Commit Graph

361563 Commits

Author SHA1 Message Date
Marcelo Tosatti
2ae33b3896 Merge remote-tracking branch 'upstream/master' into queue
Merge reason:

From: Alexander Graf <agraf@suse.de>

"Just recently this really important patch got pulled into Linus' tree for 3.9:

commit 1674400aae
Author: Anton Blanchard <anton <at> samba.org>
Date:   Tue Mar 12 01:51:51 2013 +0000

Without that commit, I can not boot my G5, thus I can't run automated tests on it against my queue.

Could you please merge kvm/next against linus/master, so that I can base my trees against that?"

* upstream/master: (653 commits)
  PCI: Use ROM images from firmware only if no other ROM source available
  sparc: remove unused "config BITS"
  sparc: delete "if !ULTRA_HAS_POPULATION_COUNT"
  KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)
  KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797)
  KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)
  arm64: Kconfig.debug: Remove unused CONFIG_DEBUG_ERRORS
  arm64: Do not select GENERIC_HARDIRQS_NO_DEPRECATED
  inet: limit length of fragment queue hash table bucket lists
  qeth: Fix scatter-gather regression
  qeth: Fix invalid router settings handling
  qeth: delay feature trace
  sgy-cts1000: Remove __dev* attributes
  KVM: x86: fix deadlock in clock-in-progress request handling
  KVM: allow host header to be included even for !CONFIG_KVM
  hwmon: (lm75) Fix tcn75 prefix
  hwmon: (lm75.h) Update header inclusion
  MAINTAINERS: Remove Mark M. Hoffman
  xfs: ensure we capture IO errors correctly
  xfs: fix xfs_iomap_eof_prealloc_initial_size type
  ...

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-21 11:11:52 -03:00
Paolo Bonzini
04b66839d3 KVM: x86: correctly initialize the CS base on reset
The CS base was initialized to 0 on VMX (wrong, but usually overridden
by userspace before starting) or 0xf0000 on SVM.  The correct value is
0xffff0000, and VMX is able to emulate it now, so use it.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-20 17:34:55 -03:00
Linus Torvalds
2ffdd7e23c vfio fix for v3.9-rc4
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQIcBAABAgAGBQJRSOiDAAoJECObm247sIsivM0P/jj/8fJEv1yuqNzYfiETT/7Q
 ecpV7l5u8onhzuRocaG0kigZd6mKua8ImK9YWXc6bRMUKf6Ia5jWYp98t7Dv+cG2
 Cwqty3Tyb/5MxJ1ETL87OA+qZYkfsSXxg+Phg26Z6rwsT2MTHgpohkDqAPS1Gavv
 xT6aGx/uqBqpOKKdXxxJaGSqRP/xNMR7LicHwemvjR2znaRj4Jf4+LJU+4u1t5A+
 CMT+dRy6kn/O61QT18nkon7dkN+NZWXAFdELCHpAf5dDNZZv+1xsCNMrs4M/pDv1
 7NobEQO47fxZWZDIwqCeddrkNHRaDbikL59imr6K5Hr2NcTuYBxLmfnfla794IRv
 wnuV0djdDf2qohghYKqSYCPXHul6SlSFBB0je4qFDSkJncT8DKCEAV3z7tevpbEn
 q/kSjtMurUoFJ0Frez0z0PnSM4zorPN1pxIX3SW45Uxmklgxr984DGxG1/7MXojn
 M8EVP/Xb9AZ+JMNJmANNtMoH0qrud3/c3J4hhChAbdid2PliaoL62w3Xk2fJlfm8
 MXBiQ2dQzKYiPVSaLGIQYl9EZsMgQVxx0Hl0CDPQG4XgV/U/OLf524sK0XiFnt0s
 waLVFGtukMzTO8ELIKDg4exQzP+6pgyj6hskraq9l5RDJDTv7WviJYub2qZgI3uP
 ATimLIaF9Y5LzVI8tCD7
 =dgjc
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v3.9-rc4' of git://github.com/awilliam/linux-vfio

Pull vfio fix from Alex Williamson.

* tag 'vfio-v3.9-rc4' of git://github.com/awilliam/linux-vfio:
  vfio: include <linux/slab.h> for kmalloc
2013-03-19 18:25:20 -07:00
Linus Torvalds
ea4a0ce111 Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Marcelo Tosatti.

