Commit Graph

427127 Commits

Author SHA1 Message Date
Linus Torvalds
d8efcf38b1 Three x86 fixes and one for ARM/ARM64. In particular, nested
virtualization on Intel is broken in 3.13 and fixed by this
 pull request.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTEIYBAAoJEBvWZb6bTYbyv7AP/iOE8ybTr7MSfZPTF4Ip13o+
 rvzlnzUtDMsZAN5dZAXhsR3lPeXygjTmeI6FWdiVwdalp9wpg2FLAZ0BDj8KIg0r
 cAINYOmJ0jhC1mTOfMJghsrE9b1aaXwWVSlXkivzyIrPJCZFlqDKOXleHJXyqNTY
 g259tPI8VWS7Efell9NclUNXCdD4g6wG/RdEjumjv9JLiXlDVviXvzvIEl/S3Ud1
 D2xxX7vvGHikyTwuls/bWzJzzRRlsb1VVOOQtBuC9NyaAY7bpQjGQvo6XzxowtIZ
 h4F4iU/umln5WcDiJU8XXiV/TOCVzqgdLk3Pr5Kgv3yO8/XbE/CcnyJmeaSgMoJB
 i7vJ6tUX5mfGsLNxfshXw0RsY/y9KMLnbt62eiPImWBxgpDZNxKpAqCA7GsOb87g
 Vjzl3poEwe+5eN6Usbpd78rRgfgbbZF+Pf2qsphtQhFQGaogz1Ltz0B0hY3MYxx3
 y9OJMJyt1MI4+hvvdjhSnmIo6APwuGSr+hhdKCPSlMiWJun2XRHXTHBNAS+dsjgs
 Sx2Bzao/lki5l7y9Ea1fR4yerigbFJF4L1iV04sSbsoh0I/nN5qjXFrc22Ju0i3i
 uIrVwfSSdX4HQwQYdBGKQQRGq/W0wOjEDoA5qZmxg3s4j8KSd7ooBtRk/VepVH7E
 kaUrekJ+KWs/sVNW2MtU
 =zQTn
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Three x86 fixes and one for ARM/ARM64.

  In particular, nested virtualization on Intel is broken in 3.13 and
  fixed by this pull request"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  kvm, vmx: Really fix lazy FPU on nested guest
  kvm: x86: fix emulator buffer overflow (CVE-2014-0049)
  arm/arm64: KVM: detect CPU reset on CPU_PM_EXIT
  KVM: MMU: drop read-only large sptes when creating lower level sptes
2014-02-28 11:45:03 -08:00
Linus Torvalds
78d9e93440 - !CONFIG_SMP build fix
- pte bit testing macros conversion fix (int truncates top bits of long)
 - stack unwinding PC calculation fix
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
 iQIcBAABAgAGBQJTEMWxAAoJEGvWsS0AyF7xHWYP/R2Q8fpOqbT5j0RWghNMq97Y
 9TnvQk7LZ2kztWxm3//iXIKkhyq+68ggzofNLYqIg9TPPVTeFUzatMO0iRMwLmL3
 uvgDkD4UwgVAZQutP9q/NQhcHO5L6tH91oXGZPw0jAnK40VI8jBllZaJus8+FaGR
 LHhZ0gRU0V5r69956UKLFY7sHTdnskr9W4lsDAWpOJDaDHuriVK+BkvxHl+hHO0I
 3YlYQ9FTMgUdq0nLL0h0LpT3WZVXdA3HzP2vReL9pk7uqghrYFUrrTlKu0c6kfrk
 0inHoJESvw4+q1ehzJHkOxHpTeUFcuUyPLooAmS58wzKLKkoY3S9s2VGcwsS7Wp5
 pRyq8RJmnY1dAh4El70xLu73NtKg0/z2+bo0UPCV6CLALa7daw9MFnb1P2zeXkHK
 QacOCgfVwNyli/o/IeWblbyyykA3J7e1J3UK5N5E4qOGZGOMIThKKUfKXvhJTVKq
 bhQKhe0sHP5V9D54EzZcGhWTTfsKXrUcG53SGgkMXGSFdZtJMa4HHzEe7dRwHc+R
 h5P4Zb53v9HEGYQjIiUVB3I0vrzAJmBE3rTR4/M8oAB2FRvNRSQQfnqQR4MZtA2i
 Oi2EMftNB/r+xzFabxCup/lnMa22PttTToAHDBcE6EHeOHveuuiEfaFbv16hoLub
 05SeCU7CjMSMlt6ufB8d
 =kzwj
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull ARM64 fixes from Catalin Marinas:
 - !CONFIG_SMP build fix
 - pte bit testing macros conversion fix (int truncates top bits of
   long)
 - stack unwinding PC calculation fix

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: Fix !CONFIG_SMP kernel build
  arm64: mm: Add double logical invert to pte accessors
  ARM64: unwind: Fix PC calculation
2014-02-28 11:43:42 -08:00
Linus Torvalds
f94def7602 Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
Pull powerpc fixes from Ben Herrenschmidt:
 "Here are a few more powerpc fixes for 3.14.

  Most of these are also CC'ed to stable and fix bugs in new
  functionality introduced in the last 2 or 3 versions"

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc/powernv: Fix indirect XSCOM unmangling
  powerpc/powernv: Fix opal_xscom_{read,write} prototype
  powerpc/powernv: Refactor PHB diag-data dump
  powerpc/powernv: Dump PHB diag-data immediately
  powerpc: Increase stack redzone for 64-bit userspace to 512 bytes
  powerpc/ftrace: bugfix for test_24bit_addr
  powerpc/crashdump : Fix page frame number check in copy_oldmem_page
  powerpc/le: Ensure that the 'stop-self' RTAS token is handled correctly
2014-02-28 11:42:33 -08:00
Catalin Marinas
b57fc9e806 arm64: Fix !CONFIG_SMP kernel build
Commit fb4a96029c (arm64: kernel: fix per-cpu offset restore on
resume) uses per_cpu_offset() unconditionally during CPU wakeup,
however, this is only defined for the SMP case.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Dave P Martin <Dave.Martin@arm.com>
2014-02-28 16:12:25 +00:00
Steve Capper
84fe6826c2 arm64: mm: Add double logical invert to pte accessors
Page table entries on ARM64 are 64 bits, and some pte functions such as
pte_dirty return a bitwise-and of a flag with the pte value. If the
flag to be tested resides in the upper 32 bits of the pte, then we run
into the danger of the result being dropped if downcast.

For example:
	gather_stats(page, md, pte_dirty(*pte), 1);
where pte_dirty(*pte) is downcast to an int.

This patch adds a double logical invert to all the pte_ accessors to
ensure predictable downcasting.

