Eric Dumazet [Mon, 23 May 2011 11:02:42 +0000 (11:02 +0000)]
sch_sfq: avoid giving spurious NET_XMIT_CN signals
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
8efa885406359af300d46910642b50ca82c0fe47 ]
While chasing a possible net_sched bug, I found that IP fragments have
litle chance to pass a congestioned SFQ qdisc :
- Say SFQ qdisc is full because one flow is non responsive.
- ip_fragment() wants to send two fragments belonging to an idle flow.
- sfq_enqueue() queues first packet, but see queue limit reached :
- sfq_enqueue() drops one packet from 'big consumer', and returns
NET_XMIT_CN.
- ip_fragment() cancel remaining fragments.
This patch restores fairness, making sure we return NET_XMIT_CN only if
we dropped a packet from the same flow.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
CC: Jarek Poplawski <jarkao2@gmail.com>
CC: Jamal Hadi Salim <hadi@cyberus.ca>
CC: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Eric Dumazet [Wed, 18 May 2011 06:21:31 +0000 (02:21 -0400)]
net: add skb_dst_force() in sock_queue_err_skb()
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
abb57ea48fd9431fa320a5c55f73e6b5a44c2efb ]
Commit
7fee226ad239 (add a noref bit on skb dst) forgot to use
skb_dst_force() on packets queued in sk_error_queue
This triggers following warning, for applications using IP_CMSG_PKTINFO
receiving one error status
------------[ cut here ]------------
WARNING: at include/linux/skbuff.h:457 ip_cmsg_recv_pktinfo+0xa6/0xb0()
Hardware name: 2669UYD
Modules linked in: isofs vboxnetadp vboxnetflt nfsd ebtable_nat ebtables
lib80211_crypt_ccmp uinput xcbc hdaps tp_smapi thinkpad_ec radeonfb fb_ddc
radeon ttm drm_kms_helper drm ipw2200 intel_agp intel_gtt libipw i2c_algo_bit
i2c_i801 agpgart rng_core cfbfillrect cfbcopyarea cfbimgblt video raid10 raid1
raid0 linear md_mod vboxdrv
Pid: 4697, comm: miredo Not tainted 2.6.39-rc6-00569-g5895198-dirty #22
Call Trace:
[<
c17746b6>] ? printk+0x1d/0x1f
[<
c1058302>] warn_slowpath_common+0x72/0xa0
[<
c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0
[<
c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0
[<
c1058350>] warn_slowpath_null+0x20/0x30
[<
c15bbca6>] ip_cmsg_recv_pktinfo+0xa6/0xb0
[<
c15bbdd7>] ip_cmsg_recv+0x127/0x260
[<
c154f82d>] ? skb_dequeue+0x4d/0x70
[<
c1555523>] ? skb_copy_datagram_iovec+0x53/0x300
[<
c178e834>] ? sub_preempt_count+0x24/0x50
[<
c15bdd2d>] ip_recv_error+0x23d/0x270
[<
c15de554>] udp_recvmsg+0x264/0x2b0
[<
c15ea659>] inet_recvmsg+0xd9/0x130
[<
c1547752>] sock_recvmsg+0xf2/0x120
[<
c11179cb>] ? might_fault+0x4b/0xa0
[<
c15546bc>] ? verify_iovec+0x4c/0xc0
[<
c1547660>] ? sock_recvmsg_nosec+0x100/0x100
[<
c1548294>] __sys_recvmsg+0x114/0x1e0
[<
c1093895>] ? __lock_acquire+0x365/0x780
[<
c1148b66>] ? fget_light+0xa6/0x3e0
[<
c1148b7f>] ? fget_light+0xbf/0x3e0
[<
c1148aee>] ? fget_light+0x2e/0x3e0
[<
c1549f29>] sys_recvmsg+0x39/0x60
Close bug https://bugzilla.kernel.org/show_bug.cgi?id=34622
Reported-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Veaceslav Falico [Mon, 23 May 2011 23:15:05 +0000 (23:15 +0000)]
igmp: call ip_mc_clear_src() only when we have no users of ip_mc_list
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
24cf3af3fed5edcf90bc2a0ed181e6ce1513d2dc ]
In igmp_group_dropped() we call ip_mc_clear_src(), which resets the number
of source filters per mulitcast. However, igmp_group_dropped() is also
called on NETDEV_DOWN, NETDEV_PRE_TYPE_CHANGE and NETDEV_UNREGISTER, which
means that the group might get added back on NETDEV_UP, NETDEV_REGISTER and
NETDEV_POST_TYPE_CHANGE respectively, leaving us with broken source
filters.
To fix that, we must clear the source filters only when there are no users
in the ip_mc_list, i.e. in ip_mc_dec_group() and on device destroy.
Acked-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Eric Dumazet [Tue, 10 May 2011 19:22:54 +0000 (12:22 -0700)]
vlan: fix GVRP at dismantle time MIME-Version: 1.0
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
0442277740ec56109c5b5f7bcfded299cf9e72bd ]
ip link add link eth2 eth2.103 type vlan id 103 gvrp on loose_binding on
ip link set eth2.103 up
rmmod tg3 # driver providing eth2
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<
ffffffffa0030c9e>] garp_request_leave+0x3e/0xc0 [garp]
PGD
11d251067 PUD
11b9e0067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/virtual/net/eth2.104/ifindex
CPU 0
Modules linked in: tg3(-) 8021q garp nfsd lockd auth_rpcgss sunrpc libphy sg [last unloaded: x_tables]
Pid: 11494, comm: rmmod Tainted: G W 2.6.39-rc6-00261-gfd71257-dirty #580 HP ProLiant BL460c G6
RIP: 0010:[<
ffffffffa0030c9e>] [<
ffffffffa0030c9e>] garp_request_leave+0x3e/0xc0 [garp]
RSP: 0018:
ffff88007a19bae8 EFLAGS:
00010286
RAX:
0000000000000000 RBX:
ffff88011b5e2000 RCX:
0000000000000002
RDX:
0000000000000000 RSI:
0000000000000175 RDI:
ffffffffa0030d5b
RBP:
ffff88007a19bb18 R08:
0000000000000001 R09:
ffff88011bd64a00
R10:
ffff88011d34ec00 R11:
0000000000000000 R12:
0000000000000002
R13:
ffff88007a19bc48 R14:
ffff88007a19bb88 R15:
0000000000000001
FS:
0000000000000000(0000) GS:
ffff88011fc00000(0063) knlGS:
00000000f77d76c0
CS: 0010 DS: 002b ES: 002b CR0:
000000008005003b
CR2:
0000000000000000 CR3:
000000011a675000 CR4:
00000000000006f0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process rmmod (pid: 11494, threadinfo
ffff88007a19a000, task
ffff8800798595c0)
Stack:
ffff88007a19bb36 ffff88011c84b800 ffff88011b5e2000 ffff88007a19bc48
ffff88007a19bb88 0000000000000006 ffff88007a19bb38 ffffffffa003a5f6
ffff88007a19bb38 670088007a19bba8 ffff88007a19bb58 ffffffffa00397e7
Call Trace:
[<
ffffffffa003a5f6>] vlan_gvrp_request_leave+0x46/0x50 [8021q]
[<
ffffffffa00397e7>] vlan_dev_stop+0xb7/0xc0 [8021q]
[<
ffffffff8137e427>] __dev_close_many+0x87/0xe0
[<
ffffffff8137e507>] dev_close_many+0x87/0x110
[<
ffffffff8137e630>] rollback_registered_many+0xa0/0x240
[<
ffffffff8137e7e9>] unregister_netdevice_many+0x19/0x60
[<
ffffffffa00389eb>] vlan_device_event+0x53b/0x550 [8021q]
[<
ffffffff8143f448>] ? ip6mr_device_event+0xa8/0xd0
[<
ffffffff81479d03>] notifier_call_chain+0x53/0x80
[<
ffffffff81062539>] __raw_notifier_call_chain+0x9/0x10
[<
ffffffff81062551>] raw_notifier_call_chain+0x11/0x20
[<
ffffffff8137df82>] call_netdevice_notifiers+0x32/0x60
[<
ffffffff8137e69f>] rollback_registered_many+0x10f/0x240
[<
ffffffff8137e85f>] rollback_registered+0x2f/0x40
[<
ffffffff8137e8c8>] unregister_netdevice_queue+0x58/0x90
[<
ffffffff8137e9eb>] unregister_netdev+0x1b/0x30
[<
ffffffffa005d73f>] tg3_remove_one+0x6f/0x10b [tg3]
We should call vlan_gvrp_request_leave() from unregister_vlan_dev(),
not from vlan_dev_stop(), because vlan_gvrp_uninit_applicant()
is called right after unregister_netdevice_queue(). In batch mode,
unregister_netdevice_queue() doesn’t immediately call vlan_dev_stop().
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ilpo Järvinen [Sat, 2 Apr 2011 04:47:41 +0000 (21:47 -0700)]
tcp: len check is unnecessarily devastating, change to WARN_ON
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
2fceec13375e5d98ef033c6b0ee03943fc460950 ]
All callers are prepared for alloc failures anyway, so this error
can safely be boomeranged to the callers domain without super
bad consequences. ...At worst the connection might go into a state
where each RTO tries to (unsuccessfully) re-fragment with such
a mis-sized value and eventually dies.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Jacek Luczak [Thu, 19 May 2011 09:55:13 +0000 (09:55 +0000)]
SCTP: fix race between sctp_bind_addr_free() and sctp_bind_addr_conflict()
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
c182f90bc1f22ce5039b8722e45621d5f96862c2 ]
During the sctp_close() call, we do not use rcu primitives to
destroy the address list attached to the endpoint. At the same
time, we do the removal of addresses from this list before
attempting to remove the socket from the port hash
As a result, it is possible for another process to find the socket
in the port hash that is in the process of being closed. It then
proceeds to traverse the address list to find the conflict, only
to have that address list suddenly disappear without rcu() critical
section.
Fix issue by closing address list removal inside RCU critical
section.
