11 Oct, 2013
12 commits
-
Fengguang Wu, Oleg Nesterov and Peter Zijlstra tracked down
a kernel crash to a GCC bug: GCC miscompiles certain 'asm goto'
constructs, as outlined here:http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
Implement a workaround suggested by Jakub Jelinek.
Reported-and-tested-by: Fengguang Wu
Reported-by: Oleg Nesterov
Reported-by: Peter Zijlstra
Suggested-by: Jakub Jelinek
Reviewed-by: Richard Henderson
Cc: Linus Torvalds
Cc: Andrew Morton
Cc:
Signed-off-by: Ingo Molnar -
Commit c0f04d88e46d ("bcache: Fix flushes in writeback mode") was fixing
a reported data corruption bug, but it seems some last minute
refactoring or rebasing introduced a null pointer deref.Signed-off-by: Kent Overstreet
Cc: linux-stable # >= v3.10
Reported-by: Gabriel de Perthuis
Signed-off-by: Linus Torvalds -
Pull hwmon fix from Guenter Roeck:
"Fix root cause of crash/error seen in applesmc driver"* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (applesmc) Always read until end of data -
Pull kbuild fix from Michal Marek:
"Here is an ARM Makefile fix that you even acked. After nobody wanted
to take it, it ended up in the kbuild tree"* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
arm, kbuild: make "make install" not depend on vmlinux -
Pull watchdog fix from Wim Van Sebroeck:
"Make sure that the hpwdt driver will not load auxilary iLO devices"* git://www.linux-watchdog.org/linux-watchdog:
watchdog: hpwdt: Patch to ignore auxilary iLO devices -
Useful for locating buggy drivers on kernel oops.
It may add dozens of new lines to boot dmesg. DEBUG_KOBJECT_RELEASE is
hopefully only enabled in debug kernels (like maybe the Fedora rawhide
one, or at developers), so being a bit more verbose is likely ok.Acked-by: Russell King
Cc: Greg Kroah-Hartman
Signed-off-by: Fengguang Wu
Signed-off-by: Linus Torvalds -
This patch is to prevent hpwdt from loading on any auxilary iLO devices defined
after the initial (or main) iLO device. All auxilary iLO devices will have a
subsystem device ID set to 0x1979 in order for hpwdt to differentiate between
the two types.Signed-off-by: Thomas Mingarelli
Tested-by: Lisa Mitchell
Signed-off-by: Wim Van Sebroeck -
Pull /dev/random changes from Ted Ts'o:
"These patches are designed to enable improvements to /dev/random for
non-x86 platforms, in particular MIPS and ARM"* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
random: allow architectures to optionally define random_get_entropy()
random: run random_int_secret_init() run after all late_initcalls -
Pull kvm fixes from Paolo Bonzini:
"Fixes for 3.12-rc5: two old PPC bugs and one new (3.12-rc2) x86 bug"* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: ppc: booke: check range page invalidation progress on page setup
KVM: PPC: Book3S HV: Fix typo in saving DSCR
KVM: nVMX: fix shadow on EPT -
Pull spi fixes from Mark Brown:
"This is all driver updates, mostly fixes for error handling paths
except for the s3c64xx and hspi fixes for trying to use runtime PM
before it is enabled and the pxa2xx fix for interactions between power
management and interrupt handling"* tag 'spi-v3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: atmel: Fix incorrect error path
spi/hspi: fixup Runtime PM enable timing
spi/s3c64xx: Ensure runtime PM is enabled prior to registration
spi/clps711x: drop clk_put for devm_clk_get in spi_clps711x_probe()
spi: fix return value check in dspi_probe()
spi: mpc512x: fix error return code in mpc512x_psc_spi_do_probe()
spi: clps711x: Don't call kfree() after spi_master_put/spi_unregister_master
spi/pxa2xx: check status register as well to determine if the device is off -
Allow architectures which have a disabled get_cycles() function to
provide a random_get_entropy() function which provides a fine-grained,
rapidly changing counter that can be used by the /dev/random driver.For example, an architecture might have a rapidly changing register
used to control random TLB cache eviction, or DRAM refresh that
doesn't meet the requirements of get_cycles(), but which is good
enough for the needs of the random driver.Signed-off-by: "Theodore Ts'o"
Cc: stable@vger.kernel.org -
Pull MTD fixes from Brian Norris:
- fix a small memory leak in some new ONFI code
- account for additional odd variations of Micron SPI flashAcked by David Woodhouse.
