Jeff Layton [Wed, 20 Feb 2013 16:19:05 +0000 (11:19 -0500)]
vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op
The following set of operations on a NFS client and server will cause
server# mkdir a
client# cd a
server# mv a a.bak
client# sleep 30 # (or whatever the dir attrcache timeout is)
client# stat .
stat: cannot stat `.': Stale NFS file handle
Obviously, we should not be getting an ESTALE error back there since the
inode still exists on the server. The problem is that the lookup code
will call d_revalidate on the dentry that "." refers to, because NFS has
FS_REVAL_DOT set.
nfs_lookup_revalidate will see that the parent directory has changed and
will try to reverify the dentry by redoing a LOOKUP. That of course
fails, so the lookup code returns ESTALE.
The problem here is that d_revalidate is really a bad fit for this case.
What we really want to know at this point is whether the inode is still
good or not, but we don't really care what name it goes by or whether
the dcache is still valid.
Add a new d_op->d_weak_revalidate operation and have complete_walk call
that instead of d_revalidate. The intent there is to allow for a
"weaker" d_revalidate that just checks to see whether the inode is still
good. This is also gives us an opportunity to kill off the FS_REVAL_DOT
special casing.
[AV: changed method name, added note in porting, fixed confusion re
having it possibly called from RCU mode (it won't be)]
Cc: NeilBrown <neilb@suse.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Sage Weil [Tue, 29 Jan 2013 07:55:31 +0000 (02:55 -0500)]
ceph: prepopulate inodes only when request is aborted
If r_aborted is true, we do not hold the dir i_mutex, and cannot touch
the dcache. However, we still need to update the inodes with the state
returned by the MDS.
Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sage Weil <sage@inktank.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* calling conventions change - ERR_PTR() is returned on ->d_hash() errors;
NULL is just for dcache miss now.
* exported, open-coded instances in ncpfs and cifs converted.
Al Viro [Fri, 15 Feb 2013 03:38:02 +0000 (22:38 -0500)]
shmem_setup_file(): use d_alloc_pseudo() instead of d_alloc()
Note that provided ->d_dname() reproduces what we used to get for
those guys in e.g. /proc/self/maps; it might be a good idea to change
that to something less ugly, but for now let's keep the existing
user-visible behaviour
Jan Kara [Tue, 29 Jan 2013 23:28:01 +0000 (00:28 +0100)]
fs: Fix possible use-after-free with AIO
Running AIO is pinning inode in memory using file reference. Once AIO
is completed using aio_complete(), file reference is put and inode can
be freed from memory. So we have to be sure that calling aio_complete()
is the last thing we do with the inode.
CC: Christoph Hellwig <hch@infradead.org> CC: Jens Axboe <axboe@kernel.dk> CC: Jeff Moyer <jmoyer@redhat.com> CC: stable@vger.kernel.org Acked-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs: Preserve error code in get_empty_filp(), part 2
Allocating a file structure in function get_empty_filp() might fail because
of several reasons:
- not enough memory for file structures
- operation is not allowed
- user is over its limit
Currently the function returns NULL in all cases and we loose the exact
reason of the error. All callers of get_empty_filp() assume that the function
can fail with ENFILE only.
Return error through pointer. Change all callers to preserve this error code.
[AV: cleaned up a bit, carved the get_empty_filp() part out into a separate commit
(things remaining here deal with alloc_file()), removed pipe(2) behaviour change]
Al Viro [Sat, 23 Feb 2013 03:45:42 +0000 (22:45 -0500)]
get rid of unprotected dereferencing of mnt->mnt_ns
It's safe only under namespace_sem or vfsmount_lock; all places
in fs/namespace.c that want mnt->mnt_ns->user_ns actually want to use
current->nsproxy->mnt_ns->user_ns (note the calls of check_mnt() in
there).
Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Linus Torvalds [Sun, 20 Jan 2013 21:58:48 +0000 (13:58 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
Pull misc syscall fixes from Al Viro:
- compat syscall fixes (discussed back in December)
- a couple of "make life easier for sigaltstack stuff by reducing
inter-tree dependencies"
- fix up compiler/asmlinkage calling convention disagreement of
sys_clone()
- misc
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
sys_clone() needs asmlinkage_protect
make sure that /linuxrc has std{in,out,err}
x32: fix sigtimedwait
x32: fix waitid()
switch compat_sys_wait4() and compat_sys_waitid() to COMPAT_SYSCALL_DEFINE
switch compat_sys_sigaltstack() to COMPAT_SYSCALL_DEFINE
CONFIG_GENERIC_SIGALTSTACK build breakage with asm-generic/syscalls.h
Ensure that kernel_init_freeable() is not inlined into non __init code
The ia64 function "thread_matches()" has no users since commit e868a55c2a8c ("[IA64] remove find_thread_for_addr()"). Remove it.
This allows us to make ptrace_check_attach() static to kernel/ptrace.c,
which is good since we'll need to change the semantics of it and fix up
all the callers.
Linus Torvalds [Fri, 18 Jan 2013 22:06:29 +0000 (14:06 -0800)]
Merge tag 'usb-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg Kroah-Hartman:
"Here are 3 USB patches for 3.8-rc4. Two of them are new device id
patches, and the third fixes a reported oops in the io_ti USB serial
driver"
* tag 'usb-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: io_ti: Fix NULL dereference in chase_port()
USB: option: add TP-LINK HSUPA Modem MA180
USB: option: blacklist network interface on ONDA MT8205 4G LTE
Linus Torvalds [Fri, 18 Jan 2013 22:05:59 +0000 (14:05 -0800)]
Merge tag 'tty-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty/serial fixes from Greg Kroah-Hartman:
"Here are a few tty/serial driver fixes for 3.8-rc4 that resolve a
number of problems that people have been having, including the ptys
ioctl issue that is a regression fix"
* tag 'tty-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
8250/16?50: Add support for Broadcom TruManage redirected serial port
pty: return EINVAL for TIOCGPTN for BSD ptys
serial:ifx6x60:Keep word size accordance with SPI controller
tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler
serial: samsung: remove redundant setting of line config during port reset
serial:ifx6x60:Delete SPI timer when shut down port
tty/8250: The correct device id for this card is 0x0022
tty/8250: pbn_b0_8_1152000_200 is supposed to be an 8 port definition
tty: serial: vt8500: fix return value check in vt8500_serial_probe()
serial: mxs-auart: Index is unsigned
mxs: uart: fix setting RTS from software
Linus Torvalds [Fri, 18 Jan 2013 22:05:25 +0000 (14:05 -0800)]
Merge tag 'staging-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver bugfixes from Greg Kroah-Hartman:
"Here are some bugfixes for the drivers/staging tree for 3.8-rc4.
Nothing major, just a number of small fixes for problems that people
have reported, including finally tracking down the root of the 64/32
bit problem with the vt6656 that has been driving people crazy for a
while"
* tag 'staging-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging/sb105x: PARPORT config is not good enough must use PARPORT_PC
staging: wlan-ng: Fix clamping of returned SSID length
staging: vt6656: Fix inconsistent structure packing
staging:iio:adis16080: Perform sign extension
iio: mxs-lradc: indexes are unsigned
Linus Torvalds [Fri, 18 Jan 2013 22:04:50 +0000 (14:04 -0800)]
Merge tag 'char-misc-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg Kroah-Hartman:
"Here are two hyperv patches for 3.8-rc4 that fix some reported
problems hv_balloon driver"
* tag 'char-misc-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
Drivers: hv: balloon: Fix a memory leak
Drivers: hv: balloon: Fix a bug in the definition of struct dm_info_msg
Linus Torvalds [Fri, 18 Jan 2013 20:02:52 +0000 (12:02 -0800)]
Merge tag 'stable/for-linus-3.8-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
Pull Xen fixes from Konrad Rzeszutek Wilk:
- CVE-2013-0190/XSA-40 (or stack corruption for 32-bit PV kernels)
- Fix racy vma access spotted by Al Viro
- Fix mmap batch ioctl potentially resulting in large O(n) page allcations.