Race can result in a kernel crash with general protection fault or
kernel NULL pointer dereference:
kernel: general protection fault: 0000 [#1] SMP
kernel: RIP: 0010:[<
ffffffffa02f3dde>] [<
ffffffffa02f3dde>] sctp_bind_addr_conflict+0x64/0x82 [sctp]
kernel: Call Trace:
kernel: [<
ffffffffa02f415f>] ? sctp_get_port_local+0x17b/0x2a3 [sctp]
kernel: [<
ffffffffa02f3d45>] ? sctp_bind_addr_match+0x33/0x68 [sctp]
kernel: [<
ffffffffa02f4416>] ? sctp_do_bind+0xd3/0x141 [sctp]
kernel: [<
ffffffffa02f5030>] ? sctp_bindx_add+0x4d/0x8e [sctp]
kernel: [<
ffffffffa02f5183>] ? sctp_setsockopt_bindx+0x112/0x4a4 [sctp]
kernel: [<
ffffffff81089e82>] ? generic_file_aio_write+0x7f/0x9b
kernel: [<
ffffffffa02f763e>] ? sctp_setsockopt+0x14f/0xfee [sctp]
kernel: [<
ffffffff810c11fb>] ? do_sync_write+0xab/0xeb
kernel: [<
ffffffff810e82ab>] ? fsnotify+0x239/0x282
kernel: [<
ffffffff810c2462>] ? alloc_file+0x18/0xb1
kernel: [<
ffffffff8134a0b1>] ? compat_sys_setsockopt+0x1a5/0x1d9
kernel: [<
ffffffff8134aaf1>] ? compat_sys_socketcall+0x143/0x1a4
kernel: [<
ffffffff810467dc>] ? sysenter_dispatch+0x7/0x32
Signed-off-by: Jacek Luczak <luczak.jacek@gmail.com>
Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
CC: Eric Dumazet <eric.dumazet@gmail.com>
Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
David S. Miller [Fri, 22 Apr 2011 04:17:25 +0000 (21:17 -0700)]
Revert "bridge: Forward reserved group addresses if !STP"
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
f01cb5fbea1c1613621f9f32f385e12c1a29dde0 ]
This reverts commit
1e253c3b8a1aeed51eef6fc366812f219b97de65.
It breaks 802.3ad bonding inside of a bridge.
The commit was meant to support transport bridging, and specifically
virtual machines bridged to an ethernet interface connected to a
switch port wiht 802.1x enabled.
But this isn't the way to do it, it breaks too many other things.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Eric Dumazet [Tue, 17 May 2011 17:56:59 +0000 (13:56 -0400)]
net: use hlist_del_rcu() in dev_change_name()
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
372b2312010bece1e36f577d6c99a6193ec54cbd ]
Using plain hlist_del() in dev_change_name() is wrong since a
concurrent reader can crash trying to dereference LIST_POISON1.
Bug introduced in commit
72c9528bab94 (net: Introduce
dev_get_by_name_rcu())
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Joakim Tjernlund [Tue, 12 Apr 2011 20:59:33 +0000 (13:59 -0700)]
net: Do not wrap sysctl igmp_max_memberships in IP_MULTICAST
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
192910a6cca5e50e5bd6cbd1da0e7376c7adfe62 ]
controlling igmp_max_membership is useful even when IP_MULTICAST
is off.
Quagga(an OSPF deamon) uses multicast addresses for all interfaces
using a single socket and hits igmp_max_membership limit when
there are 20 interfaces or more.
Always export sysctl igmp_max_memberships in proc, just like
igmp_max_msf
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Eric Dumazet [Fri, 20 May 2011 18:59:23 +0000 (14:59 -0400)]
macvlan: fix panic if lowerdev in a bond
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
d93515611bbc70c2fe4db232e5feb448ed8e4cc9 ]
commit
a35e2c1b6d905 (macvlan: use rx_handler_data pointer to store
macvlan_port pointer V2) added a bug in macvlan_port_create()
Steps to reproduce the bug:
# ifenslave bond0 eth0 eth1
# ip link add link eth0 up name eth0#1 type macvlan
->error EBUSY
# ip link add link eth0 up name eth0#1 type macvlan
->panic
Fix: Dont set IFF_MACVLAN_PORT in error case.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Shan Wei [Tue, 19 Apr 2011 22:52:49 +0000 (22:52 +0000)]
ipv6: udp: fix the wrong headroom check
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
a9cf73ea7ff78f52662c8658d93c226effbbedde ]
At this point, skb->data points to skb_transport_header.
So, headroom check is wrong.
For some case:bridge(UFO is on) + eth device(UFO is off),
there is no enough headroom for IPv6 frag head.
But headroom check is always false.
This will bring about data be moved to there prior to skb->head,
when adding IPv6 frag header to skb.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Thomas Egerer [Wed, 20 Apr 2011 22:56:02 +0000 (22:56 +0000)]
ipv6: Remove hoplimit initialization to -1
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
e965c05dabdabb85af0187952ccd75e43995c4b3 ]
The changes introduced with git-commit
a02e4b7d ("ipv6: Demark default
hoplimit as zero.") missed to remove the hoplimit initialization. As a
result, ipv6_get_mtu interprets the return value of dst_metric_raw
(-1) as 255 and answers ping6 with this hoplimit. This patche removes
the line such that ping6 is answered with the hoplimit value
configured via sysctl.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Eric Dumazet [Mon, 11 Apr 2011 22:39:40 +0000 (22:39 +0000)]
inetpeer: reduce stack usage
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
66944e1c5797562cebe2d1857d46dff60bf9a69e ]
On 64bit arches, we use 752 bytes of stack when cleanup_once() is called
from inet_getpeer().
Lets share the avl stack to save ~376 bytes.
Before patch :
# objdump -d net/ipv4/inetpeer.o | scripts/checkstack.pl
0x000006c3 unlink_from_pool [inetpeer.o]: 376
0x00000721 unlink_from_pool [inetpeer.o]: 376
0x00000cb1 inet_getpeer [inetpeer.o]: 376
0x00000e6d inet_getpeer [inetpeer.o]: 376
0x0004 inet_initpeers [inetpeer.o]: 112
# size net/ipv4/inetpeer.o
text data bss dec hex filename
5320 432 21 5773 168d net/ipv4/inetpeer.o
After patch :
objdump -d net/ipv4/inetpeer.o | scripts/checkstack.pl
0x00000c11 inet_getpeer [inetpeer.o]: 376
0x00000dcd inet_getpeer [inetpeer.o]: 376
0x00000ab9 peer_check_expire [inetpeer.o]: 328
0x00000b7f peer_check_expire [inetpeer.o]: 328
0x0004 inet_initpeers [inetpeer.o]: 112
# size net/ipv4/inetpeer.o
text data bss dec hex filename
5163 432 21 5616 15f0 net/ipv4/inetpeer.o
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Scot Doyle <lkml@scotdoyle.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>
Cc: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Reviewed-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Dave Jones [Tue, 12 Apr 2011 22:29:54 +0000 (15:29 -0700)]
irda: fix locking unbalance in irda_sendmsg
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
020318d0d2af51e0fd59ba654ede9b2171558720 ]
5b40964eadea40509d353318d2c82e8b7bf5e8a5 ("irda: Remove BKL instances
from af_irda.c") introduced a path where we have a locking unbalance.
If we pass invalid flags, we unlock a socket we never locked,
resulting in this...
=====================================
[ BUG: bad unlock balance detected! ]
-------------------------------------
trinity/20101 is trying to release lock (sk_lock-AF_IRDA) at:
[<
ffffffffa057f001>] irda_sendmsg+0x207/0x21d [irda]
but there are no more locks to release!
other info that might help us debug this:
no locks held by trinity/20101.
stack backtrace:
Pid: 20101, comm: trinity Not tainted 2.6.39-rc3+ #3
Call Trace:
[<
ffffffffa057f001>] ? irda_sendmsg+0x207/0x21d [irda]
[<
ffffffff81085041>] print_unlock_inbalance_bug+0xc7/0xd2
[<
ffffffffa057f001>] ? irda_sendmsg+0x207/0x21d [irda]
[<
ffffffff81086aca>] lock_release+0xcf/0x18e
[<
ffffffff813ed190>] release_sock+0x2d/0x155
[<
ffffffffa057f001>] irda_sendmsg+0x207/0x21d [irda]
[<
ffffffff813e9f8c>] __sock_sendmsg+0x69/0x75
[<
ffffffff813ea105>] sock_sendmsg+0xa1/0xb6
[<
ffffffff81100ca3>] ? might_fault+0x5c/0xac
[<
ffffffff81086b7c>] ? lock_release+0x181/0x18e
[<
ffffffff81100cec>] ? might_fault+0xa5/0xac
[<
ffffffff81100ca3>] ? might_fault+0x5c/0xac
[<
ffffffff81133b94>] ? fcheck_files+0xb9/0xf0
[<
ffffffff813f387a>] ? copy_from_user+0x2f/0x31
[<
ffffffff813f3b70>] ? verify_iovec+0x52/0xa6
[<
ffffffff813eb4e3>] sys_sendmsg+0x23a/0x2b8
[<
ffffffff81086b7c>] ? lock_release+0x181/0x18e
[<
ffffffff810773c6>] ? up_read+0x28/0x2c
[<
ffffffff814bec3d>] ? do_page_fault+0x360/0x3b4
[<
ffffffff81087043>] ? trace_hardirqs_on_caller+0x10b/0x12f
[<
ffffffff810458aa>] ? finish_task_switch+0xb2/0xe3
[<
ffffffff8104583e>] ? finish_task_switch+0x46/0xe3
[<
ffffffff8108364a>] ? trace_hardirqs_off_caller+0x33/0x90
[<
ffffffff814bbaf9>] ? retint_swapgs+0x13/0x1b
[<
ffffffff81087043>] ? trace_hardirqs_on_caller+0x10b/0x12f
[<
ffffffff810a9dd3>] ? audit_syscall_entry+0x11c/0x148
[<
ffffffff8125609e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<
ffffffff814c22c2>] system_call_fastpath+0x16/0x1b
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
David S. Miller [Tue, 12 Apr 2011 22:33:23 +0000 (15:33 -0700)]
ieee802154: Remove hacked CFLAGS in net/ieee802154/Makefile
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
bfac3693c426d280b026f6a1b77dc2294ea43fea ]
It adds -Wall (which the kernel carefully controls already) and of all
things -DDEBUG (which should be set by other means if desired, please
we have dynamic-debug these days).
Kill this noise.
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Stephen Hemminger [Fri, 13 May 2011 20:03:24 +0000 (16:03 -0400)]
bridge: fix forwarding of IPv6
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
cb68552858c64db302771469b1202ea09e696329 ]
The commit
6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e
bridge: Reset IPCB when entering IP stack on NF_FORWARD
broke forwarding of IPV6 packets in bridge because it would
call bp_parse_ip_options with an IPV6 packet.
