1. 07 Mar, 2014 3 commits
  2. 05 Mar, 2014 6 commits
    • Barry Song's avatar
      pinctrl: sirf: fix kernel panic in gpio_lock_as_irq · e291fd20
      Barry Song authored
      commit 655dada6 causes kernel panic, this patch fixes it.
      
          [    1.197816] [ffffffee] *pgd=0d7fd821, *pte=00000000, *ppte=00000000
          [    1.204070] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
          [    1.209447] Modules linked in:
          [    1.212490] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.14.0-rc1 #3
          [    1.218737] task: cd03c000 ti: cd040000 task.ti: cd040000
          [    1.224127] PC is at gpiod_lock_as_irq+0xc/0x64
          [    1.228634] LR is at sirfsoc_gpio_irq_startup+0x18/0x44
          [    1.233842] pc : [<c01d3990>]    lr : [<c01d1c38>]    psr: a0000193
          [    1.233842] sp : cd041d30  ip : 00000000  fp : 00000000
          [    1.245296] r10: 00000000  r9 : cd023db4  r8 : 60000113
          [    1.250505] r7 : 0000003e  r6 : cd023dd4  r5 : c06bfa54  r4 : cd023d80
          [    1.257014] r3 : 00000020  r2 : 00000000  r1 : ffffffea  r0 : ffffffea
          [    1.263526] Flags: NzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
          [    1.270903] Control: 10c53c7d  Table: 00004059  DAC: 00000015
          [    1.276631] Process swapper/0 (pid: 1, stack limit = 0xcd040240)
          [    1.282620] Stack: (0xcd041d30 to 0xcd042000)
          [    1.286963] 1d20:                                     cd023d80 c01d1c38 c01d1c20 cd023d80
          [    1.295124] 1d40: 00000001 c0068438 cd023d80 ccb6d880 cd023dd4 c0067044 0000718e c006719c
          [    1.286963] 1d20:                                     cd023d80 c01d1c38 c01d1c20 cd023d80
          [    1.295124] 1d40: 00000001 c0068438 cd023d80 ccb6d880 cd023dd4 c0067044 0000718e c006719c
          [    1.295124] 1d40: 00000001 c0068438 cd023d80 ccb6d880 cd023dd4 c0067044 0000718e c006719c
          [    1.303283] 1d60: 00000800 00000083 ccb6d880 cd023d80 c02b41d8 00000083 0000003e ccb7c410
          [    1.311442] 1d80: 00000000 c00671dc 00000083 0000003e c02b41d8 cd3dd5c0 0000003e ccb7c634
          [    1.319601] 1da0: cd040030 c00672a8 cd3dd5c0 ccb7c410 ccb6d340 ccb7c410 ccb6d340 cd3dd400
          [    1.327760] 1dc0: cd3dd410 c02b4434 ccb7c410 c01265a8 00000001 cd3dd410 c0687108 00000000
          [    1.335919] 1de0: c0687108 00000000 00000000 c0240170 c0240158 cd3dd410 c06c30d0 c023e8bc
          [    1.344079] 1e00: c023e9d4 00000000 cd3dd410 c023e9d4 c0682150 c023cf88 cd003e98 cd2d50c4
          [    1.352238] 1e20: cd3dd410 cd3dd444 c06822f0 c023e768 cd3dd418 cd3dd410 c06822f0 c023de14
          [    1.360397] 1e40: cd3dd418 00000000 cd3dd410 c023c398 cd041e78 cd041ea8 cd3dd400 cd3dd410
          [    1.368556] 1e60: 00000083 00000000 cd3dd400 cd3dd410 00000083 000000c8 c04e00c8 c023fee8
          [    1.376715] 1e80: 00000000 cd041ea8 cd3dd400 00000001 00000083 c024048c c0435ef8 c0434dec
          [    1.384874] 1ea0: c068da58 c04c6d04 c0682150 c0435ef8 ffffffff 00000000 00000000 c068da58
          [    1.393033] 1ec0: 00000020 00000000 00000000 00000000 c05dabb8 00000007 c068d640 c068d640
          [    1.401193] 1ee0: c04c247c c04c249c 00000000 c00088e8 cd004c00 c043bbb8 cd029180 c03812a0
          [    1.409352] 1f00: 00000000 00000000 60000113 c0673728 60000113 c0673728 00000000 00000000
          [    1.417511] 1f20: cd7fce01 c0390a54 00000065 c003a81c c049e8bc 00000007 cd7fce0e 00000007
          [    1.425670] 1f40: 00000000 c05dabb8 00000007 c068d640 c068d640 c04c050c c04e00c8 00000065
          [    1.433829] 1f60: c04e00c0 c04c0c54 00000007 00000007 c04c050c c037d8fc cd03c000 c004322c
          [    1.441988] 1f80: c0662b40 0000d640 c03737c0 00000000 00000000 00000000 00000000 00000000
          [    1.450147] 1fa0: 00000000 c03737cc 00000000 c000e478 00000000 00000000 00000000 00000000
          [    1.458307] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
          [    1.466467] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 0002d481 05014092
          [    1.474640] [<c01d3990>] (gpiod_lock_as_irq) from [<c01d1c38>] (sirfsoc_gpio_irq_startup+0x18/0x44)
          [    1.483661] [<c01d1c38>] (sirfsoc_gpio_irq_startup) from [<c0068438>] (irq_startup+0x34/0x6c)
          [    1.492163] [<c0068438>] (irq_startup) from [<c0067044>] (__setup_irq+0x450/0x4b8)
          [    1.499714] [<c0067044>] (__setup_irq) from [<c00671dc>] (request_threaded_irq+0xa8/0x128)
          [    1.507960] [<c00671dc>] (request_threaded_irq) from [<c00672a8>] (request_any_context_irq+0x4c/0x7c)
          [    1.517164] [<c00672a8>] (request_any_context_irq) from [<c02b4434>] (gpio_extcon_probe+0x144/0x1d4)
          [    1.526279] [<c02b4434>] (gpio_extcon_probe) from [<c0240170>] (platform_drv_probe+0x18/0x48)
          [    1.534783] [<c0240170>] (platform_drv_probe) from [<c023e8bc>] (driver_probe_device+0x120/0x238)
          [    1.543641] [<c023e8bc>] (driver_probe_device) from [<c023cf88>] (bus_for_each_drv+0x58/0x8c)
          [    1.552143] [<c023cf88>] (bus_for_each_drv) from [<c023e768>] (device_attach+0x74/0x88)
          [    1.560126] [<c023e768>] (device_attach) from [<c023de14>] (bus_probe_device+0x84/0xa8)
          [    1.568113] [<c023de14>] (bus_probe_device) from [<c023c398>] (device_add+0x440/0x520)
          [    1.576012] [<c023c398>] (device_add) from [<c023fee8>] (platform_device_add+0xb4/0x214)
          [    1.584084] [<c023fee8>] (platform_device_add) from [<c024048c>] (platform_device_register_full+0xb8/0xdc)
          [    1.593719] [<c024048c>] (platform_device_register_full) from [<c04c6d04>] (sirfsoc_init_late+0xec/0xf4)
          [    1.603185] [<c04c6d04>] (sirfsoc_init_late) from [<c04c249c>] (init_machine_late+0x20/0x28)
          [    1.611603] [<c04c249c>] (init_machine_late) from [<c00088e8>] (do_one_initcall+0xf8/0x144)
          [    1.619934] [<c00088e8>] (do_one_initcall) from [<c04c0c54>] (kernel_init_freeable+0x13c/0x1dc)
          [    1.628620] [<c04c0c54>] (kernel_init_freeable) from [<c03737cc>] (kernel_init+0xc/0x118)
      Signed-off-by: default avatarBarry Song <Baohua.Song@csr.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      e291fd20
    • Magnus Damm's avatar
      pinctrl: sh-pfc: r8a7791: SD1_CLK fix · b5973fcd
      Magnus Damm authored
      Fix the SD1_CLK handling for r8a7791. Without this patch
      it is impossible to request all pins needed for SDHI1 on
      the Koelsch board.
      Signed-off-by: default avatarMagnus Damm <damm@opensource.se>
      Acked-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      b5973fcd
    • Josh Cartwright's avatar
      pinctrl: msm: make PINCTRL_MSM bool instead of tristate · 5ba34160
      Josh Cartwright authored
      Modular builds of pinctrl-msm break due to handle_bad_irq being
      unexported for module use.  For now, make PINCTRL_MSM 'bool'.
      Signed-off-by: default avatarJosh Cartwright <joshc@codeaurora.org>
      Reviewed-by: default avatarBjorn Andersson <bjorn.andersson@sonymobile.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      5ba34160
    • Hans de Goede's avatar
      pinctrl: sunxi: Fix interrupt register offset calculation · ef5aff05
      Hans de Goede authored
      This fixing setting the interrupt type for eints >= 8.
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Acked-by: default avatarMaxime Ripard <maxime.ripard@free-electrons.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      ef5aff05
    • Hans de Goede's avatar
    • Chen-Yu Tsai's avatar
      pinctrl: sunxi: use chained_irq_{enter, exit} for GIC compatibility · 905a5117
      Chen-Yu Tsai authored
      On tha Allwinner A20 SoC, the external interrupts on the pin controller
      device are connected to the GIC. Without chained_irq_{enter, exit},
      external GPIO interrupts, such as used by mmc core card detect, cause
      the system to hang.
      
