Commit Graph

468275 Commits

Author SHA1 Message Date
Jeff Layton
e0b760ff71 locks: pass correct "before" pointer to locks_unlink_lock in generic_add_lease
The argument to locks_unlink_lock can't be just any pointer to a
pointer. It must be a pointer to the fl_next field in the previous
lock in the list.

Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2014-08-22 09:58:22 -04:00
Linus Torvalds
5317821c08 Merge branch 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
 "Nothing drastic but pushing out early due to build breakage in the new
  tegra platform.

  Additionally:

   - M550 tagged trim blacklist pattern is widened so that it matches
     the new 1TB model

   - three controller specific fixes"

* 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  libata: widen Crucial M550 blacklist matching
  pata_scc: propagate return value of scc_wait_after_reset
  ata: ahci_tegra: Change include to fix compilation
  pata_samsung_cf: change ret type to signed
  ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host Controller driver.
2014-08-21 14:26:27 -07:00
Linus Torvalds
cee5aa1f81 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:

 - fixes for a couple potential memory corruption problems (the HW would
   have to be manufactured to be deliberately evil to trigger those)
   found by Ben Hawkes
 - fix for potential infinite loop when using sysfs interface of
   logitech driver, from Simon Wood
 - a couple more simple driver fixes

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: fix a couple of off-by-ones
  HID: logitech: perform bounds checking on device_id early enough
  HID: logitech: fix bounds checking on LED report size
  HID: logitech: Prevent possibility of infinite loop when using /sys interface
  HID: rmi: print an error if F11 is not found instead of stopping the device
  HID: hid-sensor-hub: use devm_ functions consistently
  HID: huion: Use allocated buffer for DMA
  HID: huion: Fail on parameter retrieval errors
2014-08-21 14:25:20 -07:00
Linus Torvalds
e9d99a1dec sound fixes for 3.17-rc2
A bunch of ASoC fixes with a few HD-audio fixes in this pull request.
 All fairly small, boring and device-specific fixes, in addition to
 MAINTAINERS update for better reviewing.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJT9b8uAAoJEGwxgFQ9KSmkOZUP/RmB+4/vscB3z+exCFldIG3R
 gHOn4ER/JRWoObVVST3VabU5T5v88/gC2/12uYHFJQdDIwaMQytdVMDzhi6v8Uyf
 MFh24DcHQ7dRsedCCrUeoy2DZ42G+HhPH+SRGinkFUZ0RJjnCgqvyYw1p6KZD29K
 AuB07FbgmThqRVyoZoMh3K7zm8d/ZeZU59SkyGi2U8dhCfgZyrsYZ1jHd/fGuwq4
 XgJIJvHWZoniFnnxoVW/r9wutbF5JSf/FbwRI7ptZT0Rj/u+PcgDPmrhYPINFkt2
 IrIt/ZnGadKZuiK9p+aSSIUPWluVjyChCwskkWfKtg+5N4FOFed48HjZNw5TVsdc
 deJjao7dtyqxugMcA2E6VkWqTprFRhRbauT0WU7KX54HBrnng3792YGLJqqqggCE
 bAP5crrT1wMjk7qXPLouk0TvcXbSkCYQ53Ip+QITGNkLUiN0tj8cgbsfPjDU4GvH
 T9tz0I5thLkKp4xP3xSEphQdaLdmG0zGiBcoOH/6jByUxvQdiQimo7a1YEuxtFN2
 sIGbrpM8k9ypfJaOpqoh6FtHRL9Y41W1guY4TqUm+QZbLw9KQn1QRe9HQF5M6kU+
 vsIoVR8UGTudaLG/AIg+YFEbSsTcTlCNHw1iXYxmqj5pP5J+N0N/aNIFYeObWkcO
 8O9/WAwBUdH0cVdXoWze
 =x5gm
 -----END PGP SIGNATURE-----

Merge tag 'sound-3.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A bunch of ASoC fixes with a few HD-audio fixes in this pull request.

  All fairly small, boring and device-specific fixes, in addition to
  MAINTAINERS update for better reviewing"

* tag 'sound-3.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec
  ALSA: hda/hdmi - set depop_delay for haswell plus
  ALSA: hda - restore the gpio led after resume
  ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co
  ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE
  ASoC: fsl-esai: Revert .xlate_tdm_slot_mask() support
  ASoC: mcasp: Fix implicit BLCK divider setting
  ASoC: arizona: Fix TDM slot length handling in arizona_hw_params
  ASoC: pcm512x: Correct Digital Playback control names
  ASoC: dapm: Fix uninitialized variable in snd_soc_dapm_get_enum_double()
  ASoC: Intel: Restore Baytrail ADSP streams only when ADSP was in reset
  ASoC: Intel: Wait Baytrail ADSP boot at resume_early stage
  ASoC: Intel: Merge Baytrail ADSP suspend_noirq into suspend_late
  MAINTAINERS: Add i.MX maintainers and paths to Freescale ASoC entry
  ASoC: Intel: Update Baytrail ADSP firmware name
2014-08-21 14:24:40 -07:00
Linus Torvalds
29fdd5ba62 Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
 "Here is the fixup for the 'lowlight' of my last pull request.  I2C is
  not selected anymore by I2C_ACPI.  Instead, the code in question now
  depends on I2C=y.

