- 20 Aug, 2014 2 commits
-
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull KVM fixes from Paolo Bonzini: "Reverting a 3.16 patch, fixing two bugs in device assignment (one has a CVE), and fixing some problems introduced during the merge window (the CMA bug came in via Andrew, the x86 ones via yours truly)" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it Revert "KVM: x86: Increase the number of fixed MTRR regs to 10" KVM: x86: do not check CS.DPL against RPL during task switch KVM: x86: Avoid emulating instructions on #UD mistakenly PC, KVM, CMA: Fix regression caused by wrong get_order() use kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "These are the two bug fixes I mentioned in the final merge window pull. One is a reversed logic check in the device busy tests which can cause a nasty hang and another crash seen in the new SCSI pool support if the use count ever goes to zero" [ The device busy test already got merged from a patch earlier, so is now duplicated. ] * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: [SCSI] save command pool address of Scsi_Host [SCSI] fix qemu boot hang problem
-
- 19 Aug, 2014 15 commits
-
-
Guenter Roeck authored
The latest kernel fails to boot qemu arm images when using scsi for disk access. Boot gets stuck after the following messages. brd: module loaded sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103) sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93 sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking sym0: SCSI BUS has been reset. scsi host0: sym-2.2.3 Bisect points to commit 71e75c97 ("scsi: convert device_busy to atomic_t"). Code inspection shows the following suspicious change in scsi_request_fn. out_delay: - if (sdev->device_busy == 0 && !scsi_device_blocked(sdev)) + if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev)) blk_delay_queue(q, SCSI_QUEUE_DELAY); } 'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)', meaning the logic was reversed. Changing this expression to '!atomic_read(&sdev->device_busy)' fixes the problem. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Hannes Reinecke <hare@suse.de> Acked-by: Jens Axboe <axboe@fb.com> Reviewed-by: Venkatesh Srinivas <venkateshs@google.com> Reviewed-by: Webb Scales <webbnh@hp.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://neil.brown.name/mdLinus Torvalds authored
Pull md bugfixes from Neil Brown: "Here are the bug-fixes I promised :-) Funny how you start looking for one and other start appearing. - raid6 data corruption during recovery - raid6 livelock - raid10 memory leaks" * tag 'md/3.17-fixes' of git://neil.brown.name/md: md/raid10: always initialise ->state on newly allocated r10_bio md/raid10: avoid memory leak on error path during reshape. md/raid10: Fix memory leak when raid10 reshape completes. md/raid10: fix memory leak when reshaping a RAID10. md/raid6: avoid data corruption during recovery of double-degraded RAID6 md/raid5: avoid livelock caused by non-aligned writes.
-
git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pciLinus Torvalds authored
Pull PCI changes from Bjorn Helgaas: "Marvell MVEBU - Remove ARCH_KIRKWOOD dependency (Andrew Lunn) NVIDIA Tegra - Add debugfs support (Thierry Reding) Synopsys DesignWare - Look for configuration space in 'reg', not 'ranges' (Kishon Vijay Abraham I) - Program ATU with untranslated address (Kishon Vijay Abraham I) - Add config access-related pcie_host_ops for v3.65 hardware (Murali Karicheri) - Add MSI-related pcie_host_ops for v3.65 hardware (Murali Karicheri) TI DRA7xx - Add TI DR7xx PCIe driver (Kishon Vijay Abraham I)" * tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: designware: Add MSI-related pcie_host_ops for v3.65 hardware PCI: designware: Add config access-related pcie_host_ops for v3.65 hardware PCI: dra7xx: Add TI DRA7xx PCIe driver PCI: designware: Program ATU with untranslated address PCI: designware: Look for configuration space in 'reg', not 'ranges' PCI: tegra: Add debugfs support PCI: mvebu: Remove ARCH_KIRKWOOD dependency
-
git://git.secretlab.ca/git/linuxLinus Torvalds authored
Pull devicetree fixes from Grant Likely: "Three more commits needed for v3.17: A bug fix for reserved regions based at address zero, a clarification on how to interpret existence of both interrupts and interrupts-extended properties, and a fix to allow device tree testcases to run on any platform" * tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux: of/irq: Fix lookup to use 'interrupts-extended' property first Enabling OF selftest to run without machine's devicetree of: Allow mem_reserve of memory with a base address of zero
-
Davidlohr Bueso authored
3a6bfbc9 "(arch,locking: Ciao arch_mutex_cpu_relax()") broke building the frv arch. Fixes errors such as: kernel/locking/mcs_spinlock.h:87:2: error: implicit declaration of function 'cpu_relax_lowlatency' Signed-off-by: Davidlohr Bueso <davidlohr@hp.com> Compile-tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Chen Gang authored
As a generic function, deassign_guest_irq() assumes it can be called even if assign_guest_irq() is not be called successfully (which can be triggered by ioctl from user mode, indirectly). So for assign_guest_irq() failure process, need set 'dev->irq_source_id' to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free it again. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