Reported-by: Noah Meyerhans <noahm@debian.org>
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Jiri Bohac [Tue, 19 Apr 2011 02:09:55 +0000 (02:09 +0000)]
bonding: 802.3ad - fix agg_device_up
BugLink: http://bugs.launchpad.net/bugs/793702
[ Upstream commit
2430af8b7fa37ac0be102c77f9dc6ee669d24ba9 ]
The slave member of struct aggregator does not necessarily point
to a slave which is part of the aggregator. It points to the
slave structure containing the aggregator structure, while
completely different slaves (or no slaves at all) may be part of
the aggregator.
The agg_device_up() function wrongly uses agg->slave to find the state
of the aggregator. Use agg->lag_ports->slave instead. The bug has
been introduced by commit
4cd6fe1c6483cde93e2ec91f58b7af9c9eea51ad
("bonding: fix link down handling in 802.3ad mode").
Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Yang Ruirui [Sat, 16 Apr 2011 23:17:48 +0000 (19:17 -0400)]
ext4: release page cache in ext4_mb_load_buddy error path
BugLink: http://bugs.launchpad.net/bugs/793702
commit
26626f1172fb4f3f323239a6a5cf4e082643fa46 upstream.
Add missing page_cache_release in the error path of ext4_mb_load_buddy
Signed-off-by: Yang Ruirui <ruirui.r.yang@tieto.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ted Ts'o [Sat, 30 Apr 2011 17:17:11 +0000 (13:17 -0400)]
jbd: fix fsync() tid wraparound bug
BugLink: http://bugs.launchpad.net/bugs/793702
commit
d9b01934d56a96d9f4ae2d6204d4ea78a36f5f36 upstream.
If an application program does not make any changes to the indirect
blocks or extent tree, i_datasync_tid will not get updated. If there
are enough commits (i.e., 2**31) such that tid_geq()'s calculations
wrap, and there isn't a currently active transaction at the time of
the fdatasync() call, this can end up triggering a BUG_ON in
fs/jbd/commit.c:
J_ASSERT(journal->j_running_transaction != NULL);
It's pretty rare that this can happen, since it requires the use of
fdatasync() plus *very* frequent and excessive use of fsync(). But
with the right workload, it can.
We fix this by replacing the use of tid_geq() with an equality test,
since there's only one valid transaction id that is valid for us to
start: namely, the currently running transaction (if it exists).
Reported-by: Martin_Zielinski@McAfee.com
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Jan Kara [Thu, 5 May 2011 11:59:35 +0000 (13:59 +0200)]
jbd: Fix forever sleeping process in do_get_write_access()
BugLink: http://bugs.launchpad.net/bugs/793702
commit
2842bb20eed2e25cde5114298edc62c8883a1d9a upstream.
In do_get_write_access() we wait on BH_Unshadow bit for buffer to get
from shadow state. The waking code in journal_commit_transaction() has
a bug because it does not issue a memory barrier after the buffer is moved
from the shadow state and before wake_up_bit() is called. Thus a waitqueue
check can happen before the buffer is actually moved from the shadow state
and waiting process may never be woken. Fix the problem by issuing proper
barrier.
Reported-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Jan Kara [Wed, 27 Apr 2011 16:20:44 +0000 (18:20 +0200)]
ext3: Fix fs corruption when make_indexed_dir() fails
BugLink: http://bugs.launchpad.net/bugs/793702
commit
86c4f6d85595cd7da635dc6985d27bfa43b1ae10 upstream.
When make_indexed_dir() fails (e.g. because of ENOSPC) after it has allocated
block for index tree root, we did not properly mark all changed buffers dirty.
This lead to only some of these buffers being written out and thus effectively
corrupting the directory.
Fix the issue by marking all changed data dirty even in the error failure case.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
James Bottomley [Sun, 24 Apr 2011 19:30:14 +0000 (14:30 -0500)]
pata_cm64x: fix boot crash on parisc
BugLink: http://bugs.launchpad.net/bugs/793702
commit
9281b16caac1276817b77033c5b8a1f5ca30102c upstream.
The old IDE cmd64x checks the status of the CNTRL register to see if
the ports are enabled before probing them. pata_cmd64x doesn't do
this, which causes a HPMC on parisc when it tries to poke at the
secondary port because apparently the BAR isn't wired up (and a
non-responding piece of memory causes a HPMC).
Fix this by porting the CNTRL register port detection logic from IDE
cmd64x. In addition, following converns from Alan Cox, add a check to
see if a mobility electronics bridge is the immediate parent and forgo
the check if it is (prevents problems on hotplug controllers).
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Christopher James Halse Rogers [Wed, 27 Apr 2011 06:10:57 +0000 (16:10 +1000)]
drm: Send pending vblank events before disabling vblank.
BugLink: http://bugs.launchpad.net/bugs/793702
commit
498548ec69c6897fe4376b2ca90758762fa0b817 upstream.
This is the least-bad behaviour. It means that we signal the
vblank event before it actually happens, but since we're disabling
vblanks there's no guarantee that it will *ever* happen otherwise.
This prevents GL applications which use WaitMSC from hanging
indefinitely.
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
James Bottomley [Fri, 15 Apr 2011 15:55:45 +0000 (08:55 -0700)]
wire up clock_adjtime syscall
BugLink: http://bugs.launchpad.net/bugs/793702
commit
c3f957a22eca106bd28136943305b390b4337ebf upstream.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
James Bottomley [Fri, 15 Apr 2011 15:55:44 +0000 (08:55 -0700)]
wire up fanotify syscalls
BugLink: http://bugs.launchpad.net/bugs/793702
commit
1824074b07ee66fa0f714e08579ad85075132d7b upstream.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Johannes Berg [Thu, 12 May 2011 13:11:37 +0000 (15:11 +0200)]
mac80211: fix a few RCU issues
BugLink: http://bugs.launchpad.net/bugs/793702
commit
a3836e02ba4c50db958d32d710b226f2408623dc upstream.
A few configuration functions correctly do
rcu_read_lock() but don't correctly reference
some pointers protected by RCU. Fix that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Jouni Malinen [Wed, 4 May 2011 05:45:16 +0000 (22:45 -0700)]
nl80211: Fix set_key regression with some drivers
BugLink: http://bugs.launchpad.net/bugs/793702
commit
0e579d6a8f4aea346da818f13ee71401c125e639 upstream.
Commit
dbd2fd656f2060abfd3a16257f8b51ec60f6d2ed added a mechanism for
user space to indicate whether a default key is being configured for
only unicast or only multicast frames instead of all frames. This
commit added a driver capability flag for indicating whether separate
default keys are supported and validation of the set_key command based
on that capability.
However, this single capability flag is not enough to cover possible
difference based on mode (AP/IBSS/STA) and the way this change was
introduced resulted in a regression with drivers that do not indicate
the new capability (i.e.., more or less any non-mac80211 driver using
cfg80211) when using a recent wpa_supplicant snapshot.
Fix the regression by removing the new check which is not strictly
speaking needed. The new separate default key functionality is needed
only for RSN IBSS which has a separate capability indication.
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Johannes Berg [Tue, 29 Mar 2011 13:29:37 +0000 (06:29 -0700)]
iwlwifi: fix bugs in change_interface
BugLink: http://bugs.launchpad.net/bugs/793702
commit
a2b76b3b31568da9d281a393845f17689594ccdf upstream.
If change_interface gets invoked during a firmware
restart, it may crash; prevent that from happening
by checking if ctx->vif is assigned.
Additionally, in my initial commit I forgot to set
the vif->p2p variable correctly, so fix that too.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Lukas Czerner [Fri, 20 May 2011 17:55:29 +0000 (13:55 -0400)]
ext4: fix possible use-after-free in ext4_remove_li_request()
BugLink: http://bugs.launchpad.net/bugs/793702
commit
1bb933fb1fa8e4cb337a0d5dfd2ff4c0dc2073e8 upstream.
We need to take reference to the s_li_request after we take a mutex,
because it might be freed since then, hence result in accessing old
already freed memory. Also we should protect the whole
ext4_remove_li_request() because ext4_li_info might be in the process of
being freed in ext4_lazyinit_thread().
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Jiri Olsa [Thu, 12 May 2011 14:30:30 +0000 (16:30 +0200)]
x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address limit
BugLink: http://bugs.launchpad.net/bugs/793702
commit
26afb7c661080ae3f1f13ddf7f0c58c4f931c22b upstream.
As reported in BZ #30352:
https://bugzilla.kernel.org/show_bug.cgi?id=30352
there's a kernel bug related to reading the last allowed page on x86_64.
The _copy_to_user() and _copy_from_user() functions use the following
check for address limit:
if (buf + size >= limit)
fail();
while it should be more permissive:
if (buf + size > limit)
fail();
That's because the size represents the number of bytes being
read/write from/to buf address AND including the buf address.
So the copy function will actually never touch the limit
address even if "buf + size == limit".
Following program fails to use the last page as buffer
due to the wrong limit check:
#include <sys/mman.h>
#include <sys/socket.h>
#include <assert.h>
#define PAGE_SIZE (4096)
#define LAST_PAGE ((void*)(0x7fffffffe000))
int main()
{
int fds[2], err;
void * ptr = mmap(LAST_PAGE, PAGE_SIZE, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
assert(ptr == LAST_PAGE);
err = socketpair(AF_LOCAL, SOCK_STREAM, 0, fds);
assert(err == 0);
err = send(fds[0], ptr, PAGE_SIZE, 0);
perror("send");
assert(err == PAGE_SIZE);
err = recv(fds[1], ptr, PAGE_SIZE, MSG_WAITALL);
perror("recv");
assert(err == PAGE_SIZE);
return 0;
}
The other place checking the addr limit is the access_ok() function,
which is working properly. There's just a misleading comment
for the __range_not_ok() macro - which this patch fixes as well.
The last page of the user-space address range is a guard page and
Brian Gerst observed that the guard page itself due to an erratum on K8 cpus
(#121 Sequential Execution Across Non-Canonical Boundary Causes Processor
Hang).
However, the test code is using the last valid page before the guard page.
The bug is that the last byte before the guard page can't be read
because of the off-by-one error. The guard page is left in place.
This bug would normally not show up because the last page is
part of the process stack and never accessed via syscalls.
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Acked-by: Brian Gerst <brgerst@gmail.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/
1305210630-7136-1-git-send-email-jolsa@redhat.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Artem Bityutskiy [Thu, 28 Apr 2011 17:26:59 +0000 (20:26 +0300)]
mtd: return badblockbits back
BugLink: http://bugs.launchpad.net/bugs/793702
commit
26d9be11485ea8c1102c3e8eaa7667412eef4950 upstream.
