2014-02-18 22:51:33

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 00/40] 3.13.4-stable review

This is the start of the stable review cycle for the 3.13.4 release.
There are 40 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.

Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.13.4-rc1.gz
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <[email protected]>
Linux 3.13.4-rc1

Philipp Zabel <[email protected]>
ARM: imx6: Initialize low-power mode early again

Dirk Brandewie <[email protected]>
intel_pstate: Take core C0 time into account for core busy calculation

Darrick J. Wong <[email protected]>
bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED

Stanislaw Gruszka <[email protected]>
pinctrl: protect pinctrl_list add

Tony Prisk <[email protected]>
pinctrl: vt8500: Change devicetree data parsing

Chris Ruehl <[email protected]>
pinctrl: imx27: fix offset calculation in imx_read_2bit

Chris Ruehl <[email protected]>
pinctrl: imx27: fix wrong offset to ICONFB

Nicolas Ferre <[email protected]>
pinctrl: at91: use locked variant of irq_set_handler

Nitin A Kamble <[email protected]>
genirq: Generic irq chip requires IRQ_DOMAIN

Peter Oberparleiter <[email protected]>
x86, hweight: Fix BUG when booting with CONFIG_GCOV_PROFILE_ALL=y

Andi Shyti <[email protected]>
cx24117: use a valid dev pointer for dev_err printout

Hans Verkuil <[email protected]>
Revert "[media] videobuf_vm_{open,close} race fixes"

Dave Jones <[email protected]>
mxl111sf: Fix compile when CONFIG_DVB_USB_MXL111SF is unset

Dave Jones <[email protected]>
mxl111sf: Fix unintentional garbage stack read

Antti Palosaari <[email protected]>
af9035: add ID [2040:f900] Hauppauge WinTV-MiniStick 2

Mel Gorman <[email protected]>
x86: mm: change tlb_flushall_shift for IvyBridge

KOSAKI Motohiro <[email protected]>
mm: __set_page_dirty uses spin_lock_irqsave instead of spin_lock_irq

KOSAKI Motohiro <[email protected]>
mm: __set_page_dirty_nobuffers() uses spin_lock_irqsave() instead of spin_lock_irq()

Weijie Yang <[email protected]>
mm/swap: fix race on swap_info reuse between swapoff and swapon

Takashi Iwai <[email protected]>
ALSA: hda - Improve loopback path lookups for AD1983

Takashi Iwai <[email protected]>
ALSA: hda - Add missing mixer widget for AD1983

Takashi Iwai <[email protected]>
ALSA: hda - Fix silent output on Toshiba Satellite L40

Takashi Iwai <[email protected]>
ALSA: hda - Fix missing VREF setup for Mac Pro 1,1

Takashi Iwai <[email protected]>
ALSA: usb-audio: Add missing kconfig dependecy

Vinayak Kale <[email protected]>
arm64: add DSB after icache flush in __flush_icache_all()

Nathan Lynch <[email protected]>
arm64: vdso: fix coarse clock handling

Catalin Marinas <[email protected]>
arm64: Invalidate the TLB when replacing pmd entries during boot

Will Deacon <[email protected]>
arm64: vdso: prevent ld from aligning PT_LOAD segments to 64k

Will Deacon <[email protected]>
arm64: atomics: fix use of acquire + release for full barrier semantics

Nathan Lynch <[email protected]>
arm64: vdso: update wtm fields for CLOCK_MONOTONIC_COARSE

Lior Amsalem <[email protected]>
irqchip: armada-370-xp: fix MSI race condition

Lior Amsalem <[email protected]>
irqchip: armada-370-xp: fix IPI race condition

Mark Brown <[email protected]>
regulator: core: Correct default return value for full constraints

Trond Myklebust <[email protected]>
NFSv4: Fix memory corruption in nfs4_proc_open_confirm

Trond Myklebust <[email protected]>
NFSv4.1: nfs4_destroy_session must call rpc_destroy_waitqueue

Harald Freudenberger <[email protected]>
crypto: s390 - fix des and des3_ede ctr concurrency issue

Harald Freudenberger <[email protected]>
crypto: s390 - fix des and des3_ede cbc concurrency issue

Harald Freudenberger <[email protected]>
crypto: s390 - fix concurrency issue in aes-ctr mode

Josef Bacik <[email protected]>
Btrfs: disable snapshot aware defrag for now

Stephen Smalley <[email protected]>
SELinux: Fix kernel BUG on empty security contexts.


-------------

Diffstat:

Makefile | 4 +-
arch/arm/mach-imx/clk-imx6q.c | 3 +
arch/arm/mach-imx/clk-imx6sl.c | 3 +
arch/arm/mach-imx/pm-imx6q.c | 2 -
arch/arm64/include/asm/atomic.h | 29 +++++---
arch/arm64/include/asm/cacheflush.h | 1 +
arch/arm64/include/asm/cmpxchg.h | 9 +--
arch/arm64/include/asm/futex.h | 6 +-
arch/arm64/kernel/kuser32.S | 6 +-
arch/arm64/kernel/vdso.c | 4 +-
arch/arm64/kernel/vdso/Makefile | 2 +-
arch/arm64/kernel/vdso/gettimeofday.S | 7 +-
arch/arm64/lib/bitops.S | 3 +-
arch/arm64/mm/mmu.c | 12 +++-
arch/s390/crypto/aes_s390.c | 65 ++++++++++++------
arch/s390/crypto/des_s390.c | 95 +++++++++++++++++----------
arch/x86/kernel/cpu/intel.c | 2 +-
drivers/cpufreq/intel_pstate.c | 16 +++--
drivers/irqchip/irq-armada-370-xp.c | 4 +-
drivers/md/bcache/bcache.h | 4 +-
drivers/md/bcache/btree.c | 2 +-
drivers/media/dvb-frontends/cx24117.c | 2 +-
drivers/media/usb/dvb-usb-v2/af9035.c | 2 +
drivers/media/usb/dvb-usb-v2/mxl111sf-tuner.h | 2 +-
drivers/media/usb/dvb-usb-v2/mxl111sf.c | 2 +-
drivers/media/v4l2-core/videobuf-dma-contig.c | 12 ++--
drivers/media/v4l2-core/videobuf-dma-sg.c | 10 ++-
drivers/media/v4l2-core/videobuf-vmalloc.c | 10 ++-
drivers/pinctrl/core.c | 2 +
drivers/pinctrl/pinctrl-at91.c | 10 +--
drivers/pinctrl/pinctrl-imx1-core.c | 10 +--
drivers/pinctrl/vt8500/pinctrl-wmt.c | 15 ++++-
drivers/regulator/core.c | 9 ++-
fs/btrfs/inode.c | 2 +-
fs/buffer.c | 6 +-
fs/nfs/nfs4client.c | 2 +-
fs/nfs/nfs4proc.c | 8 +--
fs/nfs/nfs4session.c | 25 +++++--
fs/nfs/nfs4session.h | 2 +-
include/linux/nfs_xdr.h | 2 +
kernel/irq/Kconfig | 1 +
lib/Makefile | 1 +
mm/page-writeback.c | 5 +-
mm/swapfile.c | 11 +++-
security/selinux/ss/services.c | 4 ++
sound/pci/hda/patch_analog.c | 27 ++++++++
sound/pci/hda/patch_realtek.c | 9 ++-
sound/usb/Kconfig | 1 +
48 files changed, 330 insertions(+), 141 deletions(-)


2014-02-18 22:47:13

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 12/40] arm64: atomics: fix use of acquire + release for full barrier semantics

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Will Deacon <[email protected]>

commit 8e86f0b409a44193f1587e87b69c5dcf8f65be67 upstream.

Linux requires a number of atomic operations to provide full barrier
semantics, that is no memory accesses after the operation can be
observed before any accesses up to and including the operation in
program order.

On arm64, these operations have been incorrectly implemented as follows:

// A, B, C are independent memory locations

<Access [A]>

// atomic_op (B)
1: ldaxr x0, [B] // Exclusive load with acquire
<op(B)>
stlxr w1, x0, [B] // Exclusive store with release
cbnz w1, 1b

<Access [C]>

The assumption here being that two half barriers are equivalent to a
full barrier, so the only permitted ordering would be A -> B -> C
(where B is the atomic operation involving both a load and a store).

Unfortunately, this is not the case by the letter of the architecture
and, in fact, the accesses to A and C are permitted to pass their
nearest half barrier resulting in orderings such as Bl -> A -> C -> Bs
or Bl -> C -> A -> Bs (where Bl is the load-acquire on B and Bs is the
store-release on B). This is a clear violation of the full barrier
requirement.

The simple way to fix this is to implement the same algorithm as ARMv7
using explicit barriers:

<Access [A]>

// atomic_op (B)
dmb ish // Full barrier
1: ldxr x0, [B] // Exclusive load
<op(B)>
stxr w1, x0, [B] // Exclusive store
cbnz w1, 1b
dmb ish // Full barrier

<Access [C]>

but this has the undesirable effect of introducing *two* full barrier
instructions. A better approach is actually the following, non-intuitive
sequence:

<Access [A]>

// atomic_op (B)
1: ldxr x0, [B] // Exclusive load
<op(B)>
stlxr w1, x0, [B] // Exclusive store with release
cbnz w1, 1b
dmb ish // Full barrier

<Access [C]>

The simple observations here are:

- The dmb ensures that no subsequent accesses (e.g. the access to C)
can enter or pass the atomic sequence.

- The dmb also ensures that no prior accesses (e.g. the access to A)
can pass the atomic sequence.

- Therefore, no prior access can pass a subsequent access, or
vice-versa (i.e. A is strictly ordered before C).

- The stlxr ensures that no prior access can pass the store component
of the atomic operation.

The only tricky part remaining is the ordering between the ldxr and the
access to A, since the absence of the first dmb means that we're now
permitting re-ordering between the ldxr and any prior accesses.

>From an (arbitrary) observer's point of view, there are two scenarios:

1. We have observed the ldxr. This means that if we perform a store to
[B], the ldxr will still return older data. If we can observe the
ldxr, then we can potentially observe the permitted re-ordering
with the access to A, which is clearly an issue when compared to
the dmb variant of the code. Thankfully, the exclusive monitor will
save us here since it will be cleared as a result of the store and
the ldxr will retry. Notice that any use of a later memory
observation to imply observation of the ldxr will also imply
observation of the access to A, since the stlxr/dmb ensure strict
ordering.

2. We have not observed the ldxr. This means we can perform a store
and influence the later ldxr. However, that doesn't actually tell
us anything about the access to [A], so we've not lost anything
here either when compared to the dmb variant.

This patch implements this solution for our barriered atomic operations,
ensuring that we satisfy the full barrier requirements where they are
needed.

Cc: Peter Zijlstra <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Catalin Marinas <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arm64/include/asm/atomic.h | 29 ++++++++++++++++++++---------
arch/arm64/include/asm/cmpxchg.h | 9 +++++----
arch/arm64/include/asm/futex.h | 6 ++++--
arch/arm64/kernel/kuser32.S | 6 ++++--
arch/arm64/lib/bitops.S | 3 ++-
5 files changed, 35 insertions(+), 18 deletions(-)

--- a/arch/arm64/include/asm/atomic.h
+++ b/arch/arm64/include/asm/atomic.h
@@ -64,7 +64,7 @@ static inline int atomic_add_return(int
int result;

asm volatile("// atomic_add_return\n"
-"1: ldaxr %w0, %2\n"
+"1: ldxr %w0, %2\n"
" add %w0, %w0, %w3\n"
" stlxr %w1, %w0, %2\n"
" cbnz %w1, 1b"
@@ -72,6 +72,7 @@ static inline int atomic_add_return(int
: "Ir" (i)
: "cc", "memory");

+ smp_mb();
return result;
}

@@ -96,7 +97,7 @@ static inline int atomic_sub_return(int
int result;

asm volatile("// atomic_sub_return\n"
-"1: ldaxr %w0, %2\n"
+"1: ldxr %w0, %2\n"
" sub %w0, %w0, %w3\n"
" stlxr %w1, %w0, %2\n"
" cbnz %w1, 1b"
@@ -104,6 +105,7 @@ static inline int atomic_sub_return(int
: "Ir" (i)
: "cc", "memory");

+ smp_mb();
return result;
}

@@ -112,17 +114,20 @@ static inline int atomic_cmpxchg(atomic_
unsigned long tmp;
int oldval;

+ smp_mb();
+
asm volatile("// atomic_cmpxchg\n"
-"1: ldaxr %w1, %2\n"
+"1: ldxr %w1, %2\n"
" cmp %w1, %w3\n"
" b.ne 2f\n"
-" stlxr %w0, %w4, %2\n"
+" stxr %w0, %w4, %2\n"
" cbnz %w0, 1b\n"
"2:"
: "=&r" (tmp), "=&r" (oldval), "+Q" (ptr->counter)
: "Ir" (old), "r" (new)
: "cc", "memory");

+ smp_mb();
return oldval;
}

@@ -183,7 +188,7 @@ static inline long atomic64_add_return(l
unsigned long tmp;

asm volatile("// atomic64_add_return\n"
-"1: ldaxr %0, %2\n"
+"1: ldxr %0, %2\n"
" add %0, %0, %3\n"
" stlxr %w1, %0, %2\n"
" cbnz %w1, 1b"
@@ -191,6 +196,7 @@ static inline long atomic64_add_return(l
: "Ir" (i)
: "cc", "memory");

+ smp_mb();
return result;
}

@@ -215,7 +221,7 @@ static inline long atomic64_sub_return(l
unsigned long tmp;

asm volatile("// atomic64_sub_return\n"
-"1: ldaxr %0, %2\n"
+"1: ldxr %0, %2\n"
" sub %0, %0, %3\n"
" stlxr %w1, %0, %2\n"
" cbnz %w1, 1b"
@@ -223,6 +229,7 @@ static inline long atomic64_sub_return(l
: "Ir" (i)
: "cc", "memory");

+ smp_mb();
return result;
}

@@ -231,17 +238,20 @@ static inline long atomic64_cmpxchg(atom
long oldval;
unsigned long res;

+ smp_mb();
+
asm volatile("// atomic64_cmpxchg\n"
-"1: ldaxr %1, %2\n"
+"1: ldxr %1, %2\n"
" cmp %1, %3\n"
" b.ne 2f\n"
-" stlxr %w0, %4, %2\n"
+" stxr %w0, %4, %2\n"
" cbnz %w0, 1b\n"
"2:"
: "=&r" (res), "=&r" (oldval), "+Q" (ptr->counter)
: "Ir" (old), "r" (new)
: "cc", "memory");

+ smp_mb();
return oldval;
}

@@ -253,11 +263,12 @@ static inline long atomic64_dec_if_posit
unsigned long tmp;

asm volatile("// atomic64_dec_if_positive\n"
-"1: ldaxr %0, %2\n"
+"1: ldxr %0, %2\n"
" subs %0, %0, #1\n"
" b.mi 2f\n"
" stlxr %w1, %0, %2\n"
" cbnz %w1, 1b\n"
+" dmb ish\n"
"2:"
: "=&r" (result), "=&r" (tmp), "+Q" (v->counter)
:
--- a/arch/arm64/include/asm/cmpxchg.h
+++ b/arch/arm64/include/asm/cmpxchg.h
@@ -29,7 +29,7 @@ static inline unsigned long __xchg(unsig
switch (size) {
case 1:
asm volatile("// __xchg1\n"
- "1: ldaxrb %w0, %2\n"
+ "1: ldxrb %w0, %2\n"
" stlxrb %w1, %w3, %2\n"
" cbnz %w1, 1b\n"
: "=&r" (ret), "=&r" (tmp), "+Q" (*(u8 *)ptr)
@@ -38,7 +38,7 @@ static inline unsigned long __xchg(unsig
break;
case 2:
asm volatile("// __xchg2\n"
- "1: ldaxrh %w0, %2\n"
+ "1: ldxrh %w0, %2\n"
" stlxrh %w1, %w3, %2\n"
" cbnz %w1, 1b\n"
: "=&r" (ret), "=&r" (tmp), "+Q" (*(u16 *)ptr)
@@ -47,7 +47,7 @@ static inline unsigned long __xchg(unsig
break;
case 4:
asm volatile("// __xchg4\n"
- "1: ldaxr %w0, %2\n"
+ "1: ldxr %w0, %2\n"
" stlxr %w1, %w3, %2\n"
" cbnz %w1, 1b\n"
: "=&r" (ret), "=&r" (tmp), "+Q" (*(u32 *)ptr)
@@ -56,7 +56,7 @@ static inline unsigned long __xchg(unsig
break;
case 8:
asm volatile("// __xchg8\n"
- "1: ldaxr %0, %2\n"
+ "1: ldxr %0, %2\n"
" stlxr %w1, %3, %2\n"
" cbnz %w1, 1b\n"
: "=&r" (ret), "=&r" (tmp), "+Q" (*(u64 *)ptr)
@@ -67,6 +67,7 @@ static inline unsigned long __xchg(unsig
BUILD_BUG();
}

