| e20d258 | Yan, Zheng | 14 November 2014, 14:39:13 UTC | ceph: flush inline version After converting inline data to normal data, client need to flush the new i_inline_version (CEPH_INLINE_NONE) to MDS. This commit makes cap messages (sent to MDS) contain inline_version and inline_data. Client always converts inline data to normal data before data write, so the inline data length part is always zero. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:53 UTC |
| 28127bd | Yan, Zheng | 14 November 2014, 14:38:29 UTC | ceph: convert inline data to normal data before data write Before any data write, convert inline data to normal data and set i_inline_version to CEPH_INLINE_NONE. The OSD request that saves inline data to object contains 3 operations (CMPXATTR, WRITE and SETXATTR). It compares a xattr named 'inline_version' to prevent old data overwrites newer data. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:52 UTC |
| 8370124 | Yan, Zheng | 14 November 2014, 14:36:18 UTC | ceph: sync read inline data we can't use getattr to fetch inline data while holding Fr cap, because it can cause deadlock. If we need to sync read inline data, drop cap refs first, then use getattr to fetch inline data. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:52 UTC |
| 3738daa | Yan, Zheng | 14 November 2014, 14:10:07 UTC | ceph: fetch inline data when getting Fcr cap refs we can't use getattr to fetch inline data after getting Fcr caps, because it can cause deadlock. The solution is try bringing inline data to page cache when not holding any cap, and hope the inline data page is still there after getting the Fcr caps. If the page is still there, pin it in page cache for later IO. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:52 UTC |
| 01deead | Yan, Zheng | 14 November 2014, 13:56:29 UTC | ceph: use getattr request to fetch inline data Add a new parameter 'locked_page' to ceph_do_getattr(). If inline data in getattr reply will be copied to the page. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:52 UTC |
| 31c542a | Yan, Zheng | 14 November 2014, 13:41:55 UTC | ceph: add inline data to pagecache Request reply and cap message can contain inline data. add inline data to the page cache if there is Fc cap. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:52 UTC |
| fb01d1f | Yan, Zheng | 14 November 2014, 13:29:55 UTC | ceph: parse inline data in MClientReply and MClientCaps Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:52 UTC |
| 715e4cd | Yan, Zheng | 13 November 2014, 06:40:37 UTC | libceph: specify position of extent operation allow specifying position of extent operation in multi-operations osd request. This is required for cephfs to convert inline data to normal data (compare xattr, then write object). Signed-off-by: Yan, Zheng <zyan@redhat.com> Reviewed-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:52 UTC |
| 864e919 | Yan, Zheng | 13 November 2014, 02:47:25 UTC | libceph: add CREATE osd operation support Add CEPH_OSD_OP_CREATE support. Also change libceph to not treat CEPH_OSD_OP_DELETE as an extent op and add an assert to that end. Signed-off-by: Yan, Zheng <zyan@redhat.com> Reviewed-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:51 UTC |
| d74b50b | Yan, Zheng | 12 November 2014, 06:00:43 UTC | libceph: add SETXATTR/CMPXATTR osd operations support Signed-off-by: Yan, Zheng <zyan@redhat.com> Reviewed-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:51 UTC |
| 7e868b6 | Ilya Dryomov | 21 November 2014, 19:16:43 UTC | rbd: don't treat CEPH_OSD_OP_DELETE as extent op CEPH_OSD_OP_DELETE is not an extent op, stop treating it as such. This sneaked in with discard patches - it's one of the three osd ops (the other two are CEPH_OSD_OP_TRUNCATE and CEPH_OSD_OP_ZERO) that discard is implemented with. Signed-off-by: Ilya Dryomov <idryomov@redhat.com> Reviewed-by: Alex Elder <elder@linaro.org> | 17 December 2014, 17:09:51 UTC |
| ca3995a | Ilya Dryomov | 13 November 2014, 17:42:35 UTC | ceph: remove unused stringification macros These were used to report git versions a long time ago. Signed-off-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:51 UTC |
| a3fc980 | Yan, Zheng | 11 November 2014, 08:30:55 UTC | libceph: require cephx message signature by default Signed-off-by: Yan, Zheng <zyan@redhat.com> Reviewed-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:51 UTC |
| 97c85a8 | Yan, Zheng | 06 November 2014, 07:09:41 UTC | ceph: introduce global empty snap context Current snaphost code does not properly handle moving inode from one empty snap realm to another empty snap realm. After changing inode's snap realm, some dirty pages' snap context can be not equal to inode's i_head_snap. This can trigger BUG() in ceph_put_wrbuffer_cap_refs() The fix is introduce a global empty snap context for all empty snap realm. This avoids triggering the BUG() for filesystem with no snapshot. Fixes: http://tracker.ceph.com/issues/9928 Signed-off-by: Yan, Zheng <zyan@redhat.com> Reviewed-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:51 UTC |
| 7cfa031 | John Spray | 30 October 2014, 17:15:26 UTC | ceph: message versioning fixes There were two places we were assigning version in host byte order instead of network byte order. Also in MSG_CLIENT_SESSION we weren't setting compat_version in the header to reflect continued compatability with older MDSs. Fixes: http://tracker.ceph.com/issues/9945 Signed-off-by: John Spray <john.spray@redhat.com> Reviewed-by: Sage Weil <sage@redhat.com> | 17 December 2014, 17:09:51 UTC |
| d4e1a4e | John Spray | 16 October 2014, 11:05:34 UTC | libceph: update ceph_msg_header structure 2 bytes of what was reserved space is now used by userspace for the compat_version field. Signed-off-by: John Spray <john.spray@redhat.com> Reviewed-by: Sage Weil <sage@redhat.com> | 17 December 2014, 17:09:50 UTC |
| 33d0733 | Yan, Zheng | 04 November 2014, 08:33:37 UTC | libceph: message signature support Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:50 UTC |
| ae385ea | Yan, Zheng | 04 November 2014, 08:32:35 UTC | libceph: store session key in cephx authorizer Session key is required when calculating message signature. Save the session key in authorizer, this avoid lookup ticket handler for each message Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:50 UTC |
| e96a650 | SF Markus Elfring | 02 November 2014, 14:20:59 UTC | ceph, rbd: delete unnecessary checks before two function calls The functions ceph_put_snap_context() and iput() test whether their argument is NULL and then return immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> [idryomov@redhat.com: squashed rbd.c hunk, changelog] Signed-off-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:50 UTC |
| 70db4f3 | Yan, Zheng | 22 October 2014, 01:09:56 UTC | ceph: introduce a new inode flag indicating if cached dentries are ordered After creating/deleting/renaming file, offsets of sibling dentries may change. So we can not use cached dentries to satisfy readdir. But we can still use the cached dentries to conclude -ENOENT for lookup. This patch introduces a new inode flag indicating if child dentries are ordered. The flag is set at the same time marking a directory complete. After creating/deleting/renaming file, we clear the flag on directory inode. This prevents ceph_readdir() from using cached dentries to satisfy readdir syscall. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:50 UTC |
| 4965fc3 | Ilya Dryomov | 23 October 2014, 12:32:57 UTC | libceph: nuke ceph_kvfree() Use kvfree() from linux/mm.h instead, which is identical. Also fix the ceph_buffer comment: we will allocate with kmalloc() up to 32k - the value of PAGE_ALLOC_COSTLY_ORDER, but that really is just an implementation detail so don't mention it at all. Signed-off-by: Ilya Dryomov <idryomov@redhat.com> | 17 December 2014, 17:09:50 UTC |
| 9280be2 | Yan, Zheng | 14 October 2014, 02:33:35 UTC | ceph: fix file lock interruption When a lock operation is interrupted, current code sends a unlock request to MDS to undo the lock operation. This method does not work as expected because the unlock request can drop locks that have already been acquired. The fix is use the newly introduced CEPH_LOCK_FCNTL_INTR/CEPH_LOCK_FLOCK_INTR requests to interrupt blocked file lock request. These requests do not drop locks that have alread been acquired, they only interrupt blocked file lock request. Signed-off-by: Yan, Zheng <zyan@redhat.com> | 17 December 2014, 17:09:49 UTC |
| b2776bf | Linus Torvalds | 07 December 2014, 22:21:05 UTC | Linux 3.18 | 07 December 2014, 22:21:05 UTC |
| 820b688 | Linus Torvalds | 07 December 2014, 20:00:14 UTC | Merge branch 'for-3.18-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "Three libata fixes for v3.18. Nothing too interesting. PCI ID ID and quirk additions to ahci and an error handling path fix in sata_fsl" * 'for-3.18-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ahci: disable MSI on SAMSUNG 0xa800 SSD sata_fsl: fix error handling of irq_of_parse_and_map AHCI: Add DeviceIDs for Sunrise Point-LP SATA controller | 07 December 2014, 20:00:14 UTC |
