1. 27 Sep, 2013 3 commits
    • David Howells's avatar
      NFS: Use i_writecount to control whether to get an fscache cookie in nfs_open() · f1fe29b4
      David Howells authored
      Use i_writecount to control whether to get an fscache cookie in nfs_open() as
      NFS does not do write caching yet.  I *think* this is the cause of a problem
      encountered by Mark Moseley whereby __fscache_uncache_page() gets a NULL
      pointer dereference because cookie->def is NULL:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
      IP: [<ffffffff812a1903>] __fscache_uncache_page+0x23/0x160
      PGD 0
      Thread overran stack, or stack corrupted
      Oops: 0000 [#1] SMP
      Modules linked in: ...
      CPU: 7 PID: 18993 Comm: php Not tainted 3.11.1 #1
      Hardware name: Dell Inc. PowerEdge R420/072XWF, BIOS 1.3.5 08/21/2012
      task: ffff8804203460c0 ti: ffff880420346640
      RIP: 0010:[<ffffffff812a1903>] __fscache_uncache_page+0x23/0x160
      RSP: 0018:ffff8801053af878 EFLAGS: 00210286
      RAX: 0000000000000000 RBX: ffff8800be2f8780 RCX: ffff88022ffae5e8
      RDX: 0000000000004c66 RSI: ffffea00055ff440 RDI: ffff8800be2f8780
      RBP: ffff8801053af898 R08: 0000000000000001 R09: 0000000000000003
      R10: 0000000000000000 R11: 0000000000000000 R12: ffffea00055ff440
      R13: 0000000000001000 R14: ffff8800c50be538 R15: 0000000000000000
      FS: 0000000000000000(0000) GS:ffff88042fc60000(0063) knlGS:00000000e439c700
      CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
      CR2: 0000000000000010 CR3: 0000000001d8f000 CR4: 00000000000607f0
      Stack:
      ...
      Call Trace:
      [<ffffffff81365a72>] __nfs_fscache_invalidate_page+0x42/0x70
      [<ffffffff813553d5>] nfs_invalidate_page+0x75/0x90
      [<ffffffff811b8f5e>] truncate_inode_page+0x8e/0x90
      [<ffffffff811b90ad>] truncate_inode_pages_range.part.12+0x14d/0x620
      [<ffffffff81d6387d>] ? __mutex_lock_slowpath+0x1fd/0x2e0
      [<ffffffff811b95d3>] truncate_inode_pages_range+0x53/0x70
      [<ffffffff811b969d>] truncate_inode_pages+0x2d/0x40
      [<ffffffff811b96ff>] truncate_pagecache+0x4f/0x70
      [<ffffffff81356840>] nfs_setattr_update_inode+0xa0/0x120
      [<ffffffff81368de4>] nfs3_proc_setattr+0xc4/0xe0
      [<ffffffff81357f78>] nfs_setattr+0xc8/0x150
      [<ffffffff8122d95b>] notify_change+0x1cb/0x390
      [<ffffffff8120a55b>] do_truncate+0x7b/0xc0
      [<ffffffff8121f96c>] do_last+0xa4c/0xfd0
      [<ffffffff8121ffbc>] path_openat+0xcc/0x670
      [<ffffffff81220a0e>] do_filp_open+0x4e/0xb0
      [<ffffffff8120ba1f>] do_sys_open+0x13f/0x2b0
      [<ffffffff8126aaf6>] compat_SyS_open+0x36/0x50
      [<ffffffff81d7204c>] sysenter_dispatch+0x7/0x24
      
      The code at the instruction pointer was disassembled:
      
      > (gdb) disas __fscache_uncache_page
      > Dump of assembler code for function __fscache_uncache_page:
      > ...
      > 0xffffffff812a18ff <+31>: mov 0x48(%rbx),%rax
      > 0xffffffff812a1903 <+35>: cmpb $0x0,0x10(%rax)
      > 0xffffffff812a1907 <+39>: je 0xffffffff812a19cd <__fscache_uncache_page+237>
      
      These instructions make up:
      
      	ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX);
      
      That cmpb is the faulting instruction (%rax is 0).  So cookie->def is NULL -
      which presumably means that the cookie has already been at least partway
      through __fscache_relinquish_cookie().
      
