This is the start of the stable review cycle for the 3.10.75 release.
There are 34 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun Apr 19 13:25:20 UTC 2015.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.10.75-rc1.gz
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 3.10.75-rc1
Kirill A. Shutemov <[email protected]>
pagemap: do not leak physical addresses to non-privileged userspace
Peter Hurley <[email protected]>
console: Fix console name size mismatch
Majd Dibbiny <[email protected]>
IB/mlx4: Saturate RoCE port PMA counters in case of overflow
Alex Elder <[email protected]>
kernel.h: define u8, s8, u32, etc. limits
Sasha Levin <[email protected]>
net: llc: use correct size for sysctl timeout entries
Sasha Levin <[email protected]>
net: rds: use correct size for max unacked packets and bytes
Mateusz Guzik <[email protected]>
ipc: fix compat msgrcv with negative msgtyp
Jiri Slaby <[email protected]>
core, nfqueue, openvswitch: fix compilation warning
Marek Szyprowski <[email protected]>
media: s5p-mfc: fix mmap support for 64bit arch
Mike Christie <[email protected]>
iscsi target: fix oops when adding reject pdu
Al Viro <[email protected]>
ocfs2: _really_ sync the right range
John Soni Jose <[email protected]>
be2iscsi: Fix kernel panic when device initialization fails
David Disseldorp <[email protected]>
cifs: fix use-after-free bug in find_writable_file
Lu Baolu <[email protected]>
usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers
Thomas Schlichter <[email protected]>
cpuidle: ACPI: do not overwrite name and description of C0
Peter Ujfalusi <[email protected]>
dmaengine: omap-dma: Fix memory leak when terminating running transfer
Darshana Padmadas <[email protected]>
iio: imu: Use iio_trigger_get for indio_dev->trig assignment
Viorel Suman <[email protected]>
iio: inv_mpu6050: Clear timestamps fifo while resetting hardware fifo
Bart Van Assche <[email protected]>
Defer processing of REQ_PREEMPT requests for blocked devices
Doug Goldstein <[email protected]>
USB: ftdi_sio: Use jtag quirk for SNAP Connect E10
Doug Goldstein <[email protected]>
USB: ftdi_sio: Added custom PID for Synapse Wireless product
David Miller <[email protected]>
radeon: Do not directly dereference pointers to BIOS area.
Tejun Heo <[email protected]>
writeback: fix possible underflow in write bandwidth calculation
Tejun Heo <[email protected]>
writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth()
Gu Zheng <[email protected]>
mm/memory hotplug: postpone the reset of obsolete pgdat
Sudip Mukherjee <[email protected]>
nbd: fix possible memory leak
Emmanuel Grumbach <[email protected]>
iwlwifi: dvm: run INIT firmware again upon .start()
Shachar Raindel <[email protected]>
IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic
Eli Cohen <[email protected]>
IB/core: Avoid leakage from kernel to user space
Ben Hutchings <[email protected]>
tcp: Fix crash in TCP Fast Open
Joe Perches <[email protected]>
selinux: fix sel_write_enforce broken return value
Takashi Iwai <[email protected]>
ALSA: hda - Fix headphone pin config for Lifebook T731
Dmitry M. Fedin <[email protected]>
ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support
Hui Wang <[email protected]>
ALSA: hda - Add one more node in the EAPD supporting candidate list
-------------
Diffstat:
Makefile | 4 ++--
drivers/acpi/processor_idle.c | 2 +-
drivers/block/nbd.c | 8 ++++----
drivers/dma/omap-dma.c | 1 +
drivers/gpu/drm/radeon/radeon_bios.c | 10 +++++++---
drivers/iio/imu/adis_trigger.c | 2 +-
drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 25 ++++++++++++++-----------
drivers/infiniband/core/umem.c | 8 ++++++++
drivers/infiniband/core/uverbs_main.c | 1 +
drivers/infiniband/hw/mlx4/mad.c | 20 ++++++++++++++++----
drivers/media/platform/s5p-mfc/s5p_mfc_common.h | 2 +-
drivers/net/wireless/iwlwifi/dvm/dev.h | 1 -
drivers/net/wireless/iwlwifi/dvm/ucode.c | 5 -----
drivers/scsi/be2iscsi/be_main.c | 2 +-
drivers/scsi/scsi_lib.c | 4 +++-
drivers/target/iscsi/iscsi_target.c | 2 +-
drivers/usb/host/xhci-pci.c | 2 +-
drivers/usb/serial/ftdi_sio.c | 9 +++++++--
drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++
fs/cifs/file.c | 1 +
fs/ocfs2/file.c | 14 ++++++++++----
fs/proc/task_mmu.c | 10 ++++++++++
include/linux/blk_types.h | 4 +++-
include/linux/kernel.h | 13 +++++++++++++
ipc/compat.c | 2 +-
kernel/printk.c | 4 +++-
mm/memory_hotplug.c | 13 ++++---------
mm/page-writeback.c | 7 +++++--
net/ipv4/tcp_output.c | 1 +
net/llc/sysctl_net_llc.c | 8 ++++----
net/netfilter/nfnetlink_queue_core.c | 2 +-
net/rds/sysctl.c | 4 ++--
security/selinux/selinuxfs.c | 2 +-
sound/pci/hda/patch_realtek.c | 11 ++++++++++-
sound/usb/mixer_quirks.c | 1 +
35 files changed, 145 insertions(+), 66 deletions(-)
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hui Wang <[email protected]>
commit af95b41426e0b58279f8ff0ebe420df49a4e96b8 upstream.
We have a HP machine which use the codec node 0x17 connecting the
internal speaker, and from the node capability, we saw the EAPD,
if we don't set the EAPD on for this node, the internal speaker
can't output any sound.
BugLink: https://bugs.launchpad.net/bugs/1436745
Signed-off-by: Hui Wang <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/hda/patch_realtek.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -266,7 +266,7 @@ static void alc_auto_setup_eapd(struct h
{
/* We currently only handle front, HP */
static hda_nid_t pins[] = {
- 0x0f, 0x10, 0x14, 0x15, 0
+ 0x0f, 0x10, 0x14, 0x15, 0x17, 0
};
hda_nid_t *p;
for (p = pins; *p; p++)
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Dmitry M. Fedin" <[email protected]>
commit 3dc8523fa7412e731441c01fb33f003eb3cfece1 upstream.
Adds an entry for Creative USB X-Fi to the rc_config array in
mixer_quirks.c to allow use of volume knob on the device.
Adds support for newer X-Fi Pro card, known as "Model No. SB1095"
with USB ID "041e:3237"
Signed-off-by: Dmitry M. Fedin <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/usb/mixer_quirks.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/usb/mixer_quirks.c
+++ b/sound/usb/mixer_quirks.c
@@ -175,6 +175,7 @@ static const struct rc_config {
{ USB_ID(0x041e, 0x3040), 2, 2, 6, 6, 2, 0x6e91 }, /* Live! 24-bit */
{ USB_ID(0x041e, 0x3042), 0, 1, 1, 1, 1, 0x000d }, /* Usb X-Fi S51 */
{ USB_ID(0x041e, 0x30df), 0, 1, 1, 1, 1, 0x000d }, /* Usb X-Fi S51 Pro */
+ { USB_ID(0x041e, 0x3237), 0, 1, 1, 1, 1, 0x000d }, /* Usb X-Fi S51 Pro */
{ USB_ID(0x041e, 0x3048), 2, 2, 6, 6, 2, 0x6e91 }, /* Toshiba SB0500 */
};
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <[email protected]>
commit cc7016ab1a22fb26f388c2fb2b692b89897cbc3e upstream.
Some BIOS version of Fujitsu Lifebook T731 seems to set up the
headphone pin (0x21) without the assoc number 0x0f while it's set only
to the output on the docking port (0x1a). With the recent commit
[03ad6a8c93b6: ALSA: hda - Fix "PCM" name being used on one DAC when
there are two DACs], this resulted in the weird mixer element
mapping where the headphone on the laptop is assigned as a shared
volume with the speaker and the docking port is assigned as an
individual headphone.
This patch improves the situation by correcting the headphone pin
config to the more appropriate value.