      This issue was first encountered during my attempt to get out-of-band
      interrupts for WiFi on the Cubietruck working. With David's new series
      of sunci-mci using mmc slot-gpio for (GPIO interrupt based) card
      detection, removing the SD card also causes my Cubietruck to hang. This
      problem should extend to all Allwinner A20 based boards.
      
      With this fix, the system no longer hangs when I remove or insert the
      SD card. /proc/interrupts show that the interrupt has correctly fired.
      However the system still does not detect card removal/insertion. I
      believe this is another unrelated issue.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarChen-Yu Tsai <wens@csie.org>
      Acked-by: default avatarMaxime Ripard <maxime.ripard@free-electrons.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      905a5117
  3. 04 Mar, 2014 23 commits
    • Mark Salter's avatar
      c6x: fix build failure caused by cache.h · ae72758f
      Mark Salter authored
      A patch to linux/irqflags.h uncovered a problem with c6x asm/cache.h
      which causes a build failure:
      
      /arch/c6x/include/asm/cache.h:63:20: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘c6x_cache_init’
       extern void __init c6x_cache_init(void);
      
      The asm/cache.h was relying on linux/irqflags.h to pull in linux/init.h
      but the recent patch changed that. The c6x header should have included
      linux/init.h all along.
      Signed-off-by: default avatarMark Salter <msalter@redhat.com>
      ae72758f
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c3bebc71
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix memory leak in ieee80211_prep_connection(), sta_info leaked on
          error.  From Eytan Lifshitz.
      
       2) Unintentional switch case fallthrough in nft_reject_inet_eval(),
          from Patrick McHardy.
      
       3) Must check if payload lenth is a power of 2 in
          nft_payload_select_ops(), from Nikolay Aleksandrov.
      
       4) Fix mis-checksumming in xen-netfront driver, ip_hdr() is not in the
          correct place when we invoke skb_checksum_setup().  From Wei Liu.
      
       5) TUN driver should not advertise HW vlan offload features in
          vlan_features.  Fix from Fernando Luis Vazquez Cao.
      
       6) IPV6_VTI needs to select NET_IPV_TUNNEL to avoid build errors, fix
          from Steffen Klassert.
      
       7) Add missing locking in xfrm_migrade_state_find(), we must hold the
          per-namespace xfrm_state_lock while traversing the lists.  Fix from
          Steffen Klassert.
      
       8) Missing locking in ath9k driver, access to tid->sched must be done
          under ath_txq_lock().  Fix from Stanislaw Gruszka.
      
       9) Fix two bugs in TCP fastopen.  First respect the size argument given
          to tcp_sendmsg() in the fastopen path, and secondly prevent
          tcp_send_syn_data() from potentially using order-5 allocations.
          From Eric Dumazet.
      
      10) Fix handling of default neigh garbage collection params, from Jiri
          Pirko.
      
      11) Fix cwnd bloat and over-inflation of RTT when transmit segmentation
          is in use.  From Eric Dumazet.
      
      12) Missing initialization of Realtek r8169 driver's statistics
          seqlocks.  Fix from Kyle McMartin.
      
      13) Fix RTNL assertion failures in 802.3ad and AB ARP monitor of bonding
          driver, from Ding Tianhong.
      