Signed-off-by: Steve Capper <steve.capper@linaro.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-02-28 15:44:19 +00:00
Benjamin Herrenschmidt
e0cf957614 powerpc/powernv: Fix indirect XSCOM unmangling
We need to unmangle the full address, not just the register
number, and we also need to support the real indirect bit
being set for in-kernel uses.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
CC: <stable@vger.kernel.org> [v3.13]
2014-02-28 19:15:49 +11:00
Benjamin Herrenschmidt
2f3f38e4d3 powerpc/powernv: Fix opal_xscom_{read,write} prototype
The OPAL firmware functions opal_xscom_read and opal_xscom_write
take a 64-bit argument for the XSCOM (PCB) address in order to
support the indirect mode on P8.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
CC: <stable@vger.kernel.org> [v3.13]
2014-02-28 19:15:48 +11:00
Gavin Shan
af87d2fe95 powerpc/powernv: Refactor PHB diag-data dump
As Ben suggested, the patch prints PHB diag-data with multiple
fields in one line and omits the line if the fields of that
line are all zero.

With the patch applied, the PHB3 diag-data dump looks like:

PHB3 PHB#3 Diag-data (Version: 1)

  brdgCtl:     00000002
  RootSts:     0000000f 00400000 b0830008 00100147 00002000
  nFir:        0000000000000000 0030006e00000000 0000000000000000
  PhbSts:      0000001c00000000 0000000000000000
  Lem:         0000000000100000 42498e327f502eae 0000000000000000
  InAErr:      8000000000000000 8000000000000000 0402030000000000 0000000000000000
  PE[  8] A/B: 8480002b00000000 8000000000000000

[ The current diag data is so big that it overflows the printk
  buffer pretty quickly in cases when we get a handful of errors
  at once which can happen. --BenH
]

Signed-off-by: Gavin Shan <shangw@linux.vnet.ibm.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2014-02-28 18:43:19 +11:00
Gavin Shan
9471660437 powerpc/powernv: Dump PHB diag-data immediately
The PHB diag-data is important to help locating the root cause for
EEH errors such as frozen PE or fenced PHB. However, the EEH core
enables IO path by clearing part of HW registers before collecting
this data causing it to be corrupted.

This patch fixes this by dumping the PHB diag-data immediately when
frozen/fenced state on PE or PHB is detected for the first time in
eeh_ops::get_state() or next_error() backend.

Signed-off-by: Gavin Shan <shangw@linux.vnet.ibm.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2014-02-28 18:43:10 +11:00
Paul Mackerras
573ebfa660 powerpc: Increase stack redzone for 64-bit userspace to 512 bytes
The new ELFv2 little-endian ABI increases the stack redzone -- the
area below the stack pointer that can be used for storing data --
from 288 bytes to 512 bytes.  This means that we need to allow more
space on the user stack when delivering a signal to a 64-bit process.

To make the code a bit clearer, we define new USER_REDZONE_SIZE and
KERNEL_REDZONE_SIZE symbols in ptrace.h.  For now, we leave the
kernel redzone size at 288 bytes, since increasing it to 512 bytes
would increase the size of interrupt stack frames correspondingly.

Gcc currently only makes use of 288 bytes of redzone even when
compiling for the new little-endian ABI, and the kernel cannot
currently be compiled with the new ABI anyway.

In the future, hopefully gcc will provide an option to control the
amount of redzone used, and then we could reduce it even more.

This also changes the code in arch_compat_alloc_user_space() to
preserve the expanded redzone.  It is not clear why this function would
ever be used on a 64-bit process, though.

Signed-off-by: Paul Mackerras <paulus@samba.org>
CC: <stable@vger.kernel.org> [v3.13]
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2014-02-28 18:06:26 +11:00
Liu Ping Fan
a95fc58549 powerpc/ftrace: bugfix for test_24bit_addr
The branch target should be the func addr, not the addr of func_descr_t.
So using ppc_function_entry() to generate the right target addr.

Signed-off-by: Liu Ping Fan <pingfank@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2014-02-28 18:06:25 +11:00
Laurent Dufour
f5295bd8ea powerpc/crashdump : Fix page frame number check in copy_oldmem_page
In copy_oldmem_page, the current check using max_pfn and min_low_pfn to
decide if the page is backed or not, is not valid when the memory layout is
not continuous.

This happens when running as a QEMU/KVM guest, where RTAS is mapped higher
in the memory. In that case max_pfn points to the end of RTAS, and a hole
between the end of the kdump kernel and RTAS is not backed by PTEs. As a
consequence, the kdump kernel is crashing in copy_oldmem_page when accessing
in a direct way the pages in that hole.

This fix relies on the memblock's service memblock_is_region_memory to
check if the read page is part or not of the directly accessible memory.

Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Tested-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2014-02-28 18:06:25 +11:00
Tony Breeds
41dd03a94c powerpc/le: Ensure that the 'stop-self' RTAS token is handled correctly
Currently we're storing a host endian RTAS token in
rtas_stop_self_args.token.  We then pass that directly to rtas.  This is
fine on big endian however on little endian the token is not what we
expect.

This will typically result in hitting:
	panic("Alas, I survived.\n");

To fix this we always use the stop-self token in host order and always
convert it to be32 before passing this to rtas.

Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2014-02-28 18:06:24 +11:00
Paolo Bonzini
1b385cbdd7 kvm, vmx: Really fix lazy FPU on nested guest
Commit e504c9098e (kvm, vmx: Fix lazy FPU on nested guest, 2013-11-13)
highlighted a real problem, but the fix was subtly wrong.

nested_read_cr0 is the CR0 as read by L2, but here we want to look at
the CR0 value reflecting L1's setup.  In other words, L2 might think
that TS=0 (so nested_read_cr0 has the bit clear); but if L1 is actually
running it with TS=1, we should inject the fault into L1.

The effective value of CR0 in L2 is contained in vmcs12->guest_cr0, use
it.

Fixes: e504c9098e
Reported-by: Kashyap Chamarty <kchamart@redhat.com>
Reported-by: Stefan Bader <stefan.bader@canonical.com>
Tested-by: Kashyap Chamarty <kchamart@redhat.com>
Tested-by: Anthoine Bourgeois <bourgeois@bertin.fr>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-02-27 22:54:11 +01:00
Linus Torvalds
86c7654f4a Metag arch and asm-generic fixes for v3.14
- Add the new sched_setattr/sched_getattr syscalls to the asm-generic
   syscall list, which is used by arc, arm64, c6x, hexagon, metag,
   openrisc, score, tile, and unicore32.
 
 - An IRQ affinity bug fix for metag to prevent interrupts being vectored
   to offline CPUs when their affinity is changed via /proc/irq/ (thanks
   tglx).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQIcBAABAgAGBQJTDwkFAAoJEKHZs+irPybfR/wP/RP4hhdad9i+Poc86PAj0vGT
 6KyNgUifceh9WfQbHom84GvBnhLB66J2Uc4uUX6F+xdUmPUvhhn4Nac39c4exMnf
 klWoqcKkm8jb1kGLVuUdlgSssqLudEca/C5ArbOpZfvVwQxFf+WNpyWUNsNlvS/I
 M1chio/jyWewVq2K4CmB/ZdoQ8lC7EVKH1FwCuMOsV9h7M32eqvpQgopSiKnKFw1
 0o9a775PUvEK9PvEMa16ALShjch72ATFM9cVgFULr9M3BjHCn2H/jaNBzAhBLGSa
 +sAcgFBQumLrK1HqyThW7Fm5rXQwMuru3nHYevBFXwLKrVSMjqN+tfCEY4oLGwSz
 ywGc0rqNR7AuBzL/dnsjdBNhg30rvMIvWb/F6o/SM2IJNvnQjNJbKA97qdCqOevH
 hpyycx/zAbEtX/8hsPHRkCNg9+Ms0wcH9NJ8u5ul24WVAd1rYCcgmHWNdIFpkE9G
 fA6qckAye9/3xREi7gA50sl02Dxq4xyYaAfv72lOLEy+MIK/e8xMJL+PuI2eVt+g
 J0AsjmuVNuNPK64eohmBBgXsS+7czMTuaHvHOCP6897bipUHAzx//UC347WOar1p
 LvbLUpK9T5YGUxfoZ/ZlD8hi9myxKqIFNJnfJRwIhMpkYebFkqOsYRYXuZ6zPtDT
 haQisQWsM7eLTMe9qRr+
 =fVZo
 -----END PGP SIGNATURE-----

