Returns the time remaining for an alarm timer, rather than the time at
which it is scheduled to expire. If the timer has already expired or it
is not currently scheduled, the it_value's members are set to zero.
This new behavior matches that of the other posix-timers and the POSIX
specifications.
This is a change in user-visible behavior, and may break existing
applications. Hopefully, few users rely on the old incorrect behavior.
Cc: stable@vger.kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Sharvil Nanavati <sharvil@google.com>
Signed-off-by: Richard Larocque <rlarocque@google.com>
[jstultz: minor style tweak]
Signed-off-by: John Stultz <john.stultz@linaro.org>
timeval_to_jiffies tried to round a timeval up to an integral number
of jiffies, but the logic for doing so was incorrect: intervals
corresponding to exactly N jiffies would become N+1. This manifested
itself particularly repeatedly stopping/starting an itimer:
setitimer(ITIMER_PROF, &val, NULL);
setitimer(ITIMER_PROF, NULL, &val);
would add a full tick to val, _even if it was exactly representable in
terms of jiffies_ (say, the result of a previous rounding.) Doing
this repeatedly would cause unbounded growth in val. So fix the math.
Here's what was wrong with the conversion: we essentially computed
(eliding seconds)
jiffies = usec * (NSEC_PER_USEC/TICK_NSEC)
by using scaling arithmetic, which took the best approximation of
NSEC_PER_USEC/TICK_NSEC with denominator of 2^USEC_JIFFIE_SC =
x/(2^USEC_JIFFIE_SC), and computed:
jiffies = (usec * x) >> USEC_JIFFIE_SC
and rounded this calculation up in the intermediate form (since we
can't necessarily exactly represent TICK_NSEC in usec.) But the
scaling arithmetic is a (very slight) *over*approximation of the true
value; that is, instead of dividing by (1 usec/ 1 jiffie), we
effectively divided by (1 usec/1 jiffie)-epsilon (rounding
down). This would normally be fine, but we want to round timeouts up,
and we did so by adding 2^USEC_JIFFIE_SC - 1 before the shift; this
would be fine if our division was exact, but dividing this by the
slightly smaller factor was equivalent to adding just _over_ 1 to the
final result (instead of just _under_ 1, as desired.)
In particular, with HZ=1000, we consistently computed that 10000 usec
was 11 jiffies; the same was true for any exact multiple of
TICK_NSEC.
We could possibly still round in the intermediate form, adding
something less than 2^USEC_JIFFIE_SC - 1, but easier still is to
convert usec->nsec, round in nanoseconds, and then convert using
time*spec*_to_jiffies. This adds one constant multiplication, and is
not observably slower in microbenchmarks on recent x86 hardware.
Tested: the following program:
int main() {
struct itimerval zero = {{0, 0}, {0, 0}};
/* Initially set to 10 ms. */
struct itimerval initial = zero;
initial.it_interval.tv_usec = 10000;
setitimer(ITIMER_PROF, &initial, NULL);
/* Save and restore several times. */
for (size_t i = 0; i < 10; ++i) {
struct itimerval prev;
setitimer(ITIMER_PROF, &zero, &prev);
/* on old kernels, this goes up by TICK_USEC every iteration */
printf("previous value: %ld %ld %ld %ld\n",
prev.it_interval.tv_sec, prev.it_interval.tv_usec,
prev.it_value.tv_sec, prev.it_value.tv_usec);
setitimer(ITIMER_PROF, &prev, NULL);
}
return 0;
}
Cc: stable@vger.kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Paul Turner <pjt@google.com>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Reviewed-by: Paul Turner <pjt@google.com>
Reported-by: Aaron Jacobs <jacobsa@google.com>
Signed-off-by: Andrew Hunter <ahh@google.com>
[jstultz: Tweaked to apply to 3.17-rc]
Signed-off-by: John Stultz <john.stultz@linaro.org>
futex_wait_requeue_pi() calls futex_wait_setup(). If
futex_wait_setup() succeeds it returns with hb->lock held and
preemption disabled. Now the sanity check after this does:
if (match_futex(&q.key, &key2)) {
ret = -EINVAL;
goto out_put_keys;
}
which releases the keys but does not release hb->lock.
So we happily return to user space with hb->lock held and therefor
preemption disabled.
Unlock hb->lock before taking the exit route.
Reported-by: Dave "Trinity" Jones <davej@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Darren Hart <dvhart@linux.intel.com>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1409112318500.4178@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Here is one misc driver fix for 3.17-rc5. It resolves a kernel oops
that can happen in the lattice FPGA driver if the firmware isn't
present on the system.
It's been in the linux-next tree for a while now.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEABECAAYFAlQTOR4ACgkQMUfUDdst+ylXvACeKk2PemIzfaUoGTmgkGoOioX4
BIsAoLE2jr9/ivh9r+0hkudNGnmBzVI4
=PSdY
-----END PGP SIGNATURE-----
Merge tag 'char-misc-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fix from Greg KH:
"Here is one misc driver fix for 3.17-rc5. It resolves a kernel oops
that can happen in the lattice FPGA driver if the firmware isn't
present on the system.
It's been in the linux-next tree for a while now"
* tag 'char-misc-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
Lattice ECP3 FPGA: Check firmware pointer
Here are 3 tiny staging driver fixes for 3.17-rc5. Two are fixes for
the imx-drm driver, resolving issues that have been reported. The other
is a memory leak fix for the Android sync driver, due to changes that
went into 3.17-rc1.