Reported-and-tested-by: Taylor Smock <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/hda/patch_realtek.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3363,6 +3363,7 @@ enum {
ALC269_FIXUP_QUANTA_MUTE,
ALC269_FIXUP_LIFEBOOK,
ALC269_FIXUP_LIFEBOOK_EXTMIC,
+ ALC269_FIXUP_LIFEBOOK_HP_PIN,
ALC269_FIXUP_AMIC,
ALC269_FIXUP_DMIC,
ALC269VB_FIXUP_AMIC,
@@ -3477,6 +3478,13 @@ static const struct hda_fixup alc269_fix
{ }
},
},
+ [ALC269_FIXUP_LIFEBOOK_HP_PIN] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x21, 0x0221102f }, /* HP out */
+ { }
+ },
+ },
[ALC269_FIXUP_AMIC] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
@@ -3727,6 +3735,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1025, 0x0742, "Acer AO756", ALC271_FIXUP_HP_GATE_MIC_JACK),
SND_PCI_QUIRK_VENDOR(0x1025, "Acer Aspire", ALC271_FIXUP_DMIC),
SND_PCI_QUIRK(0x10cf, 0x1475, "Lifebook", ALC269_FIXUP_LIFEBOOK),
+ SND_PCI_QUIRK(0x10cf, 0x15dc, "Lifebook T731", ALC269_FIXUP_LIFEBOOK_HP_PIN),
SND_PCI_QUIRK(0x10cf, 0x1845, "Lifebook U904", ALC269_FIXUP_LIFEBOOK_EXTMIC),
SND_PCI_QUIRK(0x17aa, 0x20f2, "Thinkpad SL410/510", ALC269_FIXUP_SKU_IGNORE),
SND_PCI_QUIRK(0x17aa, 0x215e, "Thinkpad L512", ALC269_FIXUP_SKU_IGNORE),
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Perches <[email protected]>
commit 6436a123a147db51a0b06024a8350f4c230e73ff upstream.
Return a negative error value like the rest of the entries in this function.
Signed-off-by: Joe Perches <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
[PM: tweaked subject line]
Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
security/selinux/selinuxfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -150,7 +150,7 @@ static ssize_t sel_write_enforce(struct
goto out;
/* No partial writes. */
- length = EINVAL;
+ length = -EINVAL;
if (*ppos != 0)
goto out;
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <[email protected]>
Commit 355a901e6cf1 ("tcp: make connect() mem charging friendly")
changed tcp_send_syn_data() to perform an open-coded copy of the 'syn'
skb rather than using skb_copy_expand().
The open-coded copy does not cover the skb_shared_info::gso_segs
field, so in the new skb it is left set to 0. When this commit was
backported into stable branches between 3.10.y and 3.16.7-ckty
inclusive, it triggered the BUG() in tcp_transmit_skb().
Since Linux 3.18 the GSO segment count is kept in the
tcp_skb_cb::tcp_gso_segs field and tcp_send_syn_data() does copy the
tcp_skb_cb structure to the new skb, so mainline and newer stable
branches are not affected.
Set skb_shared_info::gso_segs to the correct value of 1.
Signed-off-by: Ben Hutchings <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/tcp_output.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2909,6 +2909,7 @@ static int tcp_send_syn_data(struct sock
goto fallback;
syn_data->ip_summed = CHECKSUM_PARTIAL;
memcpy(syn_data->cb, syn->cb, sizeof(syn->cb));
+ skb_shinfo(syn_data)->gso_segs = 1;
if (unlikely(memcpy_fromiovecend(skb_put(syn_data, space),
fo->data->msg_iov, 0, space))) {
kfree_skb(syn_data);
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eli Cohen <[email protected]>
commit 377b513485fd885dea1083a9a5430df65b35e048 upstream.
Clear the reserved field of struct ib_uverbs_async_event_desc which is
copied to user space.
Signed-off-by: Eli Cohen <[email protected]>
Reviewed-by: Yann Droneaud <[email protected]>
Signed-off-by: Roland Dreier <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/infiniband/core/uverbs_main.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -460,6 +460,7 @@ static void ib_uverbs_async_handler(stru
entry->desc.async.element = element;
entry->desc.async.event_type = event;
+ entry->desc.async.reserved = 0;
entry->counter = counter;
list_add_tail(&entry->list, &file->async_file->event_list);
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shachar Raindel <[email protected]>
commit 8494057ab5e40df590ef6ef7d66324d3ae33356b upstream.
Properly verify that the resulting page aligned end address is larger
than both the start address and the length of the memory area requested.
Both the start and length arguments for ib_umem_get are controlled by
the user. A misbehaving user can provide values which will cause an
integer overflow when calculating the page aligned end address.
This overflow can cause also miscalculation of the number of pages
mapped, and additional logic issues.
Addresses: CVE-2014-8159
Signed-off-by: Shachar Raindel <[email protected]>
Signed-off-by: Jack Morgenstein <[email protected]>
Signed-off-by: Or Gerlitz <[email protected]>
Signed-off-by: Roland Dreier <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/infiniband/core/umem.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -94,6 +94,14 @@ struct ib_umem *ib_umem_get(struct ib_uc
if (dmasync)
dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
+ /*
+ * If the combination of the addr and size requested for this memory
+ * region causes an integer overflow, return error.
+ */
+ if ((PAGE_ALIGN(addr + size) <= size) ||
+ (PAGE_ALIGN(addr + size) <= addr))
+ return ERR_PTR(-EINVAL);
+
if (!can_do_mlock())
return ERR_PTR(-EPERM);
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <[email protected]>
commit 9c8928f5176766bec79f272bd47b7124e11cccbd upstream.
The assumption before this patch was that we don't need to
run again the INIT firmware after the system booted. The
INIT firmware runs calibrations which impact the physical
layer's behavior.
Users reported that it may be helpful to run these
calibrations again every time the interface is brought up.
The penatly is minimal, since the calibrations run fast.
This fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=94341
Signed-off-by: Emmanuel Grumbach <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/wireless/iwlwifi/dvm/dev.h | 1 -
drivers/net/wireless/iwlwifi/dvm/ucode.c | 5 -----
2 files changed, 6 deletions(-)
--- a/drivers/net/wireless/iwlwifi/dvm/dev.h
+++ b/drivers/net/wireless/iwlwifi/dvm/dev.h
@@ -670,7 +670,6 @@ struct iwl_priv {
unsigned long reload_jiffies;
int reload_count;
bool ucode_loaded;
- bool init_ucode_run; /* Don't run init uCode again */
u8 plcp_delta_threshold;
--- a/drivers/net/wireless/iwlwifi/dvm/ucode.c
+++ b/drivers/net/wireless/iwlwifi/dvm/ucode.c
@@ -425,9 +425,6 @@ int iwl_run_init_ucode(struct iwl_priv *
if (!priv->fw->img[IWL_UCODE_INIT].sec[0].len)
return 0;
- if (priv->init_ucode_run)
- return 0;
-
iwl_init_notification_wait(&priv->notif_wait, &calib_wait,
calib_complete, ARRAY_SIZE(calib_complete),
iwlagn_wait_calib, priv);
@@ -447,8 +444,6 @@ int iwl_run_init_ucode(struct iwl_priv *
*/
ret = iwl_wait_notification(&priv->notif_wait, &calib_wait,
UCODE_CALIB_TIMEOUT);
- if (!ret)
- priv->init_ucode_run = true;
goto out;
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sudip Mukherjee <[email protected]>
commit ff6b8090e26ef7649ef0cc6b42389141ef48b0cf upstream.
we have already allocated memory for nbd_dev, but we were not
releasing that memory and just returning the error value.
Signed-off-by: Sudip Mukherjee <[email protected]>
Acked-by: Paul Clements <[email protected]>
Signed-off-by: Markus Pargmann <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/block/nbd.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -815,10 +815,6 @@ static int __init nbd_init(void)
return -EINVAL;
}
- nbd_dev = kcalloc(nbds_max, sizeof(*nbd_dev), GFP_KERNEL);
- if (!nbd_dev)
- return -ENOMEM;
-
part_shift = 0;
if (max_part > 0) {
part_shift = fls(max_part);
@@ -840,6 +836,10 @@ static int __init nbd_init(void)
if (nbds_max > 1UL << (MINORBITS - part_shift))
return -EINVAL;
+ nbd_dev = kcalloc(nbds_max, sizeof(*nbd_dev), GFP_KERNEL);
+ if (!nbd_dev)
+ return -ENOMEM;
+
for (i = 0; i < nbds_max; i++) {
struct gendisk *disk = alloc_disk(1 << part_shift);
if (!disk)
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gu Zheng <[email protected]>
commit b0dc3a342af36f95a68fe229b8f0f73552c5ca08 upstream.