Merge tag 'metag-fixes-v3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag

Pull Metag arch and asm-generic fixes from James Hogan:

 - Add the new sched_setattr/sched_getattr syscalls to the asm-generic
   syscall list, which is used by arc, arm64, c6x, hexagon, metag,
  openrisc, score, tile, and unicore32.

 - An IRQ affinity bug fix for metag to prevent interrupts being
   vectored to offline CPUs when their affinity is changed via
   /proc/irq/ (thanks tglx).

* tag 'metag-fixes-v3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag:
  irq-metag*: stop set_affinity vectoring to offline cpus
  asm-generic: add sched_setattr/sched_getattr syscalls
2014-02-27 10:54:52 -08:00
Linus Torvalds
3ebd3da699 pwm: Fixes for v3.14-rc5
Just a single trivial patch to plug a memory leak in an error path.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTDgK7AAoJEN0jrNd/PrOh6c4P/iBytP1gTlfTjleUO5/2n0vt
 ILn6JWPoYx9hP+Zt+rjGqezIHAc60exGyANJOf8T+/BU9moHVHK9uCEzEu0vP8SR
 qQyVxhXC55xL/6aHrQWtD47q13PNG989MGC4W/jWkPHbvtxg0YzWAu/Nq12ueZA8
 vmkQKLVBG1Z9YQ9u1c4H4cP5XkLCZWTZAnImpcX35Nop74bTtOg+izoWm+3Yrt+K
 vHlonTE7DsYdrjDoD+c0b1FjE7F376ywJAh9zEJox0OR+wLOdKCTqA6/qSwuv8dR
 l5DLUbbmeTD+gOLEjDYcAw5FDmYDC5KygM7PtS7M+wmaHISHATlTlosmbozukbu/
 Xit/IeRYRF+6t1JejO2cMGGZuDJ9uT1rKVl5KqA6mVAlrsYuFK+uzCcXNv6KwNxK
 VrUG76KlBmy7ALn3dCBw6+dqFwmxBRUkRjaPByF9nvCAqBNud/uWVvfDGFF+dgo4
 j1SKOrRq9N89uwYQpofLsLeVCWqm8QTbUuNLkz6z23xy2hItDYupLn0DRj2ND3ud
 qF3QnEGx515ZlShAgkzkGCu6kRXMuUHAIMd7juZVjp5HDJJXK23zktSxflley5yX
 Za8nRtIlM716TJxXQuJIjW14BKDmdoBvy/SRuGfa+lywfrgMKwndWHIt9VD5QLYo
 xF6gRl4CuZqRuxF8RRbw
 =zhst
 -----END PGP SIGNATURE-----

Merge tag 'pwm/for-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm

Pull pwm fix from Thierry Reding:
 "Just a single trivial patch to plug a memory leak in an error path"

* tag 'pwm/for-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
  pwm: lp3943: Fix potential memory leak during request
2014-02-27 10:54:20 -08:00
Linus Torvalds
8d7531825c Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull filesystem fixes from Jan Kara:
 "Notification, writeback, udf, quota fixes

  The notification patches are (with one exception) a fallout of my
  fsnotify rework which went into -rc1 (I've extented LTP to cover these
  cornercases to avoid similar breakage in future).

  The UDF patch is a nasty data corruption Al has recently reported,
  the revert of the writeback patch is due to possibility of violating
  sync(2) guarantees, and a quota bug can lead to corruption of quota
  files in ocfs2"

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  fsnotify: Allocate overflow events with proper type
  fanotify: Handle overflow in case of permission events
  fsnotify: Fix detection whether overflow event is queued
  Revert "writeback: do not sync data dirtied after sync start"
  quota: Fix race between dqput() and dquot_scan_active()
  udf: Fix data corruption on file type conversion
  inotify: Fix reporting of cookies for inotify events
2014-02-27 10:37:22 -08:00
Linus Torvalds
bb7d43b149 Just a single fix for the UBI module unload path which makes sure we do not
touch freed memory.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTDdwqAAoJECmIfjd9wqK0+LUP/35Ds9kdee6XawmaVCFegmgJ
 FeW+2yBwwZyHqY77xkjZy2nrl7A9+LSzGnQocQdsHBy2PKtqlrt+ksx2Vz83nk3g
 Qtqzzz3uW7iiWSz6vI3PuD1Ye4Z6ebvq5IFeSnInBMTBZUGY+bdX+wWZe/xtuXAh
 a67nynajQRXWotg58WRJD0MUXYNbPY3S174NHr3BQV7DMzqtZyOiZmVDd1uIFIbu
 5JNyXxCprydey0lFvDef7oVueCk/VD9mQha2ogYizta4NR+gjuTjQWdyTxXvri+A
 48gQHEXAWgRR7YBeiOWeUvHquNL4G6im+HoXNwJ93IK19xY5UeGU/MuyPJzhqPNc
 ysxdDOi760Vggdc86Yx//+8W5EnSA3q0vnIKRGA+oWeZxR9Y+83Eg87bRFVa9Zdi
 TpvdegXzj/ZCwx3AKVAb2NBfrcQP8RucVHw8CsNY7a1WfpKL/k70JWqbGeGkp/iB
 LZyQQjOmweUv6h41wOrsvJHNeKKuUi280tP2Eck1KPebfI8kZCpjV3rqaqxdTIYB
 5l0+eI2JFD4KIsJr0Xv+QjDwRO+wKXXGUKcsj0FlEzzIK5b7iV7jKRYfYw0VRg/X
 ZCtO16nBZ+mmGt6kyEoToOt+YhOoqGL/HglbXUxvjRQL19LwpRbINvN/54f5idGy
 J1IXvzLyhkxO8s48QWmD
 =J2Up
 -----END PGP SIGNATURE-----

Merge tag 'upstream-3.14-rc5' of git://git.infradead.org/linux-ubifs

Pull ubifs fix from Artem Bityutskiy:
 "Just a single fix for the UBI module unload path which makes sure we
  do not touch freed memory"

* tag 'upstream-3.14-rc5' of git://git.infradead.org/linux-ubifs:
  UBI: fix some use after free bugs
2014-02-27 10:36:50 -08:00
Andrew Honig
a08d3b3b99 kvm: x86: fix emulator buffer overflow (CVE-2014-0049)
The problem occurs when the guest performs a pusha with the stack
address pointing to an mmio address (or an invalid guest physical
address) to start with, but then extending into an ordinary guest
physical address.  When doing repeated emulated pushes
emulator_read_write sets mmio_needed to 1 on the first one.  On a
later push when the stack points to regular memory,
mmio_nr_fragments is set to 0, but mmio_is_needed is not set to 0.