* git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)
  KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797)
  KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)
  KVM: x86: fix deadlock in clock-in-progress request handling
  KVM: allow host header to be included even for !CONFIG_KVM
2013-03-19 18:24:12 -07:00
Linus Torvalds
10b38669d6 - Fix for a potential infinite loop which was introduced in 4d559a3bcb
- Fix for the return type of xfs_iomap_eof_prealloc_initial_size
   from a1e16c2666
 - Fix for a failed buffer readahead causing subsequent callers to
   fail incorrectly
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJRSOIAAAoJENaLyazVq6ZODqQP/2m1iZVIA9CXFf5hS2QZgkc2
 MHq+QaQ1aaZlAIRCnZO4XrWoLw4tH7AmsHA7dVJVz/ZhVrJg4ahfdSS6qR5EGWFb
 I5uE8LD8ZhpIiW6mBytJ7g9ST6xnaeean2sMwa0BcVK3uF84nO/uBopntZVrVlZE
 sMuklZe8GfxDpF6SBxVGG+5+OeLXzFmf+s+xoCYN410uuzYoT8/jveFP6a5ARcmH
 xEcOJA2+3o2z4/fsdx/Euf6LnDMSyOsAFUJCtnmBdKUA5w9DrJJqGpDDPEkg9h6d
 /DTPYXEWx6+w4xoMnIf09oEdCSamBVTWcRFXtftN03VNrbRNtyVwAc8HUaSNmt0p
 I3P/b5NJ5guH7uK72jp61N2RP7D5KOqwkwR58Y1SJWuwcgatYuB3NM5UeUyJBILj
 ViZ4DsKGE6BCl8T3hwkN+mxSxB+o7O8AypjWdEviBXbVIG9CwOxr1IEatl3eyV5T
 8QsNFb0LJcWzl1+F/uUYe1Goeqxvzupt7omUaRONdMnac3uFIk0ARrdxXFgawIJ9
 lgeftBCmMkqqLZUACSfmfCYNwyupz3E6bYB7Azwx01qg7CzTPUfIL2SxqDYp2dup
 /s+R7HL4HOJ0FCzjCZxHHO/1jsWgu265dJdpaQw/UcIe2IuEFGr558deHEM62bDW
 rWCVHj5eY5NRGyzSwzqB
 =41Vk
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-v3.9-rc4' of git://oss.sgi.com/xfs/xfs

Pull XFS fixes from Ben Myers:

 - Fix for a potential infinite loop which was introduced in commit
   4d559a3bcb ("xfs: limit speculative prealloc near ENOSPC
   thresholds")

 - Fix for the return type of xfs_iomap_eof_prealloc_initial_size from
   commit a1e16c2666 ("xfs: limit speculative prealloc size on sparse
   files")

 - Fix for a failed buffer readahead causing subsequent callers to fail
   incorrectly

* tag 'for-linus-v3.9-rc4' of git://oss.sgi.com/xfs/xfs:
  xfs: ensure we capture IO errors correctly
  xfs: fix xfs_iomap_eof_prealloc_initial_size type
  xfs: fix potential infinite loop in xfs_iomap_prealloc_size()
2013-03-19 15:17:40 -07:00
Matthew Garrett
547b524636 PCI: Use ROM images from firmware only if no other ROM source available
Mantas Mikulėnas reported that his graphics hardware failed to
initialise after commit f9a37be0f0 ("x86: Use PCI setup data").

The aim of this commit was to ensure that ROM images were available on
some Apple systems that don't expose the GPU ROM via any other source.
In this case, UEFI appears to have provided a broken ROM image that we
were using even though there was a perfectly valid ROM available via
other sources.  The simplest way to handle this seems to be to just
re-order pci_map_rom() and leave any firmare-supplied ROM to last.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Tested-by: Mantas Mikulėnas <grawity@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-03-19 14:51:14 -07:00
Linus Torvalds
5c7c3361d1 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Pull sparc fixes from David Miller:
 "Just some minor fixups, a sunsu console setup panic cure, and
  recognition of a Fujitsu sun4v cpu."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc: remove unused "config BITS"
  sparc: delete "if !ULTRA_HAS_POPULATION_COUNT"
  sparc64: correctly recognize SPARC64-X chips
  sparc,leon: fix GRPCI2 device0 PCI config space access
  sunsu: Fix panic in case of nonexistent port at "console=ttySY" cmdline option
2013-03-19 14:47:11 -07:00
Linus Torvalds
e7489622d3 - Fix !SMP build error.
- Fix padding computation in struct ucontext (no ABI change).
 - Minor clean-up after the signal patches (unused var).
 - Two old Kconfig options clean-up.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
 iQIcBAABAgAGBQJRSKTfAAoJEGvWsS0AyF7xR6IP/0/KsTKWikL5BJb1AIb20OMi
 VKnqZYZefzSb/vQf7lx/k6sZ6aQ8y6CxoXMuEV42CVZG3JgDzUERgvX4/3upFTFM
 5s5+pDLp5ASE97oDpRV0HkYePM0MwQGnyZjD1MBskxcAheYFnPbALGEnV5wG0J5b
 7/FjUmmL5jbQPUhweGh3jHIWOvwNyQfXya+kdKiI/SGHOqqJ5DUY631yiUB5GUEa
 KNCCYHCE2OyfcbZTV0oDFjleeokZC0J1fKRph28925k5DOZX/FDDs2C1i8dqL5hV
 wHWpVFngtqrgHf/vriXn80vXgLoWvdYBD1tuFpDLyEmSpTdbVyjjZPz9pp6L4shb
 oYxcFcPmf5PGH2+cZM2JzZ0dxx0NdnpEJBqdYcsjdwhM3InM0rVAy2mUu1uAEppg
 4CQ/8+KZK4RW1UksuxVA+7oE83Q6Q9xGng66Y39J2d7a+GnDDLtdydYf9Z3e/ayF
 lXnNsb3Hvh+Wq4/cjjwijPCf4WThlU2k1i+i+nAURsNnoLp4VkbzR/vvvwykeLE5
 Wn/zEPUlNRUAN7JuskNx17yMSGpIeWaL46+odX00oDChVTUv/Gvr3ngxetNpvPxU
 ErmVU2njxvrCrxquGA5fh4F3YKhhaW6KRvXYce6dB2jgdQyABmSwextt28TZTGtM
 nGDTtStktMZEt09WbsjZ
 =FN/w
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64

Pull arm64 fixes from Catalin Marinas:

 - Fix !SMP build error.