This reverts commit 682367c4, which causes 32-bit SMP Windows 7 guests to panic. SeaBIOS has a limit on the number of MTRRs that it can handle, and this patch exceeded the limit. Better revert it. Thanks to Nadav Amit for debugging the cause. Cc: stable@nongnu.org Reported-by: Wanpeng Li <wanpeng.li@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
This reverts the check added by commit 5045b468 (KVM: x86: check CS.DPL against RPL during task switch, 2014-05-15). Although the CS.DPL=CS.RPL check is mentioned in table 7-1 of the SDM as causing a #TSS exception, it is not mentioned in table 6-6 that lists "invalid TSS conditions" which cause #TSS exceptions. In fact it causes some tests to fail, which pass on bare-metal. Keep the rest of the commit, since we will find new uses for it in 3.18. Reported-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Nadav Amit authored
Commit d40a6898 mistakenly caused instructions which are not marked as EmulateOnUD to be emulated upon #UD exception. The commit caused the check of whether the instruction flags include EmulateOnUD to never be evaluated. As a result instructions whose emulation is broken may be emulated. This fix moves the evaluation of EmulateOnUD so it would be evaluated. Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> [Tweak operand order in &&, remove EmulateOnUD where it's now superfluous. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Alexey Kardashevskiy authored
fc95ca72 claims that there is no functional change but this is not true as it calls get_order() (which takes bytes) where it should have called order_base_2() and the kernel stops on VM_BUG_ON(). This replaces get_order() with order_base_2() (round-up version of ilog2). Suggested-by: Paul Mackerras <paulus@samba.org> Cc: Alexander Graf <agraf@suse.de> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
Michael S. Tsirkin authored
The third parameter of kvm_iommu_put_pages is wrong, It should be 'gfn - slot->base_gfn'. By making gfn very large, malicious guest or userspace can cause kvm to go to this error path, and subsequently to pass a huge value as size. Alternatively if gfn is small, then pages would be pinned but never unpinned, causing host memory leak and local DOS. Passing a reasonable but large value could be the most dangerous case, because it would unpin a page that should have stayed pinned, and thus allow the device to DMA into arbitrary memory. However, this cannot happen because of the condition that can trigger the error: - out of memory (where you can't allocate even a single page) should not be possible for the attacker to trigger - when exceeding the iommu's address space, guest pages after gfn will also exceed the iommu's address space, and inside kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The page thus would not be unpinned at all. Reported-by: Jack Morgenstein <jackm@mellanox.com> Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
NeilBrown authored
Most places which allocate an r10_bio zero the ->state, some don't. As the r10_bio comes from a mempool, and the allocation function uses kzalloc it is often zero anyway. But sometimes it isn't and it is best to be safe. I only noticed this because of the bug fixed by an earlier patch where the r10_bios allocated for a reshape were left around to be used by a subsequent resync. In that case the R10BIO_IsReshape flag caused problems. Signed-off-by: NeilBrown <neilb@suse.de>
-
NeilBrown authored
If raid10 reshape fails to find somewhere to read a block from, it returns without freeing memory... Signed-off-by: NeilBrown <neilb@suse.de>
-
NeilBrown authored
When a raid10 commences a resync/recovery/reshape it allocates some buffer space. When a resync/recovery completes the buffer space is freed. But not when the reshape completes. This can result in a small memory leak. There is a subtle side-effect of this bug. When a RAID10 is reshaped to a larger array (more devices), the reshape is immediately followed by a "resync" of the new space. This "resync" will use the buffer space which was allocated for "reshape". This can cause problems including a "BUG" in the SCSI layer. So this is suitable for -stable. Cc: stable@vger.kernel.org (v3.5+) Fixes: 3ea7daa5Signed-off-by: NeilBrown <neilb@suse.de>
-
NeilBrown authored
raid10 reshape clears unwanted bits from a bio->bi_flags using a method which, while clumsy, worked until 3.10 when BIO_OWNS_VEC was added. Since then it clears that bit but shouldn't. This results in a memory leak. So change to used the approved method of clearing unwanted bits. As this causes a memory leak which can consume all of memory the fix is suitable for -stable. Fixes: a38352e0 Cc: stable@vger.kernel.org (v3.10+) Reported-by: mdraid.pkoch@dfgh.net (Peter Koch) Signed-off-by: NeilBrown <neilb@suse.de>
-
- 18 Aug, 2014 2 commits
-
-
NeilBrown authored