      What I think may be happening is something like a three-way race on the same
      file:
      
      	PROCESS 1	PROCESS 2	PROCESS 3
      	===============	===============	===============
      	open(O_TRUNC|O_WRONLY)
      			open(O_RDONLY)
      					open(O_WRONLY)
      	-->nfs_open()
      	-->nfs_fscache_set_inode_cookie()
      	nfs_fscache_inode_lock()
      	nfs_fscache_disable_inode_cookie()
      	__fscache_relinquish_cookie()
      	nfs_inode->fscache = NULL
      	<--nfs_fscache_set_inode_cookie()
      
      			-->nfs_open()
      			-->nfs_fscache_set_inode_cookie()
      			nfs_fscache_inode_lock()
      			nfs_fscache_enable_inode_cookie()
      			__fscache_acquire_cookie()
      			nfs_inode->fscache = cookie
      			<--nfs_fscache_set_inode_cookie()
      	<--nfs_open()
      	-->nfs_setattr()
      	...
      	...
      	-->nfs_invalidate_page()
      	-->__nfs_fscache_invalidate_page()
      	cookie = nfsi->fscache
      					-->nfs_open()
      					-->nfs_fscache_set_inode_cookie()
      					nfs_fscache_inode_lock()
      					nfs_fscache_disable_inode_cookie()
      					-->__fscache_relinquish_cookie()
      	-->__fscache_uncache_page(cookie)
      	<crash>
      					<--__fscache_relinquish_cookie()
      					nfs_inode->fscache = NULL
      					<--nfs_fscache_set_inode_cookie()
      
      What is needed is something to prevent process #2 from reacquiring the cookie
      - and I think checking i_writecount should do the trick.
      
      It's also possible to have a two-way race on this if the file is opened
      O_TRUNC|O_RDONLY instead.
      Reported-by: default avatarMark Moseley <moseleymark@gmail.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      f1fe29b4
    • David Howells's avatar
      FS-Cache: Provide the ability to enable/disable cookies · 94d30ae9
      David Howells authored
      Provide the ability to enable and disable fscache cookies.  A disabled cookie
      will reject or ignore further requests to:
      
      	Acquire a child cookie
      	Invalidate and update backing objects
      	Check the consistency of a backing object
      	Allocate storage for backing page
      	Read backing pages
      	Write to backing pages
      
      but still allows:
      
      	Checks/waits on the completion of already in-progress objects
      	Uncaching of pages
      	Relinquishment of cookies
      
      Two new operations are provided:
      
       (1) Disable a cookie:
      
      	void fscache_disable_cookie(struct fscache_cookie *cookie,
      				    bool invalidate);
      
           If the cookie is not already disabled, this locks the cookie against other
           dis/enablement ops, marks the cookie as being disabled, discards or
           invalidates any backing objects and waits for cessation of activity on any
           associated object.
      
           This is a wrapper around a chunk split out of fscache_relinquish_cookie(),
           but it reinitialises the cookie such that it can be reenabled.
      
           All possible failures are handled internally.  The caller should consider
           calling fscache_uncache_all_inode_pages() afterwards to make sure all page
           markings are cleared up.
      
       (2) Enable a cookie:
      
      	void fscache_enable_cookie(struct fscache_cookie *cookie,
      				   bool (*can_enable)(void *data),
      				   void *data)
      
           If the cookie is not already enabled, this locks the cookie against other
           dis/enablement ops, invokes can_enable() and, if the cookie is not an
           index cookie, will begin the procedure of acquiring backing objects.
      
           The optional can_enable() function is passed the data argument and returns
           a ruling as to whether or not enablement should actually be permitted to
           begin.
      
           All possible failures are handled internally.  The cookie will only be
           marked as enabled if provisional backing objects are allocated.
      
      A later patch will introduce these to NFS.  Cookie enablement during nfs_open()
      is then contingent on i_writecount <= 0.  can_enable() checks for a race
      between open(O_RDONLY) and open(O_WRONLY/O_RDWR).  This simplifies NFS's cookie
      handling and allows us to get rid of open(O_RDONLY) accidentally introducing
      caching to an inode that's open for writing already.
      
      One operation has its API modified:
      
       (3) Acquire a cookie.
      
      	struct fscache_cookie *fscache_acquire_cookie(
      		struct fscache_cookie *parent,
      		const struct fscache_cookie_def *def,
      		void *netfs_data,
      		bool enable);
      
           This now has an additional argument that indicates whether the requested
           cookie should be enabled by default.  It doesn't need the can_enable()
           function because the caller must prevent multiple calls for the same netfs
           object and it doesn't need to take the enablement lock because no one else
           can get at the cookie before this returns.
      
      Signed-off-by: David Howells <dhowells@redhat.com
      94d30ae9
    • David Howells's avatar
      FS-Cache: Add use/unuse/wake cookie wrappers · 8fb883f3
      David Howells authored
      Add wrapper functions for dealing with cookie->n_active:
      
       (*) __fscache_use_cookie() to increment it.
      
       (*) __fscache_unuse_cookie() to decrement and test against zero.
      
       (*) __fscache_wake_unused_cookie() to wake up anyone waiting for it to reach
           zero.
      
      The second and third are split so that the third can be done after cookie->lock
      has been released in case the waiter wakes up whilst we're still holding it and
      tries to get it.
      