In commit
c7b28e25cb9beb943aead770ff14551b55fa8c79 the initialization of
the backblockbits was accidentally removed. This patch returns it back,
because otherwise some NAND drivers are broken.
This problem was reported by "Saxena, Parth <parth.saxena@ti.com>" here:
http://lists.infradead.org/pipermail/linux-mtd/2011-April/035221.html
Reported-by: Parth Saxena <parth.saxena@ti.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Tested-by: Parth Saxena <parth.saxena@ti.com>
Acked-by: Parth Saxena <parth.saxena@ti.com>
Acked-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Felix Radensky [Sun, 24 Apr 2011 22:57:12 +0000 (01:57 +0300)]
mtd: mtdconcat: fix NAND OOB write
BugLink: http://bugs.launchpad.net/bugs/793702
commit
431e1ecabddcd7cbba237182ddf431771f98bb4c upstream.
Currently mtdconcat is broken for NAND. An attemtpt to create
JFFS2 filesystem on concatenation of several NAND devices fails
with OOB write errors. This patch fixes that problem.
Signed-off-by: Felix Radensky <felix@embedded-sol.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tejun Heo [Thu, 26 May 2011 19:06:50 +0000 (21:06 +0200)]
block: always allocate genhd->ev if check_events is implemented
BugLink: http://bugs.launchpad.net/bugs/793702
commit
75e3f3ee3c64968d42f4843ec49e579f84b5aa0c upstream.
9fd097b149 (block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe
drivers) removed DISK_EVENT_MEDIA_CHANGE from legacy/fringe block
drivers which have inadequate ->check_events(). Combined with earlier
change
7c88a168da (block: don't propagate unlisted DISK_EVENTs to
userland), this enables using ->check_events() for internal processing
while avoiding enabling in-kernel block event polling which can lead
to infinite event loop.
Unfortunately, this made many drivers including floppy without any bit
set in disk->events and ->async_events in which case disk_add_events()
simply skipped allocation of disk->ev, which disables whole event
handling. As ->check_events() is still used during open processing
for revalidation, this can lead to open failure.
This patch always allocates disk->ev if ->check_events is implemented.
In the long term, it would make sense to simply include the event
structure inline into genhd as it's now used by virtually all block
devices.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Ondrej Zary <linux@rainbow-software.org>
Reported-by: Alex Villacis Lasso <avillaci@ceibo.fiec.espol.edu.ec>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
James Bottomley [Wed, 18 May 2011 14:20:10 +0000 (16:20 +0200)]
block: add proper state guards to __elv_next_request
BugLink: http://bugs.launchpad.net/bugs/793702
commit
0a58e077eb600d1efd7e54ad9926a75a39d7f8ae upstream.
blk_cleanup_queue() calls elevator_exit() and after this, we can't
touch the elevator without oopsing. __elv_next_request() must check
for this state because in the refcounted queue model, we can still
call it after blk_cleanup_queue() has been called.
This was reported as causing an oops attributable to scsi.
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Martin K. Petersen [Wed, 18 May 2011 08:37:35 +0000 (10:37 +0200)]
block: Fix discard topology stacking and reporting
BugLink: http://bugs.launchpad.net/bugs/793702
commit
a934a00a69e940b126b9bdbf83e630ef5fe43523 upstream.
In some cases we would end up stacking discard_zeroes_data incorrectly.
Fix this by enabling the feature by default for stacking drivers and
clearing it for low-level drivers. Incorporating a device that does not
support dzd will then cause the feature to be disabled in the stacking
driver.
Also ensure that the maximum discard value does not overflow when
exported in sysfs and return 0 in the alignment and dzd fields for
devices that don't support discard.
Reported-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tejun Heo [Thu, 21 Apr 2011 18:54:46 +0000 (20:54 +0200)]
block: don't block events on excl write for non-optical devices
BugLink: http://bugs.launchpad.net/bugs/793702
commit
d4dc210f69bcb0b4bef5a83b1c323817be89bad1 upstream.
Disk event code automatically blocks events on excl write. This is
primarily to avoid issuing polling commands while burning is in
progress. This behavior doesn't fit other types of devices with
removeable media where polling commands don't have adverse side
effects and door locking usually doesn't exist.
This patch introduces new genhd flag which controls the auto-blocking
behavior and uses it to enable auto-blocking only on optical devices.
Note for stable: 2.6.38 and later only
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tejun Heo [Wed, 9 Mar 2011 18:54:27 +0000 (19:54 +0100)]
ide: Convert to bdops->check_events()
BugLink: http://bugs.launchpad.net/bugs/793702
commit
5b03a1b140e13a28ff6be1526892a9dc538ddef6 upstream.
Convert ->media_changed() to the new ->check_events() method. The
conversion is mostly mechanical. The only notable change is that
cdrom now doesn't generate any event if @slot_nr isn't CDSL_CURRENT.
It used to return -EINVAL which would be treated as media changed. As
media changer isn't supported anyway, this doesn't make any
difference.
This makes ide emit the standard disk events and allows kernel event
polling. Currently, only MEDIA_CHANGE event is implemented. Adding
support for EJECT_REQUEST shouldn't be difficult; however, given that
ide driver is already deprecated, it probably is best to leave it
alone.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Jens Axboe <axboe@kernel.dk>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-ide@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tejun Heo [Wed, 9 Mar 2011 18:54:28 +0000 (19:54 +0100)]
gdrom,viocd: Convert to bdops->check_events()
BugLink: http://bugs.launchpad.net/bugs/793702
commit
1c27030bd21e7e2c68ef5be9f28c63778cf4b27f upstream.
Convert gdrom and viocd from ->media_changed() to ->check_events().
It's unclear how the conditions are cleared and it's possible that it
may generate spurious events when polled.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tejun Heo [Wed, 9 Mar 2011 18:54:28 +0000 (19:54 +0100)]
paride: Convert to bdops->check_events()
BugLink: http://bugs.launchpad.net/bugs/793702
commit
b1b56b93f331bd61492fdb99e7986f7a528ca730 upstream.
Convert paride drivers from ->media_changed() to ->check_events().
pcd and pd buffer and clear events after reporting; however, pf
unconditionally reports MEDIA_CHANGE and will generate spurious events
when polled.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Tim Waugh <tim@cyberelk.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tejun Heo [Mon, 23 May 2011 11:26:07 +0000 (13:26 +0200)]
block: move bd_set_size() above rescan_partitions() in __blkdev_get()
BugLink: http://bugs.launchpad.net/bugs/793702
commit
7e69723fef8771a9d57bd27d36281d756130b4b5 upstream.
02e352287a4 (block: rescan partitions on invalidated devices on
-ENOMEDIA too) relocated partition rescan above explicit bd_set_size()
to simplify condition check. As rescan_partitions() does its own bdev
size setting, this doesn't break anything; however,
rescan_partitions() prints out the following messages when adjusting
bdev size, which can be confusing.
sda: detected capacity change from 0 to
146815737856
sdb: detected capacity change from 0 to
146815737856
This patch restores the original order and remove the warning
messages.
stable: Please apply together with
02e352287a4 (block: rescan
partitions on invalidated devices on -ENOMEDIA too).
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Tony Luck <tony.luck@gmail.com>
Tested-by: Tony Luck <tony.luck@gmail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tejun Heo [Fri, 29 Apr 2011 08:15:20 +0000 (10:15 +0200)]
block: rescan partitions on invalidated devices on -ENOMEDIA too
BugLink: http://bugs.launchpad.net/bugs/793702
commit
02e352287a40bd456eb78df705bf888bc3161d3f upstream.
__blkdev_get() doesn't rescan partitions if disk->fops->open() fails,
which leads to ghost partition devices lingering after medimum removal
is known to both the kernel and userland. The behavior also creates a
subtle inconsistency where O_NONBLOCK open, which doesn't fail even if
there's no medium, clears the ghots partitions, which is exploited to
work around the problem from userland.
Fix it by updating __blkdev_get() to issue partition rescan after
-ENOMEDIA too.
This was reported in the following bz.
https://bugzilla.kernel.org/show_bug.cgi?id=13029
Stable: 2.6.38
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: David Zeuthen <zeuthen@gmail.com>
Reported-by: Martin Pitt <martin.pitt@ubuntu.com>
Reported-by: Kay Sievers <kay.sievers@vrfy.org>
Tested-by: Kay Sievers <kay.sievers@vrfy.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Johannes Berg [Fri, 6 May 2011 18:11:20 +0000 (11:11 -0700)]
iwlagn: fix iwl_is_any_associated
BugLink: http://bugs.launchpad.net/bugs/793702
commit
054ec924944912413e4ee927b8cf02f476d08783 upstream.
The function iwl_is_any_associated() was intended
to check both contexts, but due to an oversight
it only checks the BSS context. This leads to a
problem with scanning since the passive dwell
time isn't restricted appropriately and a scan
that includes passive channels will never finish
if only the PAN context is associated since the
default dwell time of 120ms won't fit into the
normal 100 TU DTIM interval.
Fix the function by using for_each_context() and
also reorganise the other functions a bit to take
advantage of each other making the code easier to
read.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Eric B Munson [Mon, 23 May 2011 04:22:40 +0000 (04:22 +0000)]
powerpc/oprofile: Handle events that raise an exception without overflowing
BugLink: http://bugs.launchpad.net/bugs/793702
commit
ad5d5292f16c6c1d7d3e257c4c7407594286b97e upstream.
Commit
0837e3242c73566fc1c0196b4ec61779c25ffc93 fixes a situation on POWER7
where events can roll back if a specualtive event doesn't actually complete.
This can raise a performance monitor exception. We need to catch this to ensure
that we reset the PMC. In all cases the PMC will be less than 256 cycles from
overflow.
This patch lifts Anton's fix for the problem in perf and applies it to oprofile
as well.
Signed-off-by: Eric B Munson <emunson@mgebm.net>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Ryan Grimm [Thu, 31 Mar 2011 19:33:02 +0000 (19:33 +0000)]
powerpc: Set nr_cpu_ids early and use it to free PACAs
BugLink: http://bugs.launchpad.net/bugs/793702
commit
c1854e00727f50f7ac99e98d26ece04c087ef785 upstream.
Without this, "holes" in the CPU numbering can cause us to
free too many PACAs
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Senthil Balasubramanian [Thu, 12 May 2011 10:54:28 +0000 (16:24 +0530)]
ath9k_hw: Fix STA connection issues with AR9380 (XB113).
BugLink: http://bugs.launchpad.net/bugs/793702
commit
be0e6aa5a0c487a2a0880dda8bc70f7f1860fc39 upstream.