 - Fix padding computation in struct ucontext (no ABI change).

 - Minor clean-up after the signal patches (unused var).

 - Two old Kconfig options clean-up.

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
  arm64: Kconfig.debug: Remove unused CONFIG_DEBUG_ERRORS
  arm64: Do not select GENERIC_HARDIRQS_NO_DEPRECATED
  arm64: fix padding computation in struct ucontext
  arm64: Fix build error with !SMP
  arm64: Removed unused variable in compat_setup_rt_frame()
2013-03-19 13:56:18 -07:00
Paul Bolle
f58b20bd6b sparc: remove unused "config BITS"
sparc's asm/module.h got removed in commit
786d35d45c ("Make most arch asm/module.h
files use asm-generic/module.h"). That removed the only two uses of this
Kconfig symbol. So we can remove its entry too.

> >From arch/sparc/Makefile:
>     ifeq ($(CONFIG_SPARC32),y)
>     [...]
>
>     [...]
>     export BITS    := 32
>     [...]
>
>     else
>     [...]
>
>     [...]
>     export BITS   := 64
>     [...]
>
> So $(BITS) is set depending on whether CONFIG_SPARC32 is set or not.
> Using $(BITS) in sparc's Makefiles is not using CONFIG_BITS. That
> doesn't count as usage of "config BITS".

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19 16:23:51 -04:00
Linus Torvalds
7b1b3fd74e Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix ARM BPF JIT handling of negative 'k' values, from Chen Gang.

 2) Insufficient space reserved for bridge netlink values, fix from
    Stephen Hemminger.

 3) Some dst_neigh_lookup*() callers don't interpret error pointer
    correctly, fix from Zhouyi Zhou.

 4) Fix transport match in SCTP active_path loops, from Xugeng Zhang.

 5) Fix qeth driver handling of multi-order SKB frags, from Frank
    Blaschka.

 6) fec driver is missing napi_disable() call, resulting in crashes on
    unload, from Georg Hofmann.

 7) Don't try to handle PMTU events on a listening socket, fix from Eric
    Dumazet.

 8) Fix timestamp location calculations in IP option processing, from
    David Ward.

 9) FIB_TABLE_HASHSZ setting is not controlled by the correct kconfig
    tests, from Denis V Lunev.

10) Fix TX descriptor push handling in SFC driver, from Ben Hutchings.

11) Fix isdn/hisax and tulip/de4x5 kconfig dependencies, from Arnd
    Bergmann.

12) bnx2x statistics don't handle 4GB rollover correctly, fix from
    Maciej Żenczykowski.

13) Openvswitch bug fixes for vport del/new error reporting, missing
    genlmsg_end() call in netlink processing, and mis-parsing of
    LLC/SNAP ethernet types.  From Rich Lane.

14) SKB pfmemalloc state should only be propagated from the head page of
    a compound page, fix from Pavel Emelyanov.

15) Fix link handling in tg3 driver for 5715 chips when autonegotation
    is disabled.  From Nithin Sujir.

16) Fix inverted test of cpdma_check_free_tx_desc return value in
    davinci_emac driver, from Mugunthan V N.

17) vlan_depth is incorrectly calculated in skb_network_protocol(), from
    Li RongQing.

18) Fix probing of Gobi 1K devices in qmi_wwan driver, and fix NCM
    device mode backwards compat in cdc_ncm driver.  From Bjørn Mork.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (52 commits)
  inet: limit length of fragment queue hash table bucket lists
  qeth: Fix scatter-gather regression
  qeth: Fix invalid router settings handling
  qeth: delay feature trace
  tcp: dont handle MTU reduction on LISTEN socket
  bnx2x: fix occasional statistics off-by-4GB error
  vhost/net: fix heads usage of ubuf_info
  bridge: Add support for setting BR_ROOT_BLOCK flag.
  bnx2x: add missing napi deletion in error path
  drivers: net: ethernet: ti: davinci_emac: fix usage of cpdma_check_free_tx_desc()
  ethernet/tulip: DE4x5 needs VIRT_TO_BUS
  isdn: hisax: netjet requires VIRT_TO_BUS
  net: cdc_ncm, cdc_mbim: allow user to prefer NCM for backwards compatibility
  rtnetlink: Mask the rta_type when range checking
  Revert "ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally"
  Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug
  smsc75xx: configuration help incorrectly mentions smsc95xx
  net: fec: fix missing napi_disable call
  net: fec: restart the FEC when PHY speed changes
  skb: Propagate pfmemalloc on skb from head page only
  ...
2013-03-19 13:20:51 -07:00
Paul Bolle
e0b2029614 sparc: delete "if !ULTRA_HAS_POPULATION_COUNT"
Commit 2d78d4beb6 ("[PATCH] bitops:
sparc64: use generic bitops") made the default of GENERIC_HWEIGHT depend
on !ULTRA_HAS_POPULATION_COUNT. But since there's no Kconfig symbol with
that name, this always evaluates to true. Delete this dependency.