| 19b0225 | Linus Torvalds | 06 December 2014, 19:27:25 UTC | Merge git://www.linux-watchdog.org/linux-watchdog Pull watchdog fix from Wim Van Sebroeck: "Fix the watchdog mask bit offset for Exynos7" * git://www.linux-watchdog.org/linux-watchdog: watchdog: s3c2410_wdt: Fix the mask bit offset for Exynos7 | 06 December 2014, 19:27:25 UTC |
| 15bd1e5 | Linus Torvalds | 06 December 2014, 19:26:01 UTC | Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Here are two more driver bugfixes for I2C which would be good to have" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: cadence: Set the hardware time-out register to maximum value i2c: davinci: generate STP always when NACK is received | 06 December 2014, 19:26:01 UTC |
| 5476b2b | Abhilash Kesavan | 17 October 2014, 16:12:53 UTC | watchdog: s3c2410_wdt: Fix the mask bit offset for Exynos7 The watchdog mask bit offset listed for Exynos7 is incorrect. Fix this. Signed-off-by: Abhilash Kesavan <a.kesavan@samsung.com> Acked-by: Naveen Krishna Chatradhi <naveenkrishna.ch@gmail.com Reviewd-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Wim Van Sebroeck <wim@iguana.be> | 05 December 2014, 19:21:35 UTC |
| beb5af4 | Linus Torvalds | 05 December 2014, 18:47:19 UTC | Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "Two final fixlets for 3.18: - Prevent microcode reload wreckage on 32bit - Unbreak cross compilation" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, microcode: Limit the microcode reloading to 64-bit for now x86: Use $(OBJDUMP) instead of plain objdump | 05 December 2014, 18:47:19 UTC |
| 32f0880 | Linus Torvalds | 05 December 2014, 18:39:49 UTC | Merge tag 'sound-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixlet from Takashi Iwai: "Just one commit for adding a copule of HD-audio quirk entries" * tag 'sound-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Add headset Mic support for new Dell machine | 05 December 2014, 18:39:49 UTC |
| ba2cb64 | Linus Torvalds | 05 December 2014, 06:39:37 UTC | Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux Pull drm intel fixes from Dave Airlie: "Two intel stable fixes, that should be it from me for this round" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/i915: Unlock panel even when LVDS is disabled drm/i915: More cautious with pch fifo underruns | 05 December 2014, 06:39:37 UTC |
| 56c67ce | Linus Torvalds | 05 December 2014, 01:48:13 UTC | Merge tag 'pm+acpi-3.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI backlight fix from Rafael Wysocki: "This is a simple fix for an ACPI backlight regression introduced by a recent commit that overlooked a corner case which should have been taken into account" * tag 'pm+acpi-3.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / video: update condition to check if device is in _DOD list | 05 December 2014, 01:48:13 UTC |
| 3e3282c | Dave Airlie | 05 December 2014, 01:12:29 UTC | Merge tag 'drm-intel-fixes-2014-12-04' of git://anongit.freedesktop.org/drm-intel into drm-fixes Silence some pch fifo underrun reports and panel locking backtraces, both cc: stable. * tag 'drm-intel-fixes-2014-12-04' of git://anongit.freedesktop.org/drm-intel: drm/i915: Unlock panel even when LVDS is disabled drm/i915: More cautious with pch fifo underruns | 05 December 2014, 01:12:29 UTC |
| ebea76f | Linus Torvalds | 05 December 2014, 00:06:02 UTC | Merge tag 'media/v3.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "A core fix and some driver fixes: - regression fix in Remote Controller core affecting RC6 protocol handling - fix video buffer handling in cx23885 - race fix in solo6x10 - fix image selection in smiapp - fix reported payload size on s2255drv - two updates for MAINTAINERS file" * tag 'media/v3.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] rc-core: fix toggle handling in the rc6 decoder MAINTAINERS: Update mchehab's addresses [media] cx23885: use sg = sg_next(sg) instead of sg++ [media] s2255drv: fix payload size for JPG, MJPEG [media] Update MAINTAINERS for solo6x10 [media] solo6x10: fix a race in IRQ handler [media] smiapp: Only some selection targets are settable | 05 December 2014, 00:06:02 UTC |
| d0747f1 | Masahiro Yamada | 04 December 2014, 22:42:25 UTC | uapi: fix to export linux/vm_sockets.h A typo "header=y" was introduced by commit 7071cf7fc435 ("uapi: add missing network related headers to kbuild"). Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Cc: Stephen Hemminger <stephen@networkplumber.org> Cc: David Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 04 December 2014, 23:28:40 UTC |
| 681d15a | Vishnu Motghare | 03 December 2014, 12:35:25 UTC | i2c: cadence: Set the hardware time-out register to maximum value Cadence I2C controller has bug wherein it generates invalid read transactions after timeout in master receiver mode. This driver does not use the HW timeout and this interrupt is disabled but the feature itself cannot be disabled. Hence, this patch writes the maximum value (0xFF) to this register. This is one of the workarounds to this bug and it will not avoid the issue completely but reduces the chances of error. Signed-off-by: Vishnu Motghare <vishnum@xilinx.com> Signed-off-by: Harini Katakam <harinik@xilinx.com> Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Cc: stable@kernel.org | 04 December 2014, 18:25:41 UTC |
| 9ea359f | Grygorii Strashko | 01 December 2014, 15:34:04 UTC | i2c: davinci: generate STP always when NACK is received According to I2C specification the NACK should be handled as follows: "When SDA remains HIGH during this ninth clock pulse, this is defined as the Not Acknowledge signal. The master can then generate either a STOP condition to abort the transfer, or a repeated START condition to start a new transfer." [I2C spec Rev. 6, 3.1.6: http://www.nxp.com/documents/user_manual/UM10204.pdf] Currently the Davinci i2c driver interrupts the transfer on receipt of a NACK but fails to send a STOP in some situations and so makes the bus stuck until next I2C IP reset (idle/enable). For example, the issue will happen during SMBus read transfer which consists from two i2c messages write command/address and read data: S Slave Address Wr A Command Code A Sr Slave Address Rd A D1..Dn A P <--- write -----------------------> <--- read ---------------------> The I2C client device will send NACK if it can't recognize "Command Code" and it's expected from I2C master to generate STP in this case. But now, Davinci i2C driver will just exit with -EREMOTEIO and STP will not be generated. Hence, fix it by generating Stop condition (STP) always when NACK is received. This patch fixes Davinci I2C in the same way it was done for OMAP I2C commit cda2109a26eb ("i2c: omap: query STP always when NACK is received"). Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reported-by: Hein Tibosch <hein_tibosch@yahoo.es> Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com> Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Cc: stable@kernel.org | 04 December 2014, 18:25:31 UTC |
| 2b21ef0 | Tejun Heo | 04 December 2014, 18:13:28 UTC | ahci: disable MSI on SAMSUNG 0xa800 SSD Just like 0x1600 which got blacklisted by 66a7cbc303f4 ("ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks"), 0xa800 chokes on NCQ commands if MSI is enabled. Disable MSI. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Dominik Mierzejewski <dominik@greysector.net> Link: https://bugzilla.kernel.org/show_bug.cgi?id=89171 Cc: stable@vger.kernel.org | 04 December 2014, 18:18:55 UTC |
| 7cc78f8 | Andy Lutomirski | 03 December 2014, 23:37:08 UTC | context_tracking: Restore previous state in schedule_user It appears that some SCHEDULE_USER (asm for schedule_user) callers in arch/x86/kernel/entry_64.S are called from RCU kernel context, and schedule_user will return in RCU user context. This causes RCU warnings and possible failures. This is intended to be a minimal fix suitable for 3.18. Reported-and-tested-by: Dave Jones <davej@redhat.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Frédéric Weisbecker <fweisbec@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 04 December 2014, 04:55:58 UTC |
| ebcd241 | Linus Torvalds | 03 December 2014, 22:27:07 UTC | Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c bugfixes from Wolfram Sang: "A few driver bugfixes for 3.18" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: omap: fix i207 errata handling i2c: designware: prevent early stop on TX FIFO empty i2c: omap: fix NACK and Arbitration Lost irq handling | 03 December 2014, 22:27:07 UTC |