* tag 'for-linus-20131008' of git://git.infradead.org/linux-mtd:
mtd: m25p80: Fix 4 byte addressing mode for Micron devices.
mtd: nand: fix memory leak in ONFI extended parameter page
10 Oct, 2013
4 commits
-
When the MM code is invalidating a range of pages, it calls the KVM
kvm_mmu_notifier_invalidate_range_start() notifier function, which calls
kvm_unmap_hva_range(), which arranges to flush all the TLBs for guest pages.
However, the Linux PTEs for the range being flushed are still valid at
that point. We are not supposed to establish any new references to pages
in the range until the ...range_end() notifier gets called.
The PPC-specific KVM code doesn't get any explicit notification of that;
instead, we are supposed to use mmu_notifier_retry() to test whether we
are or have been inside a range flush notifier pair while we have been
referencing a page.This patch calls the mmu_notifier_retry() while mapping the guest
page to ensure we are not referencing a page when in range invalidation.This call is inside a region locked with kvm->mmu_lock, which is the
same lock that is called by the KVM MMU notifier functions, thus
ensuring that no new notification can proceed while we are in the
locked region.Signed-off-by: Bharat Bhushan
Acked-by: Alexander Graf
[Backported to 3.12 - Paolo]
Reviewed-by: Bharat Bhushan
Signed-off-by: Paolo Bonzini -
This fixes a typo in the code that saves the guest DSCR (Data Stream
Control Register) into the kvm_vcpu_arch struct on guest exit. The
effect of the typo was that the DSCR value was saved in the wrong place,
so changes to the DSCR by the guest didn't persist across guest exit
and entry, and some host kernel memory got corrupted.Cc: stable@vger.kernel.org [v3.1+]
Signed-off-by: Paul Mackerras
Acked-by: Alexander Graf
Signed-off-by: Paolo Bonzini -
72f857950f6f19 broke shadow on EPT. This patch reverts it and fixes PAE
on nEPT (which reverted commit fixed) in other way.Shadow on EPT is now broken because while L1 builds shadow page table
for L2 (which is PAE while L2 is in real mode) it never loads L2's
GUEST_PDPTR[0-3]. They do not need to be loaded because without nested
virtualization HW does this during guest entry if EPT is disabled,
but in our case L0 emulates L2's vmentry while EPT is enables, so we
cannot rely on vmcs12->guest_pdptr[0-3] to contain up-to-date values
and need to re-read PDPTEs from L2 memory. This is what kvm_set_cr3()
is doing, but by clearing cache bits during L2 vmentry we drop values
that kvm_set_cr3() read from memory.So why the same code does not work for PAE on nEPT? kvm_set_cr3()
reads pdptes into vcpu->arch.walk_mmu->pdptrs[]. walk_mmu points to
vcpu->arch.nested_mmu while nested guest is running, but ept_load_pdptrs()
uses vcpu->arch.mmu which contain incorrect values. Fix that by using
walk_mmu in ept_(load|save)_pdptrs.Signed-off-by: Gleb Natapov
Reviewed-by: Paolo Bonzini
Tested-by: Paolo Bonzini
Signed-off-by: Paolo Bonzini -
The crash reported and investigated in commit 5f4513 turned out to be
caused by a change to the read interface on newer (2012) SMCs.Tests by Chris show that simply reading the data valid line is enough
for the problem to go away. Additional tests show that the newer SMCs
no longer wait for the number of requested bytes, but start sending
data right away. Apparently the number of bytes to read is no longer
specified as before, but instead found out by reading until end of
data. Failure to read until end of data confuses the state machine,
which eventually causes the crash.As a remedy, assuming bit0 is the read valid line, make sure there is
nothing more to read before leaving the read function.Tested to resolve the original problem, and runtested on MBA3,1,
MBP4,1, MBP8,2, MBP10,1, MBP10,2. The patch seems to have no effect on
machines before 2012.Tested-by: Chris Murphy
Cc: stable@vger.kernel.org
Signed-off-by: Henrik Rydberg
Signed-off-by: Guenter Roeck
09 Oct, 2013
1 commit
-
Pull perf fixes from Ingo Molnar:
"Various fixlets:On the kernel side:
- fix a race
- fix a bug in the handling of the perf ring-buffer data pageOn the tooling side:
- fix the handling of certain corrupted perf.data files
- fix a bug in 'perf probe'
- fix a bug in 'perf record + perf sched'
- fix a bug in 'make install'
- fix a bug in libaudit feature-detection on certain distros"* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf session: Fix infinite loop on invalid perf.data file
perf tools: Fix installation of libexec components
perf probe: Fix to find line information for probe list
perf tools: Fix libaudit test
perf stat: Set child_pid after perf_evlist__prepare_workload()
perf tools: Add default handler for mmap2 events
perf/x86: Clean up cap_user_time* setting
perf: Fix perf_pmu_migrate_context
08 Oct, 2013
4 commits
-
…it/acme/linux into perf/urgent
Pull perf/urgent fixes from Arnaldo Carvalho de Melo:
* The libaudit test was failing in some systems due to a unescaped newline, fix
it so that the 'trace' tool can be built in such systems.* Fix installation of libexec components.