As a result, KVM exits to userspace, and then returns to
complete_emulated_mmio.  In complete_emulated_mmio
vcpu->mmio_cur_fragment is incremented.  The termination condition of
vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments is never achieved.
The code bounces back and fourth to userspace incrementing
mmio_cur_fragment past it's buffer.  If the guest does nothing else it
eventually leads to a a crash on a memcpy from invalid memory address.

However if a guest code can cause the vm to be destroyed in another
vcpu with excellent timing, then kvm_clear_async_pf_completion_queue
can be used by the guest to control the data that's pointed to by the
call to cancel_work_item, which can be used to gain execution.

Fixes: f78146b0f9
Signed-off-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org (3.5+)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-02-27 19:35:22 +01:00
Marc Zyngier
b20c9f29c5 arm/arm64: KVM: detect CPU reset on CPU_PM_EXIT
Commit 1fcf7ce0c6 (arm: kvm: implement CPU PM notifier) added
support for CPU power-management, using a cpu_notifier to re-init
KVM on a CPU that entered CPU idle.

The code assumed that a CPU entering idle would actually be powered
off, loosing its state entierely, and would then need to be
reinitialized. It turns out that this is not always the case, and
some HW performs CPU PM without actually killing the core. In this
case, we try to reinitialize KVM while it is still live. It ends up
badly, as reported by Andre Przywara (using a Calxeda Midway):

[    3.663897] Kernel panic - not syncing: unexpected prefetch abort in Hyp mode at: 0x685760
[    3.663897] unexpected data abort in Hyp mode at: 0xc067d150
[    3.663897] unexpected HVC/SVC trap in Hyp mode at: 0xc0901dd0

The trick here is to detect if we've been through a full re-init or
not by looking at HVBAR (VBAR_EL2 on arm64). This involves
implementing the backend for __hyp_get_vectors in the main KVM HYP
code (rather small), and checking the return value against the
default one when the CPU notifier is called on CPU_PM_EXIT.

Reported-by: Andre Przywara <osp@andrep.de>
Tested-by: Andre Przywara <osp@andrep.de>
Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Rob Herring <rob.herring@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-02-27 19:27:10 +01:00
Marcelo Tosatti
404381c583 KVM: MMU: drop read-only large sptes when creating lower level sptes
Read-only large sptes can be created due to read-only faults as
follows:

- QEMU pagetable entry that maps guest memory is read-only
due to COW.
- Guest read faults such memory, COW is not broken, because
it is a read-only fault.
- Enable dirty logging, large spte not nuked because it is read-only.
- Write-fault on such memory causes guest to loop endlessly
(which must go down to level 1 because dirty logging is enabled).

Fix by dropping large spte when necessary.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-02-26 17:23:32 +01:00
Christian Engelmayer
0b7d25c347 pwm: lp3943: Fix potential memory leak during request
Fix a memory leak in the lp3943_pwm_request_map() error handling path.
Make sure already allocated pwm map memory is freed correctly.
Detected by Coverity: CID 1162829.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Milo Kim <milo.kim@ti.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
2014-02-26 15:45:12 +01:00
Linus Torvalds
d2a0476307 Merge branch 'akpm' (patches from Andrew Morton)
Merge misc fixes from Andrew Morton.

* emailed patches from Andrew Morton akpm@linux-foundation.org>:
  MAINTAINERS: change mailing list address for Altera UART drivers
  Makefile: fix build with make 3.80 again
  MAINTAINERS: update L: misuses
  Makefile: fix extra parenthesis typo when CC_STACKPROTECTOR_REGULAR is enabled
  ipc,mqueue: remove limits for the amount of system-wide queues
  memcg: change oom_info_lock to mutex
  mm, thp: fix infinite loop on memcg OOM
  drivers/fmc/fmc-write-eeprom.c: fix decimal permissions
  drivers/iommu/omap-iommu-debug.c: fix decimal permissions
  mm, hwpoison: release page on PageHWPoison() in __do_fault()
2014-02-25 15:38:13 -08:00
Tobias Klauser
61bd0943bc MAINTAINERS: change mailing list address for Altera UART drivers
The nios2-dev list has been moved to the RocketBoards infrastructure, so
adjust the address accordingly.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:47 -08:00
Jan Beulich
6c15b327cc Makefile: fix build with make 3.80 again
According to Documentation/Changes, make 3.80 is still being supported
for building the kernel, hence make files must not make (unconditional)
use of features introduced only in newer versions.  Commit 8779657d29
("stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG") however
introduced an "else ifdef" construct which make 3.80 doesn't understand.

Also correct a warning message still referencing the old config option
name.

Apart from that I question the use of "ifdef" here (but it was used that
way already prior to said commit): ifeq (,y) would seem more to the
point.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Michal Marek <mmarek@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:47 -08:00
Joe Perches
cf015e9f27 MAINTAINERS: update L: misuses
L: lines are for the email addresses of traditional mailing lists.
W: lines are for URLs.

Convert two L: misuses to W: links.

Signed-off-by: Joe Perches <joe@perches.com>
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:46 -08:00
Fathi Boudra
27b2a49a14 Makefile: fix extra parenthesis typo when CC_STACKPROTECTOR_REGULAR is enabled
An extra parenthesis typo introduced in 19952a9203 ("stackprotector:
Unify the HAVE_CC_STACKPROTECTOR logic between architectures") is
causing the following error when CONFIG_CC_STACKPROTECTOR_REGULAR is
enabled:

  Makefile:608: Cannot use CONFIG_CC_STACKPROTECTOR: -fstack-protector not supported by compiler
  Makefile:608: *** missing separator.  Stop.

Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:45 -08:00
Davidlohr Bueso
f3713fd9cf ipc,mqueue: remove limits for the amount of system-wide queues
Commit 93e6f119c0 ("ipc/mqueue: cleanup definition names and
locations") added global hardcoded limits to the amount of message
queues that can be created.  While these limits are per-namespace,
reality is that it ends up breaking userspace applications.
Historically users have, at least in theory, been able to create up to
INT_MAX queues, and limiting it to just 1024 is way too low and dramatic
for some workloads and use cases.  For instance, Madars reports:

 "This update imposes bad limits on our multi-process application.  As
  our app uses approaches that each process opens its own set of queues
  (usually something about 3-5 queues per process).  In some scenarios
  we might run up to 3000 processes or more (which of-course for linux
  is not a problem).  Thus we might need up to 9000 queues or more.  All
  processes run under one user."

Other affected users can be found in launchpad bug #1155695:
  https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/1155695

Instead of increasing this limit, revert it entirely and fallback to the
original way of dealing queue limits -- where once a user's resource
limit is reached, and all memory is used, new queues cannot be created.