| 5dc6263 | Linus Torvalds | 03 December 2014, 22:24:10 UTC | Merge tag 'pci-v3.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fix from Bjorn Helgaas: "This fixes a Tegra20 regression that we introduced during the v3.18 merge window" * tag 'pci-v3.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: tegra: Use physical range for I/O mapping | 03 December 2014, 22:24:10 UTC |
| b48a20a | Linus Torvalds | 03 December 2014, 22:08:50 UTC | Merge tag 'devicetree-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/glikely/linux Pull devicetree bugfix from Grant Likely: "One more bug fix for v3.18. I debated whether or not to send you this merge request because we're at such a late rc. The bug isn't critical in that there is only one system known to be affected and the patch is easy to backport. The codepath is used by pretty much every DT based system, so there is risk a of regression (it /should/ be safe, but I've been bitten by stuff that should be safe before). I've had it in linux-next for a week and haven't received any complaints. I think it probably should just be merged right away rather than waiting for the merge window and backporting. It does fix a real bug and the code is theoretically safer after the change. I can't think of any situation where it would be dangerous to reserve the DT memory an extra time. Summary from tag: Single bugfix for boot failure seen in the wild. The memory reserve code tries to be clever about reserving the FDT, but it should just go ahead and reserve it unconditionally to avoid the problem of partial overlap described in the patch" * tag 'devicetree-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/glikely/linux: of/fdt: memblock_reserve /memreserve/ regions in the case of partial overlap | 03 December 2014, 22:08:50 UTC |
| 93bd38b | Linus Torvalds | 03 December 2014, 22:05:24 UTC | Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block core regression fix from Jens Axboe: "Single fix for a regression introduced in this development cycle, where dm on top of dif/dix is broken. From Darrick Wong" * 'for-linus' of git://git.kernel.dk/linux-block: block: fix regression where bio_integrity_process uses wrong bio_vec iterator | 03 December 2014, 22:05:24 UTC |
| 46d967a | Linus Torvalds | 03 December 2014, 21:51:50 UTC | Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Radeon and Nouveau fixes: So nouveau had a few regression introduced, Ben and Maarten finally tracked down the one that was causing problems on my MacBookPro, also nvidia gave some info on the an engine we were using incorrectly, so disable our use of it, and one regresion with pci hotplug affecting optimus users. Radeon has an oops fixs, sync fix, and one workaround to avoid broken functionality on 32-bit x86, this needs better root causing and a better fix, but the bandaid is a lot safer at this point" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon: kernel panic in drm_calc_vbltimestamp_from_scanoutpos with 3.18.0-rc6 drm/radeon: Ignore RADEON_GEM_GTT_WC on 32-bit x86 drm/radeon: sync all BOs involved in a CS v2 nouveau: move the hotplug ignore to correct place. drm/nouveau/gf116: remove copy1 engine drm/nouveau: prevent stale fence->channel pointers, and protect with rcu drm/nouveau/fifo/g84-: ack non-stall interrupt before handling it | 03 December 2014, 21:51:50 UTC |
| 9044f94 | Linus Torvalds | 03 December 2014, 21:35:18 UTC | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fill in ethtool link parameters for all link types in cxgb4, from Hariprasad Shenai. 2) Fix probe regressions in stmmac driver, from Huacai Chen. 3) Network namespace leaks on errirs in rtnetlink, from Nicolas Dichtel. 4) Remove erroneous BUG check which can actually trigger legitimately, in xen-netfront. From Seth Forshee. 5) Validate length of IFLA_BOND_ARP_IP_TARGET netlink attributes, from Thomas Grag. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: cxgb4: Fill in supported link mode for SFP modules xen-netfront: Remove BUGs on paged skb data which crosses a page boundary sh_eth: Fix sleeping function called from invalid context stmmac: platform: Move plat_dat checking earlier sh_eth: Fix skb alloc size and alignment adjust rule. rtnetlink: release net refcnt on error in do_setlink() bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes | 03 December 2014, 21:35:18 UTC |
| 23c836c | Linus Torvalds | 03 December 2014, 18:56:12 UTC | Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull keyring/nfs fixes from James Morris: "From David Howells: The first one fixes the handling of maximum buffer size for key descriptions, fixing the size at 4095 + NUL char rather than whatever PAGE_SIZE happens to be and permits you to read back the full description without it getting clipped because some extra information got prepended. The second and third fix a bug in NFS idmapper handling whereby a key representing a mapping between an id and a name expires and causing EKEYEXPIRED to be seen internally in NFS (which prevents the mapping from happening) rather than re-looking up the mapping" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags KEYS: Fix the size of the key description passed to/from userspace | 03 December 2014, 18:56:12 UTC |
| 1dd909a | Linus Torvalds | 03 December 2014, 17:36:20 UTC | Merge branch 'akpm' (patches from Andrew Morton) Merge misc fixes from Andrew Morton: "10 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: slab: fix nodeid bounds check for non-contiguous node IDs lib/genalloc.c: export devm_gen_pool_create() for modules mm: fix anon_vma_clone() error treatment mm: fix swapoff hang after page migration and fork fat: fix oops on corrupted vfat fs ipc/sem.c: fully initialize sem_array before making it visible drivers/input/evdev.c: don't kfree() a vmalloc address mm/vmpressure.c: fix race in vmpressure_work_fn() mm: frontswap: invalidate expired data on a dup-store failure mm: do not overwrite reserved pages counter at show_mem() | 03 December 2014, 17:36:20 UTC |
| 7c3fbbd | Paul Mackerras | 02 December 2014, 23:59:48 UTC | slab: fix nodeid bounds check for non-contiguous node IDs The bounds check for nodeid in ____cache_alloc_node gives false positives on machines where the node IDs are not contiguous, leading to a panic at boot time. For example, on a POWER8 machine the node IDs are typically 0, 1, 16 and 17. This means that num_online_nodes() returns 4, so when ____cache_alloc_node is called with nodeid = 16 the VM_BUG_ON triggers, like this: kernel BUG at /home/paulus/kernel/kvm/mm/slab.c:3079! Call Trace: .____cache_alloc_node+0x5c/0x270 (unreliable) .kmem_cache_alloc_node_trace+0xdc/0x360 .init_list+0x3c/0x128 .kmem_cache_init+0x1dc/0x258 .start_kernel+0x2a0/0x568 start_here_common+0x20/0xa8 To fix this, we instead compare the nodeid with MAX_NUMNODES, and additionally make sure it isn't negative (since nodeid is an int). The check is there mainly to protect the array dereference in the get_node() call in the next line, and the array being dereferenced is of size MAX_NUMNODES. If the nodeid is in range but invalid (for example if the node is off-line), the BUG_ON in the next line will catch that. Fixes: 14e50c6a9bc2 ("mm: slab: Verify the nodeid passed to ____cache_alloc_node") Signed-off-by: Paul Mackerras <paulus@samba.org> Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> Reviewed-by: Pekka Enberg <penberg@kernel.org> Acked-by: David Rientjes <rientjes@google.com> Cc: Christoph Lameter <cl@linux.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 17:36:04 UTC |
| b724aa2 | Michal Simek | 02 December 2014, 23:59:45 UTC | lib/genalloc.c: export devm_gen_pool_create() for modules Modules can use this function for creating pool. Signed-off-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Lad, Prabhakar <prabhakar.csengg@gmail.com> Cc: Laura Abbott <lauraa@codeaurora.org> Cc: Olof Johansson <olof@lixom.net> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com> Cc: Philipp Zabel <p.zabel@pengutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 17:36:04 UTC |
| c4ea95d | Daniel Forrest | 02 December 2014, 23:59:42 UTC | mm: fix anon_vma_clone() error treatment Andrew Morton noticed that the error return from anon_vma_clone() was being dropped and replaced with -ENOMEM (which is not itself a bug because the only error return value from anon_vma_clone() is -ENOMEM). I did an audit of callers of anon_vma_clone() and discovered an actual bug where the error return was being lost. In __split_vma(), between Linux 3.11 and 3.12 the code was changed so the err variable is used before the call to anon_vma_clone() and the default initial value of -ENOMEM is overwritten. So a failure of anon_vma_clone() will return success since err at this point is now zero. Below is a patch which fixes this bug and also propagates the error return value from anon_vma_clone() in all cases. Fixes: ef0855d334e1 ("mm: mempolicy: turn vma_set_policy() into vma_dup_policy()") Signed-off-by: Daniel Forrest <dan.forrest@ssec.wisc.edu> Reviewed-by: Michal Hocko <mhocko@suse.cz> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Rik van Riel <riel@redhat.com> Cc: Tim Hartrick <tim@edgecast.com> Cc: Hugh Dickins <hughd@google.com> Cc: Michel Lespinasse <walken@google.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: <stable@vger.kernel.org> [3.12+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 17:36:04 UTC |