Qiu Xishi reported the following BUG when testing hot-add/hot-remove node under
stress condition:
BUG: unable to handle kernel paging request at 0000000000025f60
IP: next_online_pgdat+0x1/0x50
PGD 0
Oops: 0000 [#1] SMP
ACPI: Device does not support D3cold
Modules linked in: fuse nls_iso8859_1 nls_cp437 vfat fat loop dm_mod coretemp mperf crc32c_intel ghash_clmulni_intel aesni_intel ablk_helper cryptd lrw gf128mul glue_helper aes_x86_64 pcspkr microcode igb dca i2c_algo_bit ipv6 megaraid_sas iTCO_wdt i2c_i801 i2c_core iTCO_vendor_support tg3 sg hwmon ptp lpc_ich pps_core mfd_core acpi_pad rtc_cmos button ext3 jbd mbcache sd_mod crc_t10dif scsi_dh_alua scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh ahci libahci libata scsi_mod [last unloaded: rasf]
CPU: 23 PID: 238 Comm: kworker/23:1 Tainted: G O 3.10.15-5885-euler0302 #1
Hardware name: HUAWEI TECHNOLOGIES CO.,LTD. Huawei N1/Huawei N1, BIOS V100R001 03/02/2015
Workqueue: events vmstat_update
task: ffffa800d32c0000 ti: ffffa800d32ae000 task.ti: ffffa800d32ae000
RIP: 0010: next_online_pgdat+0x1/0x50
RSP: 0018:ffffa800d32afce8 EFLAGS: 00010286
RAX: 0000000000001440 RBX: ffffffff81da53b8 RCX: 0000000000000082
RDX: 0000000000000000 RSI: 0000000000000082 RDI: 0000000000000000
RBP: ffffa800d32afd28 R08: ffffffff81c93bfc R09: ffffffff81cbdc96
R10: 00000000000040ec R11: 00000000000000a0 R12: ffffa800fffb3440
R13: ffffa800d32afd38 R14: 0000000000000017 R15: ffffa800e6616800
FS: 0000000000000000(0000) GS:ffffa800e6600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000025f60 CR3: 0000000001a0b000 CR4: 00000000001407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
refresh_cpu_vm_stats+0xd0/0x140
vmstat_update+0x11/0x50
process_one_work+0x194/0x3d0
worker_thread+0x12b/0x410
kthread+0xc6/0xd0
ret_from_fork+0x7c/0xb0
The cause is the "memset(pgdat, 0, sizeof(*pgdat))" at the end of
try_offline_node, which will reset all the content of pgdat to 0, as the
pgdat is accessed lock-free, so that the users still using the pgdat
will panic, such as the vmstat_update routine.
process A: offline node XX:
vmstat_updat()
refresh_cpu_vm_stats()
for_each_populated_zone()
find online node XX
cond_resched()
offline cpu and memory, then try_offline_node()
node_set_offline(nid), and memset(pgdat, 0, sizeof(*pgdat))
zone = next_zone(zone)
pg_data_t *pgdat = zone->zone_pgdat; // here pgdat is NULL now
next_online_pgdat(pgdat)
next_online_node(pgdat->node_id); // NULL pointer access
So the solution here is postponing the reset of obsolete pgdat from
try_offline_node() to hotadd_new_pgdat(), and just resetting
pgdat->nr_zones and pgdat->classzone_idx to be 0 rather than the memset
0 to avoid breaking pointer information in pgdat.
Signed-off-by: Gu Zheng <[email protected]>
Reported-by: Xishi Qiu <[email protected]>
Suggested-by: KAMEZAWA Hiroyuki <[email protected]>
Cc: David Rientjes <[email protected]>
Cc: Yasuaki Ishimatsu <[email protected]>
Cc: Taku Izumi <[email protected]>
Cc: Tang Chen <[email protected]>
Cc: Xie XiuQi <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/memory_hotplug.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -1039,6 +1039,10 @@ static pg_data_t __ref *hotadd_new_pgdat
return NULL;
arch_refresh_nodedata(nid, pgdat);
+ } else {
+ /* Reset the nr_zones and classzone_idx to 0 before reuse */
+ pgdat->nr_zones = 0;
+ pgdat->classzone_idx = 0;
}
/* we can use NODE_DATA(nid) from here */
@@ -1802,15 +1806,6 @@ void try_offline_node(int nid)
if (is_vmalloc_addr(zone->wait_table))
vfree(zone->wait_table);
}
-
- /*
- * Since there is no way to guarentee the address of pgdat/zone is not
- * on stack of any kernel threads or used by other kernel objects
- * without reference counting or other symchronizing method, do not
- * reset node_data and free pgdat here. Just reset it to 0 and reuse
- * the memory when the node is online again.
- */
- memset(pgdat, 0, sizeof(*pgdat));
}
EXPORT_SYMBOL(try_offline_node);
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <[email protected]>
commit 7d70e15480c0450d2bfafaad338a32e884fc215e upstream.
global_update_bandwidth() uses static variable update_time as the
timestamp for the last update but forgets to initialize it to
INITIALIZE_JIFFIES.
This means that global_dirty_limit will be 5 mins into the future on
32bit and some large amount jiffies into the past on 64bit. This
isn't critical as the only effect is that global_dirty_limit won't be
updated for the first 5 mins after booting on 32bit machines,
especially given the auxiliary nature of global_dirty_limit's role -
protecting against global dirty threshold's sudden dips; however, it
does lead to unintended suboptimal behavior. Fix it.
Fixes: c42843f2f0bb ("writeback: introduce smoothed global dirty limit")
Signed-off-by: Tejun Heo <[email protected]>
Acked-by: Jan Kara <[email protected]>
Cc: Wu Fengguang <[email protected]>
Cc: Jens Axboe <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/page-writeback.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -858,7 +858,7 @@ static void global_update_bandwidth(unsi
unsigned long now)
{
static DEFINE_SPINLOCK(dirty_lock);
- static unsigned long update_time;
+ static unsigned long update_time = INITIAL_JIFFIES;
/*
* check locklessly first to optimize away locking for the most time
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <[email protected]>
commit c72efb658f7c8b27ca3d0efb5cfd5ded9fcac89e upstream.
>From 1ebf33901ecc75d9496862dceb1ef0377980587c Mon Sep 17 00:00:00 2001
From: Tejun Heo <[email protected]>
Date: Mon, 23 Mar 2015 00:08:19 -0400
2f800fbd777b ("writeback: fix dirtied pages accounting on redirty")
introduced account_page_redirty() which reverts stat updates for a
redirtied page, making BDI_DIRTIED no longer monotonically increasing.
bdi_update_write_bandwidth() uses the delta in BDI_DIRTIED as the
basis for bandwidth calculation. While unlikely, since the above
patch, the newer value may be lower than the recorded past value and
underflow the bandwidth calculation leading to a wild result.
Fix it by subtracing min of the old and new values when calculating
delta. AFAIK, there hasn't been any report of it happening but the
resulting erratic behavior would be non-critical and temporary, so
it's possible that the issue is happening without being reported. The
risk of the fix is very low, so tagged for -stable.
Signed-off-by: Tejun Heo <[email protected]>
Cc: Jens Axboe <[email protected]>
Cc: Jan Kara <[email protected]>
Cc: Wu Fengguang <[email protected]>
Cc: Greg Thelen <[email protected]>
Fixes: 2f800fbd777b ("writeback: fix dirtied pages accounting on redirty")
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/page-writeback.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -793,8 +793,11 @@ static void bdi_update_write_bandwidth(s
* bw * elapsed + write_bandwidth * (period - elapsed)
* write_bandwidth = ---------------------------------------------------
* period
+ *
+ * @written may have decreased due to account_page_redirty().
+ * Avoid underflowing @bw calculation.
*/
- bw = written - bdi->written_stamp;
+ bw = written - min(written, bdi->written_stamp);
bw *= HZ;
if (unlikely(elapsed > period)) {
do_div(bw, elapsed);
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Doug Goldstein <[email protected]>
commit 4899c054a90439477b24da8977db8d738376fe90 upstream.
Synapse Wireless uses the FTDI VID with a custom PID of 0x9090 for their
SNAP Stick 200 product.