      We will need to wake-on-zero once the cookie disablement patch is applied
      because it will then be possible to see n_active become zero without the cookie
      being relinquished.
      
      Also move the cookie usement out of fscache_attr_changed_op() and into
      fscache_attr_changed() and the operation struct so that cookie disablement
      will be able to track it.
      
      Whilst we're at it, only increment n_active if we're about to do
      fscache_submit_op() so that we don't have to deal with undoing it if anything
      earlier fails.  Possibly this should be moved into fscache_submit_op() which
      could look at FSCACHE_OP_UNUSE_COOKIE.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      8fb883f3
  2. 20 Sep, 2013 12 commits
  3. 19 Sep, 2013 25 commits
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 7b9e3a6a
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "A set of fixes for ARM platforms for 3.12.  Among them:
      
         - A fix for build breakage in the MTD subsystem for some PXA devices.
           David Woodhouse has this patch in his for-next branch but has not
           been responding to our requests to send it up so here it is.  I
           should have amended the commit message to describe the build
           failure for CONFIG_OF=n setups, but forgot and now it's down in the
           stack of commits.
      
         - Added device-tree for the BeagleBone Black.  Turns out people have
           been using the older "regualar" bone DT for the newer boards, and
           there's risk of damaging hardware that way.
      
         - Misc DT and regular fixes for OMAP.
      
         - Fix to make the ST-Ericsson "snowball" boards boot with
           multi_v7_defconfig, and enable one of the ST-E reference boards on
           the same config.
      
         - Kconfig cleanup for u300 to hide submenus when the platform isn't
           enabled.
      
         - Enable ARM_ATAG_DTB_COMPAT to let firmware override command line
           when booting with an appended devicetree on non-DT-enabled firmware
           (needed to boot snowball)"
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (26 commits)
        ARM: multi_v7: add HREFv60 to multi_v7 defconfig
        ARM: OMAP2+: mux: fix trivial typo in name
        ARM: OMAP4 SMP: Corrected a typo fucntions to functions
        ARM: OMAP4: cpuidle: fix: call cpu_cluster_pm_exit conditionally
        mailbox: remove unnecessary platform_set_drvdata()
        ARM: mach-omap2: gpmc: Fix warning when CONFIG_ARM_LPAE=y
        ARM: OMAP: fix return value check in omap_device_build_from_dt()
        ARM: OMAP4: Fix clock_get error for GPMC during boot
        ARM: sa1100: collie.c: fall back to jedec_probe flash detection
        ARM: u300: hide submenus
        ARM: dts: igep00x0: Add pinmux configuration for MCBSP2
        ARM: dts: Fix muxing and regulator for wl12xx on the SDIO bus for blaze
        ARM: dts: Fix muxing and regulator for wl12xx on the SDIO bus for pandaboard
        mtd: nand: pxa3xx: Remove unneeded ifdef CONFIG_OF
        ARM: multi_v7_defconfig: enable ARM_ATAG_DTB_COMPAT
        ARM: ux500: disable outer cache debug
        ARM: dts: OMAP5: fix ocp2scp DTS data
        ARM: dts: OMAP5: fix reg property size
        ARM: dts: am335x-bone*: add DT for BeagleBone Black
        ARM: dts: omap3-beagle-xm: fix string error in compatible property
        ...
      7b9e3a6a
    • Yinghai Lu's avatar
      cpufreq: return EEXIST instead of EBUSY for second registering · 4dea5806
      Yinghai Lu authored
      On systems that support intel_pstate, acpi_cpufreq fails to load, and
      udev keeps trying until trace gets filled up and kernel crashes.
      
      The root cause is driver return ret from cpufreq_register_driver(),
      because when some other driver takes over before, it will return
      EBUSY and then udev will keep trying ...
      
      cpufreq_register_driver() should return EEXIST instead so that the
      system can boot without appending intel_pstate=disable and still use
      intel_pstate.
      Signed-off-by: default avatarYinghai Lu <yinghai@kernel.org>
      Acked-by: default avatarViresh Kumar <viresh.kumar@linaro.org>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      4dea5806
    • Rafael J. Wysocki's avatar
      PCI / ACPI / PM: Clear pme_poll for devices in D3cold on wakeup · 83414515
      Rafael J. Wysocki authored
      Commit 448bd857 (PCI/PM: add PCIe runtime D3cold support) added a
      piece of code to pci_acpi_wake_dev() causing that function to behave
      in a special way for devices in D3cold (so that their configuration
      registers are not accessed before those devices are resumed).
      However, it didn't take the clearing of the pme_poll flag into
      account.  That has to be done for all devices, even if they are in
      D3cold, or pci_pme_list_scan() will not know that wakeup has been
      signaled for the device and will poll its PME Status bit
      unnecessarily.
      