| 2022b4d | Hugh Dickins | 02 December 2014, 23:59:39 UTC | mm: fix swapoff hang after page migration and fork I've been seeing swapoff hangs in recent testing: it's cycling around trying unsuccessfully to find an mm for some remaining pages of swap. I have been exercising swap and page migration more heavily recently, and now notice a long-standing error in copy_one_pte(): it's trying to add dst_mm to swapoff's mmlist when it finds a swap entry, but is doing so even when it's a migration entry or an hwpoison entry. Which wouldn't matter much, except it adds dst_mm next to src_mm, assuming src_mm is already on the mmlist: which may not be so. Then if pages are later swapped out from dst_mm, swapoff won't be able to find where to replace them. There's already a !non_swap_entry() test for stats: move that up before the swap_duplicate() and the addition to mmlist. Signed-off-by: Hugh Dickins <hughd@google.com> Cc: Kelley Nielsen <kelleynnn@gmail.com> Cc: <stable@vger.kernel.org> [2.6.18+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 17:36:03 UTC |
| 1ead0e7 | Al Viro | 02 December 2014, 23:59:37 UTC | fat: fix oops on corrupted vfat fs a) don't bother with ->d_time for positives - we only check it for negatives anyway. b) make sure to set it at unlink and rmdir time - at *that* point soon-to-be negative dentry matches then-current directory contents c) don't go into renaming of old alias in vfat_lookup() unless it has the same parent (which it will, unless we are seeing corrupted image) [hirofumi@mail.parknet.co.jp: make change minimum, don't call d_move() for dir] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Cc: <stable@vger.kernel.org> [3.17.x] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 17:36:03 UTC |
| e8577d1 | Manfred Spraul | 02 December 2014, 23:59:34 UTC | ipc/sem.c: fully initialize sem_array before making it visible ipc_addid() makes a new ipc identifier visible to everyone. New objects start as locked, so that the caller can complete the initialization after the call. Within struct sem_array, at least sma->sem_base and sma->sem_nsems are accessed without any locks, therefore this approach doesn't work. Thus: Move the ipc_addid() to the end of the initialization. Signed-off-by: Manfred Spraul <manfred@colorfullife.com> Reported-by: Rik van Riel <riel@redhat.com> Acked-by: Rik van Riel <riel@redhat.com> Acked-by: Davidlohr Bueso <dave@stgolabs.net> Acked-by: Rafael Aquini <aquini@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 17:36:03 UTC |
| 92788ac | Andrew Morton | 02 December 2014, 23:59:31 UTC | drivers/input/evdev.c: don't kfree() a vmalloc address If kzalloc() failed and then evdev_open_device() fails, evdev_open() will pass a vmalloc'ed pointer to kfree. This might fix https://bugzilla.kernel.org/show_bug.cgi?id=88401, where there was a crash in kfree(). Reported-by: Christian Casteyde <casteyde.christian@free.fr> Belatedly-Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Henrik Rydberg <rydberg@euromail.se> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 17:35:38 UTC |
| 4c2d518 | Hariprasad Shenai | 28 November 2014, 13:05:14 UTC | cxgb4: Fill in supported link mode for SFP modules Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net> | 03 December 2014, 03:57:49 UTC |
| 8d60972 | Seth Forshee | 26 November 2014, 02:28:24 UTC | xen-netfront: Remove BUGs on paged skb data which crosses a page boundary These BUGs can be erroneously triggered by frags which refer to tail pages within a compound page. The data in these pages may overrun the hardware page while still being contained within the compound page, but since compound_order() evaluates to 0 for tail pages the assertion fails. The code already iterates through subsequent pages correctly in this scenario, so the BUGs are unnecessary and can be removed. Fixes: f36c374782e4 ("xen/netfront: handle compound page fragments on transmit") Cc: <stable@vger.kernel.org> # 3.7+ Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Reviewed-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net> | 03 December 2014, 03:24:13 UTC |
| 91b5719 | Andrew Morton | 02 December 2014, 23:59:28 UTC | mm/vmpressure.c: fix race in vmpressure_work_fn() In some android devices, there will be a "divide by zero" exception. vmpr->scanned could be zero before spin_lock(&vmpr->sr_lock). Addresses https://bugzilla.kernel.org/show_bug.cgi?id=88051 [akpm@linux-foundation.org: neaten] Reported-by: ji_ang <ji_ang@163.com> Cc: Anton Vorontsov <anton.vorontsov@linaro.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 01:32:07 UTC |
| fb993fa | Weijie Yang | 02 December 2014, 23:59:25 UTC | mm: frontswap: invalidate expired data on a dup-store failure If a frontswap dup-store failed, it should invalidate the expired page in the backend, or it could trigger some data corruption issue. Such as: 1. use zswap as the frontswap backend with writeback feature 2. store a swap page(version_1) to entry A, success 3. dup-store a newer page(version_2) to the same entry A, fail 4. use __swap_writepage() write version_2 page to swapfile, success 5. zswap do shrink, writeback version_1 page to swapfile 6. version_2 page is overwrited by version_1, data corrupt. This patch fixes this issue by invalidating expired data immediately when meet a dup-store failure. Signed-off-by: Weijie Yang <weijie.yang@samsung.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Seth Jennings <sjennings@variantweb.net> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Minchan Kim <minchan@kernel.org> Cc: Bob Liu <bob.liu@oracle.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 01:32:07 UTC |
| bc127bd | Rafael Aquini | 02 December 2014, 23:59:22 UTC | mm: do not overwrite reserved pages counter at show_mem() Minor fixlet to perform the reserved pages counter aggregation for each node, at show_mem() Signed-off-by: Rafael Aquini <aquini@redhat.com> Acked-by: Rik van Riel <riel@redhat.com> Acked-by: Johannes Weiner <jweiner@redhat.com> Acked-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 03 December 2014, 01:32:07 UTC |
| 00d6a9b | Dave Airlie | 03 December 2014, 00:48:54 UTC | Merge branch 'drm-fixes-3.18' of git://people.freedesktop.org/~agd5f/linux into drm-fixes A few more small fixes for 3.18. * 'drm-fixes-3.18' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: kernel panic in drm_calc_vbltimestamp_from_scanoutpos with 3.18.0-rc6 drm/radeon: Ignore RADEON_GEM_GTT_WC on 32-bit x86 drm/radeon: sync all BOs involved in a CS v2 | 03 December 2014, 01:03:24 UTC |
| f5475cc | Petr Mladek | 27 November 2014, 15:57:21 UTC | drm/radeon: kernel panic in drm_calc_vbltimestamp_from_scanoutpos with 3.18.0-rc6 I was unable too boot 3.18.0-rc6 because of the following kernel panic in drm_calc_vbltimestamp_from_scanoutpos(): [drm] Initialized drm 1.1.0 20060810 [drm] radeon kernel modesetting enabled. [drm] initializing kernel modesetting (RV100 0x1002:0x515E 0x15D9:0x8080). [drm] register mmio base: 0xC8400000 [drm] register mmio size: 65536 radeon 0000:0b:01.0: VRAM: 128M 0x00000000D0000000 - 0x00000000D7FFFFFF (16M used) radeon 0000:0b:01.0: GTT: 512M 0x00000000B0000000 - 0x00000000CFFFFFFF [drm] Detected VRAM RAM=128M, BAR=128M [drm] RAM width 16bits DDR [TTM] Zone kernel: Available graphics memory: 3829346 kiB [TTM] Zone dma32: Available graphics memory: 2097152 kiB [TTM] Initializing pool allocator [TTM] Initializing DMA pool allocator [drm] radeon: 16M of VRAM memory ready [drm] radeon: 512M of GTT memory ready. [drm] GART: num cpu pages 131072, num gpu pages 131072 [drm] PCI GART of 512M enabled (table at 0x0000000037880000). radeon 0000:0b:01.0: WB disabled radeon 0000:0b:01.0: fence driver on ring 0 use gpu addr 0x00000000b0000000 and cpu addr 0xffff8800bbbfa000 [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [drm] Driver supports precise vblank timestamp query. [drm] radeon: irq initialized. [drm] Loading R100 Microcode radeon 0000:0b:01.0: Direct firmware load for radeon/R100_cp.bin failed with error -2 radeon_cp: Failed to load firmware "radeon/R100_cp.bin" [drm:r100_cp_init] *ERROR* Failed to load firmware! radeon 0000:0b:01.0: failed initializing CP (-2). radeon 0000:0b:01.0: Disabling GPU acceleration [drm] radeon: cp finalized BUG: unable to handle kernel NULL pointer dereference at 000000000000025c IP: [<ffffffff8150423b>] drm_calc_vbltimestamp_from_scanoutpos+0x4b/0x320 PGD 0 Oops: 0000 [#1] SMP Modules linked in: CPU: 1 PID: 1 Comm: swapper/0 Not tainted 3.18.0-rc6-4-default #2649 Hardware name: Supermicro X7DB8/X7DB8, BIOS 6.00 07/26/2006 task: ffff880234da2010 ti: ffff880234da4000 task.ti: ffff880234da4000 RIP: 0010:[<ffffffff8150423b>] [<ffffffff8150423b>] drm_calc_vbltimestamp_from_scanoutpos+0x4b/0x320 RSP: 0000:ffff880234da7918 EFLAGS: 00010086 RAX: ffffffff81557890 RBX: 0000000000000000 RCX: ffff880234da7a48 RDX: ffff880234da79f4 RSI: 0000000000000000 RDI: ffff880232e15000 RBP: ffff880234da79b8 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000000a R11: 0000000000000001 R12: ffff880232dda1c0 R13: ffff880232e1518c R14: 0000000000000292 R15: ffff880232e15000 FS: 0000000000000000(0000) GS:ffff88023fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000000025c CR3: 0000000002014000 CR4: 00000000000007e0 Stack: ffff880234da79d8 0000000000000286 ffff880232dcbc00 0000000000002480 ffff880234da7958 0000000000000296 ffff880234da7998 ffffffff8151b51d ffff880234da7a48 0000000032dcbeb0 ffff880232dcbc00 ffff880232dcbc58 Call Trace: [<ffffffff8151b51d>] ? drm_vma_offset_remove+0x1d/0x110 [<ffffffff8152dc98>] radeon_get_vblank_timestamp_kms+0x38/0x60 [<ffffffff8152076a>] ? ttm_bo_release_list+0xba/0x180 [<ffffffff81503751>] drm_get_last_vbltimestamp+0x41/0x70 [<ffffffff81503933>] vblank_disable_and_save+0x73/0x1d0 [<ffffffff81106b2f>] ? try_to_del_timer_sync+0x4f/0x70 [<ffffffff81505245>] drm_vblank_cleanup+0x65/0xa0 [<ffffffff815604fa>] radeon_irq_kms_fini+0x1a/0x70 [<ffffffff8156c07e>] r100_init+0x26e/0x410 [<ffffffff8152ae3e>] radeon_device_init+0x7ae/0xb50 [<ffffffff8152d57f>] radeon_driver_load_kms+0x8f/0x210 [<ffffffff81506965>] drm_dev_register+0xb5/0x110 [<ffffffff8150998f>] drm_get_pci_dev+0x8f/0x200 [<ffffffff815291cd>] radeon_pci_probe+0xad/0xe0 [<ffffffff8141a365>] local_pci_probe+0x45/0xa0 [<ffffffff8141b741>] pci_device_probe+0xd1/0x130 [<ffffffff81633dad>] driver_probe_device+0x12d/0x3e0 [<ffffffff8163413b>] __driver_attach+0x9b/0xa0 [<ffffffff816340a0>] ? __device_attach+0x40/0x40 [<ffffffff81631cd3>] bus_for_each_dev+0x63/0xa0 [<ffffffff8163378e>] driver_attach+0x1e/0x20 [<ffffffff81633390>] bus_add_driver+0x180/0x240 [<ffffffff81634914>] driver_register+0x64/0xf0 [<ffffffff81419cac>] __pci_register_driver+0x4c/0x50 [<ffffffff81509bf5>] drm_pci_init+0xf5/0x120 [<ffffffff821dc871>] ? ttm_init+0x6a/0x6a [<ffffffff821dc908>] radeon_init+0x97/0xb5 [<ffffffff810002fc>] do_one_initcall+0xbc/0x1f0 [<ffffffff810e3278>] ? __wake_up+0x48/0x60 [<ffffffff8218e256>] kernel_init_freeable+0x18a/0x215 [<ffffffff8218d983>] ? initcall_blacklist+0xc0/0xc0 [<ffffffff818a78f0>] ? rest_init+0x80/0x80 [<ffffffff818a78fe>] kernel_init+0xe/0xf0 [<ffffffff818c0c3c>] ret_from_fork+0x7c/0xb0 [<ffffffff818a78f0>] ? rest_init+0x80/0x80 Code: 45 ac 0f 88 a8 01 00 00 3b b7 d0 01 00 00 49 89 ff 0f 83 99 01 00 00 48 8b 47 20 48 8b 80 88 00 00 00 48 85 c0 0f 84 cd 01 00 00 <41> 8b b1 5c 02 00 00 41 8b 89 58 02 00 00 89 75 98 41 8b b1 60 RIP [<ffffffff8150423b>] drm_calc_vbltimestamp_from_scanoutpos+0x4b/0x320 RSP <ffff880234da7918> CR2: 000000000000025c ---[ end trace ad2c0aadf48e2032 ]--- Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 It has helped me to add a NULL pointer check that was suggested at http://lists.freedesktop.org/archives/dri-devel/2014-October/070663.html I am not familiar with the code. But the change looks sane and we need something fast at this stage of 3.18 development. Suggested-by: Helge Deller <deller@gmx.de> Signed-off-by: Petr Mladek <pmladek@suse.cz> Tested-by: Petr Mladek <pmladek@suse.cz> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org | 02 December 2014, 20:45:33 UTC |
| a08b588 | Michel Dänzer | 27 November 2014, 09:00:54 UTC | drm/radeon: Ignore RADEON_GEM_GTT_WC on 32-bit x86 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=84627 Signed-off-by: Michel Dänzer <michel.daenzer@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org | 02 December 2014, 20:45:32 UTC |
| 86b2763 | Christian König | 27 November 2014, 12:12:58 UTC | drm/radeon: sync all BOs involved in a CS v2 Not just the userspace relocs, otherwise we won't wait for a swapped out page tables to be swapped in again. v2: rebased on Alex current drm-fixes-3.18 Signed-off-by: Christian König <christian.koenig@amd.com> Cc: stable@vger.kernel.org Signed-off-by: Alex Deucher <alexander.deucher@amd.com> | 02 December 2014, 20:45:32 UTC |
| aad0b62 | Dmitry Torokhov | 14 November 2014, 21:39:05 UTC | sata_fsl: fix error handling of irq_of_parse_and_map irq_of_parse_and_map() returns 0 on error (the result is unsigned int), so testing for negative result never works. Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org | 02 December 2014, 17:52:17 UTC |
| 249cd0a | Devin Ryles | 07 November 2014, 22:59:05 UTC | AHCI: Add DeviceIDs for Sunrise Point-LP SATA controller This patch adds DeviceIDs for Sunrise Point-LP. Signed-off-by: Devin Ryles <devin.ryles@intel.com> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org | 02 December 2014, 17:38:50 UTC |
| 594416a | Darrick J. Wong | 26 November 2014, 01:40:25 UTC | block: fix regression where bio_integrity_process uses wrong bio_vec iterator bio integrity handling is broken on a system with LVM layered atop a DIF/DIX SCSI drive because device mapper clones the bio, modifies the clone, and sends the clone to the lower layers for processing. However, the clone bio has bi_vcnt == 0, which means that when the sd driver calls bio_integrity_process to attach DIX data, the for_each_segment_all() call (which uses bi_vcnt) returns immediately and random garbage is sent to the disk on a disk write. The disk of course returns an error. Therefore, teach bio_integrity_process() to use bio_for_each_segment() to iterate the bio_vecs, since the per-bio iterator tracks which bio_vecs are associated with that particular bio. The integrity handling code is effectively part of the "driver" (it's not the bio owner), so it must use the correct iterator function. v2: Fix a compiler warning about abandoned local variables. This patch supersedes "block: bio_integrity_process uses wrong bio_vec iterator". Patch applies against 3.18-rc6. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Acked-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Jens Axboe <axboe@fb.com> | 02 December 2014, 15:15:21 UTC |
| b0616c5 | Daniel Vetter | 01 December 2014, 16:56:54 UTC | drm/i915: Unlock panel even when LVDS is disabled Otherwise we'll have backtraces in assert_panel_unlocked because the BIOS locks the register. In the reporter's case this regression was introduced in commit c31407a3672aaebb4acddf90944a114fa5c8af7b Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Thu Oct 18 21:07:01 2012 +0100 drm/i915: Add no-lvds quirk for Supermicro X7SPA-H Reported-by: Alexey Orishko <alexey.orishko@gmail.com> Cc: Alexey Orishko <alexey.orishko@gmail.com> Cc: stable@vger.kernel.org Cc: Chris Wilson <chris@chris-wilson.co.uk> Cc: Francois Tigeot <ftigeot@wolfpond.org> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Tested-by: Alexey Orishko <alexey.orishko@gmail.com> Signed-off-by: Jani Nikula <jani.nikula@intel.com> | 02 December 2014, 13:18:29 UTC |
| b683622 | Daniel Vetter | 24 November 2014, 16:02:45 UTC | drm/i915: More cautious with pch fifo underruns Apparently PCH fifo underruns are tricky, we have plenty reports that we see the occasional underrun (especially at boot-up). So for a change let's see what happens when we don't re-enable pch fifo underrun reporting when the pipe is disabled. This means that the kernel can't catch pch fifo underruns when they happen (except when all pipes are on on the pch). But we'll still catch underruns when disabling the pipe again. So not a terrible reduction in test coverage. Since the DRM_ERROR is new and hence a regression plan B would be to revert it back to a debug output. Which would be a lot worse than this hack for underrun test coverage in the wild. See the referenced discussions for more. References: http://mid.gmane.org/CA+gsUGRfGe3t4NcjdeA=qXysrhLY3r4CEu7z4bjTwxi1uOfy+g@mail.gmail.com Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=85898 References: https://bugs.freedesktop.org/show_bug.cgi?id=85898 References: https://bugs.freedesktop.org/show_bug.cgi?id=86233 References: https://bugs.freedesktop.org/show_bug.cgi?id=86478 Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Tested-by: lu hua <huax.lu@intel.com> Reviewed-by: Paulo Zanoni <paulo.r.zanoni@intel.com> Cc: stable@vger.kernel.org Signed-off-by: Jani Nikula <jani.nikula@intel.com> | 02 December 2014, 09:23:13 UTC |
| b734304 | Kailang Yang | 02 December 2014, 06:50:45 UTC | ALSA: hda/realtek - Add headset Mic support for new Dell machine Dell has new machines. It supports headset Mic and Headphone Mic. Signed-off-by: Kailang Yang <kailang@realtek.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> | 02 December 2014, 07:08:23 UTC |