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19 16:16:39 -04:00
Andy Honig
a2c118bfab KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)
If the guest specifies a IOAPIC_REG_SELECT with an invalid value and follows
that with a read of the IOAPIC_REG_WINDOW KVM does not properly validate
that request.  ioapic_read_indirect contains an
ASSERT(redir_index < IOAPIC_NUM_PINS), but the ASSERT has no effect in
non-debug builds.  In recent kernels this allows a guest to cause a kernel
oops by reading invalid memory.  In older kernels (pre-3.3) this allows a
guest to read from large ranges of host memory.

Tested: tested against apic unit tests.

Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-19 14:20:21 -03:00
Andy Honig
0b79459b48 KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797)
There is a potential use after free issue with the handling of
MSR_KVM_SYSTEM_TIME.  If the guest specifies a GPA in a movable or removable
memory such as frame buffers then KVM might continue to write to that
address even after it's removed via KVM_SET_USER_MEMORY_REGION.  KVM pins
the page in memory so it's unlikely to cause an issue, but if the user
space component re-purposes the memory previously used for the guest, then
the guest will be able to corrupt that memory.

Tested: Tested against kvmclock unit test

Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-19 14:17:35 -03:00
Andy Honig
c300aa64dd KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)
If the guest sets the GPA of the time_page so that the request to update the
time straddles a page then KVM will write onto an incorrect page.  The
write is done byusing kmap atomic to get a pointer to the page for the time
structure and then performing a memcpy to that page starting at an offset
that the guest controls.  Well behaved guests always provide a 32-byte aligned
address, however a malicious guest could use this to corrupt host kernel
memory.

Tested: Tested against kvmclock unit test.

Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-19 14:17:31 -03:00
Paul Bolle
792072066d arm64: Kconfig.debug: Remove unused CONFIG_DEBUG_ERRORS
The Kconfig entry for DEBUG_ERRORS is a verbatim copy of the former arm
entry for that symbol. It got removed in v2.6.39 because it wasn't
actually used anywhere. There are still no users of DEBUG_ERRORS so
remove this entry too.

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
[catalin.marinas@arm.com: removed option from defconfig]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-03-19 16:19:19 +00:00
Paul Bolle
63b7743fdd arm64: Do not select GENERIC_HARDIRQS_NO_DEPRECATED
Config option GENERIC_HARDIRQS_NO_DEPRECATED was removed in commit
78c8982564 ("genirq: Remove the now obsolete
config options and select statements"), but the select was accidentally
reintroduced in commit 8c2c3df31e ("arm64:
Build infrastructure").

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-03-19 15:39:46 +00:00
Hannes Frederic Sowa
5a3da1fe95 inet: limit length of fragment queue hash table bucket lists
This patch introduces a constant limit of the fragment queue hash
table bucket list lengths. Currently the limit 128 is choosen somewhat
arbitrary and just ensures that we can fill up the fragment cache with
empty packets up to the default ip_frag_high_thresh limits. It should
just protect from list iteration eating considerable amounts of cpu.

If we reach the maximum length in one hash bucket a warning is printed.
This is implemented on the caller side of inet_frag_find to distinguish
between the different users of inet_fragment.c.

I dropped the out of memory warning in the ipv4 fragment lookup path,
because we already get a warning by the slab allocator.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jesper Dangaard Brouer <jbrouer@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19 10:28:36 -04:00
Frank Blaschka
271648b4c6 qeth: Fix scatter-gather regression
This patch fixes a scatter-gather regression introduced with

commit 5640f768 net: use a per task frag allocator

Now the qeth driver can cope with bigger framents and split a fragment in
sub framents if required.

Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19 10:09:40 -04:00
Stefan Raspl
82e2e782a3 qeth: Fix invalid router settings handling
Give a bad return code when specifying a router setting that is either
invalid or not support on the respective device type. In addition, fall back
the previous setting instead of silently switching back to 'no routing'.

Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com>
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19 10:09:40 -04:00
Stefan Raspl
82f77cf970 qeth: delay feature trace
Delay tracing of the card features until the optional commands have been
enabled.

Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com>
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19 10:09:40 -04:00
Linus Torvalds
112ccff716 Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging
Pull hwmon fixes from Jean Delvare.

* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  hwmon: (lm75) Fix tcn75 prefix
  hwmon: (lm75.h) Update header inclusion
  MAINTAINERS: Remove Mark M. Hoffman
2013-03-18 18:49:42 -07:00
Ben Collins
9997d08806 sgy-cts1000: Remove __dev* attributes
Somehow the driver snuck in with these still in it.

Signed-off-by: Ben Collins <ben.c@servergy.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-03-18 18:49:10 -07:00
Linus Torvalds
b63dc123b2 Merge branch 'for-3.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Pull workqueue fix from Tejun Heo:
 "Lai's patch to fix highly unlikely but still possible workqueue stall
  during CPU hotunplug."

* 'for-3.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: fix possible pool stall bug in wq_unbind_fn()
2013-03-18 18:47:07 -07:00
Marcelo Tosatti
c09664bb44 KVM: x86: fix deadlock in clock-in-progress request handling
There is a deadlock in pvclock handling:

cpu0:                                               cpu1:
kvm_gen_update_masterclock()
                                              kvm_guest_time_update()
 spin_lock(pvclock_gtod_sync_lock)
                                               local_irq_save(flags)

spin_lock(pvclock_gtod_sync_lock)

 kvm_make_mclock_inprogress_request(kvm)
  make_all_cpus_request()
   smp_call_function_many()

Now if smp_call_function_many() called by cpu0 tries to call function on
cpu1 there will be a deadlock.