All have been in linux-next for a while.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEABECAAYFAlQTOKgACgkQMUfUDdst+ykAowCg1HK4Ur/8WFty0TQyaZiz3sTX
j0sAnRBGo8Cqe1hPk5D5WADTdyuTYVtv
=TvOc
-----END PGP SIGNATURE-----
Merge tag 'staging-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are 3 tiny staging driver fixes for 3.17-rc5.
Two are fixes for the imx-drm driver, resolving issues that have been
reported. The other is a memory leak fix for the Android sync driver,
due to changes that went into 3.17-rc1.
All have been in linux-next for a while"
* tag 'staging-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
android: fix reference leak in sync_fence_create
imx-drm: imx-ldb: fix NULL pointer in imx_ldb_unbind()
imx-drm: ipuv3-plane: fix ipu_plane_dpms()
Here are 3 patches for 3.17-rc5. Two serial driver fixes that resolve
some reported issues, and one new device id.
All have been in linux-next just fine.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEABECAAYFAlQTNocACgkQMUfUDdst+ylSFQCfcarOgwBv2UaO9rR7IxrBXL5P
z5AAnR5wa7Ip5UpfSyqhg67qg42ffq2J
=G50/
-----END PGP SIGNATURE-----
Merge tag 'tty-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty/serial fixes from Greg KH:
"Here are 3 patches for 3.17-rc5. Two serial driver fixes that resolve
some reported issues, and one new device id.
All have been in linux-next just fine"
* tag 'tty-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
tty: xuartps: Fix tx_emtpy() callback
tty/serial: at91: BUG: disable interrupts when !UART_ENABLE_MS()
serial: 8250_dw: Add ACPI ID for Intel Braswell
Here are some USB and PHY fixes for 3.17-rc5.
Nothing major here, just a number of tiny fixes for reported issues, and
some new device ids as well.
All have been tested in linux-next.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEABECAAYFAlQTNfsACgkQMUfUDdst+yk2ZwCfQOF5dNNui7FbtSWWy6h82CBN
25YAoKXJtipABRJo5q+bztCIDYGk0PgA
=4Ial
-----END PGP SIGNATURE-----
Merge tag 'usb-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are some USB and PHY fixes for 3.17-rc5.
Nothing major here, just a number of tiny fixes for reported issues,
and some new device ids as well.
All have been tested in linux-next"
* tag 'usb-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (46 commits)
xhci: fix oops when xhci resumes from hibernate with hw lpm capable devices
usb: xhci: Fix OOPS in xhci error handling code
xhci: Fix null pointer dereference if xhci initialization fails
storage: Add single-LUN quirk for Jaz USB Adapter
uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check
usb: chipidea: msm: Initialize PHY on reset event
usb: chipidea: msm: Use USB PHY API to control PHY state
usb: hub: take hub->hdev reference when processing from eventlist
uas: Disable uas on ASM1051 devices
usb: dwc2/gadget: avoid disabling ep0
usb: dwc2/gadget: delay enabling irq once hardware is configured properly
usb: dwc2/gadget: do not call disconnect method in pullup
usb: dwc2/gadget: break infinite loop in endpoint disable code
usb: dwc2/gadget: fix phy initialization sequence
usb: dwc2/gadget: fix phy disable sequence
uwb: init beacon cache entry before registering uwb device
USB: ftdi_sio: Add support for GE Healthcare Nemo Tracker device
USB: document the 'u' flag for usb-storage quirks parameter
usb: host: xhci: fix compliance mode workaround
usb: dwc3: fix TRB completion when multiple TRBs are started
...
Pull btrfs fixes from Chris Mason:
"Filipe is doing a careful pass through fsync problems, and these are
the fixes so far. I'll have one more for rc6 that we're still
testing.
My big commit is fixing up some inode hash races that Al Viro found
(thanks Al)"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
Btrfs: use insert_inode_locked4 for inode creation
Btrfs: fix fsync data loss after a ranged fsync
Btrfs: kfree()ing ERR_PTRs
Btrfs: fix crash while doing a ranged fsync
Btrfs: fix corruption after write/fsync failure + fsync + log recovery
Btrfs: fix autodefrag with compression
Just a couple of stragglers here:
- Fix an issue migrating interrupts on CPU hotplug
- Fix a potential information leak of TLS registers across an exec
(Nathan has sent a corresponding patch for arch/arm/ to rmk)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCgAGBQJUEfKCAAoJELescNyEwWM0I/8H/RLpR9kvk0npB8lroFJZUJfa
yIveU5kWnFpEpycjkDDHTYmXbbAMni1t6wII4ofMErDtMkJMW3y11gAp2iUEdP8w
YNGSO9WV8uddbEamoDnO1jMS2eE1sHSSFjXN5529ygM00mAdSq/sIYUkGrjkbRmo
6DHWFvaHYjZDIAb1teFFqtuaL5c4SX+DTwInqwO0hXIPXfgjmSD9PDk8KXJN0Qiu