During recovery of a double-degraded RAID6 it is possible for some blocks not to be recovered properly, leading to corruption. If a write happens to one block in a stripe that would be written to a missing device, and at the same time that stripe is recovering data to the other missing device, then that recovered data may not be written. This patch skips, in the double-degraded case, an optimisation that is only safe for single-degraded arrays. Bug was introduced in 2.6.32 and fix is suitable for any kernel since then. In an older kernel with separate handle_stripe5() and handle_stripe6() functions the patch must change handle_stripe6(). Cc: stable@vger.kernel.org (2.6.32+) Fixes: 6c0069c0 Cc: Yuri Tikhonov <yur@emcraft.com> Cc: Dan Williams <dan.j.williams@intel.com> Reported-by: "Manibalan P" <pmanibalan@amiindia.co.in> Tested-by: "Manibalan P" <pmanibalan@amiindia.co.in> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1090423Signed-off-by: NeilBrown <neilb@suse.de> Acked-by: Dan Williams <dan.j.williams@intel.com>
-
NeilBrown authored
If a stripe in a raid6 array received a write to each data block while the array is degraded, and if any of these writes to a missing device are not page-aligned, then a live-lock happens. In this case the P and Q blocks need to be read so that the part of the missing block which is *not* being updated by the write can be constructed. Due to a logic error, these blocks are not loaded, so the update cannot proceed and the stripe is 'handled' repeatedly in an infinite loop. This bug is unlikely as most writes are page aligned. However as it can lead to a livelock it is suitable for -stable. It was introduced in 3.16. Cc: stable@vger.kernel.org (v3.16) Fixed: 67f45548Signed-off-by: NeilBrown <neilb@suse.de>
-
- 16 Aug, 2014 21 commits
-
-
Linus Torvalds authored
-
git://cavan.codon.org.uk/platform-drivers-x86Linus Torvalds authored
Pull x86 platform driver updates from Matthew Garrett: "A moderate number of changes, but nothing awfully significant. A lot of const cleanups, some reworking and additions to the rfkill quirks in the asus driver, a new driver for generating falling laptop events on Toshibas and some misc fixes. Maybe vendors have stopped inventing things" * 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86: (41 commits) platform/x86: Enable build support for toshiba_haps Documentation: Add file about toshiba_haps module platform/x86: Toshiba HDD Active Protection Sensor asus-nb-wmi: Add wapf4 quirk for the U32U alienware-wmi: make hdmi_mux enabled on case-by-case basis ideapad-laptop: Constify DMI table and other r/o variables asus-nb-wmi.c: Rename x401u quirk to wapf4 compal-laptop: correct invalid hwmon name toshiba_acpi: Add Qosmio X75-A to the alt keymap dmi list toshiba_acpi: Add extra check to backlight code Fix log message about future removal of interface ideapad-laptop: Disable touchpad interface on Yoga models asus-nb-wmi: Add wapf4 quirk for the X550CC intel_ips: Make ips_mcp_limits variables static thinkpad_acpi: Mark volume_alsa_control_{vol,mute} as __initdata fujitsu-laptop: Mark fujitsu_dmi_table[] DMI table as __initconst hp-wmi: Add missing __init annotations to initialization code hp_accel: Constify ACPI and DMI tables fujitsu-tablet: Mark DMI callbacks as __init code dell-laptop: Mark dell_quirks[] DMI table as __initconst ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linuxLinus Torvalds authored
Pull idle update from Len Brown: "Two Intel-platform-specific updates to intel_idle, and a cosmetic tweak to the turbostat utility" * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: tools/power turbostat: tweak whitespace in output format intel_idle: Broadwell support intel_idle: Disable Baytrail Core and Module C6 auto-demotion
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linuxLinus Torvalds authored
Pull module fix from Rusty Russell: "Nasty potential bug if someone uses a known module param with an invalid value (we don't fail unknown module params any more, just warn)" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: module: Clean up ro/nx after early module load failures
-
git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtioLinus Torvalds authored
Pull virtio-rng update from Amit Shah: "Add derating factor for use by hwrng core Sending directly to you with the commit log changes Ted Ts'o pointed out. Not sure if Rusty's back after his travel, but this already has his s-o-b" * 'rng-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtio: virtio: rng: add derating factor for use by hwrng core
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfsLinus Torvalds authored
Pull btrfs updates from Chris Mason: "These are all fixes I'd like to get out to a broader audience. The biggest of the bunch is Mark's quota fix, which is also in the SUSE kernel, and makes our subvolume quotas dramatically more accurate. I've been running xfstests with these against your current git overnight, but I'm queueing up longer tests as well" * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: disable strict file flushes for renames and truncates Btrfs: fix csum tree corruption, duplicate and outdated checksums Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch Btrfs: fix compressed write corruption on enospc btrfs: correctly handle return from ulist_add btrfs: qgroup: account shared subtrees during snapshot delete Btrfs: read lock extent buffer while walking backrefs Btrfs: __btrfs_mod_ref should always use no_quota btrfs: adjust statfs calculations according to raid profiles
