include <sys/types.h>
#include <sys/socket.h>
#define BTPROTO_L2CAP 0
#define BTPROTO_SCO 2
#define BTPROTO_RFCOMM 3
int main()
{
int fd;
struct linger ling;
fd = socket(PF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM);
//or: fd = socket(PF_BLUETOOTH, SOCK_DGRAM, BTPROTO_L2CAP);
//or: fd = socket(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_SCO);
ling.l_onoff = 1;
ling.l_linger = 1000000000;
setsockopt(fd, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling));
return 0;
}
Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/bluetooth/l2cap_sock.c | 3 ++-
net/bluetooth/rfcomm/sock.c | 3 ++-
net/bluetooth/sco.c | 6 ++++--
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index c9e0915..eaa5ad5 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -978,7 +978,8 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
l2cap_chan_close(chan, 0);
lock_sock(sk);
- if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
+ if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
+ !(current->flags & PF_EXITING))
err = bt_sock_wait_state(sk, BT_CLOSED,
sk->sk_lingertime);
}
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 3c2d3e4..a0050de 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -898,7 +898,8 @@ static int rfcomm_sock_shutdown(struct socket *sock, int how)
sk->sk_shutdown = SHUTDOWN_MASK;
__rfcomm_sock_close(sk);
- if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
+ if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
+ !(current->flags & PF_EXITING))
err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
}
release_sock(sk);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 24fa396..316dd4e 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -909,7 +909,8 @@ static int sco_sock_shutdown(struct socket *sock, int how)
sco_sock_clear_timer(sk);
__sco_sock_close(sk);
- if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
+ if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
+ !(current->flags & PF_EXITING))
err = bt_sock_wait_state(sk, BT_CLOSED,
sk->sk_lingertime);
}
@@ -929,7 +930,8 @@ static int sco_sock_release(struct socket *sock)
sco_sock_close(sk);
- if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) {
+ if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
+ !(current->flags & PF_EXITING)) {
lock_sock(sk);
err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
release_sock(sk);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 081/187] ASoC: blackfin: use samples to set silence
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (79 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 080/187] Bluetooth: never linger on process exit Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 082/187] USB: OHCI: fix bugs in debug routines Kamal Mostafa
` (106 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Scott Jiang, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Scott Jiang <scott.jiang.linux@gmail.com>
commit 30443408fd7201fd1911b09daccf92fae3cc700d upstream.
The third parameter for snd_pcm_format_set_silence needs the number
of samples instead of sample bytes.
Signed-off-by: Scott Jiang <scott.jiang.linux@gmail.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/soc/blackfin/bf5xx-i2s-pcm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/sound/soc/blackfin/bf5xx-i2s-pcm.c b/sound/soc/blackfin/bf5xx-i2s-pcm.c
index 2a5b434..8cbcbf0 100644
--- a/sound/soc/blackfin/bf5xx-i2s-pcm.c
+++ b/sound/soc/blackfin/bf5xx-i2s-pcm.c
@@ -293,19 +293,19 @@ static int bf5xx_pcm_silence(struct snd_pcm_substream *substream,
unsigned int sample_size = runtime->sample_bits / 8;
void *buf = runtime->dma_area;
struct bf5xx_i2s_pcm_data *dma_data;
- unsigned int offset, size;
+ unsigned int offset, samples;
dma_data = snd_soc_dai_get_dma_data(rtd->cpu_dai, substream);
if (dma_data->tdm_mode) {
offset = pos * 8 * sample_size;
- size = count * 8 * sample_size;
+ samples = count * 8;
} else {
offset = frames_to_bytes(runtime, pos);
- size = frames_to_bytes(runtime, count);
+ samples = count * runtime->channels;
}
- snd_pcm_format_set_silence(runtime->format, buf + offset, size);
+ snd_pcm_format_set_silence(runtime->format, buf + offset, samples);
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 082/187] USB: OHCI: fix bugs in debug routines
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (80 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 081/187] ASoC: blackfin: use samples to set silence Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 083/187] USB: OHCI: don't lose track of EDs when a controller dies Kamal Mostafa
` (105 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alan Stern, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 256dbcd80f1ccf8abf421c1d72ba79a4e29941dd upstream.
The debug routine fill_async_buffer() in ohci-hcd is buggy: It never
produces any output because it forgets to initialize the output buffer
size. Also, the debug routine ohci_dump() has an unused argument.
This patch adds the correct initialization and removes the unused
argument.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/ohci-dbg.c | 9 +++++----
drivers/usb/host/ohci-hcd.c | 10 +++++-----
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/usb/host/ohci-dbg.c b/drivers/usb/host/ohci-dbg.c
index 3fca52e..39e404e 100644
--- a/drivers/usb/host/ohci-dbg.c
+++ b/drivers/usb/host/ohci-dbg.c
@@ -289,7 +289,7 @@ ohci_dump_roothub (
}
}
-static void ohci_dump (struct ohci_hcd *controller, int verbose)
+static void ohci_dump(struct ohci_hcd *controller)
{
ohci_dbg (controller, "OHCI controller state\n");
@@ -531,15 +531,16 @@ show_list (struct ohci_hcd *ohci, char *buf, size_t count, struct ed *ed)
static ssize_t fill_async_buffer(struct debug_buffer *buf)
{
struct ohci_hcd *ohci;
- size_t temp;
+ size_t temp, size;
unsigned long flags;
ohci = buf->ohci;
+ size = PAGE_SIZE;
/* display control and bulk lists together, for simplicity */
spin_lock_irqsave (&ohci->lock, flags);
- temp = show_list(ohci, buf->page, buf->count, ohci->ed_controltail);
- temp += show_list(ohci, buf->page + temp, buf->count - temp,
+ temp = show_list(ohci, buf->page, size, ohci->ed_controltail);
+ temp += show_list(ohci, buf->page + temp, size - temp,
ohci->ed_bulktail);
spin_unlock_irqrestore (&ohci->lock, flags);
diff --git a/drivers/usb/host/ohci-hcd.c b/drivers/usb/host/ohci-hcd.c
index 8ada13f..b32fd8b 100644
--- a/drivers/usb/host/ohci-hcd.c
+++ b/drivers/usb/host/ohci-hcd.c
@@ -78,8 +78,8 @@ static const char hcd_name [] = "ohci_hcd";
#include "ohci.h"
#include "pci-quirks.h"
-static void ohci_dump (struct ohci_hcd *ohci, int verbose);
-static void ohci_stop (struct usb_hcd *hcd);
+static void ohci_dump(struct ohci_hcd *ohci);
+static void ohci_stop(struct usb_hcd *hcd);
#include "ohci-hub.c"
#include "ohci-dbg.c"
@@ -754,7 +754,7 @@ retry:
ohci->ed_to_check = NULL;
}
- ohci_dump (ohci, 1);
+ ohci_dump(ohci);
return 0;
}
@@ -835,7 +835,7 @@ static irqreturn_t ohci_irq (struct usb_hcd *hcd)
usb_hc_died(hcd);
}
- ohci_dump (ohci, 1);
+ ohci_dump(ohci);
ohci_usb_reset (ohci);
}
@@ -935,7 +935,7 @@ static void ohci_stop (struct usb_hcd *hcd)
{
struct ohci_hcd *ohci = hcd_to_ohci (hcd);
- ohci_dump (ohci, 1);
+ ohci_dump(ohci);
if (quirk_nec(ohci))
flush_work(&ohci->nec_work);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 083/187] USB: OHCI: don't lose track of EDs when a controller dies
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (81 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 082/187] USB: OHCI: fix bugs in debug routines Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 084/187] mei: start disconnect request timer consistently Kamal Mostafa
` (104 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alan Stern, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 977dcfdc60311e7aa571cabf6f39c36dde13339e upstream.
This patch fixes a bug in ohci-hcd. When an URB is unlinked, the
corresponding Endpoint Descriptor is added to the ed_rm_list and taken
off the hardware schedule. Once the ED is no longer visible to the
hardware, finish_unlinks() handles the URBs that were unlinked or have
completed. If any URBs remain attached to the ED, the ED is added
back to the hardware schedule -- but only if the controller is
running.
This fails when a controller dies. A non-empty ED does not get added
back to the hardware schedule and does not remain on the ed_rm_list;
ohci-hcd loses track of it. The remaining URBs cannot be unlinked,
which causes the USB stack to hang.
The patch changes finish_unlinks() so that non-empty EDs remain on
the ed_rm_list if the controller isn't running. This requires moving
some of the existing code around, to avoid modifying the ED's hardware
fields more than once.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/host/ohci-q.c | 46 +++++++++++++++++++++++++++++-----------------
1 file changed, 29 insertions(+), 17 deletions(-)
diff --git a/drivers/usb/host/ohci-q.c b/drivers/usb/host/ohci-q.c
index e7f577e..4e9f6a4 100644
--- a/drivers/usb/host/ohci-q.c
+++ b/drivers/usb/host/ohci-q.c
@@ -315,8 +315,7 @@ static void periodic_unlink (struct ohci_hcd *ohci, struct ed *ed)
* - ED_OPER: when there's any request queued, the ED gets rescheduled
* immediately. HC should be working on them.
*
- * - ED_IDLE: when there's no TD queue. there's no reason for the HC
- * to care about this ED; safe to disable the endpoint.
+ * - ED_IDLE: when there's no TD queue or the HC isn't running.
*
* When finish_unlinks() runs later, after SOF interrupt, it will often
* complete one or more URB unlinks before making that state change.
@@ -930,6 +929,10 @@ rescan_all:
int completed, modified;
__hc32 *prev;
+ /* Is this ED already invisible to the hardware? */
+ if (ed->state == ED_IDLE)
+ goto ed_idle;
+
/* only take off EDs that the HC isn't using, accounting for
* frame counter wraps and EDs with partially retired TDs
*/
@@ -959,12 +962,20 @@ skip_ed:
}
}
+ /* ED's now officially unlinked, hc doesn't see */
+ ed->state = ED_IDLE;
+ if (quirk_zfmicro(ohci) && ed->type == PIPE_INTERRUPT)
+ ohci->eds_scheduled--;
+ ed->hwHeadP &= ~cpu_to_hc32(ohci, ED_H);
+ ed->hwNextED = 0;
+ wmb();
+ ed->hwINFO &= ~cpu_to_hc32(ohci, ED_SKIP | ED_DEQUEUE);
+ed_idle:
+
/* reentrancy: if we drop the schedule lock, someone might
* have modified this list. normally it's just prepending
* entries (which we'd ignore), but paranoia won't hurt.
*/
- *last = ed->ed_next;
- ed->ed_next = NULL;
modified = 0;
/* unlink urbs as requested, but rescan the list after
@@ -1022,19 +1033,20 @@ rescan_this:
if (completed && !list_empty (&ed->td_list))
goto rescan_this;
- /* ED's now officially unlinked, hc doesn't see */
- ed->state = ED_IDLE;
- if (quirk_zfmicro(ohci) && ed->type == PIPE_INTERRUPT)
- ohci->eds_scheduled--;
- ed->hwHeadP &= ~cpu_to_hc32(ohci, ED_H);
- ed->hwNextED = 0;
- wmb ();
- ed->hwINFO &= ~cpu_to_hc32 (ohci, ED_SKIP | ED_DEQUEUE);
-
- /* but if there's work queued, reschedule */
- if (!list_empty (&ed->td_list)) {
- if (ohci->rh_state == OHCI_RH_RUNNING)
- ed_schedule (ohci, ed);
+ /*
+ * If no TDs are queued, take ED off the ed_rm_list.
+ * Otherwise, if the HC is running, reschedule.
+ * If not, leave it on the list for further dequeues.
+ */
+ if (list_empty(&ed->td_list)) {
+ *last = ed->ed_next;
+ ed->ed_next = NULL;
+ } else if (ohci->rh_state == OHCI_RH_RUNNING) {
+ *last = ed->ed_next;
+ ed->ed_next = NULL;
+ ed_schedule(ohci, ed);
+ } else {
+ last = &ed->ed_next;
}
if (modified)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 084/187] mei: start disconnect request timer consistently
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (82 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 083/187] USB: OHCI: don't lose track of EDs when a controller dies Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 085/187] mei: fix return value on disconnect timeout Kamal Mostafa
` (103 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alexander Usyskin, Tomas Winkler, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Usyskin <alexander.usyskin@intel.com>
commit 22b987a325701223f9a37db700c6eb20b9924c6f upstream.
Link must be reset in case the fw doesn't
respond to client disconnect request.
We did charge the timer only in irq path
from mei_cl_irq_close and not in mei_cl_disconnect
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/misc/mei/client.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c
index 714a998..54122db 100644
--- a/drivers/misc/mei/client.c
+++ b/drivers/misc/mei/client.c
@@ -460,6 +460,7 @@ int mei_cl_disconnect(struct mei_cl *cl)
cl_err(dev, cl, "failed to disconnect.\n");
goto free;
}
+ cl->timer_count = MEI_CONNECT_TIMEOUT;
mdelay(10); /* Wait for hardware disconnection ready */
list_add_tail(&cb->list, &dev->ctrl_rd_list.list);
} else {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 085/187] mei: fix return value on disconnect timeout
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (83 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 084/187] mei: start disconnect request timer consistently Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 086/187] USB: Fix persist resume of some SS USB devices Kamal Mostafa
` (102 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alexander Usyskin, Tomas Winkler, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Usyskin <alexander.usyskin@intel.com>
commit fe2f17eb3da38ac0d5a00c511255bf3a33d16d24 upstream.
wait_event_timeout can return 0 or the remaining jiffies
so return -ETIME if disconnected state not reached.
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/misc/mei/client.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c
index 54122db..0a91a23 100644
--- a/drivers/misc/mei/client.c
+++ b/drivers/misc/mei/client.c
@@ -436,7 +436,7 @@ int mei_cl_disconnect(struct mei_cl *cl)
{
struct mei_device *dev;
struct mei_cl_cb *cb;
- int rets, err;
+ int rets;
if (WARN_ON(!cl || !cl->dev))
return -ENODEV;
@@ -470,24 +470,18 @@ int mei_cl_disconnect(struct mei_cl *cl)
}
mutex_unlock(&dev->device_lock);
- err = wait_event_timeout(dev->wait_recvd_msg,
+ wait_event_timeout(dev->wait_recvd_msg,
MEI_FILE_DISCONNECTED == cl->state,
mei_secs_to_jiffies(MEI_CL_CONNECT_TIMEOUT));
mutex_lock(&dev->device_lock);
+
if (MEI_FILE_DISCONNECTED == cl->state) {
rets = 0;
cl_dbg(dev, cl, "successfully disconnected from FW client.\n");
} else {
- rets = -ENODEV;
- if (MEI_FILE_DISCONNECTED != cl->state)
- cl_err(dev, cl, "wrong status client disconnect.\n");
-
- if (err)
- cl_dbg(dev, cl, "wait failed disconnect err=%08x\n",
- err);
-
- cl_err(dev, cl, "failed to disconnect from FW client.\n");
+ cl_dbg(dev, cl, "timeout on disconnect from FW client.\n");
+ rets = -ETIME;
}
mei_io_list_flush(&dev->ctrl_rd_list, cl);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 086/187] USB: Fix persist resume of some SS USB devices
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (84 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 085/187] mei: fix return value on disconnect timeout Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 087/187] [media] media-device: Remove duplicated memset() in media_enum_entities() Kamal Mostafa
` (101 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Pratyush Anand, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Pratyush Anand <pratyush.anand@st.com>
commit a40178b2fa6ad87670fb1e5fa4024db00c149629 upstream.
Problem Summary: Problem has been observed generally with PM states
where VBUS goes off during suspend. There are some SS USB devices which
take longer time for link training compared to many others. Such
devices fail to reconnect with same old address which was associated
with it before suspend.
When system resumes, at some point of time (dpm_run_callback->
usb_dev_resume->usb_resume->usb_resume_both->usb_resume_device->
usb_port_resume) SW reads hub status. If device is present,
then it finishes port resume and re-enumerates device with same
address. If device is not present then, SW thinks that device was
removed during suspend and therefore does logical disconnection
and removes all the resource allocated for this device.
Now, if I put sufficient delay just before root hub status read in
usb_resume_device then, SW sees always that device is present. In normal
course(without any delay) SW sees that no device is present and then SW
removes all resource associated with the device at this port. In the
latter case, after sometime, device says that hey I am here, now host
enumerates it, but with new address.
Problem had been reproduced when I connect verbatim USB3.0 hard disc
with my STiH407 XHCI host running with 3.10 kernel.
I see that similar problem has been reported here.
https://bugzilla.kernel.org/show_bug.cgi?id=53211
Reading above it seems that bug was not in 3.6.6 and was present in 3.8
and again it was not present for some in 3.12.6, while it was present
for few others. I tested with 3.13-FC19 running at i686 desktop, problem
was still there. However, I was failed to reproduce it with 3.16-RC4
running at same i686 machine. I would say it is just a random
observation. Problem for few devices is always there, as I am unable to
find a proper fix for the issue.
So, now question is what should be the amount of delay so that host is
always able to recognize suspended device after resume.
XHCI specs 4.19.4 says that when Link training is successful, port sets
CSC bit to 1. So if SW reads port status before successful link
training, then it will not find device to be present. USB Analyzer log
with such buggy devices show that in some cases device switch on the
RX termination after long delay of host enabling the VBUS. In few other
cases it has been seen that device fails to negotiate link training in
first attempt. It has been reported till now that few devices take as
long as 2000 ms to train the link after host enabling its VBUS and
RX termination. This patch implements a 2000 ms timeout for CSC bit to set
ie for link training. If in a case link trains before timeout, loop will
exit earlier.
This patch implements above delay, but only for SS device and when
persist is enabled.
So, for the good device overhead is almost none. While for the bad
devices penalty could be the time which it take for link training.
But, If a device was connected before suspend, and was removed
while system was asleep, then the penalty would be the timeout ie
2000 ms.
Results:
Verbatim USB SS hard disk connected with STiH407 USB host running 3.10
Kernel resumes in 461 msecs without this patch, but hard disk is
assigned a new device address. Same system resumes in 790 msecs with
this patch, but with old device address.
Signed-off-by: Pratyush Anand <pratyush.anand@st.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/core/hub.c | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 2de2f27..9d30359 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -3165,6 +3165,43 @@ static int finish_port_resume(struct usb_device *udev)
}
/*
+ * There are some SS USB devices which take longer time for link training.
+ * XHCI specs 4.19.4 says that when Link training is successful, port
+ * sets CSC bit to 1. So if SW reads port status before successful link
+ * training, then it will not find device to be present.
+ * USB Analyzer log with such buggy devices show that in some cases
+ * device switch on the RX termination after long delay of host enabling
+ * the VBUS. In few other cases it has been seen that device fails to
+ * negotiate link training in first attempt. It has been
+ * reported till now that few devices take as long as 2000 ms to train
+ * the link after host enabling its VBUS and termination. Following
+ * routine implements a 2000 ms timeout for link training. If in a case
+ * link trains before timeout, loop will exit earlier.
+ *
+ * FIXME: If a device was connected before suspend, but was removed
+ * while system was asleep, then the loop in the following routine will
+ * only exit at timeout.
+ *
+ * This routine should only be called when persist is enabled for a SS
+ * device.
+ */
+static int wait_for_ss_port_enable(struct usb_device *udev,
+ struct usb_hub *hub, int *port1,
+ u16 *portchange, u16 *portstatus)
+{
+ int status = 0, delay_ms = 0;
+
+ while (delay_ms < 2000) {
+ if (status || *portstatus & USB_PORT_STAT_CONNECTION)
+ break;
+ msleep(20);
+ delay_ms += 20;
+ status = hub_port_status(hub, *port1, portstatus, portchange);
+ }
+ return status;
+}
+
+/*
* usb_port_resume - re-activate a suspended usb device's upstream port
* @udev: device to re-activate, not a root hub
* Context: must be able to sleep; device not locked; pm locks held
@@ -3266,6 +3303,10 @@ int usb_port_resume(struct usb_device *udev, pm_message_t msg)
clear_bit(port1, hub->busy_bits);
+ if (udev->persist_enabled && hub_is_superspeed(hub->hdev))
+ status = wait_for_ss_port_enable(udev, hub, &port1, &portchange,
+ &portstatus);
+
status = check_port_resume_type(udev,
hub, port1, status, portchange, portstatus);
if (status == 0)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 087/187] [media] media-device: Remove duplicated memset() in media_enum_entities()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (85 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 086/187] USB: Fix persist resume of some SS USB devices Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 088/187] Bluetooth: Avoid use of session socket after the session gets freed Kamal Mostafa
` (100 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Salva Peiró, Laurent Pinchart, Mauro Carvalho Chehab, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speiro@ai2.upv.es>
commit f8ca6ac00d2ba24c5557f08f81439cd3432f0802 upstream.
After the zeroing the whole struct struct media_entity_desc u_ent,
it is no longer necessary to memset(0) its u_ent.name field.
Signed-off-by: Salva Peiró <speiro@ai2.upv.es>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/media-device.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
index 703560f..88c1606 100644
--- a/drivers/media/media-device.c
+++ b/drivers/media/media-device.c
@@ -106,8 +106,6 @@ static long media_device_enum_entities(struct media_device *mdev,
if (ent->name) {
strncpy(u_ent.name, ent->name, sizeof(u_ent.name));
u_ent.name[sizeof(u_ent.name) - 1] = '\0';
- } else {
- memset(u_ent.name, 0, sizeof(u_ent.name));
}
u_ent.type = ent->type;
u_ent.revision = ent->revision;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 088/187] Bluetooth: Avoid use of session socket after the session gets freed
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (86 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 087/187] [media] media-device: Remove duplicated memset() in media_enum_entities() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 089/187] [media] xc5000: Fix get_frequency() Kamal Mostafa
` (99 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Vignesh Raman, Vitaly Kuzmichev, Marcel Holtmann, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Vignesh Raman <Vignesh_Raman@mentor.com>
commit 32333edb82fb2009980eefc5518100068147ab82 upstream.
The commits 08c30aca9e698faddebd34f81e1196295f9dc063 "Bluetooth: Remove
RFCOMM session refcnt" and 8ff52f7d04d9cc31f1e81dcf9a2ba6335ed34905
"Bluetooth: Return RFCOMM session ptrs to avoid freed session"
allow rfcomm_recv_ua and rfcomm_session_close to delete the session
(and free the corresponding socket) and propagate NULL session pointer
to the upper callers.
Additional fix is required to terminate the loop in rfcomm_process_rx
function to avoid use of freed 'sk' memory.
The issue is only reproducible with kernel option CONFIG_PAGE_POISONING
enabled making freed memory being changed and filled up with fixed char
value used to unmask use-after-free issues.
Signed-off-by: Vignesh Raman <Vignesh_Raman@mentor.com>
Signed-off-by: Vitaly Kuzmichev <Vitaly_Kuzmichev@mentor.com>
Acked-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/bluetooth/rfcomm/core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index facd8a7..b088651 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1859,10 +1859,13 @@ static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
/* Get data directly from socket receive queue without copying it. */
while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
skb_orphan(skb);
- if (!skb_linearize(skb))
+ if (!skb_linearize(skb)) {
s = rfcomm_recv_frame(s, skb);
- else
+ if (!s)
+ break;
+ } else {
kfree_skb(skb);
+ }
}
if (s && (sk->sk_state == BT_CLOSED))
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 089/187] [media] xc5000: Fix get_frequency()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (87 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 088/187] Bluetooth: Avoid use of session socket after the session gets freed Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 090/187] [media] xc4000: " Kamal Mostafa
` (98 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Mauro Carvalho Chehab, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <m.chehab@samsung.com>
commit a3eec916cbc17dc1aaa3ddf120836cd5200eb4ef upstream.
The programmed frequency on xc5000 is not the middle
frequency, but the initial frequency on the bandwidth range.
However, the DVB API works with the middle frequency.
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/tuners/xc5000.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/media/tuners/xc5000.c b/drivers/media/tuners/xc5000.c
index 5cd09a6..b2d9e9c 100644
--- a/drivers/media/tuners/xc5000.c
+++ b/drivers/media/tuners/xc5000.c
@@ -55,7 +55,7 @@ struct xc5000_priv {
u32 if_khz;
u16 xtal_khz;
- u32 freq_hz;
+ u32 freq_hz, freq_offset;
u32 bandwidth;
u8 video_standard;
u8 rf_mode;
@@ -755,13 +755,13 @@ static int xc5000_set_params(struct dvb_frontend *fe)
case SYS_ATSC:
dprintk(1, "%s() VSB modulation\n", __func__);
priv->rf_mode = XC_RF_MODE_AIR;
- priv->freq_hz = freq - 1750000;
+ priv->freq_offset = 1750000;
priv->video_standard = DTV6;
break;
case SYS_DVBC_ANNEX_B:
dprintk(1, "%s() QAM modulation\n", __func__);
priv->rf_mode = XC_RF_MODE_CABLE;
- priv->freq_hz = freq - 1750000;
+ priv->freq_offset = 1750000;
priv->video_standard = DTV6;
break;
case SYS_ISDBT:
@@ -776,15 +776,15 @@ static int xc5000_set_params(struct dvb_frontend *fe)
switch (bw) {
case 6000000:
priv->video_standard = DTV6;
- priv->freq_hz = freq - 1750000;
+ priv->freq_offset = 1750000;
break;
case 7000000:
priv->video_standard = DTV7;
- priv->freq_hz = freq - 2250000;
+ priv->freq_offset = 2250000;
break;
case 8000000:
priv->video_standard = DTV8;
- priv->freq_hz = freq - 2750000;
+ priv->freq_offset = 2750000;
break;
default:
printk(KERN_ERR "xc5000 bandwidth not set!\n");
@@ -798,15 +798,15 @@ static int xc5000_set_params(struct dvb_frontend *fe)
priv->rf_mode = XC_RF_MODE_CABLE;
if (bw <= 6000000) {
priv->video_standard = DTV6;
- priv->freq_hz = freq - 1750000;
+ priv->freq_offset = 1750000;
b = 6;
} else if (bw <= 7000000) {
priv->video_standard = DTV7;
- priv->freq_hz = freq - 2250000;
+ priv->freq_offset = 2250000;
b = 7;
} else {
priv->video_standard = DTV7_8;
- priv->freq_hz = freq - 2750000;
+ priv->freq_offset = 2750000;
b = 8;
}
dprintk(1, "%s() Bandwidth %dMHz (%d)\n", __func__,
@@ -817,6 +817,8 @@ static int xc5000_set_params(struct dvb_frontend *fe)
return -EINVAL;
}
+ priv->freq_hz = freq - priv->freq_offset;
+
dprintk(1, "%s() frequency=%d (compensated to %d)\n",
__func__, freq, priv->freq_hz);
@@ -1067,7 +1069,7 @@ static int xc5000_get_frequency(struct dvb_frontend *fe, u32 *freq)
{
struct xc5000_priv *priv = fe->tuner_priv;
dprintk(1, "%s()\n", __func__);
- *freq = priv->freq_hz;
+ *freq = priv->freq_hz + priv->freq_offset;
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 090/187] [media] xc4000: Fix get_frequency()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (88 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 089/187] [media] xc5000: Fix get_frequency() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 091/187] CAPABILITIES: remove undefined caps from all processes Kamal Mostafa
` (97 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Mauro Carvalho Chehab, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mauro Carvalho Chehab <m.chehab@samsung.com>
commit 4c07e32884ab69574cfd9eb4de3334233c938071 upstream.
The programmed frequency on xc4000 is not the middle
frequency, but the initial frequency on the bandwidth range.
However, the DVB API works with the middle frequency.
This works fine on set_frontend, as the device calculates
the needed offset. However, at get_frequency(), the returned
value is the initial frequency. That's generally not a big
problem on most drivers, however, starting with changeset
6fe1099c7aec, the frequency drift is taken into account at
dib7000p driver.
This broke support for PCTV 340e, with uses dib7000p demod and
xc4000 tuner.
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/media/tuners/xc4000.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/media/tuners/xc4000.c b/drivers/media/tuners/xc4000.c
index 2018bef..e71decb 100644
--- a/drivers/media/tuners/xc4000.c
+++ b/drivers/media/tuners/xc4000.c
@@ -93,7 +93,7 @@ struct xc4000_priv {
struct firmware_description *firm;
int firm_size;
u32 if_khz;
- u32 freq_hz;
+ u32 freq_hz, freq_offset;
u32 bandwidth;
u8 video_standard;
u8 rf_mode;
@@ -1157,14 +1157,14 @@ static int xc4000_set_params(struct dvb_frontend *fe)
case SYS_ATSC:
dprintk(1, "%s() VSB modulation\n", __func__);
priv->rf_mode = XC_RF_MODE_AIR;
- priv->freq_hz = c->frequency - 1750000;
+ priv->freq_offset = 1750000;
priv->video_standard = XC4000_DTV6;
type = DTV6;
break;
case SYS_DVBC_ANNEX_B:
dprintk(1, "%s() QAM modulation\n", __func__);
priv->rf_mode = XC_RF_MODE_CABLE;
- priv->freq_hz = c->frequency - 1750000;
+ priv->freq_offset = 1750000;
priv->video_standard = XC4000_DTV6;
type = DTV6;
break;
@@ -1173,23 +1173,23 @@ static int xc4000_set_params(struct dvb_frontend *fe)
dprintk(1, "%s() OFDM\n", __func__);
if (bw == 0) {
if (c->frequency < 400000000) {
- priv->freq_hz = c->frequency - 2250000;
+ priv->freq_offset = 2250000;
} else {
- priv->freq_hz = c->frequency - 2750000;
+ priv->freq_offset = 2750000;
}
priv->video_standard = XC4000_DTV7_8;
type = DTV78;
} else if (bw <= 6000000) {
priv->video_standard = XC4000_DTV6;
- priv->freq_hz = c->frequency - 1750000;
+ priv->freq_offset = 1750000;
type = DTV6;
} else if (bw <= 7000000) {
priv->video_standard = XC4000_DTV7;
- priv->freq_hz = c->frequency - 2250000;
+ priv->freq_offset = 2250000;
type = DTV7;
} else {
priv->video_standard = XC4000_DTV8;
- priv->freq_hz = c->frequency - 2750000;
+ priv->freq_offset = 2750000;
type = DTV8;
}
priv->rf_mode = XC_RF_MODE_AIR;
@@ -1200,6 +1200,8 @@ static int xc4000_set_params(struct dvb_frontend *fe)
goto fail;
}
+ priv->freq_hz = c->frequency - priv->freq_offset;
+
dprintk(1, "%s() frequency=%d (compensated)\n",
__func__, priv->freq_hz);
@@ -1520,7 +1522,7 @@ static int xc4000_get_frequency(struct dvb_frontend *fe, u32 *freq)
{
struct xc4000_priv *priv = fe->tuner_priv;
- *freq = priv->freq_hz;
+ *freq = priv->freq_hz + priv->freq_offset;
if (debug) {
mutex_lock(&priv->lock);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 091/187] CAPABILITIES: remove undefined caps from all processes
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (89 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 090/187] [media] xc4000: " Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 092/187] scsi: add a blacklist flag which enables VPD page inquiries Kamal Mostafa
` (96 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Eric Paris, Andrew Vagin, Andrew G. Morgan, Serge E. Hallyn,
Kees Cook, Steve Grubb, Dan Walsh, James Morris, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Paris <eparis@redhat.com>
commit 7d8b6c63751cfbbe5eef81a48c22978b3407a3ad upstream.
This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744
plus fixing it a different way...
We found, when trying to run an application from an application which
had dropped privs that the kernel does security checks on undefined
capability bits. This was ESPECIALLY difficult to debug as those
undefined bits are hidden from /proc/$PID/status.
Consider a root application which drops all capabilities from ALL 4
capability sets. We assume, since the application is going to set
eff/perm/inh from an array that it will clear not only the defined caps
less than CAP_LAST_CAP, but also the higher 28ish bits which are
undefined future capabilities.
The BSET gets cleared differently. Instead it is cleared one bit at a
time. The problem here is that in security/commoncap.c::cap_task_prctl()
we actually check the validity of a capability being read. So any task
which attempts to 'read all things set in bset' followed by 'unset all
things set in bset' will not even attempt to unset the undefined bits
higher than CAP_LAST_CAP.
So the 'parent' will look something like:
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffc000000000
All of this 'should' be fine. Given that these are undefined bits that
aren't supposed to have anything to do with permissions. But they do...
So lets now consider a task which cleared the eff/perm/inh completely
and cleared all of the valid caps in the bset (but not the invalid caps
it couldn't read out of the kernel). We know that this is exactly what
the libcap-ng library does and what the go capabilities library does.
They both leave you in that above situation if you try to clear all of
you capapabilities from all 4 sets. If that root task calls execve()
the child task will pick up all caps not blocked by the bset. The bset
however does not block bits higher than CAP_LAST_CAP. So now the child
task has bits in eff which are not in the parent. These are
'meaningless' undefined bits, but still bits which the parent doesn't
have.
The problem is now in cred_cap_issubset() (or any operation which does a
subset test) as the child, while a subset for valid cap bits, is not a
subset for invalid cap bits! So now we set durring commit creds that
the child is not dumpable. Given it is 'more priv' than its parent. It
also means the parent cannot ptrace the child and other stupidity.
The solution here:
1) stop hiding capability bits in status
This makes debugging easier!
2) stop giving any task undefined capability bits. it's simple, it you
don't put those invalid bits in CAP_FULL_SET you won't get them in init
and you won't get them in any other task either.
This fixes the cap_issubset() tests and resulting fallout (which
made the init task in a docker container untraceable among other
things)
3) mask out undefined bits when sys_capset() is called as it might use
~0, ~0 to denote 'all capabilities' for backward/forward compatibility.
This lets 'capsh --caps="all=eip" -- -c /bin/bash' run.
4) mask out undefined bit when we read a file capability off of disk as
again likely all bits are set in the xattr for forward/backward
compatibility.
This lets 'setcap all+pe /bin/bash; /bin/bash' run
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Vagin <avagin@openvz.org>
Cc: Andrew G. Morgan <morgan@kernel.org>
Cc: Serge E. Hallyn <serge.hallyn@canonical.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Steve Grubb <sgrubb@redhat.com>
Cc: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/proc/array.c | 11 +----------
include/linux/capability.h | 5 ++++-
kernel/audit.c | 2 +-
kernel/capability.c | 4 ++++
security/commoncap.c | 3 +++
5 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 1bd2077..fafb03d 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -306,15 +306,11 @@ static void render_cap_t(struct seq_file *m, const char *header,
seq_puts(m, header);
CAP_FOR_EACH_U32(__capi) {
seq_printf(m, "%08x",
- a->cap[(_KERNEL_CAPABILITY_U32S-1) - __capi]);
+ a->cap[CAP_LAST_U32 - __capi]);
}
seq_putc(m, '\n');
}
-/* Remove non-existent capabilities */
-#define NORM_CAPS(v) (v.cap[CAP_TO_INDEX(CAP_LAST_CAP)] &= \
- CAP_TO_MASK(CAP_LAST_CAP + 1) - 1)
-
static inline void task_cap(struct seq_file *m, struct task_struct *p)
{
const struct cred *cred;
@@ -328,11 +324,6 @@ static inline void task_cap(struct seq_file *m, struct task_struct *p)
cap_bset = cred->cap_bset;
rcu_read_unlock();
- NORM_CAPS(cap_inheritable);
- NORM_CAPS(cap_permitted);
- NORM_CAPS(cap_effective);
- NORM_CAPS(cap_bset);
-
render_cap_t(m, "CapInh:\t", &cap_inheritable);
render_cap_t(m, "CapPrm:\t", &cap_permitted);
render_cap_t(m, "CapEff:\t", &cap_effective);
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 84b13ad..aa93e5e 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -78,8 +78,11 @@ extern const kernel_cap_t __cap_init_eff_set;
# error Fix up hand-coded capability macro initializers
#else /* HAND-CODED capability initializers */
+#define CAP_LAST_U32 ((_KERNEL_CAPABILITY_U32S) - 1)
+#define CAP_LAST_U32_VALID_MASK (CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
+
# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
-# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
+# define CAP_FULL_SET ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})
# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
| CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
CAP_FS_MASK_B1 } })
diff --git a/kernel/audit.c b/kernel/audit.c
index b64b367..013d900 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1516,7 +1516,7 @@ void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
audit_log_format(ab, " %s=", prefix);
CAP_FOR_EACH_U32(i) {
audit_log_format(ab, "%08x",
- cap->cap[(_KERNEL_CAPABILITY_U32S-1) - i]);
+ cap->cap[CAP_LAST_U32 - i]);
}
}
diff --git a/kernel/capability.c b/kernel/capability.c
index 788653b..50fb74b 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -268,6 +268,10 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
i++;
}
+ effective.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+ permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+ inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+
new = prepare_creds();
if (!new)
return -ENOMEM;
diff --git a/security/commoncap.c b/security/commoncap.c
index b9d613e..963dc59 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -421,6 +421,9 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
cpu_caps->inheritable.cap[i] = le32_to_cpu(caps.data[i].inheritable);
}
+ cpu_caps->permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+ cpu_caps->inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 092/187] scsi: add a blacklist flag which enables VPD page inquiries
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (90 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 091/187] CAPABILITIES: remove undefined caps from all processes Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 093/187] bfa: Fix undefined bit shift on big-endian architectures with 32-bit DMA address Kamal Mostafa
` (95 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Martin K. Petersen, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Martin K. Petersen" <martin.petersen@oracle.com>
commit c1d40a527e885a40bb9ea6c46a1b1145d42b66a0 upstream.
Despite supporting modern SCSI features some storage devices continue to
claim conformance to an older version of the SPC spec. This is done for
compatibility with legacy operating systems.
Linux by default will not attempt to read VPD pages on devices that
claim SPC-2 or older. Introduce a blacklist flag that can be used to
trigger VPD page inquiries on devices that are known to support them.
Reported-by: KY Srinivasan <kys@microsoft.com>
Tested-by: KY Srinivasan <kys@microsoft.com>
Reviewed-by: KY Srinivasan <kys@microsoft.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/scsi_scan.c | 4 +++-
drivers/scsi/sd.c | 5 +++++
include/scsi/scsi_device.h | 1 +
include/scsi/scsi_devinfo.h | 1 +
4 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c
index 307a811..08e6151 100644
--- a/drivers/scsi/scsi_scan.c
+++ b/drivers/scsi/scsi_scan.c
@@ -926,7 +926,9 @@ static int scsi_add_lun(struct scsi_device *sdev, unsigned char *inq_result,
sdev->eh_timeout = SCSI_DEFAULT_EH_TIMEOUT;
- if (*bflags & BLIST_SKIP_VPD_PAGES)
+ if (*bflags & BLIST_TRY_VPD_PAGES)
+ sdev->try_vpd_pages = 1;
+ else if (*bflags & BLIST_SKIP_VPD_PAGES)
sdev->skip_vpd_pages = 1;
transport_configure_device(&sdev->sdev_gendev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 8ee2f56..2735c50 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2691,6 +2691,11 @@ static void sd_read_write_same(struct scsi_disk *sdkp, unsigned char *buffer)
static int sd_try_extended_inquiry(struct scsi_device *sdp)
{
+ /* Attempt VPD inquiry if the device blacklist explicitly calls
+ * for it.
+ */
+ if (sdp->try_vpd_pages)
+ return 1;
/*
* Although VPD inquiries can go to SCSI-2 type devices,
* some USB ones crash on receiving them, and the pages
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
index 8e6b70f..9695cf5 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
@@ -149,6 +149,7 @@ struct scsi_device {
unsigned skip_ms_page_8:1; /* do not use MODE SENSE page 0x08 */
unsigned skip_ms_page_3f:1; /* do not use MODE SENSE page 0x3f */
unsigned skip_vpd_pages:1; /* do not read VPD pages */
+ unsigned try_vpd_pages:1; /* attempt to read VPD pages */
unsigned use_192_bytes_for_3f:1; /* ask for 192 bytes from page 0x3f */
unsigned no_start_on_add:1; /* do not issue start on add */
unsigned allow_restart:1; /* issue START_UNIT in error handler */
diff --git a/include/scsi/scsi_devinfo.h b/include/scsi/scsi_devinfo.h
index 447d2d7..913c624 100644
--- a/include/scsi/scsi_devinfo.h
+++ b/include/scsi/scsi_devinfo.h
@@ -32,4 +32,5 @@
#define BLIST_ATTACH_PQ3 0x1000000 /* Scan: Attach to PQ3 devices */
#define BLIST_NO_DIF 0x2000000 /* Disable T10 PI (DIF) */
#define BLIST_SKIP_VPD_PAGES 0x4000000 /* Ignore SBC-3 VPD pages */
+#define BLIST_TRY_VPD_PAGES 0x10000000 /* Attempt to read VPD pages */
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 093/187] bfa: Fix undefined bit shift on big-endian architectures with 32-bit DMA address
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (91 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 092/187] scsi: add a blacklist flag which enables VPD page inquiries Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 094/187] hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl Kamal Mostafa
` (94 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ben Hutchings, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 03a6c3ff3282ee9fa893089304d951e0be93a144 upstream.
bfa_swap_words() shifts its argument (assumed to be 64-bit) by 32 bits
each way. In two places the argument type is dma_addr_t, which may be
32-bit, in which case the effect of the bit shift is undefined:
drivers/scsi/bfa/bfa_fcpim.c: In function 'bfa_ioim_send_ioreq':
drivers/scsi/bfa/bfa_fcpim.c:2497:4: warning: left shift count >= width of type [enabled by default]
addr = bfa_sgaddr_le(sg_dma_address(sg));
^
drivers/scsi/bfa/bfa_fcpim.c:2497:4: warning: right shift count >= width of type [enabled by default]
drivers/scsi/bfa/bfa_fcpim.c:2509:4: warning: left shift count >= width of type [enabled by default]
addr = bfa_sgaddr_le(sg_dma_address(sg));
^
drivers/scsi/bfa/bfa_fcpim.c:2509:4: warning: right shift count >= width of type [enabled by default]
Avoid this by adding casts to u64 in bfa_swap_words().
Compile-tested only.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Anil Gurumurthy <anil.gurumurthy@qlogic.com>
Fixes: f16a17507b09 ('[SCSI] bfa: remove all OS wrappers')
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/bfa/bfa_ioc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h
index 90814fe..d5b3f66 100644
--- a/drivers/scsi/bfa/bfa_ioc.h
+++ b/drivers/scsi/bfa/bfa_ioc.h
@@ -72,7 +72,7 @@ struct bfa_sge_s {
} while (0)
#define bfa_swap_words(_x) ( \
- ((_x) << 32) | ((_x) >> 32))
+ ((u64)(_x) << 32) | ((u64)(_x) >> 32))
#ifdef __BIG_ENDIAN
#define bfa_sge_to_be(_x)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 094/187] hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (92 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 093/187] bfa: Fix undefined bit shift on big-endian architectures with 32-bit DMA address Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 095/187] Drivers: scsi: storvsc: Change the limits to reflect the values on the host Kamal Mostafa
` (93 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Stephen M. Cameron, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Stephen M. Cameron" <scameron@beardog.cce.hp.com>
commit 0758f4f732b08b6ef07f2e5f735655cf69fea477 upstream.
When copy_from_user fails, return -EFAULT, not -ENOMEM
Signed-off-by: Stephen M. Cameron <scameron@beardog.cce.hp.com>
Reported-by: Robert Elliott <elliott@hp.com>
Reviewed-by: Joe Handzik <joseph.t.handzik@hp.com>
Reviewed-by: Scott Teel <scott.teel@hp.com>
Reviewed by: Mike MIller <michael.miller@canonical.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/hpsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index ad034ab..d518bba 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -3151,7 +3151,7 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
}
if (ioc->Request.Type.Direction == XFER_WRITE) {
if (copy_from_user(buff[sg_used], data_ptr, sz)) {
- status = -ENOMEM;
+ status = -EFAULT;
goto cleanup1;
}
} else
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 095/187] Drivers: scsi: storvsc: Change the limits to reflect the values on the host
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (93 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 094/187] hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 096/187] Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host Kamal Mostafa
` (92 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit 4cd83ecdac20d30725b4f96e5d7814a1e290bc7e upstream.
Hyper-V hosts can support multiple targets and multiple channels and larger number of
LUNs per target. Update the code to reflect this. With this patch we can correctly
enumerate all the paths in a multi-path storage environment.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 47 ++++++++++++++++++++++++++++++----------------
1 file changed, 31 insertions(+), 16 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 9969fa1..8938b13 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -330,17 +330,17 @@ static int storvsc_timeout = 180;
static void storvsc_on_channel_callback(void *context);
-/*
- * In Hyper-V, each port/path/target maps to 1 scsi host adapter. In
- * reality, the path/target is not used (ie always set to 0) so our
- * scsi host adapter essentially has 1 bus with 1 target that contains
- * up to 256 luns.
- */
-#define STORVSC_MAX_LUNS_PER_TARGET 64
-#define STORVSC_MAX_TARGETS 1
-#define STORVSC_MAX_CHANNELS 1
+#define STORVSC_MAX_LUNS_PER_TARGET 255
+#define STORVSC_MAX_TARGETS 2
+#define STORVSC_MAX_CHANNELS 8
+#define STORVSC_FC_MAX_LUNS_PER_TARGET 255
+#define STORVSC_FC_MAX_TARGETS 128
+#define STORVSC_FC_MAX_CHANNELS 8
+#define STORVSC_IDE_MAX_LUNS_PER_TARGET 64
+#define STORVSC_IDE_MAX_TARGETS 1
+#define STORVSC_IDE_MAX_CHANNELS 1
struct storvsc_cmd_request {
struct list_head entry;
@@ -1691,7 +1691,6 @@ static struct scsi_host_template scsi_driver = {
.slave_destroy = storvsc_device_destroy,
.slave_configure = storvsc_device_configure,
.cmd_per_lun = 1,
- /* 64 max_queue * 1 target */
.can_queue = STORVSC_MAX_IO_REQUESTS*STORVSC_MAX_TARGETS,
.this_id = -1,
/* no use setting to 0 since ll_blk_rw reset it to 1 */
@@ -1756,6 +1755,9 @@ static int storvsc_probe(struct hv_device *device,
}
+ if (dev_id->driver_data == SFC_GUID)
+ scsi_driver.can_queue = (STORVSC_MAX_IO_REQUESTS *
+ STORVSC_FC_MAX_TARGETS);
host = scsi_host_alloc(&scsi_driver,
sizeof(struct hv_host_device));
if (!host)
@@ -1789,12 +1791,25 @@ static int storvsc_probe(struct hv_device *device,
host_dev->path = stor_device->path_id;
host_dev->target = stor_device->target_id;
- /* max # of devices per target */
- host->max_lun = STORVSC_MAX_LUNS_PER_TARGET;
- /* max # of targets per channel */
- host->max_id = STORVSC_MAX_TARGETS;
- /* max # of channels */
- host->max_channel = STORVSC_MAX_CHANNELS - 1;
+ switch (dev_id->driver_data) {
+ case SFC_GUID:
+ host->max_lun = STORVSC_FC_MAX_LUNS_PER_TARGET;
+ host->max_id = STORVSC_FC_MAX_TARGETS;
+ host->max_channel = STORVSC_FC_MAX_CHANNELS - 1;
+ break;
+
+ case SCSI_GUID:
+ host->max_lun = STORVSC_MAX_LUNS_PER_TARGET;
+ host->max_id = STORVSC_MAX_TARGETS;
+ host->max_channel = STORVSC_MAX_CHANNELS - 1;
+ break;
+
+ default:
+ host->max_lun = STORVSC_IDE_MAX_LUNS_PER_TARGET;
+ host->max_id = STORVSC_IDE_MAX_TARGETS;
+ host->max_channel = STORVSC_IDE_MAX_CHANNELS - 1;
+ break;
+ }
/* max cmd length */
host->max_cmd_len = STORVSC_MAX_CMD_LEN;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 096/187] Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (94 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 095/187] Drivers: scsi: storvsc: Change the limits to reflect the values on the host Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 097/187] Drivers: scsi: storvsc: Filter commands based on the storage protocol version Kamal Mostafa
` (91 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit 52f9614dd8294e95d2c0929c2d4f64b077ae486f upstream.