  Also, Mika has agreed to support me and be the maintainer for I2C-ACPI
  related patches.  Finally, a new-ID-patch came along last week"

* 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  MAINTAINERS: add maintainer for ACPI parts of I2C
  i2c: i801: Add PCI ID for Intel Braswell
  i2c: rework kernel config I2C_ACPI
2014-08-21 14:07:44 -07:00
Linus Torvalds
d1433d55c7 Add memfd_create syscall to ia64
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT8j/FAAoJEKurIx+X31iBt9wP/Ro7VFSF2MD23ahFY/CEl+1t
 iJGNr3/1x+UcfYy6MK3L9xPJoSIu42aSDP00oExE45ThQZsdHD+gx0mwoW3GSoPk
 jWmXAbJLzXwRljAGvlu2ppecLxauPX3Lh14iCbRR2CdtQhCTSrsSwIuG/+iikv5X
 BAb14ovIjqhNDeZDIcUr1Mc9lAanDjIcvxbnV94el27LJ48sWgjSPCx00JQk3lo5
 +U1EJ9Ae66ARbtSOqfnv4MClT41iVwAWKtmraGS+f85/CKpWmKyTrEyMyqdO8fyO
 aJn6tS8d43rT/9CqVxKeDXk/Ltmthlj+aJKz5LEalamE7auWAp+egE8fBH7xdag5
 RJqr0oUyrPGSRr/KM+O0sfHTXBTC8UX5O83xuBD3ch9TEgL3LQ9J7ng3blMeaer1
 FnnAUwjoQo61fmsc0M8IJHo6OvOfMx9ekzU3uZr0eVlg6GUC/OBYh44v+zeYI+/t
 Z/m6H4ChOsL4+Ftsyb8ZvMswCD9UW1nQpqAlDhN9HevXgTgZDIERkAInallruy6P
 Cwve0eIDtJp9cIxp+nx6V8rw4Vl1Gdf43vQJzSmsbZP/qpOYW1a9f8wNBQ/Stz3P
 Od+8j+DYbS4fOZYPQ6lGXSKnSOfBBUMhwBTg6X1Y+Qyxd71er+Sm1fkcsg97cXQk
 wQua5ovu3mgCkPHW2ApM
 =/GJm
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-memfd_create' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

Pull ia64 update from Tony Luck:
 "Add memfd_create syscall to ia64"

* tag 'please-pull-memfd_create' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] Wire up memfd_create() system call
2014-08-21 14:06:56 -07:00
Linus Torvalds
f8d08a1bb4 Microblaze patches for 3.17-rc2
- Wire-up seccomp/getrandom/memfd_create syscalls
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iEYEABECAAYFAlP1rDwACgkQykllyylKDCG+8gCfQPCI3+UBtiLrhY0RLSqZiUs1
 De4An2BtpNkS96vtBZBNJzR1cmbP6Vtb
 =BC1f
 -----END PGP SIGNATURE-----

Merge tag 'microblaze-3.17-rc2' of git://git.monstr.eu/linux-2.6-microblaze

Pull microblaze update from Michal Simek:
 "Wire-up seccomp/getrandom/memfd_create syscalls"

* tag 'microblaze-3.17-rc2' of git://git.monstr.eu/linux-2.6-microblaze:
  microblaze: Wire-up memfd_create syscall
  microblaze: Wire-up getrandom syscall
  microblaze: Wire-up seccomp syscall
2014-08-21 14:06:18 -07:00
Jiri Kosina
4ab25786c8 HID: fix a couple of off-by-ones
There are a few very theoretical off-by-one bugs in report descriptor size
checking when performing a pre-parsing fixup. Fix those.

Cc: stable@vger.kernel.org
Reported-by: Ben Hawkes <hawkes@google.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21 10:43:28 -05:00
Jiri Kosina
ad3e14d7c5 HID: logitech: perform bounds checking on device_id early enough
device_index is a char type and the size of paired_dj_deivces is 7
elements, therefore proper bounds checking has to be applied to
device_index before it is used.

We are currently performing the bounds checking in
logi_dj_recv_add_djhid_device(), which is too late, as malicious device
could send REPORT_TYPE_NOTIF_DEVICE_UNPAIRED early enough and trigger the
problem in one of the report forwarding functions called from
logi_dj_raw_event().

Fix this by performing the check at the earliest possible ocasion in
logi_dj_raw_event().

Cc: stable@vger.kernel.org
Reported-by: Ben Hawkes <hawkes@google.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21 10:43:06 -05:00
Jiri Kosina
51217e6969 HID: logitech: fix bounds checking on LED report size
The check on report size for REPORT_TYPE_LEDS in logi_dj_ll_raw_request()
is wrong; the current check doesn't make any sense -- the report allocated
by HID core in hid_hw_raw_request() can be much larger than
DJREPORT_SHORT_LENGTH, and currently logi_dj_ll_raw_request() doesn't
handle this properly at all.