      14) Bonding slave release race can cause divide by zero, fix from
          Nikolay Aleksandrov.
      
      15) Overzealous return from neigh_periodic_work() causes reachability
          time to not be computed.  Fix from Duain Jiong.
      
      16) Fix regression in ipv6_find_hdr(), it should not return -ENOENT when
          a specific target is specified and found.  From Hans Schillstrom.
      
      17) Fix VLAN tag stripping regression in BNA driver, from Ivan Vecera.
      
      18) Tail loss probe can calculate bogus RTTs due to missing packet
          marking on retransmit.  Fix from Yuchung Cheng.
      
      19) We cannot do skb_dst_drop() in iptunnel_pull_header() because
          multicast loopback detection in later code paths need access to
          skb_rtable().  Fix from Xin Long.
      
      20) The macvlan driver regresses in that it propagates lower device
          offload support disables into itself, causing severe slowdowns when
          running over a bridge.  Provide the software offloads always on
          macvlan devices to deal with this and the regression is gone.  From
          Vlad Yasevich.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (103 commits)
        macvlan: Add support for 'always_on' offload features
        net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
        ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer
        net: cpsw: fix cpdma rx descriptor leak on down interface
        be2net: isolate TX workarounds not applicable to Skyhawk-R
        be2net: Fix skb double free in be_xmit_wrokarounds() failure path
        be2net: clear promiscuous bits in adapter->flags while disabling promiscuous mode
        be2net: Fix to reset transparent vlan tagging
        qlcnic: dcb: a couple off by one bugs
        tcp: fix bogus RTT on special retransmission
        hsr: off by one sanity check in hsr_register_frame_in()
        can: remove CAN FD compatibility for CAN 2.0 sockets
        can: flexcan: factor out soft reset into seperate funtion
        can: flexcan: flexcan_remove(): add missing netif_napi_del()
        can: flexcan: fix transition from and to freeze mode in chip_{,un}freeze
        can: flexcan: factor out transceiver {en,dis}able into seperate functions
        can: flexcan: fix transition from and to low power mode in chip_{en,dis}able
        can: flexcan: flexcan_open(): fix error path if flexcan_chip_start() fails
        can: flexcan: fix shutdown: first disable chip, then all interrupts
        USB AX88179/178A: Support D-Link DUB-1312
        ...
      c3bebc71
    • Linus Torvalds's avatar
      Merge tag 'regulator-v3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator · 16e3f539
      Linus Torvalds authored
      Pull regulator fixes from Mark Brown:
       "A couple of fixes here which ensure that regulators using the core
        support for GPIO enables work in all cases by ensuring that helpers
        are used consistently rather than open coding in places and hence not
        having GPIO support in some of them"
      
      * tag 'regulator-v3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: core: Replace direct ops->disable usage
        regulator: core: Replace direct ops->enable usage
      16e3f539
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew Morton) · 3f803abf
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton.
      
      * emailed patches from Andrew Morton akpm@linux-foundation.org>:
        mm: page_alloc: exempt GFP_THISNODE allocations from zone fairness
        mm: numa: bugfix for LAST_CPUPID_NOT_IN_PAGE_FLAGS
        MAINTAINERS: add and correct types of some "T:" entries
        MAINTAINERS: use tab for separator
        rapidio/tsi721: fix tasklet termination in dma channel release
        hfsplus: fix remount issue
        zram: avoid null access when fail to alloc meta
        sh: prefix sh-specific "CCR" and "CCR2" by "SH_"
        ocfs2: fix quota file corruption
        drivers/rtc/rtc-s3c.c: fix incorrect way of save/restore of S3C2410_TICNT for TYPE_S3C64XX
        kallsyms: fix absolute addresses for kASLR
        scripts/gen_initramfs_list.sh: fix flags for initramfs LZ4 compression
        mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid m(un)locking
        memcg: reparent charges of children before processing parent
        memcg: fix endless loop in __mem_cgroup_iter_next()
        lib/radix-tree.c: swapoff tmpfs radix_tree: remember to rcu_read_unlock
        dma debug: account for cachelines and read-only mappings in overlap tracking
        mm: close PageTail race
        MAINTAINERS: EDAC: add Mauro and Borislav as interim patch collectors
      3f803abf
    • Johannes Weiner's avatar
      mm: page_alloc: exempt GFP_THISNODE allocations from zone fairness · 27329369
      Johannes Weiner authored
      Jan Stancek reports manual page migration encountering allocation
      failures after some pages when there is still plenty of memory free, and
      bisected the problem down to commit 81c0a2bb ("mm: page_alloc: fair
      zone allocator policy").
      
      The problem is that GFP_THISNODE obeys the zone fairness allocation
      batches on one hand, but doesn't reset them and wake kswapd on the other
      hand.  After a few of those allocations, the batches are exhausted and
      the allocations fail.
      
      Fixing this means either having GFP_THISNODE wake up kswapd, or
      GFP_THISNODE not participating in zone fairness at all.  The latter
      seems safer as an acute bugfix, we can clean up later.
      Reported-by: default avatarJan Stancek <jstancek@redhat.com>
      Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Acked-by: default avatarRik van Riel <riel@redhat.com>
      Acked-by: default avatarMel Gorman <mgorman@suse.de>
      Cc: <stable@kernel.org>		[3.12+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      27329369
    • Liu Ping Fan's avatar
      mm: numa: bugfix for LAST_CPUPID_NOT_IN_PAGE_FLAGS · 1ae71d03
      Liu Ping Fan authored
      When doing some numa tests on powerpc, I triggered an oops bug.  I find
      it is caused by using page->_last_cpupid.  It should be initialized as
      "-1 & LAST_CPUPID_MASK", but not "-1".  Otherwise, in task_numa_fault(),
      we will miss the checking (last_cpupid == (-1 & LAST_CPUPID_MASK)).  And
      finally cause an oops bug in task_numa_group(), since the online cpu is
      less than possible cpu.  This happen with CONFIG_SPARSE_VMEMMAP disabled
      
      Call trace:
      