Set cmd_per_lun to reflect value supported by the Host.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 8938b13..cebcef7 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1690,7 +1690,7 @@ static struct scsi_host_template scsi_driver = {
.slave_alloc = storvsc_device_alloc,
.slave_destroy = storvsc_device_destroy,
.slave_configure = storvsc_device_configure,
- .cmd_per_lun = 1,
+ .cmd_per_lun = 255,
.can_queue = STORVSC_MAX_IO_REQUESTS*STORVSC_MAX_TARGETS,
.this_id = -1,
/* no use setting to 0 since ll_blk_rw reset it to 1 */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 097/187] Drivers: scsi: storvsc: Filter commands based on the storage protocol version
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (95 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 096/187] Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 098/187] Drivers: scsi: storvsc: Fix a bug in handling VMBUS " Kamal Mostafa
` (90 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit 8caf92d80526f3d7cc96831ec18b384ebcaccdf0 upstream.
Going forward it is possible that some of the commands that are not currently
implemented will be implemented on future Windows hosts. Even if they are not
implemented, we are told the host will corrrectly handle unsupported
commands (by returning appropriate return code and sense information).
Make command filtering depend on the host version.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index cebcef7..8f8847e 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1553,9 +1553,19 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd)
struct vmscsi_request *vm_srb;
struct stor_mem_pools *memp = scmnd->device->hostdata;
- if (!storvsc_scsi_cmd_ok(scmnd)) {
- scmnd->scsi_done(scmnd);
- return 0;
+ if (vmstor_current_major <= VMSTOR_WIN8_MAJOR) {
+ /*
+ * On legacy hosts filter unimplemented commands.
+ * Future hosts are expected to correctly handle
+ * unsupported commands. Furthermore, it is
+ * possible that some of the currently
+ * unsupported commands maybe supported in
+ * future versions of the host.
+ */
+ if (!storvsc_scsi_cmd_ok(scmnd)) {
+ scmnd->scsi_done(scmnd);
+ return 0;
+ }
}
request_size = sizeof(struct storvsc_cmd_request);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 098/187] Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (96 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 097/187] Drivers: scsi: storvsc: Filter commands based on the storage protocol version Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 099/187] Drivers: scsi: storvsc: Implement a eh_timed_out handler Kamal Mostafa
` (89 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit adb6f9e1a8c6af1037232b59edb11277471537ea upstream.
Based on the negotiated VMBUS protocol version, we adjust the size of the storage
protocol messages. The two sizes we currently handle are pre-win8 and post-win8.
In WS2012 R2, we are negotiating higher VMBUS protocol version than the win8
version. Make adjustments to correctly handle this.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 8f8847e..7e8a642 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1752,19 +1752,22 @@ static int storvsc_probe(struct hv_device *device,
* set state to properly communicate with the host.
*/
- if (vmbus_proto_version == VERSION_WIN8) {
- sense_buffer_size = POST_WIN7_STORVSC_SENSE_BUFFER_SIZE;
- vmscsi_size_delta = 0;
- vmstor_current_major = VMSTOR_WIN8_MAJOR;
- vmstor_current_minor = VMSTOR_WIN8_MINOR;
- } else {
+ switch (vmbus_proto_version) {
+ case VERSION_WS2008:
+ case VERSION_WIN7:
sense_buffer_size = PRE_WIN8_STORVSC_SENSE_BUFFER_SIZE;
vmscsi_size_delta = sizeof(struct vmscsi_win8_extension);
vmstor_current_major = VMSTOR_WIN7_MAJOR;
vmstor_current_minor = VMSTOR_WIN7_MINOR;
+ break;
+ default:
+ sense_buffer_size = POST_WIN7_STORVSC_SENSE_BUFFER_SIZE;
+ vmscsi_size_delta = 0;
+ vmstor_current_major = VMSTOR_WIN8_MAJOR;
+ vmstor_current_minor = VMSTOR_WIN8_MINOR;
+ break;
}
-
if (dev_id->driver_data == SFC_GUID)
scsi_driver.can_queue = (STORVSC_MAX_IO_REQUESTS *
STORVSC_FC_MAX_TARGETS);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 099/187] Drivers: scsi: storvsc: Implement a eh_timed_out handler
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (97 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 098/187] Drivers: scsi: storvsc: Fix a bug in handling VMBUS " Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 100/187] drivers: scsi: storvsc: Set srb_flags in all cases Kamal Mostafa
` (88 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit 56b26e69c8283121febedd12b3cc193384af46b9 upstream.
On Azure, we have seen instances of unbounded I/O latencies. To deal with
this issue, implement handler that can reset the timeout. Note that the
host gaurantees that it will respond to each command that has been issued.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
[hch: added a better comment explaining the issue]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 7e8a642..2b8595b 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -33,6 +33,7 @@
#include <linux/device.h>
#include <linux/hyperv.h>
#include <linux/mempool.h>
+#include <linux/blkdev.h>
#include <scsi/scsi.h>
#include <scsi/scsi_cmnd.h>
#include <scsi/scsi_host.h>
@@ -1518,6 +1519,16 @@ static int storvsc_host_reset_handler(struct scsi_cmnd *scmnd)
return SUCCESS;
}
+/*
+ * The host guarantees to respond to each command, although I/O latencies might
+ * be unbounded on Azure. Reset the timer unconditionally to give the host a
+ * chance to perform EH.
+ */
+static enum blk_eh_timer_return storvsc_eh_timed_out(struct scsi_cmnd *scmnd)
+{
+ return BLK_EH_RESET_TIMER;
+}
+
static bool storvsc_scsi_cmd_ok(struct scsi_cmnd *scmnd)
{
bool allowed = true;
@@ -1697,6 +1708,7 @@ static struct scsi_host_template scsi_driver = {
.bios_param = storvsc_get_chs,
.queuecommand = storvsc_queuecommand,
.eh_host_reset_handler = storvsc_host_reset_handler,
+ .eh_timed_out = storvsc_eh_timed_out,
.slave_alloc = storvsc_device_alloc,
.slave_destroy = storvsc_device_destroy,
.slave_configure = storvsc_device_configure,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 100/187] drivers: scsi: storvsc: Set srb_flags in all cases
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (98 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 099/187] Drivers: scsi: storvsc: Implement a eh_timed_out handler Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 101/187] drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure Kamal Mostafa
` (87 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit f885fb73f64154690c2158e813de56363389ffec upstream.
Correctly set SRB flags for all valid I/O directions. Some IHV drivers on the
Windows host require this. The host validates the command and SRB flags
prior to passing the command down to native driver stack.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 2b8595b..b529ae8 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1601,26 +1601,24 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd)
vm_srb = &cmd_request->vstor_packet.vm_srb;
vm_srb->win8_extension.time_out_value = 60;
+ vm_srb->win8_extension.srb_flags |=
+ (SRB_FLAGS_QUEUE_ACTION_ENABLE |
+ SRB_FLAGS_DISABLE_SYNCH_TRANSFER);
/* Build the SRB */
switch (scmnd->sc_data_direction) {
case DMA_TO_DEVICE:
vm_srb->data_in = WRITE_TYPE;
vm_srb->win8_extension.srb_flags |= SRB_FLAGS_DATA_OUT;
- vm_srb->win8_extension.srb_flags |=
- (SRB_FLAGS_QUEUE_ACTION_ENABLE |
- SRB_FLAGS_DISABLE_SYNCH_TRANSFER);
break;
case DMA_FROM_DEVICE:
vm_srb->data_in = READ_TYPE;
vm_srb->win8_extension.srb_flags |= SRB_FLAGS_DATA_IN;
- vm_srb->win8_extension.srb_flags |=
- (SRB_FLAGS_QUEUE_ACTION_ENABLE |
- SRB_FLAGS_DISABLE_SYNCH_TRANSFER);
break;
default:
vm_srb->data_in = UNKNOWN_TYPE;
- vm_srb->win8_extension.srb_flags = 0;
+ vm_srb->win8_extension.srb_flags |= (SRB_FLAGS_DATA_IN |
+ SRB_FLAGS_DATA_OUT);
break;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 101/187] drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (99 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 100/187] drivers: scsi: storvsc: Set srb_flags in all cases Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 102/187] x86_64/vsyscall: Fix warn_bad_vsyscall log output Kamal Mostafa
` (86 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: K. Y. Srinivasan, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "K. Y. Srinivasan" <kys@microsoft.com>
commit 3533f8603d28b77c62d75ec899449a99bc6b77a1 upstream.
On some Windows hosts on FC SANs, TEST_UNIT_READY can return SRB_STATUS_ERROR.
Correctly handle this. Note that there is sufficient sense information to
support scsi error handling even in this case.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/storvsc_drv.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index b529ae8..ed0f899 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1018,6 +1018,13 @@ static void storvsc_handle_error(struct vmscsi_request *vm_srb,
case ATA_12:
set_host_byte(scmnd, DID_PASSTHROUGH);
break;
+ /*
+ * On Some Windows hosts TEST_UNIT_READY command can return
+ * SRB_STATUS_ERROR, let the upper level code deal with it
+ * based on the sense information.
+ */
+ case TEST_UNIT_READY:
+ break;
default:
set_host_byte(scmnd, DID_TARGET_FAILURE);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 102/187] x86_64/vsyscall: Fix warn_bad_vsyscall log output
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (100 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 101/187] drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 103/187] KVM: PPC: Book3S PR: Take SRCU read lock around RTAS kvm_read_guest() call Kamal Mostafa
` (85 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andy Lutomirski, H. Peter Anvin, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto@amacapital.net>
commit 53b884ac3745353de220d92ef792515c3ae692f0 upstream.
This commit in Linux 3.6:
commit c767a54ba0657e52e6edaa97cbe0b0a8bf1c1655
Author: Joe Perches <joe@perches.com>
Date: Mon May 21 19:50:07 2012 -0700
x86/debug: Add KERN_<LEVEL> to bare printks, convert printks to pr_<level>
caused warn_bad_vsyscall to output garbage in the middle of the
line. Revert the bad part of it.
The printk in question isn't actually bare; the level is "%s".
The bug this fixes is purely cosmetic; backports are optional.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/r/03eac1f24110bbe496ecc12a4df467e0d88466d4.1406330947.git.luto@amacapital.net
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kernel/vsyscall_64.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 1f96f93..09ce23a 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -125,10 +125,10 @@ static void warn_bad_vsyscall(const char *level, struct pt_regs *regs,
if (!show_unhandled_signals)
return;
- pr_notice_ratelimited("%s%s[%d] %s ip:%lx cs:%lx sp:%lx ax:%lx si:%lx di:%lx\n",
- level, current->comm, task_pid_nr(current),
- message, regs->ip, regs->cs,
- regs->sp, regs->ax, regs->si, regs->di);
+ printk_ratelimited("%s%s[%d] %s ip:%lx cs:%lx sp:%lx ax:%lx si:%lx di:%lx\n",
+ level, current->comm, task_pid_nr(current),
+ message, regs->ip, regs->cs,
+ regs->sp, regs->ax, regs->si, regs->di);
}
static int addr_to_vsyscall_nr(unsigned long addr)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 103/187] KVM: PPC: Book3S PR: Take SRCU read lock around RTAS kvm_read_guest() call
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (101 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 102/187] x86_64/vsyscall: Fix warn_bad_vsyscall log output Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 104/187] Revert "selinux: fix the default socket labeling in sock_graft()" Kamal Mostafa
` (84 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Paul Mackerras, Alexander Graf, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Mackerras <paulus@samba.org>
commit ef1af2e29622ff3403926ae801a2b10da075a2de upstream.
This does for PR KVM what c9438092cae4 ("KVM: PPC: Book3S HV: Take SRCU
read lock around kvm_read_guest() call") did for HV KVM, that is,
eliminate a "suspicious rcu_dereference_check() usage!" warning by
taking the SRCU lock around the call to kvmppc_rtas_hcall().
It also fixes a return of RESUME_HOST to return EMULATE_FAIL instead,
since kvmppc_h_pr() is supposed to return EMULATE_* values.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/kvm/book3s_pr_papr.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kvm/book3s_pr_papr.c b/arch/powerpc/kvm/book3s_pr_papr.c
index 5efa97b..7a801b5 100644
--- a/arch/powerpc/kvm/book3s_pr_papr.c
+++ b/arch/powerpc/kvm/book3s_pr_papr.c
@@ -258,6 +258,8 @@ static int kvmppc_h_pr_xics_hcall(struct kvm_vcpu *vcpu, u32 cmd)
int kvmppc_h_pr(struct kvm_vcpu *vcpu, unsigned long cmd)
{
+ int rc, idx;
+
switch (cmd) {
case H_ENTER:
return kvmppc_h_pr_enter(vcpu);
@@ -286,8 +288,11 @@ int kvmppc_h_pr(struct kvm_vcpu *vcpu, unsigned long cmd)
break;
case H_RTAS:
if (list_empty(&vcpu->kvm->arch.rtas_tokens))
- return RESUME_HOST;
- if (kvmppc_rtas_hcall(vcpu))
+ break;
+ idx = srcu_read_lock(&vcpu->kvm->srcu);
+ rc = kvmppc_rtas_hcall(vcpu);
+ srcu_read_unlock(&vcpu->kvm->srcu, idx);
+ if (rc)
break;
kvmppc_set_gpr(vcpu, 3, 0);
return EMULATE_DONE;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 104/187] Revert "selinux: fix the default socket labeling in sock_graft()"
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (102 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 103/187] KVM: PPC: Book3S PR: Take SRCU read lock around RTAS kvm_read_guest() call Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-17 11:08 ` Ben Hutchings
2014-09-15 22:08 ` [PATCH 3.13 105/187] spi: orion: fix incorrect handling of cell-index DT property Kamal Mostafa
` (83 subsequent siblings)
187 siblings, 1 reply; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paul Moore, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Moore <pmoore@redhat.com>
commit 2873ead7e46694910ac49c3a8ee0f54956f96e0c upstream.
This reverts commit 4da6daf4d3df5a977e4623963f141a627fd2efce.
Unfortunately, the commit in question caused problems with Bluetooth
devices, specifically it caused them to get caught in the newly
created BUG_ON() check. The AF_ALG problem still exists, but will be
addressed in a future patch.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/linux/security.h | 5 +----
security/selinux/hooks.c | 13 ++-----------
2 files changed, 3 insertions(+), 15 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index e42af21..5623a7f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -987,10 +987,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Retrieve the LSM-specific secid for the sock to enable caching of network
* authorizations.
* @sock_graft:
- * This hook is called in response to a newly created sock struct being
- * grafted onto an existing socket and allows the security module to
- * perform whatever security attribute management is necessary for both
- * the sock and socket.
+ * Sets the socket's isec sid to the sock's sid.
* @inet_conn_request:
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
* @inet_csk_clone:
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f66143d..019749c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4497,18 +4497,9 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
struct sk_security_struct *sksec = sk->sk_security;
- switch (sk->sk_family) {
- case PF_INET:
- case PF_INET6:
- case PF_UNIX:
+ if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
+ sk->sk_family == PF_UNIX)
isec->sid = sksec->sid;
- break;
- default:
- /* by default there is no special labeling mechanism for the
- * sksec label so inherit the label from the parent socket */
- BUG_ON(sksec->sid != SECINITSID_UNLABELED);
- sksec->sid = isec->sid;
- }
sksec->sclass = isec->sclass;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 105/187] spi: orion: fix incorrect handling of cell-index DT property
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (103 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 104/187] Revert "selinux: fix the default socket labeling in sock_graft()" Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 106/187] mfd: omap-usb-host: Fix improper mask use Kamal Mostafa
` (82 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Thomas Petazzoni, Mark Brown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
commit e06871cd2c92e5c65d7ca1d32866b4ca5dd4ac30 upstream.
In commit f814f9ac5a81 ("spi/orion: add device tree binding"), Device
Tree support was added to the spi-orion driver. However, this commit
reads the "cell-index" property, without taking into account the fact
that DT properties are big-endian encoded.
Since most of the platforms using spi-orion with DT have apparently
not used anything but cell-index = <0>, the problem was not
visible. But as soon as one starts using cell-index = <1>, the problem
becomes clearly visible, as the master->bus_num gets a wrong value
(actually it gets the value 0, which conflicts with the first bus that
has cell-index = <0>).
This commit fixes that by using of_property_read_u32() to read the
property value, which does the appropriate endianness conversion when
needed.
Fixes: f814f9ac5a81 ("spi/orion: add device tree binding")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/spi/spi-orion.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/spi/spi-orion.c b/drivers/spi/spi-orion.c
index 744841e..fbc9ac9 100644
--- a/drivers/spi/spi-orion.c
+++ b/drivers/spi/spi-orion.c
@@ -404,8 +404,6 @@ static int orion_spi_probe(struct platform_device *pdev)
struct resource *r;
unsigned long tclk_hz;
int status = 0;
- const u32 *iprop;
- int size;
master = spi_alloc_master(&pdev->dev, sizeof(*spi));
if (master == NULL) {
@@ -416,10 +414,10 @@ static int orion_spi_probe(struct platform_device *pdev)
if (pdev->id != -1)
master->bus_num = pdev->id;
if (pdev->dev.of_node) {
- iprop = of_get_property(pdev->dev.of_node, "cell-index",
- &size);
- if (iprop && size == sizeof(*iprop))
- master->bus_num = *iprop;
+ u32 cell_index;
+ if (!of_property_read_u32(pdev->dev.of_node, "cell-index",
+ &cell_index))
+ master->bus_num = cell_index;
}
/* we support only mode 0, and no options */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 106/187] mfd: omap-usb-host: Fix improper mask use.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (104 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 105/187] spi: orion: fix incorrect handling of cell-index DT property Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 107/187] tpm: Add missing tpm_do_selftest to ST33 I2C driver Kamal Mostafa
` (81 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Michael Welling, Lee Jones, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Welling <mwelling@emacinc.com>
commit 46de8ff8e80a6546aa3d2fdf58c6776666301a0c upstream.
single-ulpi-bypass is a flag used for older OMAP3 silicon.
The flag when set, can excite code that improperly uses the
OMAP_UHH_HOSTCONFIG_UPLI_BYPASS define to clear the corresponding bit.
Instead it clears all of the other bits disabling all of the ports in
the process.
Signed-off-by: Michael Welling <mwelling@emacinc.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/mfd/omap-usb-host.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mfd/omap-usb-host.c b/drivers/mfd/omap-usb-host.c
index 142650f..fcf426d 100644
--- a/drivers/mfd/omap-usb-host.c
+++ b/drivers/mfd/omap-usb-host.c
@@ -445,7 +445,7 @@ static unsigned omap_usbhs_rev1_hostconfig(struct usbhs_hcd_omap *omap,
for (i = 0; i < omap->nports; i++) {
if (is_ehci_phy_mode(pdata->port_mode[i])) {
- reg &= OMAP_UHH_HOSTCONFIG_ULPI_BYPASS;
+ reg &= ~OMAP_UHH_HOSTCONFIG_ULPI_BYPASS;
break;
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 107/187] tpm: Add missing tpm_do_selftest to ST33 I2C driver
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (105 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 106/187] mfd: omap-usb-host: Fix improper mask use Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 108/187] tpm: missing tpm_chip_put in tpm_get_random() Kamal Mostafa
` (80 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jason Gunthorpe, Peter Huewe, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
commit f07a5e9a331045e976a3d317ba43d14859d9407c upstream.
Most device drivers do call 'tpm_do_selftest' which executes a
TPM_ContinueSelfTest. tpm_i2c_stm_st33 is just pointlessly different,
I think it is bug.
These days we have the general assumption that the TPM is usable by
the kernel immediately after the driver is finished, so we can no
longer defer the mandatory self test to userspace.
Reported-by: Richard Marciel <rmaciel@linux.vnet.ibm.com>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm_i2c_stm_st33.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/tpm/tpm_i2c_stm_st33.c b/drivers/char/tpm/tpm_i2c_stm_st33.c
index cf68403..b2cb24c 100644
--- a/drivers/char/tpm/tpm_i2c_stm_st33.c
+++ b/drivers/char/tpm/tpm_i2c_stm_st33.c
@@ -750,6 +750,7 @@ tpm_st33_i2c_probe(struct i2c_client *client, const struct i2c_device_id *id)
}
tpm_get_timeouts(chip);
+ tpm_do_selftest(chip);
dev_info(chip->dev, "TPM I2C Initialized\n");
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 108/187] tpm: missing tpm_chip_put in tpm_get_random()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (106 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 107/187] tpm: Add missing tpm_do_selftest to ST33 I2C driver Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 109/187] scsi: do not issue SCSI RSOC command to Promise Vtrak E610f Kamal Mostafa
` (79 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jarkko Sakkinen, Peter Huewe, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
commit 3e14d83ef94a5806a865b85b513b4e891923c19b upstream.
Regression in 41ab999c. Call to tpm_chip_put is missing. This
will cause TPM device driver not to unload if tmp_get_random()
is called.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/char/tpm/tpm-interface.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 6ae41d3..901b370 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -1400,13 +1400,13 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
int err, total = 0, retries = 5;
u8 *dest = out;
+ if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
+ return -EINVAL;
+
chip = tpm_chip_find_get(chip_num);
if (chip == NULL)
return -ENODEV;
- if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
- return -EINVAL;
-
do {
tpm_cmd.header.in = tpm_getrandom_header;
tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes);
@@ -1425,6 +1425,7 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
num_bytes -= recd;
} while (retries-- && total < max);
+ tpm_chip_put(chip);
return total ? total : -EIO;
}
EXPORT_SYMBOL_GPL(tpm_get_random);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 109/187] scsi: do not issue SCSI RSOC command to Promise Vtrak E610f
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (107 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 108/187] tpm: missing tpm_chip_put in tpm_get_random() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 110/187] hwmon: (ads1015) Fix off-by-one for valid channel index checking Kamal Mostafa
` (78 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Janusz Dziemidowicz, Christoph Hellwig, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Janusz Dziemidowicz <rraptorr@nails.eu.org>
commit 0213436a2cc5e4a5ca2fabfaa4d3877097f3b13f upstream.
Some devices don't like REPORT SUPPORTED OPERATION CODES and will
simply timeout causing sd_mod init to take a very very long time.
Introduce BLIST_NO_RSOC scsi scan flag, that stops RSOC from being
issued. Add it to Promise Vtrak E610f entry in scsi scan
blacklist. Fixes bug #79901 reported at
https://bugzilla.kernel.org/show_bug.cgi?id=79901
Fixes: 98dcc2946adb ("SCSI: sd: Update WRITE SAME heuristics")
Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/scsi/scsi_devinfo.c | 1 +
drivers/scsi/scsi_scan.c | 6 ++++++
include/scsi/scsi_devinfo.h | 2 ++
3 files changed, 9 insertions(+)
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
index f969aca..49014a1 100644
--- a/drivers/scsi/scsi_devinfo.c
+++ b/drivers/scsi/scsi_devinfo.c
@@ -222,6 +222,7 @@ static struct {
{"PIONEER", "CD-ROM DRM-602X", NULL, BLIST_FORCELUN | BLIST_SINGLELUN},
{"PIONEER", "CD-ROM DRM-604X", NULL, BLIST_FORCELUN | BLIST_SINGLELUN},
{"PIONEER", "CD-ROM DRM-624X", NULL, BLIST_FORCELUN | BLIST_SINGLELUN},
+ {"Promise", "VTrak E610f", NULL, BLIST_SPARSELUN | BLIST_NO_RSOC},
{"Promise", "", NULL, BLIST_SPARSELUN},
{"QUANTUM", "XP34301", "1071", BLIST_NOTQ},
{"REGAL", "CDC-4X", NULL, BLIST_MAX5LUN | BLIST_SINGLELUN},
diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c
index 08e6151..f194e43 100644
--- a/drivers/scsi/scsi_scan.c
+++ b/drivers/scsi/scsi_scan.c
@@ -898,6 +898,12 @@ static int scsi_add_lun(struct scsi_device *sdev, unsigned char *inq_result,
if (*bflags & BLIST_USE_10_BYTE_MS)
sdev->use_10_for_ms = 1;
+ /* some devices don't like REPORT SUPPORTED OPERATION CODES
+ * and will simply timeout causing sd_mod init to take a very
+ * very long time */
+ if (*bflags & BLIST_NO_RSOC)
+ sdev->no_report_opcodes = 1;
+
/* set the device running here so that slave configure
* may do I/O */
ret = scsi_device_set_state(sdev, SDEV_RUNNING);
diff --git a/include/scsi/scsi_devinfo.h b/include/scsi/scsi_devinfo.h
index 913c624..428b023 100644
--- a/include/scsi/scsi_devinfo.h
+++ b/include/scsi/scsi_devinfo.h
@@ -33,4 +33,6 @@
#define BLIST_NO_DIF 0x2000000 /* Disable T10 PI (DIF) */
#define BLIST_SKIP_VPD_PAGES 0x4000000 /* Ignore SBC-3 VPD pages */
#define BLIST_TRY_VPD_PAGES 0x10000000 /* Attempt to read VPD pages */
+#define BLIST_NO_RSOC 0x20000000 /* don't try to issue RSOC */
+
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 110/187] hwmon: (ads1015) Fix off-by-one for valid channel index checking
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (108 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 109/187] scsi: do not issue SCSI RSOC command to Promise Vtrak E610f Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 111/187] ALSA: hda - fix an external mic jack problem on a HP machine Kamal Mostafa
` (77 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit 56de1377ad92f72ee4e5cb0faf7a9b6048fdf0bf upstream.
Current code uses channel as array index, so the valid channel value is
0 .. ADS1015_CHANNELS - 1.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/ads1015.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/ads1015.c b/drivers/hwmon/ads1015.c
index 7f9dc2f..22e0c92 100644
--- a/drivers/hwmon/ads1015.c
+++ b/drivers/hwmon/ads1015.c
@@ -198,7 +198,7 @@ static int ads1015_get_channels_config_of(struct i2c_client *client)
}
channel = be32_to_cpup(property);
- if (channel > ADS1015_CHANNELS) {
+ if (channel >= ADS1015_CHANNELS) {
dev_err(&client->dev,
"invalid channel index %d on %s\n",
channel, node->full_name);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 111/187] ALSA: hda - fix an external mic jack problem on a HP machine
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (109 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 110/187] hwmon: (ads1015) Fix off-by-one for valid channel index checking Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 112/187] MIPS: tlbex: Fix a missing statement for HUGETLB Kamal Mostafa
` (76 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Hui Wang, Takashi Iwai, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Hui Wang <hui.wang@canonical.com>
commit 7440850c20b69658f322119d20a94dc914127cc7 upstream.
ON the machine, two pin complex (0xb and 0xe) are both routed to
the same external right-side mic jack, this makes the jack can't work.
To fix this problem, set the 0xe to "not connected".
BugLink: https://bugs.launchpad.net/bugs/1350148
Tested-by: Franz Hsieh <franz.hsieh@canonical.com>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_sigmatel.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
index 0f28aa2..c7b0ba6 100644
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -84,6 +84,7 @@ enum {
STAC_DELL_EQ,
STAC_ALIENWARE_M17X,
STAC_92HD89XX_HP_FRONT_JACK,
+ STAC_92HD89XX_HP_Z1_G2_RIGHT_MIC_JACK,
STAC_92HD73XX_MODELS
};
@@ -1785,6 +1786,11 @@ static const struct hda_pintbl stac92hd89xx_hp_front_jack_pin_configs[] = {
{}
};
+static const struct hda_pintbl stac92hd89xx_hp_z1_g2_right_mic_jack_pin_configs[] = {
+ { 0x0e, 0x400000f0 },
+ {}
+};
+
static void stac92hd73xx_fixup_ref(struct hda_codec *codec,
const struct hda_fixup *fix, int action)
{
@@ -1907,6 +1913,10 @@ static const struct hda_fixup stac92hd73xx_fixups[] = {
[STAC_92HD89XX_HP_FRONT_JACK] = {
.type = HDA_FIXUP_PINS,
.v.pins = stac92hd89xx_hp_front_jack_pin_configs,
+ },
+ [STAC_92HD89XX_HP_Z1_G2_RIGHT_MIC_JACK] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = stac92hd89xx_hp_z1_g2_right_mic_jack_pin_configs,
}
};
@@ -1967,6 +1977,8 @@ static const struct snd_pci_quirk stac92hd73xx_fixup_tbl[] = {
"Alienware M17x", STAC_ALIENWARE_M17X),
SND_PCI_QUIRK(PCI_VENDOR_ID_DELL, 0x0490,
"Alienware M17x R3", STAC_DELL_EQ),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1927,
+ "HP Z1 G2", STAC_92HD89XX_HP_Z1_G2_RIGHT_MIC_JACK),
SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x2b17,
"unknown HP", STAC_92HD89XX_HP_FRONT_JACK),
{} /* terminator */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 112/187] MIPS: tlbex: Fix a missing statement for HUGETLB
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (110 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 111/187] ALSA: hda - fix an external mic jack problem on a HP machine Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 113/187] MIPS: Prevent user from setting FCSR cause bits Kamal Mostafa
` (75 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Huacai Chen, Binbin Zhou, John Crispin, Steven J. Hill,
linux-mips, Fuxin Zhang, Zhangjin Wu, Ralf Baechle,
Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhc@lemote.com>
commit 8393c524a25609a30129e4a8975cf3b91f6c16a5 upstream.
In commit 2c8c53e28f1 (MIPS: Optimize TLB handlers for Octeon CPUs)
build_r4000_tlb_refill_handler() is modified. But it doesn't compatible
with the original code in HUGETLB case. Because there is a copy & paste
error and one line of code is missing. It is very easy to produce a bug
with LTP's hugemmap05 test.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Binbin Zhou <zhoubb@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J. Hill <Steven.Hill@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/7496/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/mm/tlbex.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
index 183f2b5..ec90a27 100644
--- a/arch/mips/mm/tlbex.c
+++ b/arch/mips/mm/tlbex.c
@@ -1295,6 +1295,7 @@ static void build_r4000_tlb_refill_handler(void)
}
#ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
uasm_l_tlb_huge_update(&l, p);
+ UASM_i_LW(&p, K0, 0, K1);
build_huge_update_entries(&p, htlb_info.huge_pte, K1);
build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random,
htlb_info.restore_scratch);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 113/187] MIPS: Prevent user from setting FCSR cause bits
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (111 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 112/187] MIPS: tlbex: Fix a missing statement for HUGETLB Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 114/187] KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir table Kamal Mostafa
` (74 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Paul Burton, linux-mips, Ralf Baechle, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Burton <paul.burton@imgtec.com>
commit b1442d39fac2fcfbe6a4814979020e993ca59c9e upstream.
If one or more matching FCSR cause & enable bits are set in saved thread
context then when that context is restored the kernel will take an FP
exception. This is of course undesirable and considered an oops, leading
to the kernel writing a backtrace to the console and potentially
rebooting depending upon the configuration. Thus the kernel avoids this
situation by clearing the cause bits of the FCSR register when handling
FP exceptions and after emulating FP instructions.
However the kernel does not prevent userland from setting arbitrary FCSR
cause & enable bits via ptrace, using either the PTRACE_POKEUSR or
PTRACE_SETFPREGS requests. This means userland can trivially cause the
kernel to oops on any system with an FPU. Prevent this from happening
by clearing the cause bits when writing to the saved FCSR context via
ptrace.
This problem appears to exist at least back to the beginning of the git
era in the PTRACE_POKEUSR case.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Paul Burton <paul.burton@imgtec.com>
Patchwork: https://patchwork.linux-mips.org/patch/7438/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/kernel/ptrace.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index b52e1d2..f6e6709 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -170,6 +170,7 @@ int ptrace_setfpregs(struct task_struct *child, __u32 __user *data)
__get_user(fregs[i], i + (__u64 __user *) data);
__get_user(child->thread.fpu.fcr31, data + 64);
+ child->thread.fpu.fcr31 &= ~FPU_CSR_ALL_X;
/* FIR may not be written. */
@@ -587,7 +588,7 @@ long arch_ptrace(struct task_struct *child, long request,
break;
#endif
case FPC_CSR:
- child->thread.fpu.fcr31 = data;
+ child->thread.fpu.fcr31 = data & ~FPU_CSR_ALL_X;
break;
case DSP_BASE ... DSP_BASE + 5: {
dspreg_t *dregs;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 114/187] KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir table
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (112 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 113/187] MIPS: Prevent user from setting FCSR cause bits Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 115/187] MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade() Kamal Mostafa
` (73 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paolo Bonzini, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit 0f6c0a740b7d3e1f3697395922d674000f83d060 upstream.
Currently, the EOI exit bitmap (used for APICv) does not include
interrupts that are masked. However, this can cause a bug that manifests
as an interrupt storm inside the guest. Alex Williamson reported the
bug and is the one who really debugged this; I only wrote the patch. :)
The scenario involves a multi-function PCI device with OHCI and EHCI
USB functions and an audio function, all assigned to the guest, where
both USB functions use legacy INTx interrupts.
As soon as the guest boots, interrupts for these devices turn into an
interrupt storm in the guest; the host does not see the interrupt storm.
Basically the EOI path does not work, and the guest continues to see the
interrupt over and over, even after it attempts to mask it at the APIC.
The bug is only visible with older kernels (RHEL6.5, based on 2.6.32
with not many changes in the area of APIC/IOAPIC handling).
Alex then tried forcing bit 59 (corresponding to the USB functions' IRQ)
on in the eoi_exit_bitmap and TMR, and things then work. What happens
is that VFIO asserts IRQ11, then KVM recomputes the EOI exit bitmap.
It does not have set bit 59 because the RTE was masked, so the IOAPIC
never sees the EOI and the interrupt continues to fire in the guest.
My guess was that the guest is masking the interrupt in the redirection
table in the interrupt routine, i.e. while the interrupt is set in a
LAPIC's ISR, The simplest fix is to ignore the masking state, we would
rather have an unnecessary exit rather than a missed IRQ ACK and anyway
IOAPIC interrupts are not as performance-sensitive as for example MSIs.
Alex tested this patch and it fixed his bug.
[Thanks to Alex for his precise description of the problem
and initial debugging effort. A lot of the text above is
based on emails exchanged with him.]
Reported-by: Alex Williamson <alex.williamson@redhat.com>
Tested-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
virt/kvm/ioapic.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c
index 39dc5bc..5eaf18f 100644
--- a/virt/kvm/ioapic.c
+++ b/virt/kvm/ioapic.c
@@ -203,10 +203,9 @@ void kvm_ioapic_scan_entry(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap,
spin_lock(&ioapic->lock);
for (index = 0; index < IOAPIC_NUM_PINS; index++) {
e = &ioapic->redirtbl[index];
- if (!e->fields.mask &&
- (e->fields.trig_mode == IOAPIC_LEVEL_TRIG ||
- kvm_irq_has_notifier(ioapic->kvm, KVM_IRQCHIP_IOAPIC,
- index) || index == RTC_GSI)) {
+ if (e->fields.trig_mode == IOAPIC_LEVEL_TRIG ||
+ kvm_irq_has_notifier(ioapic->kvm, KVM_IRQCHIP_IOAPIC, index) ||
+ index == RTC_GSI) {
if (kvm_apic_match_dest(vcpu, NULL, 0,
e->fields.dest_id, e->fields.dest_mode)) {
__set_bit(e->fields.vector,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 115/187] MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (113 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 114/187] KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir table Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 116/187] MIPS: ptrace: Test correct task's flags in task_user_regset_view() Kamal Mostafa
` (72 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Huacai Chen, Jie Chen, Rui Wang, John Crispin, Steven J. Hill,
linux-mips, Fuxin Zhang, Zhangjin Wu, Ralf Baechle,
Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhc@lemote.com>
commit 2e5767a27337812f6850b3fa362419e2f085e5c3 upstream.
In do_ade(), is_fpu_owner() isn't preempt-safe. For example, when an
unaligned ldc1 is executed, do_cpu() is called and then FPU will be
enabled (and TIF_USEDFPU will be set for the current process). Then,
do_ade() is called because the access is unaligned. If the current
process is preempted at this time, TIF_USEDFPU will be cleard. So when
the process is scheduled again, BUG_ON(!is_fpu_owner()) is triggered.
This small program can trigger this BUG in a preemptible kernel:
int main (int argc, char *argv[])
{
double u64[2];
while (1) {
asm volatile (
".set push \n\t"
".set noreorder \n\t"
"ldc1 $f3, 4(%0) \n\t"
".set pop \n\t"
::"r"(u64):
);
}
return 0;
}
V2: Remove the BUG_ON() unconditionally due to Paul's suggestion.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Jie Chen <chenj@lemote.com>
Signed-off-by: Rui Wang <wangr@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J. Hill <Steven.Hill@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/kernel/unaligned.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/mips/kernel/unaligned.c b/arch/mips/kernel/unaligned.c
index c369a5d..b897dde 100644
--- a/arch/mips/kernel/unaligned.c
+++ b/arch/mips/kernel/unaligned.c
@@ -605,7 +605,6 @@ static void emulate_load_store_insn(struct pt_regs *regs,
case sdc1_op:
die_if_kernel("Unaligned FP access in kernel code", regs);
BUG_ON(!used_math());
- BUG_ON(!is_fpu_owner());
lose_fpu(1); /* Save FPU state for the emulator. */
res = fpu_emulator_cop1Handler(regs, ¤t->thread.fpu, 1,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 116/187] MIPS: ptrace: Test correct task's flags in task_user_regset_view()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (114 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 115/187] MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 117/187] MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same time Kamal Mostafa
` (71 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alex Smith, linux-mips, Ralf Baechle, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Smith <alex@alex-smith.me.uk>
commit 65768a1a92cb12cbba87588927cf597a65d560aa upstream.
task_user_regset_view() should test for TIF_32BIT_REGS in the flags of
the specified task, not of the current task.
Signed-off-by: Alex Smith <alex@alex-smith.me.uk>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7450/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/kernel/ptrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index f6e6709..2b32dd4 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -384,7 +384,7 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
#endif
#ifdef CONFIG_MIPS32_O32
- if (test_thread_flag(TIF_32BIT_REGS))
+ if (test_tsk_thread_flag(task, TIF_32BIT_REGS))
return &user_mips_view;
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 117/187] MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same time
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (115 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 116/187] MIPS: ptrace: Test correct task's flags in task_user_regset_view() Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 118/187] MIPS: ptrace: Change GP regset to use correct core dump register layout Kamal Mostafa
` (70 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alex Smith, linux-mips, Ralf Baechle, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Smith <alex@alex-smith.me.uk>
commit bcec7c8da6b092b1ff3327fd83c2193adb12f684 upstream.
Get rid of the WANT_COMPAT_REG_H test and instead define both the 32-
and 64-bit register offset definitions at the same time with
MIPS{32,64}_ prefixes, then define the existing EF_* names to the
correct definitions for the kernel's bitness.
This patch is a prerequisite of the following bug fix patch.
Signed-off-by: Alex Smith <alex@alex-smith.me.uk>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7451/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/include/asm/reg.h | 260 +++++++++++++++++++++++++--------------
arch/mips/kernel/binfmt_elfo32.c | 32 ++---
2 files changed, 182 insertions(+), 110 deletions(-)
diff --git a/arch/mips/include/asm/reg.h b/arch/mips/include/asm/reg.h
index 910e71a..b8343cc 100644
--- a/arch/mips/include/asm/reg.h
+++ b/arch/mips/include/asm/reg.h
@@ -12,116 +12,194 @@
#ifndef __ASM_MIPS_REG_H
#define __ASM_MIPS_REG_H
-
-#if defined(CONFIG_32BIT) || defined(WANT_COMPAT_REG_H)
-
-#define EF_R0 6
-#define EF_R1 7
-#define EF_R2 8
-#define EF_R3 9
-#define EF_R4 10
-#define EF_R5 11
-#define EF_R6 12
-#define EF_R7 13
-#define EF_R8 14
-#define EF_R9 15
-#define EF_R10 16
-#define EF_R11 17
-#define EF_R12 18
-#define EF_R13 19
-#define EF_R14 20
-#define EF_R15 21
-#define EF_R16 22
-#define EF_R17 23
-#define EF_R18 24
-#define EF_R19 25
-#define EF_R20 26
-#define EF_R21 27
-#define EF_R22 28
-#define EF_R23 29
-#define EF_R24 30
-#define EF_R25 31
+#define MIPS32_EF_R0 6
+#define MIPS32_EF_R1 7
+#define MIPS32_EF_R2 8
+#define MIPS32_EF_R3 9
+#define MIPS32_EF_R4 10
+#define MIPS32_EF_R5 11
+#define MIPS32_EF_R6 12
+#define MIPS32_EF_R7 13
+#define MIPS32_EF_R8 14
+#define MIPS32_EF_R9 15
+#define MIPS32_EF_R10 16
+#define MIPS32_EF_R11 17
+#define MIPS32_EF_R12 18
+#define MIPS32_EF_R13 19
+#define MIPS32_EF_R14 20
+#define MIPS32_EF_R15 21
+#define MIPS32_EF_R16 22
+#define MIPS32_EF_R17 23
+#define MIPS32_EF_R18 24
+#define MIPS32_EF_R19 25
+#define MIPS32_EF_R20 26
+#define MIPS32_EF_R21 27
+#define MIPS32_EF_R22 28
+#define MIPS32_EF_R23 29
+#define MIPS32_EF_R24 30
+#define MIPS32_EF_R25 31
/*
* k0/k1 unsaved
*/
-#define EF_R26 32
-#define EF_R27 33
+#define MIPS32_EF_R26 32
+#define MIPS32_EF_R27 33
-#define EF_R28 34
-#define EF_R29 35
-#define EF_R30 36
-#define EF_R31 37
+#define MIPS32_EF_R28 34
+#define MIPS32_EF_R29 35
+#define MIPS32_EF_R30 36
+#define MIPS32_EF_R31 37
/*
* Saved special registers
*/
-#define EF_LO 38
-#define EF_HI 39
-
-#define EF_CP0_EPC 40
-#define EF_CP0_BADVADDR 41
-#define EF_CP0_STATUS 42
-#define EF_CP0_CAUSE 43
-#define EF_UNUSED0 44
-
-#define EF_SIZE 180
-
-#endif
-
-#if defined(CONFIG_64BIT) && !defined(WANT_COMPAT_REG_H)
-
-#define EF_R0 0
-#define EF_R1 1
-#define EF_R2 2
-#define EF_R3 3
-#define EF_R4 4
-#define EF_R5 5
-#define EF_R6 6
-#define EF_R7 7
-#define EF_R8 8
-#define EF_R9 9
-#define EF_R10 10
-#define EF_R11 11
-#define EF_R12 12
-#define EF_R13 13
-#define EF_R14 14
-#define EF_R15 15
-#define EF_R16 16
-#define EF_R17 17
-#define EF_R18 18
-#define EF_R19 19
-#define EF_R20 20
-#define EF_R21 21
-#define EF_R22 22
-#define EF_R23 23
-#define EF_R24 24
-#define EF_R25 25
+#define MIPS32_EF_LO 38
+#define MIPS32_EF_HI 39
+
+#define MIPS32_EF_CP0_EPC 40
+#define MIPS32_EF_CP0_BADVADDR 41
+#define MIPS32_EF_CP0_STATUS 42
+#define MIPS32_EF_CP0_CAUSE 43
+#define MIPS32_EF_UNUSED0 44
+
+#define MIPS32_EF_SIZE 180
+
+#define MIPS64_EF_R0 0
+#define MIPS64_EF_R1 1
+#define MIPS64_EF_R2 2
+#define MIPS64_EF_R3 3
+#define MIPS64_EF_R4 4
+#define MIPS64_EF_R5 5
+#define MIPS64_EF_R6 6
+#define MIPS64_EF_R7 7
+#define MIPS64_EF_R8 8
+#define MIPS64_EF_R9 9
+#define MIPS64_EF_R10 10
+#define MIPS64_EF_R11 11
+#define MIPS64_EF_R12 12
+#define MIPS64_EF_R13 13
+#define MIPS64_EF_R14 14
+#define MIPS64_EF_R15 15
+#define MIPS64_EF_R16 16
+#define MIPS64_EF_R17 17
+#define MIPS64_EF_R18 18
+#define MIPS64_EF_R19 19
+#define MIPS64_EF_R20 20
+#define MIPS64_EF_R21 21
+#define MIPS64_EF_R22 22
+#define MIPS64_EF_R23 23
+#define MIPS64_EF_R24 24
+#define MIPS64_EF_R25 25
/*
* k0/k1 unsaved
*/
-#define EF_R26 26
-#define EF_R27 27
+#define MIPS64_EF_R26 26
+#define MIPS64_EF_R27 27
-#define EF_R28 28
-#define EF_R29 29
-#define EF_R30 30
-#define EF_R31 31
+#define MIPS64_EF_R28 28
+#define MIPS64_EF_R29 29
+#define MIPS64_EF_R30 30
+#define MIPS64_EF_R31 31
/*
* Saved special registers
*/
-#define EF_LO 32
-#define EF_HI 33
-
-#define EF_CP0_EPC 34
-#define EF_CP0_BADVADDR 35
-#define EF_CP0_STATUS 36
-#define EF_CP0_CAUSE 37
-
-#define EF_SIZE 304 /* size in bytes */
+#define MIPS64_EF_LO 32
+#define MIPS64_EF_HI 33
+
+#define MIPS64_EF_CP0_EPC 34
+#define MIPS64_EF_CP0_BADVADDR 35
+#define MIPS64_EF_CP0_STATUS 36
+#define MIPS64_EF_CP0_CAUSE 37
+
+#define MIPS64_EF_SIZE 304 /* size in bytes */
+
+#if defined(CONFIG_32BIT)
+
+#define EF_R0 MIPS32_EF_R0
+#define EF_R1 MIPS32_EF_R1
+#define EF_R2 MIPS32_EF_R2
+#define EF_R3 MIPS32_EF_R3
+#define EF_R4 MIPS32_EF_R4
+#define EF_R5 MIPS32_EF_R5
+#define EF_R6 MIPS32_EF_R6
+#define EF_R7 MIPS32_EF_R7
+#define EF_R8 MIPS32_EF_R8
+#define EF_R9 MIPS32_EF_R9
+#define EF_R10 MIPS32_EF_R10
+#define EF_R11 MIPS32_EF_R11
+#define EF_R12 MIPS32_EF_R12
+#define EF_R13 MIPS32_EF_R13
+#define EF_R14 MIPS32_EF_R14
+#define EF_R15 MIPS32_EF_R15
+#define EF_R16 MIPS32_EF_R16
+#define EF_R17 MIPS32_EF_R17
+#define EF_R18 MIPS32_EF_R18
+#define EF_R19 MIPS32_EF_R19
+#define EF_R20 MIPS32_EF_R20
+#define EF_R21 MIPS32_EF_R21
+#define EF_R22 MIPS32_EF_R22
+#define EF_R23 MIPS32_EF_R23
+#define EF_R24 MIPS32_EF_R24
+#define EF_R25 MIPS32_EF_R25
+#define EF_R26 MIPS32_EF_R26
+#define EF_R27 MIPS32_EF_R27
+#define EF_R28 MIPS32_EF_R28
+#define EF_R29 MIPS32_EF_R29
+#define EF_R30 MIPS32_EF_R30
+#define EF_R31 MIPS32_EF_R31
+#define EF_LO MIPS32_EF_LO
+#define EF_HI MIPS32_EF_HI
+#define EF_CP0_EPC MIPS32_EF_CP0_EPC
+#define EF_CP0_BADVADDR MIPS32_EF_CP0_BADVADDR
+#define EF_CP0_STATUS MIPS32_EF_CP0_STATUS
+#define EF_CP0_CAUSE MIPS32_EF_CP0_CAUSE
+#define EF_UNUSED0 MIPS32_EF_UNUSED0
+#define EF_SIZE MIPS32_EF_SIZE
+
+#elif defined(CONFIG_64BIT)
+
+#define EF_R0 MIPS64_EF_R0
+#define EF_R1 MIPS64_EF_R1
+#define EF_R2 MIPS64_EF_R2
+#define EF_R3 MIPS64_EF_R3
+#define EF_R4 MIPS64_EF_R4
+#define EF_R5 MIPS64_EF_R5
+#define EF_R6 MIPS64_EF_R6
+#define EF_R7 MIPS64_EF_R7
+#define EF_R8 MIPS64_EF_R8
+#define EF_R9 MIPS64_EF_R9
+#define EF_R10 MIPS64_EF_R10
+#define EF_R11 MIPS64_EF_R11
+#define EF_R12 MIPS64_EF_R12
+#define EF_R13 MIPS64_EF_R13
+#define EF_R14 MIPS64_EF_R14
+#define EF_R15 MIPS64_EF_R15
+#define EF_R16 MIPS64_EF_R16
+#define EF_R17 MIPS64_EF_R17
+#define EF_R18 MIPS64_EF_R18
+#define EF_R19 MIPS64_EF_R19
+#define EF_R20 MIPS64_EF_R20
+#define EF_R21 MIPS64_EF_R21
+#define EF_R22 MIPS64_EF_R22
+#define EF_R23 MIPS64_EF_R23
+#define EF_R24 MIPS64_EF_R24
+#define EF_R25 MIPS64_EF_R25
+#define EF_R26 MIPS64_EF_R26
+#define EF_R27 MIPS64_EF_R27
+#define EF_R28 MIPS64_EF_R28
+#define EF_R29 MIPS64_EF_R29
+#define EF_R30 MIPS64_EF_R30
+#define EF_R31 MIPS64_EF_R31
+#define EF_LO MIPS64_EF_LO
+#define EF_HI MIPS64_EF_HI
+#define EF_CP0_EPC MIPS64_EF_CP0_EPC
+#define EF_CP0_BADVADDR MIPS64_EF_CP0_BADVADDR
+#define EF_CP0_STATUS MIPS64_EF_CP0_STATUS
+#define EF_CP0_CAUSE MIPS64_EF_CP0_CAUSE
+#define EF_SIZE MIPS64_EF_SIZE
#endif /* CONFIG_64BIT */
diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c
index 202e581..7fdf1de 100644
--- a/arch/mips/kernel/binfmt_elfo32.c
+++ b/arch/mips/kernel/binfmt_elfo32.c
@@ -58,12 +58,6 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
#include <asm/processor.h>
-/*
- * When this file is selected, we are definitely running a 64bit kernel.