Signed-off-by: Doug Goldstein <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++
2 files changed, 7 insertions(+)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -620,6 +620,7 @@ static struct usb_device_id id_table_com
.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
{ USB_DEVICE(FTDI_VID, FTDI_NT_ORIONLXM_PID),
.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+ { USB_DEVICE(FTDI_VID, FTDI_SYNAPSE_SS200_PID) },
/*
* ELV devices:
*/
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -561,6 +561,12 @@
*/
#define FTDI_NT_ORIONLXM_PID 0x7c90 /* OrionLXm Substation Automation Platform */
+/*
+ * Synapse Wireless product ids (FTDI_VID)
+ * http://www.synapse-wireless.com
+ */
+#define FTDI_SYNAPSE_SS200_PID 0x9090 /* SS200 - SNAP Stick 200 */
+
/********************************/
/** third-party VID/PID combos **/
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Doug Goldstein <[email protected]>
commit b229a0f840f774d29d8fedbf5deb344ca36b7f1a upstream.
This patch uses the existing CALAO Systems ftdi_8u2232c_probe in order
to avoid attaching a TTY to the JTAG port as this board is based on the
CALAO Systems reference design and needs the same fix up.
Signed-off-by: Doug Goldstein <[email protected]>
[johan: clean up probe logic ]
Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/serial/ftdi_sio.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -1900,8 +1900,12 @@ static int ftdi_8u2232c_probe(struct usb
{
struct usb_device *udev = serial->dev;
- if ((udev->manufacturer && !strcmp(udev->manufacturer, "CALAO Systems")) ||
- (udev->product && !strcmp(udev->product, "BeagleBone/XDS100V2")))
+ if (udev->manufacturer && !strcmp(udev->manufacturer, "CALAO Systems"))
+ return ftdi_jtag_probe(serial);
+
+ if (udev->product &&
+ (!strcmp(udev->product, "BeagleBone/XDS100V2") ||
+ !strcmp(udev->product, "SNAP Connect E10")))
return ftdi_jtag_probe(serial);
return 0;
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <[email protected]>
commit bba0bdd7ad4713d82338bcd9b72d57e9335a664b upstream.
SCSI transport drivers and SCSI LLDs block a SCSI device if the
transport layer is not operational. This means that in this state
no requests should be processed, even if the REQ_PREEMPT flag has
been set. This patch avoids that a rescan shortly after a cable
pull sporadically triggers the following kernel oops:
BUG: unable to handle kernel paging request at ffffc9001a6bc084
IP: [<ffffffffa04e08f2>] mlx4_ib_post_send+0xd2/0xb30 [mlx4_ib]
Process rescan-scsi-bus (pid: 9241, threadinfo ffff88053484a000, task ffff880534aae100)
Call Trace:
[<ffffffffa0718135>] srp_post_send+0x65/0x70 [ib_srp]
[<ffffffffa071b9df>] srp_queuecommand+0x1cf/0x3e0 [ib_srp]
[<ffffffffa0001ff1>] scsi_dispatch_cmd+0x101/0x280 [scsi_mod]
[<ffffffffa0009ad1>] scsi_request_fn+0x411/0x4d0 [scsi_mod]
[<ffffffff81223b37>] __blk_run_queue+0x27/0x30
[<ffffffff8122a8d2>] blk_execute_rq_nowait+0x82/0x110
[<ffffffff8122a9c2>] blk_execute_rq+0x62/0xf0
[<ffffffffa000b0e8>] scsi_execute+0xe8/0x190 [scsi_mod]
[<ffffffffa000b2f3>] scsi_execute_req+0xa3/0x130 [scsi_mod]
[<ffffffffa000c1aa>] scsi_probe_lun+0x17a/0x450 [scsi_mod]
[<ffffffffa000ce86>] scsi_probe_and_add_lun+0x156/0x480 [scsi_mod]
[<ffffffffa000dc2f>] __scsi_scan_target+0xdf/0x1f0 [scsi_mod]
[<ffffffffa000dfa3>] scsi_scan_host_selected+0x183/0x1c0 [scsi_mod]
[<ffffffffa000edfb>] scsi_scan+0xdb/0xe0 [scsi_mod]
[<ffffffffa000ee13>] store_scan+0x13/0x20 [scsi_mod]
[<ffffffff811c8d9b>] sysfs_write_file+0xcb/0x160
[<ffffffff811589de>] vfs_write+0xce/0x140
[<ffffffff81158b53>] sys_write+0x53/0xa0
[<ffffffff81464592>] system_call_fastpath+0x16/0x1b
[<00007f611c9d9300>] 0x7f611c9d92ff
Reported-by: Max Gurtuvoy <[email protected]>
Signed-off-by: Bart Van Assche <[email protected]>
Reviewed-by: Mike Christie <[email protected]>
Signed-off-by: James Bottomley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/scsi/scsi_lib.c | 4 +++-
include/linux/blk_types.h | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1242,9 +1242,11 @@ int scsi_prep_state_check(struct scsi_de
"rejecting I/O to dead device\n");
ret = BLKPREP_KILL;
break;
- case SDEV_QUIESCE:
case SDEV_BLOCK:
case SDEV_CREATED_BLOCK:
+ ret = BLKPREP_DEFER;
+ break;
+ case SDEV_QUIESCE:
/*
* If the devices is blocked we defer normal commands.
*/
--- a/include/linux/blk_types.h
+++ b/include/linux/blk_types.h
@@ -170,7 +170,9 @@ enum rq_flag_bits {
__REQ_ELVPRIV, /* elevator private data attached */
__REQ_FAILED, /* set if the request failed */
__REQ_QUIET, /* don't worry about errors */
- __REQ_PREEMPT, /* set for "ide_preempt" requests */
+ __REQ_PREEMPT, /* set for "ide_preempt" requests and also
+ for requests for which the SCSI "quiesce"
+ state must be ignored. */
__REQ_ALLOCED, /* request came from our alloc pool */
__REQ_COPY_USER, /* contains copies of user pages */
__REQ_FLUSH_SEQ, /* request for flush sequence */
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viorel Suman <[email protected]>
commit 4dac0a8eefd55bb1f157d1a5a084531334a2d74c upstream.
A hardware fifo reset always imply an invalidation of the
existing timestamps, so we'll clear timestamps fifo on
successfull hardware fifo reset.
Signed-off-by: Viorel Suman <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
+++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
@@ -25,6 +25,16 @@
#include <linux/poll.h>
#include "inv_mpu_iio.h"
+static void inv_clear_kfifo(struct inv_mpu6050_state *st)
+{
+ unsigned long flags;
+
+ /* take the spin lock sem to avoid interrupt kick in */
+ spin_lock_irqsave(&st->time_stamp_lock, flags);
+ kfifo_reset(&st->timestamps);
+ spin_unlock_irqrestore(&st->time_stamp_lock, flags);
+}
+
int inv_reset_fifo(struct iio_dev *indio_dev)
{
int result;
@@ -51,6 +61,10 @@ int inv_reset_fifo(struct iio_dev *indio
INV_MPU6050_BIT_FIFO_RST);
if (result)
goto reset_fifo_fail;
+
+ /* clear timestamps fifo */
+ inv_clear_kfifo(st);
+
/* enable interrupt */
if (st->chip_config.accl_fifo_enable ||
st->chip_config.gyro_fifo_enable) {
@@ -84,16 +98,6 @@ reset_fifo_fail:
return result;
}
-static void inv_clear_kfifo(struct inv_mpu6050_state *st)
-{
- unsigned long flags;
-
- /* take the spin lock sem to avoid interrupt kick in */
- spin_lock_irqsave(&st->time_stamp_lock, flags);
- kfifo_reset(&st->timestamps);
- spin_unlock_irqrestore(&st->time_stamp_lock, flags);
-}
-
/**
* inv_mpu6050_irq_handler() - Cache a timestamp at each data ready interrupt.
*/
@@ -187,7 +191,6 @@ end_session:
flush_fifo:
/* Flush HW and SW FIFOs. */
inv_reset_fifo(indio_dev);
- inv_clear_kfifo(st);
mutex_unlock(&indio_dev->mlock);
iio_trigger_notify_done(indio_dev->trig);
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Darshana Padmadas <[email protected]>
commit 4ce7ca89d6e8eae9e201cd0e972ba323f33e2fb4 upstream.
This patch uses iio_trigger_get to increment the reference
count of trigger device, to avoid incorrect assignment.