daX3sNHlFyb4Bh4Q2/aIvQHrkFPVcNUnekCwNoHGgYJ/FMjTV67Kb5SmnlV41rSu
GU4dUuc26gumgrOQ9Yhob2AU6RhC4Auuht7ck+STZWy5kllmjX5TLZMLXmrLIRM=
=0A4L
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Just a couple of stragglers here:
- fix an issue migrating interrupts on CPU hotplug
- fix a potential information leak of TLS registers across an exec
(Nathan has sent a corresponding patch for arch/arm/ to rmk)"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: flush TLS registers during exec
arm64: use irq_set_affinity with force=false when migrating irqs
Including:
* Two fixes for issues found by Coverity
* Various fixes for the ARM SMMU driver
* A warning fix for the FSL PAMU driver
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJUEvbvAAoJECvwRC2XARrjTbgQAKfSftH7StWiVgR3MyiO1JVy
c0AAImQZ2rk7LO1R3xMxDn6DZD9sLTJNy9ogWr5YEyqMIVOdJt7hicrbgo0gGSS1
zU8numZweMPD7tzvFk93GjsSEdy+T4PYpmR2KncYB2OQ3szMd7GqooKohp1P1BfC
3fb9k9rjstnZXn0nKN6KxZ7QWaGme8e02cRz+5U+8N+AYHmV6ZcUumqig6KmYjuP
AtyQz2Sj8v2VAnVr+3yOz/bBLBSRChfc1q9aFSrD3mLhTLlJ7uk0+4NviGsPbZww
vGvWqy3w8aLzRDA9x+036FU6BoBQtaRdF/JCCPw8yOmfmUi6hA6kvTJbfgxIJPRK
ZZM6KBdPWfo8y83dVXsT3NpineA622VhstZVT7NGczDVtimnxI6wjLlNUj0ve4g5
AbaujBbnRtBclEWk23AjLpoiEA3iGw4putvCxFlWaclh0AEX0wx4W2scqCtF6hP5
w3d6HiuYnB5lKl+IMb1jYvybRLc1CrXbnsJGsyjjfYMztv31pY3s0gO9xAQldLCV
8Ah0njJ1GDKwXcmNUAgLcgrnmLIPat6IMT44vH15OYgjczsx0mN8ZChto24iOwx1
ZrSfBWQ2IVylHyIuGrIe6C1+HR6ixrzcOaCXJaa7cTvo7vXWL6E8KZa4uth74Jq1
VjmkefTgBjtrs656E+fr
=jHx2
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull iommu fixes from Joerg Roedel:
- two fixes for issues found by Coverity
- various fixes for the ARM SMMU driver
- a warning fix for the FSL PAMU driver
* tag 'iommu-fixes-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/fsl: Fix warning resulting from adding PCI device twice
iommu/arm-smmu: fix corner cases in address size calculations
iommu/arm-smmu: fix decimal printf format specifiers prefixed with 0x
iommu/arm-smmu: Do not access non-existing S2CR registers
iommu/arm-smmu: fix s2cr and smr teardown on device detach from domain
iommu/arm-smmu: remove pgtable_page_{c,d}tor()
iommu/arm-smmu: fix programming of SMMU_CBn_TCR for stage 1
iommu/arm-smmu: avoid calling request_irq in atomic context
iommu/vt-d: Check return value of acpi_bus_get_device()
iommu/core: Make iommu_group_get_for_dev() more robust
Minor fixes for amba-clcd and video DT bindings.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUEre2AAoJEPo9qoy8lh71NCgP+weX6PBaOLzRqxW1n40uFPKX
+e6YFwhgDNz4agDSI5gyc8DfZmMyN9v2kGF6tzoSc5+GIeEf3dksQ5xeeGI8f1Pc
EpMs+dkjv+NJHs42sB9pcPruSkiuhqler8/ucjM/AEmXEF6UOvOa3mkg5Ub9vFLR
zaqFDz2Pi1luopcDzUW7R3N1QRo8FwlmSAXggd4muoSYKjGPxf/Ufg7GFnJvidzs
v65OyBo3OEkb8Clh7El096Y4giylbgtbS5ekwW4hMRZK+Ql8UNqldHIMnJMobYfb
fmWyMxTSC+3G1WUdABVlczqDg6IITc7u98AVwXBbayfBcDK+0UN67TRhdyIEtXKC
+9AvtCW4ZKndDYBSICfeOy6hNDWGWPABmOwdhmR6zlnsJ4lLj89XEUMmkfGRlNBx
psW85WDQxzN2aEkXE1llrMUgmtVuiFEnLdmfzQ2H8SgZTUf4odfp+piU/6ohKZzJ
P6vAD/+O7qiy8BRYnhRFtGjFdk5QqWeZOUcvWoMANTuHwBJEDD6sjxSsNhMR4DCy
z039xMvfsDFs64An90eHqOM+osvvQtB0AkYWc2eIlaaI3I7g0iTvyVelACpbOmFj
eqduFKCCTCLi02d+0ZvyYLBC9FANmluc4e94VHtaqbL4lw+ldgd18Z3em5q/Kgzf
xtHhzHkZ3soIlK5qZJBc
=u5mP
-----END PGP SIGNATURE-----
Merge tag 'fbdev-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux
Pull fbdev fixes from Tomi Valkeinen:
"Minor fixes for amba-clcd and video DT bindings"
* tag 'fbdev-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
video: ARM CLCD: Fix color model capabilities for DT platforms
video: fix composite video connector compatible string
Pull drm fixes from Dave Airlie:
"AST, i915, radeon and msm fixes, all over the place.
All fixing build issues, regressions, oopses or failure to detect
cards"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/ast: AST2000 cannot be detected correctly
drm/ast: open key before detect chips
drm/msm: don't crash if no msm.vram param
drm/msm/hdmi: fix build break on non-CCF platforms
drm/msm: Change nested function to static function
drm/radeon/dpm: set the thermal type properly for special configs
drm/radeon: reduce memory footprint for debugging
drm/radeon: add connector quirk for fujitsu board
drm/radeon: fix semaphore value init
drm/radeon: only use me/pfp sync on evergreen+
drm/i915: Wait for vblank before enabling the TV encoder
drm/i915: Evict CS TLBs between batches
drm/i915: Fix irq enable tracking in driver load
drm/i915: Fix EIO/wedged handling in gem fault handler
drm/i915: Prevent recursive deadlock on releasing a busy userptr
This fixes CVE-2014-3631.