- * So using the right regs define in asm/reg.h
- */
-#define WANT_COMPAT_REG_H
-
/* These MUST be defined before elf.h gets included */
extern void elf32_core_copy_regs(elf_gregset_t grp, struct pt_regs *regs);
#define ELF_CORE_COPY_REGS(_dest, _regs) elf32_core_copy_regs(_dest, _regs);
@@ -135,21 +129,21 @@ void elf32_core_copy_regs(elf_gregset_t grp, struct pt_regs *regs)
{
int i;
- for (i = 0; i < EF_R0; i++)
+ for (i = 0; i < MIPS32_EF_R0; i++)
grp[i] = 0;
- grp[EF_R0] = 0;
+ grp[MIPS32_EF_R0] = 0;
for (i = 1; i <= 31; i++)
- grp[EF_R0 + i] = (elf_greg_t) regs->regs[i];
- grp[EF_R26] = 0;
- grp[EF_R27] = 0;
- grp[EF_LO] = (elf_greg_t) regs->lo;
- grp[EF_HI] = (elf_greg_t) regs->hi;
- grp[EF_CP0_EPC] = (elf_greg_t) regs->cp0_epc;
- grp[EF_CP0_BADVADDR] = (elf_greg_t) regs->cp0_badvaddr;
- grp[EF_CP0_STATUS] = (elf_greg_t) regs->cp0_status;
- grp[EF_CP0_CAUSE] = (elf_greg_t) regs->cp0_cause;
-#ifdef EF_UNUSED0
- grp[EF_UNUSED0] = 0;
+ grp[MIPS32_EF_R0 + i] = (elf_greg_t) regs->regs[i];
+ grp[MIPS32_EF_R26] = 0;
+ grp[MIPS32_EF_R27] = 0;
+ grp[MIPS32_EF_LO] = (elf_greg_t) regs->lo;
+ grp[MIPS32_EF_HI] = (elf_greg_t) regs->hi;
+ grp[MIPS32_EF_CP0_EPC] = (elf_greg_t) regs->cp0_epc;
+ grp[MIPS32_EF_CP0_BADVADDR] = (elf_greg_t) regs->cp0_badvaddr;
+ grp[MIPS32_EF_CP0_STATUS] = (elf_greg_t) regs->cp0_status;
+ grp[MIPS32_EF_CP0_CAUSE] = (elf_greg_t) regs->cp0_cause;
+#ifdef MIPS32_EF_UNUSED0
+ grp[MIPS32_EF_UNUSED0] = 0;
#endif
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 118/187] MIPS: ptrace: Change GP regset to use correct core dump register layout
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (116 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 117/187] MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same time Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 119/187] md/raid1,raid10: always abort recover on write error Kamal Mostafa
` (69 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alex Smith, linux-mips, Ralf Baechle, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Smith <alex@alex-smith.me.uk>
commit c23b3d1a53119849dc3c23c417124deb067aa33d upstream.
Commit 6a9c001b7ec3 ("MIPS: Switch ELF core dumper to use regsets.")
switched the core dumper to use regsets, however the GP regset code
simply makes a direct copy of the kernel's pt_regs, which does not
match the original core dump register layout as defined in asm/reg.h.
Furthermore, the definition of pt_regs can vary with certain Kconfig
variables, therefore the GP regset can never be relied upon to return
registers in the same layout.
Therefore, this patch changes the GP regset to match the original core
dump layout. The layout differs for 32- and 64-bit processes, so
separate implementations of the get/set functions are added for the
32- and 64-bit regsets.
Signed-off-by: Alex Smith <alex@alex-smith.me.uk>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7452/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/kernel/ptrace.c | 189 +++++++++++++++++++++++++++++++++++++++-------
1 file changed, 160 insertions(+), 29 deletions(-)
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index 2b32dd4..e1d02d5 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -266,36 +266,160 @@ int ptrace_set_watch_regs(struct task_struct *child,
/* regset get/set implementations */
-static int gpr_get(struct task_struct *target,
- const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
+#if defined(CONFIG_32BIT) || defined(CONFIG_MIPS32_O32)
+
+static int gpr32_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
{
struct pt_regs *regs = task_pt_regs(target);
+ u32 uregs[ELF_NGREG] = {};
+ unsigned i;
- return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
- regs, 0, sizeof(*regs));
+ for (i = MIPS32_EF_R1; i <= MIPS32_EF_R31; i++) {
+ /* k0/k1 are copied as zero. */
+ if (i == MIPS32_EF_R26 || i == MIPS32_EF_R27)
+ continue;
+
+ uregs[i] = regs->regs[i - MIPS32_EF_R0];
+ }
+
+ uregs[MIPS32_EF_LO] = regs->lo;
+ uregs[MIPS32_EF_HI] = regs->hi;
+ uregs[MIPS32_EF_CP0_EPC] = regs->cp0_epc;
+ uregs[MIPS32_EF_CP0_BADVADDR] = regs->cp0_badvaddr;
+ uregs[MIPS32_EF_CP0_STATUS] = regs->cp0_status;
+ uregs[MIPS32_EF_CP0_CAUSE] = regs->cp0_cause;
+
+ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0,
+ sizeof(uregs));
}
-static int gpr_set(struct task_struct *target,
- const struct user_regset *regset,
- unsigned int pos, unsigned int count,
- const void *kbuf, const void __user *ubuf)
+static int gpr32_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
{
- struct pt_regs newregs;
- int ret;
+ struct pt_regs *regs = task_pt_regs(target);
+ u32 uregs[ELF_NGREG];
+ unsigned start, num_regs, i;
+ int err;
- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
- &newregs,
- 0, sizeof(newregs));
- if (ret)
- return ret;
+ start = pos / sizeof(u32);
+ num_regs = count / sizeof(u32);
+
+ if (start + num_regs > ELF_NGREG)
+ return -EIO;
- *task_pt_regs(target) = newregs;
+ err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0,
+ sizeof(uregs));
+ if (err)
+ return err;
+
+ for (i = start; i < num_regs; i++) {
+ /*
+ * Cast all values to signed here so that if this is a 64-bit
+ * kernel, the supplied 32-bit values will be sign extended.
+ */
+ switch (i) {
+ case MIPS32_EF_R1 ... MIPS32_EF_R25:
+ /* k0/k1 are ignored. */
+ case MIPS32_EF_R28 ... MIPS32_EF_R31:
+ regs->regs[i - MIPS32_EF_R0] = (s32)uregs[i];
+ break;
+ case MIPS32_EF_LO:
+ regs->lo = (s32)uregs[i];
+ break;
+ case MIPS32_EF_HI:
+ regs->hi = (s32)uregs[i];
+ break;
+ case MIPS32_EF_CP0_EPC:
+ regs->cp0_epc = (s32)uregs[i];
+ break;
+ }
+ }
return 0;
}
+#endif /* CONFIG_32BIT || CONFIG_MIPS32_O32 */
+
+#ifdef CONFIG_64BIT
+
+static int gpr64_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+{
+ struct pt_regs *regs = task_pt_regs(target);
+ u64 uregs[ELF_NGREG] = {};
+ unsigned i;
+
+ for (i = MIPS64_EF_R1; i <= MIPS64_EF_R31; i++) {
+ /* k0/k1 are copied as zero. */
+ if (i == MIPS64_EF_R26 || i == MIPS64_EF_R27)
+ continue;
+
+ uregs[i] = regs->regs[i - MIPS64_EF_R0];
+ }
+
+ uregs[MIPS64_EF_LO] = regs->lo;
+ uregs[MIPS64_EF_HI] = regs->hi;
+ uregs[MIPS64_EF_CP0_EPC] = regs->cp0_epc;
+ uregs[MIPS64_EF_CP0_BADVADDR] = regs->cp0_badvaddr;
+ uregs[MIPS64_EF_CP0_STATUS] = regs->cp0_status;
+ uregs[MIPS64_EF_CP0_CAUSE] = regs->cp0_cause;
+
+ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0,
+ sizeof(uregs));
+}
+
+static int gpr64_set(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+{
+ struct pt_regs *regs = task_pt_regs(target);
+ u64 uregs[ELF_NGREG];
+ unsigned start, num_regs, i;
+ int err;
+
+ start = pos / sizeof(u64);
+ num_regs = count / sizeof(u64);
+
+ if (start + num_regs > ELF_NGREG)
+ return -EIO;
+
+ err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0,
+ sizeof(uregs));
+ if (err)
+ return err;
+
+ for (i = start; i < num_regs; i++) {
+ switch (i) {
+ case MIPS64_EF_R1 ... MIPS64_EF_R25:
+ /* k0/k1 are ignored. */
+ case MIPS64_EF_R28 ... MIPS64_EF_R31:
+ regs->regs[i - MIPS64_EF_R0] = uregs[i];
+ break;
+ case MIPS64_EF_LO:
+ regs->lo = uregs[i];
+ break;
+ case MIPS64_EF_HI:
+ regs->hi = uregs[i];
+ break;
+ case MIPS64_EF_CP0_EPC:
+ regs->cp0_epc = uregs[i];
+ break;
+ }
+ }
+
+ return 0;
+}
+
+#endif /* CONFIG_64BIT */
+
static int fpr_get(struct task_struct *target,
const struct user_regset *regset,
unsigned int pos, unsigned int count,
@@ -323,14 +447,16 @@ enum mips_regset {
REGSET_FPR,
};
+#if defined(CONFIG_32BIT) || defined(CONFIG_MIPS32_O32)
+
static const struct user_regset mips_regsets[] = {
[REGSET_GPR] = {
.core_note_type = NT_PRSTATUS,
.n = ELF_NGREG,
.size = sizeof(unsigned int),
.align = sizeof(unsigned int),
- .get = gpr_get,
- .set = gpr_set,
+ .get = gpr32_get,
+ .set = gpr32_set,
},
[REGSET_FPR] = {
.core_note_type = NT_PRFPREG,
@@ -350,14 +476,18 @@ static const struct user_regset_view user_mips_view = {
.n = ARRAY_SIZE(mips_regsets),
};
+#endif /* CONFIG_32BIT || CONFIG_MIPS32_O32 */
+
+#ifdef CONFIG_64BIT
+
static const struct user_regset mips64_regsets[] = {
[REGSET_GPR] = {
.core_note_type = NT_PRSTATUS,
.n = ELF_NGREG,
.size = sizeof(unsigned long),
.align = sizeof(unsigned long),
- .get = gpr_get,
- .set = gpr_set,
+ .get = gpr64_get,
+ .set = gpr64_set,
},
[REGSET_FPR] = {
.core_note_type = NT_PRFPREG,
@@ -370,25 +500,26 @@ static const struct user_regset mips64_regsets[] = {
};
static const struct user_regset_view user_mips64_view = {
- .name = "mips",
+ .name = "mips64",
.e_machine = ELF_ARCH,
.ei_osabi = ELF_OSABI,
.regsets = mips64_regsets,
- .n = ARRAY_SIZE(mips_regsets),
+ .n = ARRAY_SIZE(mips64_regsets),
};
+#endif /* CONFIG_64BIT */
+
const struct user_regset_view *task_user_regset_view(struct task_struct *task)
{
#ifdef CONFIG_32BIT
return &user_mips_view;
-#endif
-
+#else
#ifdef CONFIG_MIPS32_O32
- if (test_tsk_thread_flag(task, TIF_32BIT_REGS))
- return &user_mips_view;
+ if (test_tsk_thread_flag(task, TIF_32BIT_REGS))
+ return &user_mips_view;
#endif
-
return &user_mips64_view;
+#endif
}
long arch_ptrace(struct task_struct *child, long request,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 119/187] md/raid1,raid10: always abort recover on write error.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (117 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 118/187] MIPS: ptrace: Change GP regset to use correct core dump register layout Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 120/187] ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct Kamal Mostafa
` (68 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: NeilBrown, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.de>
commit 2446dba03f9dabe0b477a126cbeb377854785b47 upstream.
Currently we don't abort recovery on a write error if the write error
to the recovering device was triggerd by normal IO (as opposed to
recovery IO).
This means that for one bitmap region, the recovery might write to the
recovering device for a few sectors, then not bother for subsequent
sectors (as it never writes to failed devices). In this case
the bitmap bit will be cleared, but it really shouldn't.
The result is that if the recovering device fails and is then re-added
(after fixing whatever hardware problem triggerred the failure),
the second recovery won't redo the region it was in the middle of,
so some of the device will not be recovered properly.
If we abort the recovery, the region being processes will be cancelled
(bit not cleared) and the whole region will be retried.
As the bug can result in data corruption the patch is suitable for
-stable. For kernels prior to 3.11 there is a conflict in raid10.c
which will require care.
Original-from: jiao hui <jiaohui@bwstor.com.cn>
Reported-and-tested-by: jiao hui <jiaohui@bwstor.com.cn>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/md/raid1.c | 8 ++++----
drivers/md/raid10.c | 11 +++++------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 5166401..f4d5e52 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1500,12 +1500,12 @@ static void error(struct mddev *mddev, struct md_rdev *rdev)
mddev->degraded++;
set_bit(Faulty, &rdev->flags);
spin_unlock_irqrestore(&conf->device_lock, flags);
- /*
- * if recovery is running, make sure it aborts.
- */
- set_bit(MD_RECOVERY_INTR, &mddev->recovery);
} else
set_bit(Faulty, &rdev->flags);
+ /*
+ * if recovery is running, make sure it aborts.
+ */
+ set_bit(MD_RECOVERY_INTR, &mddev->recovery);
set_bit(MD_CHANGE_DEVS, &mddev->flags);
printk(KERN_ALERT
"md/raid1:%s: Disk failure on %s, disabling device.\n"
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 06eeb99..496a46e 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1698,13 +1698,12 @@ static void error(struct mddev *mddev, struct md_rdev *rdev)
spin_unlock_irqrestore(&conf->device_lock, flags);
return;
}
- if (test_and_clear_bit(In_sync, &rdev->flags)) {
+ if (test_and_clear_bit(In_sync, &rdev->flags))
mddev->degraded++;
- /*
- * if recovery is running, make sure it aborts.
- */
- set_bit(MD_RECOVERY_INTR, &mddev->recovery);
- }
+ /*
+ * If recovery is running, make sure it aborts.
+ */
+ set_bit(MD_RECOVERY_INTR, &mddev->recovery);
set_bit(Blocked, &rdev->flags);
set_bit(Faulty, &rdev->flags);
set_bit(MD_CHANGE_DEVS, &mddev->flags);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 120/187] ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (118 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 119/187] md/raid1,raid10: always abort recover on write error Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-17 11:13 ` Ben Hutchings
2014-09-15 22:08 ` [PATCH 3.13 121/187] hwmon: (lm85) Fix various errors on attribute writes Kamal Mostafa
` (67 subsequent siblings)
187 siblings, 1 reply; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Theodore Ts'o, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit 86f0afd463215fc3e58020493482faa4ac3a4d69 upstream.
If there is a failure while allocating the preallocation structure, a
number of blocks can end up getting marked in the in-memory buddy
bitmap, and then not getting released. This can result in the
following corruption getting reported by the kernel:
EXT4-fs error (device sda3): ext4_mb_generate_buddy:758: group 1126,
12793 clusters in bitmap, 12729 in gd
In that case, we need to release the blocks using mb_free_blocks().
Tested: fs smoke test; also demonstrated that with injected errors,
the file system is no longer getting corrupted
Google-Bug-Id: 16657874
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/ext4/mballoc.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 502f0fd..795d5af 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -3196,8 +3196,27 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
static void ext4_discard_allocated_blocks(struct ext4_allocation_context *ac)
{
struct ext4_prealloc_space *pa = ac->ac_pa;
+ struct ext4_buddy e4b;
+ int err;
- if (pa && pa->pa_type == MB_INODE_PA)
+ if (pa == NULL) {
+ err = ext4_mb_load_buddy(ac->ac_sb, ac->ac_f_ex.fe_group, &e4b);
+ if (err) {
+ /*
+ * This should never happen since we pin the
+ * pages in the ext4_allocation_context so
+ * ext4_mb_load_buddy() should never fail.
+ */
+ WARN(1, "mb_load_buddy failed (%d)", err);
+ return;
+ }
+ ext4_lock_group(ac->ac_sb, ac->ac_f_ex.fe_group);
+ mb_free_blocks(ac->ac_inode, &e4b, ac->ac_f_ex.fe_start,
+ ac->ac_f_ex.fe_len);
+ ext4_unlock_group(ac->ac_sb, ac->ac_f_ex.fe_group);
+ return;
+ }
+ if (pa->pa_type == MB_INODE_PA)
pa->pa_free += ac->ac_b_ex.fe_len;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 121/187] hwmon: (lm85) Fix various errors on attribute writes
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (119 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 120/187] ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 122/187] hwmon: (lm78) Fix overflow problems seen when writing large temperature limits Kamal Mostafa
` (66 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
commit 3248c3b771ddd9d31695da17ba350eb6e1b80a53 upstream.
Temperature limit register writes did not account for negative numbers.
As a result, writing -127000 resulted in -126000 written into the
temperature limit register. This problem affected temp[1-3]_min,
temp[1-3]_max, temp[1-3]_auto_temp_crit, and temp[1-3]_auto_temp_min.
When writing pwm[1-3]_freq, a long variable was auto-converted into an int
without range check. Wiring values larger than MAXINT resulted in unexpected
register values.
When writing temp[1-3]_auto_temp_max, an unsigned long variable was
auto-converted into an int without range check. Writing values larger than
MAXINT resulted in unexpected register values.
vrm is an u8, so the written value needs to be limited to [0, 255].
Cc: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/lm85.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/hwmon/lm85.c b/drivers/hwmon/lm85.c
index 3894c40..b9d6e7d 100644
--- a/drivers/hwmon/lm85.c
+++ b/drivers/hwmon/lm85.c
@@ -158,7 +158,7 @@ static inline u16 FAN_TO_REG(unsigned long val)
/* Temperature is reported in .001 degC increments */
#define TEMP_TO_REG(val) \
- clamp_val(SCALE(val, 1000, 1), -127, 127)
+ DIV_ROUND_CLOSEST(clamp_val((val), -127000, 127000), 1000)
#define TEMPEXT_FROM_REG(val, ext) \
SCALE(((val) << 4) + (ext), 16, 1000)
#define TEMP_FROM_REG(val) ((val) * 1000)
@@ -192,7 +192,7 @@ static const int lm85_range_map[] = {
13300, 16000, 20000, 26600, 32000, 40000, 53300, 80000
};
-static int RANGE_TO_REG(int range)
+static int RANGE_TO_REG(long range)
{
int i;
@@ -214,7 +214,7 @@ static const int adm1027_freq_map[8] = { /* 1 Hz */
11, 15, 22, 29, 35, 44, 59, 88
};
-static int FREQ_TO_REG(const int *map, int freq)
+static int FREQ_TO_REG(const int *map, unsigned long freq)
{
int i;
@@ -463,6 +463,9 @@ static ssize_t store_vrm_reg(struct device *dev, struct device_attribute *attr,
if (err)
return err;
+ if (val > 255)
+ return -EINVAL;
+
data->vrm = val;
return count;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 122/187] hwmon: (lm78) Fix overflow problems seen when writing large temperature limits
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (120 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 121/187] hwmon: (lm85) Fix various errors on attribute writes Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 123/187] hwmon: (amc6821) Fix possible race condition bug Kamal Mostafa
` (65 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
commit 1074d683a51f1aded3562add9ef313e75d557327 upstream.
On platforms with sizeof(int) < sizeof(long), writing a temperature
limit larger than MAXINT will result in unpredictable limit values
written to the chip. Avoid auto-conversion from long to int to fix
the problem.
Cc: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/lm78.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/lm78.c b/drivers/hwmon/lm78.c
index a2f3b4a..b879427 100644
--- a/drivers/hwmon/lm78.c
+++ b/drivers/hwmon/lm78.c
@@ -108,7 +108,7 @@ static inline int FAN_FROM_REG(u8 val, int div)
* TEMP: mC (-128C to +127C)
* REG: 1C/bit, two's complement
*/
-static inline s8 TEMP_TO_REG(int val)
+static inline s8 TEMP_TO_REG(long val)
{
int nval = clamp_val(val, -128000, 127000) ;
return nval < 0 ? (nval - 500) / 1000 : (nval + 500) / 1000;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 123/187] hwmon: (amc6821) Fix possible race condition bug
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (121 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 122/187] hwmon: (lm78) Fix overflow problems seen when writing large temperature limits Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 124/187] MIPS: GIC: Prevent array overrun Kamal Mostafa
` (64 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit cf44819c98db11163f58f08b822d626c7a8f5188 upstream.
Ensure mutex lock protects the read-modify-write period to prevent possible
race condition bug.
In additional, update data->valid should also be protected by the mutex lock.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/amc6821.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/hwmon/amc6821.c b/drivers/hwmon/amc6821.c
index 9f2be3d..8a67ec6 100644
--- a/drivers/hwmon/amc6821.c
+++ b/drivers/hwmon/amc6821.c
@@ -360,11 +360,13 @@ static ssize_t set_pwm1_enable(
if (config)
return config;
+ mutex_lock(&data->update_lock);
config = i2c_smbus_read_byte_data(client, AMC6821_REG_CONF1);
if (config < 0) {
dev_err(&client->dev,
"Error reading configuration register, aborting.\n");
- return config;
+ count = config;
+ goto unlock;
}
switch (val) {
@@ -381,14 +383,15 @@ static ssize_t set_pwm1_enable(
config |= AMC6821_CONF1_FDRC1;
break;
default:
- return -EINVAL;
+ count = -EINVAL;
+ goto unlock;
}
- mutex_lock(&data->update_lock);
if (i2c_smbus_write_byte_data(client, AMC6821_REG_CONF1, config)) {
dev_err(&client->dev,
"Configuration register write error, aborting.\n");
count = -EIO;
}
+unlock:
mutex_unlock(&data->update_lock);
return count;
}
@@ -493,8 +496,9 @@ static ssize_t set_temp_auto_point_temp(
return -EINVAL;
}
- data->valid = 0;
mutex_lock(&data->update_lock);
+ data->valid = 0;
+
switch (ix) {
case 0:
ptemp[0] = clamp_val(val / 1000, 0,
@@ -658,13 +662,14 @@ static ssize_t set_fan1_div(
if (config)
return config;
+ mutex_lock(&data->update_lock);
config = i2c_smbus_read_byte_data(client, AMC6821_REG_CONF4);
if (config < 0) {
dev_err(&client->dev,
"Error reading configuration register, aborting.\n");
- return config;
+ count = config;
+ goto EXIT;
}
- mutex_lock(&data->update_lock);
switch (val) {
case 2:
config &= ~AMC6821_CONF4_PSPR;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 124/187] MIPS: GIC: Prevent array overrun
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (122 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 123/187] hwmon: (amc6821) Fix possible race condition bug Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 125/187] mnt: Add tests for unprivileged remount cases that have found to be faulty Kamal Mostafa
` (63 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jeffrey Deans, Markos Chandras, linux-mips, Ralf Baechle, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeffrey Deans <jeffrey.deans@imgtec.com>
commit ffc8415afab20bd97754efae6aad1f67b531132b upstream.
A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK
mapping causes the cpu parameter to gic_setup_intr() to be increased
to 32, causing memory corruption when pcpu_masks[] is written to again
later in the function.
Signed-off-by: Jeffrey Deans <jeffrey.deans@imgtec.com>
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7375/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/kernel/irq-gic.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/mips/kernel/irq-gic.c b/arch/mips/kernel/irq-gic.c
index 5b5ddb2..78f1843 100644
--- a/arch/mips/kernel/irq-gic.c
+++ b/arch/mips/kernel/irq-gic.c
@@ -255,11 +255,13 @@ static void __init gic_setup_intr(unsigned int intr, unsigned int cpu,
/* Setup Intr to Pin mapping */
if (pin & GIC_MAP_TO_NMI_MSK) {
+ int i;
+
GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin);
/* FIXME: hack to route NMI to all cpu's */
- for (cpu = 0; cpu < NR_CPUS; cpu += 32) {
+ for (i = 0; i < NR_CPUS; i += 32) {
GICWRITE(GIC_REG_ADDR(SHARED,
- GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)),
+ GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)),
0xffffffff);
}
} else {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 125/187] mnt: Add tests for unprivileged remount cases that have found to be faulty
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (123 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 124/187] MIPS: GIC: Prevent array overrun Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 126/187] ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX rev3.1.2 case Kamal Mostafa
` (62 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Eric W. Biederman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit db181ce011e3c033328608299cd6fac06ea50130 upstream.
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
read-only bind mount read-only in a user namespace the
MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
to the remount a read-only mount read-write.
Upon review of the code in remount it was discovered that the code allowed
nosuid, noexec, and nodev to be cleared. It was also discovered that
the code was allowing the per mount atime flags to be changed.
The first naive patch to fix these issues contained the flaw that using
default atime settings when remounting a filesystem could be disallowed.
To avoid this problems in the future add tests to ensure unprivileged
remounts are succeeding and failing at the appropriate times.
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/mount/Makefile | 17 ++
.../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++
3 files changed, 260 insertions(+)
create mode 100644 tools/testing/selftests/mount/Makefile
create mode 100644 tools/testing/selftests/mount/unprivileged-remount-test.c
diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
index 9f3eae2..2d9ab94 100644
--- a/tools/testing/selftests/Makefile
+++ b/tools/testing/selftests/Makefile
@@ -4,6 +4,7 @@ TARGETS += efivarfs
TARGETS += kcmp
TARGETS += memory-hotplug
TARGETS += mqueue
+TARGETS += mount
TARGETS += net
TARGETS += ptrace
TARGETS += timers
diff --git a/tools/testing/selftests/mount/Makefile b/tools/testing/selftests/mount/Makefile
new file mode 100644
index 0000000..337d853
--- /dev/null
+++ b/tools/testing/selftests/mount/Makefile
@@ -0,0 +1,17 @@
+# Makefile for mount selftests.
+
+all: unprivileged-remount-test
+
+unprivileged-remount-test: unprivileged-remount-test.c
+ gcc -Wall -O2 unprivileged-remount-test.c -o unprivileged-remount-test
+
+# Allow specific tests to be selected.
+test_unprivileged_remount: unprivileged-remount-test
+ @if [ -f /proc/self/uid_map ] ; then ./unprivileged-remount-test ; fi
+
+run_tests: all test_unprivileged_remount
+
+clean:
+ rm -f unprivileged-remount-test
+
+.PHONY: all test_unprivileged_remount
diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
new file mode 100644
index 0000000..1b3ff2f
--- /dev/null
+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
@@ -0,0 +1,242 @@
+#define _GNU_SOURCE
+#include <sched.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+#include <sys/wait.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <stdbool.h>
+#include <stdarg.h>
+
+#ifndef CLONE_NEWNS
+# define CLONE_NEWNS 0x00020000
+#endif
+#ifndef CLONE_NEWUTS
+# define CLONE_NEWUTS 0x04000000
+#endif
+#ifndef CLONE_NEWIPC
+# define CLONE_NEWIPC 0x08000000
+#endif
+#ifndef CLONE_NEWNET
+# define CLONE_NEWNET 0x40000000
+#endif
+#ifndef CLONE_NEWUSER
+# define CLONE_NEWUSER 0x10000000
+#endif
+#ifndef CLONE_NEWPID
+# define CLONE_NEWPID 0x20000000
+#endif
+
+#ifndef MS_RELATIME
+#define MS_RELATIME (1 << 21)
+#endif
+#ifndef MS_STRICTATIME
+#define MS_STRICTATIME (1 << 24)
+#endif
+
+static void die(char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ exit(EXIT_FAILURE);
+}
+
+static void write_file(char *filename, char *fmt, ...)
+{
+ char buf[4096];
+ int fd;
+ ssize_t written;
+ int buf_len;
+ va_list ap;
+
+ va_start(ap, fmt);
+ buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ if (buf_len < 0) {
+ die("vsnprintf failed: %s\n",
+ strerror(errno));
+ }
+ if (buf_len >= sizeof(buf)) {
+ die("vsnprintf output truncated\n");
+ }
+
+ fd = open(filename, O_WRONLY);
+ if (fd < 0) {
+ die("open of %s failed: %s\n",
+ filename, strerror(errno));
+ }
+ written = write(fd, buf, buf_len);
+ if (written != buf_len) {
+ if (written >= 0) {
+ die("short write to %s\n", filename);
+ } else {
+ die("write to %s failed: %s\n",
+ filename, strerror(errno));
+ }
+ }
+ if (close(fd) != 0) {
+ die("close of %s failed: %s\n",
+ filename, strerror(errno));
+ }
+}
+
+static void create_and_enter_userns(void)
+{
+ uid_t uid;
+ gid_t gid;
+
+ uid = getuid();
+ gid = getgid();
+
+ if (unshare(CLONE_NEWUSER) !=0) {
+ die("unshare(CLONE_NEWUSER) failed: %s\n",
+ strerror(errno));
+ }
+
+ write_file("/proc/self/uid_map", "0 %d 1", uid);
+ write_file("/proc/self/gid_map", "0 %d 1", gid);
+
+ if (setgroups(0, NULL) != 0) {
+ die("setgroups failed: %s\n",
+ strerror(errno));
+ }
+ if (setgid(0) != 0) {
+ die ("setgid(0) failed %s\n",
+ strerror(errno));
+ }
+ if (setuid(0) != 0) {
+ die("setuid(0) failed %s\n",
+ strerror(errno));
+ }
+}
+
+static
+bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
+{
+ pid_t child;
+
+ child = fork();
+ if (child == -1) {
+ die("fork failed: %s\n",
+ strerror(errno));
+ }
+ if (child != 0) { /* parent */
+ pid_t pid;
+ int status;
+ pid = waitpid(child, &status, 0);
+ if (pid == -1) {
+ die("waitpid failed: %s\n",
+ strerror(errno));
+ }
+ if (pid != child) {
+ die("waited for %d got %d\n",
+ child, pid);
+ }
+ if (!WIFEXITED(status)) {
+ die("child did not terminate cleanly\n");
+ }
+ return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
+ }
+
+ create_and_enter_userns();
+ if (unshare(CLONE_NEWNS) != 0) {
+ die("unshare(CLONE_NEWNS) failed: %s\n",
+ strerror(errno));
+ }
+
+ if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) {
+ die("mount of /tmp failed: %s\n",
+ strerror(errno));
+ }
+
+ create_and_enter_userns();
+
+ if (unshare(CLONE_NEWNS) != 0) {
+ die("unshare(CLONE_NEWNS) failed: %s\n",
+ strerror(errno));
+ }
+
+ if (mount("/tmp", "/tmp", "none",
+ MS_REMOUNT | MS_BIND | remount_flags, NULL) != 0) {
+ /* system("cat /proc/self/mounts"); */
+ die("remount of /tmp failed: %s\n",
+ strerror(errno));
+ }
+
+ if (mount("/tmp", "/tmp", "none",
+ MS_REMOUNT | MS_BIND | invalid_flags, NULL) == 0) {
+ /* system("cat /proc/self/mounts"); */
+ die("remount of /tmp with invalid flags "
+ "succeeded unexpectedly\n");
+ }
+ exit(EXIT_SUCCESS);
+}
+
+static bool test_unpriv_remount_simple(int mount_flags)
+{
+ return test_unpriv_remount(mount_flags, mount_flags, 0);
+}
+
+static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags)
+{
+ return test_unpriv_remount(mount_flags, mount_flags, invalid_flags);
+}
+
+int main(int argc, char **argv)
+{
+ if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) {
+ die("MS_RDONLY malfunctions\n");
+ }
+ if (!test_unpriv_remount_simple(MS_NODEV)) {
+ die("MS_NODEV malfunctions\n");
+ }
+ if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) {
+ die("MS_NOSUID malfunctions\n");
+ }
+ if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) {
+ die("MS_NOEXEC malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_STRICTATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV,
+ MS_STRICTATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV,
+ MS_STRICTATIME|MS_NODEV))
+ {
+ die("MS_RELATIME malfunctions\n");
+ }
+ if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV,
+ MS_NOATIME|MS_NODEV))
+ {
+ die("Default atime malfunctions\n");
+ }
+ return EXIT_SUCCESS;
+}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 126/187] ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX rev3.1.2 case.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (124 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 125/187] mnt: Add tests for unprivileged remount cases that have found to be faulty Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 127/187] netlabel: fix a problem when setting bits below the previously lowest bit Kamal Mostafa
` (61 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jeremy Vial, Tony Lindgren, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeremy Vial <jvial@adeneo-embedded.com>
commit 9b5f7428f8b16bd8980213f2b70baf1dd0b9e36c upstream.
According to the comment “restore_es3: applies to 34xx >= ES3.0" in
"arch/arm/mach-omap2/sleep34xx.S”, omap3_restore_es3 should be used
if the revision of an OMAP34xx is ES3.1.2.
Signed-off-by: Jeremy Vial <jvial@adeneo-embedded.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/arm/mach-omap2/control.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-omap2/control.c b/arch/arm/mach-omap2/control.c
index 44bb4d5..89cde07 100644
--- a/arch/arm/mach-omap2/control.c
+++ b/arch/arm/mach-omap2/control.c
@@ -314,7 +314,8 @@ void omap3_save_scratchpad_contents(void)
scratchpad_contents.public_restore_ptr =
virt_to_phys(omap3_restore_3630);
else if (omap_rev() != OMAP3430_REV_ES3_0 &&
- omap_rev() != OMAP3430_REV_ES3_1)
+ omap_rev() != OMAP3430_REV_ES3_1 &&
+ omap_rev() != OMAP3430_REV_ES3_1_2)
scratchpad_contents.public_restore_ptr =
virt_to_phys(omap3_restore);
else
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 127/187] netlabel: fix a problem when setting bits below the previously lowest bit
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (125 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 126/187] ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX rev3.1.2 case Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 128/187] netlabel: fix the horribly broken catmap functions Kamal Mostafa
` (60 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paul Moore, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Moore <pmoore@redhat.com>
commit 41c3bd2039e0d7b3dc32313141773f20716ec524 upstream.
The NetLabel category (catmap) functions have a problem in that they
assume categories will be set in an increasing manner, e.g. the next
category set will always be larger than the last. Unfortunately, this
is not a valid assumption and could result in problems when attempting
to set categories less than the startbit in the lowest catmap node.
In some cases kernel panics and other nasties can result.
This patch corrects the problem by checking for this and allocating a
new catmap node instance and placing it at the front of the list.
Reported-by: Christian Evans <frodox@zoho.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/netlabel.h | 8 ++++----
net/ipv4/cipso_ipv4.c | 6 +++---
net/netlabel/netlabel_kapi.c | 26 ++++++++++++++++++--------
security/smack/smack_access.c | 2 +-
4 files changed, 26 insertions(+), 16 deletions(-)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 2c95d55..28400bd 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -395,10 +395,10 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset);
int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset);
-int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap,
+int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
gfp_t flags);
-int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
+int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap,
u32 start,
u32 end,
gfp_t flags);
@@ -506,14 +506,14 @@ static inline int netlbl_secattr_catmap_walk_rng(
return -ENOENT;
}
static inline int netlbl_secattr_catmap_setbit(
- struct netlbl_lsm_secattr_catmap *catmap,
+ struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
gfp_t flags)
{
return 0;
}
static inline int netlbl_secattr_catmap_setrng(
- struct netlbl_lsm_secattr_catmap *catmap,
+ struct netlbl_lsm_secattr_catmap **catmap,
u32 start,
u32 end,
gfp_t flags)
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 667c1d4..78856ca 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -974,7 +974,7 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
return -EPERM;
break;
}
- ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat,
+ ret_val = netlbl_secattr_catmap_setbit(&secattr->attr.mls.cat,
host_spot,
GFP_ATOMIC);
if (ret_val != 0)
@@ -1076,7 +1076,7 @@ static int cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def,
u32 iter;
for (iter = 0; iter < net_cat_len; iter += 2) {
- ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat,
+ ret_val = netlbl_secattr_catmap_setbit(&secattr->attr.mls.cat,
get_unaligned_be16(&net_cat[iter]),
GFP_ATOMIC);
if (ret_val != 0)
@@ -1218,7 +1218,7 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def,
else
cat_low = 0;
- ret_val = netlbl_secattr_catmap_setrng(secattr->attr.mls.cat,
+ ret_val = netlbl_secattr_catmap_setrng(&secattr->attr.mls.cat,
cat_low,
cat_high,
GFP_ATOMIC);
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index dce1beb..82c7fca 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -523,7 +523,7 @@ int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
/**
* netlbl_secattr_catmap_setbit - Set a bit in a LSM secattr catmap
- * @catmap: the category bitmap
+ * @catmap: pointer to the category bitmap
* @bit: the bit to set
* @flags: memory allocation flags
*
@@ -532,18 +532,25 @@ int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
* negative values on failure.
*
*/
-int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap,
+int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
gfp_t flags)
{
- struct netlbl_lsm_secattr_catmap *iter = catmap;
+ struct netlbl_lsm_secattr_catmap *iter = *catmap;
u32 node_bit;
u32 node_idx;
while (iter->next != NULL &&
bit >= (iter->startbit + NETLBL_CATMAP_SIZE))
iter = iter->next;
- if (bit >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
+ if (bit < iter->startbit) {
+ iter = netlbl_secattr_catmap_alloc(flags);
+ if (iter == NULL)
+ return -ENOMEM;
+ iter->next = *catmap;
+ iter->startbit = bit & ~(NETLBL_CATMAP_SIZE - 1);
+ *catmap = iter;
+ } else if (bit >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
iter->next = netlbl_secattr_catmap_alloc(flags);
if (iter->next == NULL)
return -ENOMEM;
@@ -561,7 +568,7 @@ int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap,
/**
* netlbl_secattr_catmap_setrng - Set a range of bits in a LSM secattr catmap
- * @catmap: the category bitmap
+ * @catmap: pointer to the category bitmap
* @start: the starting bit
* @end: the last bit in the string
* @flags: memory allocation flags
@@ -571,15 +578,16 @@ int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap,
* on success, negative values on failure.
*
*/
-int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
+int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap,
u32 start,
u32 end,
gfp_t flags)
{
int ret_val = 0;
- struct netlbl_lsm_secattr_catmap *iter = catmap;
+ struct netlbl_lsm_secattr_catmap *iter = *catmap;
u32 iter_max_spot;
u32 spot;
+ u32 orig_spot = iter->startbit;
/* XXX - This could probably be made a bit faster by combining writes
* to the catmap instead of setting a single bit each time, but for
@@ -597,7 +605,9 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
iter = iter->next;
iter_max_spot = iter->startbit + NETLBL_CATMAP_SIZE;
}
- ret_val = netlbl_secattr_catmap_setbit(iter, spot, flags);
+ ret_val = netlbl_secattr_catmap_setbit(&iter, spot, flags);
+ if (iter->startbit < orig_spot)
+ *catmap = iter;
}
return ret_val;
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 14293cd..9ecf4f4 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -444,7 +444,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
for (m = 0x80; m != 0; m >>= 1, cat++) {
if ((m & *cp) == 0)
continue;
- rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
+ rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat,
cat, GFP_ATOMIC);
if (rc < 0) {
netlbl_secattr_catmap_free(sap->attr.mls.cat);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 128/187] netlabel: fix the horribly broken catmap functions
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (126 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 127/187] netlabel: fix a problem when setting bits below the previously lowest bit Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 129/187] netlabel: fix the catmap walking functions Kamal Mostafa
` (59 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paul Moore, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Moore <pmoore@redhat.com>
commit 4b8feff251da3d7058b5779e21b33a85c686b974 upstream.
The NetLabel secattr catmap functions, and the SELinux import/export
glue routines, were broken in many horrible ways and the SELinux glue
code fiddled with the NetLabel catmap structures in ways that we
probably shouldn't allow. At some point this "worked", but that was
likely due to a bit of dumb luck and sub-par testing (both inflicted
by yours truly). This patch corrects these problems by basically
gutting the code in favor of something less obtuse and restoring the
NetLabel abstractions in the SELinux catmap glue code.
Everything is working now, and if it decides to break itself in the
future this code will be much easier to debug than the code it
replaces.
One noteworthy side effect of the changes is that it is no longer
necessary to allocate a NetLabel catmap before calling one of the
NetLabel APIs to set a bit in the catmap. NetLabel will automatically
allocate the catmap nodes when needed, resulting in less allocations
when the lowest bit is greater than 255 and less code in the LSMs.
Reported-by: Christian Evans <frodox@zoho.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
include/net/netlabel.h | 26 ++++-
net/ipv4/cipso_ipv4.c | 15 ---
net/netlabel/netlabel_kapi.c | 216 ++++++++++++++++++++++++++++++++----------
security/selinux/ss/ebitmap.c | 127 ++++++++++---------------
security/smack/smack_access.c | 5 +-
5 files changed, 240 insertions(+), 149 deletions(-)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 28400bd..e84d71b 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -286,11 +286,11 @@ static inline void netlbl_secattr_catmap_free(
{
struct netlbl_lsm_secattr_catmap *iter;
- do {
+ while (catmap) {
iter = catmap;
catmap = catmap->next;
kfree(iter);
- } while (catmap);
+ }
}
/**
@@ -395,6 +395,9 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset);
int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset);
+int netlbl_secattr_catmap_getlong(struct netlbl_lsm_secattr_catmap *catmap,
+ u32 *offset,
+ unsigned long *bitmap);
int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
gfp_t flags);
@@ -402,6 +405,10 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap,
u32 start,
u32 end,
gfp_t flags);
+int netlbl_secattr_catmap_setlong(struct netlbl_lsm_secattr_catmap **catmap,
+ u32 offset,
+ unsigned long bitmap,
+ gfp_t flags);
/*
* LSM protocol operations (NetLabel LSM/kernel API)
@@ -505,6 +512,13 @@ static inline int netlbl_secattr_catmap_walk_rng(
{
return -ENOENT;
}
+static inline int netlbl_secattr_catmap_getlong(
+ struct netlbl_lsm_secattr_catmap *catmap,
+ u32 *offset,
+ unsigned long *bitmap)
+{
+ return 0;
+}
static inline int netlbl_secattr_catmap_setbit(
struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
@@ -520,6 +534,14 @@ static inline int netlbl_secattr_catmap_setrng(
{
return 0;
}
+static int netlbl_secattr_catmap_setlong(
+ struct netlbl_lsm_secattr_catmap **catmap,
+ u32 offset,
+ unsigned long bitmap,
+ gfp_t flags)
+{
+ return 0;
+}
static inline int netlbl_enabled(void)
{
return 0;
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 78856ca..d335b667 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1336,11 +1336,6 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def,
secattr->flags |= NETLBL_SECATTR_MLS_LVL;
if (tag_len > 4) {
- secattr->attr.mls.cat =
- netlbl_secattr_catmap_alloc(GFP_ATOMIC);
- if (secattr->attr.mls.cat == NULL)
- return -ENOMEM;
-
ret_val = cipso_v4_map_cat_rbm_ntoh(doi_def,
&tag[4],
tag_len - 4,
@@ -1432,11 +1427,6 @@ static int cipso_v4_parsetag_enum(const struct cipso_v4_doi *doi_def,
secattr->flags |= NETLBL_SECATTR_MLS_LVL;
if (tag_len > 4) {
- secattr->attr.mls.cat =
- netlbl_secattr_catmap_alloc(GFP_ATOMIC);
- if (secattr->attr.mls.cat == NULL)
- return -ENOMEM;
-
ret_val = cipso_v4_map_cat_enum_ntoh(doi_def,
&tag[4],
tag_len - 4,
@@ -1527,11 +1517,6 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def,
secattr->flags |= NETLBL_SECATTR_MLS_LVL;
if (tag_len > 4) {
- secattr->attr.mls.cat =
- netlbl_secattr_catmap_alloc(GFP_ATOMIC);
- if (secattr->attr.mls.cat == NULL)
- return -ENOMEM;
-
ret_val = cipso_v4_map_cat_rng_ntoh(doi_def,
&tag[4],
tag_len - 4,
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 82c7fca..21af4b9 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -406,6 +406,63 @@ out_entry:
* Security Attribute Functions
*/
+#define _CM_F_NONE 0x00000000
+#define _CM_F_ALLOC 0x00000001
+
+/**
+ * _netlbl_secattr_catmap_getnode - Get a individual node from a catmap
+ * @catmap: pointer to the category bitmap
+ * @offset: the requested offset
+ * @cm_flags: catmap flags, see _CM_F_*
+ * @gfp_flags: memory allocation flags
+ *
+ * Description:
+ * Iterate through the catmap looking for the node associated with @offset; if
+ * the _CM_F_ALLOC flag is set in @cm_flags and there is no associated node,
+ * one will be created and inserted into the catmap. Returns a pointer to the
+ * node on success, NULL on failure.