XB113 (AR9380) 3x3 SB 5G only cards were failing to connect to APs
due to incorrect xpabiaslevel configuration. fix it.
Cc: Ray Li <ray.li@greenwavereality.com>
Cc: Kathy Giori <kathy.giori@atheros.com>
Cc: Aeolus Yang <aeolus.yang@atheros.com>
Cc: compat@orbit-lab.org
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Luis R. Rodriguez [Wed, 11 May 2011 21:57:26 +0000 (14:57 -0700)]
ath9k_hw: fix dual band assumption for XB113
BugLink: http://bugs.launchpad.net/bugs/793702
commit
9ba7f4f5eba5f4b44c7796bbad29f8ec3a7d5864 upstream.
The XB113 cards are single band, 5 GHz-only, but the
default settings were configured to assume it was dual
band. Users of these cards then would see 2.4 GHz channels
but you would never get any scan results from these channels
given that the radio is not present.
Cc: Fiona Cain <Fiona.Cain@atheros.com>
Cc: Ray Li <ray.li@greenwavereality.com>
Cc: Kathy Giori <kathy.giori@atheros.com>
Cc: Aeolus Yang <aeolus.yang@atheros.com>
Cc: Dan Friedman <dan.friedman@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Luis R. Rodriguez [Wed, 4 May 2011 21:01:26 +0000 (14:01 -0700)]
ath9k_hw: fix power for the HT40 duplicate frames
BugLink: http://bugs.launchpad.net/bugs/793702
commit
cf3a03b9c99a0b2715741d116f50f513f545bb2d upstream.
With AR9003 at about ~ 10 feet from an AP that uses RTS / CTS you
will be able to associate but not not get data through given that
the power for the rates used was set too low. This increases the
power and permits data connectivity at longer distances from
access points when connected with HT40. Without this you will not
get any data through when associated to APs configured in HT40
at about more than 10 feet away.
Cc: Fiona Cain <fcain@atheros.com>
Cc: Zhen Xie <Zhen.Xie@Atheros.com>
Cc: Kathy Giori <kathy.giori@atheros.com>
Cc: Neha Choksi <neha.choksi@atheros.com>
Cc: Wayne Daniel <wayne.daniel@atheros.com>
Cc: Gaurav Jauhar <gaurav.jauhar@atheros.com>
Cc: Samira Naraghi <samira.naraghi@atheros.com>
CC: Ashok Chennupati <ashok.chennupati@atheros.com>
Cc: Lance Zimmerman <lance.zimmerman@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Rajkumar Manoharan [Wed, 4 May 2011 14:07:17 +0000 (19:37 +0530)]
ath9k_hw: do noise floor calibration only on required chains
BugLink: http://bugs.launchpad.net/bugs/793702
commit
28ef6450f0182f95c4f50aaa0ab2043a09c72b0a upstream.
At present the noise floor calibration is processed in supported
control and extension chains rather than required chains.
Unnccesarily doing nfcal in all supported chains leads to
invalid nf readings on extn chains and these invalid values
got updated into history buffer. While loading those values
from history buffer is moving the chip to deaf state.
This issue was observed in AR9002/AR9003 chips while doing
associate/dissociate in HT40 mode and interface up/down
in iterative manner. After some iterations, the chip was moved
to deaf state. Somehow the pci devices are recovered by poll work
after chip reset. Raading the nf values in all supported extension chains
when the hw is not yet configured in HT40 mode results invalid values.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Fenghua Yu [Tue, 17 May 2011 19:33:26 +0000 (12:33 -0700)]
x86, cpufeature: Fix cpuid leaf 7 feature detection
BugLink: http://bugs.launchpad.net/bugs/793702
commit
2494b030ba9334c7dd7df9b9f7abe4eacc950ec5 upstream.
CPUID leaf 7, subleaf 0 returns the maximum subleaf in EAX, not the
number of subleaves. Since so far only subleaf 0 is defined (and only
the EBX bitfield) we do not need to qualify the test.
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Link: http://lkml.kernel.org/r/
1305660806-17519-1-git-send-email-fenghua.yu@intel.com
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Milton Miller [Tue, 10 May 2011 19:28:33 +0000 (19:28 +0000)]
powerpc/kexec: Fix memory corruption from unallocated slaves
BugLink: http://bugs.launchpad.net/bugs/793702
commit
3d2cea732d68aa270c360f55d8669820ebce188a upstream.
Commit
1fc711f7ffb01089efc58042cfdbac8573d1b59a (powerpc/kexec: Fix race
in kexec shutdown) moved the write to signal the cpu had exited the kernel
from before the transition to real mode in kexec_smp_wait to kexec_wait.
Unfornately it missed that kexec_wait is used both by cpus leaving the
kernel and by secondary slave cpus that were not allocated a paca for
what ever reason -- they could be beyond nr_cpus or not described in
the current device tree for whatever reason (for example, kexec-load
was not refreshed after a cpu hotplug operation). Cpus coming through
that path they will write to paca[NR_CPUS] which is beyond the space
allocated for the paca data and overwrite memory not allocated to pacas
but very likely still real mode accessable).
Move the write back to kexec_smp_wait, which is used only by cpus that
found their paca, but after the transition to real mode.
Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Milton Miller [Tue, 10 May 2011 19:28:41 +0000 (19:28 +0000)]
powerpc/kdump64: Don't reference freed memory as pacas
BugLink: http://bugs.launchpad.net/bugs/793702
commit
bd9e5eefecb3d69018bb95796298019d309cbec8 upstream.
Starting with
1426d5a3bd07589534286375998c0c8c6fdc5260 (powerpc:
Dynamically allocate pacas) the space for pacas beyond cpu_possible
is freed, but we failed to update the loop in crash.c.
Since
c1854e00727f50f7ac99e98d26ece04c087ef785 (powerpc: Set nr_cpu_ids
early and use it to free PACAs) the number of pacas allocated is
always nr_cpu_ids.
Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Arun Easi [Tue, 10 May 2011 18:18:17 +0000 (11:18 -0700)]
qla2xxx: Fix vport delete hang when logins are outstanding.
BugLink: http://bugs.launchpad.net/bugs/793702
commit
9f40682e2857a3c2ddb80a87b185af3c6a708346 upstream.
Timer is required to flush out entries that may be present in work queues.
Signed-off-by: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Madhuranath Iyengar <Madhu.Iyengar@qlogic.com>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Saurav Kashyap [Tue, 10 May 2011 18:18:18 +0000 (11:18 -0700)]
qla2xxx: Fix virtual port failing to login after chip reset.
BugLink: http://bugs.launchpad.net/bugs/793702
commit
cefcaba67ab97fb756b3a6af5139c94d861b660d upstream.
This patch ensures qla82xx_watchdog is not being run for the vport. It also
makes sure that beacon ON is not done for the vport, as it will lead to the
waking up of the dpc thread again and again.
Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: Madhuranath Iyengar <Madhu.Iyengar@qlogic.com>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Arun Easi [Tue, 10 May 2011 18:18:16 +0000 (11:18 -0700)]
qla2xxx: Fix hang during driver unload when vport is active.
BugLink: http://bugs.launchpad.net/bugs/793702
commit
43ebf16d762b082663976b679b813e1b546548d1 upstream.
Bumping ref count during fc_vport_terminate() was the cause. vport
delete would wait for ref count to drop to zero and that would never
happen.
Signed-off-by: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Madhuranath Iyengar <Madhu.Iyengar@qlogic.com>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Steven Rostedt [Sat, 30 Apr 2011 02:35:33 +0000 (22:35 -0400)]
ftrace: Only update the function code on write to filter files
BugLink: http://bugs.launchpad.net/bugs/793702
commit
058e297d34a404caaa5ed277de15698d8dc43000 upstream.
If function tracing is enabled, a read of the filter files will
cause the call to stop_machine to update the function trace sites.
It should only call stop_machine on write.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Anton Blanchard [Tue, 17 May 2011 19:38:57 +0000 (15:38 -0400)]
net: recvmmsg: Strip MSG_WAITFORONE when calling recvmsg
BugLink: http://bugs.launchpad.net/bugs/793702
commit
b9eb8b8752804cecbacdb4d24b52e823cf07f107 upstream.
recvmmsg fails on a raw socket with EINVAL. The reason for this is
packet_recvmsg checks the incoming flags:
err = -EINVAL;
if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE))
goto out;
This patch strips out MSG_WAITFORONE when calling recvmmsg which
fixes the issue.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
steven finney [Mon, 2 May 2011 18:29:17 +0000 (11:29 -0700)]
Fix memory leak in cpufreq_stat
BugLink: http://bugs.launchpad.net/bugs/793702
commit
98586ed8b8878e10691203687e89a42fa3355300 upstream.
When a CPU is taken offline in an SMP system, cpufreq_remove_dev()
nulls out the per-cpu policy before cpufreq_stats_free_table() can
make use of it. cpufreq_stats_free_table() then skips the
call to sysfs_remove_group(), leaving about 100 bytes of sysfs-related
memory unclaimed each time a CPU-removal occurs. Break up
cpu_stats_free_table into sysfs and table portions, and
call the sysfs portion early.
Signed-off-by: Steven Finney <steven.finney@palm.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Jacob Shin [Wed, 27 Apr 2011 18:32:11 +0000 (13:32 -0500)]
CPU hotplug, re-create sysfs directory and symlinks
BugLink: http://bugs.launchpad.net/bugs/793702
commit
27ecddc2a9f99ce4ac9a59a0acd77f7100b6d034 upstream.
When we discover CPUs that are affected by each other's
frequency/voltage transitions, the first CPU gets a sysfs directory
created, and rest of the siblings get symlinks. Currently, when we
hotplug off only the first CPU, all of the symlinks and the sysfs
directory gets removed. Even though rest of the siblings are still
online and functional, they are orphaned, and no longer governed by
cpufreq.
This patch, given the above scenario, creates a sysfs directory for
the first sibling and symlinks for the rest of the siblings.
Please note the recursive call, it was rather too ugly to roll it
out. And the removal of redundant NULL setting (it is already taken
care of near the top of the function).
Signed-off-by: Jacob Shin <jacob.shin@amd.com>
Acked-by: Mark Langsdorf <mark.langsdorf@amd.com>
Reviewed-by: Thomas Renninger <trenn@suse.de>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Naga Chumbalkar [Tue, 26 Apr 2011 17:05:18 +0000 (17:05 +0000)]
Fix _OSC UUID in pcc-cpufreq
BugLink: http://bugs.launchpad.net/bugs/793702
commit
904cc1e637a00dba1b58e7752f485f90ebf2a568 upstream.