Signed-off-by: Davidlohr Bueso <davidlohr@hp.com>
Reported-by: Madars Vitolins <m@silodev.com>
Acked-by: Doug Ledford <dledford@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>	[3.5+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:45 -08:00
Michal Hocko
08088cb9ac memcg: change oom_info_lock to mutex
Kirill has reported the following:

  Task in /test killed as a result of limit of /test
  memory: usage 10240kB, limit 10240kB, failcnt 51
  memory+swap: usage 10240kB, limit 10240kB, failcnt 0
  kmem: usage 0kB, limit 18014398509481983kB, failcnt 0
  Memory cgroup stats for /test:

  BUG: sleeping function called from invalid context at kernel/cpu.c:68
  in_atomic(): 1, irqs_disabled(): 0, pid: 66, name: memcg_test
  2 locks held by memcg_test/66:
   #0:  (memcg_oom_lock#2){+.+...}, at: [<ffffffff81131014>] pagefault_out_of_memory+0x14/0x90
   #1:  (oom_info_lock){+.+...}, at: [<ffffffff81197b2a>] mem_cgroup_print_oom_info+0x2a/0x390
  CPU: 2 PID: 66 Comm: memcg_test Not tainted 3.14.0-rc1-dirty #745
  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Bochs 01/01/2011
  Call Trace:
    __might_sleep+0x16a/0x210
    get_online_cpus+0x1c/0x60
    mem_cgroup_read_stat+0x27/0xb0
    mem_cgroup_print_oom_info+0x260/0x390
    dump_header+0x88/0x251
    ? trace_hardirqs_on+0xd/0x10
    oom_kill_process+0x258/0x3d0
    mem_cgroup_oom_synchronize+0x656/0x6c0
    ? mem_cgroup_charge_common+0xd0/0xd0
    pagefault_out_of_memory+0x14/0x90
    mm_fault_error+0x91/0x189
    __do_page_fault+0x48e/0x580
    do_page_fault+0xe/0x10
    page_fault+0x22/0x30

which complains that mem_cgroup_read_stat cannot be called from an atomic
context but mem_cgroup_print_oom_info takes a spinlock.  Change
oom_info_lock to a mutex.

This was introduced by 947b3dd1a8 ("memcg, oom: lock
mem_cgroup_print_oom_info").

Signed-off-by: Michal Hocko <mhocko@suse.cz>
Reported-by: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:44 -08:00
Kirill A. Shutemov
9845cbbd11 mm, thp: fix infinite loop on memcg OOM
Masayoshi Mizuma reported a bug with the hang of an application under
the memcg limit.  It happens on write-protection fault to huge zero page

If we successfully allocate a huge page to replace zero page but hit the
memcg limit we need to split the zero page with split_huge_page_pmd()
and fallback to small pages.

The other part of the problem is that VM_FAULT_OOM has special meaning
in do_huge_pmd_wp_page() context.  __handle_mm_fault() expects the page
to be split if it sees VM_FAULT_OOM and it will will retry page fault
handling.  This causes an infinite loop if the page was not split.

do_huge_pmd_wp_zero_page_fallback() can return VM_FAULT_OOM if it failed
to allocate one small page, so fallback to small pages will not help.

The solution for this part is to replace VM_FAULT_OOM with
VM_FAULT_FALLBACK is fallback required.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:44 -08:00
Joe Perches
01412886b7 drivers/fmc/fmc-write-eeprom.c: fix decimal permissions
This 444 should have been octal.

Signed-off-by: Joe Perches <joe@perches.com>
Cc: Alessandro Rubini <rubini@gnudd.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:43 -08:00
Joe Perches
ff3a2b73b7 drivers/iommu/omap-iommu-debug.c: fix decimal permissions
These should have been octal.

Signed-off-by: Joe Perches <joe@perches.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Hiroshi DOYU <Hiroshi.DOYU@nokia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:42 -08:00
Kirill A. Shutemov
33b6c7765f mm, hwpoison: release page on PageHWPoison() in __do_fault()
It seems we forget to release page after detecting HW error.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Rik van Riel <riel@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Matthew Wilcox <matthew.r.wilcox@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:42 -08:00
James Hogan
f229006ec6 irq-metag*: stop set_affinity vectoring to offline cpus
Fix irq_set_affinity callbacks in the Meta IRQ chip drivers to AND
cpu_online_mask into the cpumask when picking a CPU to vector the
interrupt to.

As Thomas pointed out, the /proc/irq/$N/smp_affinity interface doesn't
filter out offline CPUs, so without this patch if you offline CPU0 and
set an IRQ affinity to 0x3 it vectors the interrupt onto CPU0 even
though it is offline.

Reported-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2014-02-25 22:35:06 +00:00
Linus Torvalds
6dba6ecba7 dmaengine-fixes-3.14-rc4
Fix tasklet lifetime management in the ioat driver causing ksoftirqd to
 spin indefinitely.
 
     References:
     https://lkml.org/lkml/2014/1/27/282
     https://lkml.org/lkml/2014/2/19/672
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTDPPOAAoJEB7SkWpmfYgCKk8P/1L45UEZrqn8paKjp2AA4aBF
 bSZkq+4ADdd9UIBavKbgt0MVDnNevrLuceZ1FKJpOiDL2+9Pgh0XINwYpzqwf/Ls
 rz36tbu4xmdbm9QCR2qMey6k0NRIQzfWfqhGVF4N1SswAZqgRAlIDAxPWS8s1LtY
 FKka93RjpstUeM78Q/nOUWOTrNz/MW1QRJoXPAaWzVyTGwjST0BlETDMd8ocai0h
 W7TQ58DrkC+dqb/aNfpm9dGQulmbshwNjMpzAd6f99fvH0Jeo3qfHWvJ2LNMtFbo
 D5OOAqWWzeyyNQurHwtpU33SiG3DUOPZIAgT8E9n4CEw7UsrE0WjyYoGgqwmWtHV
 Qc37sOG1lJaOXd9KTpQsg7J+vSg9A5t+UhHf2LtCo8GbIZN7Gyj0K3VayTtFsPZy
 Z29CwMjdTdx2Y3R2ZxEIpwGTQFbY+k0nmliVYuxbA8U01rRu+j+3v56D9EL5efuX
 0uaM2++pglaxsLa86witLwuaQM9N3LjeAG9jLdrQr/OTfs3KY2VkngY9xKvmmGYM
 MYk1j5fu3sisCx3+OZr0cgQ1+K+i6OkzYJ1L30O/9VTSfh4Q65PRx7U5vawjN9jK
 GfcWgHLkWki4lJzHO4+HJTn195AVj99ej/6QQ/Ki9wJuJxO6pgIhij9fvmqEzvlE
 VA/KmDrgKufsblOWk1Ij
 =m7cj
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fixes-3.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine

Pull dmaengine fixes from Dan Williams:
 "Fix tasklet lifetime management in the ioat driver causing ksoftirqd
  to spin indefinitely.