+ *
+ */
+static struct netlbl_lsm_secattr_catmap *_netlbl_secattr_catmap_getnode(
+ struct netlbl_lsm_secattr_catmap **catmap,
+ u32 offset,
+ unsigned int cm_flags,
+ gfp_t gfp_flags)
+{
+ struct netlbl_lsm_secattr_catmap *iter = *catmap;
+ struct netlbl_lsm_secattr_catmap *prev = NULL;
+
+ if (iter == NULL || offset < iter->startbit)
+ goto secattr_catmap_getnode_alloc;
+ while (iter && offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
+ prev = iter;
+ iter = iter->next;
+ }
+ if (iter == NULL || offset < iter->startbit)
+ goto secattr_catmap_getnode_alloc;
+
+ return iter;
+
+secattr_catmap_getnode_alloc:
+ if (!(cm_flags & _CM_F_ALLOC))
+ return NULL;
+
+ iter = netlbl_secattr_catmap_alloc(gfp_flags);
+ if (iter == NULL)
+ return NULL;
+ iter->startbit = offset & ~(NETLBL_CATMAP_SIZE - 1);
+
+ if (prev == NULL) {
+ iter->next = *catmap;
+ *catmap = iter;
+ } else {
+ iter->next = prev->next;
+ prev->next = iter;
+ }
+
+ return iter;
+}
+
/**
* netlbl_secattr_catmap_walk - Walk a LSM secattr catmap looking for a bit
* @catmap: the category bitmap
@@ -522,6 +579,54 @@ int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
}
/**
+ * netlbl_secattr_catmap_getlong - Export an unsigned long bitmap
+ * @catmap: pointer to the category bitmap
+ * @offset: pointer to the requested offset
+ * @bitmap: the exported bitmap
+ *
+ * Description:
+ * Export a bitmap with an offset greater than or equal to @offset and return
+ * it in @bitmap. The @offset must be aligned to an unsigned long and will be
+ * updated on return if different from what was requested; if the catmap is
+ * empty at the requested offset and beyond, the @offset is set to (u32)-1.
+ * Returns zero on sucess, negative values on failure.
+ *
+ */
+int netlbl_secattr_catmap_getlong(struct netlbl_lsm_secattr_catmap *catmap,
+ u32 *offset,
+ unsigned long *bitmap)
+{
+ struct netlbl_lsm_secattr_catmap *iter;
+ u32 off = *offset;
+ u32 idx;
+
+ /* only allow aligned offsets */
+ if ((off & (BITS_PER_LONG - 1)) != 0)
+ return -EINVAL;
+
+ if (off < catmap->startbit) {
+ off = catmap->startbit;
+ *offset = off;
+ }
+ iter = _netlbl_secattr_catmap_getnode(&catmap, off, _CM_F_NONE, 0);
+ if (iter == NULL) {
+ *offset = (u32)-1;
+ return 0;
+ }
+
+ if (off < iter->startbit) {
+ off = iter->startbit;
+ *offset = off;
+ } else
+ off -= iter->startbit;
+
+ idx = off / NETLBL_CATMAP_MAPSIZE;
+ *bitmap = iter->bitmap[idx] >> (off % NETLBL_CATMAP_SIZE);
+
+ return 0;
+}
+
+/**
* netlbl_secattr_catmap_setbit - Set a bit in a LSM secattr catmap
* @catmap: pointer to the category bitmap
* @bit: the bit to set
@@ -536,32 +641,16 @@ int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
gfp_t flags)
{
- struct netlbl_lsm_secattr_catmap *iter = *catmap;
- u32 node_bit;
- u32 node_idx;
+ struct netlbl_lsm_secattr_catmap *iter;
+ u32 idx;
- while (iter->next != NULL &&
- bit >= (iter->startbit + NETLBL_CATMAP_SIZE))
- iter = iter->next;
- if (bit < iter->startbit) {
- iter = netlbl_secattr_catmap_alloc(flags);
- if (iter == NULL)
- return -ENOMEM;
- iter->next = *catmap;
- iter->startbit = bit & ~(NETLBL_CATMAP_SIZE - 1);
- *catmap = iter;
- } else if (bit >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
- iter->next = netlbl_secattr_catmap_alloc(flags);
- if (iter->next == NULL)
- return -ENOMEM;
- iter = iter->next;
- iter->startbit = bit & ~(NETLBL_CATMAP_SIZE - 1);
- }
+ iter = _netlbl_secattr_catmap_getnode(catmap, bit, _CM_F_ALLOC, flags);
+ if (iter == NULL)
+ return -ENOMEM;
- /* gcc always rounds to zero when doing integer division */
- node_idx = (bit - iter->startbit) / NETLBL_CATMAP_MAPSIZE;
- node_bit = bit - iter->startbit - (NETLBL_CATMAP_MAPSIZE * node_idx);
- iter->bitmap[node_idx] |= NETLBL_CATMAP_BIT << node_bit;
+ bit -= iter->startbit;
+ idx = bit / NETLBL_CATMAP_MAPSIZE;
+ iter->bitmap[idx] |= NETLBL_CATMAP_BIT << (bit % NETLBL_CATMAP_MAPSIZE);
return 0;
}
@@ -583,34 +672,61 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap,
u32 end,
gfp_t flags)
{
- int ret_val = 0;
- struct netlbl_lsm_secattr_catmap *iter = *catmap;
- u32 iter_max_spot;
- u32 spot;
- u32 orig_spot = iter->startbit;
-
- /* XXX - This could probably be made a bit faster by combining writes
- * to the catmap instead of setting a single bit each time, but for
- * right now skipping to the start of the range in the catmap should
- * be a nice improvement over calling the individual setbit function
- * repeatedly from a loop. */
-
- while (iter->next != NULL &&
- start >= (iter->startbit + NETLBL_CATMAP_SIZE))
- iter = iter->next;
- iter_max_spot = iter->startbit + NETLBL_CATMAP_SIZE;
-
- for (spot = start; spot <= end && ret_val == 0; spot++) {
- if (spot >= iter_max_spot && iter->next != NULL) {
- iter = iter->next;
- iter_max_spot = iter->startbit + NETLBL_CATMAP_SIZE;
- }
- ret_val = netlbl_secattr_catmap_setbit(&iter, spot, flags);
- if (iter->startbit < orig_spot)
- *catmap = iter;
+ int rc = 0;
+ u32 spot = start;
+
+ while (rc == 0 && spot <= end) {
+ if (((spot & (BITS_PER_LONG - 1)) != 0) &&
+ ((end - spot) > BITS_PER_LONG)) {
+ rc = netlbl_secattr_catmap_setlong(catmap,
+ spot,
+ (unsigned long)-1,
+ flags);
+ spot += BITS_PER_LONG;
+ } else
+ rc = netlbl_secattr_catmap_setbit(catmap,
+ spot++,
+ flags);
}
- return ret_val;
+ return rc;
+}
+
+/**
+ * netlbl_secattr_catmap_setlong - Import an unsigned long bitmap
+ * @catmap: pointer to the category bitmap
+ * @offset: offset to the start of the imported bitmap
+ * @bitmap: the bitmap to import
+ * @flags: memory allocation flags
+ *
+ * Description:
+ * Import the bitmap specified in @bitmap into @catmap, using the offset
+ * in @offset. The offset must be aligned to an unsigned long. Returns zero
+ * on success, negative values on failure.
+ *
+ */
+int netlbl_secattr_catmap_setlong(struct netlbl_lsm_secattr_catmap **catmap,
+ u32 offset,
+ unsigned long bitmap,
+ gfp_t flags)
+{
+ struct netlbl_lsm_secattr_catmap *iter;
+ u32 idx;
+
+ /* only allow aligned offsets */
+ if ((offset & (BITS_PER_LONG - 1)) != 0)
+ return -EINVAL;
+
+ iter = _netlbl_secattr_catmap_getnode(catmap,
+ offset, _CM_F_ALLOC, flags);
+ if (iter == NULL)
+ return -ENOMEM;
+
+ offset -= iter->startbit;
+ idx = offset / NETLBL_CATMAP_MAPSIZE;
+ iter->bitmap[idx] |= bitmap << (offset % NETLBL_CATMAP_MAPSIZE);
+
+ return 0;
}
/*
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 820313a..842deca 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -89,48 +89,33 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
struct netlbl_lsm_secattr_catmap **catmap)
{
struct ebitmap_node *e_iter = ebmap->node;
- struct netlbl_lsm_secattr_catmap *c_iter;
- u32 cmap_idx, cmap_sft;
- int i;
-
- /* NetLabel's NETLBL_CATMAP_MAPTYPE is defined as an array of u64,
- * however, it is not always compatible with an array of unsigned long
- * in ebitmap_node.
- * In addition, you should pay attention the following implementation
- * assumes unsigned long has a width equal with or less than 64-bit.
- */
+ unsigned long e_map;
+ u32 offset;
+ unsigned int iter;
+ int rc;
if (e_iter == NULL) {
*catmap = NULL;
return 0;
}
- c_iter = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
- if (c_iter == NULL)
- return -ENOMEM;
- *catmap = c_iter;
- c_iter->startbit = e_iter->startbit & ~(NETLBL_CATMAP_SIZE - 1);
+ if (*catmap != NULL)
+ netlbl_secattr_catmap_free(*catmap);
+ *catmap = NULL;
while (e_iter) {
- for (i = 0; i < EBITMAP_UNIT_NUMS; i++) {
- unsigned int delta, e_startbit, c_endbit;
-
- e_startbit = e_iter->startbit + i * EBITMAP_UNIT_SIZE;
- c_endbit = c_iter->startbit + NETLBL_CATMAP_SIZE;
- if (e_startbit >= c_endbit) {
- c_iter->next
- = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
- if (c_iter->next == NULL)
+ offset = e_iter->startbit;
+ for (iter = 0; iter < EBITMAP_UNIT_NUMS; iter++) {
+ e_map = e_iter->maps[iter];
+ if (e_map != 0) {
+ rc = netlbl_secattr_catmap_setlong(catmap,
+ offset,
+ e_map,
+ GFP_ATOMIC);
+ if (rc != 0)
goto netlbl_export_failure;
- c_iter = c_iter->next;
- c_iter->startbit
- = e_startbit & ~(NETLBL_CATMAP_SIZE - 1);
}
- delta = e_startbit - c_iter->startbit;
- cmap_idx = delta / NETLBL_CATMAP_MAPSIZE;
- cmap_sft = delta % NETLBL_CATMAP_MAPSIZE;
- c_iter->bitmap[cmap_idx]
- |= e_iter->maps[i] << cmap_sft;
+ offset += EBITMAP_UNIT_SIZE;
}
e_iter = e_iter->next;
}
@@ -155,56 +140,42 @@ netlbl_export_failure:
int ebitmap_netlbl_import(struct ebitmap *ebmap,
struct netlbl_lsm_secattr_catmap *catmap)
{
+ int rc;
struct ebitmap_node *e_iter = NULL;
- struct ebitmap_node *emap_prev = NULL;
- struct netlbl_lsm_secattr_catmap *c_iter = catmap;
- u32 c_idx, c_pos, e_idx, e_sft;
-
- /* NetLabel's NETLBL_CATMAP_MAPTYPE is defined as an array of u64,
- * however, it is not always compatible with an array of unsigned long
- * in ebitmap_node.
- * In addition, you should pay attention the following implementation
- * assumes unsigned long has a width equal with or less than 64-bit.
- */
-
- do {
- for (c_idx = 0; c_idx < NETLBL_CATMAP_MAPCNT; c_idx++) {
- unsigned int delta;
- u64 map = c_iter->bitmap[c_idx];
-
- if (!map)
- continue;
+ struct ebitmap_node *e_prev = NULL;
+ u32 offset = 0, idx;
+ unsigned long bitmap;
+
+ for (;;) {
+ rc = netlbl_secattr_catmap_getlong(catmap, &offset, &bitmap);
+ if (rc < 0)
+ goto netlbl_import_failure;
+ if (offset == (u32)-1)
+ return 0;
- c_pos = c_iter->startbit
- + c_idx * NETLBL_CATMAP_MAPSIZE;
- if (!e_iter
- || c_pos >= e_iter->startbit + EBITMAP_SIZE) {
- e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
- if (!e_iter)
- goto netlbl_import_failure;
- e_iter->startbit
- = c_pos - (c_pos % EBITMAP_SIZE);
- if (emap_prev == NULL)
- ebmap->node = e_iter;
- else
- emap_prev->next = e_iter;
- emap_prev = e_iter;
- }
- delta = c_pos - e_iter->startbit;
- e_idx = delta / EBITMAP_UNIT_SIZE;
- e_sft = delta % EBITMAP_UNIT_SIZE;
- while (map) {
- e_iter->maps[e_idx++] |= map & (-1UL);
- map = EBITMAP_SHIFT_UNIT_SIZE(map);
- }
+ if (e_iter == NULL ||
+ offset >= e_iter->startbit + EBITMAP_SIZE) {
+ e_prev = e_iter;
+ e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
+ if (e_iter == NULL)
+ goto netlbl_import_failure;
+ e_iter->startbit = offset & ~(EBITMAP_SIZE - 1);
+ if (e_prev == NULL)
+ ebmap->node = e_iter;
+ else
+ e_prev->next = e_iter;
+ ebmap->highbit = e_iter->startbit + EBITMAP_SIZE;
}
- c_iter = c_iter->next;
- } while (c_iter);
- if (e_iter != NULL)
- ebmap->highbit = e_iter->startbit + EBITMAP_SIZE;
- else
- ebitmap_destroy(ebmap);
+ /* offset will always be aligned to an unsigned long */
+ idx = EBITMAP_NODE_INDEX(e_iter, offset);
+ e_iter->maps[idx] = bitmap;
+
+ /* next */
+ offset += EBITMAP_UNIT_SIZE;
+ }
+
+ /* NOTE: we should never reach this return */
return 0;
netlbl_import_failure:
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 9ecf4f4..ea1bc50 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -435,10 +435,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
sap->flags |= NETLBL_SECATTR_MLS_CAT;
sap->attr.mls.lvl = level;
- sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
- if (!sap->attr.mls.cat)
- return -ENOMEM;
- sap->attr.mls.cat->startbit = 0;
+ sap->attr.mls.cat = NULL;
for (cat = 1, cp = catset, byte = 0; byte < len; cp++, byte++)
for (m = 0x80; m != 0; m >>= 1, cat++) {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 129/187] netlabel: fix the catmap walking functions
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (127 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 128/187] netlabel: fix the horribly broken catmap functions Kamal Mostafa
@ 2014-09-15 22:08 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 130/187] drivers/i2c/busses: use correct type for dma_map/unmap Kamal Mostafa
` (58 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:08 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Paul Moore, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Moore <pmoore@redhat.com>
commit d960a6184a92c8da70d26355bfcb5bd8ad637743 upstream.
The two NetLabel LSM secattr catmap walk functions didn't handle
certain edge conditions correctly, causing incorrect security labels
to be generated in some cases. This patch corrects these problems and
converts the functions to use the new _netlbl_secattr_catmap_getnode()
function in order to reduce the amount of repeated code.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/netlabel/netlabel_kapi.c | 102 +++++++++++++++++++++++--------------------
1 file changed, 54 insertions(+), 48 deletions(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 21af4b9..929bfc6 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -408,6 +408,7 @@ out_entry:
#define _CM_F_NONE 0x00000000
#define _CM_F_ALLOC 0x00000001
+#define _CM_F_WALK 0x00000002
/**
* _netlbl_secattr_catmap_getnode - Get a individual node from a catmap
@@ -417,10 +418,11 @@ out_entry:
* @gfp_flags: memory allocation flags
*
* Description:
- * Iterate through the catmap looking for the node associated with @offset; if
- * the _CM_F_ALLOC flag is set in @cm_flags and there is no associated node,
- * one will be created and inserted into the catmap. Returns a pointer to the
- * node on success, NULL on failure.
+ * Iterate through the catmap looking for the node associated with @offset.
+ * If the _CM_F_ALLOC flag is set in @cm_flags and there is no associated node,
+ * one will be created and inserted into the catmap. If the _CM_F_WALK flag is
+ * set in @cm_flags and there is no associated node, the next highest node will
+ * be returned. Returns a pointer to the node on success, NULL on failure.
*
*/
static struct netlbl_lsm_secattr_catmap *_netlbl_secattr_catmap_getnode(
@@ -432,17 +434,22 @@ static struct netlbl_lsm_secattr_catmap *_netlbl_secattr_catmap_getnode(
struct netlbl_lsm_secattr_catmap *iter = *catmap;
struct netlbl_lsm_secattr_catmap *prev = NULL;
- if (iter == NULL || offset < iter->startbit)
+ if (iter == NULL)
goto secattr_catmap_getnode_alloc;
+ if (offset < iter->startbit)
+ goto secattr_catmap_getnode_walk;
while (iter && offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
prev = iter;
iter = iter->next;
}
if (iter == NULL || offset < iter->startbit)
- goto secattr_catmap_getnode_alloc;
+ goto secattr_catmap_getnode_walk;
return iter;
+secattr_catmap_getnode_walk:
+ if (cm_flags & _CM_F_WALK)
+ return iter;
secattr_catmap_getnode_alloc:
if (!(cm_flags & _CM_F_ALLOC))
return NULL;
@@ -477,43 +484,41 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset)
{
struct netlbl_lsm_secattr_catmap *iter = catmap;
- u32 node_idx;
- u32 node_bit;
+ u32 idx;
+ u32 bit;
NETLBL_CATMAP_MAPTYPE bitmap;
+ iter = _netlbl_secattr_catmap_getnode(&catmap, offset, _CM_F_WALK, 0);
+ if (iter == NULL)
+ return -ENOENT;
if (offset > iter->startbit) {
- while (offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
- iter = iter->next;
- if (iter == NULL)
- return -ENOENT;
- }
- node_idx = (offset - iter->startbit) / NETLBL_CATMAP_MAPSIZE;
- node_bit = offset - iter->startbit -
- (NETLBL_CATMAP_MAPSIZE * node_idx);
+ offset -= iter->startbit;
+ idx = offset / NETLBL_CATMAP_MAPSIZE;
+ bit = offset % NETLBL_CATMAP_MAPSIZE;
} else {
- node_idx = 0;
- node_bit = 0;
+ idx = 0;
+ bit = 0;
}
- bitmap = iter->bitmap[node_idx] >> node_bit;
+ bitmap = iter->bitmap[idx] >> bit;
for (;;) {
if (bitmap != 0) {
while ((bitmap & NETLBL_CATMAP_BIT) == 0) {
bitmap >>= 1;
- node_bit++;
+ bit++;
}
return iter->startbit +
- (NETLBL_CATMAP_MAPSIZE * node_idx) + node_bit;
+ (NETLBL_CATMAP_MAPSIZE * idx) + bit;
}
- if (++node_idx >= NETLBL_CATMAP_MAPCNT) {
+ if (++idx >= NETLBL_CATMAP_MAPCNT) {
if (iter->next != NULL) {
iter = iter->next;
- node_idx = 0;
+ idx = 0;
} else
return -ENOENT;
}
- bitmap = iter->bitmap[node_idx];
- node_bit = 0;
+ bitmap = iter->bitmap[idx];
+ bit = 0;
}
return -ENOENT;
@@ -533,46 +538,47 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset)
{
- struct netlbl_lsm_secattr_catmap *iter = catmap;
- u32 node_idx;
- u32 node_bit;
+ struct netlbl_lsm_secattr_catmap *iter;
+ struct netlbl_lsm_secattr_catmap *prev = NULL;
+ u32 idx;
+ u32 bit;
NETLBL_CATMAP_MAPTYPE bitmask;
NETLBL_CATMAP_MAPTYPE bitmap;
+ iter = _netlbl_secattr_catmap_getnode(&catmap, offset, _CM_F_WALK, 0);
+ if (iter == NULL)
+ return -ENOENT;
if (offset > iter->startbit) {
- while (offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
- iter = iter->next;
- if (iter == NULL)
- return -ENOENT;
- }
- node_idx = (offset - iter->startbit) / NETLBL_CATMAP_MAPSIZE;
- node_bit = offset - iter->startbit -
- (NETLBL_CATMAP_MAPSIZE * node_idx);
+ offset -= iter->startbit;
+ idx = offset / NETLBL_CATMAP_MAPSIZE;
+ bit = offset % NETLBL_CATMAP_MAPSIZE;
} else {
- node_idx = 0;
- node_bit = 0;
+ idx = 0;
+ bit = 0;
}
- bitmask = NETLBL_CATMAP_BIT << node_bit;
+ bitmask = NETLBL_CATMAP_BIT << bit;
for (;;) {
- bitmap = iter->bitmap[node_idx];
+ bitmap = iter->bitmap[idx];
while (bitmask != 0 && (bitmap & bitmask) != 0) {
bitmask <<= 1;
- node_bit++;
+ bit++;
}
- if (bitmask != 0)
+ if (prev && idx == 0 && bit == 0)
+ return prev->startbit + NETLBL_CATMAP_SIZE - 1;
+ else if (bitmask != 0)
return iter->startbit +
- (NETLBL_CATMAP_MAPSIZE * node_idx) +
- node_bit - 1;
- else if (++node_idx >= NETLBL_CATMAP_MAPCNT) {
+ (NETLBL_CATMAP_MAPSIZE * idx) + bit - 1;
+ else if (++idx >= NETLBL_CATMAP_MAPCNT) {
if (iter->next == NULL)
- return iter->startbit + NETLBL_CATMAP_SIZE - 1;
+ return iter->startbit + NETLBL_CATMAP_SIZE - 1;
+ prev = iter;
iter = iter->next;
- node_idx = 0;
+ idx = 0;
}
bitmask = NETLBL_CATMAP_BIT;
- node_bit = 0;
+ bit = 0;
}
return -ENOENT;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 130/187] drivers/i2c/busses: use correct type for dma_map/unmap
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (128 preceding siblings ...)
2014-09-15 22:08 ` [PATCH 3.13 129/187] netlabel: fix the catmap walking functions Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 131/187] NFSD: Decrease nfsd_users in nfsd_startup_generic fail Kamal Mostafa
` (57 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Wolfram Sang, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Wolfram Sang <wsa@the-dreams.de>
commit 28772ac8711e4d7268c06e765887dd8cb6924f98 upstream.
dma_{un}map_* uses 'enum dma_data_direction' not 'enum dma_transfer_direction'.
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/i2c/busses/i2c-at91.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-at91.c b/drivers/i2c/busses/i2c-at91.c
index 8edba9d..d13d3bb 100644
--- a/drivers/i2c/busses/i2c-at91.c
+++ b/drivers/i2c/busses/i2c-at91.c
@@ -210,7 +210,7 @@ static void at91_twi_write_data_dma_callback(void *data)
struct at91_twi_dev *dev = (struct at91_twi_dev *)data;
dma_unmap_single(dev->dev, sg_dma_address(&dev->dma.sg),
- dev->buf_len, DMA_MEM_TO_DEV);
+ dev->buf_len, DMA_TO_DEVICE);
at91_twi_write(dev, AT91_TWI_CR, AT91_TWI_STOP);
}
@@ -289,7 +289,7 @@ static void at91_twi_read_data_dma_callback(void *data)
struct at91_twi_dev *dev = (struct at91_twi_dev *)data;
dma_unmap_single(dev->dev, sg_dma_address(&dev->dma.sg),
- dev->buf_len, DMA_DEV_TO_MEM);
+ dev->buf_len, DMA_FROM_DEVICE);
/* The last two bytes have to be read without using dma */
dev->buf += dev->buf_len - 2;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 131/187] NFSD: Decrease nfsd_users in nfsd_startup_generic fail
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (129 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 130/187] drivers/i2c/busses: use correct type for dma_map/unmap Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 132/187] MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts Kamal Mostafa
` (56 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Kinglong Mee, J. Bruce Fields, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Kinglong Mee <kinglongmee@gmail.com>
commit d9499a95716db0d4bc9b67e88fd162133e7d6b08 upstream.
A memory allocation failure could cause nfsd_startup_generic to fail, in
which case nfsd_users wouldn't be incorrectly left elevated.
After nfsd restarts nfsd_startup_generic will then succeed without doing
anything--the first consequence is likely nfs4_start_net finding a bad
laundry_wq and crashing.
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Fixes: 4539f14981ce "nfsd: replace boolean nfsd_up flag by users counter"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/nfsd/nfssvc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c
index 760c85a..4942f43 100644
--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -221,7 +221,8 @@ static int nfsd_startup_generic(int nrservs)
*/
ret = nfsd_racache_init(2*nrservs);
if (ret)
- return ret;
+ goto dec_users;
+
ret = nfs4_state_start();
if (ret)
goto out_racache;
@@ -229,6 +230,8 @@ static int nfsd_startup_generic(int nrservs)
out_racache:
nfsd_racache_shutdown();
+dec_users:
+ nfsd_users--;
return ret;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 132/187] MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (130 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 131/187] NFSD: Decrease nfsd_users in nfsd_startup_generic fail Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 133/187] IB/srp: Fix deadlock between host removal and multipathd Kamal Mostafa
` (55 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alex Smith, linux-mips, Ralf Baechle, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Smith <alex.smith@imgtec.com>
commit e90e6fddc57055c4c6b57f92787fea1c065d440b upstream.
On 32-bit/O32, pt_regs has a padding area at the beginning into which the
syscall arguments passed via the user stack are copied. 4 arguments
totalling 16 bytes are copied to offset 16 bytes into this area, however
the area is only 24 bytes long. This means the last 2 arguments overwrite
pt_regs->regs[{0,1}].
If a syscall function returns an error, handle_sys stores the original
syscall number in pt_regs->regs[0] for syscall restart. signal.c checks
whether regs[0] is non-zero, if it is it will check whether the syscall
return value is one of the ERESTART* codes to see if it must be
restarted.
Should a syscall be made that results in a non-zero value being copied
off the user stack into regs[0], and then returns a positive (non-error)
value that matches one of the ERESTART* error codes, this can be mistaken
for requiring a syscall restart.
While the possibility for this to occur has always existed, it is made
much more likely to occur by commit 46e12c07b3b9 ("MIPS: O32 / 32-bit:
Always copy 4 stack arguments."), since now every syscall will copy 4
arguments and overwrite regs[0], rather than just those with 7 or 8
arguments.
Since that commit, booting Debian under a 32-bit MIPS kernel almost
always results in a hang early in boot, due to a wait4 syscall returning
a PID that matches one of the ERESTART* codes, which then causes an
incorrect restart of the syscall.
The problem is fixed by increasing the size of the padding area so that
arguments copied off the stack will not overwrite pt_regs->regs[{0,1}].
Signed-off-by: Alex Smith <alex.smith@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7454/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/mips/include/asm/ptrace.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/ptrace.h b/arch/mips/include/asm/ptrace.h
index 7bba9da..6d019ca 100644
--- a/arch/mips/include/asm/ptrace.h
+++ b/arch/mips/include/asm/ptrace.h
@@ -23,7 +23,7 @@
struct pt_regs {
#ifdef CONFIG_32BIT
/* Pad bytes for argument save space on the stack. */
- unsigned long pad0[6];
+ unsigned long pad0[8];
#endif
/* Saved main processor registers. */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 133/187] IB/srp: Fix deadlock between host removal and multipathd
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (131 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 132/187] MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 134/187] USB: serial: ftdi_sio: Annotate the current Xsens PID assignments Kamal Mostafa
` (54 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Bart Van Assche, Sebastian Parschauer, Roland Dreier, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
commit bcc05910359183b431da92713e98eed478edf83a upstream.
If scsi_remove_host() is invoked after a SCSI device has been blocked,
if the fast_io_fail_tmo or dev_loss_tmo work gets scheduled on the
workqueue executing srp_remove_work() and if an I/O request is
scheduled after the SCSI device had been blocked by e.g. multipathd
then the following deadlock can occur:
kworker/6:1 D ffff880831f3c460 0 195 2 0x00000000
Call Trace:
[<ffffffff814aafd9>] schedule+0x29/0x70
[<ffffffff814aa0ef>] schedule_timeout+0x10f/0x2a0
[<ffffffff8105af6f>] msleep+0x2f/0x40
[<ffffffff8123b0ae>] __blk_drain_queue+0x4e/0x180
[<ffffffff8123d2d5>] blk_cleanup_queue+0x225/0x230
[<ffffffffa0010732>] __scsi_remove_device+0x62/0xe0 [scsi_mod]
[<ffffffffa000ed2f>] scsi_forget_host+0x6f/0x80 [scsi_mod]
[<ffffffffa0002eba>] scsi_remove_host+0x7a/0x130 [scsi_mod]
[<ffffffffa07cf5c5>] srp_remove_work+0x95/0x180 [ib_srp]
[<ffffffff8106d7aa>] process_one_work+0x1ea/0x6c0
[<ffffffff8106dd9b>] worker_thread+0x11b/0x3a0
[<ffffffff810758bd>] kthread+0xed/0x110
[<ffffffff814b972c>] ret_from_fork+0x7c/0xb0
multipathd D ffff880096acc460 0 5340 1 0x00000000
Call Trace:
[<ffffffff814aafd9>] schedule+0x29/0x70
[<ffffffff814aa0ef>] schedule_timeout+0x10f/0x2a0
[<ffffffff814ab79b>] io_schedule_timeout+0x9b/0xf0
[<ffffffff814abe1c>] wait_for_completion_io_timeout+0xdc/0x110
[<ffffffff81244b9b>] blk_execute_rq+0x9b/0x100
[<ffffffff8124f665>] sg_io+0x1a5/0x450
[<ffffffff8124fd21>] scsi_cmd_ioctl+0x2a1/0x430
[<ffffffff8124fef2>] scsi_cmd_blk_ioctl+0x42/0x50
[<ffffffffa00ec97e>] sd_ioctl+0xbe/0x140 [sd_mod]
[<ffffffff8124bd04>] blkdev_ioctl+0x234/0x840
[<ffffffff811cb491>] block_ioctl+0x41/0x50
[<ffffffff811a0df0>] do_vfs_ioctl+0x300/0x520
[<ffffffff811a1051>] SyS_ioctl+0x41/0x80
[<ffffffff814b9962>] tracesys+0xd0/0xd5
Fix this by scheduling removal work on another workqueue than the
transport layer timers.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: David Dillow <dave@thedillows.org>
Cc: Sebastian Parschauer <sebastian.riemer@profitbricks.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/infiniband/ulp/srp/ib_srp.c | 38 +++++++++++++++++++++++++++----------
1 file changed, 28 insertions(+), 10 deletions(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index c74d8b6..a7d51c5 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -120,6 +120,7 @@ static void srp_send_completion(struct ib_cq *cq, void *target_ptr);
static int srp_cm_handler(struct ib_cm_id *cm_id, struct ib_cm_event *event);
static struct scsi_transport_template *ib_srp_transport_template;
+static struct workqueue_struct *srp_remove_wq;
static struct ib_client srp_client = {
.name = "srp",
@@ -539,7 +540,7 @@ static bool srp_queue_remove_work(struct srp_target_port *target)
spin_unlock_irq(&target->lock);
if (changed)
- queue_work(system_long_wq, &target->remove_work);
+ queue_work(srp_remove_wq, &target->remove_work);
return changed;
}
@@ -2885,9 +2886,10 @@ static void srp_remove_one(struct ib_device *device)
spin_unlock(&host->target_lock);
/*
- * Wait for target port removal tasks.
+ * Wait for tl_err and target port removal tasks.
*/
flush_workqueue(system_long_wq);
+ flush_workqueue(srp_remove_wq);
kfree(host);
}
@@ -2939,16 +2941,22 @@ static int __init srp_init_module(void)
indirect_sg_entries = cmd_sg_entries;
}
+ srp_remove_wq = create_workqueue("srp_remove");
+ if (IS_ERR(srp_remove_wq)) {
+ ret = PTR_ERR(srp_remove_wq);
+ goto out;
+ }
+
+ ret = -ENOMEM;
ib_srp_transport_template =
srp_attach_transport(&ib_srp_transport_functions);
if (!ib_srp_transport_template)
- return -ENOMEM;
+ goto destroy_wq;
ret = class_register(&srp_class);
if (ret) {
pr_err("couldn't register class infiniband_srp\n");
- srp_release_transport(ib_srp_transport_template);
- return ret;
+ goto release_tr;
}
ib_sa_register_client(&srp_sa_client);
@@ -2956,13 +2964,22 @@ static int __init srp_init_module(void)
ret = ib_register_client(&srp_client);
if (ret) {
pr_err("couldn't register IB client\n");
- srp_release_transport(ib_srp_transport_template);
- ib_sa_unregister_client(&srp_sa_client);
- class_unregister(&srp_class);
- return ret;
+ goto unreg_sa;
}
- return 0;
+out:
+ return ret;
+
+unreg_sa:
+ ib_sa_unregister_client(&srp_sa_client);
+ class_unregister(&srp_class);
+
+release_tr:
+ srp_release_transport(ib_srp_transport_template);
+
+destroy_wq:
+ destroy_workqueue(srp_remove_wq);
+ goto out;
}
static void __exit srp_cleanup_module(void)
@@ -2971,6 +2988,7 @@ static void __exit srp_cleanup_module(void)
ib_sa_unregister_client(&srp_sa_client);
class_unregister(&srp_class);
srp_release_transport(ib_srp_transport_template);
+ destroy_workqueue(srp_remove_wq);
}
module_init(srp_init_module);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 134/187] USB: serial: ftdi_sio: Annotate the current Xsens PID assignments
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (132 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 133/187] IB/srp: Fix deadlock between host removal and multipathd Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 135/187] USB: serial: ftdi_sio: Add support for new Xsens devices Kamal Mostafa
` (53 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Patrick Riphagen, Frans Klaver, Johan Hovold, Greg Kroah-Hartman,
Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Patrick Riphagen <patrick.riphagen@xsens.com>
commit 9273b8a270878906540349422ab24558b9d65716 upstream.
The converters are used in specific products. It can be useful to know
which they are exactly.
Signed-off-by: Patrick Riphagen <patrick.riphagen@xsens.com>
Signed-off-by: Frans Klaver <frans.klaver@xsens.com>
Cc: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/serial/ftdi_sio_ids.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
index c4777bc..3fc7897 100644
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -140,12 +140,12 @@
/*
* Xsens Technologies BV products (http://www.xsens.com).
*/
-#define XSENS_CONVERTER_0_PID 0xD388
-#define XSENS_CONVERTER_1_PID 0xD389
+#define XSENS_CONVERTER_0_PID 0xD388 /* Xsens USB converter */
+#define XSENS_CONVERTER_1_PID 0xD389 /* Xsens Wireless Receiver */
#define XSENS_CONVERTER_2_PID 0xD38A
-#define XSENS_CONVERTER_3_PID 0xD38B
-#define XSENS_CONVERTER_4_PID 0xD38C
-#define XSENS_CONVERTER_5_PID 0xD38D
+#define XSENS_CONVERTER_3_PID 0xD38B /* Xsens USB-serial converter */
+#define XSENS_CONVERTER_4_PID 0xD38C /* Xsens Wireless Receiver */
+#define XSENS_CONVERTER_5_PID 0xD38D /* Xsens Awinda Station */
#define XSENS_CONVERTER_6_PID 0xD38E
#define XSENS_CONVERTER_7_PID 0xD38F
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 135/187] USB: serial: ftdi_sio: Add support for new Xsens devices
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (133 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 134/187] USB: serial: ftdi_sio: Annotate the current Xsens PID assignments Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 136/187] USB: devio: fix issue with log flooding Kamal Mostafa
` (52 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Patrick Riphagen, Frans Klaver, Johan Hovold, Greg Kroah-Hartman,
Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Patrick Riphagen <patrick.riphagen@xsens.com>
commit 4bdcde358b4bda74e356841d351945ca3f2245dd upstream.
This adds support for new Xsens devices, using Xsens' own Vendor ID.
Signed-off-by: Patrick Riphagen <patrick.riphagen@xsens.com>
Signed-off-by: Frans Klaver <frans.klaver@xsens.com>
Cc: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/serial/ftdi_sio.c | 2 ++
drivers/usb/serial/ftdi_sio_ids.h | 3 +++
2 files changed, 5 insertions(+)
diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
index 44771a0..594a707 100644
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -674,6 +674,8 @@ static struct usb_device_id id_table_combined [] = {
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_5_PID) },
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_6_PID) },
{ USB_DEVICE(FTDI_VID, XSENS_CONVERTER_7_PID) },
+ { USB_DEVICE(XSENS_VID, XSENS_CONVERTER_PID) },
+ { USB_DEVICE(XSENS_VID, XSENS_MTW_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_OMNI1509) },
{ USB_DEVICE(MOBILITY_VID, MOBILITY_USB_SERIAL_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_ACTIVE_ROBOTS_PID) },
diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
index 3fc7897..1e58d90 100644
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -140,6 +140,9 @@
/*
* Xsens Technologies BV products (http://www.xsens.com).
*/
+#define XSENS_VID 0x2639
+#define XSENS_CONVERTER_PID 0xD00D /* Xsens USB-serial converter */
+#define XSENS_MTW_PID 0x0200 /* Xsens MTw */
#define XSENS_CONVERTER_0_PID 0xD388 /* Xsens USB converter */
#define XSENS_CONVERTER_1_PID 0xD389 /* Xsens Wireless Receiver */
#define XSENS_CONVERTER_2_PID 0xD38A
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 136/187] USB: devio: fix issue with log flooding
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (134 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 135/187] USB: serial: ftdi_sio: Add support for new Xsens devices Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 137/187] CIFS: Fix async reading on reconnects Kamal Mostafa
` (51 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Oliver Neukum, Greg Kroah-Hartman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.de>
commit d310d05f1225d1f6f2bf505255fdf593bfbb3051 upstream.
usbfs allows user space to pass down an URB which sets URB_SHORT_NOT_OK
for output URBs. That causes usbcore to log messages without limit
for a nonsensical disallowed combination. The fix is to silently drop
the attribute in usbfs.
The problem is reported to exist since 3.14
https://www.virtualbox.org/ticket/13085
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/usb/core/devio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 967152a..74185cc 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1411,7 +1411,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
u = (is_in ? URB_DIR_IN : URB_DIR_OUT);
if (uurb->flags & USBDEVFS_URB_ISO_ASAP)
u |= URB_ISO_ASAP;
- if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK)
+ if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK && is_in)
u |= URB_SHORT_NOT_OK;
if (uurb->flags & USBDEVFS_URB_NO_FSBR)
u |= URB_NO_FSBR;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 137/187] CIFS: Fix async reading on reconnects
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (135 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 136/187] USB: devio: fix issue with log flooding Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 138/187] CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2 Kamal Mostafa
` (50 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Pavel Shilovsky, Steve French, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Shilovsky <pshilovsky@samba.org>
commit 038bc961c31b070269ecd07349a7ee2e839d4fec upstream.
If we get into read_into_pages() from cifs_readv_receive() and then
loose a network, we issue cifs_reconnect that moves all mids to
a private list and issue their callbacks. The callback of the async
read request sets a mid to retry, frees it and wakes up a process
that waits on the rdata completion.
After the connection is established we return from read_into_pages()
with a short read, use the mid that was freed before and try to read
the remaining data from the a newly created socket. Both actions are
not what we want to do. In reconnect cases (-EAGAIN) we should not
mask off the error with a short read but should return the error
code instead.
Acked-by: Jeff Layton <jlayton@samba.org>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/cifs/file.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 4911dc8..dd4aaca 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -2847,7 +2847,7 @@ cifs_uncached_read_into_pages(struct TCP_Server_Info *server,
total_read += result;
}
- return total_read > 0 ? total_read : result;
+ return total_read > 0 && result != -EAGAIN ? total_read : result;
}
static ssize_t
@@ -3270,7 +3270,7 @@ cifs_readpages_read_into_pages(struct TCP_Server_Info *server,
total_read += result;
}
- return total_read > 0 ? total_read : result;
+ return total_read > 0 && result != -EAGAIN ? total_read : result;
}
static int cifs_readpages(struct file *file, struct address_space *mapping,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 138/187] CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (136 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 137/187] CIFS: Fix async reading on reconnects Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 139/187] xfs: ensure verifiers are attached to recovered buffers Kamal Mostafa
` (49 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Pavel Shilovsky, Steve French, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Shilovsky <pshilovsky@samba.org>
commit 21496687a79424572f46a84c690d331055f4866f upstream.
The existing mapping causes unlink() call to return error after delete
operation. Changing the mapping to -EACCES makes the client process
the call like CIFS protocol does - reset dos attributes with ATTR_READONLY
flag masked off and retry the operation.
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/cifs/smb2maperror.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c
index 94bd4fb..e31a9df 100644
--- a/fs/cifs/smb2maperror.c
+++ b/fs/cifs/smb2maperror.c
@@ -605,7 +605,7 @@ static const struct status_to_posix_error smb2_error_map_table[] = {
{STATUS_MAPPED_FILE_SIZE_ZERO, -EIO, "STATUS_MAPPED_FILE_SIZE_ZERO"},
{STATUS_TOO_MANY_OPENED_FILES, -EMFILE, "STATUS_TOO_MANY_OPENED_FILES"},
{STATUS_CANCELLED, -EIO, "STATUS_CANCELLED"},
- {STATUS_CANNOT_DELETE, -EIO, "STATUS_CANNOT_DELETE"},
+ {STATUS_CANNOT_DELETE, -EACCES, "STATUS_CANNOT_DELETE"},
{STATUS_INVALID_COMPUTER_NAME, -EIO, "STATUS_INVALID_COMPUTER_NAME"},
{STATUS_FILE_DELETED, -EIO, "STATUS_FILE_DELETED"},
{STATUS_SPECIAL_ACCOUNT, -EIO, "STATUS_SPECIAL_ACCOUNT"},
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 139/187] xfs: ensure verifiers are attached to recovered buffers
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (137 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 138/187] CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2 Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 140/187] drm/tegra: add MODULE_DEVICE_TABLEs Kamal Mostafa
` (48 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Dave Chinner, Dave Chinner, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit 67dc288c21064b31a98a53dc64f6b9714b819fd6 upstream.
Crash testing of CRC enabled filesystems has resulted in a number of
reports of bad CRCs being detected after the filesystem was mounted.
Errors such as the following were being seen:
XFS (sdb3): Mounting V5 Filesystem
XFS (sdb3): Starting recovery (logdev: internal)
XFS (sdb3): Metadata CRC error detected at xfs_agf_read_verify+0x5a/0x100 [xfs], block 0x1
XFS (sdb3): Unmount and run xfs_repair
XFS (sdb3): First 64 bytes of corrupted metadata buffer:
ffff880136ffd600: 58 41 47 46 00 00 00 01 00 00 00 00 00 0f aa 40 XAGF...........@
ffff880136ffd610: 00 02 6d 53 00 02 77 f8 00 00 00 00 00 00 00 01 ..mS..w.........
ffff880136ffd620: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 03 ................
ffff880136ffd630: 00 00 00 04 00 08 81 d0 00 08 81 a7 00 00 00 00 ................
XFS (sdb3): metadata I/O error: block 0x1 ("xfs_trans_read_buf_map") error 74 numblks 1
The errors were typically being seen in AGF, AGI and their related
btree block buffers some time after log recovery had run. Often it
wasn't until later subsequent mounts that the problem was
discovered. The common symptom was a buffer with the correct
contents, but a CRC and an LSN that matched an older version of the
contents.
Some debug added to _xfs_buf_ioapply() indicated that buffers were
being written without verifiers attached to them from log recovery,
and Jan Kara isolated the cause to log recovery readahead an dit's
interactions with buffers that had a more recent LSN on disk than
the transaction being recovered. In this case, the buffer did not
get a verifier attached, and os when the second phase of log
recovery ran and recovered EFIs and unlinked inodes, the buffers
were modified and written without the verifier running. Hence they
had up to date contents, but stale LSNs and CRCs.
Fix it by attaching verifiers to buffers we skip due to future LSN
values so they don't escape into the buffer cache without the
correct verifier attached.
This patch is based on analysis and a patch from Jan Kara.
Reported-by: Jan Kara <jack@suse.cz>
Reported-by: Fanael Linithien <fanael4@gmail.com>
Reported-by: Grozdan <neutrino8@gmail.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/xfs/xfs_log_recover.c | 51 +++++++++++++++++++++++++++++-------------------
1 file changed, 31 insertions(+), 20 deletions(-)
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index eae1692..fefa456 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -2116,6 +2116,17 @@ xlog_recover_validate_buf_type(
__uint16_t magic16;
__uint16_t magicda;
+ /*
+ * We can only do post recovery validation on items on CRC enabled
+ * fielsystems as we need to know when the buffer was written to be able
+ * to determine if we should have replayed the item. If we replay old
+ * metadata over a newer buffer, then it will enter a temporarily
+ * inconsistent state resulting in verification failures. Hence for now
+ * just avoid the verification stage for non-crc filesystems
+ */
+ if (!xfs_sb_version_hascrc(&mp->m_sb))
+ return;
+
magic32 = be32_to_cpu(*(__be32 *)bp->b_addr);
magic16 = be16_to_cpu(*(__be16*)bp->b_addr);
magicda = be16_to_cpu(info->magic);
@@ -2151,8 +2162,6 @@ xlog_recover_validate_buf_type(
bp->b_ops = &xfs_agf_buf_ops;
break;
case XFS_BLFT_AGFL_BUF:
- if (!xfs_sb_version_hascrc(&mp->m_sb))
- break;
if (magic32 != XFS_AGFL_MAGIC) {
xfs_warn(mp, "Bad AGFL block magic!");
ASSERT(0);
@@ -2185,10 +2194,6 @@ xlog_recover_validate_buf_type(
#endif
break;
case XFS_BLFT_DINO_BUF:
- /*
- * we get here with inode allocation buffers, not buffers that
- * track unlinked list changes.
- */
if (magic16 != XFS_DINODE_MAGIC) {
xfs_warn(mp, "Bad INODE block magic!");
ASSERT(0);
@@ -2268,8 +2273,6 @@ xlog_recover_validate_buf_type(
bp->b_ops = &xfs_attr3_leaf_buf_ops;
break;
case XFS_BLFT_ATTR_RMT_BUF:
- if (!xfs_sb_version_hascrc(&mp->m_sb))
- break;
if (magic32 != XFS_ATTR3_RMT_MAGIC) {
xfs_warn(mp, "Bad attr remote magic!");
ASSERT(0);
@@ -2376,16 +2379,7 @@ xlog_recover_do_reg_buffer(
/* Shouldn't be any more regions */
ASSERT(i == item->ri_total);
- /*
- * We can only do post recovery validation on items on CRC enabled
- * fielsystems as we need to know when the buffer was written to be able
- * to determine if we should have replayed the item. If we replay old
- * metadata over a newer buffer, then it will enter a temporarily
- * inconsistent state resulting in verification failures. Hence for now
- * just avoid the verification stage for non-crc filesystems
- */
- if (xfs_sb_version_hascrc(&mp->m_sb))
- xlog_recover_validate_buf_type(mp, bp, buf_f);
+ xlog_recover_validate_buf_type(mp, bp, buf_f);
}
/*
@@ -2493,12 +2487,29 @@ xlog_recover_buffer_pass2(
}
/*
- * recover the buffer only if we get an LSN from it and it's less than
+ * Recover the buffer only if we get an LSN from it and it's less than
* the lsn of the transaction we are replaying.