Can result in a null pointer dereference during removal if the
trigger has been changed before removal.
This patch refers to a similar situation encountered through the
following discussion:
http://www.spinics.net/lists/linux-iio/msg13669.html
Signed-off-by: Darshana Padmadas <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/iio/imu/adis_trigger.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/imu/adis_trigger.c
+++ b/drivers/iio/imu/adis_trigger.c
@@ -60,7 +60,7 @@ int adis_probe_trigger(struct adis *adis
iio_trigger_set_drvdata(adis->trig, adis);
ret = iio_trigger_register(adis->trig);
- indio_dev->trig = adis->trig;
+ indio_dev->trig = iio_trigger_get(adis->trig);
if (ret)
goto error_free_irq;
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Ujfalusi <[email protected]>
commit 02d88b735f5a60f04dbf6d051b76e1877a0d0844 upstream.
In omap_dma_start_desc the vdesc->node is removed from the virt-dma
framework managed lists (to be precise from the desc_issued list).
If a terminate_all comes before the transfer finishes the omap_desc will
not be freed up because it is not in any of the lists and we stopped the
DMA channel so the transfer will not going to complete.
There is no special sequence for leaking memory when using cyclic (audio)
transfer: with every start and stop of a cyclic transfer the driver leaks
struct omap_desc worth of memory.
Free up the allocated memory directly in omap_dma_terminate_all() since the
framework will not going to do that for us.
Signed-off-by: Peter Ujfalusi <[email protected]>
CC: <[email protected]>
Signed-off-by: Vinod Koul <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/dma/omap-dma.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/dma/omap-dma.c
+++ b/drivers/dma/omap-dma.c
@@ -487,6 +487,7 @@ static int omap_dma_terminate_all(struct
* c->desc is NULL and exit.)
*/
if (c->desc) {
+ omap_dma_desc_free(&c->desc->vd);
c->desc = NULL;
/* Avoid stopping the dma twice */
if (!c->paused)
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Schlichter <[email protected]>
commit c7e8bdf5872c5a8f5a6494e16fe839c38a0d3d3d upstream.
Fix a bug that leads to showing the name and description of C-state C0
as "<null>" in sysfs after the ACPI C-states changed (e.g. after AC->DC
or DC->AC
transition).
The function poll_idle_init() in drivers/cpuidle/driver.c initializes the
state 0 during cpuidle_register_driver(), so we better do not overwrite it
again with '\0' during acpi_processor_cst_has_changed().
Signed-off-by: Thomas Schlichter <[email protected]>
Reviewed-by: Bartlomiej Zolnierkiewicz <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/acpi/processor_idle.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/acpi/processor_idle.c
+++ b/drivers/acpi/processor_idle.c
@@ -978,7 +978,7 @@ static int acpi_processor_setup_cpuidle_
return -EINVAL;
drv->safe_state_index = -1;
- for (i = 0; i < CPUIDLE_STATE_MAX; i++) {
+ for (i = CPUIDLE_DRIVER_STATE_START; i < CPUIDLE_STATE_MAX; i++) {
drv->states[i].name[0] = '\0';
drv->states[i].desc[0] = '\0';
}
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lu Baolu <[email protected]>
commit 227a4fd801c8a9fa2c4700ab98ec1aec06e3b44d upstream.
When a device with an isochronous endpoint is plugged into the Intel
xHCI host controller, and the driver submits multiple frames per URB,
the xHCI driver will set the Block Event Interrupt (BEI) flag on all
but the last TD for the URB. This causes the host controller to place
an event on the event ring, but not send an interrupt. When the last
TD for the URB completes, BEI is cleared, and we get an interrupt for
the whole URB.
However, under Intel xHCI host controllers, if the event ring is full
of events from transfers with BEI set, an "Event Ring is Full" event
will be posted to the last entry of the event ring, but no interrupt
is generated. Host will cease all transfer and command executions and
wait until software completes handling the pending events in the event
ring. That means xHC stops, but event of "event ring is full" is not
notified. As the result, the xHC looks like dead to user.
This patch is to apply XHCI_AVOID_BEI quirk to Intel xHC devices. And
it should be backported to kernels as old as 3.0, that contains the
commit 69e848c2090a ("Intel xhci: Support EHCI/xHCI port switching.").
Signed-off-by: Lu Baolu <[email protected]>
Tested-by: Alistair Grant <[email protected]>
Signed-off-by: Mathias Nyman <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/host/xhci-pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -94,6 +94,7 @@ static void xhci_pci_quirks(struct devic
if (pdev->vendor == PCI_VENDOR_ID_INTEL) {
xhci->quirks |= XHCI_LPM_SUPPORT;
xhci->quirks |= XHCI_INTEL_HOST;
+ xhci->quirks |= XHCI_AVOID_BEI;
}
if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
pdev->device == PCI_DEVICE_ID_INTEL_PANTHERPOINT_XHCI) {
@@ -109,7 +110,6 @@ static void xhci_pci_quirks(struct devic
* PPT chipsets.
*/
xhci->quirks |= XHCI_SPURIOUS_REBOOT;
- xhci->quirks |= XHCI_AVOID_BEI;
}
if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
pdev->device == PCI_DEVICE_ID_ASROCK_P67) {
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Disseldorp <[email protected]>
commit e1e9bda22d7ddf88515e8fe401887e313922823e upstream.
Under intermittent network outages, find_writable_file() is susceptible
to the following race condition, which results in a user-after-free in
the cifs_writepages code-path:
Thread 1 Thread 2
======== ========
inv_file = NULL
refind = 0
spin_lock(&cifs_file_list_lock)
// invalidHandle found on openFileList
inv_file = open_file
// inv_file->count currently 1
cifsFileInfo_get(inv_file)
// inv_file->count = 2
spin_unlock(&cifs_file_list_lock);
cifs_reopen_file() cifs_close()
// fails (rc != 0) ->cifsFileInfo_put()
spin_lock(&cifs_file_list_lock)
// inv_file->count = 1
spin_unlock(&cifs_file_list_lock)
spin_lock(&cifs_file_list_lock);
list_move_tail(&inv_file->flist,
&cifs_inode->openFileList);
spin_unlock(&cifs_file_list_lock);
cifsFileInfo_put(inv_file);
->spin_lock(&cifs_file_list_lock)
// inv_file->count = 0
list_del(&cifs_file->flist);
// cleanup!!
kfree(cifs_file);
spin_unlock(&cifs_file_list_lock);
spin_lock(&cifs_file_list_lock);
++refind;
// refind = 1
goto refind_writable;
At this point we loop back through with an invalid inv_file pointer
and a refind value of 1. On second pass, inv_file is not overwritten on
openFileList traversal, and is subsequently dereferenced.
Signed-off-by: David Disseldorp <[email protected]>
Reviewed-by: Jeff Layton <[email protected]>
Signed-off-by: Steve French <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/cifs/file.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1789,6 +1789,7 @@ refind_writable:
cifsFileInfo_put(inv_file);
spin_lock(&cifs_file_list_lock);
++refind;
+ inv_file = NULL;
goto refind_writable;
}
}
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Soni Jose <[email protected]>
commit 2e7cee027b26cbe7e6685a7a14bd2850bfe55d33 upstream.
Kernel panic was happening as iscsi_host_remove() was called on
a host which was not yet added.
Signed-off-by: John Soni Jose <[email protected]>
Reviewed-by: Mike Christie <[email protected]>
Signed-off-by: James Bottomley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/scsi/be2iscsi/be_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/be2iscsi/be_main.c
+++ b/drivers/scsi/be2iscsi/be_main.c
@@ -5080,9 +5080,9 @@ free_port:
hba_free:
if (phba->msix_enabled)
pci_disable_msix(phba->pcidev);
- iscsi_host_remove(phba->shost);
pci_dev_put(phba->pcidev);
iscsi_host_free(phba->shost);
+ pci_set_drvdata(pcidev, NULL);
disable_pci:
pci_disable_device(pcidev);
return ret;
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <[email protected]>
commit 64b4e2526d1cf6e6a4db6213d6e2b6e6ab59479a upstream.
"ocfs2 syncs the wrong range" had been broken; prior to it the
code was doing the wrong thing in case of O_APPEND, all right,
but _after_ it we were syncing the wrong range in 100% cases.