        SMP NR_CPUS=64 NUMA PowerNV
        Modules linked in:
        CPU: 24 PID: 804 Comm: systemd-udevd Not tainted3.13.0-rc1+ #32
        task: c000001e2746aa80 ti: c000001e32c50000 task.ti:c000001e32c50000
        REGS: c000001e32c53510 TRAP: 0300   Not tainted(3.13.0-rc1+)
        MSR: 9000000000009032 <SF,HV,EE,ME,IR,DR,RI>  CR:28024424  XER: 20000000
        CFAR: c000000000009324 DAR: 7265717569726857 DSISR:40000000 SOFTE: 1
        NIP  .task_numa_fault+0x1470/0x2370
        LR  .task_numa_fault+0x1468/0x2370
        Call Trace:
         .task_numa_fault+0x1468/0x2370 (unreliable)
         .do_numa_page+0x480/0x4a0
         .handle_mm_fault+0x4ec/0xc90
         .do_page_fault+0x3a8/0x890
         handle_page_fault+0x10/0x30
        Instruction dump:
        3c82fefb 3884b138 48d9cff1 60000000 48000574 3c62fefb3863af78 3c82fefb
        3884b138 48d9cfd5 60000000 e93f0100 <812902e4> 7d2907b45529063e 7d2a07b4
        ---[ end trace 15f2510da5ae07cf ]---
      Signed-off-by: default avatarLiu Ping Fan <pingfank@linux.vnet.ibm.com>
      Signed-off-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Acked-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Mel Gorman <mel@csn.ul.ie>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1ae71d03
    • Joe Perches's avatar
      MAINTAINERS: add and correct types of some "T:" entries · cea8321c
      Joe Perches authored
      Tree location entries should start with the appropriate type.
      
      Add git to some, hg to another.
      
      Neaten tree type description.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cea8321c
    • Joe Perches's avatar
      MAINTAINERS: use tab for separator · b75f0050
      Joe Perches authored
      Convert whitespace to single tab for separators.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b75f0050
    • Alexandre Bounine's avatar
      rapidio/tsi721: fix tasklet termination in dma channel release · 04379dff
      Alexandre Bounine authored
      This patch is a modification of the patch originally proposed by
      Xiaotian Feng <xtfeng@gmail.com>: https://lkml.org/lkml/2012/11/5/413
      This new version disables DMA channel interrupts and ensures that the
      tasklet wil not be scheduled again before calling tasklet_kill().
      
      Unfortunately the updated patch was not released at that time due to
      planned rework of Tsi721 mport driver to use threaded interrupts (which
      has yet to happen).  Recently the issue was reported again:
      https://lkml.org/lkml/2014/2/19/762.
      
      Description from the original Xiaotian's patch:
      
       "Some drivers use tasklet_disable in device remove/release process,
        tasklet_disable will inc tasklet->count and return.  If the tasklet is
        not handled yet under some softirq pressure, the tasklet will be
        placed on the tasklet_vec, never have a chance to be excuted.  This
        might lead to a heavy loaded ksoftirqd, wakeup with pending_softirq,
        but tasklet is disabled.  tasklet_kill should be used in this case."
      
      This patch is applicable to kernel versions starting from v3.5.
      Signed-off-by: default avatarAlexandre Bounine <alexandre.bounine@idt.com>
      Cc: Matt Porter <mporter@kernel.crashing.org>
      Cc: Xiaotian Feng <xtfeng@gmail.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Mike Galbraith <bitbucket@online.de>
      Cc: <stable@vger.kernel.org>	[3.5+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      04379dff
    • Vyacheslav Dubeyko's avatar
      hfsplus: fix remount issue · bd2c0035
      Vyacheslav Dubeyko authored
      Current implementation of HFS+ driver has small issue with remount
      option.  Namely, for example, you are unable to remount from RO mode
      into RW mode by means of command "mount -o remount,rw /dev/loop0
      /mnt/hfsplus".  Trying to execute sequence of commands results in an
      error message:
      
        mount /dev/loop0 /mnt/hfsplus
        mount -o remount,ro /dev/loop0 /mnt/hfsplus
        mount -o remount,rw /dev/loop0 /mnt/hfsplus
      
        mount: you must specify the filesystem type
      
        mount -t hfsplus -o remount,rw /dev/loop0 /mnt/hfsplus
      
        mount: /mnt/hfsplus not mounted or bad option
      
      The reason of such issue is failure of mount syscall:
      
        mount("/dev/loop0", "/mnt/hfsplus", 0x2282a60, MS_MGC_VAL|MS_REMOUNT, NULL) = -1 EINVAL (Invalid argument)
      
      Namely, hfsplus_parse_options_remount() method receives empty "input"
      argument and return false in such case.  As a result, hfsplus_remount()
      returns -EINVAL error code.
      
      This patch fixes the issue by means of return true for the case of empty
      "input" argument in hfsplus_parse_options_remount() method.
      Signed-off-by: default avatarVyacheslav Dubeyko <slava@dubeyko.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Christoph Hellwig <hch@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bd2c0035
    • Minchan Kim's avatar
      zram: avoid null access when fail to alloc meta · db5d711e
      Minchan Kim authored
      zram_meta_alloc could fail so caller should check it.  Otherwise, your
      system will hang.
      Signed-off-by: default avatarMinchan Kim <minchan@kernel.org>
      Acked-by: default avatarJerome Marchand <jmarchan@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      db5d711e
    • Geert Uytterhoeven's avatar
      sh: prefix sh-specific "CCR" and "CCR2" by "SH_" · a5f6ea29
      Geert Uytterhoeven authored
      Commit bcf24e1d ("mmc: omap_hsmmc: use the generic config for
      omap2plus devices"), enabled the build for other platforms for compile
      testing.
      
      sh-allmodconfig now fails with:
      
          include/linux/omap-dma.h:171:8: error: expected identifier before numeric constant
          make[4]: *** [drivers/mmc/host/omap_hsmmc.o] Error 1
      
      This happens because SuperH #defines "CCR", which is one of the enum
      values in include/linux/omap-dma.h.  There's a similar issue with "CCR2"
      on sh2a.
      
      As "CCR" and "CCR2" are too generic names for global #defines, prefix
      them with "SH_" to fix this.
      Signed-off-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a5f6ea29
    • Jan Kara's avatar
      ocfs2: fix quota file corruption · 15c34a76
      Jan Kara authored
      Global quota files are accessed from different nodes.  Thus we cannot
      cache offset of quota structure in the quota file after we drop our node
      reference count to it because after that moment quota structure may be
      freed and reallocated elsewhere by a different node resulting in
      corruption of quota file.
      