Fix the check by actually trimming down the report size properly if it is
too large.

Cc: stable@vger.kernel.org
Reported-by: Ben Hawkes <hawkes@google.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21 10:38:13 -05:00
Michal Simek
83c43c498a microblaze: Wire-up memfd_create syscall
Add new memfd_create syscall.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21 10:19:28 +02:00
Michal Simek
53133453a9 microblaze: Wire-up getrandom syscall
Add new getrandom syscall.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21 10:07:05 +02:00
Michal Simek
b760949144 microblaze: Wire-up seccomp syscall
Add new seccomp syscall.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21 10:07:04 +02:00
Linus Torvalds
372b1dbdd1 Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
 "Most important fixes in this set include three SMB3 fixes for stable
  (including fix for possible kernel oops), and a workaround to allow
  writes to Mac servers (only cifs dialect, not more current SMB2.1,
  worked to Mac servers).  Also fallocate support added, and lease fix
  from Jeff"

* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
  [SMB3] Enable fallocate -z support for SMB3 mounts
  enable fallocate punch hole ("fallocate -p") for SMB3
  Incorrect error returned on setting file compressed on SMB2
  CIFS: Fix wrong directory attributes after rename
  CIFS: Fix SMB2 readdir error handling
  [CIFS] Possible null ptr deref in SMB2_tcon
  [CIFS] Workaround MacOS server problem with SMB2.1 write  response
  cifs: handle lease F_UNLCK requests properly
  Cleanup sparse file support by creating worker function for it
  Add sparse file support to SMB2/SMB3 mounts
  Add missing definitions for CIFS File System Attributes
  cifs: remove unused function cifs_oplock_break_wait
2014-08-20 18:33:21 -05:00
Linus Torvalds
92075f9f64 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull filesystem fixes from Jan Kara:
 "udf, isofs, and ext3 bug fixes"

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  ext3: Count internal journal as bsddf overhead in ext3_statfs
  isofs: Fix unbounded recursion when processing relocated directories
  udf: avoid unneeded up_write when fail to add entry in ->symlink
2014-08-20 18:32:16 -05:00
Linus Torvalds
3951ad2e05 Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
Pull x86 platform driver revert from Matthew Garrett:
 "This clearly shouldn't have been merged.  No excuse on my part"

* 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86:
  Revert "platform/x86/toshiba-apci.c possible bad if test?"
2014-08-20 18:23:06 -05:00
Linus Torvalds
e9de42d8ee Reverting a 3.16 patch, fixing two bugs in device assignment
(one has a CVE), and fixing some problems introduced during the merge window
 (the CMA bug came in via Andrew, the x86 ones via yours truly).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJT9IfLAAoJEBvWZb6bTYbyAG8P/2GLPast76I9Pc269UNACV0f
 vNgJfSAH97PrEQtVzCurqb0RKHMKcZ5XyYmKh5TvzlbWYXnqJuJr5TrIh0gsuxn9
 DaBKVgeXBTd43OCRXJKw6SgkKlnf+yfQeASLRwjQgVCqsvNR/rKksEPjAhVqQJIJ
 PlRYKeBc7SA8bPUG64GDtF3yP9e/KG5ItGudj4eUADtadPmyldJbTWl0zLwY7jvJ
 /qcSxRgwqUsIS0c8xE5rlByxuWQ43RF+MfohNttNUjXD/dhvJo07NpkPUS6TsqHf
 x1VyWPuIY1zB/WghKutI8oZxS14iUs1l0LL9egS7fc4sYQqQ7+HHLaJnEMloTXqF
 GYfwmnyz53ocR1M4dgCPyBi0uxM3ydRzbSnsToR2kzVdS3WKu5O8GfjkE2zooEaA
 OP77OsSxtl5mLD68ZtubmLt8ttYCiWOEIOzviUSoJjPv0gUE07oAjecp7C8nKDCP
 lUxM2JZ01SLSzRf3uSlrNfRpeyMWVmYhyiG3lqLmph9FfP7p4donbIdh/QA0W7Nj
 E2GEEv3lCUZp7+TnOydsiWNVwv026dDanh5QLSuCvfCqf+xhNMJbrRzlbUpfGAsm
 89XasETdOnAqIO9VOOBLAKE2wrMEx+9vT2G0Dv3e+3IedGwLuM7/53X4zXUIB8ys
 L9C7kZwci9+X3qIExWJI
 =lhLd
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Reverting a 3.16 patch, fixing two bugs in device assignment (one has
  a CVE), and fixing some problems introduced during the merge window
  (the CMA bug came in via Andrew, the x86 ones via yours truly)"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it
  Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
  KVM: x86: do not check CS.DPL against RPL during task switch
  KVM: x86: Avoid emulating instructions on #UD mistakenly
  PC, KVM, CMA: Fix regression caused by wrong get_order() use
  kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
2014-08-20 18:22:10 -05:00
Linus Torvalds
be816bc491 SCSI fixes on 20140819
These are the two bug fixes I mentioned in the final merge window pull.  One
 is a reversed logic check in the device busy tests which can cause a nasty
 hang and another crash seen in the new SCSI pool support if the use count ever
 goes to zero.
 