*ppos, aka iocb->ki_pos is incremented prior to that point,
so we are always doing sync on the area _after_ the one we'd
written to.
Spotted by Joseph Qi <[email protected]> back in January;
unfortunately, I'd missed his mail back then ;-/
Signed-off-by: Al Viro <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/ocfs2/file.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -2372,10 +2372,14 @@ out_dio:
/* buffered aio wouldn't have proper lock coverage today */
BUG_ON(ret == -EIOCBQUEUED && !(file->f_flags & O_DIRECT));
+ if (unlikely(written <= 0))
+ goto no_sync;
+
if (((file->f_flags & O_DSYNC) && !direct_io) || IS_SYNC(inode) ||
((file->f_flags & O_DIRECT) && !direct_io)) {
- ret = filemap_fdatawrite_range(file->f_mapping, *ppos,
- *ppos + count - 1);
+ ret = filemap_fdatawrite_range(file->f_mapping,
+ iocb->ki_pos - written,
+ iocb->ki_pos - 1);
if (ret < 0)
written = ret;
@@ -2388,10 +2392,12 @@ out_dio:
}
if (!ret)
- ret = filemap_fdatawait_range(file->f_mapping, *ppos,
- *ppos + count - 1);
+ ret = filemap_fdatawait_range(file->f_mapping,
+ iocb->ki_pos - written,
+ iocb->ki_pos - 1);
}
+no_sync:
/*
* deep in g_f_a_w_n()->ocfs2_direct_IO we pass in a ocfs2_dio_end_io
* function pointer which is called when o_direct io completes so that
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Christie <[email protected]>
commit b815fc12d4dd2b5586184fb4f867caff05a810d4 upstream.
This fixes a oops due to a double list add when adding a reject PDU for
iscsit_allocate_iovecs allocation failures. The cmd has already been
added to the conn_cmd_list in iscsit_setup_scsi_cmd, so this has us call
iscsit_reject_cmd.
Note that for ERL0 the reject PDU is not actually sent, so this patch
is not completely tested. Just verified we do not oops. The problem is the
add reject functions return -1 which is returned all the way up to
iscsi_target_rx_thread which for ERL0 will drop the connection.
Signed-off-by: Mike Christie <[email protected]>
Signed-off-by: Nicholas Bellinger <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/target/iscsi/iscsi_target.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -1179,7 +1179,7 @@ iscsit_handle_scsi_cmd(struct iscsi_conn
* traditional iSCSI block I/O.
*/
if (iscsit_allocate_iovecs(cmd) < 0) {
- return iscsit_add_reject_cmd(cmd,
+ return iscsit_reject_cmd(cmd,
ISCSI_REASON_BOOKMARK_NO_RESOURCES, buf);
}
immed_data = cmd->immediate_data;
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Szyprowski <[email protected]>
commit 05b676ab42f624425d5f6519276e506b812fa058 upstream.
TASK_SIZE is depends on the systems architecture (32 or 64 bits) and it
should not be used for defining offset boundary for mmaping buffers for
CAPTURE and OUTPUT queues. This patch fixes support for MMAP calls on
the CAPTURE queue on 64bit architectures (like ARM64).
Signed-off-by: Marek Szyprowski <[email protected]>
Signed-off-by: Kamil Debski <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/media/platform/s5p-mfc/s5p_mfc_common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/platform/s5p-mfc/s5p_mfc_common.h
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc_common.h
@@ -29,7 +29,7 @@
/* Offset base used to differentiate between CAPTURE and OUTPUT
* while mmaping */
-#define DST_QUEUE_OFF_BASE (TASK_SIZE / 2)
+#define DST_QUEUE_OFF_BASE (1 << 30)
#define MFC_BANK1_ALLOC_CTX 0
#define MFC_BANK2_ALLOC_CTX 1
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mateusz Guzik <[email protected]>
commit e7ca2552369c1dfe0216c626baf82c3d83ec36bb upstream.
Compat function takes msgtyp argument as u32 and passes it down to
do_msgrcv which results in casting to long, thus the sign is lost and we
get a big positive number instead.
Cast the argument to signed type before passing it down.
Signed-off-by: Mateusz Guzik <[email protected]>
Reported-by: Gabriellla Schmidt <[email protected]>
Cc: Al Viro <[email protected]>
Cc: Davidlohr Bueso <[email protected]>
Cc: Manfred Spraul <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Cc: Masanari Iida <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
ipc/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/ipc/compat.c
+++ b/ipc/compat.c
@@ -381,7 +381,7 @@ COMPAT_SYSCALL_DEFINE6(ipc, u32, call, i
uptr = compat_ptr(ipck.msgp);
fifth = ipck.msgtyp;
}
- return do_msgrcv(first, uptr, second, fifth, third,
+ return do_msgrcv(first, uptr, second, (s32)fifth, third,
compat_do_msg_fill);
}
case MSGGET:
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sasha Levin <[email protected]>
commit db27ebb111e9f69efece08e4cb6a34ff980f8896 upstream.
Max unacked packets/bytes is an int while sizeof(long) was used in the
sysctl table.
This means that when they were getting read we'd also leak kernel memory
to userspace along with the timeout values.
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/rds/sysctl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/rds/sysctl.c
+++ b/net/rds/sysctl.c
@@ -71,14 +71,14 @@ static ctl_table rds_sysctl_rds_table[]
{
.procname = "max_unacked_packets",
.data = &rds_sysctl_max_unacked_packets,
- .maxlen = sizeof(unsigned long),
+ .maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec,
},
{
.procname = "max_unacked_bytes",
.data = &rds_sysctl_max_unacked_bytes,
- .maxlen = sizeof(unsigned long),
+ .maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec,
},
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sasha Levin <[email protected]>
commit 6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 upstream.
The timeout entries are sizeof(int) rather than sizeof(long), which
means that when they were getting read we'd also leak kernel memory
to userspace along with the timeout values.
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/llc/sysctl_net_llc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/llc/sysctl_net_llc.c
+++ b/net/llc/sysctl_net_llc.c
@@ -18,28 +18,28 @@ static struct ctl_table llc2_timeout_tab
{
.procname = "ack",
.data = &sysctl_llc2_ack_timeout,
- .maxlen = sizeof(long),
+ .maxlen = sizeof(sysctl_llc2_ack_timeout),
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
{
.procname = "busy",
.data = &sysctl_llc2_busy_timeout,
- .maxlen = sizeof(long),
+ .maxlen = sizeof(sysctl_llc2_busy_timeout),
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
{
.procname = "p",
.data = &sysctl_llc2_p_timeout,
- .maxlen = sizeof(long),
+ .maxlen = sizeof(sysctl_llc2_p_timeout),
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
{
.procname = "rej",
.data = &sysctl_llc2_rej_timeout,
- .maxlen = sizeof(long),
+ .maxlen = sizeof(sysctl_llc2_rej_timeout),
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Elder <[email protected]>
commit 89a0714106aac7309c7dfa0f004b39e1e89d2942 upstream.
Create constants that define the maximum and minimum values
representable by the kernel types u8, s8, u16, s16, and so on.
Signed-off-by: Alex Elder <[email protected]>
Cc: Sage Weil <[email protected]>
Cc: David Miller <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/linux/kernel.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -29,6 +29,19 @@
#define ULLONG_MAX (~0ULL)
#define SIZE_MAX (~(size_t)0)
+#define U8_MAX ((u8)~0U)
+#define S8_MAX ((s8)(U8_MAX>>1))
+#define S8_MIN ((s8)(-S8_MAX - 1))
+#define U16_MAX ((u16)~0U)
+#define S16_MAX ((s16)(U16_MAX>>1))
+#define S16_MIN ((s16)(-S16_MAX - 1))
+#define U32_MAX ((u32)~0U)
+#define S32_MAX ((s32)(U32_MAX>>1))
+#define S32_MIN ((s32)(-S32_MAX - 1))
+#define U64_MAX ((u64)~0ULL)
+#define S64_MAX ((s64)(U64_MAX>>1))
+#define S64_MIN ((s64)(-S64_MAX - 1))
+
#define STACK_MAGIC 0xdeadbeef
#define REPEAT_BYTE(x) ((~0ul / 0xff) * (x))
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Majd Dibbiny <[email protected]>
commit 61a3855bb726cbb062ef02a31a832dea455456e0 upstream.
For RoCE ports, we set the u32 PMA values based on u64 HCA counters. In case of
overflow, according to the IB spec, we have to saturate a counter to its
max value, do that.