It is possible for an associative array to end up with a shortcut node at the
root of the tree if there are more than fan-out leaves in the tree, but they
all crowd into the same slot in the lowest level (ie. they all have the same
first nibble of their index keys).
When assoc_array_gc() returns back up the tree after scanning some leaves, it
can fall off of the root and crash because it assumes that the back pointer
from a shortcut (after label ascend_old_tree) must point to a normal node -
which isn't true of a shortcut node at the root.
Should we find we're ascending rootwards over a shortcut, we should check to
see if the backpointer is zero - and if it is, we have completed the scan.
This particular bug cannot occur if the root node is not a shortcut - ie. if
you have fewer than 17 keys in a keyring or if you have at least two keys that
sit into separate slots (eg. a keyring and a non keyring).
This can be reproduced by:
ring=`keyctl newring bar @s`
for ((i=1; i<=18; i++)); do last_key=`keyctl newring foo$i $ring`; done
keyctl timeout $last_key 2
Doing this:
echo 3 >/proc/sys/kernel/keys/gc_delay
first will speed things up.
If we do fall off of the top of the tree, we get the following oops:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
IP: [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
PGD dae15067 PUD cfc24067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: xt_nat xt_mark nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_ni
CPU: 0 PID: 26011 Comm: kworker/0:1 Not tainted 3.14.9-200.fc20.x86_64 #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: events key_garbage_collector
task: ffff8800918bd580 ti: ffff8800aac14000 task.ti: ffff8800aac14000
RIP: 0010:[<ffffffff8136cea7>] [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
RSP: 0018:ffff8800aac15d40 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8800aaecacc0
RDX: ffff8800daecf440 RSI: 0000000000000001 RDI: ffff8800aadc2bc0
RBP: ffff8800aac15da8 R08: 0000000000000001 R09: 0000000000000003
R10: ffffffff8136ccc7 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000070 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000018 CR3: 00000000db10d000 CR4: 00000000000006f0
Stack:
ffff8800aac15d50 0000000000000011 ffff8800aac15db8 ffffffff812e2a70
ffff880091a00600 0000000000000000 ffff8800aadc2bc3 00000000cd42c987
ffff88003702df20 ffff88003702dfa0 0000000053b65c09 ffff8800aac15fd8
Call Trace:
[<ffffffff812e2a70>] ? keyring_detect_cycle_iterator+0x30/0x30
[<ffffffff812e3e75>] keyring_gc+0x75/0x80
[<ffffffff812e1424>] key_garbage_collector+0x154/0x3c0
[<ffffffff810a67b6>] process_one_work+0x176/0x430
[<ffffffff810a744b>] worker_thread+0x11b/0x3a0
[<ffffffff810a7330>] ? rescuer_thread+0x3b0/0x3b0
[<ffffffff810ae1a8>] kthread+0xd8/0xf0
[<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
[<ffffffff816ffb7c>] ret_from_fork+0x7c/0xb0
[<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40
Code: 08 4c 8b 22 0f 84 bf 00 00 00 41 83 c7 01 49 83 e4 fc 41 83 ff 0f 4c 89 65 c0 0f 8f 5a fe ff ff 48 8b 45 c0 4d 63 cf 49 83 c1 02 <4e> 8b 34 c8 4d 85 f6 0f 84 be 00 00 00 41 f6 c6 01 0f 84 92
RIP [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540
RSP <ffff8800aac15d40>
CR2: 0000000000000018
---[ end trace 1129028a088c0cbd ]---
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
The DT-based panel capabilities selection was picking up
a subset of available modes based on hardware configuration.
This was wrong, as the capabilities describe available
memory models and adapt the display controller to them
that the RGB output is wired up correctly (as in: R and
B components are not swapped).
This patch fixes it by removing the unnecessary limitation.
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Type error and cause AST2000 cannot be detected correctly
Signed-off-by: Y.C. Chen <yc_chen@aspeedtech.com>
Reviewed-by: Egbert Eich <eich@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Some config settings like 3rd TX chips will not get correctly
if the extended reg is protected
Signed-off-by: Y.C. Chen <yc_chen@aspeedtech.com>
Reviewed-by: Egbert Eich <eich@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Pull Ceph fixes from Sage Weil:
"The main thing here is a set of three patches that fix a buffer
overrun for large authentication tickets (sigh).
There is also a trivial warning fix and an error path fix that are
both regressions"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
libceph: do not hard code max auth ticket len
libceph: add process_one_ticket() helper
libceph: gracefully handle large reply messages from the mon
rbd: fix error return code in rbd_dev_device_setup()
rbd: avoid format-security warning inside alloc_workqueue()
- Fix for PVHVM suspend/resume and migration
- Don't pointlessly retry certain ballooning ops
- Fix gntalloc when grefs have run out.
- Fix PV boot if KSALR is enable or very large modules are used.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJUEZw4AAoJEFxbo/MsZsTRoHkIAJ5h287Wer2Yf4ALlFI47Esl
AhcgVKi7WMJ6mBQUk/xpbSS3MZEuTuPJVbuiabJwRaZk9vX7w8q08yrAD8SOrCwY
6iGooaWEZ96P5DPI5fmWBuOgt5f2wfqzAp//wl/dK/kzr6Kw63huTXa0H0fmd8BY
Gy13pN4JEPDyvjjZWFvDcrcEUA9eTcTaXQZisBUGuGictXySr5ovz9G3EKOtJP0D
vkmDzApijFEEjJwZMGazgipng4mwh94fW4+7bs57s6iREpMzOJDTRKrl9suaXdza
5HA2ed7Au/qL8IwiQAFGxQpMBqNQxEGerlFfPBhRPuGQ+Ek3/pZF3BTU56w/nt4=
=y/Ol
-----END PGP SIGNATURE-----
Merge tag 'stable/for-linus-3.17-b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull Xen bug fixes from David Vrabel:
- fix for PVHVM suspend/resume and migration
- don't pointlessly retry certain ballooning ops
- fix gntalloc when grefs have run out.