+ smp_mb();
return ret;
}

--- a/arch/arm64/include/asm/futex.h
+++ b/arch/arm64/include/asm/futex.h
@@ -24,10 +24,11 @@

#define __futex_atomic_op(insn, ret, oldval, uaddr, tmp, oparg) \
asm volatile( \
-"1: ldaxr %w1, %2\n" \
+"1: ldxr %w1, %2\n" \
insn "\n" \
"2: stlxr %w3, %w0, %2\n" \
" cbnz %w3, 1b\n" \
+" dmb ish\n" \
"3:\n" \
" .pushsection .fixup,\"ax\"\n" \
"4: mov %w0, %w5\n" \
@@ -110,11 +111,12 @@ futex_atomic_cmpxchg_inatomic(u32 *uval,
return -EFAULT;

asm volatile("// futex_atomic_cmpxchg_inatomic\n"
-"1: ldaxr %w1, %2\n"
+"1: ldxr %w1, %2\n"
" sub %w3, %w1, %w4\n"
" cbnz %w3, 3f\n"
"2: stlxr %w3, %w5, %2\n"
" cbnz %w3, 1b\n"
+" dmb ish\n"
"3:\n"
" .pushsection .fixup,\"ax\"\n"
"4: mov %w0, %w6\n"
--- a/arch/arm64/kernel/kuser32.S
+++ b/arch/arm64/kernel/kuser32.S
@@ -38,12 +38,13 @@ __kuser_cmpxchg64: // 0xffff0f60
.inst 0xe92d00f0 // push {r4, r5, r6, r7}
.inst 0xe1c040d0 // ldrd r4, r5, [r0]
.inst 0xe1c160d0 // ldrd r6, r7, [r1]
- .inst 0xe1b20e9f // 1: ldaexd r0, r1, [r2]
+ .inst 0xe1b20f9f // 1: ldrexd r0, r1, [r2]
.inst 0xe0303004 // eors r3, r0, r4
.inst 0x00313005 // eoreqs r3, r1, r5
.inst 0x01a23e96 // stlexdeq r3, r6, [r2]
.inst 0x03330001 // teqeq r3, #1
.inst 0x0afffff9 // beq 1b
+ .inst 0xf57ff05b // dmb ish
.inst 0xe2730000 // rsbs r0, r3, #0
.inst 0xe8bd00f0 // pop {r4, r5, r6, r7}
.inst 0xe12fff1e // bx lr
@@ -55,11 +56,12 @@ __kuser_memory_barrier: // 0xffff0fa0

.align 5
__kuser_cmpxchg: // 0xffff0fc0
- .inst 0xe1923e9f // 1: ldaex r3, [r2]
+ .inst 0xe1923f9f // 1: ldrex r3, [r2]
.inst 0xe0533000 // subs r3, r3, r0
.inst 0x01823e91 // stlexeq r3, r1, [r2]
.inst 0x03330001 // teqeq r3, #1
.inst 0x0afffffa // beq 1b
+ .inst 0xf57ff05b // dmb ish
.inst 0xe2730000 // rsbs r0, r3, #0
.inst 0xe12fff1e // bx lr

--- a/arch/arm64/lib/bitops.S
+++ b/arch/arm64/lib/bitops.S
@@ -46,11 +46,12 @@ ENTRY( \name )
mov x2, #1
add x1, x1, x0, lsr #3 // Get word offset
lsl x4, x2, x3 // Create mask
-1: ldaxr x2, [x1]
+1: ldxr x2, [x1]
lsr x0, x2, x3 // Save old value of bit
\instr x2, x2, x4 // toggle bit
stlxr w5, x2, [x1]
cbnz w5, 1b
+ dmb ish
and x0, x0, #1
3: ret
ENDPROC(\name )

2014-02-18 22:47:24

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 22/40] mm/swap: fix race on swap_info reuse between swapoff and swapon

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Weijie Yang <[email protected]>

commit f893ab41e4dae2fe8991faf5d86d029068d1ef3a upstream.

swapoff clear swap_info's SWP_USED flag prematurely and free its
resources after that. A concurrent swapon will reuse this swap_info
while its previous resources are not cleared completely.

These late freed resources are:
- p->percpu_cluster
- swap_cgroup_ctrl[type]
- block_device setting
- inode->i_flags &= ~S_SWAPFILE

This patch clears the SWP_USED flag after all its resources are freed,
so that swapon can reuse this swap_info by alloc_swap_info() safely.

[[email protected]: tidy up code comment]
Signed-off-by: Weijie Yang <[email protected]>
Acked-by: Hugh Dickins <[email protected]>
Cc: Krzysztof Kozlowski <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
mm/swapfile.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)

--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -1922,7 +1922,6 @@ SYSCALL_DEFINE1(swapoff, const char __us
p->swap_map = NULL;
cluster_info = p->cluster_info;
p->cluster_info = NULL;
- p->flags = 0;
frontswap_map = frontswap_map_get(p);
spin_unlock(&p->lock);
spin_unlock(&swap_lock);
@@ -1948,6 +1947,16 @@ SYSCALL_DEFINE1(swapoff, const char __us
mutex_unlock(&inode->i_mutex);
}
filp_close(swap_file, NULL);
+
+ /*
+ * Clear the SWP_USED flag after all resources are freed so that swapon
+ * can reuse this swap_info in alloc_swap_info() safely. It is ok to
+ * not hold p->lock after we cleared its SWP_WRITEOK.
+ */
+ spin_lock(&swap_lock);
+ p->flags = 0;
+ spin_unlock(&swap_lock);
+
err = 0;
atomic_inc(&proc_poll_event);
wake_up_interruptible(&proc_poll_wait);

2014-02-18 22:47:48

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 40/40] ARM: imx6: Initialize low-power mode early again

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Philipp Zabel <[email protected]>

commit e7c57ecd6019cc6392223605aed18cce257c3eff upstream.

Since commit 9e8147bb5ec5d1dda2141da70f96b98985a306cb
"ARM: imx6q: move low-power code out of clock driver"
the kernel fails to boot on i.MX6Q/D if preemption is
enabled (CONFIG_PREEMPT=y). The kernel just hangs
before the console comes up.

The above commit moved the initalization of the low-power
mode setting (enabling clocked WAIT states), which was
introduced in commit 83ae20981ae924c37d02a42c829155fc3851260c
"ARM: imx: correct low-power mode setting", from
imx6q_clks_init to imx6q_pm_init. Now it is called
much later, after all cores are enabled.

This patch moves the low-power mode initialization back
to imx6q_clks_init again (and to imx6sl_clks_init).

Signed-off-by: Philipp Zabel <[email protected]>
Signed-off-by: Shawn Guo <[email protected]>
Signed-off-by: Kevin Hilman <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arm/mach-imx/clk-imx6q.c | 3 +++
arch/arm/mach-imx/clk-imx6sl.c | 3 +++
arch/arm/mach-imx/pm-imx6q.c | 2 --
3 files changed, 6 insertions(+), 2 deletions(-)

--- a/arch/arm/mach-imx/clk-imx6q.c
+++ b/arch/arm/mach-imx/clk-imx6q.c
@@ -479,6 +479,9 @@ static void __init imx6q_clocks_init(str
if (IS_ENABLED(CONFIG_PCI_IMX6))
clk_set_parent(clk[lvds1_sel], clk[sata_ref]);

+ /* Set initial power mode */
+ imx6q_set_lpm(WAIT_CLOCKED);
+
np = of_find_compatible_node(NULL, NULL, "fsl,imx6q-gpt");
base = of_iomap(np, 0);
WARN_ON(!base);
--- a/arch/arm/mach-imx/clk-imx6sl.c
+++ b/arch/arm/mach-imx/clk-imx6sl.c
@@ -261,6 +261,9 @@ static void __init imx6sl_clocks_init(st
clk_prepare_enable(clks[IMX6SL_CLK_USBPHY2_GATE]);
}

+ /* Set initial power mode */
+ imx6q_set_lpm(WAIT_CLOCKED);
+
np = of_find_compatible_node(NULL, NULL, "fsl,imx6sl-gpt");
base = of_iomap(np, 0);
WARN_ON(!base);
--- a/arch/arm/mach-imx/pm-imx6q.c
+++ b/arch/arm/mach-imx/pm-imx6q.c
@@ -228,8 +228,6 @@ void __init imx6q_pm_init(void)
regmap_update_bits(gpr, IOMUXC_GPR1, IMX6Q_GPR1_GINT,
IMX6Q_GPR1_GINT);

- /* Set initial power mode */
- imx6q_set_lpm(WAIT_CLOCKED);

suspend_set_ops(&imx6q_pm_ops);
}

2014-02-18 22:47:46

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 32/40] genirq: Generic irq chip requires IRQ_DOMAIN

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Nitin A Kamble <[email protected]>

commit 923fa4ea382f592dee2ba3b205befb90cbddf3af upstream.

The generic_chip.c uses interfaces from irq_domain.c which is
controlled by the IRQ_DOMAIN config option, but there is no Kconfig
dependency so the build can fail:

linux/kernel/irq/generic-chip.c:400:11: error:
'irq_domain_xlate_onetwocell' undeclared here (not in a function)

Select IRQ_DOMAIN when GENERIC_IRQ_CHIP is selected.

Signed-off-by: Nitin A Kamble <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Thomas Gleixner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
kernel/irq/Kconfig | 1 +
1 file changed, 1 insertion(+)

--- a/kernel/irq/Kconfig
+++ b/kernel/irq/Kconfig
@@ -40,6 +40,7 @@ config IRQ_EDGE_EOI_HANDLER
# Generic configurable interrupt chip implementation
config GENERIC_IRQ_CHIP
bool
+ select IRQ_DOMAIN

# Generic irq_domain hw <--> linux irq number translation
config IRQ_DOMAIN

2014-02-18 22:47:41

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 37/40] pinctrl: protect pinctrl_list add

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Stanislaw Gruszka <[email protected]>

commit 7b320cb1ed2dbd2c5f2a778197baf76fd6bf545a upstream.

We have few fedora bug reports about list corruption on pinctrl,
for example:
https://bugzilla.redhat.com/show_bug.cgi?id=1051918

Most likely corruption happen due lack of protection of pinctrl_list
when adding new nodes to it. Patch corrects that.

Fixes: 42fed7ba44e ("pinctrl: move subsystem mutex to pinctrl_dev struct")
Signed-off-by: Stanislaw Gruszka <sgrus[email protected]>
Acked-by: Stephen Warren <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/pinctrl/core.c | 2 ++
1 file changed, 2 insertions(+)

--- a/drivers/pinctrl/core.c
+++ b/drivers/pinctrl/core.c
@@ -851,7 +851,9 @@ static struct pinctrl *create_pinctrl(st
kref_init(&p->users);

/* Add the pinctrl handle to the global list */
+ mutex_lock(&pinctrl_list_mutex);
list_add_tail(&p->node, &pinctrl_list);
+ mutex_unlock(&pinctrl_list_mutex);

return p;
}

2014-02-18 22:48:31

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 39/40] intel_pstate: Take core C0 time into account for core busy calculation

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Dirk Brandewie <[email protected]>

commit fcb6a15c2e7e76d493e6f91ea889ab40e1c643a4 upstream.

Take non-idle time into account when calculating core busy time.
This ensures that intel_pstate will notice a decrease in load.

References: https://bugzilla.kernel.org/show_bug.cgi?id=66581
Cc: 3.10+ <[email protected]> # 3.10+
Signed-off-by: Dirk Brandewie <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/cpufreq/intel_pstate.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)

--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -54,6 +54,7 @@ struct sample {
int32_t core_pct_busy;
u64 aperf;
u64 mperf;
+ unsigned long long tsc;
int freq;
};

@@ -88,6 +89,7 @@ struct cpudata {

u64 prev_aperf;
u64 prev_mperf;
+ unsigned long long prev_tsc;
int sample_ptr;
struct sample samples[SAMPLE_COUNT];
};
@@ -499,11 +501,17 @@ static inline void intel_pstate_calc_bus
struct sample *sample)
{
u64 core_pct;
- core_pct = div64_u64(int_tofp(sample->aperf * 100),
- sample->mperf);
- sample->freq = fp_toint(cpu->pstate.max_pstate * core_pct * 1000);
+ u64 c0_pct;

- sample->core_pct_busy = core_pct;
+ core_pct = div64_u64(sample->aperf * 100, sample->mperf);
+
+ c0_pct = div64_u64(sample->mperf * 100, sample->tsc);
+ sample->freq = fp_toint(
+ mul_fp(int_tofp(cpu->pstate.max_pstate),
+ int_tofp(core_pct * 1000)));
+
+ sample->core_pct_busy = mul_fp(int_tofp(core_pct),
+ div_fp(int_tofp(c0_pct + 1), int_tofp(100)));
}

static inline void intel_pstate_sample(struct cpudata *cpu)

2014-02-18 22:47:38

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 09/40] irqchip: armada-370-xp: fix IPI race condition

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Lior Amsalem <[email protected]>

commit a6f089e95b1e08cdea9633d50ad20aa5d44ba64d upstream.

In the Armada 370/XP driver, when we receive an IRQ 0, we read the
list of doorbells that caused the interrupt from register
ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS. This gives the list of IPIs that
were generated. However, instead of acknowledging only the IPIs that
were generated, we acknowledge *all* the IPIs, by writing
~IPI_DOORBELL_MASK in the ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS register.

This creates a race condition: if a new IPI that isn't part of the
ones read into the temporary "ipimask" variable is fired before we
acknowledge all IPIs, then we will simply loose it. This is causing
scheduling hangs on SMP intensive workloads.

It is important to mention that this ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS
register has the following behavior: "A CPU write of 0 clears the bits
in this field. A CPU write of 1 has no effect". This is what allows us
to simply write ~ipimask to acknoledge the handled IPIs.

Notice that the same problem is present in the MSI implementation, but
it will be fixed as a separate patch, so that this IPI fix can be
pushed to older stable versions as appropriate (all the way to 3.8),
while the MSI code only appeared in 3.13.

Signed-off-by: Lior Amsalem <[email protected]>
Signed-off-by: Thomas Petazzoni <[email protected]>
Fixes: 344e873e5657e8dc0 'arm: mvebu: Add IPI support via doorbells'
Cc: Thomas Gleixner <[email protected]>
Signed-off-by: Jason Cooper <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/irqchip/irq-armada-370-xp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/irqchip/irq-armada-370-xp.c
+++ b/drivers/irqchip/irq-armada-370-xp.c
@@ -407,7 +407,7 @@ armada_370_xp_handle_irq(struct pt_regs
ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS)
& IPI_DOORBELL_MASK;

- writel(~IPI_DOORBELL_MASK, per_cpu_int_base +
+ writel(~ipimask, per_cpu_int_base +
ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS);

/* Handle all pending doorbells */

2014-02-18 22:49:06

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 36/40] pinctrl: vt8500: Change devicetree data parsing

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Tony Prisk <[email protected]>

commit f17248ed868767567298e1cdf06faf8159a81f7c upstream.

Due to an assumption in the VT8500 pinctrl driver, the value passed
from devicetree for 'wm,pull' was not explicitly translated before
being passed to pinconf.

Since v3.10, changes to 'enum pin_config_param', PIN_CONFIG_BIAS_PULL_(UP/DOWN)
no longer map 1-to-1 with the expected values in devicetree.

This patch adds a small translation between the devicetree values (0..2)
and the enum pin_config_param equivalent values.

Signed-off-by: Tony Prisk <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/pinctrl/vt8500/pinctrl-wmt.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)

--- a/drivers/pinctrl/vt8500/pinctrl-wmt.c
+++ b/drivers/pinctrl/vt8500/pinctrl-wmt.c
@@ -276,7 +276,20 @@ static int wmt_pctl_dt_node_to_map_pull(
if (!configs)
return -ENOMEM;

- configs[0] = pull;
+ switch (pull) {
+ case 0:
+ configs[0] = PIN_CONFIG_BIAS_DISABLE;
+ break;
+ case 1:
+ configs[0] = PIN_CONFIG_BIAS_PULL_DOWN;
+ break;
+ case 2:
+ configs[0] = PIN_CONFIG_BIAS_PULL_UP;
+ break;
+ default:
+ configs[0] = PIN_CONFIG_BIAS_DISABLE;
+ dev_err(data->dev, "invalid pull state %d - disabling\n", pull);
+ }

map->type = PIN_MAP_TYPE_CONFIGS_PIN;
map->data.configs.group_or_pin = data->groups[group];

2014-02-18 22:49:05

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 38/40] bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: "Darrick J. Wong" <[email protected]>

commit 947174476701fbc84ea8c7ec9664270f9d80b076 upstream.