* Add default handler for mmap2 events so that tools that don't explicitely
define an MMAP2 handler don't crash, fix from David Ahern.* Fix to find line information for probe list, from Masami Hiramatsu.
* Set child_pid after perf_evlist__prepare_workload(), fix from Namhyung Kim.
* Fix infinite loop on invalid perf.data file, from Namhyung Kim.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org> -
irq_exit() is now called on the irq stack, which can trigger a switch to
the softirq stack from the irq stack. If an interrupt happens at that
point, we will not properly detect the re-entrancy and clobber the
original return context on the irq stack.This fixes it. The side effect is to prevent all nesting from softirq
stack to irq stack even in the "safe" case but it's simpler that way and
matches what x86_64 does.Reported-by: Cédric Le Goater
Tested-by: Cédric Le Goater
Signed-off-by: Benjamin Herrenschmidt
Signed-off-by: Linus Torvalds -
Pull HID fixes from Jiri Kosina:
- fix for hidraw reference counting regression, by Manoj Chourasia
- fix for minor number allocation for uhid, by David Herrmann
- other small unsorted fixes / device ID additions* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: wiimote: fix FF deadlock
HID: add Holtek USB ID 04d9:a081 SHARKOON DarkGlider
HID: hidraw: close underlying device at removal of last reader
HID: roccat: Fix "cannot create duplicate filename" problems
HID: uhid: allocate static minor -
Pull Tile bugfixes from Chris Metcalf:
"This fixes some serious issues with PREEMPT support, and a couple of
smaller corner-case issues fixed in the last couple of weeks"* 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
arch: tile: re-use kbasename() helper
tile: use a more conservative __my_cpu_offset in CONFIG_PREEMPT
tile: ensure interrupts disabled for preempt_schedule_irq()
tile: change lock initalization in hardwall
tile: include: asm: use 'long long' instead of 'u64' for atomic64_t and its related functions
07 Oct, 2013
13 commits
-
The input core has an internal spinlock that is acquired during event
injection via input_event() and friends but also held during FF callbacks.
That means, there is no way to share a lock between event-injection and FF
handling. Unfortunately, this is what is required for wiimote state
tracking and what we do with state.lock and input->lock.This deadlock can be triggered when using continuous data reporting and FF
on a wiimote device at the same time. I takes me at least 30m of
stress-testing to trigger it but users reported considerably shorter
times (http://bpaste.net/show/132504/) when using some gaming-console
emulators.The real problem is that we have two copies of internal state, one in the
wiimote objects and the other in the input device. As the input-lock is
not supposed to be accessed from outside of input-core, we have no other
chance than offloading FF handling into a worker. This actually works
pretty nice and also allows to implictly merge fast rumble changes into a
single request.Due to the 3-layered workers (rumble+queue+l2cap) this might reduce FF
responsiveness. Initial tests were fine so lets fix the race first and if
it turns out to be too slow we can always handle FF out-of-band and skip
the queue-worker.Cc: # 3.11+
Reported-by: Thomas Schneider
Signed-off-by: David Herrmann
Signed-off-by: Jiri Kosina -
'irq' was not released when clk_prepare_enable failed.