- fix PV boot if KSALR is enable or very large modules are used.
* tag 'stable/for-linus-3.17-b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
x86/xen: don't copy bogus duplicate entries into kernel page tables
xen/gntalloc: safely delete grefs in add_grefs() undo path
xen/gntalloc: fix oops after runnning out of grant refs
xen/balloon: cancel ballooning if adding new memory failed
xen/manage: Always freeze/thaw processes when suspend/resuming
Pull powerpc fixes from Michael Ellerman:
"Ben's travelling so this is my first attempt at a pull request.
There's nothing too exciting. The CONFIG_FHANDLE one is annoying, I
know you love defconfig changes. But we've had a couple of developers
waste time debugging boxes that wouldn't boot, only to realise it's
just that systemd needs CONFIG_FHANDLE and our defconfigs don't have
it.
The new syscalls seem to be working, I've run the selftests that
exist, and also let trinity bash on them for a while"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux:
powerpc: Wire up sys_seccomp(), sys_getrandom() and sys_memfd_create()
powerpc: Make CONFIG_FHANDLE=y for all 64 bit powerpc defconfigs
powerpc: use machine_subsys_initcall() for opal_hmi_handler_init()
powerpc/perf: Fix ABIv2 kernel backtraces
powerpc/pseries: Fix endian issues in memory hotplug
Some late fixes for dwc3 so we have something more stable
on v3.17-final.
Most bugs have been there for quite a while and nobody
noticed, except for TRB completion when multiple TRBs
are started.
Patches were tested on AM437x SK and J6 EVM and are passing
my tests.
Signed-of-by: Felipe Balbi <balbi@ti.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUEhtjAAoJEIaOsuA1yqREmoIP/AxYZMK/EU06WaOIGkKr0JA4
nAJLVIivJva4A6M4Pln8fXnwOj4Nfyo25CqU51czyAKEn2qBjStXOe5Tr6xiFU9e
omlhHFltnDbIukDpqX0lJitFbHxZU7mKl4JZ3+XxEIVvYNS4eGhd4cmWC7Lin9Jy
gEaIhErnRUofx9/+Mdn+E0ReV0ZY1ZM771CbI+Bzl/bL5cppqEYuegW8APguYVoF
/NyHnQ6CL0wjcXcekqIsErlhNUqa9Y1YNUqfMBJdoWSpLCEb55yH3SLES+hpiYT7
RjD39wmyCcn6FxUlcv2n0kAEcLJPFjXswHzexnMZetGAcSxb2A3oMN7WbU437b2m
PXigtEcTKq6Nn73bpJu+z3WHElpYLICurtU2zjZt6LxD6MKhLWVJ7LdKpPu941uy
D6AxGUSSYrTwTId5pzx0iqmyKttQbWHWBim0950/XgF6KC8uV0ativ2K0GO+C8ao
PzUQOprcFHaW+hE5RHsGdr+PWHHriFpsAx6CYZDpgXmdBZcFu8jFZBEf6KJu/fDZ
ZrLX3c4F3SBTtYQPogf2f2Ta36V91m3iUhcotK45YXsFvqc6sUbA+A1wfgXOAuzO
cqR18TEN+qv3VNvcitc0b6jznIsbvcFPK3c7FmAPS4fi9zMGIGBdad9FyFObly5R
aLvfAMPOcJcF+BUVk1bF
=CdSO
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus
Felipe writes:
usb: fixes for v3.17-rc4
Some late fixes for dwc3 so we have something more stable
on v3.17-final.
Most bugs have been there for quite a while and nobody
noticed, except for TRB completion when multiple TRBs
are started.
Patches were tested on AM437x SK and J6 EVM and are passing
my tests.
Signed-of-by: Felipe Balbi <balbi@ti.com>
Resuming from hibernate (S4) will restart and re-initialize xHC.
The device contexts are freed and will be re-allocated later during device reset.
Usb core will disable link pm in device resume before device reset, which will
try to change the max exit latency, accessing the device contexts before they are re-allocated.
There is no need to zero (disable) the max exit latency when disabling hw lpm
for a freshly re-initialized xHC. So check that device context exists before
doing anything. The max exit latency will be set again after device reset when usb core
enables the link pm.
Reported-by: Imre Deak <imre.deak@intel.com>
Tested-by: Imre Deak <imre.deak@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The xhci driver will OOPS on resume from S2/S3 if dma_alloc_coherent()
is out of memory. This is a result of two things:
1. xhci_mem_cleanup() in xhci-mem.c free's xhci->lpm_command if
it's not NULL, but doesn't set it to NULL after the free.
2. xhci_mem_cleanup() is called twice on resume, once for normal
restart and once from xhci_mem_init() if dma_alloc_coherent() fails,
resulting in a free of xhci->lpm_command that has already been freed.
The fix is to set xhci->lpm_command to NULL after freeing it.
Signed-off-by: Al Cooper <alcooperx@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
If xhci initialization fails before the roothub bandwidth
domains (xhci->rh_bw[i]) are allocated it will oops when
trying to access rh_bw members in xhci_mem_cleanup().