The BUG_ON at the end of __bch_btree_mark_key can be triggered due to
an integer overflow error:

BITMASK(GC_SECTORS_USED, struct bucket, gc_mark, 2, 13);
...
SET_GC_SECTORS_USED(g, min_t(unsigned,
GC_SECTORS_USED(g) + KEY_SIZE(k),
(1 << 14) - 1));
BUG_ON(!GC_SECTORS_USED(g));

In bcache.h, the SECTORS_USED bitfield is defined to be 13 bits wide.
While the SET_ code tries to ensure that the field doesn't overflow by
clamping it to (1<<14)-1 == 16383, this is incorrect because 16383
requires 14 bits. Therefore, if GC_SECTORS_USED() + KEY_SIZE() =
8192, the SET_ statement tries to store 8192 into a 13-bit field. In
a 13-bit field, 8192 becomes zero, thus triggering the BUG_ON.

Therefore, create a field width constant and a max value constant, and
use those to create the bitfield and check the inputs to
SET_GC_SECTORS_USED. Arguably the BITMASK() template ought to have
BUG_ON checks for too-large values, but that's a separate patch.

Signed-off-by: Darrick J. Wong <[email protected]>
Cc: Kent Overstreet <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/md/bcache/bcache.h | 4 +++-
drivers/md/bcache/btree.c | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/md/bcache/bcache.h
+++ b/drivers/md/bcache/bcache.h
@@ -209,7 +209,9 @@ BITMASK(GC_MARK, struct bucket, gc_mark
#define GC_MARK_RECLAIMABLE 0
#define GC_MARK_DIRTY 1
#define GC_MARK_METADATA 2
-BITMASK(GC_SECTORS_USED, struct bucket, gc_mark, 2, 13);
+#define GC_SECTORS_USED_SIZE 13
+#define MAX_GC_SECTORS_USED (~(~0ULL << GC_SECTORS_USED_SIZE))
+BITMASK(GC_SECTORS_USED, struct bucket, gc_mark, 2, GC_SECTORS_USED_SIZE);
BITMASK(GC_MOVE, struct bucket, gc_mark, 15, 1);

#include "journal.h"
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1163,7 +1163,7 @@ uint8_t __bch_btree_mark_key(struct cach
/* guard against overflow */
SET_GC_SECTORS_USED(g, min_t(unsigned,
GC_SECTORS_USED(g) + KEY_SIZE(k),
- (1 << 14) - 1));
+ MAX_GC_SECTORS_USED));

BUG_ON(!GC_SECTORS_USED(g));
}

2014-02-18 22:50:11

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 35/40] pinctrl: imx27: fix offset calculation in imx_read_2bit

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Chris Ruehl <[email protected]>

commit e3365d0974ed64157f5b5a576c611057dc40a595 upstream.

The offset for the 2bit register calculate wrong, this patch
fixes the problem. The debugfs printout for oconf, iconfa, iconfb
now shows the real values.

Signed-off-by: Chris Ruehl <[email protected]>
Reviewed-by: Markus Pargmann <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/pinctrl/pinctrl-imx1-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pinctrl/pinctrl-imx1-core.c
+++ b/drivers/pinctrl/pinctrl-imx1-core.c
@@ -139,7 +139,7 @@ static int imx1_read_2bit(struct imx1_pi
u32 reg_offset)
{
void __iomem *reg = imx1_mem(ipctl, pin_id) + reg_offset;
- int offset = pin_id % 16;
+ int offset = (pin_id % 16) * 2;

/* Use the next register if the pin's port pin number is >=16 */
if (pin_id % 32 >= 16)

2014-02-18 22:50:42

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 34/40] pinctrl: imx27: fix wrong offset to ICONFB

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Chris Ruehl <[email protected]>

commit 795779df22afc8bdee4e9fbe5c18c47e44974d75 upstream.

The offset to ICONFB was incorrect, this patch set the correct value 0x14.
dev_dbg in function imx1_write_2bit print the wrong address and had been
moved after address calculation.

Signed-off-by: Chris Ruehl <[email protected]>
Reviewed-by: Markus Pargmann <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/pinctrl/pinctrl-imx1-core.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/pinctrl/pinctrl-imx1-core.c
+++ b/drivers/pinctrl/pinctrl-imx1-core.c
@@ -45,7 +45,7 @@ struct imx1_pinctrl {
#define MX1_DDIR 0x00
#define MX1_OCR 0x04
#define MX1_ICONFA 0x0c
-#define MX1_ICONFB 0x10
+#define MX1_ICONFB 0x14
#define MX1_GIUS 0x20
#define MX1_GPR 0x38
#define MX1_PUEN 0x40
@@ -97,13 +97,13 @@ static void imx1_write_2bit(struct imx1_
u32 old_val;
u32 new_val;

- dev_dbg(ipctl->dev, "write: register 0x%p offset %d value 0x%x\n",
- reg, offset, value);
-
/* Use the next register if the pin's port pin number is >=16 */
if (pin_id % 32 >= 16)
reg += 0x04;

+ dev_dbg(ipctl->dev, "write: register 0x%p offset %d value 0x%x\n",
+ reg, offset, value);
+
/* Get current state of pins */
old_val = readl(reg);
old_val &= mask;

2014-02-18 22:47:36

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 08/40] regulator: core: Correct default return value for full constraints

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Mark Brown <[email protected]>

commit 317b5684d52269b75b4ec6480f9dac056d0d4ba8 upstream.

Once we have full constraints then all supply mappings should be known to
the regulator API. This means that we should treat failed lookups as fatal
rather than deferring in the hope of further registrations but this was
broken by commit 9b92da1f1205bd25 "regulator: core: Fix default return
value for _get()" which was targeted at DT systems but unintentionally
broke non-DT systems by changing the default return value.

Fix this by explicitly returning -EPROBE_DEFER from the DT lookup if we
find a property but no corresponding regulator and by having the non-DT
case default to -ENODEV when we have full constraints.

Fixes: 9b92da1f1205bd25 "regulator: core: Fix default return value for _get()"
Signed-off-by: Mark Brown <[email protected]>
Tested-by: Guenter Roeck <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/regulator/core.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1272,6 +1272,8 @@ static struct regulator_dev *regulator_d
if (r->dev.parent &&
node == r->dev.of_node)
return r;
+ *ret = -EPROBE_DEFER;
+ return NULL;
} else {
/*
* If we couldn't even get the node then it's
@@ -1312,7 +1314,7 @@ static struct regulator *_regulator_get(
struct regulator_dev *rdev;
struct regulator *regulator = ERR_PTR(-EPROBE_DEFER);
const char *devname = NULL;
- int ret = -EPROBE_DEFER;
+ int ret;

if (id == NULL) {
pr_err("get() with no identifier\n");
@@ -1322,6 +1324,11 @@ static struct regulator *_regulator_get(
if (dev)
devname = dev_name(dev);

+ if (have_full_constraints())
+ ret = -ENODEV;
+ else
+ ret = -EPROBE_DEFER;
+
mutex_lock(&regulator_list_mutex);

rdev = regulator_dev_lookup(dev, id, &ret);

2014-02-18 22:51:12

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 33/40] pinctrl: at91: use locked variant of irq_set_handler

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Nicolas Ferre <[email protected]>

commit b0dcfd87323ea86501e93d0fa2a98d2fd3579bcf upstream.

When setting the gpio irq type, use the __irq_set_handler_locked()
variant instead of the irq_set_handler() to prevent false
spinlock recursion warning.

Signed-off-by: Nicolas Ferre <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/pinctrl/pinctrl-at91.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

--- a/drivers/pinctrl/pinctrl-at91.c
+++ b/drivers/pinctrl/pinctrl-at91.c
@@ -1260,22 +1260,22 @@ static int alt_gpio_irq_type(struct irq_

switch (type) {
case IRQ_TYPE_EDGE_RISING:
- irq_set_handler(d->irq, handle_simple_irq);
+ __irq_set_handler_locked(d->irq, handle_simple_irq);
writel_relaxed(mask, pio + PIO_ESR);
writel_relaxed(mask, pio + PIO_REHLSR);
break;
case IRQ_TYPE_EDGE_FALLING:
- irq_set_handler(d->irq, handle_simple_irq);
+ __irq_set_handler_locked(d->irq, handle_simple_irq);
writel_relaxed(mask, pio + PIO_ESR);
writel_relaxed(mask, pio + PIO_FELLSR);
break;
case IRQ_TYPE_LEVEL_LOW:
- irq_set_handler(d->irq, handle_level_irq);
+ __irq_set_handler_locked(d->irq, handle_level_irq);
writel_relaxed(mask, pio + PIO_LSR);
writel_relaxed(mask, pio + PIO_FELLSR);
break;
case IRQ_TYPE_LEVEL_HIGH:
- irq_set_handler(d->irq, handle_level_irq);
+ __irq_set_handler_locked(d->irq, handle_level_irq);
writel_relaxed(mask, pio + PIO_LSR);
writel_relaxed(mask, pio + PIO_REHLSR);
break;
@@ -1284,7 +1284,7 @@ static int alt_gpio_irq_type(struct irq_
* disable additional interrupt modes:
* fall back to default behavior
*/
- irq_set_handler(d->irq, handle_simple_irq);
+ __irq_set_handler_locked(d->irq, handle_simple_irq);
writel_relaxed(mask, pio + PIO_AIMDR);
return 0;
case IRQ_TYPE_NONE:

2014-02-18 22:47:32

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 03/40] crypto: s390 - fix concurrency issue in aes-ctr mode

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Harald Freudenberger <[email protected]>

commit 0519e9ad89e5cd6e6b08398f57c6a71d9580564c upstream.

The aes-ctr mode uses one preallocated page without any concurrency
protection. When multiple threads run aes-ctr encryption or decryption
this can lead to data corruption.

The patch introduces locking for the page and a fallback solution with
slower en/decryption performance in concurrency situations.

Signed-off-by: Harald Freudenberger <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/s390/crypto/aes_s390.c | 65 +++++++++++++++++++++++++++++++-------------
1 file changed, 46 insertions(+), 19 deletions(-)

--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -25,6 +25,7 @@
#include <linux/err.h>
#include <linux/module.h>
#include <linux/init.h>
+#include <linux/spinlock.h>
#include "crypt_s390.h"

#define AES_KEYLEN_128 1
@@ -32,6 +33,7 @@
#define AES_KEYLEN_256 4

static u8 *ctrblk;
+static DEFINE_SPINLOCK(ctrblk_lock);
static char keylen_flag;

struct s390_aes_ctx {
@@ -758,43 +760,67 @@ static int ctr_aes_set_key(struct crypto
return aes_set_key(tfm, in_key, key_len);
}

+static unsigned int __ctrblk_init(u8 *ctrptr, unsigned int nbytes)
+{
+ unsigned int i, n;
+
+ /* only use complete blocks, max. PAGE_SIZE */
+ n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(AES_BLOCK_SIZE - 1);
+ for (i = AES_BLOCK_SIZE; i < n; i += AES_BLOCK_SIZE) {
+ memcpy(ctrptr + i, ctrptr + i - AES_BLOCK_SIZE,
+ AES_BLOCK_SIZE);
+ crypto_inc(ctrptr + i, AES_BLOCK_SIZE);
+ }
+ return n;
+}
+
static int ctr_aes_crypt(struct blkcipher_desc *desc, long func,
struct s390_aes_ctx *sctx, struct blkcipher_walk *walk)
{
int ret = blkcipher_walk_virt_block(desc, walk, AES_BLOCK_SIZE);
- unsigned int i, n, nbytes;
- u8 buf[AES_BLOCK_SIZE];
- u8 *out, *in;
+ unsigned int n, nbytes;
+ u8 buf[AES_BLOCK_SIZE], ctrbuf[AES_BLOCK_SIZE];
+ u8 *out, *in, *ctrptr = ctrbuf;

if (!walk->nbytes)
return ret;

- memcpy(ctrblk, walk->iv, AES_BLOCK_SIZE);
+ if (spin_trylock(&ctrblk_lock))
+ ctrptr = ctrblk;
+
+ memcpy(ctrptr, walk->iv, AES_BLOCK_SIZE);
while ((nbytes = walk->nbytes) >= AES_BLOCK_SIZE) {
out = walk->dst.virt.addr;
in = walk->src.virt.addr;
while (nbytes >= AES_BLOCK_SIZE) {
- /* only use complete blocks, max. PAGE_SIZE */
- n = (nbytes > PAGE_SIZE) ? PAGE_SIZE :
- nbytes & ~(AES_BLOCK_SIZE - 1);
- for (i = AES_BLOCK_SIZE; i < n; i += AES_BLOCK_SIZE) {
- memcpy(ctrblk + i, ctrblk + i - AES_BLOCK_SIZE,
- AES_BLOCK_SIZE);
- crypto_inc(ctrblk + i, AES_BLOCK_SIZE);
- }
- ret = crypt_s390_kmctr(func, sctx->key, out, in, n, ctrblk);
- if (ret < 0 || ret != n)
+ if (ctrptr == ctrblk)
+ n = __ctrblk_init(ctrptr, nbytes);
+ else
+ n = AES_BLOCK_SIZE;
+ ret = crypt_s390_kmctr(func, sctx->key, out, in,
+ n, ctrptr);
+ if (ret < 0 || ret != n) {
+ if (ctrptr == ctrblk)
+ spin_unlock(&ctrblk_lock);
return -EIO;
+ }
if (n > AES_BLOCK_SIZE)
- memcpy(ctrblk, ctrblk + n - AES_BLOCK_SIZE,
+ memcpy(ctrptr, ctrptr + n - AES_BLOCK_SIZE,
AES_BLOCK_SIZE);
- crypto_inc(ctrblk, AES_BLOCK_SIZE);
+ crypto_inc(ctrptr, AES_BLOCK_SIZE);
out += n;
in += n;
nbytes -= n;
}
ret = blkcipher_walk_done(desc, walk, nbytes);
}
+ if (ctrptr == ctrblk) {
+ if (nbytes)
+ memcpy(ctrbuf, ctrptr, AES_BLOCK_SIZE);
+ else
+ memcpy(walk->iv, ctrptr, AES_BLOCK_SIZE);
+ spin_unlock(&ctrblk_lock);
+ }
/*
* final block may be < AES_BLOCK_SIZE, copy only nbytes
*/
@@ -802,14 +828,15 @@ static int ctr_aes_crypt(struct blkciphe
out = walk->dst.virt.addr;
in = walk->src.virt.addr;
ret = crypt_s390_kmctr(func, sctx->key, buf, in,
- AES_BLOCK_SIZE, ctrblk);
+ AES_BLOCK_SIZE, ctrbuf);
if (ret < 0 || ret != AES_BLOCK_SIZE)
return -EIO;
memcpy(out, buf, nbytes);
- crypto_inc(ctrblk, AES_BLOCK_SIZE);
+ crypto_inc(ctrbuf, AES_BLOCK_SIZE);
ret = blkcipher_walk_done(desc, walk, 0);
+ memcpy(walk->iv, ctrbuf, AES_BLOCK_SIZE);
}
- memcpy(walk->iv, ctrblk, AES_BLOCK_SIZE);
+
return ret;
}


2014-02-18 22:51:53

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 07/40] NFSv4: Fix memory corruption in nfs4_proc_open_confirm

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <[email protected]>

commit 17ead6c85c3d0ef57a14d1373f1f1cee2ce60ea8 upstream.

nfs41_wake_and_assign_slot() relies on the task->tk_msg.rpc_argp and
task->tk_msg.rpc_resp always pointing to the session sequence arguments.

nfs4_proc_open_confirm tries to pull a fast one by reusing the open
sequence structure, thus causing corruption of the NFSv4 slot table.