    References:
    https://lkml.org/lkml/2014/1/27/282
    https://lkml.org/lkml/2014/2/19/672"

* tag 'dmaengine-fixes-3.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine:
  ioat: fix tasklet tear down
2014-02-25 13:18:57 -08:00
Linus Torvalds
e4cc60cbdc Two main MTD fixes:
1. Read retry counting was off by one, so if we had a true ECC error (i.e., no
     retry voltage threshold would give a clean read), we would end up returning
     -EINVAL on the Nth mode instead of -EBADMSG after then (N-1)th mode
 
  2. The OMAP NAND driver had some of its ECC layouts wrong when introduced in
     3.13, causing incompatibilities between the bootloader on-flash layout and
     the layout expected in Linux. The expected layouts are now documented in
     the commit messages, and we plan to add this under Documentation/mtd/nand/
     eventually.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJTDO21AAoJEFySrpd9RFgta5oP/0OKQzrG8BGj7Fok3+OgDWb5
 YaO+wGnBbsMjCUECpB55HxcVtDwgzyjjxaZNRcwrKZdkUqM60RqxpcCkU02O92oo
 5T1AzE2aB65+eAm4BR3xsgGEG7wMgvMJY+4Fy1PmOvymJi00aTSq/R0Ri0/GEHVh
 NOxpfazs61x4TX66Fnc6+IL7IupVTprZEjbDxxwIhEOLutmITswBt4M69yYJmTio
 NtYWY7nTJGq+QWeBfEGFgWYU3yIwHUyo586bpqSpz9l1qkRKk/1VJGbwNUYnM61d
 8Vcd8szOHSI0vwU//BBAmTZ7a5KXRtfpD0x0im0HSmGfkBtmyjTU5l5FdZH68SQb
 ytT8uU53+xwOPpQW+1SipRerKggJQQ62tj6jQ6tAZj0WWerOGPmQhf1c9/KaTawg
 OXjPF5bIMUVf26vkji68X8VDzpYpP1EqEr4GvTFx223b4wq4XmdusqEW8hakXhwQ
 XMXKIztbb7SAY4ilYxOljCuGmR79wAJh8h+nOx5Nyw170WtHUyI6WaZjx3NhILOD
 /GgvFir5CrAwZIg7RyMMmsCXTA9bmsKEzVin69rml9o+XoV5wYucfflpMvm0Gq7A
 lQi6HSAPVtvZNxcfRFs5p8j6nDNIWwJK/ovIxOzlhs+0KjDDD1yHYdVRoTmPx8Pr
 kxDUiDpy2FkU8Cb17cRo
 =qKhw
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20140225' of git://git.infradead.org/linux-mtd

Pull MTD fixes from Brian Norris:
 "Two main MTD fixes:

  1. Read retry counting was off by one, so if we had a true ECC error
     (i.e., no retry voltage threshold would give a clean read), we
     would end up returning -EINVAL on the Nth mode instead of -EBADMSG
     after then (N-1)th mode

  2. The OMAP NAND driver had some of its ECC layouts wrong when
     introduced in 3.13, causing incompatibilities between the
     bootloader on-flash layout and the layout expected in Linux.  The
     expected layouts are now documented in the commit messages, and we
     plan to add this under Documentation/mtd/nand/ eventually"

* tag 'for-linus-20140225' of git://git.infradead.org/linux-mtd:
  mtd: nand: omap: fix ecclayout->oobfree->length
  mtd: nand: omap: fix ecclayout->oobfree->offset
  mtd: nand: omap: fix ecclayout to be in sync with u-boot NAND driver
  mtd: nand: fix off-by-one read retry mode counting
2014-02-25 13:16:05 -08:00
Linus Torvalds
c378a65663 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k
Pull m68k update from Geert Uytterhoeven:
  - More barrier.h consolidation
  - Sched_[gs]etattr() syscalls

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k: Wire up sched_setattr and sched_getattr
  m68k: Switch to asm-generic/barrier.h
  m68k: Sort arch/m68k/include/asm/Kbuild
2014-02-25 13:12:19 -08:00
Linus Torvalds
bafb81927e Xtensa fixes for 3.14:
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
 - drop nonexistent GPIO32 support from fsf variant;
 - don't select USE_GENERIC_SMP_HELPERS;
 - enable common clock framework support, set up ethoc clock on xtfpga;
 - wire up sched_setattr and sched_getattr syscalls.
 - fix system call to spill the processor registers to stack.
 - improve kernel macro to spill the processor registers.
 - export ccount_freq symbol
 - fix undefined symbol warning
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJTDCFLAAoJEI9vqH3mFV2sImUP/itHWSs2w1NJdcQIkrc9y7mK
 Y9Fbk/Wcb5th7TgStpVsI49pSFB3NY9AHFd6XPeCLa8/A3UrT+nPuXQt3rpjW0xL
 b9vhNOaW02sb8fXeUpC6oXcgwIwdRhMm5SQXFdM8eL30m6vfXUY4gzriMDMRzG8T
 WWHqpPEvsicAA7L8ilzM9AR9gnEuyREQQzRDL+KyFSCeOsNrKk2BUo2MYEkxovhJ
 8UuJ6WnmnSRA6e6n9LTPEZBy0Q0EJ8shDNHHa8dZuqjbhzy8vyWlDHhNnyuAX67p
 rPrBG4UZZk6aQbsj3b6CFBBiwCurH7q6IVIBdAQKDU2d6TY9HYCicH2OcWXbx6Q+
 DlKg6FYo40TuAt8wleinZJLaNc1RSooENR/FQD9iQkb8tyu8jtDzXKaMk9Fy8m0e
 9dW2GHMHLz+bcfO95KRSaV5qjqILFT7yGrgMvvcbRI8+ytuJbitwf4u5M06LM8JU
 69FEESKYjqCqlyXiBQPtY3RNMU8NC1wezu9XE5O5VWWL1ujswoFwa8U/txoKNEXd
 r4cTWt0O4LVyKzQl4TvGdZ2wD8hk7BJLSiGqXbmtnBgbE24eD8sT5RN+k2l5X3Za
 yVqndvZSOKxcUVfxF6IxIk8TjvVZVbCVSOLOKwbjVItdByuSXF1XPSTQUqcp4iZN
 fpOtY+TOzKxFzIndT1rD
 =d3x+
 -----END PGP SIGNATURE-----

Merge tag 'xtensa-next-20140224' of git://github.com/czankel/xtensa-linux

Pull tensa fixes from Chris Zankel:
 "This series includes fixes for potentially serious bugs in the
  routines spilling processor registers to stack, as well as other
  issues and compiler errors and warnings.

   - allow booting xtfpga on boards with new uBoot and >128MBytes memory
   - drop nonexistent GPIO32 support from fsf variant
   - don't select USE_GENERIC_SMP_HELPERS
   - enable common clock framework support, set up ethoc clock on xtfpga
   - wire up sched_setattr and sched_getattr syscalls.
   - fix system call to spill the processor registers to stack.
   - improve kernel macro to spill the processor registers
   - export ccount_freq symbol
   - fix undefined symbol warning"

* tag 'xtensa-next-20140224' of git://github.com/czankel/xtensa-linux:
  xtensa: wire up sched_setattr and sched_getattr syscalls
  xtensa: xtfpga: set ethoc clock frequency
  xtensa: xtfpga: use common clock framework
  xtensa: support common clock framework
  xtensa: no need to select USE_GENERIC_SMP_HELPERS
  xtensa: fsf: drop nonexistent GPIO32 support
  xtensa: don't pass high memory to bootmem allocator
  xtensa: fix fast_syscall_spill_registers
  xtensa: fix fast_syscall_spill_registers
  xtensa: save current register frame in fast_syscall_spill_registers_fixup
  xtensa: introduce spill_registers_kernel macro
  xtensa: export ccount_freq
  xtensa: fix warning '"CONFIG_OF" is not defined'
2014-02-25 13:10:48 -08:00
Dan Williams
da87ca4d4c ioat: fix tasklet tear down
Since commit 7787380336 "net_dma: mark broken" we no longer pin dma
engines active for the network-receive-offload use case.  As a result
the ->free_chan_resources() that occurs after the driver self test no
longer has a NET_DMA induced ->alloc_chan_resources() to back it up.  A
late firing irq can lead to ksoftirqd spinning indefinitely due to the
tasklet_disable() performed by ->free_chan_resources().  Only
->alloc_chan_resources() can clear this condition in affected kernels.