- Fix vcpu online/offline BUG:scheduling while atomic..
- Fix unbound buffer scanning for more than 32 vCPUs.
- Fix grant table being incorrectly initialized
- Fix incorrect check in pciback
- Allow privcmd in backend domains.
Fix up whitespace conflict due to ugly merge resolution in Xen tree in
arch/arm/xen/enlighten.c
* tag 'stable/for-linus-3.8-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
Revert "xen/smp: Fix CPU online/offline bug triggering a BUG: scheduling while atomic."
xen/gntdev: remove erronous use of copy_to_user
xen/gntdev: correctly unmap unlinked maps in mmu notifier
xen/gntdev: fix unsafe vma access
xen/privcmd: Fix mmap batch ioctl.
Xen: properly bound buffer access when parsing cpu/*/availability
xen/grant-table: correctly initialize grant table version 1
x86/xen : Fix the wrong check in pciback
xen/privcmd: Relax access control in privcmd_ioctl_mmap
Linus Torvalds [Fri, 18 Jan 2013 19:58:10 +0000 (11:58 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu
Pull m68knommu arch fixes from Greg Ungerer:
"This contains a couple of fixes, both affecting compilation of non-mmu
m68k targets."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k: fix conditional use of init_pointer_table
m68knommu: add KMAP definitions for non-MMU definitions
asm-generic, mm: pgtable: convert my_zero_pfn() to macros to fix build
Commit 816422ad7647 ("asm-generic, mm: pgtable: consolidate zero page
helpers") broke the compile on MIPS if SPARSEMEM is enabled. We get
this:
In file included from arch/mips/include/asm/pgtable.h:552,
from include/linux/mm.h:44,
from arch/mips/kernel/asm-offsets.c:14:
include/asm-generic/pgtable.h: In function 'my_zero_pfn':
include/asm-generic/pgtable.h:466: error: implicit declaration of function 'page_to_section'
In file included from arch/mips/kernel/asm-offsets.c:14:
include/linux/mm.h: At top level:
include/linux/mm.h:738: error: conflicting types for 'page_to_section'
include/asm-generic/pgtable.h:466: note: previous implicit declaration of 'page_to_section' was here
Due header files inter-dependencies, the only way I see to fix it is
convert my_zero_pfn() for __HAVE_COLOR_ZERO_PAGE to macros.
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi> Acked-by: David Daney <david.daney@cavium.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Steven Rostedt [Sat, 12 Jan 2013 01:17:01 +0000 (20:17 -0500)]
staging/sb105x: PARPORT config is not good enough must use PARPORT_PC
The sb105x driver calls parport_pc_probe_port() which isn't defined if
PARPORT_PC isn't enabled. Protecting it with CONFIG_PARPORT is not good
enough, must protect it with CONFIG_PARPORT_PC.
Reported-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tormod Volden [Wed, 9 Jan 2013 21:23:32 +0000 (22:23 +0100)]
staging: wlan-ng: Fix clamping of returned SSID length
Commit 2e254212 broke listing of available network names, since it
clamped the length of the returned SSID to WLAN_BSSID_LEN (6) instead of
WLAN_SSID_MAXLEN (32).
Stephen Hurd [Thu, 17 Jan 2013 22:14:53 +0000 (14:14 -0800)]
8250/16?50: Add support for Broadcom TruManage redirected serial port
Add support for the UART device present in Broadcom TruManage capable
NetXtreme chips (ie: 5761m 5762, and 5725).