UUID needs to be written out the way it is described in
Sec 18.5.124 of ACPI 4.0a Specification.
Platform firmware's use of this UUID/_OSC is optional, which is
why we didn't notice this bug earlier.
Signed-off-by: Naga Chumbalkar <nagananda.chumbalkar@hp.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Catalin Marinas [Thu, 19 May 2011 15:25:30 +0000 (16:25 +0100)]
kmemleak: Initialise kmemleak after debug_objects_mem_init()
BugLink: http://bugs.launchpad.net/bugs/793702
commit
9b090f2da85bd0df5e1a1ecfe4120b7b50358f48 upstream.
Kmemleak frees objects via RCU and when CONFIG_DEBUG_OBJECTS_RCU_HEAD
is enabled, the RCU callback triggers a call to free_object() in
lib/debugobjects.c. Since kmemleak is initialised before debug objects
initialisation, it may result in a kernel panic during booting. This
patch moves the kmemleak_init() call after debug_objects_mem_init().
Reported-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Tested-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Catalin Marinas [Wed, 27 Apr 2011 15:44:26 +0000 (16:44 +0100)]
kmemleak: Do not return a pointer to an object that kmemleak did not get
BugLink: http://bugs.launchpad.net/bugs/793702
commit
52c3ce4ec5601ee383a14f1485f6bac7b278896e upstream.
The kmemleak_seq_next() function tries to get an object (and increment
its use count) before returning it. If it could not get the last object
during list traversal (because it may have been freed), the function
should return NULL rather than a pointer to such object that it did not
get.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
Acked-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tim Gardner [Thu, 23 Jun 2011 14:55:53 +0000 (08:55 -0600)]
UBUNTU: [Config] Add grub-efi as a recommended bootloader for server and generic
BugLink: http://bugs.launchpad.net/bugs/800910
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Keng-Yu Lin [Wed, 22 Jun 2011 01:49:34 +0000 (09:49 +0800)]
drm/i915: disable PCH ports if needed when disabling a CRTC
BugLink: http://bugs.launchpad.net/bugs/791752
Disable any PCH ports associated with a pipe when disabling it. This
should prevent transcoder disable failures due to ports still being on.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
[ickle: introduce *_PIPE_ENABLED() macro]
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
backported from commit
47a05eca72991039e788b25232061f9c9df9ec23
Signed-off-by: Keng-Yu Lin <keng-yu.lin@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Rabin Vincent [Wed, 27 Apr 2011 15:37:28 +0000 (21:07 +0530)]
USB: ehci: remove structure packing from ehci_def
BugLink: http://bugs.launchpad.net/bugs/791552
As pointed out by Arnd Bergmann, in include/linux/usb/ehci_def.h, struct
ehci_caps is defined with __attribute__((packed)) for no good reason,
and this triggers undefined behaviour when using ARM's readl() on
pointers to elements of this structure:
http://lkml.kernel.org/r/
201102021700.20683.arnd@arndb.de
The same problem exists with the other two structures in ehci_def.h too,
so remove the __attribute__((packed)) from all of them.
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
(cherry picked from commit
139540170d9d9b7ead3caaf540f161756b356d56)
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Daniel J Blueman [Fri, 17 Jun 2011 18:32:19 +0000 (11:32 -0700)]
drm/i915: Fix gen6 (SNB) missed BLT ring interrupts.
BugLink: http://bugs.launchpad.net/bugs/761065
The failure appeared in dmesg as:
[drm:i915_hangcheck_ring_idle] *ERROR* Hangcheck timer elapsed... blt
ring idle [waiting on
35064155, at
35064155], missed IRQ?
This works around that problem on by making the blitter command
streamer write interrupt state to the Hardware Status Page when a
MI_USER_INTERRUPT command is decoded, which appears to force the seqno
out to memory before the interrupt happens.
v1->v2: Moved to prior interrupt handler installation and RMW flags as
per feedback.
v2->v3: Removed RMW of flags (by anholt)
Cc: stable@kernel.org
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Tested-by: Chris Wilson <chris@chris-wilson.co.uk> [v1]
Tested-by: Eric Anholt <eric@anholt.net> [v1,v3]
(incidence of the bug with a testcase went from avg 2/1000 to
0/12651 in the latest test run (plus more for v1))
Tested-by: Kenneth Graunke <kenneth@whitecape.org> [v1]
Tested-by: Robert Hooker <robert.hooker@canonical.com> [v1]
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=33394
Signed-off-by: Dave Airlie <airlied@redhat.com>
(cherry picked from commit
498e720b96379d8ee9c294950a01534a73defcf3)
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Tero Kristo [Thu, 24 Feb 2011 15:19:23 +0000 (17:19 +0200)]
cpuidle: menu: fixed wrapping timers at 4.294 seconds
BugLink: http://bugs.launchpad.net/bugs/774947
Cpuidle menu governor is using u32 as a temporary datatype for storing
nanosecond values which wrap around at 4.294 seconds. This causes errors
in predicted sleep times resulting in higher than should be C state
selection and increased power consumption. This also breaks cpuidle
state residency statistics.
cc: stable@kernel.org # .32.x through .39.x
Signed-off-by: Tero Kristo <tero.kristo@nokia.com>
Signed-off-by: Len Brown <len.brown@intel.com>
(cherry picked from commit
7467571f4480b273007517b26297c07154c73924)
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Takashi Iwai [Tue, 26 Apr 2011 13:25:02 +0000 (15:25 +0200)]
ALSA: hda - Enable sync_write workaround for AMD generically
BugLink: http://bugs.launchpad.net/bugs/741825
Backport from
d507cd668a3f6d07b31e914722b453c454b03204.
The workaround for AMD chipset via sync_write flag seems needed for
machines with Realtek codecs. So, it's better to activate it
generically in hda_intel.c from the beginning.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Takashi Iwai [Tue, 17 May 2011 16:41:25 +0000 (18:41 +0200)]
ALSA: hda - Enable snoop bit for AMD controllers
BugLink: http://bugs.launchpad.net/bugs/741825
AMD Hudson controllers give noisy outputs when the buffer data is
rewritten on the fly as PulseAudio does. This seems fixed by the
snoop bit enabled just like ATI chipset.
Also, disable 64bit DMA as now, to be sure.
We can revisit this later.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit
20c304ed84e05a91b2acae36d428d621d3c1d1c6)
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Takashi Iwai [Fri, 20 May 2011 14:29:09 +0000 (16:29 +0200)]
ALSA: hda - Use LPIB for ATI/AMD chipsets as default
BugLink: http://bugs.launchpad.net/bugs/741825
ATI and AMD chipsets seem not providing the proper position-buffer
information, and it also doesn't provide FIFO register required by
VIACOMBO fix. It's better to use LPIB for these.
Reported-by: David Henningsson <david.henningsson@canonical.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit
50e3bbf9898840eead86f90a43b3625a2b2f4112)
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Johannes Weiner [Wed, 25 May 2011 00:11:09 +0000 (17:11 -0700)]
mm: vmscan: correct use of pgdat_balanced in sleeping_prematurely
BugLink: http://bugs.launchpad.net/bugs/755066
There are a few reports of people experiencing hangs when copying large
amounts of data with kswapd using a large amount of CPU which appear to be
due to recent reclaim changes. SLUB using high orders is the trigger but
not the root cause as SLUB has been using high orders for a while. The
root cause was bugs introduced into reclaim which are addressed by the
following two patches.
Patch 1 corrects logic introduced by commit
1741c877 ("mm: kswapd:
keep kswapd awake for high-order allocations until a percentage of
the node is balanced") to allow kswapd to go to sleep when
balanced for high orders.
Patch 2 notes that it is possible for kswapd to miss every
cond_resched() and updates shrink_slab() so it'll at least reach
that scheduling point.
Chris Wood reports that these two patches in isolation are sufficient to
prevent the system hanging. AFAIK, they should also resolve similar hangs
experienced by James Bottomley.
This patch:
Johannes Weiner poined out that the logic in commit
1741c877 ("mm: kswapd:
keep kswapd awake for high-order allocations until a percentage of the
node is balanced") is backwards. Instead of allowing kswapd to go to
sleep when balancing for high order allocations, it keeps it kswapd
running uselessly.
Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Colin King <colin.king@canonical.com>
Cc: Raghavendra D Prabhu <raghu.prabhu13@gmail.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Chris Mason <chris.mason@oracle.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Rik van Riel <riel@redhat.com>
Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
Reviewed-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: <stable@kernel.org> [2.6.38+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit
afc7e326a3f5bafc41324d7926c324414e343ee5)
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Minchan Kim [Wed, 25 May 2011 00:11:11 +0000 (17:11 -0700)]
mm: vmscan: correctly check if reclaimer should schedule during shrink_slab
BugLink: http://bugs.launchpad.net/bugs/755066
It has been reported on some laptops that kswapd is consuming large
amounts of CPU and not being scheduled when SLUB is enabled during large
amounts of file copying. It is expected that this is due to kswapd
missing every cond_resched() point because;
shrink_page_list() calls cond_resched() if inactive pages were isolated
which in turn may not happen if all_unreclaimable is set in
shrink_zones(). If for whatver reason, all_unreclaimable is
set on all zones, we can miss calling cond_resched().
balance_pgdat() only calls cond_resched if the zones are not
balanced. For a high-order allocation that is balanced, it
checks order-0 again. During that window, order-0 might have
become unbalanced so it loops again for order-0 and returns
that it was reclaiming for order-0 to kswapd(). It can then
find that a caller has rewoken kswapd for a high-order and
re-enters balance_pgdat() without ever calling cond_resched().
shrink_slab only calls cond_resched() if we are reclaiming slab
pages. If there are a large number of direct reclaimers, the
shrinker_rwsem can be contended and prevent kswapd calling
cond_resched().
This patch modifies the shrink_slab() case. If the semaphore is
contended, the caller will still check cond_resched(). After each
successful call into a shrinker, the check for cond_resched() remains in
case one shrinker is particularly slow.
[mgorman@suse.de: preserve call to cond_resched after each call into shrinker]
Signed-off-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Minchan Kim <minchan.kim@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Colin King <colin.king@canonical.com>
Cc: Raghavendra D Prabhu <raghu.prabhu13@gmail.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Chris Mason <chris.mason@oracle.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: <stable@kernel.org> [2.6.38+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit
f06590bd718ed950c98828e30ef93204028f3210)
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Nick Kossifidis [Fri, 17 Jun 2011 14:29:22 +0000 (09:29 -0500)]
ath5k: Disable fast channel switching by default
BugLink: http://bugs.launchpad.net/bugs/767192
Disable fast channel change by default on AR2413/AR5413 due to
some bug reports (it still works for me but it's better to be safe).