 Signed-off-by: James Bottomley <JBottomley@Parallels.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJT85zGAAoJEDeqqVYsXL0Mnw4IAJ7BP+4nUlP7Oib8JfPu4Df2
 b6dv3YEGe6th4awrHqUnATusjQLIybk/rgRKb6P50o1iX2VI+rs1mAm9esw9NalS
 8aKzDMAv9pTRsRvAhe3AnIVGGCYAekV4AZWmsXQPCKqcsQZSZKAnIerLBf0lBemR
 X3+1VhYtbB9z4o0Gpv4E5mR/7CqIouDpe5QGRKRY2+/Yyp2El6Vzwqr9XMLyOvmY
 Y9WaIhM1UzABl+NAlDhMnA0Yw27UHJfWY6UWZ3Wa73DQCWsdZ6eydal4g8YNA5pB
 +6UjMQKWh/bXHZl8v+eCuuXODXZQGazKOFFoc6SGumxAcuLraCBFsuU5m4AQ0NA=
 =v+g2
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "These are the two bug fixes I mentioned in the final merge window
  pull.  One is a reversed logic check in the device busy tests which
  can cause a nasty hang and another crash seen in the new SCSI pool
  support if the use count ever goes to zero"

[ The device busy test already got merged from a patch earlier, so is
  now duplicated.  ]

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] save command pool address of Scsi_Host
  [SCSI] fix qemu boot hang problem
2014-08-20 18:20:50 -05:00
Matthew Garrett
8039aabb6c Revert "platform/x86/toshiba-apci.c possible bad if test?"
This reverts commit bdc3ae7221.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2014-08-20 08:18:18 -07:00
Chin-Tsung Cheng
e6d8fb340f ext3: Count internal journal as bsddf overhead in ext3_statfs
The journal blocks of external journal device should not
be counted as overhead.

Signed-off-by: Chin-Tsung Cheng <chintzung@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19 23:16:51 +02:00
Guenter Roeck
480cadc2b7 scsi: Fix qemu boot hang problem
The latest kernel fails to boot qemu arm images when using scsi
for disk access. Boot gets stuck after the following messages.

brd: module loaded
sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103)
sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93
sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking
sym0: SCSI BUS has been reset.
scsi host0: sym-2.2.3

Bisect points to commit 71e75c97f9 ("scsi: convert device_busy to
atomic_t"). Code inspection shows the following suspicious change
in scsi_request_fn.

out_delay:
-       if (sdev->device_busy == 0 && !scsi_device_blocked(sdev))
+       if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev))
		blk_delay_queue(q, SCSI_QUEUE_DELAY);
	}

'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)',
meaning the logic was reversed. Changing this expression to
'!atomic_read(&sdev->device_busy)' fixes the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Acked-by: Jens Axboe <axboe@fb.com>
Reviewed-by: Venkatesh Srinivas <venkateshs@google.com>
Reviewed-by: Webb Scales <webbnh@hp.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-19 12:42:26 -05:00
Jan Kara
410dd3cf4c isofs: Fix unbounded recursion when processing relocated directories
We did not check relocated directory in any way when processing Rock
Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
entry pointing to another CL entry leading to possibly unbounded
recursion in kernel code and thus stack overflow or deadlocks (if there
is a loop created from CL entries).

Fix the problem by not allowing CL entry to point to a directory entry
with CL entry (such use makes no good sense anyway) and by checking
whether CL entry doesn't point to itself.

CC: stable@vger.kernel.org
Reported-by: Chris Evans <cevans@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19 18:29:30 +02:00
Chao Yu
85cd083b49 udf: avoid unneeded up_write when fail to add entry in ->symlink
We have released the ->i_data_sem before invoking udf_add_entry(),
so in following error path, we should not release this lock again.

Signed-off-by: Chao Yu <chao2.yu@samsung.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19 18:29:30 +02:00
Wolfram Sang
4560d67722 MAINTAINERS: add maintainer for ACPI parts of I2C
Mika has done great work in that field, so let people know.

Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
2014-08-19 10:34:08 -05:00
Alan Cox
39e8e30ee5 i2c: i801: Add PCI ID for Intel Braswell
The SMBus host controller is the same as used in Baytrail so add the new
PCI ID to the driver's list of supported IDs.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2014-08-19 10:19:47 -05:00
Lan Tianyu
366047515c i2c: rework kernel config I2C_ACPI
Commit da3c6647(I2C/ACPI: Clean up I2C ACPI code and Add CONFIG_I2C_ACPI
config) adds a new kernel config I2C_ACPI and make I2C core built in
when the config is selected. This is wrong because distributions
etc generally compile I2C as a module and the commit broken that.
This patch is to rename I2C_ACPI to ACPI_I2C_OPREGION. New config
only controls ACPI I2C operation region code and depends on I2C=y.