This implementation has a hidden transmit FIFO, so running in single-byte
interrupt mode results in too many interrupts. The UART_CAP_HFIFO
capability was added to track this. It continues to reload the THR as long
as the THRE and TSRE bits are set in the LSR up to a specified limit (1024
is used here).
Signed-off-by: Stephen Hurd <shurd@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jiri Slaby [Fri, 11 Jan 2013 11:06:27 +0000 (12:06 +0100)]
pty: return EINVAL for TIOCGPTN for BSD ptys
Commit bbb63c514a3464342967237a51a21ea8f61ab951 (drivers:tty:fix up
ENOIOCTLCMD error handling) changed the default return value from tty
ioctl to be ENOTTY and not EINVAL. This is appropriate.
But in case of TIOCGPTN for the old BSD ptys glibc started failing
because it expects EINVAL to be returned. Only then it continues to
obtain the pts name the other way around.
So fix this case by explicit return of EINVAL in this case.
vt6656 has several headers that use the #pragma pack(1) directive to
enable structure packing, but never disable it. The layout of
structures defined in other headers can then depend on which order the
various headers are included in, breaking the One Definition Rule.
In practice this resulted in crashes on x86_64 until the order of header
inclusion was changed for some files in commit 11d404cb56ecd ('staging:
vt6656: fix headers and add cfg80211.'). But we need a proper fix that
won't be affected by future changes to the order of inclusion.
This removes the #pragma pack(1) directives and adds __packed to the
structure definitions for which packing appears to have been intended.
K. Y. Srinivasan [Tue, 11 Dec 2012 19:07:17 +0000 (11:07 -0800)]
Drivers: hv: balloon: Fix a memory leak
The send buffer was being leaked; fix it.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com> Reported-by: Jason Wang <jasowang@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Thu, 17 Jan 2013 16:56:30 +0000 (08:56 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull more s390 patches from Martin Schwidefsky:
"A couple of bug fixes: one of the transparent huge page primitives is
broken, the sched_clock function overflows after 417 days, the XFS
module has grown too large for -fpic and the new pci code has broken
normal channel subsystem notifications."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/chsc: fix SEI usage
s390/time: fix sched_clock() overflow
s390: use -fPIC for module compile
s390/mm: fix pmd_pfn() for thp
Linus Torvalds [Thu, 17 Jan 2013 00:19:54 +0000 (16:19 -0800)]
Merge tag 'for-linus-v3.8-rc4' of git://oss.sgi.com/xfs/xfs
Pull xfs bugfixes from Ben Myers:
- fix(es) for compound buffers
- fix for dquot soft timer asserts due to overflow of d_blk_softlimit
- fix for regression in dir v2 code introduced in commit 20f7e9f3726a
("xfs: factor dir2 block read operations")
* tag 'for-linus-v3.8-rc4' of git://oss.sgi.com/xfs/xfs:
xfs: recalculate leaf entry pointer after compacting a dir2 block
xfs: remove int casts from debug dquot soft limit timer asserts
xfs: fix the multi-segment log buffer format
xfs: fix segment in xfs_buf_item_format_segment
xfs: rename bli_format to avoid confusion with bli_formats
xfs: use b_maps[] for discontiguous buffers
Linus Torvalds [Wed, 16 Jan 2013 22:34:52 +0000 (14:34 -0800)]
Merge tag 'pm+acpi-for-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
- cpuidle regression fix related to the initialization of state
kobjects from Krzysztof Mazur.
- cpuidle fix removing some not very useful code and making some
user-visible problems go away at the same time. From Daniel Lezcano.
- ACPI build fix from Yinghai Lu.
* tag 'pm+acpi-for-3.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpuidle: remove the power_specified field in the driver
ACPI / glue: Fix build with ACPI_GLUE_DEBUG set
cpuidle: fix number of initialized/destroyed states
Upon further digging, the tag found by xfs_dir2_data_unused_tag_p(dup)
contained "2" and not the proper offset, and I found that this value was
changed after the memmoves under "Use a stale leaf for our new entry."
in xfs_dir2_block_addname(), i.e.