Fixes: c37791349cc7 ('IB/mlx4: Support PMA counters for IBoE')
Signed-off-by: Majd Dibbiny <[email protected]>
Signed-off-by: Eran Ben Elisha <[email protected]>
Signed-off-by: Hadar Hen Zion <[email protected]>
Signed-off-by: Or Gerlitz <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/infiniband/hw/mlx4/mad.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/drivers/infiniband/hw/mlx4/mad.c
+++ b/drivers/infiniband/hw/mlx4/mad.c
@@ -64,6 +64,14 @@ enum {
#define GUID_TBL_BLK_NUM_ENTRIES 8
#define GUID_TBL_BLK_SIZE (GUID_TBL_ENTRY_SIZE * GUID_TBL_BLK_NUM_ENTRIES)
+/* Counters should be saturate once they reach their maximum value */
+#define ASSIGN_32BIT_COUNTER(counter, value) do {\
+ if ((value) > U32_MAX) \
+ counter = cpu_to_be32(U32_MAX); \
+ else \
+ counter = cpu_to_be32(value); \
+} while (0)
+
struct mlx4_mad_rcv_buf {
struct ib_grh grh;
u8 payload[256];
@@ -730,10 +738,14 @@ static int ib_process_mad(struct ib_devi
static void edit_counter(struct mlx4_counter *cnt,
struct ib_pma_portcounters *pma_cnt)
{
- pma_cnt->port_xmit_data = cpu_to_be32((be64_to_cpu(cnt->tx_bytes)>>2));
- pma_cnt->port_rcv_data = cpu_to_be32((be64_to_cpu(cnt->rx_bytes)>>2));
- pma_cnt->port_xmit_packets = cpu_to_be32(be64_to_cpu(cnt->tx_frames));
- pma_cnt->port_rcv_packets = cpu_to_be32(be64_to_cpu(cnt->rx_frames));
+ ASSIGN_32BIT_COUNTER(pma_cnt->port_xmit_data,
+ (be64_to_cpu(cnt->tx_bytes) >> 2));
+ ASSIGN_32BIT_COUNTER(pma_cnt->port_rcv_data,
+ (be64_to_cpu(cnt->rx_bytes) >> 2));
+ ASSIGN_32BIT_COUNTER(pma_cnt->port_xmit_packets,
+ be64_to_cpu(cnt->tx_frames));
+ ASSIGN_32BIT_COUNTER(pma_cnt->port_rcv_packets,
+ be64_to_cpu(cnt->rx_frames));
}
static int iboe_process_mad(struct ib_device *ibdev, int mad_flags, u8 port_num,
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Hurley <[email protected]>
commit 30a22c215a0007603ffc08021f2e8b64018517dd upstream.
commit 6ae9200f2cab7 ("enlarge console.name") increased the storage
for the console name to 16 bytes, but not the corresponding
struct console_cmdline::name storage. Console names longer than
8 bytes cause read beyond end-of-string and failure to match
console; I'm not sure if there are other unexpected consequences.
Signed-off-by: Peter Hurley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/printk.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -107,7 +107,7 @@ static struct console *exclusive_console
*/
struct console_cmdline
{
- char name[8]; /* Name of the driver */
+ char name[16]; /* Name of the driver */
int index; /* Minor dev. to use */
char *options; /* Options for the driver */
#ifdef CONFIG_A11Y_BRAILLE_CONSOLE
@@ -2290,6 +2290,8 @@ void register_console(struct console *ne
*/
for (i = 0; i < MAX_CMDLINECONSOLES && console_cmdline[i].name[0];
i++) {
+ BUILD_BUG_ON(sizeof(console_cmdline[i].name) !=
+ sizeof(newcon->name));
if (strcmp(console_cmdline[i].name, newcon->name) != 0)
continue;
if (newcon->index >= 0 &&
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kirill A. Shutemov" <[email protected]>
commit ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce upstream.
As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do
attacks.
This disallows anybody without CAP_SYS_ADMIN to read the pagemap.
[1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
[ Eventually we might want to do anything more finegrained, but for now
this is the simple model. - Linus ]
Signed-off-by: Kirill A. Shutemov <[email protected]>
Acked-by: Konstantin Khlebnikov <[email protected]>
Acked-by: Andy Lutomirski <[email protected]>
Cc: Pavel Emelyanov <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Mark Seaborn <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: mancha security <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/proc/task_mmu.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1110,9 +1110,19 @@ out:
return ret;
}
+static int pagemap_open(struct inode *inode, struct file *file)
+{
+ /* do not disclose physical addresses to unprivileged
+ userspace (closes a rowhammer attack vector) */
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
const struct file_operations proc_pagemap_operations = {
.llseek = mem_lseek, /* borrow this */
.read = pagemap_read,
+ .open = pagemap_open,
};
#endif /* CONFIG_PROC_PAGE_MONITOR */
On 04/17/2015 07:28 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.10.75 release.
> There are 34 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun Apr 19 13:25:20 UTC 2015.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.10.75-rc1.gz
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Complied and booted on my test system. No dmesg regressions.
-- Shuah
--
Shuah Khan
Sr. Linux Kernel Developer
Open Source Innovation Group
Samsung Research America (Silicon Valley)
[email protected] | (970) 217-8978
On Fri, Apr 17, 2015 at 03:28:32PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.10.75 release.
> There are 34 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun Apr 19 13:25:20 UTC 2015.
> Anything received after that time might be too late.
>
Build results:
total: 125 pass: 124 fail: 1
Failed builds:
arm64:allmodconfig
Qemu test results:
total: 27 pass: 27 fail: 0
arm64:allmodconfig was added to the list of builds only recently;
the build failure is not new. Results are as expected.
Guenter
On Fri, Apr 17, 2015 at 01:00:10PM -0700, Guenter Roeck wrote:
> On Fri, Apr 17, 2015 at 03:28:32PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 3.10.75 release.
> > There are 34 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sun Apr 19 13:25:20 UTC 2015.
> > Anything received after that time might be too late.
> >
> Build results:
> total: 125 pass: 124 fail: 1
> Failed builds:
> arm64:allmodconfig
>
> Qemu test results:
> total: 27 pass: 27 fail: 0
>
> arm64:allmodconfig was added to the list of builds only recently;
> the build failure is not new. Results are as expected.
Hm, any hint on how I can solve the build failure. It's in my nature to
not want any failures :)
thanks,
greg k-h
On 04/18/2015 02:02 AM, Greg Kroah-Hartman wrote:
> On Fri, Apr 17, 2015 at 01:00:10PM -0700, Guenter Roeck wrote:
>> On Fri, Apr 17, 2015 at 03:28:32PM +0200, Greg Kroah-Hartman wrote:
>>> This is the start of the stable review cycle for the 3.10.75 release.
>>> There are 34 patches in this series, all will be posted as a response
>>> to this one. If anyone has any issues with these being applied, please
>>> let me know.
>>>
>>> Responses should be made by Sun Apr 19 13:25:20 UTC 2015.
>>> Anything received after that time might be too late.
>>>
>> Build results:
>> total: 125 pass: 124 fail: 1
>> Failed builds:
>> arm64:allmodconfig
>>
>> Qemu test results:
>> total: 27 pass: 27 fail: 0
>>
>> arm64:allmodconfig was added to the list of builds only recently;
>> the build failure is not new. Results are as expected.
>
> Hm, any hint on how I can solve the build failure. It's in my nature to
> not want any failures :)
>
Hi Greg,
I can give it a shot for 3.14. 3.10 may be too difficult.
I'll let you know.
Guenter
On 04/18/2015 02:02 AM, Greg Kroah-Hartman wrote:
> On Fri, Apr 17, 2015 at 01:00:10PM -0700, Guenter Roeck wrote:
>> On Fri, Apr 17, 2015 at 03:28:32PM +0200, Greg Kroah-Hartman wrote:
>>> This is the start of the stable review cycle for the 3.10.75 release.
>>> There are 34 patches in this series, all will be posted as a response
>>> to this one. If anyone has any issues with these being applied, please
>>> let me know.
>>>
>>> Responses should be made by Sun Apr 19 13:25:20 UTC 2015.
>>> Anything received after that time might be too late.