      Fix the problem by clearing dq_off when we are releasing dquot structure.
      We also remove the DB_READ_B handling because it is useless -
      DQ_ACTIVE_B is set iff DQ_READ_B is set.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Cc: Goldwyn Rodrigues <rgoldwyn@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      15c34a76
    • Vikas Sajjan's avatar
      drivers/rtc/rtc-s3c.c: fix incorrect way of save/restore of S3C2410_TICNT for TYPE_S3C64XX · 40d2d968
      Vikas Sajjan authored
      On exynos5250, exynos5420 and exynos5260 it was observed that, after 1
      cycle of S2R, the rtc-tick occurs at a very fast rate as compared to the
      rtc-tick occuring before S2R.
      
      This patch fixes the above issue by correcting the wrong way of
      save/restore of S3C2410_TICNT for TYPE_S3C64XX.
      Signed-off-by: default avatarVikas Sajjan <vikas.sajjan@samsung.com>
      Cc: Grant Likely <grant.likely@linaro.org>
      Cc: Rob Herring <robh+dt@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      40d2d968
    • Andy Honig's avatar
      kallsyms: fix absolute addresses for kASLR · 0f55159d
      Andy Honig authored
      Currently symbols that are absolute addresses are incorrectly displayed
      in /proc/kallsyms if the kernel is loaded with kASLR.
      
      The problem was that the scripts/kallsyms.c file which generates the
      array of symbol names and addresses uses an relocatable value for all
      symbols, even absolute symbols.  This patch fixes that.
      
      Several kallsyms output in different boot states for comparison:
      
        $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.nokaslr
        0000000000000000 D __per_cpu_start
        0000000000014280 D __per_cpu_end
        ffffffff810001c8 T _stext
        $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr1
        000000001f200000 D __per_cpu_start
        000000001f214280 D __per_cpu_end
        ffffffffa02001c8 T _stext
        $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr2
        000000000d400000 D __per_cpu_start
        000000000d414280 D __per_cpu_end
        ffffffff8e4001c8 T _stext
        $ egrep '_(stext|_per_cpu_(start|end))' /root/kallsyms.kaslr-fixed
        0000000000000000 D __per_cpu_start
        0000000000014280 D __per_cpu_end
        ffffffffadc001c8 T _stext
      Signed-off-by: default avatarAndy Honig <ahonig@google.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0f55159d
    • Daniel M. Weeks's avatar
      scripts/gen_initramfs_list.sh: fix flags for initramfs LZ4 compression · 5ec384d4
      Daniel M. Weeks authored
      LZ4 as implemented in the kernel differs from the default method now
      used by the reference implementation of LZ4.  Until the in-kernel method
      is updated to support the new default, passing the legacy flag (-l) to
      the compressor is necessary.  Without this flag the kernel-generated,
      LZ4-compressed initramfs is junk.
      
      Kyungsik said:
      
      : It seems that lz4 supports legacy format with the same option as lz4c
      : does.  Just looking at the first few bytes of lz4 compressed image, we can
      : see whether it is new format or not.
      :
      : It shows new format magic number without this patch.  New format magic
      : number is 0x184d2204.
      :
      : $ hexdump -C ./initramfs_data.cpio.lz4 |more
      : 00000000  04 22 4d 18 64 70 b9 69 (Little Endian)
      : ...
      :
      : Currently kernel supports legacy format only.
      Signed-off-by: default avatarDaniel M. Weeks <dan@danweeks.net>
      Cc: Michal Marek <mmarek@suse.cz>
      Acked-by: default avatarKyungsik Lee <kyungsik.lee@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5ec384d4
    • Vlastimil Babka's avatar
      mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid m(un)locking · 9050d7eb
      Vlastimil Babka authored
      Daniel Borkmann reported a VM_BUG_ON assertion failing:
      
        ------------[ cut here ]------------
        kernel BUG at mm/mlock.c:528!
        invalid opcode: 0000 [#1] SMP
        Modules linked in: ccm arc4 iwldvm [...]
         video
        CPU: 3 PID: 2266 Comm: netsniff-ng Not tainted 3.14.0-rc2+ #8
        Hardware name: LENOVO 2429BP3/2429BP3, BIOS G4ET37WW (1.12 ) 05/29/2012
        task: ffff8801f87f9820 ti: ffff88002cb44000 task.ti: ffff88002cb44000
        RIP: 0010:[<ffffffff81171ad0>]  [<ffffffff81171ad0>] munlock_vma_pages_range+0x2e0/0x2f0
        Call Trace:
          do_munmap+0x18f/0x3b0
          vm_munmap+0x41/0x60
          SyS_munmap+0x22/0x30
          system_call_fastpath+0x1a/0x1f
        RIP   munlock_vma_pages_range+0x2e0/0x2f0
        ---[ end trace a0088dcf07ae10f2 ]---
      
      because munlock_vma_pages_range() thinks it's unexpectedly in the middle
      of a THP page.  This can be reproduced with default config since 3.11
      kernels.  A reproducer can be found in the kernel's selftest directory
      for networking by running ./psock_tpacket.
      
      The problem is that an order=2 compound page (allocated by
      alloc_one_pg_vec_page() is part of the munlocked VM_MIXEDMAP vma (mapped
      by packet_mmap()) and mistaken for a THP page and assumed to be order=9.
      
      The checks for THP in munlock came with commit ff6a6da6 ("mm:
      accelerate munlock() treatment of THP pages"), i.e.  since 3.9, but did
      not trigger a bug.  It just makes munlock_vma_pages_range() skip such
      compound pages until the next 512-pages-aligned page, when it encounters
      a head page.  This is however not a problem for vma's where mlocking has
      no effect anyway, but it can distort the accounting.
      
      Since commit 7225522b ("mm: munlock: batch non-THP page isolation
      and munlock+putback using pagevec") this can trigger a VM_BUG_ON in
      PageTransHuge() check.
      
      This patch fixes the issue by adding VM_MIXEDMAP flag to VM_SPECIAL, a
      list of flags that make vma's non-mlockable and non-mergeable.  The
      reasoning is that VM_MIXEDMAP vma's are similar to VM_PFNMAP, which is
      already on the VM_SPECIAL list, and both are intended for non-LRU pages
      where mlocking makes no sense anyway.  Related Lkml discussion can be
      found in [2].
      