      Fix the problem by moving the clearing of the pme_poll flag in
      pci_acpi_wake_dev() before the code introduced by commit 448bd857.
      Reported-and-tested-by: default avatarDavid E. Box <david.e.box@intel.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Acked-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Cc: 3.6+ <stable@vger.kernel.org> # 3.6+
      83414515
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · b75ff5e8
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) If the local_df boolean is set on an SKB we have to allocate a
          unique ID even if IP_DF is set in the ipv4 headers, from Ansis
          Atteka.
      
       2) Some fixups for the new chipset support that went into the sfc
          driver, from Ben Hutchings.
      
       3) Because SCTP bypasses a good chunk of, and actually duplicates, the
          logic of the ipv6 output path, some IPSEC things don't get done
          properly.  Integrate SCTP better into the ipv6 output path so that
          these problems are fixed and such issues don't get missed in the
          future either.  From Daniel Borkmann.
      
       4) Fix skge regressions added by the DMA mapping error return checking
          added in v3.10, from Mikulas Patocka.
      
       5) Kill some more IRQF_DISABLED references, from Michael Opdenacker.
      
       6) Fix races and deadlocks in the bridging code, from Hong Zhiguo.
      
       7) Fix error handling in tun_set_iff(), in particular don't leak
          resources.  From Jason Wang.
      
       8) Prevent format-string injection into xen-netback driver, from Kees
          Cook.
      
       9) Fix regression added to netpoll ARP packet handling, in particular
          check for the right ETH_P_ARP protocol code.  From Sonic Zhang.
      
      10) Try to deal with AMD IOMMU errors when using r8169 chips, from
          Francois Romieu.
      
      11) Cure freezes due to recent changes in the rt2x00 wireless driver,
          from Stanislaw Gruszka.
      
      12) Don't do SPI transfers (which can sleep) in interrupt context in
          cw1200 driver, from Solomon Peachy.
      
      13) Fix LEDs handling bug in 5720 tg3 chips already handled for 5719.
          From Nithin Sujir.
      
      14) Make xen_netbk_count_skb_slots() count the actual number of slots
          that will be used, taking into consideration packing and other
          issues that the transmit path will run into.  From David Vrabel.
      
      15) Use the correct maximum age when calculating the bridge
          message_age_timer, from Chris Healy.
      
      16) Get rid of memory leaks in mcs7780 IRDA driver, from Alexey
          Khoroshilov.
      
      17) Netfilter conntrack extensions were converted to RCU but are not
          always freed properly using kfree_rcu().  Fix from Michal Kubecek.
      
      18) VF reset recovery not being done correctly in qlcnic driver, from
          Manish Chopra.
      
      19) Fix inverted test in ATM nicstar driver, from Andy Shevchenko.
      
      20) Missing workqueue destroy in cxgb4 error handling, from Wei Yang.
      
      21) Internal switch not initialized properly in bgmac driver, from Rafał
          Miłecki.
      
      22) Netlink messages report wrong local and remote addresses in IPv6
          tunneling, from Ding Zhi.
      
      23) ICMP redirects should not generate socket errors in DCCP and SCTP.
          We're still working out how this should be handled for RAW and UDP
          sockets.  From Daniel Borkmann and Duan Jiong.
      
      24) We've had several bugs wherein the network namespace's loopback
          device gets accessed after it is free'd, NULL it out so that we can
          catch these problems more readily.  From Eric W Biederman.
      
      25) Fix regression in TCP RTO calculations, from Neal Cardwell.
      