Reported-by: Manuel Reimer <manuel.reimer@gmx.de>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The Iomega Jaz USB Adapter is a SCSI-USB converter cable. The hardware
seems to be identical to e.g. the Microtech XpressSCSI, using a Shuttle/
SCM chip set. However its firmware restricts it to only work with Jaz
drives.
On connecting the cable a message like this appears four times in the log:
reset full speed USB device number 4 using uhci_hcd
That's non-fatal but the US_FL_SINGLE_LUN quirk fixes it.
Signed-off-by: Mark Knibbs <markk@clara.co.uk>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- Fix for the cpufreq Operation Performance Points (OPP) code
where a recent commit added a kcalloc() call with an incorrect
ordering of arguments. From Anand Moon.
- Reverts of two ACPI battery commits that caused incorrect
diagnostic information to be printed to dmesg in some cases
from Bjørn Mork.
- Fix for the ACPI RTC operation region handler that applied the
& operator to an argument already representing an address and
that caused it to overwrite its own argument instead of writing
to the address contained in it as expected. From Chun-Yi Lee.
- Fix for the PM domain implementation in the ACPI LPSS (Low-Power
Subsystem) driver where one callback pointer pointed to a wrong
routine and one was NULL, but it shouldn't. From Fu Zhonghui.
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJUEakAAAoJEILEb/54YlRxDfsQAJ6YUQ0ONNwzsKOEWs+Cvk45
At8U7+qLsr6NEpU7Hr+HGmUrHrRsuSa3SKIWOXtTBIrBTGs12cEry8Wp4e9eTgrJ
CWWn2LMKILqlOhjJI2xT33VVvEJu8+R1sccgv9mCqVNeQj+hwVc6iTe07jiNKJt9
V8uWVaRu3IMNqOyq2Sd6IDH/uskF8PIPK39NZ/aZSQoKZzgv//ktfv4UjXmp/UcQ
DiyajliRiRRXJ4meP399WpdWQ+EykfE6exOZIRj9qohvkXSL4aFmSHc69n7WQN7b
9Jnkr1rRMbUJrfgstJKSFcY34pETLSl5iocwJJy8aijW9oQxt6Gfde2+HOU4KsJr
9y0Mf4LYPsQ6t9q+JbxAeXXDgfT48Z1oKV3OYjXV05uo6OpRgA4cW/qbjRoQk0cD
Egf5lB01VzRz56dAM/2oDtoZ7F7ajPFrlrqW+yy+Eo7A8auFQ05Ydgs9ZZ4TLP1Q
3RJ2weBZpGpQSwRlxVZtsq0boeYVogMT8AINCLuvnz4WnUD6aDifPWZzIkr7HKGl
1z8Vig9NgB2yWRyCdjx+dpaTNsWf1bnBNnOKaR0Wi36+GkXM0icjNwR/ho7Gxc7e
oUS7hgt8s7bFbOZr1ns8ad+8DxVPpQRSp8/lD4Ge94n5G2A9q2+3jLMHcxeb+3vS
vxkCLIzR4vsgIaENiiT9
=FgS1
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
"These are regression fixes (cpufreq, ACPI battery) and fixes for stuff
that never worked correctly (ACPI RTC operation region handler and PM
domain implementation in the ACPI LPSS driver).
Specifics:
- Fix for the cpufreq Operation Performance Points (OPP) code where a
recent commit added a kcalloc() call with an incorrect ordering of
arguments. From Anand Moon.
- Reverts of two ACPI battery commits that caused incorrect
diagnostic information to be printed to dmesg in some cases from
Bjørn Mork.
- Fix for the ACPI RTC operation region handler that applied the &
operator to an argument already representing an address and that
caused it to overwrite its own argument instead of writing to the
address contained in it as expected. From Chun-Yi Lee.
- Fix for the PM domain implementation in the ACPI LPSS (Low-Power
Subsystem) driver where one callback pointer pointed to a wrong
routine and one was NULL, but it shouldn't. From Fu Zhonghui"
* tag 'pm+acpi-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / LPSS: complete PM entries for LPSS power domain
Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged"
Revert "ACPI / battery: Fix warning message in acpi_battery_get_state()"
ACPI / RTC: Fix CMOS RTC opregion handler accesses to wrong addresses
cpufreq / OPP: Fix the order of arguments for kcalloc()
Remove the rbtree used to keep track of machine to physical mappings:
the frontend can grant the same page multiple times, leading to errors
inserting or removing entries from the mach_to_phys tree.
Linux only needed to know the physical address corresponding to a given
machine address in swiotlb-xen. Now that swiotlb-xen can call the
xen_dma_* functions passing the machine address directly, we can remove
it.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Tested-by: Denis Schneider <v1ne2go@gmail.com>
xen_dma_unmap_page, xen_dma_sync_single_for_cpu and
xen_dma_sync_single_for_device are currently implemented by calling into
the corresponding generic ARM implementation of these functions. In
order to do this, firstly the dma_addr_t handle, that on Xen is a
machine address, needs to be translated into a physical address. The
operation is expensive and inaccurate, given that a single machine
address can correspond to multiple physical addresses in one domain,
because the same page can be granted multiple times by the frontend.
To avoid this problem, we introduce a Xen specific implementation of
xen_dma_unmap_page, xen_dma_sync_single_for_cpu and
xen_dma_sync_single_for_device, that can operate on machine addresses
directly.