       [1] tools/testing/selftests/net/psock_tpacket
       [2] https://lkml.org/lkml/2014/1/10/427Signed-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Reported-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Tested-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Cc: Thomas Hellstrom <thellstrom@vmware.com>
      Cc: John David Anglin <dave.anglin@bell.net>
      Cc: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
      Cc: Konstantin Khlebnikov <khlebnikov@openvz.org>
      Cc: Carsten Otte <cotte@de.ibm.com>
      Cc: Jared Hulbert <jaredeh@gmail.com>
      Tested-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: default avatarRik van Riel <riel@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: <stable@vger.kernel.org> [3.11.x+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9050d7eb
    • Filipe Brandenburger's avatar
      memcg: reparent charges of children before processing parent · 4fb1a86f
      Filipe Brandenburger authored
      Sometimes the cleanup after memcg hierarchy testing gets stuck in
      mem_cgroup_reparent_charges(), unable to bring non-kmem usage down to 0.
      
      There may turn out to be several causes, but a major cause is this: the
      workitem to offline parent can get run before workitem to offline child;
      parent's mem_cgroup_reparent_charges() circles around waiting for the
      child's pages to be reparented to its lrus, but it's holding
      cgroup_mutex which prevents the child from reaching its
      mem_cgroup_reparent_charges().
      
      Further testing showed that an ordered workqueue for cgroup_destroy_wq
      is not always good enough: percpu_ref_kill_and_confirm's call_rcu_sched
      stage on the way can mess up the order before reaching the workqueue.
      
      Instead, when offlining a memcg, call mem_cgroup_reparent_charges() on
      all its children (and grandchildren, in the correct order) to have their
      charges reparented first.
      
      Fixes: e5fca243 ("cgroup: use a dedicated workqueue for cgroup destruction")
      Signed-off-by: default avatarFilipe Brandenburger <filbranden@google.com>
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Reviewed-by: default avatarTejun Heo <tj@kernel.org>
      Acked-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: <stable@vger.kernel.org>	[v3.10+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4fb1a86f
    • Hugh Dickins's avatar
      memcg: fix endless loop in __mem_cgroup_iter_next() · ce48225f
      Hugh Dickins authored
      Commit 0eef6156 ("memcg: fix css reference leak and endless loop in
      mem_cgroup_iter") got the interaction with the commit a few before it
      d8ad3055 ("mm/memcg: iteration skip memcgs not yet fully
      initialized") slightly wrong, and we didn't notice at the time.
      
      It's elusive, and harder to get than the original, but for a couple of
      days before rc1, I several times saw a endless loop similar to that
      supposedly being fixed.
      
      This time it was a tighter loop in __mem_cgroup_iter_next(): because we
      can get here when our root has already been offlined, and the ordering
      of conditions was such that we then just cycled around forever.
      
      Fixes: 0eef6156 ("memcg: fix css reference leak and endless loop in mem_cgroup_iter").
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: <stable@vger.kernel.org>	[3.12+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ce48225f
    • Hugh Dickins's avatar
      lib/radix-tree.c: swapoff tmpfs radix_tree: remember to rcu_read_unlock · 5f30fc94
      Hugh Dickins authored
      Running fsx on tmpfs with concurrent memhog-swapoff-swapon, lots of
      
        BUG: sleeping function called from invalid context at kernel/fork.c:606
        in_atomic(): 0, irqs_disabled(): 0, pid: 1394, name: swapoff
        1 lock held by swapoff/1394:
         #0:  (rcu_read_lock){.+.+.+}, at: [<ffffffff812520a1>] radix_tree_locate_item+0x1f/0x2b6
      
      followed by
      
        ================================================
        [ BUG: lock held when returning to user space! ]
        3.14.0-rc1 #3 Not tainted
        ------------------------------------------------
        swapoff/1394 is leaving the kernel with locks still held!
        1 lock held by swapoff/1394:
         #0:  (rcu_read_lock){.+.+.+}, at: [<ffffffff812520a1>] radix_tree_locate_item+0x1f/0x2b6
      
      after which the system recovered nicely.
      
      Whoops, I long ago forgot the rcu_read_unlock() on one unlikely branch.
      
      Fixes e504f3fd ("tmpfs radix_tree: locate_item to speed up swapoff")
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5f30fc94
    • Dan Williams's avatar
      dma debug: account for cachelines and read-only mappings in overlap tracking · 3b7a6418
      Dan Williams authored
      While debug_dma_assert_idle() checks if a given *page* is actively
      undergoing dma the valid granularity of a dma mapping is a *cacheline*.
      Sander's testing shows that the warning message "DMA-API: exceeded 7
      overlapping mappings of pfn..." is falsely triggering.  The test is
      simply mapping multiple cachelines in a given page.
      
      Ultimately we want overlap tracking to be valid as it is a real api
      violation, so we need to track active mappings by cachelines.  Update
      the active dma tracking to use the page-frame-relative cacheline of the
      mapping as the key, and update debug_dma_assert_idle() to check for all
      possible mapped cachelines for a given page.
      
      However, the need to track active mappings is only relevant when the
      dma-mapping is writable by the device.  In fact it is fairly standard
      for read-only mappings to have hundreds or thousands of overlapping
      mappings at once.  Limiting the overlap tracking to writable
      (!DMA_TO_DEVICE) eliminates this class of false-positive overlap
      reports.
      
      Note, the radix gang lookup is sub-optimal.  It would be best if it
      stopped fetching entries once the search passed a page boundary.
      Nevertheless, this implementation does not perturb the original net_dma
      failing case.  That is to say the extra overhead does not show up in
      terms of making the failing case pass due to a timing change.
      
      References:
        http://marc.info/?l=linux-netdev&m=139232263419315&w=2
        http://marc.info/?l=linux-netdev&m=139217088107122&w=2Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      Reported-by: default avatarSander Eikelenboom <linux@eikelenboom.it>
      Reported-by: default avatarDave Jones <davej@redhat.com>
      Tested-by: default avatarDave Jones <davej@redhat.com>
      Tested-by: default avatarSander Eikelenboom <linux@eikelenboom.it>
      Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Cc: Francois Romieu <romieu@fr.zoreil.com>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: Wei Liu <wei.liu2@citrix.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3b7a6418
    • David Rientjes's avatar
      mm: close PageTail race · 668f9abb
      David Rientjes authored
      Commit bf6bddf1 ("mm: introduce compaction and migration for
      ballooned pages") introduces page_count(page) into memory compaction
      which dereferences page->first_page if PageTail(page).
      