Fix it.Signed-off-by: Sachin Kamat
Acked-by: Nicolas Ferre
Signed-off-by: Mark Brown -
Pull s390 fixes from Martin Schwidefsky:
"A couple of bux fixes, notable are the regression with ptrace vs
restarting system calls and the patch for kdump to be able to copy
from virtual memory"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390: fix system call restart after inferior call
s390: Allow vmalloc target buffers for copy_from_oldmem()
s390/sclp: properly detect line mode console
s390/kprobes: add exrl to list of prohibited opcodes
s390/3270: fix return value check in tty3270_resize_work() -
Modify the code to use current_euid(), and in_egroup_p, as in done
in fs/proc/proc_sysctl.c:test_perm()Cc: stable@vger.kernel.org
Reviewed-by: Eric Sandeen
Reported-by: Eric Sandeen
Signed-off-by: "Eric W. Biederman"
Signed-off-by: Linus Torvalds -
Pull SCSI target fixes from Nicholas Bellinger:
"Here are the outstanding target fixes queued up for v3.12-rc4 code.The highlights include:
- Make vhost/scsi tag percpu_ida_alloc() use GFP_ATOMIC
- Allow sess_cmd_map allocation failure fallback to use vzalloc
- Fix COMPARE_AND_WRITE se_cmd->data_length bug with FILEIO backends
- Fixes for COMPARE_AND_WRITE callback recursive failure OOPs + non
zero scsi_status bug
- Make iscsi-target do acknowledgement tag release from RX context
- Setup iscsi-target with extra (cmdsn_depth / 2) percpu_ida tagsAlso included is a iscsi-target patch CC'ed for v3.10+ that avoids
legacy wait_for_task=true release during fast-past StatSN
acknowledgement, and two other SRP target related patches that address
long-standing issues that are CC'ed for v3.3+.Extra thanks to Thomas Glanzmann for his testing feedback with
COMPARE_AND_WRITE + EXTENDED_COPY VAAI logic"* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
iscsi-target; Allow an extra tag_num / 2 number of percpu_ida tags
iscsi-target: Perform release of acknowledged tags from RX context
iscsi-target: Only perform wait_for_tasks when performing shutdown
target: Fail on non zero scsi_status in compare_and_write_callback
target: Fix recursive COMPARE_AND_WRITE callback failure
target: Reset data_length for COMPARE_AND_WRITE to NoLB * block_size
ib_srpt: always set response for task management
target: Fall back to vzalloc upon ->sess_cmd_map kzalloc failure
vhost/scsi: Use GFP_ATOMIC with percpu_ida_alloc for obtaining tag
ib_srpt: Destroy cm_id before destroying QP.
target: Fix xop->dbl assignment in target_xcopy_parse_segdesc_02 -
Pull slave-dmaengine fixes from Vinod Koul:
"Here is the slave dmanegine fixes. We have the fix for deadlock issue
on imx-dma by Michael and Josh's edma config fix along with author
change"* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: imx-dma: fix callback path in tasklet
dmaengine: imx-dma: fix lockdep issue between irqhandler and tasklet
dmaengine: imx-dma: fix slow path issue in prep_dma_cyclic
dma/Kconfig: Make TI_EDMA select TI_PRIV_EDMA
edma: Update author email address
06 Oct, 2013
5 commits
-
Pull btrfs fixes from Chris Mason:
"This is a small collection of fixes, including a regression fix from
Liu Bo that solves rare crashes with compression on.I've merged my for-linus up to 3.12-rc3 because the top commit is only
meant for 3.12. The rest of the fixes are also available in my master
branch on top of my last 3.11 based pull"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
btrfs: Fix crash due to not allocating integrity data for a bioset
Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing
Btrfs: eliminate races in worker stopping code
Btrfs: fix crash of compressed writes
Btrfs: fix transid verify errors when recovering log tree -
Pull GPIO fixes from Linus Walleij:
"Two patches for the OMAP driver, dealing with setting up IRQs properly
on the device tree boot path"* tag 'gpio-v3.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio/omap: auto-setup a GPIO when used as an IRQ
gpio/omap: maintain GPIO and IRQ usage separately -
Pull USB fixes from Greg KH:
"Here are none fixes for various USB driver problems. The majority are
gadget/musb fixes, but there are some new device ids in here as well"* tag 'usb-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
usb: chipidea: add Intel Clovertrail pci id
usb: gadget: s3c-hsotg: fix can_write limit for non-periodic endpoints
usb: gadget: f_fs: fix error handling
usb: musb: dsps: do not bind to "musb-hdrc"
USB: serial: option: Ignore card reader interface on Huawei E1750
usb: musb: gadget: fix otg active status flag
usb: phy: gpio-vbus: fix deferred probe from __init
usb: gadget: pxa25x_udc: fix deferred probe from __init
usb: musb: fix otg default state -
Pull tty fixes from Greg KH:
"Here are two tty driver fixes for 3.12-rc4.One fixes the reported regression in the n_tty code that a number of
people found recently, and the other one fixes an issue with xen
consoles that broke in 3.10"* tag 'tty-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
xen/hvc: allow xenboot console to be used again
tty: Fix pty master read() after slave closes -
Pull staging fixes from Greg KH:
"Here are 4 tiny staging and iio driver fixes for 3.12-rc4. Nothing
major, just some small fixes for reported issues"* tag 'staging-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
iio:magnetometer: Bugfix magnetometer default output registers
iio: Remove debugfs entries in iio_device_unregister()
iio: amplifiers: ad8366: Remove regulator_put
05 Oct, 2013
1 commit
-
When btrfs creates a bioset, we must also allocate the integrity data pool.