Add a module parameter "fastchanswitch" in case anyone wants to enable
it and play with it.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
(backported from commit
a99168eece601d2a79ecfcb968ce226f2f30cf98 upstream)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Stefan Metzmacher [Wed, 1 Jun 2011 02:01:41 +0000 (02:01 +0000)]
usbnet/cdc_ncm: add missing .reset_resume hook
BugLink: http://bugs.launchpad.net/bugs/793892
This avoids messages like this after suspend:
cdc_ncm 2-1.4:1.6: no reset_resume for driver cdc_ncm?
cdc_ncm 2-1.4:1.7: no reset_resume for driver cdc_ncm?
cdc_ncm 2-1.4:1.6: usb0: unregister 'cdc_ncm' usb-0000:00:1d.0-1.4, CDC NCM
This is important for the Ericsson F5521gw GSM/UMTS modem.
Otherwise modemmanager looses the fact that the cdc_ncm and cdc_acm devices
belong together.
The cdc_ether module does the same.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
(backport from commit
85e3c65fa3a1d0542c181510a950a2be7733ff29 upstream)
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
Timo Warns [Fri, 10 Jun 2011 10:05:59 +0000 (11:05 +0100)]
fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating GUID partitions (in fs/partitions/efi.c) contains
a bug that causes a kernel oops on certain corrupted GUID partition
tables.
This bug has security impacts, because it allows, for example, to
prepare a storage device that crashes a kernel subsystem upon connecting
the device (e.g., a "USB Stick of (Partial) Death").
crc = efi_crc32((const unsigned char *) (*gpt), le32_to_cpu((*gpt)->header_size));
computes a CRC32 checksum over gpt covering (*gpt)->header_size bytes.
There is no validation of (*gpt)->header_size before the efi_crc32 call.
A corrupted partition table may have large values for (*gpt)->header_size.
In this case, the CRC32 computation access memory beyond the memory
allocated for gpt, which may cause a kernel heap overflow.
Validate value of GUID partition table header size.
[akpm@linux-foundation.org: fix layout and indenting]
Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: Matt Domsch <Matt_Domsch@dell.com>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Cc: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit
3eb8e74ec72736b9b9d728bad30484ec89c91dde)
CVE-2011-1577
BugLink: http://bugs.launchpad.net/bugs/795418
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Phil Oester [Mon, 6 Jun 2011 10:35:23 +0000 (11:35 +0100)]
bonding: Incorrect TX queue offset, CVE-2011-1581
When packets come in from a device with >= 16 receive queues
headed out a bonding interface, syslog gets filled with this:
kernel: bond0 selects TX queue 16, but real number of TX queues is 16
because queue_mapping is offset by 1. Adjust return value
to account for the offset.
This is a revision of my earlier patch (which did not use the
skb_rx_queue_* helpers - thanks to Ben for the suggestion).
Andy submitted a similar patch which emits a pr_warning on
invalid queue selection, but I believe the log spew is
not useful. We can revisit that question in the future,
but in the interim I believe fixing the core problem is
worthwhile.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit
fd0e435b0fe85622f167b84432552885a4856ac8)
CVE-2011-1581
BugLink: http://bugs.launchpad.net/bugs/792312
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Steve Conklin [Tue, 12 Jul 2011 20:00:27 +0000 (15:00 -0500)]
UBUNTU: Bump ABI
Ignore: yes
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Steve Conklin [Tue, 12 Jul 2011 19:58:42 +0000 (14:58 -0500)]
Fix up ABI directory
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Steve Conklin [Tue, 12 Jul 2011 19:57:59 +0000 (14:57 -0500)]
UBUNTU: Start new release
Ignore: yes
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Steve Conklin [Tue, 28 Jun 2011 13:38:06 +0000 (14:38 +0100)]
UBUNTU: Ubuntu-2.6.38-10.46
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Steve Conklin [Tue, 28 Jun 2011 13:33:14 +0000 (14:33 +0100)]
Revert "fix oops in scsi_run_queue()"
This reverts commit
57bd324dbd799b271cad945224df5a21b151297b.
This revert is being tracked in bug 802986
Steve Conklin [Tue, 28 Jun 2011 13:28:42 +0000 (14:28 +0100)]
Revert "put stricter guards on queue dead checks"
This reverts commit
39a0cfed63b656486fb2feee063aa033816a90e0.
This revert is being tracked in bug 802986
Steve Conklin [Tue, 28 Jun 2011 11:39:16 +0000 (12:39 +0100)]
UBUNTU: Start new release
Ignore: yes
Steve Conklin [Mon, 27 Jun 2011 14:05:24 +0000 (15:05 +0100)]
UBUNTU: Ubuntu-2.6.38-10.45
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Steve Conklin [Mon, 27 Jun 2011 14:02:07 +0000 (15:02 +0100)]
Revert "af_unix: Only allow recv on connected seqpacket sockets."
This reverts commit
4ce4a71e7f5bdd1d2bce71f1e798c76d3716630a.
This revert is being tracked in bug 802461
Steve Conklin [Mon, 27 Jun 2011 11:43:46 +0000 (12:43 +0100)]
UBUNTU: Start new release
Ignore: yes
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Steve Conklin [Thu, 2 Jun 2011 19:32:33 +0000 (14:32 -0500)]
UBUNTU: Ubuntu-2.6.38-10.44
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Steve Conklin [Wed, 1 Jun 2011 16:55:07 +0000 (11:55 -0500)]
Revert "USB: xhci - also free streams when resetting devices"
This reverts commit
fc4c57e02daa2699f54cf2ae92986484264880a3.
Due to a reported problem with USB3 after application of three patches
from upstream stable, these patches are being reverted until they can
be tested seperately and a determination made of whether there is a
problem and how bad it is. The reporter has not yet responded to a
request to test kernels with each of the most suspect patches reverted,
so all will be reverted. Testing will proceed using these patches and
hopefully they can be restored soon. The USB3 problem was reported
in LP bug number 769042
Steve Conklin [Wed, 1 Jun 2011 16:54:30 +0000 (11:54 -0500)]
Revert "USB: xhci - fix math in xhci_get_endpoint_interval()"
This reverts commit
fe3bf5f4be7d3a1a61225c77bd8a9b51baa3ac19.
Due to a reported problem with USB3 after application of three patches
from upstream stable, these patches are being reverted until they can
be tested seperately and a determination made of whether there is a
problem and how bad it is. The reporter has not yet responded to a
request to test kernels with each of the most suspect patches reverted,
so all will be reverted. Testing will proceed using these patches and
hopefully they can be restored soon. The USB3 problem was reported
in LP bug number 769042
Steve Conklin [Wed, 1 Jun 2011 16:42:58 +0000 (11:42 -0500)]
Revert "USB: xhci - fix unsafe macro definitions"
This reverts commit
923326deb96954b634b058f41bf6b482e503cb8f.
Due to a reported problem with USB3 after application of three patches
from upstream stable, these patches are being reverted until they can
be tested seperately and a determination made of whether there is a
problem and how bad it is. The reporter has not yet responded to a
request to test kernels with each of the most suspect patches reverted,
so all will be reverted. Testing will proceed using these patches and
hopefully they can be restored soon. The USB3 problem was reported
in LP bug number 769042
Chaoming Li [Sun, 10 Apr 2011 23:30:23 +0000 (18:30 -0500)]
rtlwifi: rtl8192ce: Fix LED initialization
Driver rtl8192ce does not initialize the LED correctly.
Signed-off-by: Chaoming Li <chaoming_li@realsil.com.cn>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
BugLink: http://bugs.launchpad.net/bugs/785975
[backport: renamed ledon to b_ledon]
(backported from commit
228bdfca9a09c1263c24509b4bc23a67be168e1a upstream)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Greg Kroah-Hartman [Sat, 21 May 2011 22:13:59 +0000 (15:13 -0700)]
Linux 2.6.38.7
BugLink: http://bugs.launchpad.net/bugs/788691
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Hugh Dickins [Fri, 20 May 2011 22:47:33 +0000 (15:47 -0700)]
tmpfs: fix highmem swapoff crash regression
BugLink: http://bugs.launchpad.net/bugs/788691
commit
e6c9366b2adb52cba64b359b3050200743c7568c upstream.
Commit
778dd893ae78 ("tmpfs: fix race between umount and swapoff")
forgot the new rules for strict atomic kmap nesting, causing
WARNING: at arch/x86/mm/highmem_32.c:81
from __kunmap_atomic(), then
BUG: unable to handle kernel paging request at
fffb9000
from shmem_swp_set() when shmem_unuse_inode() is handling swapoff with
highmem in use. My disgrace again.
See
https://bugzilla.kernel.org/show_bug.cgi?id=35352
Reported-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Stanislaw Gruszka [Sat, 7 May 2011 15:46:21 +0000 (17:46 +0200)]
iwlegacy: fix IBSS mode crashes
BugLink: http://bugs.launchpad.net/bugs/788691
commit
eb85de3f84868ca85703a23617b4079ce79a801e upstream.
We should not switch to non-IBSS channels when working in IBSS mode,
otherwise there are microcode errors, and after some time system
crashes.
This bug is only observable when software scan is used in IBSS mode,
so should be considered as regression after:
commit
0263aa45293838b514b8af674a03faf040991a90
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Tue Mar 29 11:24:21 2011 +0200
iwl3945: disable hw scan by default
However IBSS mode check, which this patch add again, was removed by
commit
b2f30e8bdd8ef5f3b5a7ef9146509585a15347d3
Author: Johannes Berg <johannes.berg@intel.com>
Date: Thu Jan 21 07:32:20 2010 -0800
iwlwifi: remove IBSS channel sanity check
That commit claim that mac80211 will not use non-IBSS channel in IBSS
mode, what definitely is not true. Bug probably should be fixed in
mac80211, but that will require more work, so better to apply that patch
temporally, and provide proper mac80211 fix latter.
Resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=34452
Reported-and-tested-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Jeff Layton [Tue, 17 May 2011 19:28:21 +0000 (15:28 -0400)]
cifs: fix cifsConvertToUCS() for the mapchars case
BugLink: http://bugs.launchpad.net/bugs/788691
commit
11379b5e33950048ad66825da7f462b0d0da9d73 upstream.