      This results in a very rare NULL pointer dereference on the
      aforementioned page_count(page).  Indeed, anything that does
      compound_head(), including page_count() is susceptible to racing with
      prep_compound_page() and seeing a NULL or dangling page->first_page
      pointer.
      
      This patch uses Andrea's implementation of compound_trans_head() that
      deals with such a race and makes it the default compound_head()
      implementation.  This includes a read memory barrier that ensures that
      if PageTail(head) is true that we return a head page that is neither
      NULL nor dangling.  The patch then adds a store memory barrier to
      prep_compound_page() to ensure page->first_page is set.
      
      This is the safest way to ensure we see the head page that we are
      expecting, PageTail(page) is already in the unlikely() path and the
      memory barriers are unfortunately required.
      
      Hugetlbfs is the exception, we don't enforce a store memory barrier
      during init since no race is possible.
      Signed-off-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Holger Kiehl <Holger.Kiehl@dwd.de>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Rafael Aquini <aquini@redhat.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      668f9abb
    • Borislav Petkov's avatar
      MAINTAINERS: EDAC: add Mauro and Borislav as interim patch collectors · aa15aa0e
      Borislav Petkov authored
      We're more or less collecting EDAC patches already anyway so let's hold it
      down so that get_maintainer sees it too.
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Acked-by: default avatarMauro Carvalho Chehab <m.chehab@samsung.com>
      Cc: Doug Thompson <dougthompson@xmission.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      aa15aa0e
  4. 03 Mar, 2014 8 commits
    • Vlad Yasevich's avatar
      macvlan: Add support for 'always_on' offload features · 8b4703e9
      Vlad Yasevich authored
      Macvlan currently inherits all of its features from the lower
      device.  When lower device disables offload support, this causes
      macvlan to disable offload support as well.  This causes
      performance regression when using macvlan/macvtap in bridge
      mode.
      
      It can be easily demonstrated by creating 2 namespaces using
      macvlan in bridge mode and running netperf between them:
      
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.1 () port 0 AF_INET
      Recv   Send    Send
      Socket Socket  Message  Elapsed
      Size   Size    Size     Time     Throughput
      bytes  bytes   bytes    secs.    10^6bits/sec
      
       87380  16384  16384    20.00    1204.61
      
      To restore the performance, we add software offload features
      to the list of "always_on" features for macvlan.  This way
      when a namespace or a guest using macvtap initially sends a
      packet, this packet will not be segmented at macvlan level.
      It will only be segmented when macvlan sends the packet
      to the lower device.
      
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.1 () port 0 AF_INET
      Recv   Send    Send
      Socket Socket  Message  Elapsed
      Size   Size    Size     Time     Throughput
      bytes  bytes   bytes    secs.    10^6bits/sec
      
       87380  16384  16384    20.00    5507.35
      
      Fixes: 6acf54f1 (macvtap: Add support of packet capture on macvtap device.)
      Fixes: 797f87f8 (macvlan: fix netdev feature propagation from lower device)
      CC: Florian Westphal <fw@strlen.de>
      CC: Christian Borntraeger <borntraeger@de.ibm.com>
      CC: Jason Wang <jasowang@redhat.com>
      CC: Michael S. Tsirkin <mst@redhat.com>
      Tested-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8b4703e9
    • David S. Miller's avatar
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · 48235515
      David S. Miller authored
      John W. Linville says:
      
      ====================
      Please pull this batch of fixes intended for the 3.14 stream...
      
      For the mac80211 bits, Johannes says:
      
      "This time I have a fix to get out of an 'infinite error state' in case
      regulatory domain updates failed and two fixes for VHT associations: one
      to not disconnect immediately when the AP uses more bandwidth than the
      new regdomain would allow after a change due to association country
      information getting used, and one for an issue in the code where
      mac80211 doesn't correctly ignore a reserved field and then uses an HT
      instead of VHT association."
      
      For the iwlwifi bits, Emmanuel says:
      
      "Johannes fixes a long standing bug in the AMPDU status reporting.
      Max fixes the listen time which was way too long and causes trouble
      to several APs."
      
      Along with those, Bing Zhao marks the mwifiex_usb driver as _not_
      supporting USB autosuspend after a number of problems with that have
      been reported.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      48235515
    • Daniel Borkmann's avatar
      net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable · ec0223ec
      Daniel Borkmann authored
      RFC4895 introduced AUTH chunks for SCTP; during the SCTP
      handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS
      being optional though):
      
        ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
        <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
        -------------------- COOKIE-ECHO -------------------->
        <-------------------- COOKIE-ACK ---------------------
      
      A special case is when an endpoint requires COOKIE-ECHO
      chunks to be authenticated:
      
        ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
        <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
        ------------------ AUTH; COOKIE-ECHO ---------------->
        <-------------------- COOKIE-ACK ---------------------
      
      RFC4895, section 6.3. Receiving Authenticated Chunks says:
      
        The receiver MUST use the HMAC algorithm indicated in
        the HMAC Identifier field. If this algorithm was not
        specified by the receiver in the HMAC-ALGO parameter in
        the INIT or INIT-ACK chunk during association setup, the
        AUTH chunk and all the chunks after it MUST be discarded
        and an ERROR chunk SHOULD be sent with the error cause
        defined in Section 4.1. [...] If no endpoint pair shared
        key has been configured for that Shared Key Identifier,
        all authenticated chunks MUST be silently discarded. [...]
      
        When an endpoint requires COOKIE-ECHO chunks to be
        authenticated, some special procedures have to be followed
        because the reception of a COOKIE-ECHO chunk might result
        in the creation of an SCTP association. If a packet arrives
        containing an AUTH chunk as a first chunk, a COOKIE-ECHO
        chunk as the second chunk, and possibly more chunks after
        them, and the receiver does not have an STCB for that
        packet, then authentication is based on the contents of
        the COOKIE-ECHO chunk. In this situation, the receiver MUST
        authenticate the chunks in the packet by using the RANDOM
        parameters, CHUNKS parameters and HMAC_ALGO parameters
        obtained from the COOKIE-ECHO chunk, and possibly a local
        shared secret as inputs to the authentication procedure
        specified in Section 6.3. If authentication fails, then
        the packet is discarded. If the authentication is successful,
        the COOKIE-ECHO and all the chunks after the COOKIE-ECHO
        MUST be processed. If the receiver has an STCB, it MUST
        process the AUTH chunk as described above using the STCB
        from the existing association to authenticate the
        COOKIE-ECHO chunk and all the chunks after it. [...]
      