>>>
>> Build results:
>> total: 125 pass: 124 fail: 1
>> Failed builds:
>> arm64:allmodconfig
>>
>> Qemu test results:
>> total: 27 pass: 27 fail: 0
>>
>> arm64:allmodconfig was added to the list of builds only recently;
>> the build failure is not new. Results are as expected.
>
> Hm, any hint on how I can solve the build failure. It's in my nature to
> not want any failures :)
>
Hi Greg,
turns out it wasn't that difficult.
I sent a number of patch requests to [email protected] to address
the build failures in both v3.10 and v3.14. You'll need to apply six patches
to v3.10, and three patches to v3.14. All but one of the patches for v3.14
apply cleanly; I sent you a backport for the one patch which doesn't.
Guenter
On Sat, Apr 18, 2015 at 12:10:47PM -0700, Guenter Roeck wrote:
> On 04/18/2015 02:02 AM, Greg Kroah-Hartman wrote:
> >On Fri, Apr 17, 2015 at 01:00:10PM -0700, Guenter Roeck wrote:
> >>On Fri, Apr 17, 2015 at 03:28:32PM +0200, Greg Kroah-Hartman wrote:
> >>>This is the start of the stable review cycle for the 3.10.75 release.
> >>>There are 34 patches in this series, all will be posted as a response
> >>>to this one. If anyone has any issues with these being applied, please
> >>>let me know.
> >>>
> >>>Responses should be made by Sun Apr 19 13:25:20 UTC 2015.
> >>>Anything received after that time might be too late.
> >>>
> >>Build results:
> >> total: 125 pass: 124 fail: 1
> >>Failed builds:
> >> arm64:allmodconfig
> >>
> >>Qemu test results:
> >> total: 27 pass: 27 fail: 0
> >>
> >>arm64:allmodconfig was added to the list of builds only recently;
> >>the build failure is not new. Results are as expected.
> >
> >Hm, any hint on how I can solve the build failure. It's in my nature to
> >not want any failures :)
> >
>
> Hi Greg,
>
> turns out it wasn't that difficult.
>
> I sent a number of patch requests to [email protected] to address
> the build failures in both v3.10 and v3.14. You'll need to apply six patches
> to v3.10, and three patches to v3.14. All but one of the patches for v3.14
> apply cleanly; I sent you a backport for the one patch which doesn't.
Thanks, I'll queue them up for the next round after this release on
Sunday/Monday.
greg k-h
On Fri, Apr 17, 2015 at 4:29 PM, Greg Kroah-Hartman
<[email protected]> wrote:
> 3.10-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Alex Elder <[email protected]>
>
> commit 89a0714106aac7309c7dfa0f004b39e1e89d2942 upstream.
>
> Create constants that define the maximum and minimum values
> representable by the kernel types u8, s8, u16, s16, and so on.
Now compilation prints a lot of wanings about redefined macro inside
reiserfs and ceph.
Please pick also:
2f874deba7476a1e579af9028baa2f9dfdefedd1
("conditionally define U32_MAX")
04f9b74e4d96d349de12fdd4e6626af4a9f75e09
("remove extra definitions of U32_MAX")
without first second patch doesn't applies clearly
>
> Signed-off-by: Alex Elder <[email protected]>
> Cc: Sage Weil <[email protected]>
> Cc: David Miller <[email protected]>
> Signed-off-by: Andrew Morton <[email protected]>
> Signed-off-by: Linus Torvalds <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>
> ---
> include/linux/kernel.h | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -29,6 +29,19 @@
> #define ULLONG_MAX (~0ULL)
> #define SIZE_MAX (~(size_t)0)
>
> +#define U8_MAX ((u8)~0U)
> +#define S8_MAX ((s8)(U8_MAX>>1))
> +#define S8_MIN ((s8)(-S8_MAX - 1))
> +#define U16_MAX ((u16)~0U)
> +#define S16_MAX ((s16)(U16_MAX>>1))
> +#define S16_MIN ((s16)(-S16_MAX - 1))
> +#define U32_MAX ((u32)~0U)
> +#define S32_MAX ((s32)(U32_MAX>>1))
> +#define S32_MIN ((s32)(-S32_MAX - 1))
> +#define U64_MAX ((u64)~0ULL)
> +#define S64_MAX ((s64)(U64_MAX>>1))
> +#define S64_MIN ((s64)(-S64_MAX - 1))
> +
> #define STACK_MAGIC 0xdeadbeef
>
> #define REPEAT_BYTE(x) ((~0ul / 0xff) * (x))
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
On Mon, Apr 20, 2015 at 12:43:30PM +0300, Konstantin Khlebnikov wrote:
> On Fri, Apr 17, 2015 at 4:29 PM, Greg Kroah-Hartman
> <[email protected]> wrote:
> > 3.10-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Alex Elder <[email protected]>
> >
> > commit 89a0714106aac7309c7dfa0f004b39e1e89d2942 upstream.
> >
> > Create constants that define the maximum and minimum values
> > representable by the kernel types u8, s8, u16, s16, and so on.
>
> Now compilation prints a lot of wanings about redefined macro inside
> reiserfs and ceph.
>
> Please pick also:
>
> 2f874deba7476a1e579af9028baa2f9dfdefedd1
> ("conditionally define U32_MAX")
There is no such git id as 2f874deba7476a1e579af9028baa2f9dfdefedd1
> 04f9b74e4d96d349de12fdd4e6626af4a9f75e09
> ("remove extra definitions of U32_MAX")
>
> without first second patch doesn't applies clearly
Given I have no idea what your first patch is, it's a bit hard to apply
it :(
On 04/20/2015 09:35 AM, Greg Kroah-Hartman wrote:
> On Mon, Apr 20, 2015 at 12:43:30PM +0300, Konstantin Khlebnikov wrote:
>> On Fri, Apr 17, 2015 at 4:29 PM, Greg Kroah-Hartman
>> <[email protected]> wrote:
>>> 3.10-stable review patch. If anyone has any objections, please let me know.
>>>
>>> ------------------
>>>
>>> From: Alex Elder <[email protected]>
>>>
>>> commit 89a0714106aac7309c7dfa0f004b39e1e89d2942 upstream.
>>>
>>> Create constants that define the maximum and minimum values
>>> representable by the kernel types u8, s8, u16, s16, and so on.
>>
>> Now compilation prints a lot of wanings about redefined macro inside
>> reiserfs and ceph.
>>
>> Please pick also:
>>
>> 2f874deba7476a1e579af9028baa2f9dfdefedd1
>> ("conditionally define U32_MAX")
You want these, in this order:
7771953 conditionally define U32_MAX
89a0714 kernel.h: define u8, s8, u32, etc. limits
04f9b74 remove extra definitions of U32_MAX
-Alex
>
> There is no such git id as 2f874deba7476a1e579af9028baa2f9dfdefedd1
>
>> 04f9b74e4d96d349de12fdd4e6626af4a9f75e09
>> ("remove extra definitions of U32_MAX")
>>
>> without first second patch doesn't applies clearly
>
> Given I have no idea what your first patch is, it's a bit hard to apply
> it :(
>
On Mon, Apr 20, 2015 at 10:01:12AM -0500, Alex Elder wrote:
> On 04/20/2015 09:35 AM, Greg Kroah-Hartman wrote:
> >On Mon, Apr 20, 2015 at 12:43:30PM +0300, Konstantin Khlebnikov wrote:
> >>On Fri, Apr 17, 2015 at 4:29 PM, Greg Kroah-Hartman
> >><[email protected]> wrote:
> >>>3.10-stable review patch. If anyone has any objections, please let me know.
> >>>
> >>>------------------
> >>>
> >>>From: Alex Elder <[email protected]>
> >>>
> >>>commit 89a0714106aac7309c7dfa0f004b39e1e89d2942 upstream.
> >>>
> >>>Create constants that define the maximum and minimum values
> >>>representable by the kernel types u8, s8, u16, s16, and so on.
> >>
> >>Now compilation prints a lot of wanings about redefined macro inside
> >>reiserfs and ceph.
> >>
> >>Please pick also:
> >>
> >>2f874deba7476a1e579af9028baa2f9dfdefedd1
> >>("conditionally define U32_MAX")
>
> You want these, in this order:
>
> 7771953 conditionally define U32_MAX
> 89a0714 kernel.h: define u8, s8, u32, etc. limits
> 04f9b74 remove extra definitions of U32_MAX
Thanks, that works, I'll go queue the missing 2 patches up.
greg k-h