| 1883248 | James Morris | 02 December 2014, 07:06:12 UTC | Merge tag 'keys-fixes-20141201' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into for-linus | 02 December 2014, 07:06:12 UTC |
| 8b62c8c | Dave Airlie | 02 December 2014, 06:27:25 UTC | nouveau: move the hotplug ignore to correct place. Introduced in b440bde74f, however it was added to the wrong function in nouveau. https://bugzilla.kernel.org/show_bug.cgi?id=86011 Cc: Bjorn Helgaas <bhelgaas@google.com> CC: stable@vger.kernel.org # v3.15+ Signed-off-by: Dave Airlie <airlied@redhat.com> | 02 December 2014, 06:27:25 UTC |
| d87c0e3 | Dave Airlie | 02 December 2014, 05:40:16 UTC | Merge branch 'linux-3.18' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes Just a couple of fixes for the fallout from the fence rework. * 'linux-3.18' of git://anongit.freedesktop.org/git/nouveau/linux-2.6: drm/nouveau/gf116: remove copy1 engine drm/nouveau: prevent stale fence->channel pointers, and protect with rcu drm/nouveau/fifo/g84-: ack non-stall interrupt before handling it | 02 December 2014, 05:40:16 UTC |
| 226d63a | Ilia Mirkin | 30 November 2014, 17:56:18 UTC | drm/nouveau/gf116: remove copy1 engine Indications are that no GF116's actually have a copy engine there, but actually have the decompression engine. This engine can be made to do copies, but that should be done separately. Unclear why this didn't turn up on all GF116's, but perhaps the non-mobile ones came with enough VRAM to not trigger ttm migrations in test scenarios. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=85465 Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=59168 Cc: stable@vger.kernel.org Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu> Signed-off-by: Ben Skeggs <bskeggs@redhat.com> | 02 December 2014, 05:36:47 UTC |
| 0ec5f02 | Maarten Lankhorst | 01 December 2014, 09:11:06 UTC | drm/nouveau: prevent stale fence->channel pointers, and protect with rcu Tested-by: Alexandre Courbot <acourbot@nvidia.com> Signed-off-by: Ben Skeggs <bskeggs@redhat.com> | 02 December 2014, 05:33:22 UTC |
| 19a1082 | Ben Skeggs | 01 December 2014, 01:44:27 UTC | drm/nouveau/fifo/g84-: ack non-stall interrupt before handling it Closes a very unlikely race that can occur if another NonStallInterrupt method passes between checking fences and acking the previous interrupt. With this change, the interrupt will re-fire under such conditions. Tested-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de> Signed-off-by: Ben Skeggs <bskeggs@redhat.com> | 02 December 2014, 05:33:22 UTC |
| 3a18ca0 | Linus Torvalds | 02 December 2014, 04:11:49 UTC | Merge tag 'ext4_for_linus_urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 bugfix from Ted Ts'o: "Fix an ext4 metadata checksum regression introduced in v3.18-rc3" * tag 'ext4_for_linus_urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: jbd2: fix regression where we fail to initialize checksum seed when loading | 02 December 2014, 04:11:49 UTC |
| 32f3869 | Darrick J. Wong | 02 December 2014, 00:22:23 UTC | jbd2: fix regression where we fail to initialize checksum seed when loading When we're enabling journal features, we cannot use the predicate jbd2_journal_has_csum_v2or3() because we haven't yet set the sb feature flag fields! Moreover, we just finished loading the shash driver, so the test is unnecessary; calculate the seed always. Without this patch, we fail to initialize the checksum seed the first time we turn on journal_checksum, which means that all journal blocks written during that first mount are corrupt. Transactions written after the second mount will be fine, since the feature flag will be set in the journal superblock. xfstests generic/{034,321,322} are the regression tests. (This is important for 3.18.) Signed-off-by: Darrick J. Wong <darrick.wong@oracle.coM> Reported-by: Eric Whitney <enwlinux@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> | 02 December 2014, 02:57:06 UTC |
| 5106787 | Thierry Reding | 27 November 2014, 08:54:09 UTC | PCI: tegra: Use physical range for I/O mapping Commit 0b0b0893d49b ("of/pci: Fix the conversion of IO ranges into IO resources") changed how I/O resources are parsed from DT. Rather than containing the physical address of the I/O region, the addresses will now be in I/O address space. On Tegra the union of all ranges is used to expose a top-level memory- mapped resource for the PCI host bridge. This helps to make /proc/iomem more readable. Combining both of the above, the union would now include the I/O space region. This causes a regression on Tegra20, where the physical base address of the PCIe controller (and therefore of the union) is located at physical address 0x80000000. Since I/O space starts at 0, the union will now include all of system RAM which starts at 0x00000000. This commit fixes this by keeping two copies of the I/O range: one that represents the range in the CPU's physical address space, the other for the range in the I/O address space. This allows the translation setup within the driver to reuse the physical addresses. The code registering the I/O region with the PCI core uses both ranges to establish the mapping. Fixes: 0b0b0893d49b ("of/pci: Fix the conversion of IO ranges into IO resources") Reported-by: Marc Zyngier <marc.zyngier@arm.com> Tested-by: Marc Zyngier <marc.zyngier@arm.com> Suggested-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Thierry Reding <treding@nvidia.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> | 01 December 2014, 23:55:43 UTC |
| 0b0a841 | David Howells | 01 December 2014, 22:52:53 UTC | KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED Since the keyring facility can be viewed as a cache (at least in some applications), the local expiration time on the key should probably be viewed as a 'needs updating after this time' property rather than an absolute 'anyone now wanting to use this object is out of luck' property. Since request_key() is the main interface for the usage of keys, this should update or replace an expired key rather than issuing EKEYEXPIRED if the local expiration has been reached (ie. it should refresh the cache). For absolute conditions where refreshing the cache probably doesn't help, the key can be negatively instantiated using KEYCTL_REJECT_KEY with EKEYEXPIRED given as the error to issue. This will still cause request_key() to return EKEYEXPIRED as that was explicitly set. In the future, if the key type has an update op available, we might want to upcall with the expired key and allow the upcall to update it. We would pass a different operation name (the first column in /etc/request-key.conf) to the request-key program. request_key() returning EKEYEXPIRED is causing an NFS problem which Chuck Lever describes thusly: After about 10 minutes, my NFSv4 functional tests fail because the ownership of the test files goes to "-2". Looking at /proc/keys shows that the id_resolv keys that map to my test user ID have expired. The ownership problem persists until the expired keys are purged from the keyring, and fresh keys are obtained. I bisected the problem to 3.13 commit b2a4df200d57 ("KEYS: Expand the capacity of a keyring"). This commit inadvertantly changes the API contract of the internal function keyring_search_aux(). The root cause appears to be that b2a4df200d57 made "no state check" the default behavior. "No state check" means the keyring search iterator function skips checking the key's expiry timeout, and returns expired keys. request_key_and_link() depends on getting an -EAGAIN result code to know when to perform an upcall to refresh an expired key. This patch can be tested directly by: keyctl request2 user debug:fred a @s keyctl timeout %user:debug:fred 3 sleep 4 keyctl request2 user debug:fred a @s Without the patch, the last command gives error EKEYEXPIRED, but with the command it gives a new key. Reported-by: Carl Hetherington <cth@carlh.net> Reported-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Chuck Lever <chuck.lever@oracle.com> | 01 December 2014, 22:52:53 UTC |
| 054f618 | David Howells | 01 December 2014, 22:52:50 UTC | KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags to be two variations of the same flag. They are effectively mutually exclusive and one or the other should be provided, but not both. Keyring cycle detection and key possession determination are the only things that set NO_STATE_CHECK, except that neither flag really does anything there because neither purpose makes use of the keyring_search_iterator() function, but rather provides their own. For cycle detection we definitely want to check inside of expired keyrings, just so that we don't create a cycle we can't get rid of. Revoked keyrings are cleared at revocation time and can't then be reused, so shouldn't be a problem either way. For possession determination, we *might* want to validate each keyring before searching it: do you possess a key that's hidden behind an expired or just plain inaccessible keyring? Currently, the answer is yes. Note that you cannot, however, possess a key behind a revoked keyring because they are cleared on revocation. keyring_search() sets DO_STATE_CHECK, which is correct. request_key_and_link() currently doesn't specify whether to check the key state or not - but it should set DO_STATE_CHECK. key_get_instantiation_authkey() also currently doesn't specify whether to check the key state or not - but it probably should also set DO_STATE_CHECK. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Chuck Lever <chuck.lever@oracle.com> | 01 December 2014, 22:52:50 UTC |