+ *
+ * Note that we have to be extremely careful of readahead here.
+ * Readahead does not attach verfiers to the buffers so if we don't
+ * actually do any replay after readahead because of the LSN we found
+ * in the buffer if more recent than that current transaction then we
+ * need to attach the verifier directly. Failure to do so can lead to
+ * future recovery actions (e.g. EFI and unlinked list recovery) can
+ * operate on the buffers and they won't get the verifier attached. This
+ * can lead to blocks on disk having the correct content but a stale
+ * CRC.
+ *
+ * It is safe to assume these clean buffers are currently up to date.
+ * If the buffer is dirtied by a later transaction being replayed, then
+ * the verifier will be reset to match whatever recover turns that
+ * buffer into.
*/
lsn = xlog_recover_get_buf_lsn(mp, bp);
- if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0)
+ if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
+ xlog_recover_validate_buf_type(mp, bp, buf_f);
goto out_release;
+ }
if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 140/187] drm/tegra: add MODULE_DEVICE_TABLEs
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (138 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 139/187] xfs: ensure verifiers are attached to recovered buffers Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 141/187] ALSA: virtuoso: add Xonar Essence STX II support Kamal Mostafa
` (47 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Stephen Warren, Thierry Reding, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Warren <swarren@nvidia.com>
commit ef70728c7a6571a1a7115031e932b811f1740b2e upstream.
When tegra-drm.ko is built as a module, these MODULE_DEVICE_TABLEs allow
the module to be auto-loaded since the module will match the devices
instantiated from device tree.
(Notes for stable: in 3.14+, just git rm any conflicting file, since they
are added in later kernels. For 3.13 and below, manual merging will be
needed)
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
[ kamal: backport to 3.13: context; skip modules added later ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/tegra/dc.c | 1 +
drivers/gpu/drm/tegra/gr2d.c | 1 +
drivers/gpu/drm/tegra/gr3d.c | 1 +
drivers/gpu/drm/tegra/hdmi.c | 1 +
4 files changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
index ae1cb31..614e8ef 100644
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -1252,6 +1252,7 @@ static struct of_device_id tegra_dc_of_match[] = {
{ .compatible = "nvidia,tegra20-dc", },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_dc_of_match);
struct platform_driver tegra_dc_driver = {
.driver = {
diff --git a/drivers/gpu/drm/tegra/gr2d.c b/drivers/gpu/drm/tegra/gr2d.c
index 7ec4259..684ad13 100644
--- a/drivers/gpu/drm/tegra/gr2d.c
+++ b/drivers/gpu/drm/tegra/gr2d.c
@@ -129,6 +129,7 @@ static const struct of_device_id gr2d_match[] = {
{ .compatible = "nvidia,tegra20-gr2d" },
{ },
};
+MODULE_DEVICE_TABLE(of, gr2d_match);
static const u32 gr2d_addr_regs[] = {
GR2D_UA_BASE_ADDR,
diff --git a/drivers/gpu/drm/tegra/gr3d.c b/drivers/gpu/drm/tegra/gr3d.c
index 4cec8f5..b8503b2 100644
--- a/drivers/gpu/drm/tegra/gr3d.c
+++ b/drivers/gpu/drm/tegra/gr3d.c
@@ -127,6 +127,7 @@ static const struct of_device_id tegra_gr3d_match[] = {
{ .compatible = "nvidia,tegra20-gr3d" },
{ }
};
+MODULE_DEVICE_TABLE(of, tegra_gr3d_match);
static const u32 gr3d_addr_regs[] = {
GR3D_IDX_ATTRIBUTE( 0),
diff --git a/drivers/gpu/drm/tegra/hdmi.c b/drivers/gpu/drm/tegra/hdmi.c
index 0cd9bc2..a2eb3c0 100644
--- a/drivers/gpu/drm/tegra/hdmi.c
+++ b/drivers/gpu/drm/tegra/hdmi.c
@@ -1309,6 +1309,7 @@ static const struct of_device_id tegra_hdmi_of_match[] = {
{ .compatible = "nvidia,tegra20-hdmi", .data = &tegra20_hdmi_config },
{ },
};
+MODULE_DEVICE_TABLE(of, tegra_hdmi_of_match);
static int tegra_hdmi_probe(struct platform_device *pdev)
{
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 141/187] ALSA: virtuoso: add Xonar Essence STX II support
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (139 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 140/187] drm/tegra: add MODULE_DEVICE_TABLEs Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 142/187] hwmon: (gpio-fan) Prevent overflow problem when writing large limits Kamal Mostafa
` (46 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Clemens Ladisch, Takashi Iwai, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Clemens Ladisch <clemens@ladisch.de>
commit f42bb22243d2ae264d721b055f836059fe35321f upstream.
Just add the PCI ID for the STX II. It appears to work the same as the
STX, except for the addition of the not-yet-supported daughterboard.
Tested-by: Mario <fugazzi99@gmail.com>
Tested-by: corubba <corubba@gmx.de>
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
Documentation/sound/alsa/ALSA-Configuration.txt | 4 ++--
sound/pci/Kconfig | 4 ++--
sound/pci/oxygen/virtuoso.c | 1 +
sound/pci/oxygen/xonar_pcm179x.c | 12 ++++++++++--
4 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/Documentation/sound/alsa/ALSA-Configuration.txt b/Documentation/sound/alsa/ALSA-Configuration.txt
index b8dd0df..0fd40b1 100644
--- a/Documentation/sound/alsa/ALSA-Configuration.txt
+++ b/Documentation/sound/alsa/ALSA-Configuration.txt
@@ -2026,8 +2026,8 @@ Prior to version 0.9.0rc4 options had a 'snd_' prefix. This was removed.
-------------------
Module for sound cards based on the Asus AV66/AV100/AV200 chips,
- i.e., Xonar D1, DX, D2, D2X, DS, Essence ST (Deluxe), Essence STX,
- HDAV1.3 (Deluxe), and HDAV1.3 Slim.
+ i.e., Xonar D1, DX, D2, D2X, DS, DSX, Essence ST (Deluxe),
+ Essence STX (II), HDAV1.3 (Deluxe), and HDAV1.3 Slim.
This module supports autoprobe and multiple cards.
diff --git a/sound/pci/Kconfig b/sound/pci/Kconfig
index cc9fd67..be6277c 100644
--- a/sound/pci/Kconfig
+++ b/sound/pci/Kconfig
@@ -858,8 +858,8 @@ config SND_VIRTUOSO
select SND_JACK if INPUT=y || INPUT=SND
help
Say Y here to include support for sound cards based on the
- Asus AV66/AV100/AV200 chips, i.e., Xonar D1, DX, D2, D2X, DS,
- Essence ST (Deluxe), and Essence STX.
+ Asus AV66/AV100/AV200 chips, i.e., Xonar D1, DX, D2, D2X, DS, DSX,
+ Essence ST (Deluxe), and Essence STX (II).
Support for the HDAV1.3 (Deluxe) and HDAV1.3 Slim is experimental;
for the Xense, missing.
diff --git a/sound/pci/oxygen/virtuoso.c b/sound/pci/oxygen/virtuoso.c
index 64b9fda..dbbbacf 100644
--- a/sound/pci/oxygen/virtuoso.c
+++ b/sound/pci/oxygen/virtuoso.c
@@ -53,6 +53,7 @@ static DEFINE_PCI_DEVICE_TABLE(xonar_ids) = {
{ OXYGEN_PCI_SUBID(0x1043, 0x835e) },
{ OXYGEN_PCI_SUBID(0x1043, 0x838e) },
{ OXYGEN_PCI_SUBID(0x1043, 0x8522) },
+ { OXYGEN_PCI_SUBID(0x1043, 0x85f4) },
{ OXYGEN_PCI_SUBID_BROKEN_EEPROM },
{ }
};
diff --git a/sound/pci/oxygen/xonar_pcm179x.c b/sound/pci/oxygen/xonar_pcm179x.c
index c8c7f2c..e026059 100644
--- a/sound/pci/oxygen/xonar_pcm179x.c
+++ b/sound/pci/oxygen/xonar_pcm179x.c
@@ -100,8 +100,8 @@
*/
/*
- * Xonar Essence ST (Deluxe)/STX
- * -----------------------------
+ * Xonar Essence ST (Deluxe)/STX (II)
+ * ----------------------------------
*
* CMI8788:
*
@@ -1138,6 +1138,14 @@ int get_xonar_pcm179x_model(struct oxygen *chip,
chip->model.resume = xonar_stx_resume;
chip->model.set_dac_params = set_pcm1796_params;
break;
+ case 0x85f4:
+ chip->model = model_xonar_st;
+ /* TODO: daughterboard support */
+ chip->model.shortname = "Xonar STX II";
+ chip->model.init = xonar_stx_init;
+ chip->model.resume = xonar_stx_resume;
+ chip->model.set_dac_params = set_pcm1796_params;
+ break;
default:
return -EINVAL;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 142/187] hwmon: (gpio-fan) Prevent overflow problem when writing large limits
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (140 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 141/187] ALSA: virtuoso: add Xonar Essence STX II support Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 143/187] hwmon: (sis5595) " Kamal Mostafa
` (45 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit 2565fb05d1e9fc0831f7b1c083bcfcb1cba1f020 upstream.
On platforms with sizeof(int) < sizeof(unsigned long), writing a rpm value
larger than MAXINT will result in unpredictable limit values written to the
chip. Avoid auto-conversion from unsigned long to int to fix the problem.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/gpio-fan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/gpio-fan.c b/drivers/hwmon/gpio-fan.c
index 73181be..814f7ee 100644
--- a/drivers/hwmon/gpio-fan.c
+++ b/drivers/hwmon/gpio-fan.c
@@ -173,7 +173,7 @@ static int get_fan_speed_index(struct gpio_fan_data *fan_data)
return -ENODEV;
}
-static int rpm_to_speed_index(struct gpio_fan_data *fan_data, int rpm)
+static int rpm_to_speed_index(struct gpio_fan_data *fan_data, unsigned long rpm)
{
struct gpio_fan_speed *speed = fan_data->speed;
int i;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 143/187] hwmon: (sis5595) Prevent overflow problem when writing large limits
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (141 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 142/187] hwmon: (gpio-fan) Prevent overflow problem when writing large limits Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 144/187] NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes Kamal Mostafa
` (44 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit cc336546ddca8c22de83720632431c16a5f9fe9a upstream.
On platforms with sizeof(int) < sizeof(long), writing a temperature
limit larger than MAXINT will result in unpredictable limit values
written to the chip. Avoid auto-conversion from long to int to fix
the problem.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/sis5595.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/sis5595.c b/drivers/hwmon/sis5595.c
index 72a8897..9ec7d2e 100644
--- a/drivers/hwmon/sis5595.c
+++ b/drivers/hwmon/sis5595.c
@@ -159,7 +159,7 @@ static inline int TEMP_FROM_REG(s8 val)
{
return val * 830 + 52120;
}
-static inline s8 TEMP_TO_REG(int val)
+static inline s8 TEMP_TO_REG(long val)
{
int nval = clamp_val(val, -54120, 157530) ;
return nval < 0 ? (nval - 5212 - 415) / 830 : (nval - 5212 + 415) / 830;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 144/187] NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (142 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 143/187] hwmon: (sis5595) " Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 145/187] drm/ttm: Fix possible division by 0 in ttm_dma_pool_shrink_scan() Kamal Mostafa
` (43 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Trond Myklebust, Stanislav Kinsbursky, Eric W. Biederman, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
commit 65b38851a17472d31fec9019fc3a55b0802dab88 upstream.
The usage of pid_ns->child_reaper->nsproxy->net_ns in
nfs_server_list_open and nfs_client_list_open is not safe.
/proc for a pid namespace can remain mounted after the all of the
process in that pid namespace have exited. There are also times
before the initial process in a pid namespace has started or after the
initial process in a pid namespace has exited where
pid_ns->child_reaper can be NULL or stale. Making the idiom
pid_ns->child_reaper->nsproxy a double whammy of problems.
Luckily all that needs to happen is to move /proc/fs/nfsfs/servers and
/proc/fs/nfsfs/volumes under /proc/net to /proc/net/nfsfs/servers and
/proc/net/nfsfs/volumes and add a symlink from the original location,
and to use seq_open_net as it has been designed.
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/nfs/client.c | 95 ++++++++++++++++++++++++++++++++-----------------------
fs/nfs/inode.c | 3 +-
fs/nfs/internal.h | 9 ++++++
fs/nfs/netns.h | 3 ++
4 files changed, 69 insertions(+), 41 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 1d09289..180d1ec 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -1205,7 +1205,7 @@ static const struct file_operations nfs_server_list_fops = {
.open = nfs_server_list_open,
.read = seq_read,
.llseek = seq_lseek,
- .release = seq_release,
+ .release = seq_release_net,
.owner = THIS_MODULE,
};
@@ -1226,7 +1226,7 @@ static const struct file_operations nfs_volume_list_fops = {
.open = nfs_volume_list_open,
.read = seq_read,
.llseek = seq_lseek,
- .release = seq_release,
+ .release = seq_release_net,
.owner = THIS_MODULE,
};
@@ -1236,19 +1236,8 @@ static const struct file_operations nfs_volume_list_fops = {
*/
static int nfs_server_list_open(struct inode *inode, struct file *file)
{
- struct seq_file *m;
- int ret;
- struct pid_namespace *pid_ns = file->f_dentry->d_sb->s_fs_info;
- struct net *net = pid_ns->child_reaper->nsproxy->net_ns;
-
- ret = seq_open(file, &nfs_server_list_ops);
- if (ret < 0)
- return ret;
-
- m = file->private_data;
- m->private = net;
-
- return 0;
+ return seq_open_net(inode, file, &nfs_server_list_ops,
+ sizeof(struct seq_net_private));
}
/*
@@ -1256,7 +1245,7 @@ static int nfs_server_list_open(struct inode *inode, struct file *file)
*/
static void *nfs_server_list_start(struct seq_file *m, loff_t *_pos)
{
- struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
/* lock the list against modification */
spin_lock(&nn->nfs_client_lock);
@@ -1268,7 +1257,7 @@ static void *nfs_server_list_start(struct seq_file *m, loff_t *_pos)
*/
static void *nfs_server_list_next(struct seq_file *p, void *v, loff_t *pos)
{
- struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
return seq_list_next(v, &nn->nfs_client_list, pos);
}
@@ -1278,7 +1267,7 @@ static void *nfs_server_list_next(struct seq_file *p, void *v, loff_t *pos)
*/
static void nfs_server_list_stop(struct seq_file *p, void *v)
{
- struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
spin_unlock(&nn->nfs_client_lock);
}
@@ -1289,7 +1278,7 @@ static void nfs_server_list_stop(struct seq_file *p, void *v)
static int nfs_server_list_show(struct seq_file *m, void *v)
{
struct nfs_client *clp;
- struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
/* display header on line 1 */
if (v == &nn->nfs_client_list) {
@@ -1321,19 +1310,8 @@ static int nfs_server_list_show(struct seq_file *m, void *v)
*/
static int nfs_volume_list_open(struct inode *inode, struct file *file)
{
- struct seq_file *m;
- int ret;
- struct pid_namespace *pid_ns = file->f_dentry->d_sb->s_fs_info;
- struct net *net = pid_ns->child_reaper->nsproxy->net_ns;
-
- ret = seq_open(file, &nfs_volume_list_ops);
- if (ret < 0)
- return ret;
-
- m = file->private_data;
- m->private = net;
-
- return 0;
+ return seq_open_net(inode, file, &nfs_server_list_ops,
+ sizeof(struct seq_net_private));
}
/*
@@ -1341,7 +1319,7 @@ static int nfs_volume_list_open(struct inode *inode, struct file *file)
*/
static void *nfs_volume_list_start(struct seq_file *m, loff_t *_pos)
{
- struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
/* lock the list against modification */
spin_lock(&nn->nfs_client_lock);
@@ -1353,7 +1331,7 @@ static void *nfs_volume_list_start(struct seq_file *m, loff_t *_pos)
*/
static void *nfs_volume_list_next(struct seq_file *p, void *v, loff_t *pos)
{
- struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
return seq_list_next(v, &nn->nfs_volume_list, pos);
}
@@ -1363,7 +1341,7 @@ static void *nfs_volume_list_next(struct seq_file *p, void *v, loff_t *pos)
*/
static void nfs_volume_list_stop(struct seq_file *p, void *v)
{
- struct nfs_net *nn = net_generic(p->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(p), nfs_net_id);
spin_unlock(&nn->nfs_client_lock);
}
@@ -1376,7 +1354,7 @@ static int nfs_volume_list_show(struct seq_file *m, void *v)
struct nfs_server *server;
struct nfs_client *clp;
char dev[8], fsid[17];
- struct nfs_net *nn = net_generic(m->private, nfs_net_id);
+ struct nfs_net *nn = net_generic(seq_file_net(m), nfs_net_id);
/* display header on line 1 */
if (v == &nn->nfs_volume_list) {
@@ -1407,6 +1385,45 @@ static int nfs_volume_list_show(struct seq_file *m, void *v)
return 0;
}
+int nfs_fs_proc_net_init(struct net *net)
+{
+ struct nfs_net *nn = net_generic(net, nfs_net_id);
+ struct proc_dir_entry *p;
+
+ nn->proc_nfsfs = proc_net_mkdir(net, "nfsfs", net->proc_net);
+ if (!nn->proc_nfsfs)
+ goto error_0;
+
+ /* a file of servers with which we're dealing */
+ p = proc_create("servers", S_IFREG|S_IRUGO,
+ nn->proc_nfsfs, &nfs_server_list_fops);
+ if (!p)
+ goto error_1;
+
+ /* a file of volumes that we have mounted */
+ p = proc_create("volumes", S_IFREG|S_IRUGO,
+ nn->proc_nfsfs, &nfs_volume_list_fops);
+ if (!p)
+ goto error_2;
+ return 0;
+
+error_2:
+ remove_proc_entry("servers", nn->proc_nfsfs);
+error_1:
+ remove_proc_entry("fs/nfsfs", NULL);
+error_0:
+ return -ENOMEM;
+}
+
+void nfs_fs_proc_net_exit(struct net *net)
+{
+ struct nfs_net *nn = net_generic(net, nfs_net_id);
+
+ remove_proc_entry("volumes", nn->proc_nfsfs);
+ remove_proc_entry("servers", nn->proc_nfsfs);
+ remove_proc_entry("fs/nfsfs", NULL);
+}
+
/*
* initialise the /proc/fs/nfsfs/ directory
*/
@@ -1419,14 +1436,12 @@ int __init nfs_fs_proc_init(void)
goto error_0;
/* a file of servers with which we're dealing */
- p = proc_create("servers", S_IFREG|S_IRUGO,
- proc_fs_nfs, &nfs_server_list_fops);
+ p = proc_symlink("servers", proc_fs_nfs, "../../net/nfsfs/servers");
if (!p)
goto error_1;
/* a file of volumes that we have mounted */
- p = proc_create("volumes", S_IFREG|S_IRUGO,
- proc_fs_nfs, &nfs_volume_list_fops);
+ p = proc_symlink("volumes", proc_fs_nfs, "../../net/nfsfs/volumes");
if (!p)
goto error_2;
return 0;
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index 25063e1..be955cf 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1767,11 +1767,12 @@ EXPORT_SYMBOL_GPL(nfs_net_id);
static int nfs_net_init(struct net *net)
{
nfs_clients_init(net);
- return 0;
+ return nfs_fs_proc_net_init(net);
}
static void nfs_net_exit(struct net *net)
{
+ nfs_fs_proc_net_exit(net);
nfs_cleanup_cb_ident_idr(net);
}
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index b46cf5a..18537f9 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -195,7 +195,16 @@ extern struct rpc_clnt *nfs4_find_or_create_ds_client(struct nfs_client *,
#ifdef CONFIG_PROC_FS
extern int __init nfs_fs_proc_init(void);
extern void nfs_fs_proc_exit(void);
+extern int nfs_fs_proc_net_init(struct net *net);
+extern void nfs_fs_proc_net_exit(struct net *net);
#else
+static inline int nfs_fs_proc_net_init(struct net *net)
+{
+ return 0;
+}
+static inline void nfs_fs_proc_net_exit(struct net *net)
+{
+}
static inline int nfs_fs_proc_init(void)
{
return 0;
diff --git a/fs/nfs/netns.h b/fs/nfs/netns.h
index 8ee1fab..ef221fb 100644
--- a/fs/nfs/netns.h
+++ b/fs/nfs/netns.h
@@ -29,6 +29,9 @@ struct nfs_net {
#endif
spinlock_t nfs_client_lock;
struct timespec boot_time;
+#ifdef CONFIG_PROC_FS
+ struct proc_dir_entry *proc_nfsfs;
+#endif
};
extern int nfs_net_id;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 145/187] drm/ttm: Fix possible division by 0 in ttm_dma_pool_shrink_scan().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (143 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 144/187] NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 146/187] drm/ttm: Choose a pool to shrink correctly " Kamal Mostafa
` (42 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tetsuo Handa, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 11e504cc705e8ccb06ac93a276e11b5e8fee4d40 upstream.
list_empty(&_manager->pools) being false before taking _manager->lock
does not guarantee that _manager->npools != 0 after taking _manager->lock
because _manager->npools is updated under _manager->lock.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
index fb8259f..b751fff 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
@@ -1015,6 +1015,8 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
return SHRINK_STOP;
mutex_lock(&_manager->lock);
+ if (!_manager->npools)
+ goto out;
pool_offset = pool_offset % _manager->npools;
list_for_each_entry(p, &_manager->pools, pools) {
unsigned nr_free;
@@ -1034,6 +1036,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
p->pool->dev_name, p->pool->name, current->pid,
nr_free, shrink_pages);
}
+out:
mutex_unlock(&_manager->lock);
return freed;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 146/187] drm/ttm: Choose a pool to shrink correctly in ttm_dma_pool_shrink_scan().
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (144 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 145/187] drm/ttm: Fix possible division by 0 in ttm_dma_pool_shrink_scan() Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 147/187] drm/ttm: Use mutex_trylock() to avoid deadlock inside shrinker functions Kamal Mostafa
` (41 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tetsuo Handa, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 46c2df68f03a236b30808bba361f10900c88d95e upstream.
We can use "unsigned int" instead of "atomic_t" by updating start_pool
variable under _manager->lock. This patch will make it possible to avoid
skipping when choosing a pool to shrink in round-robin style, after next
patch changes mutex_lock(_manager->lock) to !mutex_trylock(_manager->lork).
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
index b751fff..d8e59f7 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
@@ -1004,9 +1004,9 @@ EXPORT_SYMBOL_GPL(ttm_dma_unpopulate);
static unsigned long
ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
{
- static atomic_t start_pool = ATOMIC_INIT(0);
+ static unsigned start_pool;
unsigned idx = 0;
- unsigned pool_offset = atomic_add_return(1, &start_pool);
+ unsigned pool_offset;
unsigned shrink_pages = sc->nr_to_scan;
struct device_pools *p;
unsigned long freed = 0;
@@ -1017,7 +1017,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
mutex_lock(&_manager->lock);
if (!_manager->npools)
goto out;
- pool_offset = pool_offset % _manager->npools;
+ pool_offset = ++start_pool % _manager->npools;
list_for_each_entry(p, &_manager->pools, pools) {
unsigned nr_free;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 147/187] drm/ttm: Use mutex_trylock() to avoid deadlock inside shrinker functions.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (145 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 146/187] drm/ttm: Choose a pool to shrink correctly " Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 148/187] drm/ttm: Fix possible stack overflow by recursive shrinker calls Kamal Mostafa
` (40 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tetsuo Handa, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 22e71691fd54c637800d10816bbeba9cf132d218 upstream.
I can observe that RHEL7 environment stalls with 100% CPU usage when a
certain type of memory pressure is given. While the shrinker functions
are called by shrink_slab() before the OOM killer is triggered, the stall
lasts for many minutes.
One of reasons of this stall is that
ttm_dma_pool_shrink_count()/ttm_dma_pool_shrink_scan() are called and
are blocked at mutex_lock(&_manager->lock). GFP_KERNEL allocation with
_manager->lock held causes someone (including kswapd) to deadlock when
these functions are called due to memory pressure. This patch changes
"mutex_lock();" to "if (!mutex_trylock()) return ...;" in order to
avoid deadlock.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
index d8e59f7..524cc1a 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
@@ -1014,7 +1014,8 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
if (list_empty(&_manager->pools))
return SHRINK_STOP;
- mutex_lock(&_manager->lock);
+ if (!mutex_trylock(&_manager->lock))
+ return SHRINK_STOP;
if (!_manager->npools)
goto out;
pool_offset = ++start_pool % _manager->npools;
@@ -1047,7 +1048,8 @@ ttm_dma_pool_shrink_count(struct shrinker *shrink, struct shrink_control *sc)
struct device_pools *p;
unsigned long count = 0;
- mutex_lock(&_manager->lock);
+ if (!mutex_trylock(&_manager->lock))
+ return 0;
list_for_each_entry(p, &_manager->pools, pools)
count += p->pool->npages_free;
mutex_unlock(&_manager->lock);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 148/187] drm/ttm: Fix possible stack overflow by recursive shrinker calls.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (146 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 147/187] drm/ttm: Use mutex_trylock() to avoid deadlock inside shrinker functions Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 149/187] drm/ttm: Pass GFP flags in order to avoid deadlock Kamal Mostafa
` (39 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tetsuo Handa, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 71336e011d1d2312bcbcaa8fcec7365024f3a95d upstream.
While ttm_dma_pool_shrink_scan() tries to take mutex before doing GFP_KERNEL
allocation, ttm_pool_shrink_scan() does not do it. This can result in stack
overflow if kmalloc() in ttm_page_pool_free() triggered recursion due to
memory pressure.
shrink_slab()
=> ttm_pool_shrink_scan()
=> ttm_page_pool_free()
=> kmalloc(GFP_KERNEL)
=> shrink_slab()
=> ttm_pool_shrink_scan()
=> ttm_page_pool_free()
=> kmalloc(GFP_KERNEL)
Change ttm_pool_shrink_scan() to do like ttm_dma_pool_shrink_scan() does.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/ttm/ttm_page_alloc.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
index 863bef9..deba59b 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -391,14 +391,17 @@ out:
static unsigned long
ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
{
- static atomic_t start_pool = ATOMIC_INIT(0);
+ static DEFINE_MUTEX(lock);
+ static unsigned start_pool;
unsigned i;
- unsigned pool_offset = atomic_add_return(1, &start_pool);
+ unsigned pool_offset;
struct ttm_page_pool *pool;
int shrink_pages = sc->nr_to_scan;
unsigned long freed = 0;
- pool_offset = pool_offset % NUM_POOLS;
+ if (!mutex_trylock(&lock))
+ return SHRINK_STOP;
+ pool_offset = ++start_pool % NUM_POOLS;
/* select start pool in round robin fashion */
for (i = 0; i < NUM_POOLS; ++i) {
unsigned nr_free = shrink_pages;
@@ -408,6 +411,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
shrink_pages = ttm_page_pool_free(pool, nr_free);
freed += nr_free - shrink_pages;
}
+ mutex_unlock(&lock);
return freed;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 149/187] drm/ttm: Pass GFP flags in order to avoid deadlock.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (147 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 148/187] drm/ttm: Fix possible stack overflow by recursive shrinker calls Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 150/187] powerpc/mm/numa: Fix break placement Kamal Mostafa
` (38 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tetsuo Handa, Dave Airlie, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit a91576d7916f6cce76d30303e60e1ac47cf4a76d upstream.
Commit 7dc19d5a "drivers: convert shrinkers to new count/scan API" added
deadlock warnings that ttm_page_pool_free() and ttm_dma_page_pool_free()
are currently doing GFP_KERNEL allocation.
But these functions did not get updated to receive gfp_t argument.
This patch explicitly passes sc->gfp_mask or GFP_KERNEL to these functions,
and removes the deadlock warning.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/ttm/ttm_page_alloc.c | 19 ++++++++++---------
drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 19 +++++++++----------
2 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
index deba59b..cf4bad2 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -297,8 +297,10 @@ static void ttm_pool_update_free_locked(struct ttm_page_pool *pool,
*
* @pool: to free the pages from
* @free_all: If set to true will free all pages in pool
+ * @gfp: GFP flags.
**/
-static int ttm_page_pool_free(struct ttm_page_pool *pool, unsigned nr_free)
+static int ttm_page_pool_free(struct ttm_page_pool *pool, unsigned nr_free,
+ gfp_t gfp)
{
unsigned long irq_flags;
struct page *p;
@@ -309,8 +311,7 @@ static int ttm_page_pool_free(struct ttm_page_pool *pool, unsigned nr_free)
if (NUM_PAGES_TO_ALLOC < nr_free)
npages_to_free = NUM_PAGES_TO_ALLOC;
- pages_to_free = kmalloc(npages_to_free * sizeof(struct page *),
- GFP_KERNEL);
+ pages_to_free = kmalloc(npages_to_free * sizeof(struct page *), gfp);
if (!pages_to_free) {
pr_err("Failed to allocate memory for pool free operation\n");
return 0;
@@ -382,9 +383,7 @@ out:
*
* XXX: (dchinner) Deadlock warning!
*
- * ttm_page_pool_free() does memory allocation using GFP_KERNEL. that means
- * this can deadlock when called a sc->gfp_mask that is not equal to
- * GFP_KERNEL.
+ * We need to pass sc->gfp_mask to ttm_page_pool_free().
*
* This code is crying out for a shrinker per pool....
*/
@@ -408,7 +407,8 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
if (shrink_pages == 0)
break;
pool = &_manager->pools[(i + pool_offset)%NUM_POOLS];
- shrink_pages = ttm_page_pool_free(pool, nr_free);
+ shrink_pages = ttm_page_pool_free(pool, nr_free,
+ sc->gfp_mask);
freed += nr_free - shrink_pages;
}
mutex_unlock(&lock);
@@ -710,7 +710,7 @@ static void ttm_put_pages(struct page **pages, unsigned npages, int flags,
}
spin_unlock_irqrestore(&pool->lock, irq_flags);
if (npages)
- ttm_page_pool_free(pool, npages);
+ ttm_page_pool_free(pool, npages, GFP_KERNEL);
}
/*
@@ -850,7 +850,8 @@ void ttm_page_alloc_fini(void)
ttm_pool_mm_shrink_fini(_manager);
for (i = 0; i < NUM_POOLS; ++i)
- ttm_page_pool_free(&_manager->pools[i], FREE_ALL_PAGES);
+ ttm_page_pool_free(&_manager->pools[i], FREE_ALL_PAGES,
+ GFP_KERNEL);
kobject_put(&_manager->kobj);
_manager = NULL;
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
index 524cc1a..ca65df1 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
@@ -411,8 +411,10 @@ static void ttm_dma_page_put(struct dma_pool *pool, struct dma_page *d_page)
*
* @pool: to free the pages from
* @nr_free: If set to true will free all pages in pool
+ * @gfp: GFP flags.
**/
-static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free)
+static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free,
+ gfp_t gfp)
{
unsigned long irq_flags;
struct dma_page *dma_p, *tmp;
@@ -430,8 +432,7 @@ static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free)
npages_to_free, nr_free);
}
#endif
- pages_to_free = kmalloc(npages_to_free * sizeof(struct page *),
- GFP_KERNEL);
+ pages_to_free = kmalloc(npages_to_free * sizeof(struct page *), gfp);
if (!pages_to_free) {
pr_err("%s: Failed to allocate memory for pool free operation\n",
@@ -530,7 +531,7 @@ static void ttm_dma_free_pool(struct device *dev, enum pool_type type)
if (pool->type != type)
continue;
/* Takes a spinlock.. */
- ttm_dma_page_pool_free(pool, FREE_ALL_PAGES);
+ ttm_dma_page_pool_free(pool, FREE_ALL_PAGES, GFP_KERNEL);
WARN_ON(((pool->npages_in_use + pool->npages_free) != 0));
/* This code path is called after _all_ references to the
* struct device has been dropped - so nobody should be
@@ -983,7 +984,7 @@ void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev)
/* shrink pool if necessary (only on !is_cached pools)*/
if (npages)
- ttm_dma_page_pool_free(pool, npages);
+ ttm_dma_page_pool_free(pool, npages, GFP_KERNEL);
ttm->state = tt_unpopulated;
}
EXPORT_SYMBOL_GPL(ttm_dma_unpopulate);
@@ -993,10 +994,7 @@ EXPORT_SYMBOL_GPL(ttm_dma_unpopulate);
*
* XXX: (dchinner) Deadlock warning!
*
- * ttm_dma_page_pool_free() does GFP_KERNEL memory allocation, and so attention
- * needs to be paid to sc->gfp_mask to determine if this can be done or not.
- * GFP_KERNEL memory allocation in a GFP_ATOMIC reclaim context woul dbe really
- * bad.
+ * We need to pass sc->gfp_mask to ttm_dma_page_pool_free().
*
* I'm getting sadder as I hear more pathetical whimpers about needing per-pool
* shrinkers
@@ -1030,7 +1028,8 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
if (++idx < pool_offset)
continue;
nr_free = shrink_pages;
- shrink_pages = ttm_dma_page_pool_free(p->pool, nr_free);
+ shrink_pages = ttm_dma_page_pool_free(p->pool, nr_free,
+ sc->gfp_mask);
freed += nr_free - shrink_pages;
pr_debug("%s: (%s:%d) Asked to shrink %d, have %d more to go\n",
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 150/187] powerpc/mm/numa: Fix break placement
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (148 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 149/187] drm/ttm: Pass GFP flags in order to avoid deadlock Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 151/187] powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal Kamal Mostafa
` (37 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Andrey Utkin, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Utkin <andrey.krieger.utkin@gmail.com>
commit b00fc6ec1f24f9d7af9b8988b6a198186eb3408c upstream.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=81631
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Andrey Utkin <andrey.krieger.utkin@gmail.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/mm/numa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
index 6847d50..c752d50 100644
--- a/arch/powerpc/mm/numa.c
+++ b/arch/powerpc/mm/numa.c
@@ -588,8 +588,8 @@ static int cpu_numa_callback(struct notifier_block *nfb, unsigned long action,
case CPU_UP_CANCELED:
case CPU_UP_CANCELED_FROZEN:
unmap_cpu_from_node(lcpu);
- break;
ret = NOTIFY_OK;
+ break;
#endif
}
return ret;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 151/187] powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (149 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 150/187] powerpc/mm/numa: Fix break placement Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 152/187] drm/radeon: load the lm63 driver for an lm64 thermal chip Kamal Mostafa
` (36 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Tyrel Datwyler, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
commit 7340056567e32b2c9d3554eb146e1977c93da116 upstream.
Commit bcdde7e made __sysfs_remove_dir() recursive and introduced a BUG_ON
during PHB removal while attempting to delete the power managment attribute
group of the bus. This is a result of tearing the bridge and bus devices down
out of order in remove_phb_dynamic. Since, the the bus resides below the bridge
in the sysfs device tree it should be torn down first.
This patch simply moves the device_unregister call for the PHB bridge device
after the device_unregister call for the PHB bus.
Fixes: bcdde7e221a8 ("sysfs: make __sysfs_remove_dir() recursive")
Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/platforms/pseries/pci_dlpar.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/pci_dlpar.c b/arch/powerpc/platforms/pseries/pci_dlpar.c
index efe6137..e68922b 100644
--- a/arch/powerpc/platforms/pseries/pci_dlpar.c
+++ b/arch/powerpc/platforms/pseries/pci_dlpar.c
@@ -118,10 +118,10 @@ int remove_phb_dynamic(struct pci_controller *phb)
}
}
- /* Unregister the bridge device from sysfs and remove the PCI bus */
- device_unregister(b->bridge);
+ /* Remove the PCI bus and unregister the bridge device from sysfs */
phb->bus = NULL;
pci_remove_bus(b);
+ device_unregister(b->bridge);
/* Now release the IO resource */
if (res->flags & IORESOURCE_IO)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 152/187] drm/radeon: load the lm63 driver for an lm64 thermal chip.
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (150 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 151/187] powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 153/187] drm/radeon: set VM base addr using the PFP v2 Kamal Mostafa
` (35 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 5dc355325b648dc9b4cf3bea4d968de46fd59215 upstream.
Looks like the lm63 driver supports the lm64 as well.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_atombios.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
index dfa6412..402d463 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -1963,7 +1963,7 @@ static const char *thermal_controller_names[] = {
"adm1032",
"adm1030",
"max6649",
- "lm64",
+ "lm63", /* lm64 */
"f75375",
"asc7xxx",
};
@@ -1974,7 +1974,7 @@ static const char *pp_lib_thermal_controller_names[] = {
"adm1032",
"adm1030",
"max6649",
- "lm64",
+ "lm63", /* lm64 */
"f75375",
"RV6xx",
"RV770",
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 153/187] drm/radeon: set VM base addr using the PFP v2
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (151 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 152/187] drm/radeon: load the lm63 driver for an lm64 thermal chip Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 154/187] drm/radeon/atom: add new voltage fetch function for hawaii Kamal Mostafa
` (34 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christian König, Alex Deucher, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@amd.com>
commit f1d2a26b506e9dc7bbe94fae40da0a0d8dcfacd0 upstream.
Seems to make VM flushes more stable on SI and CIK.
v2: only use the PFP on the GFX ring on CIK
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/cik.c | 5 +++--
drivers/gpu/drm/radeon/si.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index 17649ac..f605f6e 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -5332,12 +5332,13 @@ static void cik_vm_decode_fault(struct radeon_device *rdev,
void cik_vm_flush(struct radeon_device *rdev, int ridx, struct radeon_vm *vm)
{
struct radeon_ring *ring = &rdev->ring[ridx];
+ int usepfp = (ridx == RADEON_RING_TYPE_GFX_INDEX);
if (vm == NULL)
return;
radeon_ring_write(ring, PACKET3(PACKET3_WRITE_DATA, 3));
- radeon_ring_write(ring, (WRITE_DATA_ENGINE_SEL(0) |
+ radeon_ring_write(ring, (WRITE_DATA_ENGINE_SEL(usepfp) |
WRITE_DATA_DST_SEL(0)));
if (vm->id < 8) {
radeon_ring_write(ring,
@@ -5396,7 +5397,7 @@ void cik_vm_flush(struct radeon_device *rdev, int ridx, struct radeon_vm *vm)
radeon_ring_write(ring, 1 << vm->id);
/* compute doesn't have PFP */
- if (ridx == RADEON_RING_TYPE_GFX_INDEX) {
+ if (usepfp) {
/* sync PFP to ME, otherwise we might get invalid PFP reads */
radeon_ring_write(ring, PACKET3(PACKET3_PFP_SYNC_ME, 0));
radeon_ring_write(ring, 0x0);
diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
index d5c8438..18c197f 100644
--- a/drivers/gpu/drm/radeon/si.c
+++ b/drivers/gpu/drm/radeon/si.c
@@ -4697,7 +4697,7 @@ void si_vm_flush(struct radeon_device *rdev, int ridx, struct radeon_vm *vm)
/* write new base address */
radeon_ring_write(ring, PACKET3(PACKET3_WRITE_DATA, 3));
- radeon_ring_write(ring, (WRITE_DATA_ENGINE_SEL(0) |
+ radeon_ring_write(ring, (WRITE_DATA_ENGINE_SEL(1) |
WRITE_DATA_DST_SEL(0)));
if (vm->id < 8) {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 154/187] drm/radeon/atom: add new voltage fetch function for hawaii
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (152 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 153/187] drm/radeon: set VM base addr using the PFP v2 Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 155/187] drm/radeon/dpm: handle voltage info fetching on hawaii Kamal Mostafa
` (33 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit e9f274b2a1bd4ecc569b823b1e7942e9bf92593e upstream.
Some hawaii boards use a different method for fetching the
voltage information from the vbios.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon.h | 3 +++
drivers/gpu/drm/radeon/radeon_atombios.c | 35 ++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h
index 68b29d9..6cc9331 100644
--- a/drivers/gpu/drm/radeon/radeon.h
+++ b/drivers/gpu/drm/radeon/radeon.h
@@ -289,6 +289,9 @@ int radeon_atom_get_leakage_vddc_based_on_leakage_params(struct radeon_device *r
u16 *vddc, u16 *vddci,
u16 virtual_voltage_id,
u16 vbios_voltage_id);
+int radeon_atom_get_voltage_evv(struct radeon_device *rdev,
+ u16 virtual_voltage_id,
+ u16 *voltage);
int radeon_atom_round_to_true_voltage(struct radeon_device *rdev,
u8 voltage_type,
u16 nominal_voltage,
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
index 402d463..4af5a78 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -3236,6 +3236,41 @@ int radeon_atom_get_leakage_vddc_based_on_leakage_params(struct radeon_device *r
return 0;
}
+union get_voltage_info {
+ struct _GET_VOLTAGE_INFO_INPUT_PARAMETER_V1_2 in;
+ struct _GET_EVV_VOLTAGE_INFO_OUTPUT_PARAMETER_V1_2 evv_out;
+};
+
+int radeon_atom_get_voltage_evv(struct radeon_device *rdev,
+ u16 virtual_voltage_id,
+ u16 *voltage)
+{
+ int index = GetIndexIntoMasterTable(COMMAND, GetVoltageInfo);
+ u32 entry_id;
+ u32 count = rdev->pm.dpm.dyn_state.vddc_dependency_on_sclk.count;
+ union get_voltage_info args;
+
+ for (entry_id = 0; entry_id < count; entry_id++) {
+ if (rdev->pm.dpm.dyn_state.vddc_dependency_on_sclk.entries[entry_id].v ==
+ virtual_voltage_id)
+ break;
+ }
+
+ if (entry_id >= count)
+ return -EINVAL;
+
+ args.in.ucVoltageType = VOLTAGE_TYPE_VDDC;
+ args.in.ucVoltageMode = ATOM_GET_VOLTAGE_EVV_VOLTAGE;
+ args.in.ulSCLKFreq =
+ cpu_to_le32(rdev->pm.dpm.dyn_state.vddc_dependency_on_sclk.entries[entry_id].clk);
+
+ atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args);
+
+ *voltage = le16_to_cpu(args.evv_out.usVoltageLevel);
+
+ return 0;
+}
+
int radeon_atom_get_voltage_gpio_settings(struct radeon_device *rdev,
u16 voltage_level, u8 voltage_type,
u32 *gpio_value, u32 *gpio_mask)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 155/187] drm/radeon/dpm: handle voltage info fetching on hawaii
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (153 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 154/187] drm/radeon/atom: add new voltage fetch function for hawaii Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 156/187] drm/radeon: re-enable dpm by default on cayman Kamal Mostafa
` (32 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 6b57f20cb5b708415fbab63847f8f8429b051af8 upstream.
Some hawaii cards use a different method to fetch the
voltage info from the vbios.
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=74250
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/ci_dpm.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/radeon/ci_dpm.c b/drivers/gpu/drm/radeon/ci_dpm.c
index ca13ab5..8bfab60 100644
--- a/drivers/gpu/drm/radeon/ci_dpm.c
+++ b/drivers/gpu/drm/radeon/ci_dpm.c
@@ -923,7 +923,18 @@ static void ci_get_leakage_voltages(struct radeon_device *rdev)
pi->vddc_leakage.count = 0;
pi->vddci_leakage.count = 0;
- if (radeon_atom_get_leakage_id_from_vbios(rdev, &leakage_id) == 0) {
+ if (rdev->pm.dpm.platform_caps & ATOM_PP_PLATFORM_CAP_EVV) {
+ for (i = 0; i < CISLANDS_MAX_LEAKAGE_COUNT; i++) {
+ virtual_voltage_id = ATOM_VIRTUAL_VOLTAGE_ID0 + i;
+ if (radeon_atom_get_voltage_evv(rdev, virtual_voltage_id, &vddc) != 0)
+ continue;
+ if (vddc != 0 && vddc != virtual_voltage_id) {
+ pi->vddc_leakage.actual_voltage[pi->vddc_leakage.count] = vddc;
+ pi->vddc_leakage.leakage_id[pi->vddc_leakage.count] = virtual_voltage_id;
+ pi->vddc_leakage.count++;
+ }
+ }
+ } else if (radeon_atom_get_leakage_id_from_vbios(rdev, &leakage_id) == 0) {
for (i = 0; i < CISLANDS_MAX_LEAKAGE_COUNT; i++) {
virtual_voltage_id = ATOM_VIRTUAL_VOLTAGE_ID0 + i;
if (radeon_atom_get_leakage_vddc_based_on_leakage_params(rdev, &vddc, &vddci,
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 156/187] drm/radeon: re-enable dpm by default on cayman
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (154 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 155/187] drm/radeon/dpm: handle voltage info fetching on hawaii Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 157/187] drm/radeon: re-enable dpm by default on BTC Kamal Mostafa
` (31 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 8f500af4efe347d1a8ac674d115220e8caa84559 upstream.
This patch depends on:
b0880e87c1fd038b84498944f52e52c3e86ebe59
(drm/radeon/dpm: fix vddci setup typo on cayman)
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=69723
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_pm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
index 446e67f..5a5925c 100644
--- a/drivers/gpu/drm/radeon/radeon_pm.c
+++ b/drivers/gpu/drm/radeon/radeon_pm.c
@@ -1274,7 +1274,6 @@ int radeon_pm_init(struct radeon_device *rdev)
case CHIP_BARTS:
case CHIP_TURKS:
case CHIP_CAICOS:
- case CHIP_CAYMAN:
case CHIP_BONAIRE:
case CHIP_KABINI:
case CHIP_KAVERI:
@@ -1302,6 +1301,7 @@ int radeon_pm_init(struct radeon_device *rdev)
case CHIP_PALM:
case CHIP_SUMO:
case CHIP_SUMO2:
+ case CHIP_CAYMAN:
case CHIP_ARUBA:
case CHIP_TAHITI:
case CHIP_PITCAIRN:
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 157/187] drm/radeon: re-enable dpm by default on BTC
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (155 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 156/187] drm/radeon: re-enable dpm by default on cayman Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 158/187] drm/radeon: use packet2 for nop on hawaii with old firmware Kamal Mostafa
` (30 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Alex Deucher, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit c08abf11900e19b14dd3a0cc3d105bd74519cd18 upstream.
This patch depends on:
e07929810f0a19ddd756558290c7d72827cbfcd9
(drm/radeon/dpm: fix typo in vddci setup for eg/btc)
bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=73053
https://bugzilla.kernel.org/show_bug.cgi?id=68571
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_pm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
index 5a5925c..b19ac0d 100644
--- a/drivers/gpu/drm/radeon/radeon_pm.c
+++ b/drivers/gpu/drm/radeon/radeon_pm.c
@@ -1271,9 +1271,6 @@ int radeon_pm_init(struct radeon_device *rdev)
case CHIP_RS780:
case CHIP_RS880:
case CHIP_RV770:
- case CHIP_BARTS:
- case CHIP_TURKS:
- case CHIP_CAICOS:
case CHIP_BONAIRE:
case CHIP_KABINI:
case CHIP_KAVERI:
@@ -1301,6 +1298,9 @@ int radeon_pm_init(struct radeon_device *rdev)
case CHIP_PALM:
case CHIP_SUMO:
case CHIP_SUMO2:
+ case CHIP_BARTS:
+ case CHIP_TURKS:
+ case CHIP_CAICOS:
case CHIP_CAYMAN:
case CHIP_ARUBA:
case CHIP_TAHITI:
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 158/187] drm/radeon: use packet2 for nop on hawaii with old firmware
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (156 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 157/187] drm/radeon: re-enable dpm by default on BTC Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 159/187] drm/radeon: tweak ACCEL_WORKING2 query for hawaii Kamal Mostafa
` (29 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alex Deucher, Andreas Boll, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 0e16e4cfde70e1cf00f9fe3a8f601d10e73e0ec6 upstream.