What has happened is that the previous call to xfs_dir2_block_compact()
has rearranged things; it changes btp->count as well as the
blp array. So after we make that call, we must recalculate the
proper pointer to the leaf entries by making another call to
xfs_dir2_block_leaf_p().
Dave provided a metadump image which led to a simple reproducer
(create a particular filename in the affected directory) and this
resolves the testcase as well as the bug on his live system.
Thanks also to dchinner for looking at this one with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Tested-by: Dave Jones <davej@redhat.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Mark Tinguely <tinguely@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
Brian Foster [Fri, 21 Dec 2012 15:45:17 +0000 (10:45 -0500)]
xfs: remove int casts from debug dquot soft limit timer asserts
The int casts here make it easy to trigger an assert with a large
soft limit. For example, set a >4TB soft limit on an empty volume
to reproduce a (0 > -x) comparison due to an overflow of
d_blk_softlimit.
Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Ben Myers <bpm@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:05 +0000 (17:18 -0600)]
xfs: fix the multi-segment log buffer format
Per Dave Chinner suggestion, this patch:
1) Corrects the detection of whether a multi-segment buffer is
still tracking data.
2) Clears all the buffer log formats for a multi-segment buffer.
Signed-off-by: Mark Tinguely <tinguely@sgi.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:04 +0000 (17:18 -0600)]
xfs: fix segment in xfs_buf_item_format_segment
Not every segment in a multi-segment buffer is dirty in a
transaction and they will not be outputted. The assert in
xfs_buf_item_format_segment() that checks for the at least
one chunk of data in the segment to be used is not necessary
true for multi-segmented buffers.
Signed-off-by: Mark Tinguely <tinguely@sgi.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:03 +0000 (17:18 -0600)]
xfs: rename bli_format to avoid confusion with bli_formats
Rename the bli_format structure to __bli_format to avoid
accidently confusing them with the bli_formats pointer.
Signed-off-by: Mark Tinguely <tinguely@sgi.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Ben Myers <bpm@sgi.com>
Mark Tinguely [Tue, 4 Dec 2012 23:18:02 +0000 (17:18 -0600)]
xfs: use b_maps[] for discontiguous buffers
Commits starting at 77c1a08 introduced a multiple segment support
to xfs_buf. xfs_trans_buf_item_match() could not find a multi-segment
buffer in the transaction because it was looking at the single segment
block number rather than the multi-segment b_maps[0].bm.bn. This
results on a recursive buffer lock that can never be satisfied.
This patch:
1) Changed the remaining b_map accesses to be b_maps[0] accesses.
2) Renames the single segment b_map structure to __b_map to avoid
future confusion.
Signed-off-by: Mark Tinguely <tinguely@sgi.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Ben Myers <bpm@sgi.com>
Andrew Cooper [Wed, 16 Jan 2013 12:00:55 +0000 (12:00 +0000)]
xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
This fixes CVE-2013-0190 / XSA-40
There has been an error on the xen_failsafe_callback path for failed
iret, which causes the stack pointer to be wrong when entering the
iret_exc error path. This can result in the kernel crashing.
In the classic kernel case, the relevant code looked a little like:
popl %eax # Error code from hypervisor
jz 5f
addl $16,%esp
jmp iret_exc # Hypervisor said iret fault
5: addl $16,%esp
# Hypervisor said segment selector fault
Here, there are two identical addls on either option of a branch which
appears to have been optimised by hoisting it above the jz, and
converting it to an lea, which leaves the flags register unaffected.
In the PVOPS case, the code looks like:
popl_cfi %eax # Error from the hypervisor
lea 16(%esp),%esp # Add $16 before choosing fault path
CFI_ADJUST_CFA_OFFSET -16
jz 5f
addl $16,%esp # Incorrectly adjust %esp again
jmp iret_exc
It is possible unprivileged userspace applications to cause this
behaviour, for example by loading an LDT code selector, then changing
the code selector to be not-present. At this point, there is a race
condition where it is possible for the hypervisor to return back to
userspace from an interrupt, fault on its own iret, and inject a
failsafe_callback into the kernel.