The new implementation relies on the fact that the hypervisor creates a
second p2m mapping of any grant pages at physical address == machine
address of the page for dom0. Therefore we can access memory at physical
address == dma_addr_r handle and perform the cache flushing there. Some
cache maintenance operations require a virtual address. Instead of using
ioremap_cache, that is not safe in interrupt context, we allocate a
per-cpu PAGE_KERNEL scratch page and we manually update the pte for it.
arm64 doesn't need cache maintenance operations on unmap for now.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Tested-by: Denis Schneider <v1ne2go@gmail.com>
The flag tells us that the hypervisor maps a grant page to guest
physical address == machine address of the page in addition to the
normal grant mapping address. It is needed to properly issue cache
maintenance operation at the completion of a DMA operation involving a
foreign grant.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Tested-by: Denis Schneider <v1ne2go@gmail.com>
Nathan reports that we leak TLS information from the parent context
during an exec, as we don't clear the TLS registers when flushing the
thread state.
This patch updates the flushing code so that we:
(1) Unconditionally zero the tpidr_el0 register (since this is fully
context switched for native tasks and zeroed for compat tasks)
(2) Zero the tp_value state in thread_info before clearing the
tpidrr0_el0 register for compat tasks (since this is only writable
by the set_tls compat syscall and therefore not fully switched).
A missing compiler barrier is also added to the compat set_tls syscall.
Cc: <stable@vger.kernel.org>
Acked-by: Nathan Lynch <Nathan_Lynch@mentor.com>
Reported-by: Nathan Lynch <Nathan_Lynch@mentor.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Pull dmaengine fixes from Vinod Koul:
"Two minor fixes.
First one from Kuninori clarifying dmas bindings and second from Lars
for fixing dma descriptor completion in non cyclic case"
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: jz4740: Fix non-cyclic descriptor completion
dt/bindings: rcar-audmapp: tidyup dmas explanation
- Fix a warning about unbalanced IRQs on the Baytrail
- Update Tomasz Figa's address in MAINTAINERS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUEU6dAAoJEEEQszewGV1zaOAQAMoMYHdby1C+YTmcctm0Vx/P
wGgYy8t3siAJQynC6l1rVrXemo3E5k92ODnTqNwxfZm4RGvaIZ3PzHtzZO/d5s3j
vm5enhialjHznjhXSdw1sTs7hHhSTw7DCbDKXCmWjhn/PR1tQ/sqFYkXJHQyPeyv
UjMUJHBWXkOd6fwhIVFDgVN7xSBPIUvq3wqIPDfj1CA817nhP0Iq8mKsj6a5v9N1
cI5L8g0GWK1Iwo71C+tKYqOMp8YBForC28N8hkzzezSvxKfwAIgeVKQI1MAbInFC
+8I8VGo7KDgQqGrUfTHZRGsVJwu+9UpY/VcRLapft3ySnMlQm6zE1fzvOJXFXXay
R4sNQ2xFSWPnPMToB/+cFMS+dvKuJMSRCBtT9XqU/kGTkXi843ZB18ZfgefuKEDy
e9wq8SozQ9H0MdwYv62Jmsg0RN1uFUOpc9ngpzpP//UPrASOfJ26pOBcileMzcHE
RaTCvtpSZScWzShGZsgngIZqZoaiUhQ5cFSJvYrrvtiknHHJ3RACxF9CQa1EBSuM
k9oegA3UkJUW+lnxNclNCfKsuH7pR5eiPqGUftuk2XFXwCzi+VdVny3xNNTSBdcn
RbhsqHh/ELl+E+FXwuWAFWi6FRtJ+shyCqvgXr84byxSpBkHqqizrtMB73T3Qasv
kuN9OyZPWcv+F4QS3Sch
=MrRB
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-v3.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull two pin control fixes from Linus Walleij:
- fix a warning about unbalanced IRQs on the Baytrail
- update Tomasz Figa's address in MAINTAINERS
* tag 'pinctrl-v3.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
MAINTAINERS: Tomasz has moved
pinctrl: baytrail: resolve unbalanced IRQ wake disable warning
Pull input updates from Dmitry Torokhov:
"An update to Synaptics PS/2 driver to handle "ForcePads" (currently
found in HP EliteBook 1040 laptops), a change for Elan PS/2 driver to
detect newer touchpads, bunch of devices get annotated as Trackpoint
and/or Pointer to help userspace classify and handle them, plus
assorted driver fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: serport - add compat handling for SPIOCSTYPE ioctl
Input: atmel_mxt_ts - fix double free of input device
Input: synaptics - add support for ForcePads
Input: matrix_keypad - use request_any_context_irq()
Input: atmel_mxt_ts - downgrade warning about empty interrupts
Input: wm971x - fix typo in module parameter description
Input: cap1106 - fix register definition
Input: add missing POINTER / DIRECT properties to a bunch of drivers
Input: add INPUT_PROP_POINTING_STICK property
Input: elantech - fix detection of touchpad on ASUS s301l
A couple more little fixes:
1) fix from llvm/clang folks
2) fix build if common clock framework is not used
3) if vram carveout is used, have default size for vram carveout
* 'msm-fixes-3.17-rc4' of git://people.freedesktop.org/~robclark/linux:
drm/msm: don't crash if no msm.vram param
drm/msm/hdmi: fix build break on non-CCF platforms
drm/msm: Change nested function to static function
If VRAM carveout is used, due to no IOMMU, we should have a default
value for msm.vram so that we don't simply crash.
Reported-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
There is currently a nested function in Russel King's tree
for the msm HDMI driver.
The last nested function was removed from the Linux kernel
when the Thinkpad driver was fixed.
I believe nested functions are not desired upstream, and it
also breaks compilation with clang so here is a patch to
change the nested function into static function. The patch
works with both clang and gcc.