Signed-off-by: Lan Tianyu <tianyu.lan@intel.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
[wsa: removed unrelated change for Kconfig]
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2014-08-19 10:19:39 -05:00
Linus Torvalds
63d871cb0b md bugfixes for 3.17
- raid6 data corruption during recovery
  - raid6 livelock
  - raid10 memory leaks.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIVAwUAU/L7ITnsnt1WYoG5AQLO7Q/+K5r4cJAqs2NwCKrzkMbRvnMnjEi/SnFk
 aCyVs4v52Q3LhR8Vjj3sFqDsDcNp4OWdJcU6E23s2yPwODboF4PS3oh31yHZ0LJx
 r3pkWm6aNm+6VS+oNCfmilnmUfV615hzDdgL8km0LId3/RZzFf9hfrTZT1SSVzIK
 b8WZP+R8+OhofRp8Qt+98bz8C9M+GAAnLI1ku2sstoCvhExbytTXsr/B/n3pN/W5
 lqLvMsFdydvtmQ66Ak28bFPZ7j2snw+pg5avKAxF5Nly8iNzmTSRWsLEgc9d7X52
 9WKMlZcum8OamioM0qceggUMD58HsR3shNkdLUZNDcImKzSd2dGUsYOSqNGqGRqC
 WDuz8SCQLvHULfJFIpDHkTVgYUnnCUzeDTy9LJlDJ3MI9Eln7eDYsx/klhA5cYNO
 lPUMYQdNqBZASNxrlhg4i5rjrwZXZT4BLPwi794lgY31fpDnyGriEpjKfUCYUznG
 KbJZNoZTayTLUYVrTV4WWPsiEbbjQcsdTK2Ez50Fiv3bG5OU04czlEs+9ZQb17Lk
 HwgVzwSlGhLYv+NIngQI1C8Ga0DD0CViKyouypS3EStR7TKv3iWRRaxdKJhwsoFc
 mjet/cyL8LlCx8Os7fJL12SQYe/UOCejib0nDvek+qs0D8yrjiwONov+YbHG39Yw
 /R3m50gHbcU=
 =Pi8y
 -----END PGP SIGNATURE-----

Merge tag 'md/3.17-fixes' of git://neil.brown.name/md

Pull md bugfixes from Neil Brown:
 "Here are the bug-fixes I promised :-)

  Funny how you start looking for one and other start appearing.

   - raid6 data corruption during recovery
   - raid6 livelock
   - raid10 memory leaks"

* tag 'md/3.17-fixes' of git://neil.brown.name/md:
  md/raid10: always initialise ->state on newly allocated r10_bio
  md/raid10: avoid memory leak on error path during reshape.
  md/raid10: Fix memory leak when raid10 reshape completes.
  md/raid10: fix memory leak when reshaping a RAID10.
  md/raid6: avoid data corruption during recovery of double-degraded RAID6
  md/raid5: avoid livelock caused by non-aligned writes.
2014-08-19 09:47:01 -05:00
Linus Torvalds
f17a6f7859 PCI changes for v3.17 (part 3):
Marvell MVEBU
     - Remove ARCH_KIRKWOOD dependency (Andrew Lunn)
 
   NVIDIA Tegra
     - Add debugfs support (Thierry Reding)
 
   Synopsys DesignWare
     - Look for configuration space in 'reg', not 'ranges' (Kishon Vijay Abraham I)
     - Program ATU with untranslated address (Kishon Vijay Abraham I)
     - Add config access-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
     - Add MSI-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
 
   TI DRA7xx
     - Add TI DR7xx PCIe driver (Kishon Vijay Abraham I)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT8s0TAAoJEFmIoMA60/r853cQALnowzIdDhd0jq+IEpEq3PaO
 6e1fssstRbCWV+UoV09EgcRAGbehscnqGi+Ug3y0k+orqBE8R5mkUrJ13ddTlMrP
 WCYsxDWrAwiEI0R/YZ189yeWMyzzYWG+FtwR/iLAYZihz/edHz5P9Qb3gc+rg0S+
 /1hj50CrpXfUACQfyqCXSI6MNFyoSYo4z+BG9y/6A8/xg3nMRhxV93MjkurXW9Kn
 KqsF8xtKvhI//EFwGPGpN30pZdYoRxjbqcOd/XranZ9oZ7egQtV3NJyXzkXGkAwj
 rOR5usn9Cyi5MU0N79vPxxQYJXIJnPdHe5tpWXQoxOBTZ48crOP6aFRH6AFLteLW
 KLRuZKeKBdTXIJx5BIj+gEesnG8HAlv263+2Uzoyw7Qiz7dT6zl4+Z7YGonMxSAW
 HxhQhF8MPUfwBP738hIcM5L2pIJsDrHuhVi4Ff/ndqdFfnN6qx75avVO4l4gmjpl
 6RdsJnb8LjwTQpG8fQcojzEqmxrOSRei0fG8vmw0hCBQq23aNpe2TARBgxY8T3cO
 l7tBY4VyiJy7Q8zfhqGDKqv9QT4gQbwLZx+xZrbDgTkkt+dHCb6eqATbRqCpQ02X
 yuKAuj9eqFcZVscSNddRg1p/1iBaZHzpgWRUUXtJ7hBtWol9dFtFcnp+ibPPZy+4
 uZ3TmYr/Yb408FbUHBJB
 =XIzM
 -----END PGP SIGNATURE-----