Older firmware didn't support the new nop packet.
v2 (Andreas Boll):
- Drop usage of packet3 for new firmware
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com> (v1)
Signed-off-by: Andreas Boll <andreas.boll.dev@gmail.com>
[ kamal: backport to 3.13: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/cik.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index f605f6e..1523902 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -7576,6 +7576,7 @@ restart_ih:
static int cik_startup(struct radeon_device *rdev)
{
struct radeon_ring *ring;
+ u32 nop;
int r;
/* enable pcie gen2/3 link */
@@ -7693,10 +7694,16 @@ static int cik_startup(struct radeon_device *rdev)
}
cik_irq_set(rdev);
+ if (rdev->family == CHIP_HAWAII) {
+ nop = RADEON_CP_PACKET2;
+ } else {
+ nop = PACKET3(PACKET3_NOP, 0x3FFF);
+ }
+
ring = &rdev->ring[RADEON_RING_TYPE_GFX_INDEX];
r = radeon_ring_init(rdev, ring, ring->ring_size, RADEON_WB_CP_RPTR_OFFSET,
CP_RB0_RPTR, CP_RB0_WPTR,
- PACKET3(PACKET3_NOP, 0x3FFF));
+ nop);
if (r)
return r;
@@ -7705,7 +7712,7 @@ static int cik_startup(struct radeon_device *rdev)
ring = &rdev->ring[CAYMAN_RING_TYPE_CP1_INDEX];
r = radeon_ring_init(rdev, ring, ring->ring_size, RADEON_WB_CP1_RPTR_OFFSET,
CP_HQD_PQ_RPTR, CP_HQD_PQ_WPTR,
- PACKET3(PACKET3_NOP, 0x3FFF));
+ nop);
if (r)
return r;
ring->me = 1; /* first MEC */
@@ -7717,7 +7724,7 @@ static int cik_startup(struct radeon_device *rdev)
ring = &rdev->ring[CAYMAN_RING_TYPE_CP2_INDEX];
r = radeon_ring_init(rdev, ring, ring->ring_size, RADEON_WB_CP2_RPTR_OFFSET,
CP_HQD_PQ_RPTR, CP_HQD_PQ_WPTR,
- PACKET3(PACKET3_NOP, 0x3FFF));
+ nop);
if (r)
return r;
/* dGPU only have 1 MEC */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 159/187] drm/radeon: tweak ACCEL_WORKING2 query for hawaii
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (157 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 158/187] drm/radeon: use packet2 for nop on hawaii with old firmware Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 160/187] KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use Kamal Mostafa
` (28 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Alex Deucher, Andreas Boll, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 3c64bd26f7e9bd589ebe0d1ebec69ef2f784c12d upstream.
Return 2 so we can be sure the kernel has the necessary
changes for acceleration to work.
Note: This patch depends on these two commits:
- drm/radeon: fix cut and paste issue for hawaii.
- drm/radeon: use packet2 for nop on hawaii with old firmware
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Andreas Boll <andreas.boll.dev@gmail.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/radeon/radeon_kms.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c
index 5ef56ad..ecffe85 100644
--- a/drivers/gpu/drm/radeon/radeon_kms.c
+++ b/drivers/gpu/drm/radeon/radeon_kms.c
@@ -254,7 +254,14 @@ int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file *filp)
}
break;
case RADEON_INFO_ACCEL_WORKING2:
- *value = rdev->accel_working;
+ if (rdev->family == CHIP_HAWAII) {
+ if (rdev->accel_working)
+ *value = 2;
+ else
+ *value = 0;
+ } else {
+ *value = rdev->accel_working;
+ }
break;
case RADEON_INFO_TILING_CONFIG:
if (rdev->family >= CHIP_BONAIRE)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 160/187] KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (158 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 159/187] drm/radeon: tweak ACCEL_WORKING2 query for hawaii Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 161/187] RDMA/iwcm: Use a default listen backlog if needed Kamal Mostafa
` (27 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Wanpeng Li, Paolo Bonzini, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Wanpeng Li <wanpeng.li@linux.intel.com>
commit 56cc2406d68c0f09505c389e276f27a99f495cbd upstream.
After commit 77b0f5d (KVM: nVMX: Ack and write vector info to intr_info
if L1 asks us to), "Acknowledge interrupt on exit" behavior can be
emulated. To do so, KVM will ask the APIC for the interrupt vector if
during a nested vmexit if VM_EXIT_ACK_INTR_ON_EXIT is set. With APICv,
kvm_get_apic_interrupt would return -1 and give the following WARNING:
Call Trace:
[<ffffffff81493563>] dump_stack+0x49/0x5e
[<ffffffff8103f0eb>] warn_slowpath_common+0x7c/0x96
[<ffffffffa059709a>] ? nested_vmx_vmexit+0xa4/0x233 [kvm_intel]
[<ffffffff8103f11a>] warn_slowpath_null+0x15/0x17
[<ffffffffa059709a>] nested_vmx_vmexit+0xa4/0x233 [kvm_intel]
[<ffffffffa0594295>] ? nested_vmx_exit_handled+0x6a/0x39e [kvm_intel]
[<ffffffffa0537931>] ? kvm_apic_has_interrupt+0x80/0xd5 [kvm]
[<ffffffffa05972ec>] vmx_check_nested_events+0xc3/0xd3 [kvm_intel]
[<ffffffffa051ebe9>] inject_pending_event+0xd0/0x16e [kvm]
[<ffffffffa051efa0>] vcpu_enter_guest+0x319/0x704 [kvm]
To fix this, we cannot rely on the processor's virtual interrupt delivery,
because "acknowledge interrupt on exit" must only update the virtual
ISR/PPR/IRR registers (and SVI, which is just a cache of the virtual ISR)
but it should not deliver the interrupt through the IDT. Thus, KVM has
to deliver the interrupt "by hand", similar to the treatment of EOI in
commit fc57ac2c9ca8 (KVM: lapic: sync highest ISR to hardware apic on
EOI, 2014-05-14).
The patch modifies kvm_cpu_get_interrupt to always acknowledge an
interrupt; there are only two callers, and the other is not affected
because it is never reached with kvm_apic_vid_enabled() == true. Then it
modifies apic_set_isr and apic_clear_irr to update SVI and RVI in addition
to the registers.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: "Zhang, Yang Z" <yang.z.zhang@intel.com>
Tested-by: Liu, RongrongX <rongrongx.liu@intel.com>
Tested-by: Felipe Reyes <freyes@suse.com>
Fixes: 77b0f5d67ff2781f36831cba79674c3e97bd7acf
Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/kvm/irq.c | 2 +-
arch/x86/kvm/lapic.c | 52 +++++++++++++++++++++++++++++++++++++++-------------
2 files changed, 40 insertions(+), 14 deletions(-)
diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c
index 484bc87..3ec38cb 100644
--- a/arch/x86/kvm/irq.c
+++ b/arch/x86/kvm/irq.c
@@ -108,7 +108,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcpu *v)
vector = kvm_cpu_get_extint(v);
- if (kvm_apic_vid_enabled(v->kvm) || vector != -1)
+ if (vector != -1)
return vector; /* PIC */
return kvm_get_apic_interrupt(v); /* APIC */
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 92bbb39..f52e300 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -352,25 +352,46 @@ static inline int apic_find_highest_irr(struct kvm_lapic *apic)
static inline void apic_clear_irr(int vec, struct kvm_lapic *apic)
{
- apic->irr_pending = false;
+ struct kvm_vcpu *vcpu;
+
+ vcpu = apic->vcpu;
+
apic_clear_vector(vec, apic->regs + APIC_IRR);
- if (apic_search_irr(apic) != -1)
- apic->irr_pending = true;
+ if (unlikely(kvm_apic_vid_enabled(vcpu->kvm)))
+ /* try to update RVI */
+ kvm_make_request(KVM_REQ_EVENT, vcpu);
+ else {
+ vec = apic_search_irr(apic);
+ apic->irr_pending = (vec != -1);
+ }
}
static inline void apic_set_isr(int vec, struct kvm_lapic *apic)
{
- /* Note that we never get here with APIC virtualization enabled. */
+ struct kvm_vcpu *vcpu;
+
+ if (__apic_test_and_set_vector(vec, apic->regs + APIC_ISR))
+ return;
+
+ vcpu = apic->vcpu;
- if (!__apic_test_and_set_vector(vec, apic->regs + APIC_ISR))
- ++apic->isr_count;
- BUG_ON(apic->isr_count > MAX_APIC_VECTOR);
/*
- * ISR (in service register) bit is set when injecting an interrupt.
- * The highest vector is injected. Thus the latest bit set matches
- * the highest bit in ISR.
+ * With APIC virtualization enabled, all caching is disabled
+ * because the processor can modify ISR under the hood. Instead
+ * just set SVI.
*/
- apic->highest_isr_cache = vec;
+ if (unlikely(kvm_apic_vid_enabled(vcpu->kvm)))
+ kvm_x86_ops->hwapic_isr_update(vcpu->kvm, vec);
+ else {
+ ++apic->isr_count;
+ BUG_ON(apic->isr_count > MAX_APIC_VECTOR);
+ /*
+ * ISR (in service register) bit is set when injecting an interrupt.
+ * The highest vector is injected. Thus the latest bit set matches
+ * the highest bit in ISR.
+ */
+ apic->highest_isr_cache = vec;
+ }
}
static inline int apic_find_highest_isr(struct kvm_lapic *apic)
@@ -1627,11 +1648,16 @@ int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu)
int vector = kvm_apic_has_interrupt(vcpu);
struct kvm_lapic *apic = vcpu->arch.apic;
- /* Note that we never get here with APIC virtualization enabled. */
-
if (vector == -1)
return -1;
+ /*
+ * We get here even with APIC virtualization enabled, if doing
+ * nested virtualization and L1 runs with the "acknowledge interrupt
+ * on exit" mode. Then we cannot inject the interrupt via RVI,
+ * because the process would deliver it through the IDT.
+ */
+
apic_set_isr(vector, apic);
apic_update_ppr(apic);
apic_clear_irr(vector, apic);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 161/187] RDMA/iwcm: Use a default listen backlog if needed
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (159 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 160/187] KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 162/187] x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub Kamal Mostafa
` (26 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Steve Wise, Roland Dreier, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve Wise <swise@opengridcomputing.com>
commit 2f0304d21867476394cd51a54e97f7273d112261 upstream.
If the user creates a listening cm_id with backlog of 0 the IWCM ends
up not allowing any connection requests at all. The correct behavior
is for the IWCM to pick a default value if the user backlog parameter
is zero.
Lustre from version 1.8.8 onward uses a backlog of 0, which breaks
iwarp support without this fix.
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/infiniband/core/iwcm.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c
index 0717940..a86b6ca 100644
--- a/drivers/infiniband/core/iwcm.c
+++ b/drivers/infiniband/core/iwcm.c
@@ -46,6 +46,7 @@
#include <linux/completion.h>
#include <linux/slab.h>
#include <linux/module.h>
+#include <linux/sysctl.h>
#include <rdma/iw_cm.h>
#include <rdma/ib_addr.h>
@@ -65,6 +66,20 @@ struct iwcm_work {
struct list_head free_list;
};
+static unsigned int default_backlog = 256;
+
+static struct ctl_table_header *iwcm_ctl_table_hdr;
+static struct ctl_table iwcm_ctl_table[] = {
+ {
+ .procname = "default_backlog",
+ .data = &default_backlog,
+ .maxlen = sizeof(default_backlog),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+ { }
+};
+
/*
* The following services provide a mechanism for pre-allocating iwcm_work
* elements. The design pre-allocates them based on the cm_id type:
@@ -426,6 +441,9 @@ int iw_cm_listen(struct iw_cm_id *cm_id, int backlog)
cm_id_priv = container_of(cm_id, struct iwcm_id_private, id);
+ if (!backlog)
+ backlog = default_backlog;
+
ret = alloc_work_entries(cm_id_priv, backlog);
if (ret)
return ret;
@@ -1031,11 +1049,20 @@ static int __init iw_cm_init(void)
if (!iwcm_wq)
return -ENOMEM;
+ iwcm_ctl_table_hdr = register_net_sysctl(&init_net, "net/iw_cm",
+ iwcm_ctl_table);
+ if (!iwcm_ctl_table_hdr) {
+ pr_err("iw_cm: couldn't register sysctl paths\n");
+ destroy_workqueue(iwcm_wq);
+ return -ENOMEM;
+ }
+
return 0;
}
static void __exit iw_cm_cleanup(void)
{
+ unregister_net_sysctl_table(iwcm_ctl_table_hdr);
destroy_workqueue(iwcm_wq);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 162/187] x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (160 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 161/187] RDMA/iwcm: Use a default listen backlog if needed Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 163/187] net: sun4i-emac: fix memory leak on bad packet Kamal Mostafa
` (25 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: H. Peter Anvin, Matt Fleming, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Fleming <matt.fleming@intel.com>
commit 7b2a583afb4ab894f78bc0f8bd136e96b6499a7e upstream.
Without CONFIG_RELOCATABLE the early boot code will decompress the
kernel to LOAD_PHYSICAL_ADDR. While this may have been fine in the BIOS
days, that isn't going to fly with UEFI since parts of the firmware
code/data may be located at LOAD_PHYSICAL_ADDR.
Straying outside of the bounds of the regions we've explicitly requested
from the firmware will cause all sorts of trouble. Bruno reports that
his machine resets while trying to decompress the kernel image.
We already go to great pains to ensure the kernel is loaded into a
suitably aligned buffer, it's just that the address isn't necessarily
LOAD_PHYSICAL_ADDR, because we can't guarantee that address isn't in-use
by the firmware.
Explicitly enforce CONFIG_RELOCATABLE for the EFI boot stub, so that we
can load the kernel at any address with the correct alignment.
Reported-by: Bruno Prémont <bonbons@linux-vserver.org>
Tested-by: Bruno Prémont <bonbons@linux-vserver.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 08fa7df..03e74b3 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1613,6 +1613,7 @@ config EFI
config EFI_STUB
bool "EFI stub support"
depends on EFI
+ select RELOCATABLE
---help---
This kernel feature allows a bzImage to be loaded directly
by EFI firmware without the use of a bootloader.
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 163/187] net: sun4i-emac: fix memory leak on bad packet
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (161 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 162/187] x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 164/187] hwmon: (ads1015) Fix out-of-bounds array access Kamal Mostafa
` (24 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Stefan Roese, Maxime Ripard, Marc Zyngier, David S. Miller,
Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <marc.zyngier@arm.com>
commit 2670cc699a66c4cf268cb3e3f6dfc325ec14f224 upstream.
Upon reception of a new frame, the emac driver checks for a number
of error conditions, and flag the packet as "bad" if any of these
are present. It then allocates a skb unconditionally, but only uses
it if the packet is "good". On the error path, the skb is just forgotten,
and the system leaks memory.
The piece of junk I have on my desk seems to encounter such error
frequently enough so that the box goes OOM after a couple of days,
which makes me grumpy.
Fix this by moving the allocation on the "good_packet" path (and
convert it to netdev_alloc_skb while we're at it).
Tested on a random Allwinner A20 board.
Cc: Stefan Roese <sr@denx.de>
Cc: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/ethernet/allwinner/sun4i-emac.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/allwinner/sun4i-emac.c b/drivers/net/ethernet/allwinner/sun4i-emac.c
index 81576c6..ac73553 100644
--- a/drivers/net/ethernet/allwinner/sun4i-emac.c
+++ b/drivers/net/ethernet/allwinner/sun4i-emac.c
@@ -623,8 +623,10 @@ static void emac_rx(struct net_device *dev)
}
/* Move data from EMAC */
- skb = dev_alloc_skb(rxlen + 4);
- if (good_packet && skb) {
+ if (good_packet) {
+ skb = netdev_alloc_skb(dev, rxlen + 4);
+ if (!skb)
+ continue;
skb_reserve(skb, 2);
rdptr = (u8 *) skb_put(skb, rxlen - 4);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 164/187] hwmon: (ads1015) Fix out-of-bounds array access
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (162 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 163/187] net: sun4i-emac: fix memory leak on bad packet Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 165/187] hwmon: (dme1737) Prevent overflow problem when writing large limits Kamal Mostafa
` (23 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit e981429557cbe10c780fab1c1a237cb832757652 upstream.
Current code uses data_rate as array index in ads1015_read_adc() and uses pga
as array index in ads1015_reg_to_mv, so we must make sure both data_rate and
pga settings are in valid value range.
Return -EINVAL if the setting is out-of-range.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/ads1015.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/hwmon/ads1015.c b/drivers/hwmon/ads1015.c
index 22e0c92..1265164 100644
--- a/drivers/hwmon/ads1015.c
+++ b/drivers/hwmon/ads1015.c
@@ -212,6 +212,7 @@ static int ads1015_get_channels_config_of(struct i2c_client *client)
dev_err(&client->dev,
"invalid gain on %s\n",
node->full_name);
+ return -EINVAL;
}
}
@@ -222,6 +223,7 @@ static int ads1015_get_channels_config_of(struct i2c_client *client)
dev_err(&client->dev,
"invalid data_rate on %s\n",
node->full_name);
+ return -EINVAL;
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 165/187] hwmon: (dme1737) Prevent overflow problem when writing large limits
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (163 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 164/187] hwmon: (ads1015) Fix out-of-bounds array access Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 166/187] s390/locking: Reenable optimistic spinning Kamal Mostafa
` (22 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Axel Lin, Guenter Roeck, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Axel Lin <axel.lin@ingics.com>
commit d58e47d787c09fe5c61af3c6ce7d784762f29c3d upstream.
On platforms with sizeof(int) < sizeof(long), writing a temperature
limit larger than MAXINT will result in unpredictable limit values
written to the chip. Avoid auto-conversion from long to int to fix
the problem.
Voltage limits, fan minimum speed, pwm frequency, pwm ramp rate, and
other attributes have the same problem, fix them as well.
Zone temperature limits are signed, but were cached as u8, causing
unepected values to be reported for negative temperatures. Cache as
s8 to fix the problem.
vrm is an u8, so the written value needs to be limited to [0, 255].
Signed-off-by: Axel Lin <axel.lin@ingics.com>
[Guenter Roeck: Fix zone temperature cache]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/hwmon/dme1737.c | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/drivers/hwmon/dme1737.c b/drivers/hwmon/dme1737.c
index 4ae3fff..bea0a34 100644
--- a/drivers/hwmon/dme1737.c
+++ b/drivers/hwmon/dme1737.c
@@ -247,8 +247,8 @@ struct dme1737_data {
u8 pwm_acz[3];
u8 pwm_freq[6];
u8 pwm_rr[2];
- u8 zone_low[3];
- u8 zone_abs[3];
+ s8 zone_low[3];
+ s8 zone_abs[3];
u8 zone_hyst[2];
u32 alarms;
};
@@ -277,7 +277,7 @@ static inline int IN_FROM_REG(int reg, int nominal, int res)
return (reg * nominal + (3 << (res - 3))) / (3 << (res - 2));
}
-static inline int IN_TO_REG(int val, int nominal)
+static inline int IN_TO_REG(long val, int nominal)
{
return clamp_val((val * 192 + nominal / 2) / nominal, 0, 255);
}
@@ -293,7 +293,7 @@ static inline int TEMP_FROM_REG(int reg, int res)
return (reg * 1000) >> (res - 8);
}
-static inline int TEMP_TO_REG(int val)
+static inline int TEMP_TO_REG(long val)
{
return clamp_val((val < 0 ? val - 500 : val + 500) / 1000, -128, 127);
}
@@ -308,7 +308,7 @@ static inline int TEMP_RANGE_FROM_REG(int reg)
return TEMP_RANGE[(reg >> 4) & 0x0f];
}
-static int TEMP_RANGE_TO_REG(int val, int reg)
+static int TEMP_RANGE_TO_REG(long val, int reg)
{
int i;
@@ -331,7 +331,7 @@ static inline int TEMP_HYST_FROM_REG(int reg, int ix)
return (((ix == 1) ? reg : reg >> 4) & 0x0f) * 1000;
}
-static inline int TEMP_HYST_TO_REG(int val, int ix, int reg)
+static inline int TEMP_HYST_TO_REG(long val, int ix, int reg)
{
int hyst = clamp_val((val + 500) / 1000, 0, 15);
@@ -347,7 +347,7 @@ static inline int FAN_FROM_REG(int reg, int tpc)
return (reg == 0 || reg == 0xffff) ? 0 : 90000 * 60 / reg;
}
-static inline int FAN_TO_REG(int val, int tpc)
+static inline int FAN_TO_REG(long val, int tpc)
{
if (tpc) {
return clamp_val(val / tpc, 0, 0xffff);
@@ -379,7 +379,7 @@ static inline int FAN_TYPE_FROM_REG(int reg)
return (edge > 0) ? 1 << (edge - 1) : 0;
}
-static inline int FAN_TYPE_TO_REG(int val, int reg)
+static inline int FAN_TYPE_TO_REG(long val, int reg)
{
int edge = (val == 4) ? 3 : val;
@@ -402,7 +402,7 @@ static int FAN_MAX_FROM_REG(int reg)
return 1000 + i * 500;
}
-static int FAN_MAX_TO_REG(int val)
+static int FAN_MAX_TO_REG(long val)
{
int i;
@@ -460,7 +460,7 @@ static inline int PWM_ACZ_FROM_REG(int reg)
return acz[(reg >> 5) & 0x07];
}
-static inline int PWM_ACZ_TO_REG(int val, int reg)
+static inline int PWM_ACZ_TO_REG(long val, int reg)
{
int acz = (val == 4) ? 2 : val - 1;
@@ -476,7 +476,7 @@ static inline int PWM_FREQ_FROM_REG(int reg)
return PWM_FREQ[reg & 0x0f];
}
-static int PWM_FREQ_TO_REG(int val, int reg)
+static int PWM_FREQ_TO_REG(long val, int reg)
{
int i;
@@ -510,7 +510,7 @@ static inline int PWM_RR_FROM_REG(int reg, int ix)
return (rr & 0x08) ? PWM_RR[rr & 0x07] : 0;
}
-static int PWM_RR_TO_REG(int val, int ix, int reg)
+static int PWM_RR_TO_REG(long val, int ix, int reg)
{
int i;
@@ -528,7 +528,7 @@ static inline int PWM_RR_EN_FROM_REG(int reg, int ix)
return PWM_RR_FROM_REG(reg, ix) ? 1 : 0;
}
-static inline int PWM_RR_EN_TO_REG(int val, int ix, int reg)
+static inline int PWM_RR_EN_TO_REG(long val, int ix, int reg)
{
int en = (ix == 1) ? 0x80 : 0x08;
@@ -1481,13 +1481,16 @@ static ssize_t set_vrm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
struct dme1737_data *data = dev_get_drvdata(dev);
- long val;
+ unsigned long val;
int err;
- err = kstrtol(buf, 10, &val);
+ err = kstrtoul(buf, 10, &val);
if (err)
return err;
+ if (val > 255)
+ return -EINVAL;
+
data->vrm = val;
return count;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 166/187] s390/locking: Reenable optimistic spinning
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (164 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 165/187] hwmon: (dme1737) Prevent overflow problem when writing large limits Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 167/187] ring-buffer: Up rb_iter_peek() loop count to 3 Kamal Mostafa
` (21 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Christian Borntraeger, Ingo Molnar, Peter Zijlstra,
Heiko Carstens, Martin Schwidefsky, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Borntraeger <borntraeger@de.ibm.com>
commit 36e7fdaa1a04fcf65b864232e1af56a51c7814d6 upstream.
commit 4badad352a6bb202ec68afa7a574c0bb961e5ebc (locking/mutex: Disable
optimistic spinning on some architectures) fenced spinning for
architectures without proper cmpxchg.
There is no need to disable mutex spinning on s390, though:
The instructions CS,CSG and friends provide the proper guarantees.
(We dont implement cmpxchg with locks).
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/s390/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index c8d8283..8993c96 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -93,6 +93,7 @@ config S390
select ARCH_INLINE_WRITE_UNLOCK_IRQ
select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
select ARCH_SAVE_PAGE_KEYS if HIBERNATION
+ select ARCH_SUPPORTS_ATOMIC_RMW
select ARCH_USE_CMPXCHG_LOCKREF
select ARCH_WANT_IPC_PARSE_VERSION
select BUILDTIME_EXTABLE_SORT
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 167/187] ring-buffer: Up rb_iter_peek() loop count to 3
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (165 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 166/187] s390/locking: Reenable optimistic spinning Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 168/187] ring-buffer: Always reset iterator to reader page Kamal Mostafa
` (20 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Steven Rostedt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
commit 021de3d904b88b1771a3a2cfc5b75023c391e646 upstream.
After writting a test to try to trigger the bug that caused the
ring buffer iterator to become corrupted, I hit another bug:
WARNING: CPU: 1 PID: 5281 at kernel/trace/ring_buffer.c:3766 rb_iter_peek+0x113/0x238()
Modules linked in: ipt_MASQUERADE sunrpc [...]
CPU: 1 PID: 5281 Comm: grep Tainted: G W 3.16.0-rc3-test+ #143
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS SDBLI944.86P 05/08/2007
0000000000000000 ffffffff81809a80 ffffffff81503fb0 0000000000000000
ffffffff81040ca1 ffff8800796d6010 ffffffff810c138d ffff8800796d6010
ffff880077438c80 ffff8800796d6010 ffff88007abbe600 0000000000000003
Call Trace:
[<ffffffff81503fb0>] ? dump_stack+0x4a/0x75
[<ffffffff81040ca1>] ? warn_slowpath_common+0x7e/0x97
[<ffffffff810c138d>] ? rb_iter_peek+0x113/0x238
[<ffffffff810c138d>] ? rb_iter_peek+0x113/0x238
[<ffffffff810c14df>] ? ring_buffer_iter_peek+0x2d/0x5c
[<ffffffff810c6f73>] ? tracing_iter_reset+0x6e/0x96
[<ffffffff810c74a3>] ? s_start+0xd7/0x17b
[<ffffffff8112b13e>] ? kmem_cache_alloc_trace+0xda/0xea
[<ffffffff8114cf94>] ? seq_read+0x148/0x361
[<ffffffff81132d98>] ? vfs_read+0x93/0xf1
[<ffffffff81132f1b>] ? SyS_read+0x60/0x8e
[<ffffffff8150bf9f>] ? tracesys+0xdd/0xe2
Debugging this bug, which triggers when the rb_iter_peek() loops too
many times (more than 2 times), I discovered there's a case that can
cause that function to legitimately loop 3 times!
rb_iter_peek() is different than rb_buffer_peek() as the rb_buffer_peek()
only deals with the reader page (it's for consuming reads). The
rb_iter_peek() is for traversing the buffer without consuming it, and as
such, it can loop for one more reason. That is, if we hit the end of
the reader page or any page, it will go to the next page and try again.
That is, we have this:
1. iter->head > iter->head_page->page->commit
(rb_inc_iter() which moves the iter to the next page)
try again
2. event = rb_iter_head_event()
event->type_len == RINGBUF_TYPE_TIME_EXTEND
rb_advance_iter()
try again
3. read the event.
But we never get to 3, because the count is greater than 2 and we
cause the WARNING and return NULL.
Up the counter to 3.
Fixes: 69d1b839f7ee "ring-buffer: Bind time extend and data events together"
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/trace/ring_buffer.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index bca008f..ce8e924 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1978,7 +1978,7 @@ rb_add_time_stamp(struct ring_buffer_event *event, u64 delta)
/**
* rb_update_event - update event type and data
- * @event: the even to update
+ * @event: the event to update
* @type: the type of event
* @length: the size of the event field in the ring buffer
*
@@ -3758,12 +3758,14 @@ rb_iter_peek(struct ring_buffer_iter *iter, u64 *ts)
return NULL;
/*
- * We repeat when a time extend is encountered.
- * Since the time extend is always attached to a data event,
- * we should never loop more than once.
- * (We never hit the following condition more than twice).
+ * We repeat when a time extend is encountered or we hit
+ * the end of the page. Since the time extend is always attached
+ * to a data event, we should never loop more than three times.
+ * Once for going to next page, once on time extend, and
+ * finally once to get the event.
+ * (We never hit the following condition more than thrice).
*/
- if (RB_WARN_ON(cpu_buffer, ++nr_loops > 2))
+ if (RB_WARN_ON(cpu_buffer, ++nr_loops > 3))
return NULL;
if (rb_per_cpu_empty(cpu_buffer))
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 168/187] ring-buffer: Always reset iterator to reader page
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (166 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 167/187] ring-buffer: Up rb_iter_peek() loop count to 3 Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 169/187] kernel/smp.c:on_each_cpu_cond(): fix warning in fallback path Kamal Mostafa
` (19 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Steven Rostedt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
commit 651e22f2701b4113989237c3048d17337dd2185c upstream.
When performing a consuming read, the ring buffer swaps out a
page from the ring buffer with a empty page and this page that
was swapped out becomes the new reader page. The reader page
is owned by the reader and since it was swapped out of the ring
buffer, writers do not have access to it (there's an exception
to that rule, but it's out of scope for this commit).
When reading the "trace" file, it is a non consuming read, which
means that the data in the ring buffer will not be modified.
When the trace file is opened, a ring buffer iterator is allocated
and writes to the ring buffer are disabled, such that the iterator
will not have issues iterating over the data.
Although the ring buffer disabled writes, it does not disable other
reads, or even consuming reads. If a consuming read happens, then
the iterator is reset and starts reading from the beginning again.
My tests would sometimes trigger this bug on my i386 box:
WARNING: CPU: 0 PID: 5175 at kernel/trace/trace.c:1527 __trace_find_cmdline+0x66/0xaa()
Modules linked in:
CPU: 0 PID: 5175 Comm: grep Not tainted 3.16.0-rc3-test+ #8
Hardware name: /DG965MQ, BIOS MQ96510J.86A.0372.2006.0605.1717 06/05/2006
00000000 00000000 f09c9e1c c18796b3 c1b5d74c f09c9e4c c103a0e3 c1b5154b
f09c9e78 00001437 c1b5d74c 000005f7 c10bd85a c10bd85a c1cac57c f09c9eb0
ed0e0000 f09c9e64 c103a185 00000009 f09c9e5c c1b5154b f09c9e78 f09c9e80^M
Call Trace:
[<c18796b3>] dump_stack+0x4b/0x75
[<c103a0e3>] warn_slowpath_common+0x7e/0x95
[<c10bd85a>] ? __trace_find_cmdline+0x66/0xaa
[<c10bd85a>] ? __trace_find_cmdline+0x66/0xaa
[<c103a185>] warn_slowpath_fmt+0x33/0x35
[<c10bd85a>] __trace_find_cmdline+0x66/0xaa^M
[<c10bed04>] trace_find_cmdline+0x40/0x64
[<c10c3c16>] trace_print_context+0x27/0xec
[<c10c4360>] ? trace_seq_printf+0x37/0x5b
[<c10c0b15>] print_trace_line+0x319/0x39b
[<c10ba3fb>] ? ring_buffer_read+0x47/0x50
[<c10c13b1>] s_show+0x192/0x1ab
[<c10bfd9a>] ? s_next+0x5a/0x7c
[<c112e76e>] seq_read+0x267/0x34c
[<c1115a25>] vfs_read+0x8c/0xef
[<c112e507>] ? seq_lseek+0x154/0x154
[<c1115ba2>] SyS_read+0x54/0x7f
[<c188488e>] syscall_call+0x7/0xb
---[ end trace 3f507febd6b4cc83 ]---
>>>> ##### CPU 1 buffer started ####
Which was the __trace_find_cmdline() function complaining about the pid
in the event record being negative.
After adding more test cases, this would trigger more often. Strangely
enough, it would never trigger on a single test, but instead would trigger
only when running all the tests. I believe that was the case because it
required one of the tests to be shutting down via delayed instances while
a new test started up.
After spending several days debugging this, I found that it was caused by
the iterator becoming corrupted. Debugging further, I found out why
the iterator became corrupted. It happened with the rb_iter_reset().
As consuming reads may not read the full reader page, and only part
of it, there's a "read" field to know where the last read took place.
The iterator, must also start at the read position. In the rb_iter_reset()
code, if the reader page was disconnected from the ring buffer, the iterator
would start at the head page within the ring buffer (where writes still
happen). But the mistake there was that it still used the "read" field
to start the iterator on the head page, where it should always start
at zero because readers never read from within the ring buffer where
writes occur.
I originally wrote a patch to have it set the iter->head to 0 instead
of iter->head_page->read, but then I questioned why it wasn't always
setting the iter to point to the reader page, as the reader page is
still valid. The list_empty(reader_page->list) just means that it was
successful in swapping out. But the reader_page may still have data.
There was a bug report a long time ago that was not reproducible that
had something about trace_pipe (consuming read) not matching trace
(iterator read). This may explain why that happened.
Anyway, the correct answer to this bug is to always use the reader page
an not reset the iterator to inside the writable ring buffer.
Fixes: d769041f8653 "ring_buffer: implement new locking"
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/trace/ring_buffer.c | 17 ++++++-----------
1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index ce8e924..572c8b8 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -3351,21 +3351,16 @@ static void rb_iter_reset(struct ring_buffer_iter *iter)
struct ring_buffer_per_cpu *cpu_buffer = iter->cpu_buffer;
/* Iterator usage is expected to have record disabled */
- if (list_empty(&cpu_buffer->reader_page->list)) {
- iter->head_page = rb_set_head_page(cpu_buffer);
- if (unlikely(!iter->head_page))
- return;
- iter->head = iter->head_page->read;
- } else {
- iter->head_page = cpu_buffer->reader_page;
- iter->head = cpu_buffer->reader_page->read;
- }
+ iter->head_page = cpu_buffer->reader_page;
+ iter->head = cpu_buffer->reader_page->read;
+
+ iter->cache_reader_page = iter->head_page;
+ iter->cache_read = iter->head;
+
if (iter->head)
iter->read_stamp = cpu_buffer->read_stamp;
else
iter->read_stamp = iter->head_page->page->time_stamp;
- iter->cache_reader_page = cpu_buffer->reader_page;
- iter->cache_read = cpu_buffer->read;
}
/**
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 169/187] kernel/smp.c:on_each_cpu_cond(): fix warning in fallback path
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (167 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 168/187] ring-buffer: Always reset iterator to reader page Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 170/187] drm/i915: read HEAD register back in init_ring_common() to enforce ordering Kamal Mostafa
` (18 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Sasha Levin, Christoph Lameter, Gilad Ben-Yossef, David Rientjes,
Joonsoo Kim, Tejun Heo, Andrew Morton, Linus Torvalds,
Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Sasha Levin <sasha.levin@oracle.com>
commit 618fde872163e782183ce574c77f1123e2be8887 upstream.
The rarely-executed memry-allocation-failed callback path generates a
WARN_ON_ONCE() when smp_call_function_single() succeeds. Presumably
it's supposed to warn on failures.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Christoph Lameter <cl@gentwo.org>
Cc: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Tejun Heo <htejun@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
kernel/smp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/smp.c b/kernel/smp.c
index bd9f940..cc2bbf7 100644
--- a/kernel/smp.c
+++ b/kernel/smp.c
@@ -657,7 +657,7 @@ void on_each_cpu_cond(bool (*cond_func)(int cpu, void *info),
if (cond_func(cpu, info)) {
ret = smp_call_function_single(cpu, func,
info, wait);
- WARN_ON_ONCE(!ret);
+ WARN_ON_ONCE(ret);
}
preempt_enable();
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 170/187] drm/i915: read HEAD register back in init_ring_common() to enforce ordering
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (168 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 169/187] kernel/smp.c:on_each_cpu_cond(): fix warning in fallback path Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 171/187] vm_is_stack: use for_each_thread() rather then buggy while_each_thread() Kamal Mostafa
` (17 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Jiri Kosina, Daniel Vetter, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Kosina <jkosina@suse.cz>
commit ece4a17d237a79f63fbfaf3f724a12b6d500555c upstream.
Withtout this, ring initialization fails reliabily during resume with
[drm:init_ring_common] *ERROR* render ring initialization failed ctl 0001f001 head ffffff8804 tail 00000000 start 000e4000
This is not a complete fix, but it is verified to make the ring
initialization failures during resume much less likely.
We were not able to root-cause this bug (likely HW-specific to Gen4 chips)
yet. This is therefore used as a ducttape before problem is fully
understood and proper fix created, so that people don't suffer from
completely unusable systems in the meantime.
The discussion and debugging is happening at
https://bugs.freedesktop.org/show_bug.cgi?id=76554
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/i915/intel_ringbuffer.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/i915/intel_ringbuffer.c b/drivers/gpu/drm/i915/intel_ringbuffer.c
index 53f5458..dfb8546 100644
--- a/drivers/gpu/drm/i915/intel_ringbuffer.c
+++ b/drivers/gpu/drm/i915/intel_ringbuffer.c
@@ -473,6 +473,9 @@ static int init_ring_common(struct intel_ring_buffer *ring)
}
}
+ /* Enforce ordering by reading HEAD register back */
+ I915_READ_HEAD(ring);
+
/* Initialize the ring. This must happen _after_ we've cleared the ring
* registers with the above sequence (the readback of the HEAD registers
* also enforces ordering), otherwise the hw might lose the new ring
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 171/187] vm_is_stack: use for_each_thread() rather then buggy while_each_thread()
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (169 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 170/187] drm/i915: read HEAD register back in init_ring_common() to enforce ordering Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 172/187] libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly Kamal Mostafa
` (16 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Oleg Nesterov, Andrew Morton, Linus Torvalds, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 4449a51a7c281602d3a385044ab928322a122a02 upstream.
Aleksei hit the soft lockup during reading /proc/PID/smaps. David
investigated the problem and suggested the right fix.
while_each_thread() is racy and should die, this patch updates
vm_is_stack().
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Aleksei Besogonov <alex.besogonov@gmail.com>
Tested-by: Aleksei Besogonov <alex.besogonov@gmail.com>
Suggested-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
mm/util.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/mm/util.c b/mm/util.c
index 8636d3d..89abc97 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -276,17 +276,14 @@ pid_t vm_is_stack(struct task_struct *task,
if (in_group) {
struct task_struct *t;
- rcu_read_lock();
- if (!pid_alive(task))
- goto done;
- t = task;
- do {
+ rcu_read_lock();
+ for_each_thread(task, t) {
if (vm_is_stack_for_task(t, vma)) {
ret = t->pid;
goto done;
}
- } while_each_thread(task, t);
+ }
done:
rcu_read_unlock();
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 172/187] libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (170 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 171/187] vm_is_stack: use for_each_thread() rather then buggy while_each_thread() Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 173/187] drm/nouveau: Bump version from 1.1.1 to 1.1.2 Kamal Mostafa
` (15 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Ilya Dryomov, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilya Dryomov <ilya.dryomov@inktank.com>
commit 5f740d7e1531099b888410e6bab13f68da9b1a4d upstream.
Determining ->last_piece based on the value of ->page_offset + length
is incorrect because length here is the length of the entire message.
->last_piece set to false even if page array data item length is <=
PAGE_SIZE, which results in invalid length passed to
ceph_tcp_{send,recv}page() and causes various asserts to fire.
# cat pages-cursor-init.sh
#!/bin/bash
rbd create --size 10 --image-format 2 foo
FOO_DEV=$(rbd map foo)
dd if=/dev/urandom of=$FOO_DEV bs=1M &>/dev/null
rbd snap create foo@snap
rbd snap protect foo@snap
rbd clone foo@snap bar
# rbd_resize calls librbd rbd_resize(), size is in bytes
./rbd_resize bar $(((4 << 20) + 512))
rbd resize --size 10 bar
BAR_DEV=$(rbd map bar)
# trigger a 512-byte copyup -- 512-byte page array data item
dd if=/dev/urandom of=$BAR_DEV bs=1M count=1 seek=5
The problem exists only in ceph_msg_data_pages_cursor_init(),
ceph_msg_data_pages_advance() does the right thing. The size_t cast is
unnecessary.
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
net/ceph/messenger.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index ce83d07..94e21b9 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -904,7 +904,7 @@ static void ceph_msg_data_pages_cursor_init(struct ceph_msg_data_cursor *cursor,
BUG_ON(page_count > (int)USHRT_MAX);
cursor->page_count = (unsigned short)page_count;
BUG_ON(length > SIZE_MAX - cursor->page_offset);
- cursor->last_piece = (size_t)cursor->page_offset + length <= PAGE_SIZE;
+ cursor->last_piece = cursor->page_offset + cursor->resid <= PAGE_SIZE;
}
static struct page *
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 173/187] drm/nouveau: Bump version from 1.1.1 to 1.1.2
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (171 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 172/187] libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 174/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression Kamal Mostafa
` (14 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Mario Kleiner, Ben Skeggs, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Kleiner <mario.kleiner.de@gmail.com>
commit 7820e5eef0faa4a5e10834296680827f7ce78a89 upstream.
Linux 3.16 fixed multiple bugs in kms pageflip completion events
and timestamping, which were originally introduced in Linux 3.13.
These fixes have been backported to all stable kernels since 3.13.
However, the userspace nouveau-ddx needs to be aware if it is
running on a kernel on which these bugs are fixed, or not.
Bump the patchlevel of the drm driver version to signal this,
so backporting this patch to stable 3.13+ kernels will give the
ddx the required info.
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/gpu/drm/nouveau/nouveau_drm.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h
index 4b0fb6c..a6949ec 100644
--- a/drivers/gpu/drm/nouveau/nouveau_drm.h
+++ b/drivers/gpu/drm/nouveau/nouveau_drm.h
@@ -10,7 +10,7 @@
#define DRIVER_MAJOR 1
#define DRIVER_MINOR 1
-#define DRIVER_PATCHLEVEL 1
+#define DRIVER_PATCHLEVEL 2
/*
* 1.1.1:
@@ -21,6 +21,8 @@
* to control registers on the MPs to enable performance counters,
* and to control the warp error enable mask (OpenGL requires out of
* bounds access to local memory to be silently ignored / return 0).
+ * 1.1.2:
+ * - fixes multiple bugs in flip completion events and timestamping
*/
#include <core/client.h>
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 174/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (172 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 173/187] drm/nouveau: Bump version from 1.1.1 to 1.1.2 Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 175/187] ALSA: hda/ca0132 - Don't try loading firmware at resume when already failed Kamal Mostafa
` (13 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Clemens Ladisch, Takashi Iwai, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Clemens Ladisch <clemens@ladisch.de>
commit 53da5ebfef66ea6e478ad9c6add3781472b79475 upstream.
The BOSS ME-25 turns out not to have any useful descriptors in its MIDI
interface, so its needs a quirk entry after all.
Reported-and-tested-by: Kees van Veen <kees.vanveen@gmail.com>
Fixes: 8e5ced83dd1c ("ALSA: usb-audio: remove superfluous Roland quirks")
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/usb/quirks-table.h | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
index 0a81a51..0e52836 100644
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -1611,6 +1611,35 @@ YAMAHA_DEVICE(0x7010, "UB99"),
}
},
{
+ /* BOSS ME-25 */
+ USB_DEVICE(0x0582, 0x0113),
+ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
+ .ifnum = QUIRK_ANY_INTERFACE,
+ .type = QUIRK_COMPOSITE,
+ .data = (const struct snd_usb_audio_quirk[]) {
+ {
+ .ifnum = 0,
+ .type = QUIRK_AUDIO_STANDARD_INTERFACE
+ },
+ {
+ .ifnum = 1,
+ .type = QUIRK_AUDIO_STANDARD_INTERFACE
+ },
+ {
+ .ifnum = 2,
+ .type = QUIRK_MIDI_FIXED_ENDPOINT,
+ .data = & (const struct snd_usb_midi_endpoint_info) {
+ .out_cables = 0x0001,
+ .in_cables = 0x0001
+ }
+ },
+ {
+ .ifnum = -1
+ }
+ }
+ }
+},
+{
/* only 44.1 kHz works at the moment */
USB_DEVICE(0x0582, 0x0120),
.driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 175/187] ALSA: hda/ca0132 - Don't try loading firmware at resume when already failed
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (173 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 174/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 176/187] x86/xen: resume timer irqs early Kamal Mostafa
` (12 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: Takashi Iwai, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit e24aa0a4c5ac92a171d9dd74a8d3dbf652990d36 upstream.
CA0132 driver tries to reload the firmware at resume. Usually this
works since the firmware loader core caches the firmware contents by
itself. However, if the driver failed to load the firmwares
(e.g. missing files), reloading the firmware at resume goes through
the actual file loading code path, and triggers a kernel WARNING like:
WARNING: CPU: 10 PID:11371 at drivers/base/firmware_class.c:1105 _request_firmware+0x9ab/0x9d0()
For avoiding this situation, this patch makes CA0132 skipping the f/w
loading at resume when it failed at probe time.
Reported-and-tested-by: Janek Kozicki <cosurgi@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
sound/pci/hda/patch_ca0132.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
index 46ecdbb..d5843da 100644
--- a/sound/pci/hda/patch_ca0132.c
+++ b/sound/pci/hda/patch_ca0132.c
@@ -4379,6 +4379,9 @@ static void ca0132_download_dsp(struct hda_codec *codec)
return; /* NOP */
#endif
+ if (spec->dsp_state == DSP_DOWNLOAD_FAILED)
+ return; /* don't retry failures */
+
chipio_enable_clocks(codec);
spec->dsp_state = DSP_DOWNLOADING;
if (!ca0132_download_dsp_images(codec))
@@ -4555,7 +4558,8 @@ static int ca0132_init(struct hda_codec *codec)
struct auto_pin_cfg *cfg = &spec->autocfg;
int i;
- spec->dsp_state = DSP_DOWNLOAD_INIT;
+ if (spec->dsp_state != DSP_DOWNLOAD_FAILED)
+ spec->dsp_state = DSP_DOWNLOAD_INIT;
spec->curr_chip_addx = INVALID_CHIP_ADDRESS;
snd_hda_power_up(codec);
@@ -4666,6 +4670,7 @@ static int patch_ca0132(struct hda_codec *codec)
codec->spec = spec;
spec->codec = codec;
+ spec->dsp_state = DSP_DOWNLOAD_INIT;
spec->num_mixers = 1;
spec->mixers[0] = ca0132_mixer;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 176/187] x86/xen: resume timer irqs early
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (174 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 175/187] ALSA: hda/ca0132 - Don't try loading firmware at resume when already failed Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 177/187] carl9170: fix sending URBs with wrong type when using full-speed Kamal Mostafa
` (11 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team; +Cc: David Vrabel, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: David Vrabel <david.vrabel@citrix.com>
commit 8d5999df35314607c38fbd6bdd709e25c3a4eeab upstream.
If the timer irqs are resumed during device resume it is possible in
certain circumstances for the resume to hang early on, before device
interrupts are resumed. For an Ubuntu 14.04 PVHVM guest this would
occur in ~0.5% of resume attempts.
It is not entirely clear what is occuring the point of the hang but I
think a task necessary for the resume calls schedule_timeout(),
waiting for a timer interrupt (which never arrives). This failure may
require specific tasks to be running on the other VCPUs to trigger
(processes are not frozen during a suspend/resume if PREEMPT is
disabled).