      26) Fix too early free of xen-netback network device when VIFs still
          exist.  From Paul Durrant.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (87 commits)
        netconsole: fix a deadlock with rtnl and netconsole's mutex
        netpoll: fix NULL pointer dereference in netpoll_cleanup
        skge: fix broken driver
        ip: generate unique IP identificator if local fragmentation is allowed
        ip: use ip_hdr() in __ip_make_skb() to retrieve IP header
        xen-netback: Don't destroy the netdev until the vif is shut down
        net:dccp: do not report ICMP redirects to user space
        cnic: Fix crash in cnic_bnx2x_service_kcq()
        bnx2x, cnic, bnx2i, bnx2fc: Fix bnx2i and bnx2fc regressions.
        vxlan: Avoid creating fdb entry with NULL destination
        tcp: fix RTO calculated from cached RTT
        drivers: net: phy: cicada.c: clears warning Use #include <linux/io.h> instead of <asm/io.h>
        net loopback: Set loopback_dev to NULL when freed
        batman-adv: set the TAG flag for the vid passed to BLA
        netfilter: nfnetlink_queue: use network skb for sequence adjustment
        net: sctp: rfc4443: do not report ICMP redirects to user space
        net: usb: cdc_ether: use usb.h macros whenever possible
        net: usb: cdc_ether: fix checkpatch errors and warnings
        net: usb: cdc_ether: Use wwan interface for Telit modules
        ip6_tunnels: raddr and laddr are inverted in nl msg
        ...
      b75ff5e8
    • Nikolay Aleksandrov's avatar
      netconsole: fix a deadlock with rtnl and netconsole's mutex · c71380ff
      Nikolay Aleksandrov authored
      This bug was introduced by commit
      7a163bfb ("netconsole: avoid a crash with
      multiple sysfs writers"). In store_enabled() we have the following
      sequence: acquire nt->mutex then rtnl, but in the netconsole netdev
      notifier we have rtnl then nt->mutex effectively leading to a deadlock.
      The NULL pointer dereference that the above commit tries to fix is
      actually due to another bug in netpoll_cleanup(). This is fixed by dropping
      the mutex from the netdev notifier as it's already protected by rtnl.
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c71380ff
    • Nikolay Aleksandrov's avatar
      netpoll: fix NULL pointer dereference in netpoll_cleanup · d0fe8c88
      Nikolay Aleksandrov authored
      I've been hitting a NULL ptr deref while using netconsole because the
      np->dev check and the pointer manipulation in netpoll_cleanup are done
      without rtnl and the following sequence happens when having a netconsole
      over a vlan and we remove the vlan while disabling the netconsole:
      	CPU 1					CPU2
      					removes vlan and calls the notifier
      enters store_enabled(), calls
      netdev_cleanup which checks np->dev
      and then waits for rtnl
      					executes the netconsole netdev
      					release notifier making np->dev
      					== NULL and releases rtnl
      continues to dereference a member of
      np->dev which at this point is == NULL
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d0fe8c88
    • Mikulas Patocka's avatar
      skge: fix broken driver · c194992c
      Mikulas Patocka authored
      The patch 136d8f37 broke the skge driver.
      Note this part of the patch:
      +               if (skge_rx_setup(skge, e, nskb, skge->rx_buf_size) < 0) {
      +                       dev_kfree_skb(nskb);
      +                       goto resubmit;
      +               }
      +
                      pci_unmap_single(skge->hw->pdev,
                                       dma_unmap_addr(e, mapaddr),
                                       dma_unmap_len(e, maplen),
                                       PCI_DMA_FROMDEVICE);
                      skb = e->skb;
                      prefetch(skb->data);
      -               skge_rx_setup(skge, e, nskb, skge->rx_buf_size);
      
      The function skge_rx_setup modifies e->skb to point to the new skb. Thus,
      after this change, the new buffer, not the old, is returned to the
      networking stack.
      
      This bug is present in kernels 3.11, 3.11.1 and 3.12-rc1. The patch should
      be queued for 3.11-stable.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Reported-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Reported-by: default avatarVasiliy Glazov <vascom2@gmail.com>
      Tested-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c194992c
    • Ansis Atteka's avatar
      ip: generate unique IP identificator if local fragmentation is allowed · 703133de
      Ansis Atteka authored
      If local fragmentation is allowed, then ip_select_ident() and
      ip_select_ident_more() need to generate unique IDs to ensure
      correct defragmentation on the peer.
      
      For example, if IPsec (tunnel mode) has to encrypt large skbs
      that have local_df bit set, then all IP fragments that belonged
      to different ESP datagrams would have used the same identificator.
      If one of these IP fragments would get lost or reordered, then
      peer could possibly stitch together wrong IP fragments that did
      not belong to the same datagram. This would lead to a packet loss
      or data corruption.
      Signed-off-by: default avatarAnsis Atteka <aatteka@nicira.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      703133de
    • Ansis Atteka's avatar
      ip: use ip_hdr() in __ip_make_skb() to retrieve IP header · 749154aa
      Ansis Atteka authored
      skb->data already points to IP header, but for the sake of
      consistency we can also use ip_hdr() to retrieve it.
      Signed-off-by: default avatarAnsis Atteka <aatteka@nicira.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      749154aa
    • Paul Durrant's avatar
      xen-netback: Don't destroy the netdev until the vif is shut down · 279f438e
      Paul Durrant authored
      Without this patch, if a frontend cycles through states Closing
      and Closed (which Windows frontends need to do) then the netdev
      will be destroyed and requires re-invocation of hotplug scripts
      to restore state before the frontend can move to Connected. Thus
      when udev is not in use the backend gets stuck in InitWait.
      