| aa9d443 | David Howells | 01 December 2014, 22:52:45 UTC | KEYS: Fix the size of the key description passed to/from userspace When a key description argument is imported into the kernel from userspace, as happens in add_key(), request_key(), KEYCTL_JOIN_SESSION_KEYRING, KEYCTL_SEARCH, the description is copied into a buffer up to PAGE_SIZE in size. PAGE_SIZE, however, is a variable quantity, depending on the arch. Fix this at 4096 instead (ie. 4095 plus a NUL termination) and define a constant (KEY_MAX_DESC_SIZE) to this end. When reading the description back with KEYCTL_DESCRIBE, a PAGE_SIZE internal buffer is allocated into which the information and description will be rendered. This means that the description will get truncated if an extremely long description it has to be crammed into the buffer with the stringified information. There is no particular need to copy the description into the buffer, so just copy it directly to userspace in a separate operation. Reported-by: Christian Kastner <debian@kvr.at> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Christian Kastner <debian@kvr.at> | 01 December 2014, 22:52:45 UTC |
| 2cb4a18 | Sebastian Ott | 28 November 2014, 14:40:57 UTC | s390: fix machine check handling Commit eb7e7d76 "s390: Replace __get_cpu_var uses" broke machine check handling. We copy machine check information from per-cpu to a stack variable for local processing. Next we should zap the per-cpu variable, not the stack variable. Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Christoph Lameter <cl@linux.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> | 01 December 2014, 10:06:55 UTC |
| 02ecc41 | Borislav Petkov | 30 November 2014, 13:26:39 UTC | x86, microcode: Limit the microcode reloading to 64-bit for now First, there was this: https://bugzilla.kernel.org/show_bug.cgi?id=88001 The problem there was that microcode patches are not being reapplied after suspend-to-ram. It was important to reapply them, though, because of for example Haswell's TSX erratum which disabled TSX instructions with a microcode patch. A simple fix was fb86b97300d9 ("x86, microcode: Update BSPs microcode on resume") but, as it is often the case, simple fixes are too simple. This one causes 32-bit resume to fail: https://bugzilla.kernel.org/show_bug.cgi?id=88391 Properly fixing this would require more involved changes for which it is too late now, right before the merge window. Thus, limit this to 64-bit only temporarily. Signed-off-by: Borislav Petkov <bp@suse.de> Link: http://lkml.kernel.org/r/1417353999-32236-1-git-send-email-bp@alien8.de Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | 01 December 2014, 09:55:08 UTC |
| 35d0565 | Aaron Lu | 01 December 2014, 01:09:18 UTC | ACPI / video: update condition to check if device is in _DOD list Commit 0b8db271f159 ("ACPI / video: check _DOD list when creating backlight devices") checks if the video device is in the bind devices list to decide if we should create backlight device for it, that causes problem for one Dell Latitude E6410, where none of the video output devices are properly bound due to the way how we did the comparing between its _ADR and the _DOD's values. Solve this problem by comparing the lower 12 bits of both the device's _ADR and the _DOD's values instead of relying on bind result. Fixes: 0b8db271f159 ("ACPI / video: check _DOD list when creating backlight devices") Reported-and-tested-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Aaron Lu <aaron.lu@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> | 01 December 2014, 01:09:18 UTC |
| 009d043 | Linus Torvalds | 01 December 2014, 00:42:27 UTC | Linux 3.18-rc7 | 01 December 2014, 00:42:27 UTC |
| df20ce5 | Linus Torvalds | 01 December 2014, 00:21:37 UTC | Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Two i915 regressions and one dual-gpu laptop radeon fix" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon: report disconnected for LVDS/eDP with PX if ddc fails drm/i915: Cancel vdd off work before suspend drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset | 01 December 2014, 00:21:37 UTC |
| 2f19cad | Chris Mason | 30 November 2014, 13:56:33 UTC | btrfs: zero out left over bytes after processing compression streams Don Bailey noticed that our page zeroing for compression at end-io time isn't complete. This reworks a patch from Linus to push the zeroing into the zlib and lzo specific functions instead of trying to handle the corners inside btrfs_decompress_buf2page Signed-off-by: Chris Mason <clm@fb.com> Reviewed-by: Josef Bacik <jbacik@fb.com> Reported-by: Don A. Bailey <donb@securitymouse.com> cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | 30 November 2014, 17:33:51 UTC |
| 7fa2955 | Mitsuhiro Kimura | 28 November 2014, 01:04:15 UTC | sh_eth: Fix sleeping function called from invalid context This resolves the following bug which can be reproduced by building the kernel with CONFIG_DEBUG_ATOMIC_SLEEP=y and reading network statistics while the network interface is down. e.g.: ifconfig eth0 down cat /sys/class/net/eth0/statistics/tx_errors ---- [ 1238.161349] BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:952 [ 1238.188279] in_atomic(): 1, irqs_disabled(): 0, pid: 1388, name: cat [ 1238.207425] CPU: 0 PID: 1388 Comm: cat Not tainted 3.10.31-ltsi-00046-gefa0b46 #1087 [ 1238.230737] Backtrace: [ 1238.238123] [<c0012e64>] (dump_backtrace+0x0/0x10c) from [<c0013000>] (show_stack+0x18/0x1c) [ 1238.263499] r6:000003b8 r5:c06160c0 r4:c0669e00 r3:00404000 [ 1238.280583] [<c0012fe8>] (show_stack+0x0/0x1c) from [<c04515a4>] (dump_stack+0x20/0x28) [ 1238.304631] [<c0451584>] (dump_stack+0x0/0x28) from [<c004970c>] (__might_sleep+0xf8/0x118) [ 1238.329734] [<c0049614>] (__might_sleep+0x0/0x118) from [<c02465ac>] (__pm_runtime_resume+0x38/0x90) [ 1238.357170] r7:d616f000 r6:c049c458 r5:00000004 r4:d6a17210 [ 1238.374251] [<c0246574>] (__pm_runtime_resume+0x0/0x90) from [<c029b1c4>] (sh_eth_get_stats+0x44/0x280) [ 1238.402468] r7:d616f000 r6:c049c458 r5:d5c21000 r4:d5c21000 [ 1238.419552] [<c029b180>] (sh_eth_get_stats+0x0/0x280) from [<c03ae39c>] (dev_get_stats+0x54/0x88) [ 1238.446204] r5:d5c21000 r4:d5ed7e08 [ 1238.456980] [<c03ae348>] (dev_get_stats+0x0/0x88) from [<c03c677c>] (netstat_show.isra.15+0x54/0x9c) [ 1238.484413] r6:d5c21000 r5:d5c21238 r4:00000028 r3:00000001 [ 1238.501495] [<c03c6728>] (netstat_show.isra.15+0x0/0x9c) from [<c03c69b8>] (show_tx_errors+0x18/0x1c) [ 1238.529196] r7:d5f945d8 r6:d5f945c0 r5:c049716c r4:c0650e7c [ 1238.546279] [<c03c69a0>] (show_tx_errors+0x0/0x1c) from [<c023963c>] (dev_attr_show+0x24/0x50) [ 1238.572157] [<c0239618>] (dev_attr_show+0x0/0x50) from [<c010c148>] (sysfs_read_file+0xb0/0x140) [ 1238.598554] r5:c049716c r4:d5c21240 [ 1238.609326] [<c010c098>] (sysfs_read_file+0x0/0x140) from [<c00b9ee4>] (vfs_read+0xb0/0x13c) [ 1238.634679] [<c00b9e34>] (vfs_read+0x0/0x13c) from [<c00ba0ac>] (SyS_read+0x44/0x74) [ 1238.657944] r8:bef45bf0 r7:00000000 r6:d6ac0600 r5:00000000 r4:00000000 [ 1238.678172] [<c00ba068>] (SyS_read+0x0/0x74) from [<c000eec0>] (ret_fast_syscall+0x0/0x30) ---- Signed-off-by: Mitsuhiro Kimura <mitsuhiro.kimura.kc@renesas.com> Signed-off-by: Yoshihiro Kaneko <ykaneko0929@gmail.com> Signed-off-by: Simon Horman <horms+renesas@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net> | 30 November 2014, 05:16:54 UTC |
| 28603d1 | Huacai Chen | 27 November 2014, 13:05:34 UTC | stmmac: platform: Move plat_dat checking earlier Original code only check/alloc plat_dat for the CONFIG_OF case, this patch check/alloc it earlier and unconditionally to avoid kernel build warnings: drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c:275 stmmac_pltfr_probe() warn: variable dereferenced before check 'plat_dat' V2: Fix coding style. Signed-off-by: Huacai Chen <chenhc@lemote.com> Signed-off-by: David S. Miller <davem@davemloft.net> | 30 November 2014, 05:11:16 UTC |
| 4d6a949 | Mitsuhiro Kimura | 27 November 2014, 11:34:00 UTC | sh_eth: Fix skb alloc size and alignment adjust rule. In the current driver, allocation size of skb does not care the alignment adjust after allocation. And also, in the current implementation, buffer alignment method by sh_eth_set_receive_align function has a bug that this function displace buffer start address forcedly when the alignment is corrected. In the result, tail of the skb will exceed allocated area and kernel panic will be occurred. This patch fix this issue. Signed-off-by: Mitsuhiro Kimura <mitsuhiro.kimura.kc@renesas.com> Signed-off-by: Yoshihiro Kaneko <ykaneko0929@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> | 30 November 2014, 05:09:38 UTC |