Merge tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI changes from Bjorn Helgaas:
 "Marvell MVEBU
    - Remove ARCH_KIRKWOOD dependency (Andrew Lunn)

  NVIDIA Tegra
    - Add debugfs support (Thierry Reding)

  Synopsys DesignWare
    - Look for configuration space in 'reg', not 'ranges' (Kishon Vijay Abraham I)
    - Program ATU with untranslated address (Kishon Vijay Abraham I)
    - Add config access-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
    - Add MSI-related pcie_host_ops for v3.65 hardware (Murali Karicheri)

  TI DRA7xx
    - Add TI DR7xx PCIe driver (Kishon Vijay Abraham I)"

* tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: designware: Add MSI-related pcie_host_ops for v3.65 hardware
  PCI: designware: Add config access-related pcie_host_ops for v3.65 hardware
  PCI: dra7xx: Add TI DRA7xx PCIe driver
  PCI: designware: Program ATU with untranslated address
  PCI: designware: Look for configuration space in 'reg', not 'ranges'
  PCI: tegra: Add debugfs support
  PCI: mvebu: Remove ARCH_KIRKWOOD dependency
2014-08-19 09:45:31 -05:00
Linus Torvalds
7ac0bbf99d Additional devicetree changes for v3.17
Three more commits needed for v3.17: A bug fix for reserved regions
 based at address zero, a clarification on how to interpret existence of
 both interrupts and interrupts-extended properties, and a fix to allow
 device tree testcases to run on any platform.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIbBAABAgAGBQJT77FEAAoJEMWQL496c2LNxPAP+OOyx76nq0yk5ee6pfWmL397
 bqRfEtWX5Lp72Bq1jiyPQy5W525UClbfADCaal6Fy+xO0dz9DKZKoXdT5nX3NKx4
 KAvsrJIvJN72HLIqbhqV45pUZMa3RTMx8+iC0LfNIKPB60GLuHZ/0SjFPN0btxDF
 6nJAoAW/82kFdg+Kuq72oP955ejmYxXbbVwwDe6M4sGchArCAYxJcdGsEuokwhMm
 Cy0campj9eXbSGNceM6Kz6busO8ZliwzXEfe2+nvRPXwnETlqJZT8GmV3o5CZ+U9
 aOSpZfYG8wb95o4tqaUnR9liPRutfF4HrRldD8sdfQheu4ylCLHUW6fcrgnvLUil
 a7djk5bSKdmvMWZUJ6v3VJRC3iiRJ2PHmF5Tk2PbFCPC8m/s+4QG2oh/3G8oI5Rf
 7i3027xEtNtCmTBcuikPrPlJyiMIjFFibTjtB2i/jNSNv0XQdjKv/W+sE2VI3062
 iHORCu7VGLXAK32gSAqtzBrcsXxq14rPdtkJ9DR8Cz3+gUvra17t8JcUk///a7r5
 DRW6g93fyXqmqx4d63tp3pb44XbEiYkihyOz7R/dcrBFspZDvkMf5kF2rpQpHTmI
 n9pWsOoawZikHMFVSehcPzVJeQeFXtlJWSzPJkXwFEveUVsyhhCoSFXwuaI30BBr
 LELrzQ30VFcxtr4QRmY=
 =ZaXA
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux

Pull devicetree fixes from Grant Likely:
 "Three more commits needed for v3.17: A bug fix for reserved regions
  based at address zero, a clarification on how to interpret existence
  of both interrupts and interrupts-extended properties, and a fix to
  allow device tree testcases to run on any platform"

* tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux:
  of/irq: Fix lookup to use 'interrupts-extended' property first
  Enabling OF selftest to run without machine's devicetree
  of: Allow mem_reserve of memory with a base address of zero
2014-08-19 09:43:48 -05:00
Davidlohr Bueso
f325f1643a frv: Define cpu_relax_lowlatency()
3a6bfbc91d "(arch,locking: Ciao arch_mutex_cpu_relax()") broke
building the frv arch.  Fixes errors such as:

  kernel/locking/mcs_spinlock.h:87:2: error: implicit declaration of function 'cpu_relax_lowlatency'

Signed-off-by: Davidlohr Bueso <davidlohr@hp.com>
Compile-tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-19 09:40:08 -05:00
Chen Gang
30d1e0e806 virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it
As a generic function, deassign_guest_irq() assumes it can be called
even if assign_guest_irq() is not be called successfully (which can be
triggered by ioctl from user mode, indirectly).

So for assign_guest_irq() failure process, need set 'dev->irq_source_id'
to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free
it again.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19 15:12:28 +02:00
Paolo Bonzini
0d234daf7e Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
This reverts commit 682367c494,
which causes 32-bit SMP Windows 7 guests to panic.

SeaBIOS has a limit on the number of MTRRs that it can handle,
and this patch exceeded the limit.  Better revert it.
Thanks to Nadav Amit for debugging the cause.