This bug has been present since the introduction of Xen PVOPS support
in commit 5ead97c84 (xen: Core Xen implementation), in 2.6.23.
Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Cc: stable@vger.kernel.org Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Kirill Smelkov [Fri, 2 Nov 2012 11:41:01 +0000 (15:41 +0400)]
Tell the world we gave up on pushing CC_OPTIMIZE_FOR_SIZE
In commit 281dc5c5ec0f ("Give up on pushing CC_OPTIMIZE_FOR_SIZE") we
already changed the actual default value, but the help-text still
suggested 'y'. Fix the help text too, for all the same reasons.
Sadly, -Os keeps on generating some very suboptimal code for certain
cases, to the point where any I$ miss upside is swamped by the downside.
The main ones are:
- using "rep movsb" for memcpy, even on CPU's where that is
horrendously bad for performance.
- not honoring branch prediction information, so any I$ footprint you
win from smaller code, you lose from less code density in the I$.
- using divide instructions when that is very expensive.
Chuansheng Liu [Mon, 24 Dec 2012 14:19:56 +0000 (22:19 +0800)]
mfd, TWL4030: TWL4030 need select REGMAP_I2C
Fix the build error:
drivers/built-in.o: In function `twl_probe':
drivers/mfd/twl-core.c:1256: undefined reference to `devm_regmap_init_i2c'
make: *** [vmlinux] Error 1
Signed-off-by: liu chuansheng <chuansheng.liu@intel.com> Acked-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
[ Samuel is busy, taking it directly - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiri Kosina [Tue, 15 Jan 2013 19:12:37 +0000 (20:12 +0100)]
lockdep, rwsem: fix down_write_nest_lock() if !CONFIG_DEBUG_LOCK_ALLOC
Commit 1b963c81b145 ("lockdep, rwsem: provide down_write_nest_lock()")
contains a bug in a codepath when CONFIG_DEBUG_LOCK_ALLOC is disabled,
which causes down_read() to be called instead of down_write() by mistake
on such configurations. Fix that.
Linus Torvalds [Wed, 16 Jan 2013 19:33:52 +0000 (11:33 -0800)]
Merge tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull second round of sound fixes from Takashi Iwai:
"Yet a few more fixes popped up in this week.
The biggest change here is the addition of pinctrl support for Atmel,
which turned out to be almost mandatory to make things working.
The rest are a few fixes for M-Audio usb-audio device and a fix for
regression of HD-audio HDMI codecs with alsactl in the recent kernel."
* tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/hdmi - Work around "alsactl restore" errors
ALSA: usb-audio: selector map for M-Audio FT C400
ALSA: usb-audio: M-Audio FT C400 skip packet quirk
ALSA: usb-audio: correct M-Audio C400 clock source quirk
ALSA: usb - fix race in creation of M-Audio Fast track pro driver
ASoC: atmel-ssc: add pinctrl selection to driver
ARM: at91/dts: add pinctrl support for SSC peripheral
Pull scsi target fixes from Nicholas Bellinger:
"This includes an important >= v3.6 regression bugfix for active I/O
shutdown (Roland), some TMR related failure / corner cases fixes for
long outstanding I/O (Roland), two FCoE target mode fabric fabric role
fixes (MDR), a fix for an incorrect sense code during LUN
communication failure (Dr. Hannes), plus a handful of other minor
fixes.