      With this patch, the netdev is left alone whilst the backend is
      still online and is only de-registered and freed just prior to
      destroying the vif (which is also nicely symmetrical with the
      netdev allocation and registration being done during probe) so
      no re-invocation of hotplug scripts is required.
      Signed-off-by: default avatarPaul Durrant <paul.durrant@citrix.com>
      Cc: David Vrabel <david.vrabel@citrix.com>
      Cc: Wei Liu <wei.liu2@citrix.com>
      Cc: Ian Campbell <ian.campbell@citrix.com>
      Acked-by: default avatarWei Liu <wei.liu2@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      279f438e
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · f05f8198
      Linus Torvalds authored
      Pull MIPS updates from Ralf Baechle:
       - Minor updates and fixes to the Octeon ethernet driver in staging
       - A fix to VGA_MAP_MEM() for 64 bit platforms
       - Fix a workaround for 74K/1074K processors
       - The symlink arch/mips/boot/dts/include/dt-bindings was pointing to a
         a file with a name ending in \n.  I think this may have been caused
         by a git bug with with patches sent by email
       - A build fix for VGA console on BCM1480-based systems
       - Fix PCI device access via "/sys/bus/pci/.../resource0" or similar
         work for Alchemy platforms
       - Fix potential data leak on MIPS R5 cores.  This doesn't add proper
         support for any R5 features, just ensures a kernel without such
         support will be secure to run
       - Adding a macros for the CP0 Config5 register to be used by the R5 fix
       - Make get_cycles() actually return something useful where possible
         This also requires a preparatory patch for performance sake
       - Fix a warning about the use of smp_processor_id() in preemptible
         code.  Again this includes a preparatory patch adding the
         infrastructure to be used by the actual patch
       - Finally remove pointless one-line comment
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: Fix invalid symbolic link file
        MIPS: PCI: pci-bcm1480: Include missing vt.h header
        MIPS: Disable usermode switching of the FR bit for MIPS R5 CPUs.
        MIPS: Add MIPS R5 config5 register.
        MIPS: PCI: Use pci_resource_to_user to map pci memory space properly
        MIPS: 74K/1074K: Correct erratum workaround.
        MIPS: Cleanup CP0 PRId and CP1 FPIR register access masks
        MIPS: Remove useless comment about kprobe from arch/mips/Makefile
        MIPS: Fix VGA_MAP_MEM macro.
        MIPS: Reimplement get_cycles().
        MIPS: Optimize current_cpu_type() for better code.
        MIPS: Fix accessing to per-cpu data when flushing the cache
        MIPS: Provide nice way to access boot CPU's data.
        staging: octeon-ethernet: rgmii: enable interrupts that we can handle
        staging: octeon-ethernet: remove skb alloc failure warnings
        staging: octeon-ethernet: make dropped packets to consume NAPI budget
      f05f8198
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client · e9ff04dd
      Linus Torvalds authored
      Pull ceph fixes from Sage Weil:
       "These fix several bugs with RBD from 3.11 that didn't get tested in
        time for the merge window: some error handling, a use-after-free, and
        a sequencing issue when unmapping and image races with a notify
        operation.
      
        There is also a patch fixing a problem with the new ceph + fscache
        code that just went in"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
        fscache: check consistency does not decrement refcount
        rbd: fix error handling from rbd_snap_name()
        rbd: ignore unmapped snapshots that no longer exist
        rbd: fix use-after free of rbd_dev->disk
        rbd: make rbd_obj_notify_ack() synchronous
        rbd: complete notifies before cleaning up osd_client and rbd_dev
        libceph: add function to ensure notifies are complete
      e9ff04dd
    • Madhavan Srinivasan's avatar
      MIPS: Fix invalid symbolic link file · 66b10574
      Madhavan Srinivasan authored
      Commit 3b29aa5b [MIPS: add <dt-bindings/> symlink] created a symlink
      file in include/dt-bindings.  Even though commit diff is fine, the symlink
      is invalid and ls -lb shows a newline character at the end of the filename:
      
      lrwxrwxrwx 1 maddy maddy 35 Sep 19 18:11 dt-bindings ->
      ../../../../../include/dt-bindings\n
      Signed-off-by: default avatarMadhavan Srinivasan <maddy@linux.vnet.ibm.com>
      Cc: steven.hill@imgtec.com
      Cc: mmarek@suse.cz
      Cc: swarren@nvidia.com
      Cc: linux-mips@linux-mips.org
      Cc: linux-kbuild@vger.kernel.org
      Cc: james.hogan@imgtec.com
      Patchwork: https://patchwork.linux-mips.org/patch/5859/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      66b10574
    • Markos Chandras's avatar
      MIPS: PCI: pci-bcm1480: Include missing vt.h header · 88f02518
      Markos Chandras authored
      It's needed for the MAX_NR_CONSOLES macro.
      
      Fixes the following build problem on a randconfig:
      
      arch/mips/pci/pci-bcm1480.c: In function 'bcm1480_pcibios_init':
      arch/mips/pci/pci-bcm1480.c:261:36: error: 'MAX_NR_CONSOLES'
      undeclared (first use in this function)
      arch/mips/pci/pci-bcm1480.c:261:36: note: each undeclared
      identifier is reported only once for each function it appears in
      make[1]: *** [arch/mips/pci/pci-bcm1480.o] Error 1
      Signed-off-by: default avatarMarkos Chandras <markos.chandras@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/5858/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      88f02518
    • Ralf Baechle's avatar
      MIPS: Disable usermode switching of the FR bit for MIPS R5 CPUs. · 8b8a7634
      Ralf Baechle authored
      Currently the kernel will always use the FR=0 register model for O32.  If
      an O32 application did enable FR=1 mode, some data from another application
      might be leaked in the extra registers becoming visible.
      