As Metze pointed out, commit
84cdf74e broke mapchars option:
Commit "cifs: fix unaligned accesses in cifsConvertToUCS"
(
84cdf74e8096a10dd6acbb870dd404b92f07a756) does multiple steps
in just one commit (moving the function and changing it without
testing).
put_unaligned_le16(temp, &target[j]); is never called for any
codepoint the goes via the 'default' switch statement. As a result
we put just zero (or maybe uninitialized) bytes into the target
buffer.
His proposed patch looks correct, but doesn't apply to the current head
of the tree. This patch should also fix it.
Reported-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Jeff Layton [Tue, 5 Apr 2011 19:02:37 +0000 (15:02 -0400)]
cifs: clean up various nits in unicode routines (try #2)
BugLink: http://bugs.launchpad.net/bugs/788691
commit
581ade4d1c025eb10421eda0d0c0a2f04447d7c5 upstream.
Minor revision to the original patch. Don't abuse the __le16 variable
on the stack by casting it to wchar_t and handing it off to char2uni.
Declare an actual wchar_t on the stack instead. This fixes a valid
sparse warning.
Fix the spelling of UNI_ASTERISK. Eliminate the unneeded len_remaining
variable in cifsConvertToUCS.
Also, as David Howells points out. We were better off making
cifsConvertToUCS *not* use put_unaligned_le16 since it means that we
can't optimize the mapped characters at compile time. Switch them
instead to use cpu_to_le16, and simply use put_unaligned to set them
in the string.
Reported-and-acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
James Bottomley [Wed, 23 Mar 2011 14:58:28 +0000 (09:58 -0500)]
Revert "[SCSI] Retrieve the Caching mode page"
BugLink: http://bugs.launchpad.net/bugs/788691
commit
3dea642afd9187728d119fce5c82a7ed9faa9b6a upstream.
This reverts commit
24d720b726c1a85f1962831ac30ad4d2ef8276b1.
Previously we thought there was little possibility that devices would
crash with this, but some have been found.
Reported-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Luben Tuikov <ltuikov@yahoo.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Thomas Jarosch [Mon, 16 May 2011 06:28:15 +0000 (06:28 +0000)]
vmxnet3: Fix inconsistent LRO state after initialization
BugLink: http://bugs.launchpad.net/bugs/788691
commit
ebde6f8acba92abfc203585198a54f47e83e2cd0 upstream.
During initialization of vmxnet3, the state of LRO
gets out of sync with netdev->features.
This leads to very poor TCP performance in a IP forwarding
setup and is hitting many VMware users.
Simplified call sequence:
1. vmxnet3_declare_features() initializes "adapter->lro" to true.
2. The kernel automatically disables LRO if IP forwarding is enabled,
so vmxnet3_set_flags() gets called. This also updates netdev->features.
3. Now vmxnet3_setup_driver_shared() is called. "adapter->lro" is still
set to true and LRO gets enabled again, even though
netdev->features shows it's disabled.
Fix it by updating "adapter->lro", too.
The private vmxnet3 adapter flags are scheduled for removal
in net-next, see commit
a0d2730c9571aeba793cb5d3009094ee1d8fda35
"net: vmxnet3: convert to hw_features".
Patch applies to 2.6.37 / 2.6.38 and 2.6.39-rc6.
Please CC: comments.
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Tejun Heo [Fri, 29 Apr 2011 08:15:14 +0000 (10:15 +0200)]
cdrom: always check_disk_change() on open
BugLink: http://bugs.launchpad.net/bugs/788691
commit
bf2253a6f00e8fea5b026e471e9f0d0a1b3621f2 upstream.
cdrom_open() called check_disk_change() after the rest of open path
succeeded which leads to the following bizarre behavior.
* After media change, if the device opened without O_NONBLOCK,
open_for_data() naturally fails with -ENOMEDIA and
check_disk_change() is never called. The media is known to be gone
and the open failure makes it obvious to the userland but device
invalidation never happens.
* But if the device is opened with O_NONBLOCK, all the checks are
bypassed and cdrom_open() doesn't notice that the media is not there
and check_disk_change() is called and invalidation happens.
There's nothing to be gained by avoiding calling check_disk_change()
on open failure. Common cases end up calling check_disk_change()
anyway. All we get is inconsistent behavior.
Fix it by moving check_disk_change() invocation to the top of
cdrom_open() so that it always gets called regardless of how the rest
of open proceeds.
Stable: 2.6.38
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Amit Shah <amit.shah@redhat.com>
Tested-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Bjørn Mork [Wed, 19 Jan 2011 09:01:14 +0000 (10:01 +0100)]
megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent()
BugLink: http://bugs.launchpad.net/bugs/788691
commit
98cb7e4413d189cd2b54daf993a4667d9788c0bb upstream.
The ioc->sgl[i].iov_len value is supplied by the ioctl caller, and can be
zero in some cases. Assume that's valid and continue without error.
Fixes (multiple individual reports of the same problem for quite a while):
http://marc.info/?l=linux-ide&m=
128941801715301
http://bugs.debian.org/604627
http://www.mail-archive.com/linux-poweredge@dell.com/msg02575.html
megasas: Failed to alloc kernel SGL buffer for IOCTL
and
[ 69.162538] ------------[ cut here ]------------
[ 69.162806] kernel BUG at /build/buildd/linux-2.6.32/lib/swiotlb.c:368!
[ 69.163134] invalid opcode: 0000 [#1] SMP
[ 69.163570] last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
[ 69.163975] CPU 0
[ 69.164227] Modules linked in: fbcon tileblit font bitblit softcursor vga16fb vgastate ioatdma radeon ttm drm_kms_helper shpchp drm i2c_algo_bit lp parport floppy pata_jmicron megaraid_sas igb dca
[ 69.167419] Pid: 1206, comm: smartctl Tainted: G W 2.6.32-25-server #45-Ubuntu X8DTN
[ 69.167843] RIP: 0010:[<
ffffffff812c4dc5>] [<
ffffffff812c4dc5>] map_single+0x255/0x260
[ 69.168370] RSP: 0018:
ffff88081c0ebc58 EFLAGS:
00010246
[ 69.168655] RAX:
000000000003bffc RBX:
00000000ffffffff RCX:
0000000000000002
[ 69.169000] RDX:
0000000000000000 RSI:
0000000000000000 RDI:
ffff88001dffe000
[ 69.169346] RBP:
ffff88081c0ebcb8 R08:
0000000000000000 R09:
ffff880000030840
[ 69.169691] R10:
0000000000100000 R11:
0000000000000000 R12:
0000000000000000
[ 69.170036] R13:
00000000ffffffff R14:
0000000000000001 R15:
0000000000200000
[ 69.170382] FS:
00007fb8de189720(0000) GS:
ffff88001de00000(0000) knlGS:
0000000000000000
[ 69.170794] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 69.171094] CR2:
00007fb8dd59237c CR3:
000000081a790000 CR4:
00000000000006f0
[ 69.171439] DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
[ 69.171784] DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
[ 69.172130] Process smartctl (pid: 1206, threadinfo
ffff88081c0ea000, task
ffff88081a760000)
[ 69.194513] Stack:
[ 69.205788]
0000000000000034 00000002817e3390 0000000000000000 ffff88081c0ebe00
[ 69.217739] <0>
0000000000000000 000000000003bffc 0000000000000000 0000000000000000
[ 69.241250] <0>
0000000000000000 00000000ffffffff ffff88081c5b4080 ffff88081c0ebe00
[ 69.277310] Call Trace:
[ 69.289278] [<
ffffffff812c52ac>] swiotlb_alloc_coherent+0xec/0x130
[ 69.301118] [<
ffffffff81038b31>] x86_swiotlb_alloc_coherent+0x61/0x70
[ 69.313045] [<
ffffffffa002d0ce>] megasas_mgmt_fw_ioctl+0x1ae/0x690 [megaraid_sas]
[ 69.336399] [<
ffffffffa002d748>] megasas_mgmt_ioctl_fw+0x198/0x240 [megaraid_sas]
[ 69.359346] [<
ffffffffa002f695>] megasas_mgmt_ioctl+0x35/0x50 [megaraid_sas]
[ 69.370902] [<
ffffffff81153b12>] vfs_ioctl+0x22/0xa0
[ 69.382322] [<
ffffffff8115da2a>] ? alloc_fd+0x10a/0x150
[ 69.393622] [<
ffffffff81153cb1>] do_vfs_ioctl+0x81/0x410
[ 69.404696] [<
ffffffff8155cc13>] ? do_page_fault+0x153/0x3b0
[ 69.415761] [<
ffffffff811540c1>] sys_ioctl+0x81/0xa0
[ 69.426640] [<
ffffffff810121b2>] system_call_fastpath+0x16/0x1b
[ 69.437491] Code: fe ff ff 48 8b 3d 74 38 76 00 41 bf 00 00 20 00 e8 51 f5 d7 ff 83 e0 ff 48 05 ff 07 00 00 48 c1 e8 0b 48 89 45 c8 e9 13 fe ff ff <0f> 0b eb fe 0f 1f 80 00 00 00 00 55 48 89 e5 48 83 ec 20 4c 89
[ 69.478216] RIP [<
ffffffff812c4dc5>] map_single+0x255/0x260
[ 69.489668] RSP <
ffff88081c0ebc58>
[ 69.500975] ---[ end trace
6a2181b634e2abc7 ]---
Reported-by: Bokhan Artem <aptem@ngs.ru>
Reported by: Marc-Christian Petersen <m.c.p@gmx.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Cc: Michael Benz <Michael.Benz@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>
Julia Lawall [Fri, 13 May 2011 13:52:09 +0000 (15:52 +0200)]
x86, mce, AMD: Fix leaving freed data in a list
BugLink: http://bugs.launchpad.net/bugs/788691
commit
d9a5ac9ef306eb5cc874f285185a15c303c50009 upstream.
b may be added to a list, but is not removed before being freed
in the case of an error. This is done in the corresponding
deallocation function, so the code here has been changed to
follow that.
The sematic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression E,E1,E2;
identifier l;
@@
*list_add(&E->l,E1);
... when != E1
when != list_del(&E->l)
when != list_del_init(&E->l)
when != E = E2
*kfree(E);// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Borislav Petkov <borislav.petkov@amd.com>
Cc: Robert Richter <robert.richter@amd.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Andreas Herrmann <andreas.herrmann3@amd.com>
Link: http://lkml.kernel.org/r/
1305294731-12127-1-git-send-email-julia@diku.dk
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Steve Conklin <sconklin@canonical.com>