Add IRQF_EARLY_RESUME to the timer interrupts so they are resumed in
syscore_resume().
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/x86/xen/time.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
index 12a1ca7..f314067 100644
--- a/arch/x86/xen/time.c
+++ b/arch/x86/xen/time.c
@@ -444,7 +444,7 @@ void xen_setup_timer(int cpu)
irq = bind_virq_to_irqhandler(VIRQ_TIMER, cpu, xen_timer_interrupt,
IRQF_PERCPU|IRQF_NOBALANCING|IRQF_TIMER|
- IRQF_FORCE_RESUME,
+ IRQF_FORCE_RESUME|IRQF_EARLY_RESUME,
name, NULL);
memcpy(evt, xen_clockevent, sizeof(*evt));
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 177/187] carl9170: fix sending URBs with wrong type when using full-speed
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (175 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 176/187] x86/xen: resume timer irqs early Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 178/187] powerpc/pseries: Failure on removing device node Kamal Mostafa
` (10 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Ronald Wahl, John W. Linville, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Ronald Wahl <ronald.wahl@raritan.com>
commit 671796dd96b6cd85b75fba9d3007bcf7e5f7c309 upstream.
The driver assumes that endpoint 4 is always an interrupt endpoint.
Unfortunately the type differs between high-speed and full-speed
configurations while in the former case it is indeed an interrupt
endpoint this is not true for the latter case - here it is a bulk
endpoint. When sending URBs with the wrong type the kernel will
generate a warning message including backtrace. In this specific
case there will be a huge amount of warnings which can bring the system
to freeze.
To fix this we are now sending URBs to endpoint 4 using the type
found in the endpoint descriptor.
A side note: The carl9170 firmware currently specifies endpoint 4 as
interrupt endpoint even in the full-speed configuration but this has
no relevance because before this firmware is loaded the endpoint type
is as described above and after the firmware is running the stick is not
reenumerated and so the old descriptor is used.
Signed-off-by: Ronald Wahl <ronald.wahl@raritan.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
drivers/net/wireless/ath/carl9170/carl9170.h | 1 +
drivers/net/wireless/ath/carl9170/usb.c | 31 ++++++++++++++++++++++++----
2 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/carl9170/carl9170.h b/drivers/net/wireless/ath/carl9170/carl9170.h
index 8596aba..237d0cd 100644
--- a/drivers/net/wireless/ath/carl9170/carl9170.h
+++ b/drivers/net/wireless/ath/carl9170/carl9170.h
@@ -256,6 +256,7 @@ struct ar9170 {
atomic_t rx_work_urbs;
atomic_t rx_pool_urbs;
kernel_ulong_t features;
+ bool usb_ep_cmd_is_bulk;
/* firmware settings */
struct completion fw_load_wait;
diff --git a/drivers/net/wireless/ath/carl9170/usb.c b/drivers/net/wireless/ath/carl9170/usb.c
index ca115f3..bc931f6 100644
--- a/drivers/net/wireless/ath/carl9170/usb.c
+++ b/drivers/net/wireless/ath/carl9170/usb.c
@@ -621,9 +621,16 @@ int __carl9170_exec_cmd(struct ar9170 *ar, struct carl9170_cmd *cmd,
goto err_free;
}
- usb_fill_int_urb(urb, ar->udev, usb_sndintpipe(ar->udev,
- AR9170_USB_EP_CMD), cmd, cmd->hdr.len + 4,
- carl9170_usb_cmd_complete, ar, 1);
+ if (ar->usb_ep_cmd_is_bulk)
+ usb_fill_bulk_urb(urb, ar->udev,
+ usb_sndbulkpipe(ar->udev, AR9170_USB_EP_CMD),
+ cmd, cmd->hdr.len + 4,
+ carl9170_usb_cmd_complete, ar);
+ else
+ usb_fill_int_urb(urb, ar->udev,
+ usb_sndintpipe(ar->udev, AR9170_USB_EP_CMD),
+ cmd, cmd->hdr.len + 4,
+ carl9170_usb_cmd_complete, ar, 1);
if (free_buf)
urb->transfer_flags |= URB_FREE_BUFFER;
@@ -1032,9 +1039,10 @@ static void carl9170_usb_firmware_step2(const struct firmware *fw,
static int carl9170_usb_probe(struct usb_interface *intf,
const struct usb_device_id *id)
{
+ struct usb_endpoint_descriptor *ep;
struct ar9170 *ar;
struct usb_device *udev;
- int err;
+ int i, err;
err = usb_reset_device(interface_to_usbdev(intf));
if (err)
@@ -1050,6 +1058,21 @@ static int carl9170_usb_probe(struct usb_interface *intf,
ar->intf = intf;
ar->features = id->driver_info;
+ /* We need to remember the type of endpoint 4 because it differs
+ * between high- and full-speed configuration. The high-speed
+ * configuration specifies it as interrupt and the full-speed
+ * configuration as bulk endpoint. This information is required
+ * later when sending urbs to that endpoint.
+ */
+ for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; ++i) {
+ ep = &intf->cur_altsetting->endpoint[i].desc;
+
+ if (usb_endpoint_num(ep) == AR9170_USB_EP_CMD &&
+ usb_endpoint_dir_out(ep) &&
+ usb_endpoint_type(ep) == USB_ENDPOINT_XFER_BULK)
+ ar->usb_ep_cmd_is_bulk = true;
+ }
+
usb_set_intfdata(intf, ar);
SET_IEEE80211_DEV(ar->hw, &intf->dev);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 178/187] powerpc/pseries: Failure on removing device node
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (176 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 177/187] carl9170: fix sending URBs with wrong type when using full-speed Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 179/187] powerpc/thp: Add write barrier after updating the valid bit Kamal Mostafa
` (9 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Gavin Shan, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Gavin Shan <gwshan@linux.vnet.ibm.com>
commit f1b3929c232784580e5d8ee324b6bc634e709575 upstream.
While running command "drmgr -c phb -r -s 'PHB 528'", following
backtrace jumped out because the target device node isn't marked
with OF_DETACHED by of_detach_node(), which caused by error
returned from memory hotplug related reconfig notifier when
disabling CONFIG_MEMORY_HOTREMOVE. The patch fixes it.
ERROR: Bad of_node_put() on /pci@800000020000210/ethernet@0
CPU: 14 PID: 2252 Comm: drmgr Tainted: G W 3.16.0+ #427
Call Trace:
[c000000012a776a0] [c000000000013d9c] .show_stack+0x88/0x148 (unreliable)
[c000000012a77750] [c00000000083cd34] .dump_stack+0x7c/0x9c
[c000000012a777d0] [c0000000006807c4] .of_node_release+0x58/0xe0
[c000000012a77860] [c00000000038a7d0] .kobject_release+0x174/0x1b8
[c000000012a77900] [c00000000038a884] .kobject_put+0x70/0x78
[c000000012a77980] [c000000000681680] .of_node_put+0x28/0x34
[c000000012a77a00] [c000000000681ea8] .__of_get_next_child+0x64/0x70
[c000000012a77a90] [c000000000682138] .of_find_node_by_path+0x1b8/0x20c
[c000000012a77b40] [c000000000051840] .ofdt_write+0x308/0x688
[c000000012a77c20] [c000000000238430] .proc_reg_write+0xb8/0xd4
[c000000012a77cd0] [c0000000001cbeac] .vfs_write+0xec/0x1f8
[c000000012a77d70] [c0000000001cc3b0] .SyS_write+0x58/0xa0
[c000000012a77e30] [c00000000000a064] syscall_exit+0x0/0x98
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/platforms/pseries/hotplug-memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/hotplug-memory.c b/arch/powerpc/platforms/pseries/hotplug-memory.c
index 9590dbb..b97b895 100644
--- a/arch/powerpc/platforms/pseries/hotplug-memory.c
+++ b/arch/powerpc/platforms/pseries/hotplug-memory.c
@@ -164,7 +164,7 @@ static inline int pseries_remove_memblock(unsigned long base,
}
static inline int pseries_remove_memory(struct device_node *np)
{
- return -EOPNOTSUPP;
+ return 0;
}
#endif /* CONFIG_MEMORY_HOTREMOVE */
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 179/187] powerpc/thp: Add write barrier after updating the valid bit
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (177 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 178/187] powerpc/pseries: Failure on removing device node Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 180/187] powerpc/thp: Don't recompute vsid and ssize in loop on invalidate Kamal Mostafa
` (8 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Aneesh Kumar K.V, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
commit b0aa44a3dfae3d8f45bd1264349aa87f87b7774f upstream.
With hugepages, we store the hpte valid information in the pte page
whose address is stored in the second half of the PMD. Use a
write barrier to make sure clearing pmd busy bit and updating
hpte valid info are ordered properly.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/mm/hugepage-hash64.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/mm/hugepage-hash64.c b/arch/powerpc/mm/hugepage-hash64.c
index 34de9e0..f50c4df 100644
--- a/arch/powerpc/mm/hugepage-hash64.c
+++ b/arch/powerpc/mm/hugepage-hash64.c
@@ -168,8 +168,11 @@ repeat:
mark_hpte_slot_valid(hpte_slot_array, index, slot);
}
/*
- * No need to use ldarx/stdcx here
+ * The hpte valid is stored in the pgtable whose address is in the
+ * second half of the PMD. Order this against clearing of the busy bit in
+ * huge pmd.
*/
+ smp_wmb();
*pmdp = __pmd(new_pmd & ~_PAGE_BUSY);
return 0;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 180/187] powerpc/thp: Don't recompute vsid and ssize in loop on invalidate
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (178 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 179/187] powerpc/thp: Add write barrier after updating the valid bit Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 181/187] powerpc/thp: Invalidate old 64K based hash page mapping before insert of 4k pte Kamal Mostafa
` (7 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Aneesh Kumar K.V, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
commit fa1f8ae80f8bb996594167ff4750a0b0a5a5bb5d upstream.
The segment identifier and segment size will remain the same in
the loop, So we can compute it outside. We also change the
hugepage_invalidate interface so that we can use it the later patch
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/include/asm/machdep.h | 6 +++---
arch/powerpc/mm/hash_native_64.c | 19 +++++--------------
arch/powerpc/mm/pgtable_64.c | 24 ++++++++++++------------
arch/powerpc/platforms/pseries/lpar.c | 20 ++++++--------------
4 files changed, 26 insertions(+), 43 deletions(-)
diff --git a/arch/powerpc/include/asm/machdep.h b/arch/powerpc/include/asm/machdep.h
index ad3025d..f207868 100644
--- a/arch/powerpc/include/asm/machdep.h
+++ b/arch/powerpc/include/asm/machdep.h
@@ -57,10 +57,10 @@ struct machdep_calls {
void (*hpte_removebolted)(unsigned long ea,
int psize, int ssize);
void (*flush_hash_range)(unsigned long number, int local);
- void (*hugepage_invalidate)(struct mm_struct *mm,
+ void (*hugepage_invalidate)(unsigned long vsid,
+ unsigned long addr,
unsigned char *hpte_slot_array,
- unsigned long addr, int psize);
-
+ int psize, int ssize);
/* special for kexec, to be called in real mode, linear mapping is
* destroyed as well */
void (*hpte_clear_all)(void);
diff --git a/arch/powerpc/mm/hash_native_64.c b/arch/powerpc/mm/hash_native_64.c
index 3ea26c2..44886c2 100644
--- a/arch/powerpc/mm/hash_native_64.c
+++ b/arch/powerpc/mm/hash_native_64.c
@@ -418,18 +418,18 @@ static void native_hpte_invalidate(unsigned long slot, unsigned long vpn,
local_irq_restore(flags);
}
-static void native_hugepage_invalidate(struct mm_struct *mm,
+static void native_hugepage_invalidate(unsigned long vsid,
+ unsigned long addr,
unsigned char *hpte_slot_array,
- unsigned long addr, int psize)
+ int psize, int ssize)
{
- int ssize = 0, i;
- int lock_tlbie;
+ int i, lock_tlbie;
struct hash_pte *hptep;
int actual_psize = MMU_PAGE_16M;
unsigned int max_hpte_count, valid;
unsigned long flags, s_addr = addr;
unsigned long hpte_v, want_v, shift;
- unsigned long hidx, vpn = 0, vsid, hash, slot;
+ unsigned long hidx, vpn = 0, hash, slot;
shift = mmu_psize_defs[psize].shift;
max_hpte_count = 1U << (PMD_SHIFT - shift);
@@ -443,15 +443,6 @@ static void native_hugepage_invalidate(struct mm_struct *mm,
/* get the vpn */
addr = s_addr + (i * (1ul << shift));
- if (!is_kernel_addr(addr)) {
- ssize = user_segment_size(addr);
- vsid = get_vsid(mm->context.id, addr, ssize);
- WARN_ON(vsid == 0);
- } else {
- vsid = get_kernel_vsid(addr, mmu_kernel_ssize);
- ssize = mmu_kernel_ssize;
- }
-
vpn = hpt_vpn(addr, vsid, ssize);
hash = hpt_hash(vpn, shift, ssize);
if (hidx & _PTEIDX_SECONDARY)
diff --git a/arch/powerpc/mm/pgtable_64.c b/arch/powerpc/mm/pgtable_64.c
index 9d95786..5cd5182 100644
--- a/arch/powerpc/mm/pgtable_64.c
+++ b/arch/powerpc/mm/pgtable_64.c
@@ -727,12 +727,21 @@ void hpte_do_hugepage_flush(struct mm_struct *mm, unsigned long addr,
if (!hpte_slot_array)
return;
- /* get the base page size */
+ /* get the base page size,vsid and segment size */
psize = get_slice_psize(mm, s_addr);
+ if (!is_kernel_addr(s_addr)) {
+ ssize = user_segment_size(s_addr);
+ vsid = get_vsid(mm->context.id, s_addr, ssize);
+ WARN_ON(vsid == 0);
+ } else {
+ vsid = get_kernel_vsid(s_addr, mmu_kernel_ssize);
+ ssize = mmu_kernel_ssize;
+ }
if (ppc_md.hugepage_invalidate)
- return ppc_md.hugepage_invalidate(mm, hpte_slot_array,
- s_addr, psize);
+ return ppc_md.hugepage_invalidate(vsid, s_addr,
+ hpte_slot_array,
+ psize, ssize);
/*
* No bluk hpte removal support, invalidate each entry
*/
@@ -750,15 +759,6 @@ void hpte_do_hugepage_flush(struct mm_struct *mm, unsigned long addr,
/* get the vpn */
addr = s_addr + (i * (1ul << shift));
- if (!is_kernel_addr(addr)) {
- ssize = user_segment_size(addr);
- vsid = get_vsid(mm->context.id, addr, ssize);
- WARN_ON(vsid == 0);
- } else {
- vsid = get_kernel_vsid(addr, mmu_kernel_ssize);
- ssize = mmu_kernel_ssize;
- }
-
vpn = hpt_vpn(addr, vsid, ssize);
hash = hpt_hash(vpn, shift, ssize);
if (hidx & _PTEIDX_SECONDARY)
diff --git a/arch/powerpc/platforms/pseries/lpar.c b/arch/powerpc/platforms/pseries/lpar.c
index 4fca3de..bf410d9 100644
--- a/arch/powerpc/platforms/pseries/lpar.c
+++ b/arch/powerpc/platforms/pseries/lpar.c
@@ -429,16 +429,17 @@ static void __pSeries_lpar_hugepage_invalidate(unsigned long *slot,
spin_unlock_irqrestore(&pSeries_lpar_tlbie_lock, flags);
}
-static void pSeries_lpar_hugepage_invalidate(struct mm_struct *mm,
- unsigned char *hpte_slot_array,
- unsigned long addr, int psize)
+static void pSeries_lpar_hugepage_invalidate(unsigned long vsid,
+ unsigned long addr,
+ unsigned char *hpte_slot_array,
+ int psize, int ssize)
{
- int ssize = 0, i, index = 0;
+ int i, index = 0;
unsigned long s_addr = addr;
unsigned int max_hpte_count, valid;
unsigned long vpn_array[PPC64_HUGE_HPTE_BATCH];
unsigned long slot_array[PPC64_HUGE_HPTE_BATCH];
- unsigned long shift, hidx, vpn = 0, vsid, hash, slot;
+ unsigned long shift, hidx, vpn = 0, hash, slot;
shift = mmu_psize_defs[psize].shift;
max_hpte_count = 1U << (PMD_SHIFT - shift);
@@ -451,15 +452,6 @@ static void pSeries_lpar_hugepage_invalidate(struct mm_struct *mm,
/* get the vpn */
addr = s_addr + (i * (1ul << shift));
- if (!is_kernel_addr(addr)) {
- ssize = user_segment_size(addr);
- vsid = get_vsid(mm->context.id, addr, ssize);
- WARN_ON(vsid == 0);
- } else {
- vsid = get_kernel_vsid(addr, mmu_kernel_ssize);
- ssize = mmu_kernel_ssize;
- }
-
vpn = hpt_vpn(addr, vsid, ssize);
hash = hpt_hash(vpn, shift, ssize);
if (hidx & _PTEIDX_SECONDARY)
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 181/187] powerpc/thp: Invalidate old 64K based hash page mapping before insert of 4k pte
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (179 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 180/187] powerpc/thp: Don't recompute vsid and ssize in loop on invalidate Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 182/187] powerpc/thp: Handle combo pages in invalidate Kamal Mostafa
` (6 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Aneesh Kumar K.V, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
commit 629149fae478f0ac6bf705a535708b192e9c6b59 upstream.
If we changed base page size of the segment, either via sub_page_protect
or via remap_4k_pfn, we do a demote_segment which doesn't flush the hash
table entries. We do a lazy hash page table flush for all mapped pages
in the demoted segment. This happens when we handle hash page fault
for these pages.
We use _PAGE_COMBO bit along with _PAGE_HASHPTE to indicate whether a
pte is backed by 4K hash pte. If we find _PAGE_COMBO not set on the pte,
that implies that we could possibly have older 64K hash pte entries in
the hash page table and we need to invalidate those entries.
Handle this correctly for 16M pages
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[ kamal: backport to 3.13-stable: context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/mm/hugepage-hash64.c | 79 ++++++++++++++++++++++++++++++++++-----
1 file changed, 70 insertions(+), 9 deletions(-)
diff --git a/arch/powerpc/mm/hugepage-hash64.c b/arch/powerpc/mm/hugepage-hash64.c
index f50c4df..e0da847 100644
--- a/arch/powerpc/mm/hugepage-hash64.c
+++ b/arch/powerpc/mm/hugepage-hash64.c
@@ -18,6 +18,57 @@
#include <linux/mm.h>
#include <asm/machdep.h>
+static void invalidate_old_hpte(unsigned long vsid, unsigned long addr,
+ pmd_t *pmdp, unsigned int psize, int ssize)
+{
+ int i, max_hpte_count, valid;
+ unsigned long s_addr;
+ unsigned char *hpte_slot_array;
+ unsigned long hidx, shift, vpn, hash, slot;
+
+ s_addr = addr & HPAGE_PMD_MASK;
+ hpte_slot_array = get_hpte_slot_array(pmdp);
+ /*
+ * IF we try to do a HUGE PTE update after a withdraw is done.
+ * we will find the below NULL. This happens when we do
+ * split_huge_page_pmd
+ */
+ if (!hpte_slot_array)
+ return;
+
+ if (ppc_md.hugepage_invalidate)
+ return ppc_md.hugepage_invalidate(vsid, s_addr, hpte_slot_array,
+ psize, ssize);
+ /*
+ * No bluk hpte removal support, invalidate each entry
+ */
+ shift = mmu_psize_defs[psize].shift;
+ max_hpte_count = HPAGE_PMD_SIZE >> shift;
+ for (i = 0; i < max_hpte_count; i++) {
+ /*
+ * 8 bits per each hpte entries
+ * 000| [ secondary group (one bit) | hidx (3 bits) | valid bit]
+ */
+ valid = hpte_valid(hpte_slot_array, i);
+ if (!valid)
+ continue;
+ hidx = hpte_hash_index(hpte_slot_array, i);
+
+ /* get the vpn */
+ addr = s_addr + (i * (1ul << shift));
+ vpn = hpt_vpn(addr, vsid, ssize);
+ hash = hpt_hash(vpn, shift, ssize);
+ if (hidx & _PTEIDX_SECONDARY)
+ hash = ~hash;
+
+ slot = (hash & htab_hash_mask) * HPTES_PER_GROUP;
+ slot += hidx & _PTEIDX_GROUP_IX;
+ ppc_md.hpte_invalidate(slot, vpn, psize,
+ MMU_PAGE_16M, ssize, 0);
+ }
+}
+
+
int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
pmd_t *pmdp, unsigned long trap, int local, int ssize,
unsigned int psize)
@@ -85,6 +136,15 @@ int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
vpn = hpt_vpn(ea, vsid, ssize);
hash = hpt_hash(vpn, shift, ssize);
hpte_slot_array = get_hpte_slot_array(pmdp);
+ if (psize == MMU_PAGE_4K) {
+ /*
+ * invalidate the old hpte entry if we have that mapped via 64K
+ * base page size. This is because demote_segment won't flush
+ * hash page table entries.
+ */
+ if ((old_pmd & _PAGE_HASHPTE) && !(old_pmd & _PAGE_COMBO))
+ invalidate_old_hpte(vsid, ea, pmdp, MMU_PAGE_64K, ssize);
+ }
valid = hpte_valid(hpte_slot_array, index);
if (valid) {
@@ -107,11 +167,8 @@ int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
* safely update this here.
*/
valid = 0;
- new_pmd &= ~_PAGE_HPTEFLAGS;
hpte_slot_array[index] = 0;
- } else
- /* clear the busy bits and set the hash pte bits */
- new_pmd = (new_pmd & ~_PAGE_HPTEFLAGS) | _PAGE_HASHPTE;
+ }
}
if (!valid) {
@@ -119,15 +176,13 @@ int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
/* insert new entry */
pa = pmd_pfn(__pmd(old_pmd)) << PAGE_SHIFT;
-repeat:
- hpte_group = ((hash & htab_hash_mask) * HPTES_PER_GROUP) & ~0x7UL;
-
- /* clear the busy bits and set the hash pte bits */
- new_pmd = (new_pmd & ~_PAGE_HPTEFLAGS) | _PAGE_HASHPTE;
+ new_pmd |= _PAGE_HASHPTE;
/* Add in WIMG bits */
rflags |= (new_pmd & (_PAGE_WRITETHRU | _PAGE_NO_CACHE |
_PAGE_COHERENT | _PAGE_GUARDED));
+repeat:
+ hpte_group = ((hash & htab_hash_mask) * HPTES_PER_GROUP) & ~0x7UL;
/* Insert into the hash table, primary slot */
slot = ppc_md.hpte_insert(hpte_group, vpn, pa, rflags, 0,
@@ -168,6 +223,12 @@ repeat:
mark_hpte_slot_valid(hpte_slot_array, index, slot);
}
/*
+ * Mark the pte with _PAGE_COMBO, if we are trying to hash it with
+ * base page size 4k.
+ */
+ if (psize == MMU_PAGE_4K)
+ new_pmd |= _PAGE_COMBO;
+ /*
* The hpte valid is stored in the pgtable whose address is in the
* second half of the PMD. Order this against clearing of the busy bit in
* huge pmd.
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 182/187] powerpc/thp: Handle combo pages in invalidate
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (180 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 181/187] powerpc/thp: Invalidate old 64K based hash page mapping before insert of 4k pte Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 183/187] powerpc/thp: Invalidate with vpn in loop Kamal Mostafa
` (5 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Aneesh Kumar K.V, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
commit fc0479557572375100ef16c71170b29a98e0d69a upstream.
If we changed base page size of the segment, either via sub_page_protect
or via remap_4k_pfn, we do a demote_segment which doesn't flush the hash
table entries. We do a lazy hash page table flush for all mapped pages
in the demoted segment. This happens when we handle hash page fault for
these pages.
We use _PAGE_COMBO bit along with _PAGE_HASHPTE to indicate whether a
pte is backed by 4K hash pte. If we find _PAGE_COMBO not set on the pte,
that implies that we could possibly have older 64K hash pte entries in
the hash page table and we need to invalidate those entries.
Use _PAGE_COMBO to determine the page size with which we should
invalidate the hash table entries on unmap.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/include/asm/pgtable-ppc64.h | 2 +-
arch/powerpc/mm/pgtable_64.c | 14 +++++++++++---
arch/powerpc/mm/tlb_hash64.c | 2 +-
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/include/asm/pgtable-ppc64.h b/arch/powerpc/include/asm/pgtable-ppc64.h
index bc141c9..b26cc32 100644
--- a/arch/powerpc/include/asm/pgtable-ppc64.h
+++ b/arch/powerpc/include/asm/pgtable-ppc64.h
@@ -411,7 +411,7 @@ static inline char *get_hpte_slot_array(pmd_t *pmdp)
}
extern void hpte_do_hugepage_flush(struct mm_struct *mm, unsigned long addr,
- pmd_t *pmdp);
+ pmd_t *pmdp, unsigned long old_pmd);
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
extern pmd_t pfn_pmd(unsigned long pfn, pgprot_t pgprot);
extern pmd_t mk_pmd(struct page *page, pgprot_t pgprot);
diff --git a/arch/powerpc/mm/pgtable_64.c b/arch/powerpc/mm/pgtable_64.c
index 5cd5182..3e575db 100644
--- a/arch/powerpc/mm/pgtable_64.c
+++ b/arch/powerpc/mm/pgtable_64.c
@@ -525,7 +525,7 @@ unsigned long pmd_hugepage_update(struct mm_struct *mm, unsigned long addr,
*pmdp = __pmd(old & ~clr);
#endif
if (old & _PAGE_HASHPTE)
- hpte_do_hugepage_flush(mm, addr, pmdp);
+ hpte_do_hugepage_flush(mm, addr, pmdp, old);
return old;
}
@@ -632,7 +632,7 @@ void pmdp_splitting_flush(struct vm_area_struct *vma,
if (!(old & _PAGE_SPLITTING)) {
/* We need to flush the hpte */
if (old & _PAGE_HASHPTE)
- hpte_do_hugepage_flush(vma->vm_mm, address, pmdp);
+ hpte_do_hugepage_flush(vma->vm_mm, address, pmdp, old);
}
}
@@ -705,7 +705,7 @@ void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
* neesd to be flushed.
*/
void hpte_do_hugepage_flush(struct mm_struct *mm, unsigned long addr,
- pmd_t *pmdp)
+ pmd_t *pmdp, unsigned long old_pmd)
{
int ssize, i;
unsigned long s_addr;
@@ -728,7 +728,15 @@ void hpte_do_hugepage_flush(struct mm_struct *mm, unsigned long addr,
return;
/* get the base page size,vsid and segment size */
+#ifdef CONFIG_DEBUG_VM
psize = get_slice_psize(mm, s_addr);
+ BUG_ON(psize == MMU_PAGE_16M);
+#endif
+ if (old_pmd & _PAGE_COMBO)
+ psize = MMU_PAGE_4K;
+ else
+ psize = MMU_PAGE_64K;
+
if (!is_kernel_addr(s_addr)) {
ssize = user_segment_size(s_addr);
vsid = get_vsid(mm->context.id, s_addr, ssize);
diff --git a/arch/powerpc/mm/tlb_hash64.c b/arch/powerpc/mm/tlb_hash64.c
index 36e44b4..c66e445 100644
--- a/arch/powerpc/mm/tlb_hash64.c
+++ b/arch/powerpc/mm/tlb_hash64.c
@@ -217,7 +217,7 @@ void __flush_hash_table_range(struct mm_struct *mm, unsigned long start,
if (!(pte & _PAGE_HASHPTE))
continue;
if (unlikely(hugepage_shift && pmd_trans_huge(*(pmd_t *)pte)))
- hpte_do_hugepage_flush(mm, start, (pmd_t *)pte);
+ hpte_do_hugepage_flush(mm, start, (pmd_t *)ptep, pte);
else
hpte_need_flush(mm, start, ptep, pte, 0);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 183/187] powerpc/thp: Invalidate with vpn in loop
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (181 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 182/187] powerpc/thp: Handle combo pages in invalidate Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 184/187] powerpc/thp: Use ACCESS_ONCE when loading pmdp Kamal Mostafa
` (4 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Aneesh Kumar K.V, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
commit 969b7b208f7408712a3526856e4ae60ad13f6928 upstream.
As per ISA, for 4k base page size we compare 14..65 bits of VA specified
with the entry_VA in tlb. That implies we need to make sure we do a
tlbie with all the possible 4k va we used to access the 16MB hugepage.
With 64k base page size we compare 14..57 bits of VA. Hence we cannot
ignore the lower 24 bits of va while tlbie .We also cannot tlb
invalidate a 16MB entry with just one tlbie instruction because
we don't track which va was used to instantiate the tlb entry.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/mm/hash_native_64.c | 23 +++++++----------------
1 file changed, 7 insertions(+), 16 deletions(-)
diff --git a/arch/powerpc/mm/hash_native_64.c b/arch/powerpc/mm/hash_native_64.c
index 44886c2..838de8e 100644
--- a/arch/powerpc/mm/hash_native_64.c
+++ b/arch/powerpc/mm/hash_native_64.c
@@ -423,7 +423,7 @@ static void native_hugepage_invalidate(unsigned long vsid,
unsigned char *hpte_slot_array,
int psize, int ssize)
{
- int i, lock_tlbie;
+ int i;
struct hash_pte *hptep;
int actual_psize = MMU_PAGE_16M;
unsigned int max_hpte_count, valid;
@@ -462,22 +462,13 @@ static void native_hugepage_invalidate(unsigned long vsid,
else
/* Invalidate the hpte. NOTE: this also unlocks it */
hptep->v = 0;
+ /*
+ * We need to do tlb invalidate for all the address, tlbie
+ * instruction compares entry_VA in tlb with the VA specified
+ * here
+ */
+ tlbie(vpn, psize, actual_psize, ssize, 0);
}
- /*
- * Since this is a hugepage, we just need a single tlbie.
- * use the last vpn.
- */
- lock_tlbie = !mmu_has_feature(MMU_FTR_LOCKLESS_TLBIE);
- if (lock_tlbie)
- raw_spin_lock(&native_tlbie_lock);
-
- asm volatile("ptesync":::"memory");
- __tlbie(vpn, psize, actual_psize, ssize);
- asm volatile("eieio; tlbsync; ptesync":::"memory");
-
- if (lock_tlbie)
- raw_spin_unlock(&native_tlbie_lock);
-
local_irq_restore(flags);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 184/187] powerpc/thp: Use ACCESS_ONCE when loading pmdp
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (182 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 183/187] powerpc/thp: Invalidate with vpn in loop Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 185/187] powerpc/mm: Use read barrier when creating real_pte Kamal Mostafa
` (3 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Aneesh Kumar K.V, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
commit 7e467245bf5226db34c4b12d3cbacfa2f7a15a8b upstream.
We would get wrong results in compiler recomputed old_pmd. Avoid
that by using ACCESS_ONCE
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/mm/hugepage-hash64.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/mm/hugepage-hash64.c b/arch/powerpc/mm/hugepage-hash64.c
index e0da847..7d86c86 100644
--- a/arch/powerpc/mm/hugepage-hash64.c
+++ b/arch/powerpc/mm/hugepage-hash64.c
@@ -84,7 +84,9 @@ int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
* atomically mark the linux large page PMD busy and dirty
*/
do {
- old_pmd = pmd_val(*pmdp);
+ pmd_t pmd = ACCESS_ONCE(*pmdp);
+
+ old_pmd = pmd_val(pmd);
/* If PMD busy, retry the access */
if (unlikely(old_pmd & _PAGE_BUSY))
return 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 185/187] powerpc/mm: Use read barrier when creating real_pte
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (183 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 184/187] powerpc/thp: Use ACCESS_ONCE when loading pmdp Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 186/187] Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch Kamal Mostafa
` (2 subsequent siblings)
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Aneesh Kumar K.V, Benjamin Herrenschmidt, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
commit 85c1fafd7262e68ad821ee1808686b1392b1167d upstream.
On ppc64 we support 4K hash pte with 64K page size. That requires
us to track the hash pte slot information on a per 4k basis. We do that
by storing the slot details in the second half of pte page. The pte bit
_PAGE_COMBO is used to indicate whether the second half need to be
looked while building real_pte. We need to use read memory barrier while
doing that so that load of hidx is not reordered w.r.t _PAGE_COMBO
check. On the store side we already do a lwsync in __hash_page_4K
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
arch/powerpc/include/asm/pte-hash64-64k.h | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/include/asm/pte-hash64-64k.h b/arch/powerpc/include/asm/pte-hash64-64k.h
index d836d94..9ecede1 100644
--- a/arch/powerpc/include/asm/pte-hash64-64k.h
+++ b/arch/powerpc/include/asm/pte-hash64-64k.h
@@ -46,11 +46,31 @@
* in order to deal with 64K made of 4K HW pages. Thus we override the
* generic accessors and iterators here
*/
-#define __real_pte(e,p) ((real_pte_t) { \
- (e), (pte_val(e) & _PAGE_COMBO) ? \
- (pte_val(*((p) + PTRS_PER_PTE))) : 0 })
-#define __rpte_to_hidx(r,index) ((pte_val((r).pte) & _PAGE_COMBO) ? \
- (((r).hidx >> ((index)<<2)) & 0xf) : ((pte_val((r).pte) >> 12) & 0xf))
+#define __real_pte __real_pte
+static inline real_pte_t __real_pte(pte_t pte, pte_t *ptep)
+{
+ real_pte_t rpte;
+
+ rpte.pte = pte;
+ rpte.hidx = 0;
+ if (pte_val(pte) & _PAGE_COMBO) {
+ /*
+ * Make sure we order the hidx load against the _PAGE_COMBO
+ * check. The store side ordering is done in __hash_page_4K
+ */
+ smp_rmb();
+ rpte.hidx = pte_val(*((ptep) + PTRS_PER_PTE));
+ }
+ return rpte;
+}
+
+static inline unsigned long __rpte_to_hidx(real_pte_t rpte, unsigned long index)
+{
+ if ((pte_val(rpte.pte) & _PAGE_COMBO))
+ return (rpte.hidx >> (index<<2)) & 0xf;
+ return (pte_val(rpte.pte) >> 12) & 0xf;
+}
+
#define __rpte_to_pte(r) ((r).pte)
#define __rpte_sub_valid(rpte, index) \
(pte_val(rpte.pte) & (_PAGE_HPTE_SUB0 >> (index)))
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 186/187] Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (184 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 185/187] powerpc/mm: Use read barrier when creating real_pte Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 187/187] Btrfs: fix csum tree corruption, duplicate and outdated checksums Kamal Mostafa
2014-09-16 0:03 ` [3.13.y.z extended stable] Linux 3.13.11.7 stable review Greg KH
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Takashi Iwai, Chris Mason, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 4eb1f66dce6c4dc28dd90a7ffbe6b2b1cb08aa4e upstream.
We've got bug reports that btrfs crashes when quota is enabled on
32bit kernel, typically with the Oops like below:
BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: [<f9234590>] find_parent_nodes+0x360/0x1380 [btrfs]
*pde = 00000000
Oops: 0000 [#1] SMP
CPU: 0 PID: 151 Comm: kworker/u8:2 Tainted: G S W 3.15.2-1.gd43d97e-default #1
Workqueue: btrfs-qgroup-rescan normal_work_helper [btrfs]
task: f1478130 ti: f147c000 task.ti: f147c000
EIP: 0060:[<f9234590>] EFLAGS: 00010213 CPU: 0
EIP is at find_parent_nodes+0x360/0x1380 [btrfs]
EAX: f147dda8 EBX: f147ddb0 ECX: 00000011 EDX: 00000000
ESI: 00000000 EDI: f147dda4 EBP: f147ddf8 ESP: f147dd38
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: 00000004 CR3: 00bf3000 CR4: 00000690
Stack:
00000000 00000000 f147dda4 00000050 00000001 00000000 00000001 00000050
00000001 00000000 d3059000 00000001 00000022 000000a8 00000000 00000000
00000000 000000a1 00000000 00000000 00000001 00000000 00000000 11800000
Call Trace:
[<f923564d>] __btrfs_find_all_roots+0x9d/0xf0 [btrfs]
[<f9237bb1>] btrfs_qgroup_rescan_worker+0x401/0x760 [btrfs]
[<f9206148>] normal_work_helper+0xc8/0x270 [btrfs]
[<c025e38b>] process_one_work+0x11b/0x390
[<c025eea1>] worker_thread+0x101/0x340
[<c026432b>] kthread+0x9b/0xb0
[<c0712a71>] ret_from_kernel_thread+0x21/0x30
[<c0264290>] kthread_create_on_node+0x110/0x110
This indicates a NULL corruption in prefs_delayed list. The further
investigation and bisection pointed that the call of ulist_add_merge()
results in the corruption.
ulist_add_merge() takes u64 as aux and writes a 64bit value into
old_aux. The callers of this function in backref.c, however, pass a
pointer of a pointer to old_aux. That is, the function overwrites
64bit value on 32bit pointer. This caused a NULL in the adjacent
variable, in this case, prefs_delayed.
Here is a quick attempt to band-aid over this: a new function,
ulist_add_merge_ptr() is introduced to pass/store properly a pointer
value instead of u64. There are still ugly void ** cast remaining
in the callers because void ** cannot be taken implicitly. But, it's
safer than explicit cast to u64, anyway.
Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=887046
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/btrfs/backref.c | 11 +++++------
fs/btrfs/ulist.h | 15 +++++++++++++++
2 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index 3775947..5ee99e3 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -263,9 +263,8 @@ static int add_all_parents(struct btrfs_root *root, struct btrfs_path *path,
}
if (ret > 0)
goto next;
- ret = ulist_add_merge(parents, eb->start,
- (uintptr_t)eie,
- (u64 *)&old, GFP_NOFS);
+ ret = ulist_add_merge_ptr(parents, eb->start,
+ eie, (void **)&old, GFP_NOFS);
if (ret < 0)
break;
if (!ret && extent_item_pos) {
@@ -961,9 +960,9 @@ again:
goto out;
ref->inode_list = eie;
}
- ret = ulist_add_merge(refs, ref->parent,
- (uintptr_t)ref->inode_list,
- (u64 *)&eie, GFP_NOFS);
+ ret = ulist_add_merge_ptr(refs, ref->parent,
+ ref->inode_list,
+ (void **)&eie, GFP_NOFS);
if (ret < 0)
goto out;
if (!ret && extent_item_pos) {
diff --git a/fs/btrfs/ulist.h b/fs/btrfs/ulist.h
index fb36731..3e62b57 100644
--- a/fs/btrfs/ulist.h
+++ b/fs/btrfs/ulist.h
@@ -74,6 +74,21 @@ void ulist_free(struct ulist *ulist);
int ulist_add(struct ulist *ulist, u64 val, u64 aux, gfp_t gfp_mask);
int ulist_add_merge(struct ulist *ulist, u64 val, u64 aux,
u64 *old_aux, gfp_t gfp_mask);
+
+/* just like ulist_add_merge() but take a pointer for the aux data */
+static inline int ulist_add_merge_ptr(struct ulist *ulist, u64 val, void *aux,
+ void **old_aux, gfp_t gfp_mask)
+{
+#if BITS_PER_LONG == 32
+ u64 old64 = (uintptr_t)*old_aux;
+ int ret = ulist_add_merge(ulist, val, (uintptr_t)aux, &old64, gfp_mask);
+ *old_aux = (void *)((uintptr_t)old64);
+ return ret;
+#else
+ return ulist_add_merge(ulist, val, (u64)aux, (u64 *)old_aux, gfp_mask);
+#endif
+}
+
struct ulist_node *ulist_next(struct ulist *ulist,
struct ulist_iterator *uiter);
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* [PATCH 3.13 187/187] Btrfs: fix csum tree corruption, duplicate and outdated checksums
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (185 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 186/187] Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch Kamal Mostafa
@ 2014-09-15 22:09 ` Kamal Mostafa
2014-09-16 0:03 ` [3.13.y.z extended stable] Linux 3.13.11.7 stable review Greg KH
187 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-15 22:09 UTC (permalink / raw)
To: linux-kernel, stable, kernel-team
Cc: Filipe Manana, Chris Mason, Kamal Mostafa
3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 27b9a8122ff71a8cadfbffb9c4f0694300464f3b upstream.
Under rare circumstances we can end up leaving 2 versions of a checksum
for the same file extent range.
The reason for this is that after calling btrfs_next_leaf we process
slot 0 of the leaf it returns, instead of processing the slot set in
path->slots[0]. Most of the time (by far) path->slots[0] is 0, but after
btrfs_next_leaf() releases the path and before it searches for the next
leaf, another task might cause a split of the next leaf, which migrates
some of its keys to the leaf we were processing before calling
btrfs_next_leaf(). In this case btrfs_next_leaf() returns again the
same leaf but with path->slots[0] having a slot number corresponding
to the first new key it got, that is, a slot number that didn't exist
before calling btrfs_next_leaf(), as the leaf now has more keys than
it had before. So we must really process the returned leaf starting at
path->slots[0] always, as it isn't always 0, and the key at slot 0 can
have an offset much lower than our search offset/bytenr.
For example, consider the following scenario, where we have:
sums->bytenr: 40157184, sums->len: 16384, sums end: 40173568
four 4kb file data blocks with offsets 40157184, 40161280, 40165376, 40169472
Leaf N:
slot = 0 slot = btrfs_header_nritems() - 1
|-------------------------------------------------------------------|
| [(CSUM CSUM 39239680), size 8] ... [(CSUM CSUM 40116224), size 4] |
|-------------------------------------------------------------------|
Leaf N + 1:
slot = 0 slot = btrfs_header_nritems() - 1
|--------------------------------------------------------------------|
| [(CSUM CSUM 40161280), size 32] ... [((CSUM CSUM 40615936), size 8 |
|--------------------------------------------------------------------|
Because we are at the last slot of leaf N, we call btrfs_next_leaf() to
find the next highest key, which releases the current path and then searches
for that next key. However after releasing the path and before finding that
next key, the item at slot 0 of leaf N + 1 gets moved to leaf N, due to a call
to ctree.c:push_leaf_left() (via ctree.c:split_leaf()), and therefore
btrfs_next_leaf() will returns us a path again with leaf N but with the slot
pointing to its new last key (CSUM CSUM 40161280). This new version of leaf N
is then:
slot = 0 slot = btrfs_header_nritems() - 2 slot = btrfs_header_nritems() - 1
|----------------------------------------------------------------------------------------------------|
| [(CSUM CSUM 39239680), size 8] ... [(CSUM CSUM 40116224), size 4] [(CSUM CSUM 40161280), size 32] |
|----------------------------------------------------------------------------------------------------|
And incorrecly using slot 0, makes us set next_offset to 39239680 and we jump
into the "insert:" label, which will set tmp to:
tmp = min((sums->len - total_bytes) >> blocksize_bits,
(next_offset - file_key.offset) >> blocksize_bits) =
min((16384 - 0) >> 12, (39239680 - 40157184) >> 12) =
min(4, (u64)-917504 = 18446744073708634112 >> 12) = 4
and
ins_size = csum_size * tmp = 4 * 4 = 16 bytes.
In other words, we insert a new csum item in the tree with key
(CSUM_OBJECTID CSUM_KEY 40157184 = sums->bytenr) that contains the checksums
for all the data (4 blocks of 4096 bytes each = sums->len). Which is wrong,
because the item with key (CSUM CSUM 40161280) (the one that was moved from
leaf N + 1 to the end of leaf N) contains the old checksums of the last 12288
bytes of our data and won't get those old checksums removed.
So this leaves us 2 different checksums for 3 4kb blocks of data in the tree,
and breaks the logical rule:
Key_N+1.offset >= Key_N.offset + length_of_data_its_checksums_cover
An obvious bad effect of this is that a subsequent csum tree lookup to get
the checksum of any of the blocks with logical offset of 40161280, 40165376
or 40169472 (the last 3 4kb blocks of file data), will get the old checksums.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
fs/btrfs/file-item.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c
index 6f38488..bb91764 100644
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -755,7 +755,7 @@ again:
found_next = 1;
if (ret != 0)
goto insert;
- slot = 0;
+ slot = path->slots[0];
}
btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot);
if (found_key.objectid != BTRFS_EXTENT_CSUM_OBJECTID ||
--
1.9.1
^ permalink raw reply related [flat|nested] 202+ messages in thread
* Re: [3.13.y.z extended stable] Linux 3.13.11.7 stable review
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
` (186 preceding siblings ...)
2014-09-15 22:09 ` [PATCH 3.13 187/187] Btrfs: fix csum tree corruption, duplicate and outdated checksums Kamal Mostafa
@ 2014-09-16 0:03 ` Greg KH
2014-09-16 1:18 ` Tim Gardner
187 siblings, 1 reply; 202+ messages in thread
From: Greg KH @ 2014-09-16 0:03 UTC (permalink / raw)
To: Kamal Mostafa; +Cc: linux-kernel, stable, kernel-team
On Mon, Sep 15, 2014 at 03:06:50PM -0700, Kamal Mostafa wrote:
> This is the start of the review cycle for the Linux 3.13.11.7 stable kernel.
>
> This version contains 187 new patches, summarized below. The new patches are
> posted as replies to this message and also available in this git branch:
>
> http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=linux-3.13.y-review;a=shortlog
>
> git://kernel.ubuntu.com/ubuntu/linux.git linux-3.13.y-review
>
> The review period for version 3.13.11.7 will be open for the next three days.
> To report a problem, please reply to the relevant follow-up patch message.
As I asked before, please change the name to not be x.y, it is confusing
for lots of people.
Use the "normal" way of naming kernel releases, pick a few character
naming scheme please.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [3.13.y.z extended stable] Linux 3.13.11.7 stable review
2014-09-16 0:03 ` [3.13.y.z extended stable] Linux 3.13.11.7 stable review Greg KH
@ 2014-09-16 1:18 ` Tim Gardner
2014-09-16 1:26 ` Greg KH
0 siblings, 1 reply; 202+ messages in thread
From: Tim Gardner @ 2014-09-16 1:18 UTC (permalink / raw)
To: Greg KH; +Cc: Kamal Mostafa, kernel-team, linux-kernel, stable
On 09/15/2014 06:03 PM, Greg KH wrote:
> On Mon, Sep 15, 2014 at 03:06:50PM -0700, Kamal Mostafa wrote:
>> This is the start of the review cycle for the Linux 3.13.11.7 stable kernel.
>>
>> This version contains 187 new patches, summarized below. The new patches are
>> posted as replies to this message and also available in this git branch:
>>
>> http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=linux-3.13.y-review;a=shortlog
>>
>> git://kernel.ubuntu.com/ubuntu/linux.git linux-3.13.y-review
>>
>> The review period for version 3.13.11.7 will be open for the next three days.
>> To report a problem, please reply to the relevant follow-up patch message.
>
> As I asked before, please change the name to not be x.y, it is confusing
> for lots of people.
>
> Use the "normal" way of naming kernel releases, pick a few character
> naming scheme please.
>
I think what Kamal said is that he would consider your request. I,
however, don't think it wise to change version schemes mid-stream in an
established series.