| e0ebde0 | Nicolas Dichtel | 27 November 2014, 09:16:15 UTC | rtnetlink: release net refcnt on error in do_setlink() rtnl_link_get_net() holds a reference on the 'struct net', we need to release it in case of error. CC: Eric W. Biederman <ebiederm@xmission.com> Fixes: b51642f6d77b ("net: Enable a userns root rtnl calls that are safe for unprivilged users") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> | 30 November 2014, 05:05:43 UTC |
| f6c6fda | Thomas Graf | 26 November 2014, 23:22:33 UTC | bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes Fixes: 7f28fa10 ("bonding: add arp_ip_target netlink support") Reported-by: John Fastabend <john.fastabend@gmail.com> Cc: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: Thomas Graf <tgraf@suug.ch> Acked-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> | 30 November 2014, 04:46:32 UTC |
| 7a5a4f9 | Linus Torvalds | 29 November 2014, 18:49:24 UTC | Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Thomas Gleixner: "Three fixlets from the ARM SoC camp: - correct irqdomain initialization for atmel-aic - correct error handling for device tree parsing in bcm controllers" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip: brcmstb-l2: Fix error handling of irq_of_parse_and_map irqchip: bcm7120-l2: Fix error handling of irq_of_parse_and_map irqchip: atmel-aic: Fix irqdomain initialization | 29 November 2014, 18:49:24 UTC |
| ed02bfa | Linus Torvalds | 29 November 2014, 18:15:31 UTC | Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "This is a set of ten fixes: 8 for UFS including four static checker warnings, a potential null deref in the voltage regulator code, a race on module unload, a ref counting fix on the well known LUNs which made it impossible to remove the ufs module and fix to correct the information in pwr_info. In addition to UFS, there's a blacklist for the Intel Multi-Flex array which chokes on report supported operation codes and a fix to an oops in bnx2fc caused by shared skbs" [ For us non-SCSI people: "UFS" here is "Universal Flash Storage" not the filesystem. - Linus ] * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: ufs: fix NULL dereference when no regulators are defined ufs: ensure clk gating work is finished before module unloading scsi: ufs: fix static checker warning in ufshcd_parse_clock_info scsi: ufs: fix static checker warning in __ufshcd_setup_clocks scsi: ufs: fix static checker warning in ufshcd_populate_vreg scsi: ufs: fix static checker errors in ufshcd_system_suspend ufs: fix power info after link start-up ufs: fix reference counting of W-LUs scsi: add Intel Multi-Flex to scsi scan blacklist bnx2fc: do not add shared skbs to the fcoe_rx_list | 29 November 2014, 18:15:31 UTC |
| 8891063 | Linus Torvalds | 29 November 2014, 00:08:09 UTC | Merge tag 'staging-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO driver fixes from Greg KH: "Here are some staging and IIO driver fixes for 3.18-rc7 that resolve a number of reported issues, and a new device id for a staging wireless driver. All of these have been in linux-next" * tag 'staging-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: r8188eu: Add new device ID for DLink GO-USB-N150 staging: r8188eu: Fix scheduling while atomic error introduced in commit fadbe0cd iio: accel: bmc150: set low default thresholds iio: accel: bmc150: Fix iio_event_spec direction iio: accel: bmc150: Send x, y and z motion separately iio: accel: bmc150: Error handling when mode set fails iio: gyro: bmg160: Fix iio_event_spec direction iio: gyro: bmg160: Send x, y and z motion separately iio: gyro: bmg160: Don't let interrupt mode to be open drain iio: gyro: bmg160: Error handling when mode set fails iio: adc: men_z188_adc: Add terminating entry for men_z188_ids iio: accel: kxcjk-1013: Fix kxcjk10013_set_range iio: Fix IIO_EVENT_CODE_EXTRACT_DIR bit mask | 29 November 2014, 00:08:09 UTC |
| 6f93840 | Linus Torvalds | 29 November 2014, 00:03:24 UTC | Merge tag 'tty-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fix from Greg KH: "Here is a single revert for the of-serial driver that resolves a reported issue. This revert has been in linux-next for a while" * tag 'tty-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: Revert "serial: of-serial: add PM suspend/resume support" | 29 November 2014, 00:03:24 UTC |
| 4742eb3 | Linus Torvalds | 28 November 2014, 23:55:14 UTC | Merge tag 'usb-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some USB driver fixes and new device ids for 3.18-rc7. Full details are in the shortlog, and all of these have been in the linux-next tree for a while" * tag 'usb-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb-quirks: Add reset-resume quirk for MS Wireless Laser Mouse 6000 usb: xhci: rework root port wake bits if controller isn't allowed to wakeup USB: xhci: Reset a halted endpoint immediately when we encounter a stall. Revert "xhci: clear root port wake on bits if controller isn't wake-up capable" USB: xhci: don't start a halted endpoint before its new dequeue is set USB: uas: Add no-uas quirk for Hitachi usb-3 enclosures 4971:1012 USB: ssu100: fix overrun-error reporting USB: keyspan: fix overrun-error reporting USB: keyspan: fix tty line-status reporting usb: serial: ftdi_sio: add PIDs for Matrix Orbital products usb: dwc3: ep0: fix for dead code USB: serial: cp210x: add IDs for CEL MeshConnect USB Stick | 28 November 2014, 23:55:14 UTC |
| cba3b00 | Linus Torvalds | 28 November 2014, 22:00:33 UTC | Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal Pull thermal fixes from Eduardo Valentin: "In this -rc still very minor changes: - Lee Jones fixes compilation warning in sti thermal driver - Marjus Elfring removes unnecessary checks in exynos thermal driver (as per coccinelle) - Now we always update cpufreq policies, and thus get (hopefully) always in sync with cpufreq, thanks to Yadwinder" * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal: thermal: Exynos: Deletion of unnecessary checks before two function calls thermal: sti: Ignore suspend/resume functions when !PM_SLEEP thermal: cpu_cooling: Update always cpufreq policy with thermal constraints | 28 November 2014, 22:00:33 UTC |
| 16cf45c | Linus Torvalds | 28 November 2014, 21:54:53 UTC | Merge tag 'sound-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "No excitement, here are only minor fixes: an endian fix for the new DSD format we added in 3.18, a fix for HP mute LED, and a fix for Native Instrument quirk" * tag 'sound-3.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: pcm: Add big-endian DSD sample formats and fix XMOS DSD sample format ALSA: hda - One more HP machine needs to change mute led quirk ALSA: usb-audio: Use snd_usb_ctl_msg() for Native Instruments quirk | 28 November 2014, 21:54:53 UTC |
| 615b994 | Linus Torvalds | 28 November 2014, 21:34:32 UTC | Merge tag 'armsoc-for-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Arnd Bergmann: "Not much interesting going on fixes-wise for us this week, as it should be for an -rc7. I'm not expecting Olof to work much over Thanksgiving weekend, so I decided to take over again and push these out to you. Just four simple fixes this week: - one missing of_node_put() on armv7 based mvebu - forcing the USB host into the right mode on Chromebook (exynos5-snow) - enabling two important drivers for exynos_defconfig - fixing a noncritical bug for tegra that would cause a regression with common code patches queued for 3.19" * tag 'armsoc-for-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: tegra: irq: fix buggy usage of irq_data irq field ARM: exynos_defconfig: Enable max77802 rtc and clock drivers ARM: dts: Explicitly set dr_mode on exynos5250-snow ARM: mvebu: add missing of_node_put() call in coherency.c | 28 November 2014, 21:34:32 UTC |
| e818d5e | Linus Torvalds | 28 November 2014, 21:32:47 UTC | Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: "Another round of relatively small ARM fixes. Thomas spotted that the strex backoff delay bit was a disable bit, so it needed to be clear for this to work. Vladimir spotted that using a restart block for the cache flush operation would return -EINTR, which userspace was not expecting. Dmitry spotted that the auxiliary control register accesses for Xscale were not correct" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8226/1: cacheflush: get rid of restarting block ARM: 8222/1: mvebu: enable strex backoff delay ARM: 8216/1: xscale: correct auxiliary register in suspend/resume | 28 November 2014, 21:32:47 UTC |