Signed-off-by: Trond Myklebust <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
fs/nfs/nfs4proc.c | 8 ++++----
include/linux/nfs_xdr.h | 2 ++
2 files changed, 6 insertions(+), 4 deletions(-)

--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -1622,15 +1622,15 @@ static void nfs4_open_confirm_prepare(st
{
struct nfs4_opendata *data = calldata;

- nfs40_setup_sequence(data->o_arg.server, &data->o_arg.seq_args,
- &data->o_res.seq_res, task);
+ nfs40_setup_sequence(data->o_arg.server, &data->c_arg.seq_args,
+ &data->c_res.seq_res, task);
}

static void nfs4_open_confirm_done(struct rpc_task *task, void *calldata)
{
struct nfs4_opendata *data = calldata;

- nfs40_sequence_done(task, &data->o_res.seq_res);
+ nfs40_sequence_done(task, &data->c_res.seq_res);

data->rpc_status = task->tk_status;
if (data->rpc_status == 0) {
@@ -1688,7 +1688,7 @@ static int _nfs4_proc_open_confirm(struc
};
int status;

- nfs4_init_sequence(&data->o_arg.seq_args, &data->o_res.seq_res, 1);
+ nfs4_init_sequence(&data->c_arg.seq_args, &data->c_res.seq_res, 1);
kref_get(&data->kref);
data->rpc_done = 0;
data->rpc_status = 0;
--- a/include/linux/nfs_xdr.h
+++ b/include/linux/nfs_xdr.h
@@ -379,12 +379,14 @@ struct nfs_openres {
* Arguments to the open_confirm call.
*/
struct nfs_open_confirmargs {
+ struct nfs4_sequence_args seq_args;
const struct nfs_fh * fh;
nfs4_stateid * stateid;
struct nfs_seqid * seqid;
};

struct nfs_open_confirmres {
+ struct nfs4_sequence_res seq_res;
nfs4_stateid stateid;
struct nfs_seqid * seqid;
};

2014-02-18 22:52:23

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 05/40] crypto: s390 - fix des and des3_ede ctr concurrency issue

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Harald Freudenberger <[email protected]>

commit ee97dc7db4cbda33e4241c2d85b42d1835bc8a35 upstream.

In s390 des and 3des ctr mode there is one preallocated page
used to speed up the en/decryption. This page is not protected
against concurrent usage and thus there is a potential of data
corruption with multiple threads.

The fix introduces locking/unlocking the ctr page and a slower
fallback solution at concurrency situations.

Signed-off-by: Harald Freudenberger <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/s390/crypto/des_s390.c | 69 ++++++++++++++++++++++++++++++--------------
1 file changed, 48 insertions(+), 21 deletions(-)

--- a/arch/s390/crypto/des_s390.c
+++ b/arch/s390/crypto/des_s390.c
@@ -25,6 +25,7 @@
#define DES3_KEY_SIZE (3 * DES_KEY_SIZE)

static u8 *ctrblk;
+static DEFINE_SPINLOCK(ctrblk_lock);

struct s390_des_ctx {
u8 iv[DES_BLOCK_SIZE];
@@ -368,54 +369,80 @@ static struct crypto_alg cbc_des3_alg =
}
};

+static unsigned int __ctrblk_init(u8 *ctrptr, unsigned int nbytes)
+{
+ unsigned int i, n;
+
+ /* align to block size, max. PAGE_SIZE */
+ n = (nbytes > PAGE_SIZE) ? PAGE_SIZE : nbytes & ~(DES_BLOCK_SIZE - 1);
+ for (i = DES_BLOCK_SIZE; i < n; i += DES_BLOCK_SIZE) {
+ memcpy(ctrptr + i, ctrptr + i - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+ crypto_inc(ctrptr + i, DES_BLOCK_SIZE);
+ }
+ return n;
+}
+
static int ctr_desall_crypt(struct blkcipher_desc *desc, long func,
- struct s390_des_ctx *ctx, struct blkcipher_walk *walk)
+ struct s390_des_ctx *ctx,
+ struct blkcipher_walk *walk)
{
int ret = blkcipher_walk_virt_block(desc, walk, DES_BLOCK_SIZE);
- unsigned int i, n, nbytes;
- u8 buf[DES_BLOCK_SIZE];
- u8 *out, *in;
+ unsigned int n, nbytes;
+ u8 buf[DES_BLOCK_SIZE], ctrbuf[DES_BLOCK_SIZE];
+ u8 *out, *in, *ctrptr = ctrbuf;
+
+ if (!walk->nbytes)
+ return ret;

- memcpy(ctrblk, walk->iv, DES_BLOCK_SIZE);
+ if (spin_trylock(&ctrblk_lock))
+ ctrptr = ctrblk;
+
+ memcpy(ctrptr, walk->iv, DES_BLOCK_SIZE);
while ((nbytes = walk->nbytes) >= DES_BLOCK_SIZE) {
out = walk->dst.virt.addr;
in = walk->src.virt.addr;
while (nbytes >= DES_BLOCK_SIZE) {
- /* align to block size, max. PAGE_SIZE */
- n = (nbytes > PAGE_SIZE) ? PAGE_SIZE :
- nbytes & ~(DES_BLOCK_SIZE - 1);
- for (i = DES_BLOCK_SIZE; i < n; i += DES_BLOCK_SIZE) {
- memcpy(ctrblk + i, ctrblk + i - DES_BLOCK_SIZE,
- DES_BLOCK_SIZE);
- crypto_inc(ctrblk + i, DES_BLOCK_SIZE);
- }
- ret = crypt_s390_kmctr(func, ctx->key, out, in, n, ctrblk);
- if (ret < 0 || ret != n)
+ if (ctrptr == ctrblk)
+ n = __ctrblk_init(ctrptr, nbytes);
+ else
+ n = DES_BLOCK_SIZE;
+ ret = crypt_s390_kmctr(func, ctx->key, out, in,
+ n, ctrptr);
+ if (ret < 0 || ret != n) {
+ if (ctrptr == ctrblk)
+ spin_unlock(&ctrblk_lock);
return -EIO;
+ }
if (n > DES_BLOCK_SIZE)
- memcpy(ctrblk, ctrblk + n - DES_BLOCK_SIZE,
+ memcpy(ctrptr, ctrptr + n - DES_BLOCK_SIZE,
DES_BLOCK_SIZE);
- crypto_inc(ctrblk, DES_BLOCK_SIZE);
+ crypto_inc(ctrptr, DES_BLOCK_SIZE);
out += n;
in += n;
nbytes -= n;
}
ret = blkcipher_walk_done(desc, walk, nbytes);
}
-
+ if (ctrptr == ctrblk) {
+ if (nbytes)
+ memcpy(ctrbuf, ctrptr, DES_BLOCK_SIZE);
+ else
+ memcpy(walk->iv, ctrptr, DES_BLOCK_SIZE);
+ spin_unlock(&ctrblk_lock);
+ }
/* final block may be < DES_BLOCK_SIZE, copy only nbytes */
if (nbytes) {
out = walk->dst.virt.addr;
in = walk->src.virt.addr;
ret = crypt_s390_kmctr(func, ctx->key, buf, in,
- DES_BLOCK_SIZE, ctrblk);
+ DES_BLOCK_SIZE, ctrbuf);
if (ret < 0 || ret != DES_BLOCK_SIZE)
return -EIO;
memcpy(out, buf, nbytes);
- crypto_inc(ctrblk, DES_BLOCK_SIZE);
+ crypto_inc(ctrbuf, DES_BLOCK_SIZE);
ret = blkcipher_walk_done(desc, walk, 0);
+ memcpy(walk->iv, ctrbuf, DES_BLOCK_SIZE);
}
- memcpy(walk->iv, ctrblk, DES_BLOCK_SIZE);
return ret;
}


2014-02-18 22:52:22

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 06/40] NFSv4.1: nfs4_destroy_session must call rpc_destroy_waitqueue

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <[email protected]>

commit 20b9a9024540a775395d5d1f41eec0ec6ec41f9b upstream.

There may still be timers active on the session waitqueues. Make sure
that we kill them before freeing the memory.

Signed-off-by: Trond Myklebust <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
fs/nfs/nfs4client.c | 2 +-
fs/nfs/nfs4session.c | 25 ++++++++++++++++++++-----
fs/nfs/nfs4session.h | 2 +-
3 files changed, 22 insertions(+), 7 deletions(-)

--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -169,7 +169,7 @@ void nfs41_shutdown_client(struct nfs_cl
void nfs40_shutdown_client(struct nfs_client *clp)
{
if (clp->cl_slot_tbl) {
- nfs4_release_slot_table(clp->cl_slot_tbl);
+ nfs4_shutdown_slot_table(clp->cl_slot_tbl);
kfree(clp->cl_slot_tbl);
}
}
--- a/fs/nfs/nfs4session.c
+++ b/fs/nfs/nfs4session.c
@@ -231,14 +231,23 @@ out:
return ret;
}

+/*
+ * nfs4_release_slot_table - release all slot table entries
+ */
+static void nfs4_release_slot_table(struct nfs4_slot_table *tbl)
+{
+ nfs4_shrink_slot_table(tbl, 0);
+}
+
/**
- * nfs4_release_slot_table - release resources attached to a slot table
+ * nfs4_shutdown_slot_table - release resources attached to a slot table
* @tbl: slot table to shut down
*
*/
-void nfs4_release_slot_table(struct nfs4_slot_table *tbl)
+void nfs4_shutdown_slot_table(struct nfs4_slot_table *tbl)
{
- nfs4_shrink_slot_table(tbl, 0);
+ nfs4_release_slot_table(tbl);
+ rpc_destroy_wait_queue(&tbl->slot_tbl_waitq);
}

/**
@@ -422,7 +431,7 @@ void nfs41_update_target_slotid(struct n
spin_unlock(&tbl->slot_tbl_lock);
}

-static void nfs4_destroy_session_slot_tables(struct nfs4_session *session)
+static void nfs4_release_session_slot_tables(struct nfs4_session *session)
{
nfs4_release_slot_table(&session->fc_slot_table);
nfs4_release_slot_table(&session->bc_slot_table);
@@ -450,7 +459,7 @@ int nfs4_setup_session_slot_tables(struc
if (status && tbl->slots == NULL)
/* Fore and back channel share a connection so get
* both slot tables or neither */
- nfs4_destroy_session_slot_tables(ses);
+ nfs4_release_session_slot_tables(ses);
return status;
}

@@ -470,6 +479,12 @@ struct nfs4_session *nfs4_alloc_session(
return session;
}

+static void nfs4_destroy_session_slot_tables(struct nfs4_session *session)
+{
+ nfs4_shutdown_slot_table(&session->fc_slot_table);
+ nfs4_shutdown_slot_table(&session->bc_slot_table);
+}
+
void nfs4_destroy_session(struct nfs4_session *session)
{
struct rpc_xprt *xprt;
--- a/fs/nfs/nfs4session.h
+++ b/fs/nfs/nfs4session.h
@@ -74,7 +74,7 @@ enum nfs4_session_state {

extern int nfs4_setup_slot_table(struct nfs4_slot_table *tbl,
unsigned int max_reqs, const char *queue);
-extern void nfs4_release_slot_table(struct nfs4_slot_table *tbl);
+extern void nfs4_shutdown_slot_table(struct nfs4_slot_table *tbl);
extern struct nfs4_slot *nfs4_alloc_slot(struct nfs4_slot_table *tbl);
extern void nfs4_free_slot(struct nfs4_slot_table *tbl, struct nfs4_slot *slot);
extern void nfs4_slot_tbl_drain_complete(struct nfs4_slot_table *tbl);

2014-02-18 22:47:30

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 30/40] [media] cx24117: use a valid dev pointer for dev_err printout

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Andi Shyti <[email protected]>

commit a33dd5171d141c378df498aba3fa3c9a573cacb6 upstream.

Don't use '&state->priv->i2c->dev' reference to device because
state is still 'NULL'. Use '&i2c->dev' instead.

This bug has been reported by scan.coverity.com

Signed-off-by: Andi Shyti <[email protected]>
Signed-off-by: Michael Krufky <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/media/dvb-frontends/cx24117.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/media/dvb-frontends/cx24117.c
+++ b/drivers/media/dvb-frontends/cx24117.c
@@ -1166,7 +1166,7 @@ struct dvb_frontend *cx24117_attach(cons

switch (demod) {
case 0:
- dev_err(&state->priv->i2c->dev,
+ dev_err(&i2c->dev,
"%s: Error attaching frontend %d\n",
KBUILD_MODNAME, demod);
goto error1;

2014-02-18 22:53:00

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 04/40] crypto: s390 - fix des and des3_ede cbc concurrency issue

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Harald Freudenberger <[email protected]>

commit adc3fcf1552b6e406d172fd9690bbd1395053d13 upstream.

In s390 des and des3_ede cbc mode the iv value is not protected
against concurrency access and modifications from another running
en/decrypt operation which is using the very same tfm struct
instance. This fix copies the iv to the local stack before
the crypto operation and stores the value back when done.

Signed-off-by: Harald Freudenberger <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/s390/crypto/des_s390.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)

--- a/arch/s390/crypto/des_s390.c
+++ b/arch/s390/crypto/des_s390.c
@@ -105,29 +105,35 @@ static int ecb_desall_crypt(struct blkci
}

static int cbc_desall_crypt(struct blkcipher_desc *desc, long func,
- u8 *iv, struct blkcipher_walk *walk)
+ struct blkcipher_walk *walk)
{
+ struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
int ret = blkcipher_walk_virt(desc, walk);
unsigned int nbytes = walk->nbytes;
+ struct {
+ u8 iv[DES_BLOCK_SIZE];
+ u8 key[DES3_KEY_SIZE];
+ } param;

if (!nbytes)
goto out;

- memcpy(iv, walk->iv, DES_BLOCK_SIZE);
+ memcpy(param.iv, walk->iv, DES_BLOCK_SIZE);
+ memcpy(param.key, ctx->key, DES3_KEY_SIZE);
do {
/* only use complete blocks */
unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1);
u8 *out = walk->dst.virt.addr;
u8 *in = walk->src.virt.addr;

- ret = crypt_s390_kmc(func, iv, out, in, n);
+ ret = crypt_s390_kmc(func, &param, out, in, n);
if (ret < 0 || ret != n)
return -EIO;

nbytes &= DES_BLOCK_SIZE - 1;
ret = blkcipher_walk_done(desc, walk, nbytes);
} while ((nbytes = walk->nbytes));
- memcpy(walk->iv, iv, DES_BLOCK_SIZE);
+ memcpy(walk->iv, param.iv, DES_BLOCK_SIZE);

out:
return ret;
@@ -179,22 +185,20 @@ static int cbc_des_encrypt(struct blkcip
struct scatterlist *dst, struct scatterlist *src,
unsigned int nbytes)
{
- struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
struct blkcipher_walk walk;

blkcipher_walk_init(&walk, dst, src, nbytes);
- return cbc_desall_crypt(desc, KMC_DEA_ENCRYPT, ctx->iv, &walk);
+ return cbc_desall_crypt(desc, KMC_DEA_ENCRYPT, &walk);
}

static int cbc_des_decrypt(struct blkcipher_desc *desc,
struct scatterlist *dst, struct scatterlist *src,
unsigned int nbytes)
{
- struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
struct blkcipher_walk walk;

blkcipher_walk_init(&walk, dst, src, nbytes);
- return cbc_desall_crypt(desc, KMC_DEA_DECRYPT, ctx->iv, &walk);
+ return cbc_desall_crypt(desc, KMC_DEA_DECRYPT, &walk);
}

static struct crypto_alg cbc_des_alg = {
@@ -327,22 +331,20 @@ static int cbc_des3_encrypt(struct blkci
struct scatterlist *dst, struct scatterlist *src,
unsigned int nbytes)
{
- struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
struct blkcipher_walk walk;

blkcipher_walk_init(&walk, dst, src, nbytes);
- return cbc_desall_crypt(desc, KMC_TDEA_192_ENCRYPT, ctx->iv, &walk);
+ return cbc_desall_crypt(desc, KMC_TDEA_192_ENCRYPT, &walk);
}

static int cbc_des3_decrypt(struct blkcipher_desc *desc,
struct scatterlist *dst, struct scatterlist *src,
unsigned int nbytes)
{
- struct s390_des_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
struct blkcipher_walk walk;

blkcipher_walk_init(&walk, dst, src, nbytes);
- return cbc_desall_crypt(desc, KMC_TDEA_192_DECRYPT, ctx->iv, &walk);
+ return cbc_desall_crypt(desc, KMC_TDEA_192_DECRYPT, &walk);
}

static struct crypto_alg cbc_des3_alg = {

2014-02-18 22:47:26

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 27/40] [media] mxl111sf: Fix unintentional garbage stack read

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Dave Jones <[email protected]>

commit 866e8d8a9dc1ebb4f9e67197e264ac2df81f7d4b upstream.

mxl111sf_read_reg takes an address of a variable to write to as an argument.
drivers/media/usb/dvb-usb-v2/mxl111sf-gpio.c:mxl111sf_config_pin_mux_modes
passes several uninitialized stack variables to this routine, expecting
them to be filled in. In the event that something unexpected happens when
reading from the chip, we end up doing a pr_debug of the value passed in,
revealing whatever garbage happened to be on the stack.

Change the pr_debug to match what happens in the 'success' case, where we
assign buf[1] to *data.