There are still some outstanding zero-length control CDB regression
fixes that need to be addressed for v3.8, that will be coming in a
follow-up PULL request."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
iscsi-target: Fix CmdSN comparison (use cmd->cmd_sn instead of cmd->stat_sn)
target: Release se_cmd when LUN lookup fails for TMR
target: Fix use-after-free in LUN RESET handling
target: Fix missing CMD_T_ACTIVE bit regression for pending WRITEs
tcm_fc: Do not report target role when target is not defined
tcm_fc: Do not indicate retry capability to initiators
target: Use TCM_NO_SENSE for initialisation
target: Introduce TCM_NO_SENSE
target: use correct sense code for LUN communication failure
Linus Torvalds [Wed, 16 Jan 2013 18:55:10 +0000 (10:55 -0800)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull ext3 and udf fixes from Jan Kara:
"One ext3 performance regression fix and one udf regression fix (oops
on interrupted mount)."
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
UDF: Fix a null pointer dereference in udf_sb_free_partitions
jbd: don't wake kjournald unnecessarily
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
arm64: compat: add syscall table entries for new syscalls
arm64: mm: introduce present, faulting entries for PAGE_NONE
arm64: mm: only wrprotect clean ptes if they are present
arm64: vdso: remove broken, redundant sequence counting for timezones
Linus Torvalds [Wed, 16 Jan 2013 17:11:50 +0000 (09:11 -0800)]
Merge branch 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Peter Anvin:
"This is mainly a workaround for a bug in Sandy Bridge graphics which
causes corruption of certain memory pages."
* 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
x86/Sandy Bridge: mark arrays in __init functions as __initconst
x86/Sandy Bridge: reserve pages when integrated graphics is present
x86, efi: correct precedence of operators in setup_efi_pci
Tejun Heo [Wed, 16 Jan 2013 02:52:51 +0000 (18:52 -0800)]
module, async: async_synchronize_full() on module init iff async is used
If the default iosched is built as module, the kernel may deadlock
while trying to load the iosched module on device probe if the probing
was running off async. This is because async_synchronize_full() at
the end of module init ends up waiting for the async job which
initiated the module loading.
async A modprobe
1. finds a device
2. registers the block device
3. request_module(default iosched)
4. modprobe in userland
5. load and init module
6. async_synchronize_full()
Async A waits for modprobe to finish in request_module() and modprobe
waits for async A to finish in async_synchronize_full().
Because there's no easy to track dependency once control goes out to
userland, implementing properly nested flushing is difficult. For
now, make module init perform async_synchronize_full() iff module init
has queued async jobs as suggested by Linus.
This avoids the described deadlock because iosched module doesn't use
async and thus wouldn't invoke async_synchronize_full(). This is
hacky and incomplete. It will deadlock if async module loading nests;
however, this works around the known problem case and seems to be the
best of bad options.
For more details, please refer to the following thread.
Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Alex Riesen <raa.lkml@gmail.com> Tested-by: Ming Lei <ming.lei@canonical.com> Tested-by: Alex Riesen <raa.lkml@gmail.com> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sebastian Ott [Tue, 15 Jan 2013 18:02:01 +0000 (19:02 +0100)]
s390/chsc: fix SEI usage
cbc0dd1 "s390/pci: CHSC PCI support for error and availability events"
introduced a new SEI notification type as part of pci support.
The way SEI was called with nt2 and nt0 consecutive broke the nt0
stuff used for channel subsystem notifications.
The reason why this was broken with the mentioned patch is that you
cannot selectively disable type 0 notifications (so even when asked
for type 2 only, type 0 could be presented).
The way to do it is to tell SEI which types of notification you can
process and -this is the important part- look at the SEI result which
notification type you actually received.
Reviewed-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Tested-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Mon, 14 Jan 2013 15:55:55 +0000 (16:55 +0100)]
s390/time: fix sched_clock() overflow
Converting a 64 Bit TOD format value to nanoseconds means that the value
must be divided by 4.096. In order to achieve that we multiply with 125
and divide by 512.
When used within sched_clock() this triggers an overflow after appr.
417 days. Resulting in a sched_clock() return value that is much smaller
than previously and therefore may cause all sort of weird things in
subsystems that rely on a monotonic sched_clock() behaviour.