Cc: stable@nongnu.org
Reported-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19 15:12:28 +02:00
Paolo Bonzini
9a4cfb27f7 KVM: x86: do not check CS.DPL against RPL during task switch
This reverts the check added by commit 5045b46803 (KVM: x86: check CS.DPL
against RPL during task switch, 2014-05-15).  Although the CS.DPL=CS.RPL
check is mentioned in table 7-1 of the SDM as causing a #TSS exception,
it is not mentioned in table 6-6 that lists "invalid TSS conditions"
which cause #TSS exceptions. In fact it causes some tests to fail, which
pass on bare-metal.

Keep the rest of the commit, since we will find new uses for it in 3.18.

Reported-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19 15:12:28 +02:00
Nadav Amit
3a6095a017 KVM: x86: Avoid emulating instructions on #UD mistakenly
Commit d40a6898e5 mistakenly caused instructions which are not marked as
EmulateOnUD to be emulated upon #UD exception. The commit caused the check of
whether the instruction flags include EmulateOnUD to never be evaluated. As a
result instructions whose emulation is broken may be emulated.  This fix moves
the evaluation of EmulateOnUD so it would be evaluated.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
[Tweak operand order in &&, remove EmulateOnUD where it's now superfluous.
 - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19 15:12:28 +02:00
Alexey Kardashevskiy
c04fa5831d PC, KVM, CMA: Fix regression caused by wrong get_order() use
fc95ca7284 claims that there is no
functional change but this is not true as it calls get_order() (which
takes bytes) where it should have called order_base_2() and the kernel
stops on VM_BUG_ON().

This replaces get_order() with order_base_2() (round-up version of ilog2).

Suggested-by: Paul Mackerras <paulus@samba.org>
Cc: Alexander Graf <agraf@suse.de>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19 15:11:57 +02:00
Michael S. Tsirkin
350b8bdd68 kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.

By making gfn very large, malicious guest or userspace can cause kvm to
go to this error path, and subsequently to pass a huge value as size.
Alternatively if gfn is small, then pages would be pinned but never
unpinned, causing host memory leak and local DOS.

Passing a reasonable but large value could be the most dangerous case,
because it would unpin a page that should have stayed pinned, and thus
allow the device to DMA into arbitrary memory.  However, this cannot
happen because of the condition that can trigger the error:

- out of memory (where you can't allocate even a single page)
  should not be possible for the attacker to trigger

- when exceeding the iommu's address space, guest pages after gfn
  will also exceed the iommu's address space, and inside
  kvm_iommu_put_pages() the iommu_iova_to_phys() will fail.  The
  page thus would not be unpinned at all.

Reported-by: Jack Morgenstein <jackm@mellanox.com>
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19 15:04:45 +02:00
Libin Yang
ca2e7224d7 ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec
Valleyview and Cherryview have the same behavior on display audio. So this patch
defines is_valleyview_plus() to include codecs for both Valleyview and its successor
Cherryview, and apply Valleyview fix-ups to Cherryview.

Signed-off-by: Libin Yang <libin.yang@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-08-19 10:24:46 +02:00
Libin Yang
d35f64e748 ALSA: hda/hdmi - set depop_delay for haswell plus
Both Haswell and Broadwell need set depop_delay to 0. So apply this
setting to haswell plus.

Signed-off-by: Libin Yang <libin.yang@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-08-19 10:24:37 +02:00
NeilBrown
cb8b12b5d8 md/raid10: always initialise ->state on newly allocated r10_bio
Most places which allocate an r10_bio zero the ->state, some don't.
As the r10_bio comes from a mempool, and the allocation function uses
kzalloc it is often zero anyway.  But sometimes it isn't and it is
best to be safe.

I only noticed this because of the bug fixed by an earlier patch
where the r10_bios allocated for a reshape were left around to
be used by a subsequent resync.  In that case the R10BIO_IsReshape
flag caused problems.

Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19 17:20:27 +10:00
NeilBrown
e337aead3a md/raid10: avoid memory leak on error path during reshape.
If raid10 reshape fails to find somewhere to read a block
from, it returns without freeing memory...

Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19 17:20:27 +10:00
NeilBrown
b39685526f md/raid10: Fix memory leak when raid10 reshape completes.
When a raid10 commences a resync/recovery/reshape it allocates
some buffer space.
When a resync/recovery completes the buffer space is freed.  But not
when the reshape completes.
This can result in a small memory leak.

There is a subtle side-effect of this bug.  When a RAID10 is reshaped
to a larger array (more devices), the reshape is immediately followed
by a "resync" of the new space.  This "resync" will use the buffer
space which was allocated for "reshape".  This can cause problems
including a "BUG" in the SCSI layer.  So this is suitable for -stable.

Cc: stable@vger.kernel.org (v3.5+)
Fixes: 3ea7daa5d7
Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19 17:20:27 +10:00
NeilBrown
ce0b0a4695 md/raid10: fix memory leak when reshaping a RAID10.
raid10 reshape clears unwanted bits from a bio->bi_flags using
a method which, while clumsy, worked until 3.10 when BIO_OWNS_VEC
was added.
Since then it clears that bit but shouldn't.  This results in a
memory leak.