Spotted with Coverity (Bugs 731910 through 731917)

Signed-off-by: Dave Jones <[email protected]>
Signed-off-by: Michael Krufky <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/media/usb/dvb-usb-v2/mxl111sf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/media/usb/dvb-usb-v2/mxl111sf.c
+++ b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
@@ -105,7 +105,7 @@ int mxl111sf_read_reg(struct mxl111sf_st
ret = -EINVAL;
}

- pr_debug("R: (0x%02x, 0x%02x)\n", addr, *data);
+ pr_debug("R: (0x%02x, 0x%02x)\n", addr, buf[1]);
fail:
return ret;
}

2014-02-18 22:53:33

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 31/40] x86, hweight: Fix BUG when booting with CONFIG_GCOV_PROFILE_ALL=y

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Peter Oberparleiter <[email protected]>

commit 6583327c4dd55acbbf2a6f25e775b28b3abf9a42 upstream.

Commit d61931d89b, "x86: Add optimized popcnt variants" introduced
compile flag -fcall-saved-rdi for lib/hweight.c. When combined with
options -fprofile-arcs and -O2, this flag causes gcc to generate
broken constructor code. As a result, a 64 bit x86 kernel compiled
with CONFIG_GCOV_PROFILE_ALL=y prints message "gcov: could not create
file" and runs into sproadic BUGs during boot.

The gcc people indicate that these kinds of problems are endemic when
using ad hoc calling conventions. It is therefore best to treat any
file compiled with ad hoc calling conventions as an isolated
environment and avoid things like profiling or coverage analysis,
since those subsystems assume a "normal" calling conventions.

This patch avoids the bug by excluding lib/hweight.o from coverage
profiling.

Reported-by: Meelis Roos <[email protected]>
Cc: Andrew Morton <[email protected]>
Signed-off-by: Peter Oberparleiter <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: H. Peter Anvin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
lib/Makefile | 1 +
1 file changed, 1 insertion(+)

--- a/lib/Makefile
+++ b/lib/Makefile
@@ -43,6 +43,7 @@ obj-$(CONFIG_HAS_IOMEM) += iomap_copy.o
obj-$(CONFIG_CHECK_SIGNATURE) += check_signature.o
obj-$(CONFIG_DEBUG_LOCKING_API_SELFTESTS) += locking-selftest.o

+GCOV_PROFILE_hweight.o := n
CFLAGS_hweight.o = $(subst $(quote),,$(CONFIG_ARCH_HWEIGHT_CFLAGS))
obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o


2014-02-18 22:54:00

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 29/40] [media] Revert "[media] videobuf_vm_{open,close} race fixes"

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Hans Verkuil <[email protected]>

commit cca36e2eecec2b8fc869a50ffd3bd0adeed92b8b upstream.

This reverts commit a242f426108c284049a69710f871cc9f11b13e61.

That commit actually caused deadlocks, rather then fixing them.

If ext_lock is set to NULL (otherwise videobuf_queue_lock doesn't do
anything), then you get this deadlock:

The driver's mmap function calls videobuf_mmap_mapper which calls
videobuf_queue_lock on q. videobuf_mmap_mapper calls __videobuf_mmap_mapper,
__videobuf_mmap_mapper calls videobuf_vm_open and videobuf_vm_open
calls videobuf_queue_lock on q (introduced by above patch): deadlocked.

This affects drivers using dma-contig and dma-vmalloc. Only dma-sg is
not affected since it doesn't call videobuf_vm_open from __videobuf_mmap_mapper.

Most drivers these days have a non-NULL ext_lock. Those that still use
NULL there are all fairly obscure drivers, which is why this hasn't been
seen earlier.

Since everything worked perfectly fine for many years I prefer to just
revert this patch rather than trying to fix it. videobuf is quite fragile
and I rather not touch it too much. Work is (slowly) progressing to move
everything over to vb2 or at the very least use non-NULL ext_lock in
videobuf.

Signed-off-by: Hans Verkuil <[email protected]>
Cc: Al Viro <[email protected]>
Reported-by: Pete Eberlein <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/media/v4l2-core/videobuf-dma-contig.c | 12 +++++-------
drivers/media/v4l2-core/videobuf-dma-sg.c | 10 ++++------
drivers/media/v4l2-core/videobuf-vmalloc.c | 10 ++++------
3 files changed, 13 insertions(+), 19 deletions(-)

--- a/drivers/media/v4l2-core/videobuf-dma-contig.c
+++ b/drivers/media/v4l2-core/videobuf-dma-contig.c
@@ -66,14 +66,11 @@ static void __videobuf_dc_free(struct de
static void videobuf_vm_open(struct vm_area_struct *vma)
{
struct videobuf_mapping *map = vma->vm_private_data;
- struct videobuf_queue *q = map->q;

- dev_dbg(q->dev, "vm_open %p [count=%u,vma=%08lx-%08lx]\n",
+ dev_dbg(map->q->dev, "vm_open %p [count=%u,vma=%08lx-%08lx]\n",
map, map->count, vma->vm_start, vma->vm_end);

- videobuf_queue_lock(q);
map->count++;
- videobuf_queue_unlock(q);
}

static void videobuf_vm_close(struct vm_area_struct *vma)
@@ -85,11 +82,12 @@ static void videobuf_vm_close(struct vm_
dev_dbg(q->dev, "vm_close %p [count=%u,vma=%08lx-%08lx]\n",
map, map->count, vma->vm_start, vma->vm_end);

- videobuf_queue_lock(q);
- if (!--map->count) {
+ map->count--;
+ if (0 == map->count) {
struct videobuf_dma_contig_memory *mem;

dev_dbg(q->dev, "munmap %p q=%p\n", map, q);
+ videobuf_queue_lock(q);

/* We need first to cancel streams, before unmapping */
if (q->streaming)
@@ -128,8 +126,8 @@ static void videobuf_vm_close(struct vm_

kfree(map);

+ videobuf_queue_unlock(q);
}
- videobuf_queue_unlock(q);
}

static const struct vm_operations_struct videobuf_vm_ops = {
--- a/drivers/media/v4l2-core/videobuf-dma-sg.c
+++ b/drivers/media/v4l2-core/videobuf-dma-sg.c
@@ -338,14 +338,11 @@ EXPORT_SYMBOL_GPL(videobuf_dma_free);
static void videobuf_vm_open(struct vm_area_struct *vma)
{
struct videobuf_mapping *map = vma->vm_private_data;
- struct videobuf_queue *q = map->q;

dprintk(2, "vm_open %p [count=%d,vma=%08lx-%08lx]\n", map,
map->count, vma->vm_start, vma->vm_end);

- videobuf_queue_lock(q);
map->count++;
- videobuf_queue_unlock(q);
}

static void videobuf_vm_close(struct vm_area_struct *vma)
@@ -358,9 +355,10 @@ static void videobuf_vm_close(struct vm_
dprintk(2, "vm_close %p [count=%d,vma=%08lx-%08lx]\n", map,
map->count, vma->vm_start, vma->vm_end);

- videobuf_queue_lock(q);
- if (!--map->count) {
+ map->count--;
+ if (0 == map->count) {
dprintk(1, "munmap %p q=%p\n", map, q);
+ videobuf_queue_lock(q);
for (i = 0; i < VIDEO_MAX_FRAME; i++) {
if (NULL == q->bufs[i])
continue;
@@ -376,9 +374,9 @@ static void videobuf_vm_close(struct vm_
q->bufs[i]->baddr = 0;
q->ops->buf_release(q, q->bufs[i]);
}
+ videobuf_queue_unlock(q);
kfree(map);
}
- videobuf_queue_unlock(q);
return;
}

--- a/drivers/media/v4l2-core/videobuf-vmalloc.c
+++ b/drivers/media/v4l2-core/videobuf-vmalloc.c
@@ -54,14 +54,11 @@ MODULE_LICENSE("GPL");
static void videobuf_vm_open(struct vm_area_struct *vma)
{
struct videobuf_mapping *map = vma->vm_private_data;
- struct videobuf_queue *q = map->q;

dprintk(2, "vm_open %p [count=%u,vma=%08lx-%08lx]\n", map,
map->count, vma->vm_start, vma->vm_end);

- videobuf_queue_lock(q);
map->count++;
- videobuf_queue_unlock(q);
}

static void videobuf_vm_close(struct vm_area_struct *vma)
@@ -73,11 +70,12 @@ static void videobuf_vm_close(struct vm_
dprintk(2, "vm_close %p [count=%u,vma=%08lx-%08lx]\n", map,
map->count, vma->vm_start, vma->vm_end);

- videobuf_queue_lock(q);
- if (!--map->count) {
+ map->count--;
+ if (0 == map->count) {
struct videobuf_vmalloc_memory *mem;

dprintk(1, "munmap %p q=%p\n", map, q);
+ videobuf_queue_lock(q);

/* We need first to cancel streams, before unmapping */
if (q->streaming)
@@ -116,8 +114,8 @@ static void videobuf_vm_close(struct vm_

kfree(map);

+ videobuf_queue_unlock(q);
}
- videobuf_queue_unlock(q);

return;
}

2014-02-18 22:54:29

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 26/40] [media] af9035: add ID [2040:f900] Hauppauge WinTV-MiniStick 2

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Antti Palosaari <[email protected]>

commit f2e4c5e004691dfe37d0e4b363296f28abdb9bc7 upstream.

Add USB ID [2040:f900] for Hauppauge WinTV-MiniStick 2.
Device is build upon IT9135 chipset.

Tested-by: Stefan Becker <[email protected]>
Signed-off-by: Antti Palosaari <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/media/usb/dvb-usb-v2/af9035.c | 2 ++
1 file changed, 2 insertions(+)

--- a/drivers/media/usb/dvb-usb-v2/af9035.c
+++ b/drivers/media/usb/dvb-usb-v2/af9035.c
@@ -1539,6 +1539,8 @@ static const struct usb_device_id af9035
&af9035_props, "TerraTec Cinergy T Stick Dual RC (rev. 2)", NULL) },
{ DVB_USB_DEVICE(USB_VID_LEADTEK, 0x6a05,
&af9035_props, "Leadtek WinFast DTV Dongle Dual", NULL) },
+ { DVB_USB_DEVICE(USB_VID_HAUPPAUGE, 0xf900,
+ &af9035_props, "Hauppauge WinTV-MiniStick 2", NULL) },
{ }
};
MODULE_DEVICE_TABLE(usb, af9035_id_table);

2014-02-18 22:54:58

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 25/40] x86: mm: change tlb_flushall_shift for IvyBridge

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Mel Gorman <[email protected]>

commit f98b7a772ab51b52ca4d2a14362fc0e0c8a2e0f3 upstream.

There was a large performance regression that was bisected to
commit 611ae8e3 ("x86/tlb: enable tlb flush range support for
x86"). This patch simply changes the default balance point
between a local and global flush for IvyBridge.

In the interest of allowing the tests to be reproduced, this
patch was tested using mmtests 0.15 with the following
configurations

configs/config-global-dhp__tlbflush-performance
configs/config-global-dhp__scheduler-performance
configs/config-global-dhp__network-performance

Results are from two machines

Ivybridge 4 threads: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Ivybridge 8 threads: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz

Page fault microbenchmark showed nothing interesting.

Ebizzy was configured to run multiple iterations and threads.
Thread counts ranged from 1 to NR_CPUS*2. For each thread count,
it ran 100 iterations and each iteration lasted 10 seconds.

Ivybridge 4 threads
3.13.0-rc7 3.13.0-rc7
vanilla altshift-v3
Mean 1 6395.44 ( 0.00%) 6789.09 ( 6.16%)
Mean 2 7012.85 ( 0.00%) 8052.16 ( 14.82%)
Mean 3 6403.04 ( 0.00%) 6973.74 ( 8.91%)
Mean 4 6135.32 ( 0.00%) 6582.33 ( 7.29%)
Mean 5 6095.69 ( 0.00%) 6526.68 ( 7.07%)
Mean 6 6114.33 ( 0.00%) 6416.64 ( 4.94%)
Mean 7 6085.10 ( 0.00%) 6448.51 ( 5.97%)
Mean 8 6120.62 ( 0.00%) 6462.97 ( 5.59%)

Ivybridge 8 threads
3.13.0-rc7 3.13.0-rc7
vanilla altshift-v3
Mean 1 7336.65 ( 0.00%) 7787.02 ( 6.14%)
Mean 2 8218.41 ( 0.00%) 9484.13 ( 15.40%)
Mean 3 7973.62 ( 0.00%) 8922.01 ( 11.89%)
Mean 4 7798.33 ( 0.00%) 8567.03 ( 9.86%)
Mean 5 7158.72 ( 0.00%) 8214.23 ( 14.74%)
Mean 6 6852.27 ( 0.00%) 7952.45 ( 16.06%)
Mean 7 6774.65 ( 0.00%) 7536.35 ( 11.24%)
Mean 8 6510.50 ( 0.00%) 6894.05 ( 5.89%)
Mean 12 6182.90 ( 0.00%) 6661.29 ( 7.74%)
Mean 16 6100.09 ( 0.00%) 6608.69 ( 8.34%)

Ebizzy hits the worst case scenario for TLB range flushing every
time and it shows for these Ivybridge CPUs at least that the
default choice is a poor on. The patch addresses the problem.

Next was a tlbflush microbenchmark written by Alex Shi at
http://marc.info/?l=linux-kernel&m=133727348217113 . It
measures access costs while the TLB is being flushed. The
expectation is that if there are always full TLB flushes that
the benchmark would suffer and it benefits from range flushing

There are 320 iterations of the test per thread count. The
number of entries is randomly selected with a min of 1 and max
of 512. To ensure a reasonably even spread of entries, the full
range is broken up into 8 sections and a random number selected
within that section.

iteration 1, random number between 0-64
iteration 2, random number between 64-128 etc

This is still a very weak methodology. When you do not know
what are typical ranges, random is a reasonable choice but it
can be easily argued that the opimisation was for smaller ranges
and an even spread is not representative of any workload that
matters. To improve this, we'd need to know the probability
distribution of TLB flush range sizes for a set of workloads
that are considered "common", build a synthetic trace and feed
that into this benchmark. Even that is not perfect because it
would not account for the time between flushes but there are
limits of what can be reasonably done and still be doing
something useful. If a representative synthetic trace is
provided then this benchmark could be revisited and the shift values retuned.

Ivybridge 4 threads
3.13.0-rc7 3.13.0-rc7
vanilla altshift-v3
Mean 1 10.50 ( 0.00%) 10.50 ( 0.03%)
Mean 2 17.59 ( 0.00%) 17.18 ( 2.34%)
Mean 3 22.98 ( 0.00%) 21.74 ( 5.41%)
Mean 5 47.13 ( 0.00%) 46.23 ( 1.92%)
Mean 8 43.30 ( 0.00%) 42.56 ( 1.72%)

Ivybridge 8 threads
3.13.0-rc7 3.13.0-rc7
vanilla altshift-v3
Mean 1 9.45 ( 0.00%) 9.36 ( 0.93%)
Mean 2 9.37 ( 0.00%) 9.70 ( -3.54%)
Mean 3 9.36 ( 0.00%) 9.29 ( 0.70%)
Mean 5 14.49 ( 0.00%) 15.04 ( -3.75%)
Mean 8 41.08 ( 0.00%) 38.73 ( 5.71%)
Mean 13 32.04 ( 0.00%) 31.24 ( 2.49%)
Mean 16 40.05 ( 0.00%) 39.04 ( 2.51%)

For both CPUs, average access time is reduced which is good as
this is the benchmark that was used to tune the shift values in
the first place albeit it is now known *how* the benchmark was
used.

The scheduler benchmarks were somewhat inconclusive. They
showed gains and losses and makes me reconsider how stable those
benchmarks really are or if something else might be interfering
with the test results recently.

Network benchmarks were inconclusive. Almost all results were
flat except for netperf-udp tests on the 4 thread machine.
These results were unstable and showed large variations between
reboots. It is unknown if this is a recent problems but I've
noticed before that netperf-udp results tend to vary.

Based on these results, changing the default for Ivybridge seems
like a logical choice.

Signed-off-by: Mel Gorman <[email protected]>
Tested-by: Davidlohr Bueso <[email protected]>
Reviewed-by: Alex Shi <[email protected]>
Reviewed-by: Rik van Riel <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Link: http://lkml.kernel.org/n/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/x86/kernel/cpu/intel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -628,7 +628,7 @@ static void intel_tlb_flushall_shift_set
tlb_flushall_shift = 5;
break;
case 0x63a: /* Ivybridge */
- tlb_flushall_shift = 1;
+ tlb_flushall_shift = 2;
break;
default:
tlb_flushall_shift = 6;

2014-02-18 22:47:22

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 21/40] ALSA: hda - Improve loopback path lookups for AD1983

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <[email protected]>

commit 276ab336b4c6e483d12fd46cbf24f97f71867710 upstream.