Fix by moving pvclock_gtod_sync_lock protected section outside irq
disabled section.

Analyzed by Gleb Natapov <gleb@redhat.com>
Acked-by: Gleb Natapov <gleb@redhat.com>
Reported-and-Tested-by: Yongjie Ren <yongjie.ren@intel.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-18 18:03:39 -03:00
Kevin Hilman
f445f11eb2 KVM: allow host header to be included even for !CONFIG_KVM
The new context tracking subsystem unconditionally includes kvm_host.h
headers for the guest enter/exit macros.  This causes a compile
failure when KVM is not enabled.

Fix by adding an IS_ENABLED(CONFIG_KVM) check to kvm_host so it can
be included/compiled even when KVM is not enabled.

Cc: Frederic Weisbecker <fweisbec@gmail.com>
Signed-off-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-18 18:03:03 -03:00
Jean Delvare
25eba81b7f hwmon: (lm75) Fix tcn75 prefix
The TCN75 has its own prefix for a long time now.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
2013-03-18 21:19:49 +01:00
Jean Delvare
5a4c060114 hwmon: (lm75.h) Update header inclusion
File lm75.h used to include <linux/hwmon.h> for SENSORS_LIMIT() but
this function is gone by now. Instead we call clamp_val() so we should
include <linux/kernel.h>, where this function is declared.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
2013-03-18 21:19:49 +01:00
Jean Delvare
94877548ec MAINTAINERS: Remove Mark M. Hoffman
Mark M. Hoffman stopped working on the Linux kernel several years
ago, so he should no longer be listed as a driver maintainer. I'm not
even sure if his e-mail address still works.

I can take over 3 drivers he was responsible for, the 4th one will
fall down to the subsystem maintainer.

Also give Mark credit for all the good work he did.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: "Mark M. Hoffman" <mhoffman@lightlink.com>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Cc: Wolfram Sang <wolfram@the-dreams.de>
2013-03-18 21:19:49 +01:00
Dave Chinner
e001873853 xfs: ensure we capture IO errors correctly
Failed buffer readahead can leave the buffer in the cache marked
with an error. Most callers that then issue a subsequent read on the
buffer do not zero the b_error field out, and so we may incorectly
detect an error during IO completion due to the stale error value
left on the buffer.

Avoid this problem by zeroing the error before IO submission. This
ensures that the only IO errors that are detected those captured
from are those captured from bio submission or completion.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>

(cherry picked from commit c163f9a176)
2013-03-18 13:39:10 -05:00
Mark Tinguely
3325beed46 xfs: fix xfs_iomap_eof_prealloc_initial_size type
Fix the return type of xfs_iomap_eof_prealloc_initial_size() to
xfs_fsblock_t to reflect the fact that the return value may be an
unsigned 64 bits if XFS_BIG_BLKNOS is defined.

Signed-off-by: Mark Tinguely <tinguely@sgi.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>

(cherry picked from commit e8108cedb1)
2013-03-18 13:38:50 -05:00
Brian Foster
83cdadd8b0 xfs: fix potential infinite loop in xfs_iomap_prealloc_size()
If freesp == 0, we could end up in an infinite loop while squashing
the preallocation. Break the loop when we've killed the prealloc
entirely.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Ben Myers <bpm@sgi.com>

(cherry picked from commit e78c420bfc)
2013-03-18 13:30:38 -05:00
Eric Dumazet
0d4f060861 tcp: dont handle MTU reduction on LISTEN socket
When an ICMP ICMP_FRAG_NEEDED (or ICMPV6_PKT_TOOBIG) message finds a
LISTEN socket, and this socket is currently owned by the user, we
set TCP_MTU_REDUCED_DEFERRED flag in listener tsq_flags.

This is bad because if we clone the parent before it had a chance to
clear the flag, the child inherits the tsq_flags value, and next
tcp_release_cb() on the child will decrement sk_refcnt.

Result is that we might free a live TCP socket, as reported by
Dormando.

IPv4: Attempt to release TCP socket in state 1

Fix this issue by testing sk_state against TCP_LISTEN early, so that we
set TCP_MTU_REDUCED_DEFERRED on appropriate sockets (not a LISTEN one)

This bug was introduced in commit 563d34d057
(tcp: dont drop MTU reduction indications)

Reported-by: dormando <dormando@rydia.net>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-18 13:31:28 -04:00
Maciej Żenczykowski
b009aac12c bnx2x: fix occasional statistics off-by-4GB error
The UPDATE_QSTAT function introduced on February 15, 2012
in commit 1355b704b9 "bnx2x: consistent statistics after
internal driver reload" incorrectly fails to handle overflow
during addition of the lower 32-bit field of a stat.

This bug is present since 3.4-rc1 and should thus be considered
a candidate for stable 3.4+ releases.