      Iow, this patch is meant to make the kernel MIPS R5 tolerant but leaves
      proper MIPS R5 support to a future patchset.
      Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      8b8a7634
    • Ralf Baechle's avatar
      MIPS: Add MIPS R5 config5 register. · 2f9ee82c
      Ralf Baechle authored
      Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      2f9ee82c
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · ed24fee2
      Linus Torvalds authored
      Pull drm radeon/nouveau/core fixes from Dave Airlie:
       "Mostly radeon fixes, with some nouveau bios parser, ttm fix and a fix
        for AST driver"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (42 commits)
        drm/fb-helper: don't sleep for screen unblank when an oops is in progress
        drm, ttm Fix uninitialized warning
        drm/ttm: fix the tt_populated check in ttm_tt_destroy()
        drm/nouveau/ttm: prevent double-free in nouveau_sgdma_create_ttm() failure path
        drm/nouveau/bios/init: fix thinko in INIT_CONFIGURE_MEM
        drm/nouveau/kms: enable for non-vga pci classes
        drm/nouveau/bios/init: stub opcode 0xaa
        drm/radeon: avoid UVD corruptions on AGP cards
        drm/radeon: fix panel scaling with eDP and LVDS bridges
        drm/radeon/dpm: rework auto performance level enable
        drm/radeon: Fix hmdi typo
        drm/radeon/dpm/rs780: fix force_performance state for same sclks
        drm/radeon/dpm/rs780: don't enable sclk scaling if not required
        drm/radeon/dpm/rs780: add some sanity checking to sclk scaling
        drm/radeon/dpm/rs780: use drm_mode_vrefresh()
        drm/udl: rip out set_need_resched
        drm/ast: fix the ast open key function
        drm/radeon/dpm: add bapm callback for kb/kv
        drm/radeon/dpm: add bapm callback for trinity
        drm/radeon/dpm: add infrastructure to properly handle bapm
        ...
      ed24fee2
    • Daniel Vetter's avatar
      drm/fb-helper: don't sleep for screen unblank when an oops is in progress · 928c2f0c
      Daniel Vetter authored
      Otherwise the system will burn even brighter and worse, leave the user
      wondering what's going on exactly.
      
      Since we already have a panic handler which will (try) to restore the
      entire fbdev console mode, we can just bail out.  Inspired by a patch from
      Konstantin Khlebnikov.  The callchain leading to this, cut&pasted from
      Konstantin's original patch:
      
      callstack:
      panic()
      bust_spinlocks(1)
      unblank_screen()
      vc->vc_sw->con_blank()
      fbcon_blank()
      fb_blank()
      info->fbops->fb_blank()
      drm_fb_helper_blank()
      drm_fb_helper_dpms()
      drm_modeset_lock_all()
      mutex_lock(&dev->mode_config.mutex)
      
      Note that the entire locking in the fb helper around panic/sysrq and kdbg
      is ...  non-existant.  So we have a decent change of blowing up
      everything.  But since reworking this ties in with funny concepts like the
      fbdev notifier chain or the impressive things which happen around
      console_lock while oopsing, I'll leave that as an exercise for braver
      souls than me.
      Signed-off-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Cc: Konstantin Khlebnikov <khlebnikov@openvz.org>
      Cc: Dave Airlie <airlied@gmail.com>
      Reviewed-by: default avatarRob Clark <robdclark@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      928c2f0c
    • Sudeep KarkadaNagesha's avatar
      ARM: shmobile: change dev_id to cpu0 while registering cpu clock · e4a6a29d
      Sudeep KarkadaNagesha authored
      Currently all clkdev registration use "cpufreq-cpu0.0" as dev_id
      for cpu clock which refers to virtual platform device. It needs to
      be "cpu0" instead which is actual cpu0 device id.
      
      This patch changes the dev_id from "cpufreq-cpu0.0" to "cpu0".
      Reported-and-tested-by: default avatarGuennadi Liakhovetski <g.liakhovetski@gmx.de>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: Magnus Damm <damm@opensource.se>
      Signed-off-by: default avatarSudeep KarkadaNagesha <sudeep.karkadanagesha@arm.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      e4a6a29d
    • Sudeep KarkadaNagesha's avatar
      ARM: i.MX: change dev_id to cpu0 while registering cpu clock · 3d10a887
      Sudeep KarkadaNagesha authored
      Currently all clkdev registration use "cpufreq-cpu0.0" as dev_id
      for cpu clock which refers to virtual platform device. It needs to
      be "cpu0" instead which is actual cpu0 device id.
      