AD1983 has flexible loopback routes and the generic parser would take
wrong path confusingly instead of taking individual paths via NID 0x0c
and 0x0d. For avoiding it, limit the connections at these widgets so
that the parser can think more straightforwardly. This fixes the
regression of the missing line-in loopback on Dell machine.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=70011
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
sound/pci/hda/patch_analog.c | 7 +++++++
1 file changed, 7 insertions(+)

--- a/sound/pci/hda/patch_analog.c
+++ b/sound/pci/hda/patch_analog.c
@@ -490,6 +490,8 @@ static int ad1983_add_spdif_mux_ctl(stru
static int patch_ad1983(struct hda_codec *codec)
{
struct ad198x_spec *spec;
+ static hda_nid_t conn_0c[] = { 0x08 };
+ static hda_nid_t conn_0d[] = { 0x09 };
int err;

err = alloc_ad_spec(codec);
@@ -500,6 +502,11 @@ static int patch_ad1983(struct hda_codec
spec->gen.mixer_nid = 0x0e;
spec->gen.beep_nid = 0x10;
set_beep_amp(spec, 0x10, 0, HDA_OUTPUT);
+
+ /* limit the loopback routes not to confuse the parser */
+ snd_hda_override_conn_list(codec, 0x0c, ARRAY_SIZE(conn_0c), conn_0c);
+ snd_hda_override_conn_list(codec, 0x0d, ARRAY_SIZE(conn_0d), conn_0d);
+
err = ad198x_parse_auto_config(codec, false);
if (err < 0)
goto error;

2014-02-18 22:55:30

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 24/40] mm: __set_page_dirty uses spin_lock_irqsave instead of spin_lock_irq

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: KOSAKI Motohiro <[email protected]>

commit 227d53b397a32a7614667b3ecaf1d89902fb6c12 upstream.

To use spin_{un}lock_irq is dangerous if caller disabled interrupt.
During aio buffer migration, we have a possibility to see the following
call stack.

aio_migratepage [disable interrupt]
migrate_page_copy
clear_page_dirty_for_io
set_page_dirty
__set_page_dirty_buffers
__set_page_dirty
spin_lock_irq

This mean, current aio migration is a deadlockable. spin_lock_irqsave
is a safer alternative and we should use it.

Signed-off-by: KOSAKI Motohiro <[email protected]>
Reported-by: David Rientjes [email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
fs/buffer.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -654,14 +654,16 @@ EXPORT_SYMBOL(mark_buffer_dirty_inode);
static void __set_page_dirty(struct page *page,
struct address_space *mapping, int warn)
{
- spin_lock_irq(&mapping->tree_lock);
+ unsigned long flags;
+
+ spin_lock_irqsave(&mapping->tree_lock, flags);
if (page->mapping) { /* Race with truncate? */
WARN_ON_ONCE(warn && !PageUptodate(page));
account_page_dirtied(page, mapping);
radix_tree_tag_set(&mapping->page_tree,
page_index(page), PAGECACHE_TAG_DIRTY);
}
- spin_unlock_irq(&mapping->tree_lock);
+ spin_unlock_irqrestore(&mapping->tree_lock, flags);
__mark_inode_dirty(mapping->host, I_DIRTY_PAGES);
}


2014-02-18 22:56:15

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 23/40] mm: __set_page_dirty_nobuffers() uses spin_lock_irqsave() instead of spin_lock_irq()

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: KOSAKI Motohiro <[email protected]>

commit a85d9df1ea1d23682a0ed1e100e6965006595d06 upstream.

During aio stress test, we observed the following lockdep warning. This
mean AIO+numa_balancing is currently deadlockable.

The problem is, aio_migratepage disable interrupt, but
__set_page_dirty_nobuffers unintentionally enable it again.

Generally, all helper function should use spin_lock_irqsave() instead of
spin_lock_irq() because they don't know caller at all.

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&(&ctx->completion_lock)->rlock);
<Interrupt>
lock(&(&ctx->completion_lock)->rlock);

*** DEADLOCK ***

dump_stack+0x19/0x1b
print_usage_bug+0x1f7/0x208
mark_lock+0x21d/0x2a0
mark_held_locks+0xb9/0x140
trace_hardirqs_on_caller+0x105/0x1d0
trace_hardirqs_on+0xd/0x10
_raw_spin_unlock_irq+0x2c/0x50
__set_page_dirty_nobuffers+0x8c/0xf0
migrate_page_copy+0x434/0x540
aio_migratepage+0xb1/0x140
move_to_new_page+0x7d/0x230
migrate_pages+0x5e5/0x700
migrate_misplaced_page+0xbc/0xf0
do_numa_page+0x102/0x190
handle_pte_fault+0x241/0x970
handle_mm_fault+0x265/0x370
__do_page_fault+0x172/0x5a0
do_page_fault+0x1a/0x70
page_fault+0x28/0x30

Signed-off-by: KOSAKI Motohiro <[email protected]>
Cc: Larry Woodman <[email protected]>
Cc: Rik van Riel <[email protected]>
Cc: Johannes Weiner <[email protected]>
Acked-by: David Rientjes <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
mm/page-writeback.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -2173,11 +2173,12 @@ int __set_page_dirty_nobuffers(struct pa
if (!TestSetPageDirty(page)) {
struct address_space *mapping = page_mapping(page);
struct address_space *mapping2;
+ unsigned long flags;

if (!mapping)
return 1;

- spin_lock_irq(&mapping->tree_lock);
+ spin_lock_irqsave(&mapping->tree_lock, flags);
mapping2 = page_mapping(page);
if (mapping2) { /* Race with truncate? */
BUG_ON(mapping2 != mapping);
@@ -2186,7 +2187,7 @@ int __set_page_dirty_nobuffers(struct pa
radix_tree_tag_set(&mapping->page_tree,
page_index(page), PAGECACHE_TAG_DIRTY);
}
- spin_unlock_irq(&mapping->tree_lock);
+ spin_unlock_irqrestore(&mapping->tree_lock, flags);
if (mapping->host) {
/* !PageAnon && !swapper_space */
__mark_inode_dirty(mapping->host, I_DIRTY_PAGES);

2014-02-18 22:47:18

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 11/40] arm64: vdso: update wtm fields for CLOCK_MONOTONIC_COARSE

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Nathan Lynch <[email protected]>

commit d4022a335271a48cce49df35d825897914fbffe3 upstream.

Update wall-to-monotonic fields in the VDSO data page
unconditionally. These are used to service CLOCK_MONOTONIC_COARSE,
which is not guarded by use_syscall.

Signed-off-by: Nathan Lynch <[email protected]>
Acked-by: Will Deacon <[email protected]>
Signed-off-by: Catalin Marinas <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arm64/kernel/vdso.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/arm64/kernel/vdso.c
+++ b/arch/arm64/kernel/vdso.c
@@ -238,6 +238,8 @@ void update_vsyscall(struct timekeeper *
vdso_data->use_syscall = use_syscall;
vdso_data->xtime_coarse_sec = xtime_coarse.tv_sec;
vdso_data->xtime_coarse_nsec = xtime_coarse.tv_nsec;
+ vdso_data->wtm_clock_sec = tk->wall_to_monotonic.tv_sec;
+ vdso_data->wtm_clock_nsec = tk->wall_to_monotonic.tv_nsec;

if (!use_syscall) {
vdso_data->cs_cycle_last = tk->clock->cycle_last;
@@ -245,8 +247,6 @@ void update_vsyscall(struct timekeeper *
vdso_data->xtime_clock_nsec = tk->xtime_nsec;
vdso_data->cs_mult = tk->mult;
vdso_data->cs_shift = tk->shift;
- vdso_data->wtm_clock_sec = tk->wall_to_monotonic.tv_sec;
- vdso_data->wtm_clock_nsec = tk->wall_to_monotonic.tv_nsec;
}

smp_wmb();

2014-02-18 22:56:40

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 20/40] ALSA: hda - Add missing mixer widget for AD1983

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <[email protected]>

commit c7579fed1f1b2567529aea64ef19871337403ab3 upstream.

The mixer widget on AD1983 at NID 0x0e was missing in the commit
[f2f8be43c5c9: ALSA: hda - Add aamix NID to AD codecs].

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=70011
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
sound/pci/hda/patch_analog.c | 1 +
1 file changed, 1 insertion(+)

--- a/sound/pci/hda/patch_analog.c
+++ b/sound/pci/hda/patch_analog.c
@@ -497,6 +497,7 @@ static int patch_ad1983(struct hda_codec
return err;
spec = codec->spec;

+ spec->gen.mixer_nid = 0x0e;
spec->gen.beep_nid = 0x10;
set_beep_amp(spec, 0x10, 0, HDA_OUTPUT);
err = ad198x_parse_auto_config(codec, false);

2014-02-18 22:57:06

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 02/40] Btrfs: disable snapshot aware defrag for now

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Josef Bacik <[email protected]>

commit 8101c8dbf6243ba517aab58d69bf1bc37d8b7b9c upstream.

It's just broken and it's taking a lot of effort to fix it, so for now just
disable it so people can defrag in peace. Thanks,

Signed-off-by: Josef Bacik <[email protected]>
Signed-off-by: Chris Mason <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
fs/btrfs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2610,7 +2610,7 @@ static int btrfs_finish_ordered_io(struc
EXTENT_DEFRAG, 1, cached_state);
if (ret) {
u64 last_snapshot = btrfs_root_last_snapshot(&root->root_item);
- if (last_snapshot >= BTRFS_I(inode)->generation)
+ if (0 && last_snapshot >= BTRFS_I(inode)->generation)
/* the inode is shared */
new = record_old_file_extents(inode, ordered_extent);


2014-02-18 22:57:32

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 19/40] ALSA: hda - Fix silent output on Toshiba Satellite L40

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <[email protected]>

commit 4528eb19b00d9ccd65ded6f8201eec704267edd8 upstream.

Toshiba Satellite L40 with AD1986A codec requires the EAPD of NID 0x1b
to be constantly on, otherwise the output doesn't work.
Unlike most of other AD1986A machines, EAPD is correctly implemented
in HD-audio manner (that is, bit set = amp on), so we need to clear
the inv_eapd flag in the fixup, too.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=67481
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
sound/pci/hda/patch_analog.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)

--- a/sound/pci/hda/patch_analog.c
+++ b/sound/pci/hda/patch_analog.c
@@ -243,6 +243,19 @@ static void ad_fixup_inv_jack_detect(str
}
}

+/* Toshiba Satellite L40 implements EAPD in a standard way unlike others */
+static void ad1986a_fixup_eapd(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ struct ad198x_spec *spec = codec->spec;
+
+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ codec->inv_eapd = 0;
+ spec->gen.keep_eapd_on = 1;
+ spec->eapd_nid = 0x1b;
+ }
+}
+
enum {
AD1986A_FIXUP_INV_JACK_DETECT,
AD1986A_FIXUP_ULTRA,
@@ -250,6 +263,7 @@ enum {
AD1986A_FIXUP_3STACK,
AD1986A_FIXUP_LAPTOP,
AD1986A_FIXUP_LAPTOP_IMIC,
+ AD1986A_FIXUP_EAPD,
};

static const struct hda_fixup ad1986a_fixups[] = {
@@ -310,6 +324,10 @@ static const struct hda_fixup ad1986a_fi
.chained_before = 1,
.chain_id = AD1986A_FIXUP_LAPTOP,
},
+ [AD1986A_FIXUP_EAPD] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = ad1986a_fixup_eapd,
+ },
};

static const struct snd_pci_quirk ad1986a_fixup_tbl[] = {
@@ -317,6 +335,7 @@ static const struct snd_pci_quirk ad1986
SND_PCI_QUIRK_MASK(0x1043, 0xff00, 0x8100, "ASUS P5", AD1986A_FIXUP_3STACK),
SND_PCI_QUIRK_MASK(0x1043, 0xff00, 0x8200, "ASUS M2", AD1986A_FIXUP_3STACK),
SND_PCI_QUIRK(0x10de, 0xcb84, "ASUS A8N-VM", AD1986A_FIXUP_3STACK),
+ SND_PCI_QUIRK(0x1179, 0xff40, "Toshiba Satellite L40", AD1986A_FIXUP_EAPD),
SND_PCI_QUIRK(0x144d, 0xc01e, "FSC V2060", AD1986A_FIXUP_LAPTOP),
SND_PCI_QUIRK_MASK(0x144d, 0xff00, 0xc000, "Samsung", AD1986A_FIXUP_SAMSUNG),
SND_PCI_QUIRK(0x144d, 0xc027, "Samsung Q1", AD1986A_FIXUP_ULTRA),

2014-02-18 22:47:16

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 13/40] arm64: vdso: prevent ld from aligning PT_LOAD segments to 64k

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Will Deacon <[email protected]>

commit 40507403485fcb56b83d6ddfc954e9b08305054c upstream.

Whilst the text segment for our VDSO is marked as PT_LOAD in the ELF
headers, it is mapped by the kernel and not actually subject to
demand-paging. ld doesn't realise this, and emits a p_align field of 64k
(the maximum supported page size), which conflicts with the load address
picked by the kernel on 4k systems, which will be 4k aligned. This
causes GDB to fail with "Failed to read a valid object file image from
memory" when attempting to load the VDSO.

This patch passes the -n option to ld, which prevents it from aligning
PT_LOAD segments to the maximum page size.

Reported-by: Kyle McMartin <[email protected]>
Acked-by: Kyle McMartin <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Catalin Marinas <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arm64/kernel/vdso/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm64/kernel/vdso/Makefile
+++ b/arch/arm64/kernel/vdso/Makefile
@@ -48,7 +48,7 @@ $(obj-vdso): %.o: %.S

# Actual build commands
quiet_cmd_vdsold = VDSOL [email protected]
- cmd_vdsold = $(CC) $(c_flags) -Wl,-T $^ -o [email protected]
+ cmd_vdsold = $(CC) $(c_flags) -Wl,-n -Wl,-T $^ -o [email protected]
quiet_cmd_vdsoas = VDSOA [email protected]
cmd_vdsoas = $(CC) $(a_flags) -c -o [email protected] $<


2014-02-18 22:57:52

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 18/40] ALSA: hda - Fix missing VREF setup for Mac Pro 1,1

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <[email protected]>

commit c20f31ec421ea4fabea5e95a6afd46c5f41e5599 upstream.

Mac Pro 1,1 with ALC889A codec needs the VREF setup on NID 0x18 to
VREF50, in order to make the speaker working. The same fixup was
already needed for MacBook Air 1,1, so we can reuse it.

Reported-by: Nicolai Beuermann <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
sound/pci/hda/patch_realtek.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1782,6 +1782,7 @@ enum {
ALC889_FIXUP_IMAC91_VREF,
ALC889_FIXUP_MBA11_VREF,
ALC889_FIXUP_MBA21_VREF,
+ ALC889_FIXUP_MP11_VREF,
ALC882_FIXUP_INV_DMIC,
ALC882_FIXUP_NO_PRIMARY_HP,
ALC887_FIXUP_ASUS_BASS,
@@ -2142,6 +2143,12 @@ static const struct hda_fixup alc882_fix
.chained = true,
.chain_id = ALC889_FIXUP_MBP_VREF,
},
+ [ALC889_FIXUP_MP11_VREF] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc889_fixup_mba11_vref,
+ .chained = true,
+ .chain_id = ALC885_FIXUP_MACPRO_GPIO,
+ },
[ALC882_FIXUP_INV_DMIC] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_inv_dmic_0x12,
@@ -2205,7 +2212,7 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x106b, 0x00a0, "MacBookPro 3,1", ALC889_FIXUP_MBP_VREF),
SND_PCI_QUIRK(0x106b, 0x00a1, "Macbook", ALC889_FIXUP_MBP_VREF),
SND_PCI_QUIRK(0x106b, 0x00a4, "MacbookPro 4,1", ALC889_FIXUP_MBP_VREF),
- SND_PCI_QUIRK(0x106b, 0x0c00, "Mac Pro", ALC885_FIXUP_MACPRO_GPIO),
+ SND_PCI_QUIRK(0x106b, 0x0c00, "Mac Pro", ALC889_FIXUP_MP11_VREF),
SND_PCI_QUIRK(0x106b, 0x1000, "iMac 24", ALC885_FIXUP_MACPRO_GPIO),
SND_PCI_QUIRK(0x106b, 0x2800, "AppleTV", ALC885_FIXUP_MACPRO_GPIO),
SND_PCI_QUIRK(0x106b, 0x2c00, "MacbookPro rev3", ALC889_FIXUP_MBP_VREF),

2014-02-18 22:58:19

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 17/40] ALSA: usb-audio: Add missing kconfig dependecy

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <[email protected]>

commit 4fa71c1550a857ff1dbfe9e99acc1f4cfec5f0d0 upstream.