This problem has been present since commit 3e037454bc "I/OAT: Add
support for MSI and MSI-X" in 2.6.24, but is now exposed. Given the
NET_DMA use case is deprecated we can revisit moving the driver to use
threaded irqs.  For now, just tear down the irq and tasklet properly by:

1/ Disable the irq from triggering the tasklet

2/ Disable the irq from re-arming

3/ Flush inflight interrupts

4/ Flush the timer

5/ Flush inflight tasklets

References:
https://lkml.org/lkml/2014/1/27/282
https://lkml.org/lkml/2014/2/19/672

Cc: Ingo Molnar <mingo@elte.hu>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: <stable@vger.kernel.org>
Reported-by: Mike Galbraith <bitbucket@online.de>
Reported-by: Stanislav Fomichev <stfomichev@yandex-team.ru>
Tested-by: Mike Galbraith <bitbucket@online.de>
Tested-by: Stanislav Fomichev <stfomichev@yandex-team.ru>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2014-02-25 09:44:20 -08:00
Jan Kara
ff57cd5863 fsnotify: Allocate overflow events with proper type
Commit 7053aee26a "fsnotify: do not share events between notification
groups" used overflow event statically allocated in a group with the
size of the generic notification event. This causes problems because
some code looks at type specific parts of event structure and gets
confused by a random data it sees there and causes crashes.

Fix the problem by allocating overflow event with type corresponding to
the group type so code cannot get confused.

Signed-off-by: Jan Kara <jack@suse.cz>
2014-02-25 11:18:06 +01:00
Jan Kara
482ef06c5e fanotify: Handle overflow in case of permission events
If the event queue overflows when we are handling permission event, we
will never get response from userspace. So we must avoid waiting for it.
Change fsnotify_add_notify_event() to return whether overflow has
happened so that we can detect it in fanotify_handle_event() and act
accordingly.

Signed-off-by: Jan Kara <jack@suse.cz>
2014-02-25 11:17:58 +01:00
Jan Kara
2513190a92 fsnotify: Fix detection whether overflow event is queued
Currently we didn't initialize event's list head when we removed it from
the event list. Thus a detection whether overflow event is already
queued wasn't working. Fix it by always initializing the list head when
deleting event from a list.

Signed-off-by: Jan Kara <jack@suse.cz>
2014-02-25 11:17:52 +01:00
Linus Torvalds
7472e009a3 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull SELinux endianness fix from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  SELinux: bigendian problems with filename trans rules
2014-02-24 08:03:54 -08:00
Linus Torvalds
335d08b86f Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 bug fixes from Martin Schwidefsky:
 "A couple of s390 bug fixes.  The PCI segment boundary issue is a nasty
  one as it can lead to data corruption"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/cio: Fix missing subchannels after CHPID configure on
  s390/pci/dma: use correct segment boundary size
  s390/compat: fix sys_sched_getattr compat wrapper
  s390/zcrypt: additional check to avoid overflow in msg-type 6 requests
2014-02-24 07:58:50 -08:00
James Hogan
e6cfc0295c asm-generic: add sched_setattr/sched_getattr syscalls
Add the sched_setattr and sched_getattr syscalls to the generic syscall
list, which is used by the following architectures: arc, arm64, c6x,
hexagon, metag, openrisc, score, tile, unicore32.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arch@vger.kernel.org
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Mark Salter <msalter@redhat.com>
Cc: Aurelien Jacquiot <a-jacquiot@ti.com>
Cc: linux-c6x-dev@linux-c6x.org
Cc: Richard Kuo <rkuo@codeaurora.org>
Cc: linux-hexagon@vger.kernel.org
Cc: linux-metag@vger.kernel.org
Cc: Jonas Bonn <jonas@southpole.se>
Cc: linux@lists.openrisc.net
Cc: Chen Liqin <liqin.linux@gmail.com>
Cc: Lennox Wu <lennox.wu@gmail.com>
Cc: Chris Metcalf <cmetcalf@tilera.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
2014-02-24 11:55:20 +00:00
Chris Zankel
b3fdfc1b4b Xtensa fixes for 3.14:
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
 - drop nonexistent GPIO32 support from fsf variant;
 - don't select USE_GENERIC_SMP_HELPERS;
 - enable common clock framework support, set up ethoc clock on xtfpga;
 - wire up sched_setattr and sched_getattr syscalls.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTB51dAAoJEFH5zJH4P6BEqtIP/RDphJSzcGyzbndQA5NZTZ8h
 MoRDEQtR5KzT8EApOjfN2FEa7vbulAla7n9L076fFmmQDlnk8DQ1XxWgBaUcoe2+
 iTmSjdRJFy+/v1QACFhWnm18S12dNPivLRFKPERyxQaDOlpz1Y9ZeXeG1WPXN7KS
 +cGnnpxy7XizZP1w0u7qORxXfjbgTBda4si75RZf0eU9dnsrJXyr1z4SYUO84kfq
 E5WQ3uiWPjvpZboS5uVYbu2ebLsT7ZOAqv56CfUZ5bJHak32Snd0ci/pEIjljtqf
 KjtFCAvMK4rxJqVAegcipV+gjLSMAdqJaztkfX90w138InN+gqk0pLiX5+6El9xn
 9OupIFBQeJvztJd3PTCytChwaigmJKOQqKEulxm3cTzJArVNTGQRclePECbpDR6o
 kTm4wTriR9VD5l9EzT/adL7RLWaWBUi01y0W6ug5/bbEFDzqfVdyvO4VMbLjOiz6
 txSZlHUfiDrBIAkJFCWG/xz1p1hxTfdCZACmsAfXYwOOdAqsXeTy4/4XTV2dlLPA
 blJVpe7W+PGLdRZfnciufOILC6g7LOqb735aQer1ubBT18Yd1IfK4n1DMEaH/AnQ
 2buv1lCDrNW4RWTNMjzqg/T1dne3QMFxXipL2tqqyU5sHeThitKCC77HCqA8Oq4/
 n2TtLb0X+GoZso7eq8fy
 =XS4m
 -----END PGP SIGNATURE-----

Merge tag 'xtensa-for-next-20140221-1' into for_next

Xtensa fixes for 3.14:
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
- drop nonexistent GPIO32 support from fsf variant;
- don't select USE_GENERIC_SMP_HELPERS;
- enable common clock framework support, set up ethoc clock on xtfpga;
- wire up sched_setattr and sched_getattr syscalls.