To fix this implement a tod_to_ns() helper function which converts TOD
values without overflow and call this function from both places that
open coded the conversion: sched_clock() and kvm_s390_handle_wait().
Cc: stable@kernel.org Reviewed-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
channing [Wed, 16 Jan 2013 05:14:20 +0000 (13:14 +0800)]
serial:ifx6x60:Keep word size accordance with SPI controller
As protocol driver, IFX SPI driver initiate to setup SPI master with default
SPI word size as 16 bit/word, however, SPI master may not adopt this default
value due to SPI controller's capability, it might choose an available value by
itself and set it to spi_device.bits_per_word. In order to keep align with
Controller, IFX driver should make use of this value during SPI transfer,
but the default one.
Thomas Abraham [Mon, 31 Dec 2012 21:42:45 +0000 (13:42 -0800)]
serial: samsung: remove redundant setting of line config during port reset
The setting of uart line control configuration in s3c24xx_serial_resetport
is can be removed since the 'set_termios' call will overwrite any ULCON
register setting which s3c24xx_serial_resetport does.
Acked-by: Kukjin Kim <kgene.kim@samsung.com> Signed-off-by: Thomas Abraham <thomas.ab@samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
chao bi [Wed, 12 Dec 2012 03:40:56 +0000 (11:40 +0800)]
serial:ifx6x60:Delete SPI timer when shut down port
When shut down SPI port, it's possible that MRDY has been asserted and a SPI
timer was activated waiting for SRDY assert, in the case, it needs to delete
this timer.
Wei Yongjun [Sun, 2 Dec 2012 10:10:44 +0000 (05:10 -0500)]
tty: serial: vt8500: fix return value check in vt8500_serial_probe()
In case of error, function of_clk_get() returns ERR_PTR()
and never returns NULL. The NULL test in the return value
check should be replaced with IS_ERR().
Fix the following warning when building with W=1 option:
drivers/tty/serial/mxs-auart.c: In function 'mxs_auart_tx_chars':
drivers/tty/serial/mxs-auart.c:272:10: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
Steffen Trumtrar [Thu, 13 Dec 2012 13:27:43 +0000 (14:27 +0100)]
mxs: uart: fix setting RTS from software
With the patch "serial: mxs-auart: fix the wrong RTS hardware flow control" the
mainline mxs-uart driver now sets RTSEN only when hardware flow control is
enabled via software. It is not possible any longer to set RTS manually via
software. However, the manual modification is a valid operation.
Regain the possibility to set RTS via software and only set RTSEN when hardware
flow control is explicitly enabled via settermios cflag CRTSCTS.
Daniel De Graaf [Wed, 2 Jan 2013 22:57:13 +0000 (17:57 -0500)]
xen/gntdev: remove erronous use of copy_to_user
Since there is now a mapping of granted pages in kernel address space in
both PV and HVM, use it for UNMAP_NOTIFY_CLEAR_BYTE instead of accessing
memory via copy_to_user and triggering sleep-in-atomic warnings.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Daniel De Graaf [Wed, 2 Jan 2013 22:57:12 +0000 (22:57 +0000)]
xen/gntdev: correctly unmap unlinked maps in mmu notifier
If gntdev_ioctl_unmap_grant_ref is called on a range before unmapping
it, the entry is removed from priv->maps and the later call to
mn_invl_range_start won't find it to do the unmapping. Fix this by
creating another list of freeable maps that the mmu notifier can search
and use to unmap grants.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Daniel De Graaf [Wed, 2 Jan 2013 22:57:11 +0000 (22:57 +0000)]
xen/gntdev: fix unsafe vma access
In gntdev_ioctl_get_offset_for_vaddr, we need to hold mmap_sem while
calling find_vma() to avoid potentially having the result freed out from
under us. Similarly, the MMU notifier functions need to synchronize with
gntdev_vma_close to avoid map->vma being freed during their iteration.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>