The commit 44dcbbb1cd61 introduced the usage of bitreverse helpers but
forgot to add the dependency. This patch adds the selection for
CONFIG_BITREVERSE.

Fixes: 44dcbbb1cd61 ('ALSA: snd-usb: add support for bit-reversed byte formats')
Reported-by: Fengguang Wu <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
sound/usb/Kconfig | 1 +
1 file changed, 1 insertion(+)

--- a/sound/usb/Kconfig
+++ b/sound/usb/Kconfig
@@ -14,6 +14,7 @@ config SND_USB_AUDIO
select SND_HWDEP
select SND_RAWMIDI
select SND_PCM
+ select BITREVERSE
help
Say Y here to include support for USB audio and USB MIDI
devices.

2014-02-18 22:58:55

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 16/40] arm64: add DSB after icache flush in __flush_icache_all()

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Vinayak Kale <[email protected]>

commit 5044bad43ee573d0b6d90e3ccb7a40c2c7d25eb4 upstream.

Add DSB after icache flush to complete the cache maintenance operation.
The function __flush_icache_all() is used only for user space mappings
and an ISB is not required because of an exception return before executing
user instructions. An exception return would behave like an ISB.

Signed-off-by: Vinayak Kale <[email protected]>
Acked-by: Will Deacon <[email protected]>
Signed-off-by: Catalin Marinas <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arm64/include/asm/cacheflush.h | 1 +
1 file changed, 1 insertion(+)

--- a/arch/arm64/include/asm/cacheflush.h
+++ b/arch/arm64/include/asm/cacheflush.h
@@ -116,6 +116,7 @@ extern void flush_dcache_page(struct pag
static inline void __flush_icache_all(void)
{
asm("ic ialluis");
+ dsb();
}

#define flush_dcache_mmap_lock(mapping) \

2014-02-18 22:59:58

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 15/40] arm64: vdso: fix coarse clock handling

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Nathan Lynch <[email protected]>

commit 069b918623e1510e58dacf178905a72c3baa3ae4 upstream.

When __kernel_clock_gettime is called with a CLOCK_MONOTONIC_COARSE or
CLOCK_REALTIME_COARSE clock id, it returns incorrectly to whatever the
caller has placed in x2 ("ret x2" to return from the fast path). Fix
this by saving x30/LR to x2 only in code that will call
__do_get_tspec, restoring x30 afterward, and using a plain "ret" to
return from the routine.

Also: while the resulting tv_nsec value for CLOCK_REALTIME and
CLOCK_MONOTONIC must be computed using intermediate values that are
left-shifted by cs_shift (x12, set by __do_get_tspec), the results for
coarse clocks should be calculated using unshifted values
(xtime_coarse_nsec is in units of actual nanoseconds). The current
code shifts intermediate values by x12 unconditionally, but x12 is
uninitialized when servicing a coarse clock. Fix this by setting x12
to 0 once we know we are dealing with a coarse clock id.

Signed-off-by: Nathan Lynch <[email protected]>
Acked-by: Will Deacon <[email protected]>
Signed-off-by: Catalin Marinas <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arm64/kernel/vdso/gettimeofday.S | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

--- a/arch/arm64/kernel/vdso/gettimeofday.S
+++ b/arch/arm64/kernel/vdso/gettimeofday.S
@@ -103,6 +103,8 @@ ENTRY(__kernel_clock_gettime)
bl __do_get_tspec
seqcnt_check w9, 1b

+ mov x30, x2
+
cmp w0, #CLOCK_MONOTONIC
b.ne 6f

@@ -118,6 +120,9 @@ ENTRY(__kernel_clock_gettime)
ccmp w0, #CLOCK_MONOTONIC_COARSE, #0x4, ne
b.ne 8f

+ /* xtime_coarse_nsec is already right-shifted */
+ mov x12, #0
+
/* Get coarse timespec. */
adr vdso_data, _vdso_data
3: seqcnt_acquire
@@ -156,7 +161,7 @@ ENTRY(__kernel_clock_gettime)
lsr x11, x11, x12
stp x10, x11, [x1, #TSPEC_TV_SEC]
mov x0, xzr
- ret x2
+ ret
7:
mov x30, x2
8: /* Syscall fallback. */

2014-02-18 23:00:44

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 14/40] arm64: Invalidate the TLB when replacing pmd entries during boot

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Catalin Marinas <[email protected]>

commit a55f9929a9b257f84b6cc7b2397379cabd744a22 upstream.

With the 64K page size configuration, __create_page_tables in head.S
maps enough memory to get started but using 64K pages rather than 512M
sections with a single pgd/pud/pmd entry pointing to a pte table.
create_mapping() may override the pgd/pud/pmd table entry with a block
(section) one if the RAM size is more than 512MB and aligned correctly.
For the end of this block to be accessible, the old TLB entry must be
invalidated.

Reported-by: Mark Salter <[email protected]>
Tested-by: Mark Salter <[email protected]>
Signed-off-by: Catalin Marinas <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arm64/mm/mmu.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -203,10 +203,18 @@ static void __init alloc_init_pmd(pud_t
do {
next = pmd_addr_end(addr, end);
/* try section mapping first */
- if (((addr | next | phys) & ~SECTION_MASK) == 0)
+ if (((addr | next | phys) & ~SECTION_MASK) == 0) {
+ pmd_t old_pmd =*pmd;
set_pmd(pmd, __pmd(phys | prot_sect_kernel));
- else
+ /*
+ * Check for previous table entries created during
+ * boot (__create_page_tables) and flush them.
+ */
+ if (!pmd_none(old_pmd))
+ flush_tlb_all();
+ } else {
alloc_init_pte(pmd, addr, next, __phys_to_pfn(phys));
+ }
phys += next - addr;
} while (pmd++, addr = next, addr != end);
}

2014-02-18 23:01:13

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 10/40] irqchip: armada-370-xp: fix MSI race condition

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Lior Amsalem <[email protected]>

commit c7f7bd4a136e4b02dd2a66bf95aec545bd93e8db upstream.

In the Armada 370/XP driver, when we receive an IRQ 1, we read the
list of doorbells that caused the interrupt from register
ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS. This gives the list of MSIs that
were generated. However, instead of acknowledging only the MSIs that
were generated, we acknowledge *all* the MSIs, by writing
~MSI_DOORBELL_MASK in the ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS register.

This creates a race condition: if a new MSI that isn't part of the
ones read into the temporary "msimask" variable is fired before we
acknowledge all MSIs, then we will simply loose it.

It is important to mention that this ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS
register has the following behavior: "A CPU write of 0 clears the bits
in this field. A CPU write of 1 has no effect". This is what allows us
to simply write ~msimask to acknoledge the handled MSIs.

Notice that the same problem is present in the IPI implementation, but
it is fixed as a separate patch, so that this IPI fix can be pushed to
older stable versions as appropriate (all the way to 3.8), while the
MSI code only appeared in 3.13.

Signed-off-by: Lior Amsalem <[email protected]>
Signed-off-by: Thomas Petazzoni <[email protected]>
Signed-off-by: Jason Cooper <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/irqchip/irq-armada-370-xp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/irqchip/irq-armada-370-xp.c
+++ b/drivers/irqchip/irq-armada-370-xp.c
@@ -381,7 +381,7 @@ armada_370_xp_handle_irq(struct pt_regs
ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS)
& PCI_MSI_DOORBELL_MASK;

- writel(~PCI_MSI_DOORBELL_MASK, per_cpu_int_base +
+ writel(~msimask, per_cpu_int_base +
ARMADA_370_XP_IN_DRBEL_CAUSE_OFFS);

for (msinr = PCI_MSI_DOORBELL_START;

2014-02-18 23:01:50

by Greg KH

[permalink] [raw]
Subject: [PATCH 3.13 01/40] SELinux: Fix kernel BUG on empty security contexts.

3.13-stable review patch. If anyone has any objections, please let me know.

------------------

From: Stephen Smalley <[email protected]>

commit 2172fa709ab32ca60e86179dc67d0857be8e2c98 upstream.

Setting an empty security context (length=0) on a file will
lead to incorrectly dereferencing the type and other fields
of the security context structure, yielding a kernel BUG.
As a zero-length security context is never valid, just reject
all such security contexts whether coming from userspace
via setxattr or coming from the filesystem upon a getxattr
request by SELinux.

Setting a security context value (empty or otherwise) unknown to
SELinux in the first place is only possible for a root process
(CAP_MAC_ADMIN), and, if running SELinux in enforcing mode, only
if the corresponding SELinux mac_admin permission is also granted
to the domain by policy. In Fedora policies, this is only allowed for
specific domains such as livecd for setting down security contexts
that are not defined in the build host policy.

Reproducer:
su
setenforce 0
touch foo
setfattr -n security.selinux foo

Caveat:
Relabeling or removing foo after doing the above may not be possible
without booting with SELinux disabled. Any subsequent access to foo
after doing the above will also trigger the BUG.

BUG output from Matthew Thode:
[ 473.893141] ------------[ cut here ]------------
[ 473.962110] kernel BUG at security/selinux/ss/services.c:654!
[ 473.995314] invalid opcode: 0000 [#6] SMP
[ 474.027196] Modules linked in:
[ 474.058118] CPU: 0 PID: 8138 Comm: ls Tainted: G D I
3.13.0-grsec #1
[ 474.116637] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0
07/29/10
[ 474.149768] task: ffff8805f50cd010 ti: ffff8805f50cd488 task.ti:
ffff8805f50cd488
[ 474.183707] RIP: 0010:[<ffffffff814681c7>] [<ffffffff814681c7>]
context_struct_compute_av+0xce/0x308
[ 474.219954] RSP: 0018:ffff8805c0ac3c38 EFLAGS: 00010246
[ 474.252253] RAX: 0000000000000000 RBX: ffff8805c0ac3d94 RCX:
0000000000000100
[ 474.287018] RDX: ffff8805e8aac000 RSI: 00000000ffffffff RDI:
ffff8805e8aaa000
[ 474.321199] RBP: ffff8805c0ac3cb8 R08: 0000000000000010 R09:
0000000000000006
[ 474.357446] R10: 0000000000000000 R11: ffff8805c567a000 R12:
0000000000000006
[ 474.419191] R13: ffff8805c2b74e88 R14: 00000000000001da R15:
0000000000000000
[ 474.453816] FS: 00007f2e75220800(0000) GS:ffff88061fc00000(0000)
knlGS:0000000000000000
[ 474.489254] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 474.522215] CR2: 00007f2e74716090 CR3: 00000005c085e000 CR4:
00000000000207f0
[ 474.556058] Stack:
[ 474.584325] ffff8805c0ac3c98 ffffffff811b549b ffff8805c0ac3c98
ffff8805f1190a40
[ 474.618913] ffff8805a6202f08 ffff8805c2b74e88 00068800d0464990
ffff8805e8aac860
[ 474.653955] ffff8805c0ac3cb8 000700068113833a ffff880606c75060
ffff8805c0ac3d94
[ 474.690461] Call Trace:
[ 474.723779] [<ffffffff811b549b>] ? lookup_fast+0x1cd/0x22a
[ 474.778049] [<ffffffff81468824>] security_compute_av+0xf4/0x20b
[ 474.811398] [<ffffffff8196f419>] avc_compute_av+0x2a/0x179
[ 474.843813] [<ffffffff8145727b>] avc_has_perm+0x45/0xf4
[ 474.875694] [<ffffffff81457d0e>] inode_has_perm+0x2a/0x31
[ 474.907370] [<ffffffff81457e76>] selinux_inode_getattr+0x3c/0x3e
[ 474.938726] [<ffffffff81455cf6>] security_inode_getattr+0x1b/0x22
[ 474.970036] [<ffffffff811b057d>] vfs_getattr+0x19/0x2d
[ 475.000618] [<ffffffff811b05e5>] vfs_fstatat+0x54/0x91
[ 475.030402] [<ffffffff811b063b>] vfs_lstat+0x19/0x1b
[ 475.061097] [<ffffffff811b077e>] SyS_newlstat+0x15/0x30
[ 475.094595] [<ffffffff8113c5c1>] ? __audit_syscall_entry+0xa1/0xc3
[ 475.148405] [<ffffffff8197791e>] system_call_fastpath+0x16/0x1b
[ 475.179201] Code: 00 48 85 c0 48 89 45 b8 75 02 0f 0b 48 8b 45 a0 48
8b 3d 45 d0 b6 00 8b 40 08 89 c6 ff ce e8 d1 b0 06 00 48 85 c0 49 89 c7
75 02 <0f> 0b 48 8b 45 b8 4c 8b 28 eb 1e 49 8d 7d 08 be 80 01 00 00 e8
[ 475.255884] RIP [<ffffffff814681c7>]
context_struct_compute_av+0xce/0x308
[ 475.296120] RSP <ffff8805c0ac3c38>
[ 475.328734] ---[ end trace f076482e9d754adc ]---

Reported-by: Matthew Thode <[email protected]>
Signed-off-by: Stephen Smalley <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
security/selinux/ss/services.c | 4 ++++
1 file changed, 4 insertions(+)

--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(
struct context context;
int rc = 0;

+ /* An empty security context is never valid. */
+ if (!scontext_len)
+ return -EINVAL;
+
if (!ss_initialized) {
int i;


2014-02-19 04:37:37

by Guenter Roeck

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Tue, Feb 18, 2014 at 02:47:01PM -0800, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.13.4 release.
> There are 40 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> Anything received after that time might be too late.
>

Build results:
total: 126 pass: 122 skipped: 4 fail: 0

qemu tests all passed.

Details are available at http://server.roeck-us.net:8010/builders.

Results are as expected.

Guenter

2014-02-19 12:53:03

by Stefan Lippers-Hollmann

[permalink] [raw]
Subject: Re: [PATCH 3.13 39/40] intel_pstate: Take core C0 time into account for core busy calculation

Hi

On Tuesday 18 February 2014, Greg Kroah-Hartman wrote:
> 3.13-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Dirk Brandewie <[email protected]>
>
> commit fcb6a15c2e7e76d493e6f91ea889ab40e1c643a4 upstream.
>
> Take non-idle time into account when calculating core busy time.
> This ensures that intel_pstate will notice a decrease in load.
>
> References: https://bugzilla.kernel.org/show_bug.cgi?id=66581
> Cc: 3.10+ <[email protected]> # 3.10+
> Signed-off-by: Dirk Brandewie <[email protected]>
> Signed-off-by: Rafael J. Wysocki <[email protected]>
> Signed-off-by: Greg Kroah-Hartman <[email protected]>

This patch, as part of v3.13.4-rc1 causes a kernel package very early
during the boot on at least sandy-bridge (H67) and ivy-bridge (H77),
the call trace (slightly cut on top, as it doesn't fit on the screen;
copied by hand - so it might contains typos, especially in the
heaxdecimal values) is:

RDX: 0000000000000000 RSI: 0000000000006000 RDI: 0000000000002200
RBP: 00000009efce4c2b R08: 0000000a3e90e95c R09: 0000000000017700
R10: 0000000000000026 R11: 000000000000002a R12: 0000000000000000
R13: ffff880408ac4c2b R14: ffff88041f20c388 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fff88041f5ff000 CR3: 000000000d510000 CR4: 00000000000407f0
Stack:
00000000fffffffd ffff880408ac4a00 ffff880408ac4800 ffffffff81294b82
ffff880408ac4800 0000000000000000 0000000000000000 0000000000000000
ffffffff812925b3 0000000000000011 ffffffff81578e70 ffff880408ca9de8
Call Trace:
[<ffffffff81294b82>] ? intel_pstate_cpu_init+0x107/0x1c2
[<ffffffff812925b3>] ? __cpufreq_add_dev.isra.23+0x30c/0x676
[<ffffffff81269174>] ? subsys_interface_register+0xab/0xdf
[<ffffffff8106d2df>] ? arch_local_irq_save+0x11/0x17
[<ffffffff81291279>] ? cpufreq_register_driver+0x9e/0x143
[<ffffffff8129438d>] ? core_get_min_pstate+0x19/0x19
[<ffffffff815df06e>] ? intel_pstate_init+0x269/0x397
[<ffffffff815dee05>] ? intel_pstate_setup+0x29/0x29
[<ffffffff810020da>] ? do_one_initcall+0x88/0x123
[<ffffffff81057794>] ? parse_args+0x182/0x236
[<ffffffff815adee1>] ? kernel_init_freeable+0x183/0x208
[<ffffffff815ad721>] ? do_early_param+0x81/0x81
[<ffffffff8136d288>] ? rest_init+0x7c/0x7c
[<ffffffff8136d28d>] ? kernel_init+0x5/0xfa
[<ffffffff8137e1cc>] ? ret_from_fork+0x7c/0x7c
[<ffffffff8136d288>] ? rest_init+0x7c/0x7c
Code: 00 48 6b 41 08 64 48 8b 79 10 49 c1 e1 08 48 f7 f7 31 d2 48 89 c6 48 6b c7 64 49 63 f9 4c 69 ce e8 03 00 00 48 c1 e6 08 48 63 f6 <48> f7 71 18 49 c1 e1 09 4d 63 c9 49 0f af f9 48 8d 50 01 48 c1
RIP [<ffffffff812947c4>] intel_pstate_sample+0xb6/0x104
RSP <ffff880408ca9d28>
---[ end trace 682f24c8e98de9df ]---
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

Reverting just this patch from 3.13.4-rc1 fixes the regression.