      Commit bbd0d598 introduced the possibility to receive
      and verification of AUTH chunk, including the edge case for
      authenticated COOKIE-ECHO. On reception of COOKIE-ECHO,
      the function sctp_sf_do_5_1D_ce() handles processing,
      unpacks and creates a new association if it passed sanity
      checks and also tests for authentication chunks being
      present. After a new association has been processed, it
      invokes sctp_process_init() on the new association and
      walks through the parameter list it received from the INIT
      chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO
      and SCTP_PARAM_CHUNKS, and copies them into asoc->peer
      meta data (peer_random, peer_hmacs, peer_chunks) in case
      sysctl -w net.sctp.auth_enable=1 is set. If in INIT's
      SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set,
      peer_random != NULL and peer_hmacs != NULL the peer is to be
      assumed asoc->peer.auth_capable=1, in any other case
      asoc->peer.auth_capable=0.
      
      Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is
      available, we set up a fake auth chunk and pass that on to
      sctp_sf_authenticate(), which at latest in
      sctp_auth_calculate_hmac() reliably dereferences a NULL pointer
      at position 0..0008 when setting up the crypto key in
      crypto_hash_setkey() by using asoc->asoc_shared_key that is
      NULL as condition key_id == asoc->active_key_id is true if
      the AUTH chunk was injected correctly from remote. This
      happens no matter what net.sctp.auth_enable sysctl says.
      
      The fix is to check for net->sctp.auth_enable and for
      asoc->peer.auth_capable before doing any operations like
      sctp_sf_authenticate() as no key is activated in
      sctp_auth_asoc_init_active_key() for each case.
      
      Now as RFC4895 section 6.3 states that if the used HMAC-ALGO
      passed from the INIT chunk was not used in the AUTH chunk, we
      SHOULD send an error; however in this case it would be better
      to just silently discard such a maliciously prepared handshake
      as we didn't even receive a parameter at all. Also, as our
      endpoint has no shared key configured, section 6.3 says that
      MUST silently discard, which we are doing from now onwards.
      
      Before calling sctp_sf_pdiscard(), we need not only to free
      the association, but also the chunk->auth_chunk skb, as
      commit bbd0d598 created a skb clone in that case.
      
      I have tested this locally by using netfilter's nfqueue and
      re-injecting packets into the local stack after maliciously
      modifying the INIT chunk (removing RANDOM; HMAC-ALGO param)
      and the SCTP packet containing the COOKIE_ECHO (injecting
      AUTH chunk before COOKIE_ECHO). Fixed with this patch applied.
      
      Fixes: bbd0d598 ("[SCTP]: Implement the receive and verification of AUTH chunk")
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Cc: Vlad Yasevich <yasevich@gmail.com>
      Cc: Neil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec0223ec
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-3.14-20140303' of git://gitorious.org/linux-can/linux-can · 82f19183
      David S. Miller authored
      linux-can-fixes-for-3.14-20140303
      
      Marc Kleine-Budde says:
      
      ====================
      this is a pull request of 8 patches. Oliver Hartkopp contributes a patch which
      removes the CAN FD compatibility for CAN 2.0 sockets, as it turns out that this
      compatibility has some conceptual cornercases. The remaining 7 patches are by
      me, they address a problem in the flexcan driver. When shutting down the
      interface ("ifconfig can0 down") under heavy network load the whole system will
      hang. This series reworks the actual sequence in close() and the transition
      from and to the low power modes of the CAN controller.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      82f19183
    • Xin Long's avatar
      ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer · 10ddceb2
      Xin Long authored
      when ip_tunnel process multicast packets, it may check if the packet is looped
      back packet though 'rt_is_output_route(skb_rtable(skb))' in ip_tunnel_rcv(),
      but before that , skb->_skb_refdst has been dropped in iptunnel_pull_header(),
      so which leads to a panic.
      
      fix the bug: https://bugzilla.kernel.org/show_bug.cgi?id=70681Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      10ddceb2
    • Schuyler Patton's avatar
      net: cpsw: fix cpdma rx descriptor leak on down interface · 3995d265
      Schuyler Patton authored
      This patch fixes a CPDMA RX Descriptor leak that occurs after taking
      the interface down when the CPSW is in Dual MAC mode. Previously
      the CPSW_ALE port was left open up which causes packets to be received
      and processed by the RX interrupt handler and were passed to the
      non active network interface where they were ignored.
      
      The fix is for the slave_stop function of the selected interface
      to disable the respective CPSW_ALE Port from forwarding packets. This
      blocks traffic from being received on the inactive interface.
      Signed-off-by: default avatarSchuyler Patton <spatton@ti.com>
      Reviewed-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarMugunthan V N <mugunthanvnm@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3995d265
    • Vasundhara Volam's avatar
      be2net: isolate TX workarounds not applicable to Skyhawk-R · ec495fac
      Vasundhara Volam authored
      Some of TX workarounds in be_xmit_workarounds() routine
      are not applicable (and result in HW errors) to Skyhawk-R chip.
      Isolate BE3-R/Lancer specific workarounds to a separate routine.
      Signed-off-by: default avatarVasundhara Volam <vasundhara.volam@emulex.com>
      Signed-off-by: default avatarSathya Perla <sathya.perla@emulex.com>
      Signed-off-by: default avatarSomnath Kotur <somnath.kotur@emulex.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec495fac
    • Vasundhara Volam's avatar
      be2net: Fix skb double free in be_xmit_wrokarounds() failure path · c9128951
      Vasundhara Volam authored
      skb_padto(), skb_share_check() and __vlan_put_tag() routines free
      skb when they return an error. This patch fixes be_xmit_workarounds()
      to not free skb again in such cases.
      Signed-off-by: default avatarVasundhara Volam <vasundhara.volam@emulex.com>
      Signed-off-by: default avatarSathya Perla <sathya.perla@emulex.com>
      Signed-off-by: default avatarSomnath Kotur <somnath.kotur@emulex.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c9128951