Signed-off-by: Mark Charlebois <charlebm@gmail.com>
Signed-off-by: Rob Clark <robdclark@gmail.com>
more fixes for 3.17, almost all Cc: stable material.
* tag 'drm-intel-fixes-2014-09-10' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Wait for vblank before enabling the TV encoder
drm/i915: Evict CS TLBs between batches
drm/i915: Fix irq enable tracking in driver load
drm/i915: Fix EIO/wedged handling in gem fault handler
drm/i915: Prevent recursive deadlock on releasing a busy userptr
Just a few fixes for radeon for 3.17.
* 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux:
drm/radeon/dpm: set the thermal type properly for special configs
drm/radeon: reduce memory footprint for debugging
drm/radeon: add connector quirk for fujitsu board
drm/radeon: fix semaphore value init
drm/radeon: only use me/pfp sync on evergreen+
We need to make sure to deqeueue the descriptor from the active list before
we call vchan_cookie_complete(). Also we need obviously only set chan->desc
to NULL after we stopped using it.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Initialize USB PHY after every Link controller reset
Cc: 3.16+ <stable@vger.kernel.org>
Cc: Tim Bird <tbird20d@gmail.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Ivan T. Ivanov <iivanov@mm-sol.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PHY drivers keep track of the current state of the hardware,
so don't change PHY settings under it.
Cc: 3.16+ <stable@vger.kernel.org>
Cc: Tim Bird <tbird20d@gmail.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Ivan T. Ivanov <iivanov@mm-sol.com>
Acked-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge misc fixes from Andrew Morton:
"10 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
fs/notify: don't show f_handle if exportfs_encode_inode_fh failed
fsnotify/fdinfo: use named constants instead of hardcoded values
kcmp: fix standard comparison bug
mm/mmap.c: use pr_emerg when printing BUG related information
shm: add memfd.h to UAPI export list
checkpatch: allow commit descriptions on separate line from commit id
sh: get_user_pages_fast() must flush cache
eventpoll: fix uninitialized variable in epoll_ctl
kernel/printk/printk.c: fix faulty logic in the case of recursive printk
mem-hotplug: let memblock skip the hotpluggable memory regions in __next_mem_range()
Currently we handle only ENOSPC. In case of other errors the file_handle
variable isn't filled properly and we will show a part of stack.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
MAX_HANDLE_SZ is equal to 128, but currently the size of pad is only 64
bytes, so exportfs_encode_inode_fh can return an error.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The C operator <= defines a perfectly fine total ordering on the set of
values representable in a long. However, unlike its namesake in the
integers, it is not translation invariant, meaning that we do not have
"b <= c" iff "a+b <= a+c" for all a,b,c.
This means that it is always wrong to try to boil down the relationship
between two longs to a question about the sign of their difference,
because the resulting relation [a LEQ b iff a-b <= 0] is neither
anti-symmetric or transitive. The former is due to -LONG_MIN==LONG_MIN
(take any two a,b with a-b = LONG_MIN; then a LEQ b and b LEQ a, but a !=
b). The latter can either be seen observing that x LEQ x+1 for all x,
implying x LEQ x+1 LEQ x+2 ... LEQ x-1 LEQ x; or more directly with the
simple example a=LONG_MIN, b=0, c=1, for which a-b < 0, b-c < 0, but a-c >
0.
Note that it makes absolutely no difference that a transmogrying bijection
has been applied before the comparison is done. In fact, had the
obfuscation not been done, one could probably not observe the bug
(assuming all values being compared always lie in one half of the address
space, the mathematical value of a-b is always representable in a long).
As it stands, one can easily obtain three file descriptors exhibiting the
non-transitivity of kcmp().
Side note 1: I can't see that ensuring the MSB of the multiplier is
set serves any purpose other than obfuscating the obfuscating code.
Side note 2:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <assert.h>
#include <sys/syscall.h>
enum kcmp_type {
KCMP_FILE,
KCMP_VM,
KCMP_FILES,
KCMP_FS,
KCMP_SIGHAND,
KCMP_IO,
KCMP_SYSVSEM,
KCMP_TYPES,
};
pid_t pid;
int kcmp(pid_t pid1, pid_t pid2, int type,
unsigned long idx1, unsigned long idx2)
{
return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2);
}
int cmp_fd(int fd1, int fd2)
{
int c = kcmp(pid, pid, KCMP_FILE, fd1, fd2);
if (c < 0) {
perror("kcmp");
exit(1);
}
assert(0 <= c && c < 3);
return c;
}
int cmp_fdp(const void *a, const void *b)
{
static const int normalize[] = {0, -1, 1};
return normalize[cmp_fd(*(int*)a, *(int*)b)];
}
#define MAX 100 /* This is plenty; I've seen it trigger for MAX==3 */
int main(int argc, char *argv[])
{
int r, s, count = 0;
int REL[3] = {0,0,0};
int fd[MAX];
pid = getpid();
while (count < MAX) {
r = open("/dev/null", O_RDONLY);
if (r < 0)
break;
fd[count++] = r;
}
printf("opened %d file descriptors\n", count);
for (r = 0; r < count; ++r) {
for (s = r+1; s < count; ++s) {
REL[cmp_fd(fd[r], fd[s])]++;
}
}
printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]);
qsort(fd, count, sizeof(fd[0]), cmp_fdp);
memset(REL, 0, sizeof(REL));
for (r = 0; r < count; ++r) {
for (s = r+1; s < count; ++s) {
REL[cmp_fd(fd[r], fd[s])]++;
}
}
printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]);
return (REL[0] + REL[2] != 0);
}
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
"Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>