Otherwise btrfs will crash when it tries to submit a bio to a checksumming
disk:BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
IP: [] mempool_alloc+0x4a/0x150
PGD 2305e4067 PUD 23063d067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: btrfs scsi_debug xfs ext4 jbd2 ext3 jbd mbcache
sch_fq_codel eeprom lpc_ich mfd_core nfsd exportfs auth_rpcgss af_packet
raid6_pq xor zlib_deflate libcrc32c [last unloaded: scsi_debug]
CPU: 1 PID: 4486 Comm: mount Not tainted 3.12.0-rc1-mcsum #2
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff8802451c9720 ti: ffff880230698000 task.ti: ffff880230698000
RIP: 0010:[] [] mempool_alloc+0x4a/0x150
RSP: 0018:ffff880230699688 EFLAGS: 00010286
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000005f8445
RDX: 0000000000000001 RSI: 0000000000000010 RDI: 0000000000000000
RBP: ffff8802306996f8 R08: 0000000000011200 R09: 0000000000000008
R10: 0000000000000020 R11: ffff88009d6e8000 R12: 0000000000011210
R13: 0000000000000030 R14: ffff8802306996b8 R15: ffff8802451c9720
FS: 00007f25b8a16800(0000) GS:ffff88024fc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000018 CR3: 0000000230576000 CR4: 00000000000007e0
Stack:
ffff8802451c9720 0000000000000002 ffffffff81a97100 0000000000281250
ffffffff81a96480 ffff88024fc99150 ffff880228d18200 0000000000000000
0000000000000000 0000000000000040 ffff880230e8c2e8 ffff8802459dc900
Call Trace:
[] bio_integrity_alloc+0x48/0x1b0
[] bio_integrity_prep+0xac/0x360
[] ? mempool_alloc+0x58/0x150
[] ? alloc_extent_state+0x31/0x110 [btrfs]
[] blk_queue_bio+0x1c9/0x460
[] generic_make_request+0xca/0x100
[] submit_bio+0x79/0x160
[] btrfs_map_bio+0x48e/0x5b0 [btrfs]
[] btree_submit_bio_hook+0xda/0x110 [btrfs]
[] submit_one_bio+0x6a/0xa0 [btrfs]
[] read_extent_buffer_pages+0x250/0x310 [btrfs]
[] ? __radix_tree_preload+0x66/0xf0
[] ? radix_tree_insert+0x95/0x260
[] btree_read_extent_buffer_pages.constprop.128+0xb6/0x120
[btrfs]
[] read_tree_block+0x3a/0x60 [btrfs]
[] open_ctree+0x139d/0x2030 [btrfs]
[] btrfs_mount+0x53a/0x7d0 [btrfs]
[] ? pcpu_alloc+0x8eb/0x9f0
[] ? __kmalloc_track_caller+0x35/0x1e0
[] mount_fs+0x20/0xd0
[] vfs_kern_mount+0x76/0x120
[] do_mount+0x200/0xa40
[] ? strndup_user+0x5b/0x80
[] SyS_mount+0x90/0xe0
[] system_call_fastpath+0x1a/0x1f
Code: 4c 8d 75 a8 4c 89 6d e8 45 89 e0 4c 8d 6f 30 48 89 5d d8 41 83 e0 af 48
89 fb 49 83 c6 18 4c 89 7d f8 65 4c 8b 3c 25 c0 b8 00 00 8b 73 18 44 89 c7
44 89 45 98 ff 53 20 48 85 c0 48 89 c2 74
RIP [] mempool_alloc+0x4a/0x150
RSP
CR2: 0000000000000018
---[ end trace 7a96042017ed21e2 ]---Signed-off-by: Darrick J. Wong
Signed-off-by: Josef Bacik
Signed-off-by: Chris Mason