-
git://git.samba.org/jlayton/linuxLinus Torvalds authored
Pull file locking bugfixes from Jeff Layton: "Most of these patches are to fix a long-standing regression that crept in when the BKL was removed from the file-locking code. The code was converted to use a conventional spinlock, but some fl_release_private ops can block and you can end up sleeping inside the lock. There's also a patch to make /proc/locks show delegations as 'DELEG'" * tag 'locks-v3.17-2' of git://git.samba.org/jlayton/linux: locks: update Locking documentation to clarify fl_release_private behavior locks: move locks_free_lock calls in do_fcntl_add_lease outside spinlock locks: defer freeing locks in locks_delete_lock until after i_lock has been dropped locks: don't reuse file_lock in __posix_lock_file locks: don't call locks_release_private from locks_copy_lock locks: show delegations as "DELEG" in /proc/locks
-
git://git.kvack.org/~bcrl/aio-nextLinus Torvalds authored
Pull aio updates from Ben LaHaise. * git://git.kvack.org/~bcrl/aio-next: aio: use iovec array rather than the single one aio: fix some comments aio: use the macro rather than the inline magic number aio: remove the needless registration of ring file's private_data aio: remove no longer needed preempt_disable() aio: kill the misleading rcu read locks in ioctx_add_table() and kill_ioctx() aio: change exit_aio() to load mm->ioctx_table once and avoid rcu_read_lock()
-
Azael Avalos authored
Makefile and Kconfig build support patch for the newly introduced kernel module toshiba_haps. Signed-off-by: Azael Avalos <coproscefalo@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Azael Avalos authored
This patch provides information about the Toshiba HDD Active Protection Sensor driver module toshiba_haps. Signed-off-by: Azael Avalos <coproscefalo@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Azael Avalos authored
This driver adds support for the built-in accelereometer found on recent Toshiba laptops with HID TOS620A. This driver receives ACPI notify events 0x80 when the sensor detects a sudden move or a harsh vibration, as well as an ACPI notify event 0x81 whenever the movement or vibration has been stabilized. Also provides sysfs entries to get/set the desired protection level and reseting the HDD protection interface. Signed-off-by: Azael Avalos <coproscefalo@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Hans de Goede authored
As reported here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173681 the U32U needs wapf=4 too. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Mario Limonciello authored
Not all HW supporting WMAX method will support the HDMI mux feature. Explicitly quirk the HW that does support it. Signed-off-by: Mario Limonciello <mario_limonciello@dell.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Mathias Krause authored
Constify the rfkill_blacklist[] DMI table, the ideapad_rfk_data[] table and the ideapad_attribute_group attribute group. There's no need to have them writeable during runtime. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Hans de Goede authored
The actual x401u does not use the so named x401u quirk but the x55u quirk. All that the x401u quirk does it setting wapf to 4, so rename it to wapf4 to stop the confusion. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Roald Frederickx authored
Change the name of the hwmon interface from "compal-laptop" to "compal". A dash is an invalid character for a hwmon name and caused the call to hwmon_device_register_with_groups() to fail. Signed-off-by: Roald Frederickx <roald.frederickx@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Azael Avalos authored
The Toshiba Qosmio X75-A series models also come with the new keymap layout. This patch adds this model to the alt_keymap_dmi list, along with an extra key found on these models. Signed-off-by: Azael Avalos <coproscefalo@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Azael Avalos authored
Some Toshiba models (most notably Qosmios) come with an incomplete backlight method where the AML code doesn't check for write or read commands and always returns HCI_SUCCESS and the actual brightness (and in some cases the max brightness), thus allowing the backlight interface to be registered without write support. This patch changes the set_lcd_brightness function, checking the returned values for values greater than zero to avoid registering a broken backlight interface. Signed-off-by: Azael Avalos <coproscefalo@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Martin Kepplinger authored
If this is going away, it won't be in 2012. Signed-off-by: Martin Kepplinger <martink@posteo.de> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Hans de Goede authored
Yoga models don't offer touchpad ctrl through the ideapad interface, causing ideapad_sync_touchpad_state to send wrong touchpad enable/disable events. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-
Hans de Goede authored
As reported here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173681 the X550CC needs wapf=4 too. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
-