      This patch changes the dev_id from "cpufreq-cpu0.0" to "cpu0".
      Reported-by: default avatarGuennadi Liakhovetski <g.liakhovetski@gmx.de>
      Tested-by: default avatarShawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarSudeep KarkadaNagesha <sudeep.karkadanagesha@arm.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      3d10a887
    • Sudeep KarkadaNagesha's avatar
      cpufreq: imx6q-cpufreq: assign cpu_dev correctly to cpu0 device · b494b48d
      Sudeep KarkadaNagesha authored
      Commit cdc58d60 "cpufreq: imx6q-cpufreq:
      remove device tree parsing for cpu nodes" assumed the pdev->dev is set to
      cpu0 device in the platform code. But it actually points to the virtual
      cpufreq-cpu0 platform device which is not present in the device tree.
      Most of the information needed by cpufreq is stored in cpu0 DT node.
      So cpu_dev must point to cpu0 device.
      
      This patch fixes the wrong assignment to cpu_dev.
      Reported-by: default avatarGuennadi Liakhovetski <g.liakhovetski@gmx.de>
      Tested-by: default avatarShawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarSudeep KarkadaNagesha <sudeep.karkadanagesha@arm.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      b494b48d
    • Sudeep KarkadaNagesha's avatar
      cpufreq: cpufreq-cpu0: assign cpu_dev correctly to cpu0 device · e1825b25
      Sudeep KarkadaNagesha authored
      Commit f837a9b5 "cpufreq: cpufreq-cpu0:
      remove device tree parsing for cpu nodes" assumed the pdev->dev is set to
      cpu0 device in the platform code. But it actually points to the virtual
      cpufreq-cpu0 platform device which is not present in the device tree.
      Most of the information needed by cpufreq is stored in cpu0 DT node.
      So cpu_dev must point to cpu0 device.
      
      This patch fixes the wrong assignment to cpu_dev.
      Reported-and-tested-by: default avatarGuennadi Liakhovetski <g.liakhovetski@gmx.de>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarSudeep KarkadaNagesha <sudeep.karkadanagesha@arm.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      e1825b25
    • Prarit Bhargava's avatar
      drm, ttm Fix uninitialized warning · bcf73a10
      Prarit Bhargava authored
      Fix uninitialized warning.
      
      drivers/gpu/drm/ttm/ttm_object.c: In function ‘ttm_base_object_lookup’:
      drivers/gpu/drm/ttm/ttm_object.c:213:10: error: ‘base’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
        kref_put(&base->refcount, ttm_release_base);
                ^
      drivers/gpu/drm/ttm/ttm_object.c:221:26: note: ‘base’ was declared here
        struct ttm_base_object *base;
      Signed-off-by: default avatarPrarit Bhargava <prarit@redhat.com>
      Reviewed-by: default avatarRob Clark <robdclark@gmail.com>
      Reviewed-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      bcf73a10
    • Ben Skeggs's avatar
      drm/ttm: fix the tt_populated check in ttm_tt_destroy() · 182b17c8
      Ben Skeggs authored
      After a vmalloc failure in ttm_dma_tt_alloc_page_directory(),
      ttm_dma_tt_init() will call ttm_tt_destroy() to cleanup, and end up
      inside the driver's unpopulate() hook when populate() has never yet
      been called.
      
      On nouveau, the first issue to be hit because of this is that
      dma_address[] may be a NULL pointer.  After working around this,
      ttm_pool_unpopulate() may potentially hit the same issue with
      the pages[] array.
      
      It seems to make more sense to avoid calling unpopulate on already
      unpopulated TTMs than to add checks to all the implementations.
      Signed-off-by: default avatarBen Skeggs <bskeggs@redhat.com>
      Reviewed-by: default avatarThomas Hellstrom <thellstrom@vmware.com>
      Cc: stable@vger.kernel.org
      Cc: Jerome Glisse <jglisse@redhat.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      182b17c8
    • Dave Airlie's avatar
      Merge branch 'drm-nouveau-next' of... · 4f7d1bc9
      Dave Airlie authored
      Merge branch 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes
      
      A couple of bios parser fixes (one for ancient chips, another for new ones - important in Optimus configs).  Another to make sure KMS is enabled on certain Optimus configs, and a TTM failure path fix.
      
      * 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
        drm/nouveau/ttm: prevent double-free in nouveau_sgdma_create_ttm() failure path
        drm/nouveau/bios/init: fix thinko in INIT_CONFIGURE_MEM
        drm/nouveau/kms: enable for non-vga pci classes
        drm/nouveau/bios/init: stub opcode 0xaa
      4f7d1bc9