Regards
Stefan Lippers-Hollmann

2014-02-19 16:41:52

by Dirk Brandewie

[permalink] [raw]
Subject: Re: [PATCH 3.13 39/40] intel_pstate: Take core C0 time into account for core busy calculation

On 02/19/2014 04:52 AM, Stefan Lippers-Hollmann wrote:
> Hi
>
> On Tuesday 18 February 2014, Greg Kroah-Hartman wrote:
>> 3.13-stable review patch. If anyone has any objections, please let me know.
>>
>> ------------------
>>
>> From: Dirk Brandewie <[email protected]>
>>
>> commit fcb6a15c2e7e76d493e6f91ea889ab40e1c643a4 upstream.
>>
>> Take non-idle time into account when calculating core busy time.
>> This ensures that intel_pstate will notice a decrease in load.
>>
>> References: https://bugzilla.kernel.org/show_bug.cgi?id=66581
>> Cc: 3.10+ <[email protected]> # 3.10+
>> Signed-off-by: Dirk Brandewie <[email protected]>
>> Signed-off-by: Rafael J. Wysocki <[email protected]>
>> Signed-off-by: Greg Kroah-Hartman <[email protected]>
>
> This patch, as part of v3.13.4-rc1 causes a kernel package very early
> during the boot on at least sandy-bridge (H67) and ivy-bridge (H77),
> the call trace (slightly cut on top, as it doesn't fit on the screen;
> copied by hand - so it might contains typos, especially in the
> heaxdecimal values) is:
>

Somehow I fat fingered it and sent an incomplete patch :-(

A replacement is on the way.

--Dirk
> RDX: 0000000000000000 RSI: 0000000000006000 RDI: 0000000000002200
> RBP: 00000009efce4c2b R08: 0000000a3e90e95c R09: 0000000000017700
> R10: 0000000000000026 R11: 000000000000002a R12: 0000000000000000
> R13: ffff880408ac4c2b R14: ffff88041f20c388 R15: 0000000000000000
> FS: 0000000000000000(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: fff88041f5ff000 CR3: 000000000d510000 CR4: 00000000000407f0
> Stack:
> 00000000fffffffd ffff880408ac4a00 ffff880408ac4800 ffffffff81294b82
> ffff880408ac4800 0000000000000000 0000000000000000 0000000000000000
> ffffffff812925b3 0000000000000011 ffffffff81578e70 ffff880408ca9de8
> Call Trace:
> [<ffffffff81294b82>] ? intel_pstate_cpu_init+0x107/0x1c2
> [<ffffffff812925b3>] ? __cpufreq_add_dev.isra.23+0x30c/0x676
> [<ffffffff81269174>] ? subsys_interface_register+0xab/0xdf
> [<ffffffff8106d2df>] ? arch_local_irq_save+0x11/0x17
> [<ffffffff81291279>] ? cpufreq_register_driver+0x9e/0x143
> [<ffffffff8129438d>] ? core_get_min_pstate+0x19/0x19
> [<ffffffff815df06e>] ? intel_pstate_init+0x269/0x397
> [<ffffffff815dee05>] ? intel_pstate_setup+0x29/0x29
> [<ffffffff810020da>] ? do_one_initcall+0x88/0x123
> [<ffffffff81057794>] ? parse_args+0x182/0x236
> [<ffffffff815adee1>] ? kernel_init_freeable+0x183/0x208
> [<ffffffff815ad721>] ? do_early_param+0x81/0x81
> [<ffffffff8136d288>] ? rest_init+0x7c/0x7c
> [<ffffffff8136d28d>] ? kernel_init+0x5/0xfa
> [<ffffffff8137e1cc>] ? ret_from_fork+0x7c/0x7c
> [<ffffffff8136d288>] ? rest_init+0x7c/0x7c
> Code: 00 48 6b 41 08 64 48 8b 79 10 49 c1 e1 08 48 f7 f7 31 d2 48 89 c6 48 6b c7 64 49 63 f9 4c 69 ce e8 03 00 00 48 c1 e6 08 48 63 f6 <48> f7 71 18 49 c1 e1 09 4d 63 c9 49 0f af f9 48 8d 50 01 48 c1
> RIP [<ffffffff812947c4>] intel_pstate_sample+0xb6/0x104
> RSP <ffff880408ca9d28>
> ---[ end trace 682f24c8e98de9df ]---
> Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>
> Reverting just this patch from 3.13.4-rc1 fixes the regression.
>
> Regards
> Stefan Lippers-Hollmann
>

2014-02-20 00:16:29

by Shuah Khan

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On 02/18/2014 03:47 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 3.13.4 release.
> There are 40 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.13.4-rc1.gz
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>

Compile tests and boot tests passed.

On Intel systems, there are no dmesg regressions: emerg, crit, alert,
err are clean. No regressions in warn.

On AMD systems, the following new error messages - suspect is to
drivers/regulator/core.c - patch

3.13.4 - amd:
> sdhci-pci 0000:02:00.1: dummy supplies not allowed
> sdhci-pci 0000:02:00.1: dummy supplies not allowed
drivers/regulator/core.c - patch

Mark Brown <[email protected]>
regulator: core: Correct default return value for full constraints

Is this a problem???

-- Shuah

--
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
[email protected] | (970) 672-0658

2014-02-20 00:36:55

by Mark Brown

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Wed, Feb 19, 2014 at 05:16:22PM -0700, Shuah Khan wrote:

> On Intel systems, there are no dmesg regressions: emerg, crit,
> alert, err are clean. No regressions in warn.

> On AMD systems, the following new error messages - suspect is to
> drivers/regulator/core.c - patch

> 3.13.4 - amd:
> > sdhci-pci 0000:02:00.1: dummy supplies not allowed
> > sdhci-pci 0000:02:00.1: dummy supplies not allowed
> drivers/regulator/core.c - patch

This is nothing to do with AMD or Intel, it's to do with if your system
has a sdhci-pci device in it. This shouldn't result in a change in
actual behaviour, it's just a warning caused by the fact that we now do
provide dummies for other devices.


Attachments:
(No filename) (687.00 B)
signature.asc (836.00 B)
Digital signature
Download all attachments

2014-02-20 01:20:21

by Shuah Khan

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On 02/19/2014 05:36 PM, Mark Brown wrote:
> On Wed, Feb 19, 2014 at 05:16:22PM -0700, Shuah Khan wrote:
>
>> On Intel systems, there are no dmesg regressions: emerg, crit,
>> alert, err are clean. No regressions in warn.
>
>> On AMD systems, the following new error messages - suspect is to
>> drivers/regulator/core.c - patch
>
>> 3.13.4 - amd:
>>> sdhci-pci 0000:02:00.1: dummy supplies not allowed
>>> sdhci-pci 0000:02:00.1: dummy supplies not allowed
>> drivers/regulator/core.c - patch
>
> This is nothing to do with AMD or Intel, it's to do with if your system
> has a sdhci-pci device in it. This shouldn't result in a change in
> actual behaviour, it's just a warning caused by the fact that we now do
> provide dummies for other devices.
>

Right. I think this message should be a warning instead of an error.
Error is too alarming, unless there is a good reason for it to be an error.

-- Shuah

--
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
[email protected] | (970) 672-0658

2014-02-20 02:49:59

by Mark Brown

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Wed, Feb 19, 2014 at 06:20:13PM -0700, Shuah Khan wrote:

> Right. I think this message should be a warning instead of an error.
> Error is too alarming, unless there is a good reason for it to be an
> error.

Patches welcome...


Attachments:
(No filename) (232.00 B)
signature.asc (836.00 B)
Digital signature
Download all attachments

2014-02-20 10:26:53

by Satoru Takeuchi

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

Hi Greg,

At Tue, 18 Feb 2014 14:47:01 -0800,
Greg Kroah-Hartman wrote:
>
> This is the start of the stable review cycle for the 3.13.4 release.
> There are 40 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> Anything received after that time might be too late.

All 3.13.4-rc1, 3.12.12-rc1, 3.10.31-rc1, and 3.4.81-rc1 passed my test.

- Test Cases:
- Build this kernel.
- Boot this kernel.
- Build the latest mainline kernel with this kernel.

- Test Tool:
https://github.com/satoru-takeuchi/test-linux-stable

- Test Result (kernel .config, ktest config and test log):
http://satoru-takeuchi.org/test-linux-stable/results/<version>-<test datetime>.xz

- Build Environment:
- OS: Debian Jessy x86_64
- CPU: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz x 4
- memory: 8GB

- Test Target Environment:
- Debian Jessy x86_64 (KVM guest on the Build Environment)
- # of vCPU: 2
- memory: 2GB

Thanks,
Satoru

2014-02-20 13:40:40

by Shuah Khan

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On 02/19/2014 07:34 PM, Mark Brown wrote:
> On Wed, Feb 19, 2014 at 06:20:13PM -0700, Shuah Khan wrote:
>
>> Right. I think this message should be a warning instead of an error.
>> Error is too alarming, unless there is a good reason for it to be an
>> error.
>
> Patches welcome...
>

ok I will send one soon then :)

-- Shuah

--
Shuah Khan
Senior Linux Kernel Developer - Open Source Group
Samsung Research America(Silicon Valley)
[email protected] | (970) 672-0658

2014-02-20 14:45:47

by Mark Brown

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Thu, Feb 20, 2014 at 06:40:34AM -0700, Shuah Khan wrote:
> On 02/19/2014 07:34 PM, Mark Brown wrote:

> >Patches welcome...

> ok I will send one soon then :)

Thanks - if you forget I probably will get round to it but it's easier
if you fix.


Attachments:
(No filename) (246.00 B)
signature.asc (836.00 B)
Digital signature
Download all attachments

2014-02-20 18:27:59

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Wed, Feb 19, 2014 at 05:16:22PM -0700, Shuah Khan wrote:
> On 02/18/2014 03:47 PM, Greg Kroah-Hartman wrote:
> >This is the start of the stable review cycle for the 3.13.4 release.
> >There are 40 patches in this series, all will be posted as a response
> >to this one. If anyone has any issues with these being applied, please
> >let me know.
> >
> >Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> >Anything received after that time might be too late.
> >
> >The whole patch series can be found in one patch at:
> > kernel.org/pub/linux/kernel/v3.0/stable-review/patch-3.13.4-rc1.gz
> >and the diffstat can be found below.
> >
> >thanks,
> >
> >greg k-h
> >
>
> Compile tests and boot tests passed.
>
> On Intel systems, there are no dmesg regressions: emerg, crit, alert, err
> are clean. No regressions in warn.
>
> On AMD systems, the following new error messages - suspect is to
> drivers/regulator/core.c - patch


Thanks for testing all 4 of these releases, much appreciated.

greg k-h

2014-02-20 18:29:54

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Thu, Feb 20, 2014 at 07:26:35PM +0900, Satoru Takeuchi wrote:
> Hi Greg,
>
> At Tue, 18 Feb 2014 14:47:01 -0800,
> Greg Kroah-Hartman wrote:
> >
> > This is the start of the stable review cycle for the 3.13.4 release.
> > There are 40 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> > Anything received after that time might be too late.
>
> All 3.13.4-rc1, 3.12.12-rc1, 3.10.31-rc1, and 3.4.81-rc1 passed my test.

Thanks for testing and letting me know.

greg k-h

2014-02-20 18:30:54

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Tue, Feb 18, 2014 at 08:30:26PM -0800, Guenter Roeck wrote:
> On Tue, Feb 18, 2014 at 02:47:01PM -0800, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 3.13.4 release.
> > There are 40 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> > Anything received after that time might be too late.
> >
>
> Build results:
> total: 126 pass: 122 skipped: 4 fail: 0
>
> qemu tests all passed.
>
> Details are available at http://server.roeck-us.net:8010/builders.
>
> Results are as expected.

Thanks for testing and letting me know. Interesting that the pstate
buggy patch didn't hit your build system testing...

thanks,

greg k-h

2014-02-20 23:23:38

by Guenter Roeck

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Thu, Feb 20, 2014 at 10:32:20AM -0800, Greg Kroah-Hartman wrote:
> On Tue, Feb 18, 2014 at 08:30:26PM -0800, Guenter Roeck wrote:
> > On Tue, Feb 18, 2014 at 02:47:01PM -0800, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 3.13.4 release.
> > > There are 40 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> > > Anything received after that time might be too late.
> > >
> >
> > Build results:
> > total: 126 pass: 122 skipped: 4 fail: 0
> >
> > qemu tests all passed.
> >
> > Details are available at http://server.roeck-us.net:8010/builders.
> >
> > Results are as expected.
>
> Thanks for testing and letting me know. Interesting that the pstate
> buggy patch didn't hit your build system testing...
>
Nothing is perfect :-(. You mean the one where your builder
takes much more time to build the kernel with the patch applied,
or was here another one ?

Guenter

2014-02-20 23:30:35

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On Thu, Feb 20, 2014 at 03:23:32PM -0800, Guenter Roeck wrote:
> On Thu, Feb 20, 2014 at 10:32:20AM -0800, Greg Kroah-Hartman wrote:
> > On Tue, Feb 18, 2014 at 08:30:26PM -0800, Guenter Roeck wrote:
> > > On Tue, Feb 18, 2014 at 02:47:01PM -0800, Greg Kroah-Hartman wrote:
> > > > This is the start of the stable review cycle for the 3.13.4 release.
> > > > There are 40 patches in this series, all will be posted as a response
> > > > to this one. If anyone has any issues with these being applied, please
> > > > let me know.
> > > >
> > > > Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
> > > > Anything received after that time might be too late.
> > > >
> > >
> > > Build results:
> > > total: 126 pass: 122 skipped: 4 fail: 0
> > >
> > > qemu tests all passed.
> > >
> > > Details are available at http://server.roeck-us.net:8010/builders.
> > >
> > > Results are as expected.
> >
> > Thanks for testing and letting me know. Interesting that the pstate
> > buggy patch didn't hit your build system testing...
> >
> Nothing is perfect :-(. You mean the one where your builder
> takes much more time to build the kernel with the patch applied,
> or was here another one ?

That same patch caused a bunch of boot-time failures on some systems.
But not all of them, I think it depended on the hardware present.

2014-02-21 02:49:37

by Guenter Roeck

[permalink] [raw]
Subject: Re: [PATCH 3.13 00/40] 3.13.4-stable review

On 02/20/2014 03:32 PM, Greg Kroah-Hartman wrote:
> On Thu, Feb 20, 2014 at 03:23:32PM -0800, Guenter Roeck wrote:
>> On Thu, Feb 20, 2014 at 10:32:20AM -0800, Greg Kroah-Hartman wrote:
>>> On Tue, Feb 18, 2014 at 08:30:26PM -0800, Guenter Roeck wrote:
>>>> On Tue, Feb 18, 2014 at 02:47:01PM -0800, Greg Kroah-Hartman wrote:
>>>>> This is the start of the stable review cycle for the 3.13.4 release.
>>>>> There are 40 patches in this series, all will be posted as a response
>>>>> to this one. If anyone has any issues with these being applied, please
>>>>> let me know.
>>>>>
>>>>> Responses should be made by Thu Feb 20 22:44:22 UTC 2014.
>>>>> Anything received after that time might be too late.
>>>>>
>>>>
>>>> Build results:
>>>> total: 126 pass: 122 skipped: 4 fail: 0
>>>>
>>>> qemu tests all passed.
>>>>
>>>> Details are available at http://server.roeck-us.net:8010/builders.
>>>>
>>>> Results are as expected.
>>>
>>> Thanks for testing and letting me know. Interesting that the pstate
>>> buggy patch didn't hit your build system testing...
>>>
>> Nothing is perfect :-(. You mean the one where your builder
>> takes much more time to build the kernel with the patch applied,
>> or was here another one ?
>
> That same patch caused a bunch of boot-time failures on some systems.
> But not all of them, I think it depended on the hardware present.
>

My tests are not sophisticated enough to catch that kind of problem,
sorry. I am more surprised that Fenguang's test robot didn't find it;
that thing seems to catch pretty much everything nowadays.

Guenter