Google-Bug-Id: 8374428
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Cc: Mintz Yuval <yuvalmin@broadcom.com>
Acked-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-18 13:12:20 -04:00
Jan Kiszka
4918c6ca68 KVM: VMX: Require KVM_SET_TSS_ADDR being called prior to running a VCPU
Very old user space (namely qemu-kvm before kvm-49) didn't set the TSS
base before running the VCPU. We always warned about this bug, but no
reports about users actually seeing this are known. Time to finally
remove the workaround that effectively prevented to call vmx_vcpu_reset
while already holding the KVM srcu lock.

Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2013-03-18 13:48:15 -03:00
Linus Torvalds
35f8c769aa MTD fixes for 3.9
This fixes a couple of problems. Firstly, some people are actually still
 using old small-page flash and we broke it by removing the ready check.
 
 Secondly. fix the handling of partitions on Broadcom 47xx devices.
 Recent changes had made it misdetect the location of the NVRAM and
 scribble over the bootloader when it tried to update the variables there.
 With predictably sad results.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iEYEABECAAYFAlFG/koACgkQdwG7hYl686OShQCgyOXCXhTltBJU3wHDtTeT1rc9
 Vx0AoL655JpZaUf+BpPsCSTagH4k28vQ
 =OK6b
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20130318' of git://git.infradead.org/linux-mtd

Pull MTD fixes from David Woodhouse:
 "This fixes a couple of problems.  Firstly, some people are actually
  still using old small-page flash and we broke it by removing the ready
  check.

  Secondly.  fix the handling of partitions on Broadcom 47xx devices.
  Recent changes had made it misdetect the location of the NVRAM and
  scribble over the bootloader when it tried to update the variables
  there.  With predictably sad results."

* tag 'for-linus-20130318' of git://git.infradead.org/linux-mtd:
  mtd: nand: reintroduce NAND_NO_READRDY as NAND_NEED_READRDY
  mtd: bcm47xxpart: look for NVRAM at the end of device
  Revert "mtd: bcm47xxpart: improve probing of nvram partition"
2013-03-18 08:27:41 -07:00
Linus Torvalds
4b767155ff Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull selinux bugfix from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  selinux: use GFP_ATOMIC under spin_lock
2013-03-18 08:26:15 -07:00
Linus Torvalds
991657a39d Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
 "A couple of bug fixes, the most hairy on is the flush_tlb_kernel_range
  fix.  Another case of "how could this ever have worked?"."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/kdump: Do not add standby memory for kdump
  drivers/i2c: remove !S390 dependency, add missing GENERIC_HARDIRQS dependencies
  s390/scm: process availability
  s390/scm_blk: suspend writes
  s390/scm_drv: extend notify callback
  s390/scm_blk: fix request number accounting
  s390/mm: fix flush_tlb_kernel_range()
  s390/mm: fix vmemmap size calculation
  s390: critical section cleanup vs. machine checks
2013-03-18 08:19:13 -07:00
Linus Torvalds
1c6ba37b3d arm-soc: bug fixes for 3.9-rc3
Things are calming down for arm-soc as well. This set of bug fixes is
 dominated in size by the at91 platform bug fixes. Some of them were
 meant to go through the framebuffer tree during the merge window, but
 since the framebuffer maintainer could not be reached, I offered to
 take them here. The other notable at91 change is the addition of pinctrl
 definitions to fix the NAND controller.
 
 The rest are mostly simple regression fixes:
 
 * Our removal of VIRT_TO_BUS conflicted with Stephen Rothwell's
   renaming of the Kconfig symbol. You will get a trivial merge conflict
   here, we still want to remove it.
 * missing bits for clocks on imx and s5pv210
 * missing header inclusions in mmp and shmobile
 * typos in s5pv210 camera and vt8500 clock support code
 
 and three trivial fixes for pre-3.8 bugs:
 
 * an old bogus build warning in the joystick driver
 * a misleading Kconfig description
 * a NULL pointer check on davinci
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIVAwUAUUchPmCrR//JCVInAQLxHhAA4bbv0+aS3vhEV8sMomBQ7XpjlI2wJ5wy
 cd2jA04Gb54bQlRkZNuflIHH5xYq9bslR98Y3iEMqPHrxheDV5qgfZ9wO1E5b8wd
 bl/Fj1bj7D7AeQpvhAYHZufQnV4xGSpW7j/6hkEWCDDgla82BaEwQq3aVCqFsZu5
 u41xlWCFYbwS+sEcdALnGmFdEBtNHzsfwkY7AClcunARWcFTyIAm5J2VhO/1Z3eY
 sA31DBizTsxhkfgOEXTDvyH1N3YwcGlm3Mb7J0ZfdU5d5QQlthmU1ims2fVPoo3t
 x1rJNb5HARsJuuuFIgoRa/Vbcytqxj2+MhJGy2cLhsmAxr8L61cb618oniZxxDoW
 y4DMurF790q3uSkJOrhtcAmGBmHNBdTHcvV4U05EYIQl64k/oY+L7IB18ACAHVqO
 LwimbZ+KF1kxv/hVosGbu7l0EKDt7MS4ykc5QJAtiYu7RDikoRmH05742feWfQ+2
 Fy6V1GqIyUCea1cWDjomeTx+lERknSWPweesrcyiRhIs2BsqrtDRDngse/S59Lf9
 mUFiLh+tZqZxTh8HqZbnHbuJoqNvfVyZVYWrvifkH0Ji8VZqeLuzxx/8fBvnCDWz
 tXZOkl4m2U4lVYzkYOLN9VAurEHSYcHOw51IIgQp4IfS3U32sA1a4/fF/ATq0ugP
 tdJBtr7mpzA=
 =oLKI
 -----END PGP SIGNATURE-----

Merge tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC bug fixes from Arnd Bergmann:
 "Things are calming down for arm-soc as well.  This set of bug fixes is
  dominated in size by the at91 platform bug fixes.  Some of them were
  meant to go through the framebuffer tree during the merge window, but
  since the framebuffer maintainer could not be reached, I offered to
  take them here.  The other notable at91 change is the addition of
  pinctrl definitions to fix the NAND controller.