So change to used the approved method of clearing unwanted bits.

As this causes a memory leak which can consume all of memory
the fix is suitable for -stable.

Fixes: a38352e0ac
Cc: stable@vger.kernel.org (v3.10+)
Reported-by: mdraid.pkoch@dfgh.net (Peter Koch)
Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19 17:20:27 +10:00
Hui Wang
f475371aa6 ALSA: hda - restore the gpio led after resume
On some HP laptops, the mute led is controlled by codec gpio.

When some machine resume from s3/s4, the codec gpio data will be
cleared to 0 by BIOS:
Before suspend:
  IO[3]: enable=1, dir=1, wake=0, sticky=0, data=1, unsol=0
After resume:
  IO[3]: enable=1, dir=1, wake=0, sticky=0, data=0, unsol=0

To skip the AFG node to enter D3 can't fix this problem.

A workaround is to restore the gpio data when the system resume
back from s3/s4. It is safe even on the machines without this
problem.

BugLink: https://bugs.launchpad.net/bugs/1358116
Tested-by: Franz Hsieh <franz.hsieh@canonical.com>
Cc: stable@vger.kernel.org
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-08-19 07:57:46 +02:00
Tejun Heo
2a13772a14 libata: widen Crucial M550 blacklist matching
Crucial M550 may cause data corruption on queued trims and is
blacklisted.  The pattern used for it fails to match 1TB one as the
capacity section will be four chars instead of three.  Widen the
pattern.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Charles Reiss <woggling@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=81071
Cc: stable@vger.kernel.org
2014-08-18 17:40:09 -04:00
Tony Luck
703e6a6ed6 [IA64] Wire up memfd_create() system call
Yet another system call. This one added by:

   commit 9183df25fe
   shm: add memfd_create() syscall

Signed-off-by: Tony Luck <tony.luck@intel.com>
2014-08-18 10:29:52 -07:00
Arjun Sreedharan
4dc7c76cd5 pata_scc: propagate return value of scc_wait_after_reset
scc_bus_softreset not necessarily should return zero.
Propagate the error code.

Signed-off-by: Arjun Sreedharan <arjun024@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: stable@vger.kernel.org
2014-08-18 09:15:21 -04:00
NeilBrown
9c4bdf697c md/raid6: avoid data corruption during recovery of double-degraded RAID6
During recovery of a double-degraded RAID6 it is possible for
some blocks not to be recovered properly, leading to corruption.

If a write happens to one block in a stripe that would be written to a
missing device, and at the same time that stripe is recovering data
to the other missing device, then that recovered data may not be written.

This patch skips, in the double-degraded case, an optimisation that is
only safe for single-degraded arrays.

Bug was introduced in 2.6.32 and fix is suitable for any kernel since
then.  In an older kernel with separate handle_stripe5() and
handle_stripe6() functions the patch must change handle_stripe6().

Cc: stable@vger.kernel.org (2.6.32+)
Fixes: 6c0069c0ae
Cc: Yuri Tikhonov <yur@emcraft.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Reported-by: "Manibalan P" <pmanibalan@amiindia.co.in>
Tested-by: "Manibalan P" <pmanibalan@amiindia.co.in>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1090423
Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: Dan Williams <dan.j.williams@intel.com>
2014-08-18 14:49:46 +10:00
NeilBrown
a40687ff73 md/raid5: avoid livelock caused by non-aligned writes.
If a stripe in a raid6 array received a write to each data block while
the array is degraded, and if any of these writes to a missing device
are not page-aligned, then a live-lock happens.

In this case the P and Q blocks need to be read so that the part of
the missing block which is *not* being updated by the write can be
constructed.  Due to a logic error, these blocks are not loaded, so
the update cannot proceed and the stripe is 'handled' repeatedly in an
infinite loop.

This bug is unlikely as most writes are page aligned.  However as it
can lead to a livelock it is suitable for -stable.  It was introduced
in 3.16.

Cc: stable@vger.kernel.org (v3.16)
Fixed: 67f455486d
Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-18 14:49:41 +10:00
Steve French
30175628bf [SMB3] Enable fallocate -z support for SMB3 mounts
fallocate -z (FALLOC_FL_ZERO_RANGE) can map to SMB3
FSCTL_SET_ZERO_DATA SMB3 FSCTL but FALLOC_FL_ZERO_RANGE
when called without the FALLOC_FL_KEEPSIZE flag set could want
the file size changed so we can not support that subcase unless
the file is cached (and thus we know the file size).

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <pshilovsky@samba.org>
2014-08-17 18:16:40 -05:00
Steve French
31742c5a33 enable fallocate punch hole ("fallocate -p") for SMB3
Implement FALLOC_FL_PUNCH_HOLE (which does not change the file size
fortunately so this matches the behavior of the equivalent SMB3
fsctl call) for SMB3 mounts.  This allows "fallocate -p" to work.
It requires that the server support setting files as sparse
(which Windows allows).

Signed-off-by: Steve French <smfrench@gmail.com>
2014-08-17 18:12:38 -05:00