Signed-off-by: Chris Zankel <chris@zankel.net>
2014-02-24 00:34:36 -08:00
James Morris
e4e027ea2d Merge branch 'stable-3.14' of git://git.infradead.org/users/pcmoore/selinux into for-linus 2014-02-24 14:40:16 +11:00
Linus Torvalds
cfbf8d4857 Linux 3.14-rc4 2014-02-23 17:40:03 -08:00
Linus Torvalds
7267342995 ARM: SoC fixes for 3.14-rc
A collection of fixes for ARM platforms. Most are fixes for DTS files,
 mostly from DT conversion on OMAP which is still finding a few issues here
 and there.
 
 There's a couple of small stale code removal patches that we usually
 queue for the next release instead, but they seemed harmless enough to
 bring in now.
 
 Also, a fix for backlight on some PXA platforms, and a cache configuration
 fix for Tegra, etc.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJTCgAlAAoJEIwa5zzehBx3J8MP/jFJWHtLHSeSXeKTLEeBV18J
 /M7OG5hKyI38mImPbdJmCHpcTfExTqWuIkvN+6e7QN5PU1V3YSy5XELPh9UIn7zU
 u+Pmt1C4cG8GFEdf03LqaDc4vdtthKUHGUBxQjrA3ZFrR8XZlzAZrnLKU/HA1VF5
 ynaj1cs4Vpf2CGXjM+2ATr5gVhjTs1yldTkG+lHL99JAlSJe7TD3mrANXBRXVVNC
 2yHGEDpDJf8kkBRQZ91xGcVVFw2YWF1avUi3QQ5WltufI+Rtdu8g7ibhakK/nimU
 AfZ3LidjjiTFIGfEi5/2FBim6Tsxpd6wLlchzA6ksPaQ6hk0EVzRPPNzlarmeRO8
 IF5zUPGPXswBeQURXe+OcZIUI4PGS02tshlIUWFPaFM3mZY2djd8Df8Rg20isjOu
 vUYGSL2UY0uLb8NS97scNS9ouGYDp8lV9pHIYlmf6f3Opv6vsw56rWggSsDQDAOk
 wbA2COTtDXxo1tEgbrmevDiaCc8uCDTHKD+uwbxOMCTwLvHHsafRp85BgcCz1z0L
 bOvTbqVhBPW6T47D1ED+ECBo12DbZwA8pth0JSRaf/Fbp6+aMFXp0/d7Hw+ggAxN
 wgEFq/A0M6v+5Y9azo+GLkgqPdH+7twH6eqD8TRgcQdnZXWIuq9UtaNw9Qx4Uusr
 fX9CS2l8ISXgopnRPZCI
 =i7LS
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "A collection of fixes for ARM platforms.  Most are fixes for DTS
  files, mostly from DT conversion on OMAP which is still finding a few
  issues here and there.

  There's a couple of small stale code removal patches that we usually
  queue for the next release instead, but they seemed harmless enough to
  bring in now.

  Also, a fix for backlight on some PXA platforms, and a cache
  configuration fix for Tegra, etc"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (25 commits)
  MAINTAINERS: add additional ARM BCM281xx/BCM11xxx maintainer
  ARM: tegra: only run PL310 init on systems with one
  ARM: tegra: Add head numbers to display controllers
  ARM: imx6: build pm-imx6q.c independently of CONFIG_PM
  ARM: tegra: fix RTC0 alias for Cardhu
  ARM: dove: dt: revert PMU interrupt controller node
  Documentation: dt: OMAP: Update Overo/Tobi
  ARM: dts: Add support for both OMAP35xx and OMAP36xx Overo/Tobi
  ARM: dts: omap3-tobi: Use the correct vendor prefix
  ARM: dts: omap3-tobi: Fix boot with OMAP36xx-based Overo
  ARM: OMAP2+: Remove legacy macros for zoom platforms
  ARM: OMAP2+: Remove MACH_NOKIA_N800
  ARM: dts: N900: add missing compatible property
  ARM: dts: N9/N950: fix boot hang with 3.14-rc1
  ARM: OMAP1: nokia770: enable tahvo-usb
  ARM: OMAP2+: gpmc: fix: DT ONENAND child nodes not probed when MTD_ONENAND is built as module
  ARM: OMAP2+: gpmc: fix: DT NAND child nodes not probed when MTD_NAND is built as module
  ARM: dts: omap3-gta04: Fix mmc1 properties.
  ARM: dts: omap3-gta04: Fix 'aux' gpio key flags.
  ARM: OMAP2+: add missing ARCH_HAS_OPP
  ...
2014-02-23 17:38:04 -08:00
Linus Torvalds
24c8525840 regulator: Fixes for v3.14
Mostly unexciting driver fixes, plus one fix to lower the severity of
 the log message when we don't use an optional regulator - the fixes for
 ACPI system made this come up more often and it was correctly observed
 that it was causing undue concern for users.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTCXZrAAoJELSic+t+oim9W60P/0pfS2LZfE6O0PSjMBC40QAm
 ZR2JQQNxth8sjwcdF/iy8eAotE/AosuD72l11ktdNSMtDv0EqW/VZtp+Pkb8GpNI
 Xocid5clPVg3C4o9lZCEEDsrksbHjqg318G5O5FeWthSF9hfCmVgTcnPufV8HG4A
 j6HKprscZGlNQ0ZMuOVjyQ7MrRr846CzjG8VoWULkGFAIZOQf3y3SOdZcqxn2MDI
 DWNN4lLdu01RWQ2u5Nt5tKLKKJzuHnWI7lprkfMX46PrSA5XX1EMq6o2rc/eC6wT
 M3syR0+98IAwRIA+Uy6VvwbjZLXcIxTSisjN8Pg0Vv0iV2kTNX67TKuTD0EBrrdW
 Lp0r0iI/CsI9B8/oK49Nnr9ZuMf+ECHqKpWLnocwgwB84LKCXlc3/ktLi2mlsGK8
 UwHTgWYi3NQeGPsi+yZw/mcXi6mfuhPCwnObXCmrPiBtnhLd/u4b2Lkgmte6HLJf
 YrChmWAIhcM2hqI3OqVzFw3K3pxnCgqWktp9y8PNW7b18mq9sEBQbrSKCFrFDuX8
 IkPSFkSEN4uxqJzImMzjQOEPGETzEeaz/p4uhVY6cjgqgfcvRQOvg1DoEwcMdeHE
 YTBLjkPJJOClg2cxNCfCpQImlMn9xZo4ypOk5eg6lpzoxpahAyWkbxFTj5D/Ep3W
 RPCi7VzqV/TNWWTB8c+m
 =yvBG
 -----END PGP SIGNATURE-----

Merge tag 'regulator-v3.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "Mostly unexciting driver fixes, plus one fix to lower the severity of
  the log message when we don't use an optional regulator - the fixes
  for ACPI system made this come up more often and it was correctly
  observed that it was causing undue concern for users"

* tag 'regulator-v3.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: max14577: Fix invalid return value on DT parse success
  regulator: core: Change dummy supplies error message to a warning
  regulator: s5m8767: Add missing of_node_put
  regulator: s5m8767: Use of_get_child_by_name
  regulator: da9063: Bug fix when setting max voltage on LDOs 5-11
2014-02-23 17:37:25 -08:00