Can you provide hard evidence that this version scheme is confusing lots
of people ? I'm only aware of one complaint voiced by Peter Anvin at the
kernel summit (http://lwn.net/Articles/608917/).
rtg
--
Tim Gardner tim.gardner@canonical.com
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [3.13.y.z extended stable] Linux 3.13.11.7 stable review
2014-09-16 1:18 ` Tim Gardner
@ 2014-09-16 1:26 ` Greg KH
2014-09-16 15:17 ` Tim Gardner
0 siblings, 1 reply; 202+ messages in thread
From: Greg KH @ 2014-09-16 1:26 UTC (permalink / raw)
To: Tim Gardner; +Cc: Kamal Mostafa, kernel-team, linux-kernel, stable
On Mon, Sep 15, 2014 at 07:18:35PM -0600, Tim Gardner wrote:
> On 09/15/2014 06:03 PM, Greg KH wrote:
> > On Mon, Sep 15, 2014 at 03:06:50PM -0700, Kamal Mostafa wrote:
> >> This is the start of the review cycle for the Linux 3.13.11.7 stable kernel.
> >>
> >> This version contains 187 new patches, summarized below. The new patches are
> >> posted as replies to this message and also available in this git branch:
> >>
> >> http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=linux-3.13.y-review;a=shortlog
> >>
> >> git://kernel.ubuntu.com/ubuntu/linux.git linux-3.13.y-review
> >>
> >> The review period for version 3.13.11.7 will be open for the next three days.
> >> To report a problem, please reply to the relevant follow-up patch message.
> >
> > As I asked before, please change the name to not be x.y, it is confusing
> > for lots of people.
> >
> > Use the "normal" way of naming kernel releases, pick a few character
> > naming scheme please.
> >
>
> I think what Kamal said is that he would consider your request. I,
> however, don't think it wise to change version schemes mid-stream in an
> established series.
Even if that "established series" is the thing that is causing
complaints?
> Can you provide hard evidence that this version scheme is confusing lots
> of people ? I'm only aware of one complaint voiced by Peter Anvin at the
> kernel summit (http://lwn.net/Articles/608917/).
Peter's complaint is one that I know of that is in the public record.
So is mine.
How many others do you need?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 073/187] x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup()
2014-09-15 22:08 ` [PATCH 3.13 073/187] x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup() Kamal Mostafa
@ 2014-09-16 6:05 ` Bruno Prémont
2014-09-16 13:31 ` Kamal Mostafa
0 siblings, 1 reply; 202+ messages in thread
From: Bruno Prémont @ 2014-09-16 6:05 UTC (permalink / raw)
To: Kamal Mostafa; +Cc: linux-kernel, stable, kernel-team, Bjorn Helgaas
Hi Kamel,
On Mon, 15 Sep 2014 15:08:03 -0700 Kamal Mostafa wrote:
> 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
As mentioned to Greg for 3.16 (and 3.14, 3.10) stable trees, please
postpone this patch until its regression fix for dual-GPU Macs can be
applied at the same time.
See
https://patchwork.kernel.org/patch/4771201/
as well as
https://bugzilla.kernel.org/show_bug.cgi?id=84461
Bruno
> ------------------
>
> From: Kamal Mostafa <kamal@canonical.com>
>
> commit 20cde694027e7477cc532833e38ab9fcaa83fb64 upstream.
>
> Commit b4aa0163056b ("efifb: Implement vga_default_device() (v2)")
> added efifb vga_default_device() so EFI systems that do not load
> shadow VBIOS or setup VGA get proper value for boot_vga PCI sysfs
> attribute on the corresponding PCI device.
>
> Xorg doesn't detect devices when boot_vga=0, e.g., on some EFI
> systems such as MacBookAir2,1. Xorg detects the GPU and finds the
> DRI device but then bails out with "no devices detected".
>
> Note: When vga_default_device() is set boot_vga PCI sysfs attribute
> reflects its state. When unset this attribute is 1 whenever
> IORESOURCE_ROM_SHADOW flag is set.
>
> With introduction of sysfb/simplefb/simpledrm efifb is getting
> obsolete while having native drivers for the GPU also makes selecting
> sysfb/efifb optional.
>
> Remove the efifb implementation of vga_default_device() and initialize
> vgaarb's vga_default_device() with the PCI GPU that matches boot
> screen_info in pci_fixup_video().
>
> [bhelgaas: remove unused "dev" in efifb_setup()]
> Fixes: b4aa0163056b ("efifb: Implement vga_default_device() (v2)")
> Tested-by: Anibal Francisco Martinez Cortina <linuxkid.zeuz@gmail.com>
> Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
> Acked-by: Matthew Garrett <matthew.garrett@nebula.com>
> [ kamal: backport to 3.13-stable: context ]
> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> ---
> arch/ia64/pci/fixup.c | 22 ++++++++++++++++++++++
> arch/x86/include/asm/vga.h | 6 ------
> arch/x86/pci/fixup.c | 21 +++++++++++++++++++++
> drivers/video/efifb.c | 39
> --------------------------------------- 4 files changed, 43
> insertions(+), 45 deletions(-)
>
> diff --git a/arch/ia64/pci/fixup.c b/arch/ia64/pci/fixup.c
> index 5dc969d..62fb9ba 100644
> --- a/arch/ia64/pci/fixup.c
> +++ b/arch/ia64/pci/fixup.c
> @@ -5,6 +5,7 @@
>
> #include <linux/pci.h>
> #include <linux/init.h>
> +#include <linux/screen_info.h>
>
> #include <asm/machvec.h>
>
> @@ -38,6 +39,27 @@ static void pci_fixup_video(struct pci_dev *pdev)
> if ((pdev->class >> 8) != PCI_CLASS_DISPLAY_VGA)
> return;
>
> + if (!vga_default_device()) {
> + resource_size_t start, end;
> + int i;
> +
> + /* Does firmware framebuffer belong to us? */
> + for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
> + if (!(pci_resource_flags(pdev, i) &
> IORESOURCE_MEM))
> + continue;
> +
> + start = pci_resource_start(pdev, i);
> + end = pci_resource_end(pdev, i);
> +
> + if (!start || !end)
> + continue;
> +
> + if (screen_info.lfb_base >= start &&
> + (screen_info.lfb_base +
> screen_info.lfb_size) < end)
> + vga_set_default_device(pdev);
> + }
> + }
> +
> /* Is VGA routed to us? */
> bus = pdev->bus;
> while (bus) {
> diff --git a/arch/x86/include/asm/vga.h b/arch/x86/include/asm/vga.h
> index 44282fb..c4b9dc2 100644
> --- a/arch/x86/include/asm/vga.h
> +++ b/arch/x86/include/asm/vga.h
> @@ -17,10 +17,4 @@
> #define vga_readb(x) (*(x))
> #define vga_writeb(x, y) (*(y) = (x))
>
> -#ifdef CONFIG_FB_EFI
> -#define __ARCH_HAS_VGA_DEFAULT_DEVICE
> -extern struct pci_dev *vga_default_device(void);
> -extern void vga_set_default_device(struct pci_dev *pdev);
> -#endif
> -
> #endif /* _ASM_X86_VGA_H */
> diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
> index b046e07..4ee44d4 100644
> --- a/arch/x86/pci/fixup.c
> +++ b/arch/x86/pci/fixup.c
> @@ -325,6 +325,27 @@ static void pci_fixup_video(struct pci_dev *pdev)
> struct pci_bus *bus;
> u16 config;
>
> + if (!vga_default_device()) {
> + resource_size_t start, end;
> + int i;
> +
> + /* Does firmware framebuffer belong to us? */
> + for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
> + if (!(pci_resource_flags(pdev, i) &
> IORESOURCE_MEM))
> + continue;
> +
> + start = pci_resource_start(pdev, i);
> + end = pci_resource_end(pdev, i);
> +
> + if (!start || !end)
> + continue;
> +
> + if (screen_info.lfb_base >= start &&
> + (screen_info.lfb_base +
> screen_info.lfb_size) < end)
> + vga_set_default_device(pdev);
> + }
> + }
> +
> /* Is VGA routed to us? */
> bus = pdev->bus;
> while (bus) {
> diff --git a/drivers/video/efifb.c b/drivers/video/efifb.c
> index cd7c0df..201ab4f 100644
> --- a/drivers/video/efifb.c
> +++ b/drivers/video/efifb.c
> @@ -19,8 +19,6 @@
>
> static bool request_mem_succeeded = false;
>
> -static struct pci_dev *default_vga;
> -
> static struct fb_var_screeninfo efifb_defined = {
> .activate = FB_ACTIVATE_NOW,
> .height = -1,
> @@ -85,23 +83,10 @@ static struct fb_ops efifb_ops = {
> .fb_imageblit = cfb_imageblit,
> };
>
> -struct pci_dev *vga_default_device(void)
> -{
> - return default_vga;
> -}
> -
> -EXPORT_SYMBOL_GPL(vga_default_device);
> -
> -void vga_set_default_device(struct pci_dev *pdev)
> -{
> - default_vga = pdev;
> -}
> -
> static int efifb_setup(char *options)
> {
> char *this_opt;
> int i;
> - struct pci_dev *dev = NULL;
>
> if (options && *options) {
> while ((this_opt = strsep(&options, ",")) != NULL) {
> @@ -127,30 +112,6 @@ static int efifb_setup(char *options)
> }
> }
>
> - for_each_pci_dev(dev) {
> - int i;
> -
> - if ((dev->class >> 8) != PCI_CLASS_DISPLAY_VGA)
> - continue;
> -
> - for (i=0; i < DEVICE_COUNT_RESOURCE; i++) {
> - resource_size_t start, end;
> -
> - if (!(pci_resource_flags(dev, i) &
> IORESOURCE_MEM))
> - continue;
> -
> - start = pci_resource_start(dev, i);
> - end = pci_resource_end(dev, i);
> -
> - if (!start || !end)
> - continue;
> -
> - if (screen_info.lfb_base >= start &&
> - (screen_info.lfb_base +
> screen_info.lfb_size) < end)
> - default_vga = dev;
> - }
> - }
> -
> return 0;
> }
>
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 073/187] x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup()
2014-09-16 6:05 ` Bruno Prémont
@ 2014-09-16 13:31 ` Kamal Mostafa
0 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-16 13:31 UTC (permalink / raw)
To: Bruno Prémont; +Cc: linux-kernel, stable, kernel-team, Bjorn Helgaas
On Tue, 2014-09-16 at 08:05 +0200, Bruno Prémont wrote:
> Hi Kamel,
>
> On Mon, 15 Sep 2014 15:08:03 -0700 Kamal Mostafa wrote:
> > 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
>
> As mentioned to Greg for 3.16 (and 3.14, 3.10) stable trees, please
> postpone this patch until its regression fix for dual-GPU Macs can be
> applied at the same time.
Thanks very much, Bruno. I've dropped this from the 3.13-stable queue
pending the regression fix.
-Kamal
> See
> https://patchwork.kernel.org/patch/4771201/
> as well as
> https://bugzilla.kernel.org/show_bug.cgi?id=84461
>
> Bruno
>
> > ------------------
> >
> > From: Kamal Mostafa <kamal@canonical.com>
> >
> > commit 20cde694027e7477cc532833e38ab9fcaa83fb64 upstream.
> >
> > Commit b4aa0163056b ("efifb: Implement vga_default_device() (v2)")
> > added efifb vga_default_device() so EFI systems that do not load
> > shadow VBIOS or setup VGA get proper value for boot_vga PCI sysfs
> > attribute on the corresponding PCI device.
> >
> > Xorg doesn't detect devices when boot_vga=0, e.g., on some EFI
> > systems such as MacBookAir2,1. Xorg detects the GPU and finds the
> > DRI device but then bails out with "no devices detected".
> >
> > Note: When vga_default_device() is set boot_vga PCI sysfs attribute
> > reflects its state. When unset this attribute is 1 whenever
> > IORESOURCE_ROM_SHADOW flag is set.
> >
> > With introduction of sysfb/simplefb/simpledrm efifb is getting
> > obsolete while having native drivers for the GPU also makes selecting
> > sysfb/efifb optional.
> >
> > Remove the efifb implementation of vga_default_device() and initialize
> > vgaarb's vga_default_device() with the PCI GPU that matches boot
> > screen_info in pci_fixup_video().
> >
> > [bhelgaas: remove unused "dev" in efifb_setup()]
> > Fixes: b4aa0163056b ("efifb: Implement vga_default_device() (v2)")
> > Tested-by: Anibal Francisco Martinez Cortina <linuxkid.zeuz@gmail.com>
> > Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
> > Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
> > Acked-by: Matthew Garrett <matthew.garrett@nebula.com>
> > [ kamal: backport to 3.13-stable: context ]
> > Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> > ---
> > arch/ia64/pci/fixup.c | 22 ++++++++++++++++++++++
> > arch/x86/include/asm/vga.h | 6 ------
> > arch/x86/pci/fixup.c | 21 +++++++++++++++++++++
> > drivers/video/efifb.c | 39
> > --------------------------------------- 4 files changed, 43
> > insertions(+), 45 deletions(-)
> >
> > diff --git a/arch/ia64/pci/fixup.c b/arch/ia64/pci/fixup.c
> > index 5dc969d..62fb9ba 100644
> > --- a/arch/ia64/pci/fixup.c
> > +++ b/arch/ia64/pci/fixup.c
> > @@ -5,6 +5,7 @@
> >
> > #include <linux/pci.h>
> > #include <linux/init.h>
> > +#include <linux/screen_info.h>
> >
> > #include <asm/machvec.h>
> >
> > @@ -38,6 +39,27 @@ static void pci_fixup_video(struct pci_dev *pdev)
> > if ((pdev->class >> 8) != PCI_CLASS_DISPLAY_VGA)
> > return;
> >
> > + if (!vga_default_device()) {
> > + resource_size_t start, end;
> > + int i;
> > +
> > + /* Does firmware framebuffer belong to us? */
> > + for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
> > + if (!(pci_resource_flags(pdev, i) &
> > IORESOURCE_MEM))
> > + continue;
> > +
> > + start = pci_resource_start(pdev, i);
> > + end = pci_resource_end(pdev, i);
> > +
> > + if (!start || !end)
> > + continue;
> > +
> > + if (screen_info.lfb_base >= start &&
> > + (screen_info.lfb_base +
> > screen_info.lfb_size) < end)
> > + vga_set_default_device(pdev);
> > + }
> > + }
> > +
> > /* Is VGA routed to us? */
> > bus = pdev->bus;
> > while (bus) {
> > diff --git a/arch/x86/include/asm/vga.h b/arch/x86/include/asm/vga.h
> > index 44282fb..c4b9dc2 100644
> > --- a/arch/x86/include/asm/vga.h
> > +++ b/arch/x86/include/asm/vga.h
> > @@ -17,10 +17,4 @@
> > #define vga_readb(x) (*(x))
> > #define vga_writeb(x, y) (*(y) = (x))
> >
> > -#ifdef CONFIG_FB_EFI
> > -#define __ARCH_HAS_VGA_DEFAULT_DEVICE
> > -extern struct pci_dev *vga_default_device(void);
> > -extern void vga_set_default_device(struct pci_dev *pdev);
> > -#endif
> > -
> > #endif /* _ASM_X86_VGA_H */
> > diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
> > index b046e07..4ee44d4 100644
> > --- a/arch/x86/pci/fixup.c
> > +++ b/arch/x86/pci/fixup.c
> > @@ -325,6 +325,27 @@ static void pci_fixup_video(struct pci_dev *pdev)
> > struct pci_bus *bus;
> > u16 config;
> >
> > + if (!vga_default_device()) {
> > + resource_size_t start, end;
> > + int i;
> > +
> > + /* Does firmware framebuffer belong to us? */
> > + for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
> > + if (!(pci_resource_flags(pdev, i) &
> > IORESOURCE_MEM))
> > + continue;
> > +
> > + start = pci_resource_start(pdev, i);
> > + end = pci_resource_end(pdev, i);
> > +
> > + if (!start || !end)
> > + continue;
> > +
> > + if (screen_info.lfb_base >= start &&
> > + (screen_info.lfb_base +
> > screen_info.lfb_size) < end)
> > + vga_set_default_device(pdev);
> > + }
> > + }
> > +
> > /* Is VGA routed to us? */
> > bus = pdev->bus;
> > while (bus) {
> > diff --git a/drivers/video/efifb.c b/drivers/video/efifb.c
> > index cd7c0df..201ab4f 100644
> > --- a/drivers/video/efifb.c
> > +++ b/drivers/video/efifb.c
> > @@ -19,8 +19,6 @@
> >
> > static bool request_mem_succeeded = false;
> >
> > -static struct pci_dev *default_vga;
> > -
> > static struct fb_var_screeninfo efifb_defined = {
> > .activate = FB_ACTIVATE_NOW,
> > .height = -1,
> > @@ -85,23 +83,10 @@ static struct fb_ops efifb_ops = {
> > .fb_imageblit = cfb_imageblit,
> > };
> >
> > -struct pci_dev *vga_default_device(void)
> > -{
> > - return default_vga;
> > -}
> > -
> > -EXPORT_SYMBOL_GPL(vga_default_device);
> > -
> > -void vga_set_default_device(struct pci_dev *pdev)
> > -{
> > - default_vga = pdev;
> > -}
> > -
> > static int efifb_setup(char *options)
> > {
> > char *this_opt;
> > int i;
> > - struct pci_dev *dev = NULL;
> >
> > if (options && *options) {
> > while ((this_opt = strsep(&options, ",")) != NULL) {
> > @@ -127,30 +112,6 @@ static int efifb_setup(char *options)
> > }
> > }
> >
> > - for_each_pci_dev(dev) {
> > - int i;
> > -
> > - if ((dev->class >> 8) != PCI_CLASS_DISPLAY_VGA)
> > - continue;
> > -
> > - for (i=0; i < DEVICE_COUNT_RESOURCE; i++) {
> > - resource_size_t start, end;
> > -
> > - if (!(pci_resource_flags(dev, i) &
> > IORESOURCE_MEM))
> > - continue;
> > -
> > - start = pci_resource_start(dev, i);
> > - end = pci_resource_end(dev, i);
> > -
> > - if (!start || !end)
> > - continue;
> > -
> > - if (screen_info.lfb_base >= start &&
> > - (screen_info.lfb_base +
> > screen_info.lfb_size) < end)
> > - default_vga = dev;
> > - }
> > - }
> > -
> > return 0;
> > }
> >
>
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [3.13.y.z extended stable] Linux 3.13.11.7 stable review
2014-09-16 1:26 ` Greg KH
@ 2014-09-16 15:17 ` Tim Gardner
2014-09-16 18:13 ` Greg KH
0 siblings, 1 reply; 202+ messages in thread
From: Tim Gardner @ 2014-09-16 15:17 UTC (permalink / raw)
To: Greg KH; +Cc: Kamal Mostafa, kernel-team, linux-kernel, stable
On 09/15/2014 07:26 PM, Greg KH wrote:
> On Mon, Sep 15, 2014 at 07:18:35PM -0600, Tim Gardner wrote:
>> On 09/15/2014 06:03 PM, Greg KH wrote:
>>> On Mon, Sep 15, 2014 at 03:06:50PM -0700, Kamal Mostafa wrote:
>>>> This is the start of the review cycle for the Linux 3.13.11.7 stable kernel.
>>>>
>>>> This version contains 187 new patches, summarized below. The new patches are
>>>> posted as replies to this message and also available in this git branch:
>>>>
>>>> http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=linux-3.13.y-review;a=shortlog
>>>>
>>>> git://kernel.ubuntu.com/ubuntu/linux.git linux-3.13.y-review
>>>>
>>>> The review period for version 3.13.11.7 will be open for the next three days.
>>>> To report a problem, please reply to the relevant follow-up patch message.
>>>
>>> As I asked before, please change the name to not be x.y, it is confusing
>>> for lots of people.
>>>
>>> Use the "normal" way of naming kernel releases, pick a few character
>>> naming scheme please.
>>>
>>
>> I think what Kamal said is that he would consider your request. I,
>> however, don't think it wise to change version schemes mid-stream in an
>> established series.
>
> Even if that "established series" is the thing that is causing
> complaints?
>
>> Can you provide hard evidence that this version scheme is confusing lots
>> of people ? I'm only aware of one complaint voiced by Peter Anvin at the
>> kernel summit (http://lwn.net/Articles/608917/).
>
> Peter's complaint is one that I know of that is in the public record.
>
> So is mine.
>
> How many others do you need?
>
This is a seriously silly argument over an _opinion_ of what is
"confusing", and so far I am not feeling moved by the number of contrary
opinions.
Our version scheme makes sense from a Debian perspective in that it
indicates exactly when the Canonical branch was started. It also has the
advantage of being distinguishable from the kernel.org version. I _want_
the consumer to be aware of where they have acquired their kernel
sources (as if the git URL is insufficient). Frankly, if the version is
an _enduring_ source of confusion, then perhaps the consumer should seek
other endeavors.
rtg
--
Tim Gardner tim.gardner@canonical.com
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [3.13.y.z extended stable] Linux 3.13.11.7 stable review
2014-09-16 15:17 ` Tim Gardner
@ 2014-09-16 18:13 ` Greg KH
2014-09-16 21:23 ` H. Peter Anvin
0 siblings, 1 reply; 202+ messages in thread
From: Greg KH @ 2014-09-16 18:13 UTC (permalink / raw)
To: Tim Gardner, hpa; +Cc: Kamal Mostafa, kernel-team, linux-kernel, stable
Adding in hpa as he has objected to the current naming scheme as well.
On Tue, Sep 16, 2014 at 09:17:31AM -0600, Tim Gardner wrote:
> On 09/15/2014 07:26 PM, Greg KH wrote:
> > On Mon, Sep 15, 2014 at 07:18:35PM -0600, Tim Gardner wrote:
> >> On 09/15/2014 06:03 PM, Greg KH wrote:
> >>> On Mon, Sep 15, 2014 at 03:06:50PM -0700, Kamal Mostafa wrote:
> >>>> This is the start of the review cycle for the Linux 3.13.11.7 stable kernel.
> >>>>
> >>>> This version contains 187 new patches, summarized below. The new patches are
> >>>> posted as replies to this message and also available in this git branch:
> >>>>
> >>>> http://kernel.ubuntu.com/git?p=ubuntu/linux.git;h=linux-3.13.y-review;a=shortlog
> >>>>
> >>>> git://kernel.ubuntu.com/ubuntu/linux.git linux-3.13.y-review
> >>>>
> >>>> The review period for version 3.13.11.7 will be open for the next three days.
> >>>> To report a problem, please reply to the relevant follow-up patch message.
> >>>
> >>> As I asked before, please change the name to not be x.y, it is confusing
> >>> for lots of people.
> >>>
> >>> Use the "normal" way of naming kernel releases, pick a few character
> >>> naming scheme please.
> >>>
> >>
> >> I think what Kamal said is that he would consider your request. I,
> >> however, don't think it wise to change version schemes mid-stream in an
> >> established series.
> >
> > Even if that "established series" is the thing that is causing
> > complaints?
> >
> >> Can you provide hard evidence that this version scheme is confusing lots
> >> of people ? I'm only aware of one complaint voiced by Peter Anvin at the
> >> kernel summit (http://lwn.net/Articles/608917/).
> >
> > Peter's complaint is one that I know of that is in the public record.
> >
> > So is mine.
> >
> > How many others do you need?
> >
>
> This is a seriously silly argument over an _opinion_ of what is
> "confusing", and so far I am not feeling moved by the number of contrary
> opinions.
So, what would it take to "move" you?
People have expressed the fact that the naming by your team of these
kernels is confusing. Users are thinking these are being done on the
kernel.org infrastructure, due to a lack of any non "numeric" digit in
the kernel version. Adding a 4th number, while great, seems to not be
enough to be able to easily determine the difference here.
> Our version scheme makes sense from a Debian perspective in that it
> indicates exactly when the Canonical branch was started.
I agree, but it does not convey it is a "Canonical branch" at all on
its own. Which is causing the confusion here.
> It also has the
> advantage of being distinguishable from the kernel.org version.
By the "trailing digit", i.e. ".y", only. It's just an aditional
number, not a "vendor version mark", like most packaging systems all
incorporate to show obviously that there is a difference from the
"upstream" release here.
> I _want_ the consumer to be aware of where they have acquired their
> kernel sources (as if the git URL is insufficient). Frankly, if the
> version is an _enduring_ source of confusion, then perhaps the
> consumer should seek other endeavors.
You are really trying to use the "if the user is so dumb to understand,
they should just go away" argument here? I value our users more than
that, they are the only reason we will survive over time. You will not
succeed by going around calling them names.
greg k-h
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [3.13.y.z extended stable] Linux 3.13.11.7 stable review
2014-09-16 18:13 ` Greg KH
@ 2014-09-16 21:23 ` H. Peter Anvin
0 siblings, 0 replies; 202+ messages in thread
From: H. Peter Anvin @ 2014-09-16 21:23 UTC (permalink / raw)
To: Greg KH, Tim Gardner; +Cc: Kamal Mostafa, kernel-team, linux-kernel, stable
On 09/16/2014 11:13 AM, Greg KH wrote:
>
> By the "trailing digit", i.e. ".y", only. It's just an aditional
> number, not a "vendor version mark", like most packaging systems all
> incorporate to show obviously that there is a difference from the
> "upstream" release here.
>
>> I _want_ the consumer to be aware of where they have acquired their
>> kernel sources (as if the git URL is insufficient). Frankly, if the
>> version is an _enduring_ source of confusion, then perhaps the
>> consumer should seek other endeavors.
>
> You are really trying to use the "if the user is so dumb to understand,
> they should just go away" argument here? I value our users more than
> that, they are the only reason we will survive over time. You will not
> succeed by going around calling them names.
>
It is worth noting that we have a long-standing convention for these
sort of things. It looks like x.y[.z]-XXn where XX is two or three
letters, e.g. 3.13.11-km7.
-hpa
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 104/187] Revert "selinux: fix the default socket labeling in sock_graft()"
2014-09-15 22:08 ` [PATCH 3.13 104/187] Revert "selinux: fix the default socket labeling in sock_graft()" Kamal Mostafa
@ 2014-09-17 11:08 ` Ben Hutchings
2014-09-17 16:07 ` Kamal Mostafa
0 siblings, 1 reply; 202+ messages in thread
From: Ben Hutchings @ 2014-09-17 11:08 UTC (permalink / raw)
To: Kamal Mostafa; +Cc: linux-kernel, stable, kernel-team, Paul Moore
[-- Attachment #1: Type: text/plain, Size: 523 bytes --]
On Mon, 2014-09-15 at 15:08 -0700, Kamal Mostafa wrote:
> 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Paul Moore <pmoore@redhat.com>
>
> commit 2873ead7e46694910ac49c3a8ee0f54956f96e0c upstream.
>
> This reverts commit 4da6daf4d3df5a977e4623963f141a627fd2efce.
[...]
Which is earlier in this series (72). Shouldn't you drop them both?
Ben.
--
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 120/187] ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct
2014-09-15 22:08 ` [PATCH 3.13 120/187] ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct Kamal Mostafa
@ 2014-09-17 11:13 ` Ben Hutchings
2014-09-17 16:08 ` Kamal Mostafa
0 siblings, 1 reply; 202+ messages in thread
From: Ben Hutchings @ 2014-09-17 11:13 UTC (permalink / raw)
To: Kamal Mostafa; +Cc: linux-kernel, stable, kernel-team, Theodore Ts'o
[-- Attachment #1: Type: text/plain, Size: 1206 bytes --]
On Mon, 2014-09-15 at 15:08 -0700, Kamal Mostafa wrote:
> 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Theodore Ts'o <tytso@mit.edu>
>
> commit 86f0afd463215fc3e58020493482faa4ac3a4d69 upstream.
>
> If there is a failure while allocating the preallocation structure, a
> number of blocks can end up getting marked in the in-memory buddy
> bitmap, and then not getting released. This can result in the
> following corruption getting reported by the kernel:
>
> EXT4-fs error (device sda3): ext4_mb_generate_buddy:758: group 1126,
> 12793 clusters in bitmap, 12729 in gd
>
> In that case, we need to release the blocks using mb_free_blocks().
>
> Tested: fs smoke test; also demonstrated that with injected errors,
> the file system is no longer getting corrupted
>
> Google-Bug-Id: 16657874
>
> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
[...]
You need to apply commit c99d1e6e83b0 ("ext4: fix BUG_ON in
mb_free_blocks()") along with this.
Ben.
--
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 044/187] x86_64/entry/xen: Do not invoke espfix64 on Xen
2014-09-15 22:07 ` [PATCH 3.13 044/187] x86_64/entry/xen: Do not invoke espfix64 on Xen Kamal Mostafa
@ 2014-09-17 11:25 ` Ben Hutchings
2014-09-17 16:11 ` Kamal Mostafa
0 siblings, 1 reply; 202+ messages in thread
From: Ben Hutchings @ 2014-09-17 11:25 UTC (permalink / raw)
To: Kamal Mostafa
Cc: linux-kernel, stable, kernel-team, Andy Lutomirski, H. Peter Anvin
[-- Attachment #1: Type: text/plain, Size: 1375 bytes --]
On Mon, 2014-09-15 at 15:07 -0700, Kamal Mostafa wrote:
> 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Andy Lutomirski <luto@amacapital.net>
>
> commit 7209a75d2009dbf7745e2fd354abf25c3deb3ca3 upstream.
>
> This moves the espfix64 logic into native_iret. To make this work,
> it gets rid of the native patch for INTERRUPT_RETURN:
> INTERRUPT_RETURN on native kernels is now 'jmp native_iret'.
>
> This changes the 16-bit SS behavior on Xen from OOPSing to leaking
> some bits of the Xen hypervisor's RSP (I think).
>
> [ hpa: this is a nonzero cost on native, but probably not enough to
> measure. Xen needs to fix this in their own code, probably doing
> something equivalent to espfix64. ]
>
> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
> Link: http://lkml.kernel.org/r/7b8f1d8ef6597cb16ae004a43c56980a7de3cf94.1406129132.git.luto@amacapital.net
> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
[...]
There's another fix related to espfix on Xen, commit 8762e5092828
("x86/espfix/xen: Fix allocation of pages for paravirt page tables").
But I'm not sure whether it's actually needed after this.
Ben.
--
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 104/187] Revert "selinux: fix the default socket labeling in sock_graft()"
2014-09-17 11:08 ` Ben Hutchings
@ 2014-09-17 16:07 ` Kamal Mostafa
0 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-17 16:07 UTC (permalink / raw)
To: Ben Hutchings; +Cc: linux-kernel, stable, kernel-team, Paul Moore
On Wed, 2014-09-17 at 12:08 +0100, Ben Hutchings wrote:
> On Mon, 2014-09-15 at 15:08 -0700, Kamal Mostafa wrote:
> > 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Paul Moore <pmoore@redhat.com>
> >
> > commit 2873ead7e46694910ac49c3a8ee0f54956f96e0c upstream.
> >
> > This reverts commit 4da6daf4d3df5a977e4623963f141a627fd2efce.
> [...]
>
> Which is earlier in this series (72). Shouldn't you drop them both?
>
> Ben.
>
Yes, I sure should have dropped them both. And now I have.
Thanks very much, Ben!
-Kamal
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 120/187] ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct
2014-09-17 11:13 ` Ben Hutchings
@ 2014-09-17 16:08 ` Kamal Mostafa
0 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-17 16:08 UTC (permalink / raw)
To: Ben Hutchings; +Cc: linux-kernel, stable, kernel-team, Theodore Ts'o
On Wed, 2014-09-17 at 12:13 +0100, Ben Hutchings wrote:
> On Mon, 2014-09-15 at 15:08 -0700, Kamal Mostafa wrote:
> > 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Theodore Ts'o <tytso@mit.edu>
> >
> > commit 86f0afd463215fc3e58020493482faa4ac3a4d69 upstream.
> >
> > If there is a failure while allocating the preallocation structure, a
> > number of blocks can end up getting marked in the in-memory buddy
> > bitmap, and then not getting released. This can result in the
> > following corruption getting reported by the kernel:
> >
> > EXT4-fs error (device sda3): ext4_mb_generate_buddy:758: group 1126,
> > 12793 clusters in bitmap, 12729 in gd
> >
> > In that case, we need to release the blocks using mb_free_blocks().
> >
> > Tested: fs smoke test; also demonstrated that with injected errors,
> > the file system is no longer getting corrupted
> >
> > Google-Bug-Id: 16657874
> >
> > Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
> > Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> [...]
>
> You need to apply commit c99d1e6e83b0 ("ext4: fix BUG_ON in
> mb_free_blocks()") along with this.
>
> Ben.
>
Ok, that's now queued up for 3.13.11.7 also. Thanks again, Ben.
-Kamal
^ permalink raw reply [flat|nested] 202+ messages in thread
* Re: [PATCH 3.13 044/187] x86_64/entry/xen: Do not invoke espfix64 on Xen
2014-09-17 11:25 ` Ben Hutchings
@ 2014-09-17 16:11 ` Kamal Mostafa
0 siblings, 0 replies; 202+ messages in thread
From: Kamal Mostafa @ 2014-09-17 16:11 UTC (permalink / raw)
To: Ben Hutchings
Cc: linux-kernel, stable, kernel-team, Andy Lutomirski, H. Peter Anvin
On Wed, 2014-09-17 at 12:25 +0100, Ben Hutchings wrote:
> On Mon, 2014-09-15 at 15:07 -0700, Kamal Mostafa wrote:
> > 3.13.11.7 -stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Andy Lutomirski <luto@amacapital.net>
> >
> > commit 7209a75d2009dbf7745e2fd354abf25c3deb3ca3 upstream.
> >
> > This moves the espfix64 logic into native_iret. To make this work,
> > it gets rid of the native patch for INTERRUPT_RETURN:
> > INTERRUPT_RETURN on native kernels is now 'jmp native_iret'.
> >
> > This changes the 16-bit SS behavior on Xen from OOPSing to leaking
> > some bits of the Xen hypervisor's RSP (I think).
> >
> > [ hpa: this is a nonzero cost on native, but probably not enough to
> > measure. Xen needs to fix this in their own code, probably doing
> > something equivalent to espfix64. ]
> >
> > Signed-off-by: Andy Lutomirski <luto@amacapital.net>
> > Link: http://lkml.kernel.org/r/7b8f1d8ef6597cb16ae004a43c56980a7de3cf94.1406129132.git.luto@amacapital.net
> > Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
> > Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> [...]
>
> There's another fix related to espfix on Xen, commit 8762e5092828
> ("x86/espfix/xen: Fix allocation of pages for paravirt page tables").
> But I'm not sure whether it's actually needed after this.
>
> Ben.
>
I have now queued that one up for 3.13.11.7 also. Thanks yet again,
Ben!
-Kamal
^ permalink raw reply [flat|nested] 202+ messages in thread
end of thread, other threads:[~2014-09-17 16:11 UTC | newest]
Thread overview: 202+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-15 22:06 [3.13.y.z extended stable] Linux 3.13.11.7 stable review Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 001/187] net: sctp: inherit auth_capable on INIT collisions Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 002/187] kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 003/187] bnx2x: fix crash during TSO tunneling Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 004/187] inetpeer: get rid of ip_id_count Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 005/187] ip: make IP identifiers less predictable Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 006/187] tcp: Fix integer-overflows in TCP veno Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 007/187] tcp: Fix integer-overflow in TCP vegas Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 008/187] macvlan: Initialize vlan_features to turn on offload support Kamal Mostafa
2014-09-15 22:06 ` [PATCH 3.13 009/187] net: Correctly set segment mac_len in skb_segment() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 010/187] iovec: make sure the caller actually wants anything in memcpy_fromiovecend Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 011/187] batman-adv: Fix out-of-order fragmentation support Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 012/187] sctp: fix possible seqlock seadlock in sctp_packet_transmit() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 013/187] sparc64: Fix argument sign extension for compat_sys_futex() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 014/187] sparc64: Make itc_sync_lock raw Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 015/187] sparc64: Fix executable bit testing in set_pmd_at() paths Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 016/187] sparc64: Fix huge PMD invalidation Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 017/187] sparc64: Fix bugs in get_user_pages_fast() wrt. THP Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 018/187] sparc64: Fix hex values in comment above pte_modify() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 019/187] sparc64: Don't use _PAGE_PRESENT in pte_modify() mask Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 020/187] sparc64: Handle 32-bit tasks properly in compute_effective_address() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 021/187] sparc64: Fix top-level fault handling bugs Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 022/187] sparc64: Fix range check in kern_addr_valid() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 023/187] sparc64: Use 'ILOG2_4MB' instead of constant '22' Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 024/187] sparc64: Add basic validations to {pud,pmd}_bad() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 025/187] sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill pte_ERROR() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 026/187] sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit fault addresses Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 027/187] sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 028/187] sparc64: Add membar to Niagara2 memcpy code Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 029/187] sparc64: Do not insert non-valid PTEs into the TSB hash table Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 030/187] sparc64: Guard against flushing openfirmware mappings Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 031/187] bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000 Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 032/187] sunsab: Fix detection of BREAK on sunsab serial console Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 033/187] sparc64: ldc_connect() should not return EINVAL when handshake is in progress Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 034/187] arch/sparc/math-emu/math_32.c: drop stray break operator Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 035/187] sunrpc: create a new dummy pipe for gssd to hold open Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 036/187] sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 037/187] nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 038/187] Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime option" Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 039/187] x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 040/187] x86, espfix: Move espfix definitions into a separate header file Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 041/187] x86, espfix: Fix broken header guard Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 042/187] x86, espfix: Make espfix64 a Kconfig option, fix UML Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 043/187] x86, espfix: Make it possible to disable 16-bit support Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 044/187] x86_64/entry/xen: Do not invoke espfix64 on Xen Kamal Mostafa
2014-09-17 11:25 ` Ben Hutchings
2014-09-17 16:11 ` Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 045/187] bnx2x: Fix kernel crash and data miscompare after EEH recovery Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 046/187] bnx2x: Adapter not recovery from EEH error injection Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 047/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 048/187] blk-mq: fix initializing request's start time Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 049/187] iwlwifi: mvm: Add a missed beacons threshold Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 050/187] ASoC: wm8994: Prevent double lock of accdet_lock mutex on wm1811 Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 051/187] [media] v4l: vsp1: Remove the unneeded vsp1_video_buffer video field Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 052/187] ASoC: max98090: Fix missing free_irq Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 053/187] KVM: x86: Inter-privilege level ret emulation is not implemeneted Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 054/187] [media] au0828: Only alt setting logic when needed Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 055/187] ASoC: pcm: fix dpcm_path_put in dpcm runtime update Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 056/187] crypto: ux500 - make interrupt mode plausible Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 057/187] Bluetooth: btmrvl: wait for HOST_SLEEP_ENABLE event in suspend Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 058/187] ASoC: adau1701: fix adau1701_reg_read() Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 059/187] ASoC: wm_adsp: Add missing MODULE_LICENSE Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 060/187] regulator: arizona-ldo1: remove bypass functionality Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 061/187] ASoC: samsung: Correct I2S DAI suspend/resume ops Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 062/187] drm/tilcdc: panel: fix dangling sysfs connector node Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 063/187] drm/tilcdc: slave: " Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 064/187] drm/tilcdc: tfp410: " Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 065/187] drm/tilcdc: panel: fix leak when unloading the module Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 066/187] drm/tilcdc: fix release order on exit Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 067/187] drm/tilcdc: fix double kfree Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 068/187] ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject Kamal Mostafa
2014-09-15 22:07 ` [PATCH 3.13 069/187] stable_kernel_rules: Add pointer to netdev-FAQ for network patches Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 070/187] USB: ehci-pci: USB host controller support for Intel Quark X1000 Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 071/187] debugfs: Fix corrupted loop in debugfs_remove_recursive Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 072/187] selinux: fix the default socket labeling in sock_graft() Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 073/187] x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup() Kamal Mostafa
2014-09-16 6:05 ` Bruno Prémont
2014-09-16 13:31 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 074/187] serial: core: Preserve termios c_cflag for console resume Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 075/187] mtd/ftl: fix the double free of the buffers allocated in build_maps() Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 076/187] ext4: Fix block zeroing when punching holes in indirect block files Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 077/187] ext4: fix punch hole on files with indirect mapping Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 078/187] x86: don't exclude low BIOS area when allocating address space for non-PCI cards Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 079/187] PCI: Configure ASPM when enabling device Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 080/187] Bluetooth: never linger on process exit Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 081/187] ASoC: blackfin: use samples to set silence Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 082/187] USB: OHCI: fix bugs in debug routines Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 083/187] USB: OHCI: don't lose track of EDs when a controller dies Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 084/187] mei: start disconnect request timer consistently Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 085/187] mei: fix return value on disconnect timeout Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 086/187] USB: Fix persist resume of some SS USB devices Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 087/187] [media] media-device: Remove duplicated memset() in media_enum_entities() Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 088/187] Bluetooth: Avoid use of session socket after the session gets freed Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 089/187] [media] xc5000: Fix get_frequency() Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 090/187] [media] xc4000: " Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 091/187] CAPABILITIES: remove undefined caps from all processes Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 092/187] scsi: add a blacklist flag which enables VPD page inquiries Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 093/187] bfa: Fix undefined bit shift on big-endian architectures with 32-bit DMA address Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 094/187] hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 095/187] Drivers: scsi: storvsc: Change the limits to reflect the values on the host Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 096/187] Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 097/187] Drivers: scsi: storvsc: Filter commands based on the storage protocol version Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 098/187] Drivers: scsi: storvsc: Fix a bug in handling VMBUS " Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 099/187] Drivers: scsi: storvsc: Implement a eh_timed_out handler Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 100/187] drivers: scsi: storvsc: Set srb_flags in all cases Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 101/187] drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 102/187] x86_64/vsyscall: Fix warn_bad_vsyscall log output Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 103/187] KVM: PPC: Book3S PR: Take SRCU read lock around RTAS kvm_read_guest() call Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 104/187] Revert "selinux: fix the default socket labeling in sock_graft()" Kamal Mostafa
2014-09-17 11:08 ` Ben Hutchings
2014-09-17 16:07 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 105/187] spi: orion: fix incorrect handling of cell-index DT property Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 106/187] mfd: omap-usb-host: Fix improper mask use Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 107/187] tpm: Add missing tpm_do_selftest to ST33 I2C driver Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 108/187] tpm: missing tpm_chip_put in tpm_get_random() Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 109/187] scsi: do not issue SCSI RSOC command to Promise Vtrak E610f Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 110/187] hwmon: (ads1015) Fix off-by-one for valid channel index checking Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 111/187] ALSA: hda - fix an external mic jack problem on a HP machine Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 112/187] MIPS: tlbex: Fix a missing statement for HUGETLB Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 113/187] MIPS: Prevent user from setting FCSR cause bits Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 114/187] KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir table Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 115/187] MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade() Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 116/187] MIPS: ptrace: Test correct task's flags in task_user_regset_view() Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 117/187] MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same time Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 118/187] MIPS: ptrace: Change GP regset to use correct core dump register layout Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 119/187] md/raid1,raid10: always abort recover on write error Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 120/187] ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa struct Kamal Mostafa
2014-09-17 11:13 ` Ben Hutchings
2014-09-17 16:08 ` Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 121/187] hwmon: (lm85) Fix various errors on attribute writes Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 122/187] hwmon: (lm78) Fix overflow problems seen when writing large temperature limits Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 123/187] hwmon: (amc6821) Fix possible race condition bug Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 124/187] MIPS: GIC: Prevent array overrun Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 125/187] mnt: Add tests for unprivileged remount cases that have found to be faulty Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 126/187] ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX rev3.1.2 case Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 127/187] netlabel: fix a problem when setting bits below the previously lowest bit Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 128/187] netlabel: fix the horribly broken catmap functions Kamal Mostafa
2014-09-15 22:08 ` [PATCH 3.13 129/187] netlabel: fix the catmap walking functions Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 130/187] drivers/i2c/busses: use correct type for dma_map/unmap Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 131/187] NFSD: Decrease nfsd_users in nfsd_startup_generic fail Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 132/187] MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 133/187] IB/srp: Fix deadlock between host removal and multipathd Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 134/187] USB: serial: ftdi_sio: Annotate the current Xsens PID assignments Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 135/187] USB: serial: ftdi_sio: Add support for new Xsens devices Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 136/187] USB: devio: fix issue with log flooding Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 137/187] CIFS: Fix async reading on reconnects Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 138/187] CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2 Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 139/187] xfs: ensure verifiers are attached to recovered buffers Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 140/187] drm/tegra: add MODULE_DEVICE_TABLEs Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 141/187] ALSA: virtuoso: add Xonar Essence STX II support Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 142/187] hwmon: (gpio-fan) Prevent overflow problem when writing large limits Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 143/187] hwmon: (sis5595) " Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 144/187] NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 145/187] drm/ttm: Fix possible division by 0 in ttm_dma_pool_shrink_scan() Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 146/187] drm/ttm: Choose a pool to shrink correctly " Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 147/187] drm/ttm: Use mutex_trylock() to avoid deadlock inside shrinker functions Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 148/187] drm/ttm: Fix possible stack overflow by recursive shrinker calls Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 149/187] drm/ttm: Pass GFP flags in order to avoid deadlock Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 150/187] powerpc/mm/numa: Fix break placement Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 151/187] powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 152/187] drm/radeon: load the lm63 driver for an lm64 thermal chip Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 153/187] drm/radeon: set VM base addr using the PFP v2 Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 154/187] drm/radeon/atom: add new voltage fetch function for hawaii Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 155/187] drm/radeon/dpm: handle voltage info fetching on hawaii Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 156/187] drm/radeon: re-enable dpm by default on cayman Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 157/187] drm/radeon: re-enable dpm by default on BTC Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 158/187] drm/radeon: use packet2 for nop on hawaii with old firmware Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 159/187] drm/radeon: tweak ACCEL_WORKING2 query for hawaii Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 160/187] KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 161/187] RDMA/iwcm: Use a default listen backlog if needed Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 162/187] x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 163/187] net: sun4i-emac: fix memory leak on bad packet Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 164/187] hwmon: (ads1015) Fix out-of-bounds array access Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 165/187] hwmon: (dme1737) Prevent overflow problem when writing large limits Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 166/187] s390/locking: Reenable optimistic spinning Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 167/187] ring-buffer: Up rb_iter_peek() loop count to 3 Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 168/187] ring-buffer: Always reset iterator to reader page Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 169/187] kernel/smp.c:on_each_cpu_cond(): fix warning in fallback path Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 170/187] drm/i915: read HEAD register back in init_ring_common() to enforce ordering Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 171/187] vm_is_stack: use for_each_thread() rather then buggy while_each_thread() Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 172/187] libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 173/187] drm/nouveau: Bump version from 1.1.1 to 1.1.2 Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 174/187] ALSA: usb-audio: fix BOSS ME-25 MIDI regression Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 175/187] ALSA: hda/ca0132 - Don't try loading firmware at resume when already failed Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 176/187] x86/xen: resume timer irqs early Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 177/187] carl9170: fix sending URBs with wrong type when using full-speed Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 178/187] powerpc/pseries: Failure on removing device node Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 179/187] powerpc/thp: Add write barrier after updating the valid bit Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 180/187] powerpc/thp: Don't recompute vsid and ssize in loop on invalidate Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 181/187] powerpc/thp: Invalidate old 64K based hash page mapping before insert of 4k pte Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 182/187] powerpc/thp: Handle combo pages in invalidate Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 183/187] powerpc/thp: Invalidate with vpn in loop Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 184/187] powerpc/thp: Use ACCESS_ONCE when loading pmdp Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 185/187] powerpc/mm: Use read barrier when creating real_pte Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 186/187] Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch Kamal Mostafa
2014-09-15 22:09 ` [PATCH 3.13 187/187] Btrfs: fix csum tree corruption, duplicate and outdated checksums Kamal Mostafa
2014-09-16 0:03 ` [3.13.y.z extended stable] Linux 3.13.11.7 stable review Greg KH
2014-09-16 1:18 ` Tim Gardner
2014-09-16 1:26 ` Greg KH
2014-09-16 15:17 ` Tim Gardner
2014-09-16 18:13 ` Greg KH
2014-09-16 21:23 ` H. Peter Anvin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).