  The rest are mostly simple regression fixes:

   - Our removal of VIRT_TO_BUS conflicted with Stephen Rothwell's
     renaming of the Kconfig symbol.  You will get a trivial merge
     conflict here, we still want to remove it.
   - missing bits for clocks on imx and s5pv210
   - missing header inclusions in mmp and shmobile
   - typos in s5pv210 camera and vt8500 clock support code

  and three trivial fixes for pre-3.8 bugs:

   - an old bogus build warning in the joystick driver
   - a misleading Kconfig description
   - a NULL pointer check on davinci"

* tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: fix CONFIG_VIRT_TO_BUS handling
  ARM: i.MX35: enable MAX clock
  ARM: Scorpion is a v7 architecture, not v6
  ARM: mmp: add platform_device head file in gplugd
  input/joystick: use get_cycles on ARM
  [media] s5p-fimc: fix s5pv210 build
  clk: vt8500: Fix "fix device clock divisor calculations"
  ARM: i.MX25: Fix DT compilation
  ARM: at91: fix infinite loop in at91_irq_suspend/resume
  ARM: at91: add gpio suspend/resume support when using pinctrl
  ARM: at91: fix LCD-wiring mode
  atmel_lcdfb: fix 16-bpp modes on older SOCs
  ARM: at91: dt: at91sam9x5: complete NAND pinctrl
  ARM: at91: dt: at91sam9x5: correct NAND pins comments
  ARM: davinci: edma: fix dmaengine induced null pointer dereference on da830
  ARM: shmobile: marzen: Include mmc/host.h
  ARM: EXYNOS: Add #dma-cells for generic dma binding support for PL330
  ARM: S5PV210: Fix PL330 DMA controller clkdev entries
2013-03-18 08:17:14 -07:00
Linus Torvalds
a15cd063e1 Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
Pull powerpc fixes from Ben Herrenschmidt:
 "Here's a few powerpc fixes for 3.9, mostly regressions (though not all
  from 3.9 merge window) that we've been hammering into shape over the
  last couple of weeks.  They fix booting on Cell and G5 among other
  things (yes, we've been a bit sloppy with older machines this time
  around)."

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc: Rename USER_ESID_BITS* to ESID_BITS*
  powerpc: Update kernel VSID range
  powerpc: Make VSID_BITS* dependency explicit
  powerpc: Make sure that we alays include CONFIG_BINFMT_ELF
  powerpc/ptrace: Fix brk.len used uninitialised
  powerpc: Fix -mcmodel=medium breakage in prom_init.c
  powerpc: Remove last traces of POWER4_ONLY
  powerpc: Fix cputable entry for 970MP rev 1.0
  powerpc: Fix STAB initialization
2013-03-18 08:12:41 -07:00
Linus Torvalds
6210d421c2 Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM fixes from Russell King:
 "Just three fixes this time - a fix for a fix for our memset function,
  fixing the dummy clockevent so that it doesn't interfere with real
  hardware clockevents, and fixing a build error for Tegra."

* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
  ARM: 7675/1: amba: tegra-ahb: Fix build error w/ PM_SLEEP w/o PM_RUNTIME
  ARM: 7674/1: smp: Avoid dummy clockevent being preferred over real hardware clock-event
  ARM: 7670/1: fix the memset fix
2013-03-18 08:11:53 -07:00
Arnd Bergmann
b4811bacbc ARM: fix CONFIG_VIRT_TO_BUS handling
887cbce0 "arch Kconfig: centralise CONFIG_ARCH_NO_VIRT_TO_BUS"
and  4febd95a8 "Select VIRT_TO_BUS directly where needed" from
Stephen Rothwell changed globally how CONFIG_VIRT_TO_BUS is
selected, while my own a5d533ee0 "ARM: disable virt_to_bus/
virt_to_bus almost everywhere" was merged at the same time and
changed which platforms select it on ARM.

The result of this conflict was that we again see CONFIG_VIRT_TO_BUS
on all ARM systems. This patch fixes up the problem and removes
CONFIG_ARCH_NO_VIRT_TO_BUS again on ARM.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
2013-03-18 13:49:57 +00:00
Dan Carpenter
4502403dcf selinux: use GFP_ATOMIC under spin_lock
The call tree here is:

sk_clone_lock()              <- takes bh_lock_sock(newsk);
xfrm_sk_clone_policy()
__xfrm_sk_clone_policy()
clone_policy()               <- uses GFP_ATOMIC for allocations
security_xfrm_policy_clone()
security_ops->xfrm_policy_clone_security()
selinux_xfrm_policy_clone()

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
2013-03-19 00:33:09 +11:00
Arnd Bergmann
ace71f49da Resolve a build failure present since v3.9-rc1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJROgQOAAoJENfPZGlqN0++SKUP/ixY9tsaP8idd8K/g4GhpEKq
 +YpgARFWg6QK8gxlNYi/GemiFKBr4YrY13zof7/D+mFiE/AqdD4qvaJNuaMPHNDb
 yPUGtpPvNtqW2F79e+S4mfRgxkqsq7b6npiA9RGsfb45OezNJjQVv4Lg/3eMPS6B
 T470vPNEbz8TaBe1gPFIye89u/lftgqgR/iDlwwZuxi4rnM9FE1MwYoa7w3w5VZL
 HVHqcRx57o2eenR+u6MkEkFHpSQfg0nOMqoHOlf5iJHw3+8sfxnmAqVSvRGCSm/3
 Hsw9VW5Quc4G08GQBku4rIuTzaV5ObOt1arWud3BLlDzm7Xe2FzyNkHEq0tULGGt
 z2voWzYm+VvhqtfiYbcK5q27jHZvWWSZ9N26kiFfYRkysqLlvy21x8cB7M9jgZjw
 TYLTEWWWPvGtBLLH7B8A0gG554bfLgilaAXIoj1D1s9QFnjBE2cEyWFHvy0AunWw
 hkZwDQFoPi9iWvyJgjPRT1rizmKOoOVeLrkcI/jC8c6i2csGcOfTJwRbV2YRSk14
 xjPbjL5IKAR28OlTDqZj8UhlssQxdC05E8HazWzLJGKx6GTZQOMgKx9KSr508jTc
 YqPWIC+YuZB3uB3rLiSjiG6YzbOwL8EP3W2NHYIfNqUlNeX9Vhy+P95jRAJYvHad
 7fSLKg33Kk2UsCHahJWO
 =L6oi
 -----END PGP SIGNATURE-----

Merge tag 'renesas-fixes-for-v3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes

From Simon Horman <horms@verge.net.au>:

Resolve a build failure present since v3.9-rc1

* tag 'renesas-fixes-for-v3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
  ARM: shmobile: marzen: Include mmc/host.h

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2013-03-18 11:54:01 +01:00
Andreas Schwab
18931c8927 arm64: fix padding computation in struct ucontext
The expression to compute the padding needed to fill the uc_sigmask field
to 1024 bits actually computes the padding needed for 1080 bits.
Fortunately, due to the 16-byte alignment of the following field
(uc_mcontext) the definition in glibc contains enough bytes of padding
after uc_sigmask so that the overall offsets and size match in both
definitions.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-03-18 10:42:16 +00:00
Catalin Marinas
a2c91547b5 arm64: Fix build error with !SMP
The __atomic_hash is only defined when SMP is enabled but the
arm64ksyms.c exports it even for the UP case.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-03-18 10:42:14 +00:00
Catalin Marinas
0d96724e29 arm64: Removed unused variable in compat_setup_rt_frame()
Recent clean-up of the compat signal code left an unused 'stack'
variable.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-03-18 10:12:56 +00:00
Linus Torvalds
a937536b86 Linux 3.9-rc3 2013-03-17 15:59:32 -07:00
David Rientjes
6c4d3bc99b perf,x86: fix link failure for non-Intel configs
Commit 1d9d8639c0 ("perf,x86: fix kernel crash with PEBS/BTS after
suspend/resume") introduces a link failure since
perf_restore_debug_store() is only defined for CONFIG_CPU_SUP_INTEL:

	arch/x86/power/built-in.o: In function `restore_processor_state':
	(.text+0x45c): undefined reference to `perf_restore_debug_store'

Fix it by defining the dummy function appropriately.

Signed-off-by: David Rientjes <rientjes@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-03-17 15:59:15 -07:00
Linus Torvalds
2a6e06b2ae perf,x86: fix wrmsr_on_cpu() warning on suspend/resume
Commit 1d9d8639c0 ("perf,x86: fix kernel crash with PEBS/BTS after
suspend/resume") fixed a crash when doing PEBS performance profiling
after resuming, but in using init_debug_store_on_cpu() to restore the
DS_AREA mtrr it also resulted in a new WARN_ON() triggering.

init_debug_store_on_cpu() uses "wrmsr_on_cpu()", which in turn uses CPU
cross-calls to do the MSR update.  Which is not really valid at the
early resume stage, and the warning is quite reasonable.  Now, it all
happens to _work_, for the simple reason that smp_call_function_single()
ends up just doing the call directly on the CPU when the CPU number
matches, but we really should just do the wrmsr() directly instead.

This duplicates the wrmsr() logic, but hopefully we can just remove the
wrmsr_on_cpu() version eventually.

Reported-and-tested-by: Parag Warudkar <parag.lkml@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-03-17 15:44:43 -07:00
Michael S. Tsirkin
46aa92d1ba vhost/net: fix heads usage of ubuf_info
ubuf info allocator uses guest controlled head as an index,
so a malicious guest could put the same head entry in the ring twice,
and we will get two callbacks on the same value.
To fix use upend_idx which is guaranteed to be unique.

Reported-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-17 14:28:54 -04:00