commit 0f4a56e16d5fc9028b62ba529177a3109513e111 Author: Greg Kroah-Hartman Date: Sun Jul 21 18:23:38 2013 -0700 Linux 3.10.2 commit 4791df938fe7aa27a9fe50e4582efd583a045541 Author: Richard Genoud Date: Tue Apr 2 12:24:37 2013 +0200 UBIFS: correct mount message commit beadadfa5467e09e36891f39cae1f5d8d3bbf17e upstream. When mounting an UBIFS R/W volume, we have the message: UBIFS: mounted UBI device 0, volume 1, name "rootfs"(null) With this patch, we'll have: UBIFS: mounted UBI device 0, volume 1, name "rootfs" Which is, I think, what was intended. Signed-off-by: Richard Genoud Signed-off-by: Artem Bityutskiy Signed-off-by: Greg Kroah-Hartman commit e885d8b8a8ff435d4fcb66c7376e349c4658621d Author: Steve French Date: Tue Jun 25 14:03:16 2013 -0500 Handle big endianness in NTLM (ntlmv2) authentication commit fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 upstream. This is RH bug 970891 Uppercasing of username during calculation of ntlmv2 hash fails because UniStrupr function does not handle big endian wchars. Also fix a comment in the same code to reflect its correct usage. [To make it easier for stable (rather than require 2nd patch) fixed this patch of Shirish's to remove endian warning generated by sparse -- steve f.] Reported-by: steve Signed-off-by: Shirish Pargaonkar Reviewed-by: Jeff Layton Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit 7642257802319a58c118649e20ad5c7ee0d663f3 Author: Wanpeng Li Date: Wed Jul 3 15:02:40 2013 -0700 mm/memory-hotplug: fix lowmem count overflow when offline pages commit cea27eb2a202959783f81254c48c250ddd80e129 upstream. The logic for the memory-remove code fails to correctly account the Total High Memory when a memory block which contains High Memory is offlined as shown in the example below. The following patch fixes it. Before logic memory remove: MemTotal: 7603740 kB MemFree: 6329612 kB Buffers: 94352 kB Cached: 872008 kB SwapCached: 0 kB Active: 626932 kB Inactive: 519216 kB Active(anon): 180776 kB Inactive(anon): 222944 kB Active(file): 446156 kB Inactive(file): 296272 kB Unevictable: 0 kB Mlocked: 0 kB HighTotal: 7294672 kB HighFree: 5704696 kB LowTotal: 309068 kB LowFree: 624916 kB After logic memory remove: MemTotal: 7079452 kB MemFree: 5805976 kB Buffers: 94372 kB Cached: 872000 kB SwapCached: 0 kB Active: 626936 kB Inactive: 519236 kB Active(anon): 180780 kB Inactive(anon): 222944 kB Active(file): 446156 kB Inactive(file): 296292 kB Unevictable: 0 kB Mlocked: 0 kB HighTotal: 7294672 kB HighFree: 5181024 kB LowTotal: 4294752076 kB LowFree: 624952 kB [mhocko@suse.cz: fix CONFIG_HIGHMEM=n build] Signed-off-by: Wanpeng Li Reviewed-by: Michal Hocko Cc: KAMEZAWA Hiroyuki Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 71a429cf00c7ff8da3fc3356617987e746055c00 Author: Michal Hocko Date: Mon Jul 8 16:00:29 2013 -0700 memcg, kmem: fix reference count handling on the error path commit f37a96914d1aea10fed8d9af10251f0b9caea31b upstream. mem_cgroup_css_online calls mem_cgroup_put if memcg_init_kmem fails. This is not correct because only memcg_propagate_kmem takes an additional reference while mem_cgroup_sockets_init is allowed to fail as well (although no current implementation fails) but it doesn't take any reference. This all suggests that it should be memcg_propagate_kmem that should clean up after itself so this patch moves mem_cgroup_put over there. Unfortunately this is not that easy (as pointed out by Li Zefan) because memcg_kmem_mark_dead marks the group dead (KMEM_ACCOUNTED_DEAD) if it is marked active (KMEM_ACCOUNTED_ACTIVE) which is the case even if memcg_propagate_kmem fails so the additional reference is dropped in that case in kmem_cgroup_destroy which means that the reference would be dropped two times. The easiest way then would be to simply remove mem_cgrroup_put from mem_cgroup_css_online and rely on kmem_cgroup_destroy doing the right thing. Signed-off-by: Michal Hocko Signed-off-by: Li Zefan Acked-by: KAMEZAWA Hiroyuki Cc: Hugh Dickins Cc: Tejun Heo Cc: Glauber Costa Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit c14a4eaf8a43a295176942c7a43a999b4557f7c3 Author: Bartlomiej Zolnierkiewicz Date: Wed Jul 3 15:00:43 2013 -0700 drivers/dma/pl330.c: fix locking in pl330_free_chan_resources() commit da331ba8e9c5de72a27e50f71105395bba6eebe0 upstream. tasklet_kill() may sleep so call it before taking pch->lock. Fixes following lockup: BUG: scheduling while atomic: cat/2383/0x00000002 Modules linked in: unwind_backtrace+0x0/0xfc __schedule_bug+0x4c/0x58 __schedule+0x690/0x6e0 sys_sched_yield+0x70/0x78 tasklet_kill+0x34/0x8c pl330_free_chan_resources+0x24/0x88 dma_chan_put+0x4c/0x50 [...] BUG: spinlock lockup suspected on CPU#0, swapper/0/0 lock: 0xe52aa04c, .magic: dead4ead, .owner: cat/2383, .owner_cpu: 1 unwind_backtrace+0x0/0xfc do_raw_spin_lock+0x194/0x204 _raw_spin_lock_irqsave+0x20/0x28 pl330_tasklet+0x2c/0x5a8 tasklet_action+0xfc/0x114 __do_softirq+0xe4/0x19c irq_exit+0x98/0x9c handle_IPI+0x124/0x16c gic_handle_irq+0x64/0x68 __irq_svc+0x40/0x70 cpuidle_wrap_enter+0x4c/0xa0 cpuidle_enter_state+0x18/0x68 cpuidle_idle_call+0xac/0xe0 cpu_idle+0xac/0xf0 Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Kyungmin Park Acked-by: Jassi Brar Cc: Vinod Koul Cc: Tomasz Figa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 9131e72c764bd7ea9554392edab26a368a765c4d Author: Russell King Date: Tue Jul 9 09:52:55 2013 +0100 ARM: mm: fix boot on SA1110 Assabet commit 319e0b4f02f73983c03a2ca38595fc6367929edf upstream. Commit 83db0384 (mm/ARM: use common help functions to free reserved pages) broke booting on the Assabet by trying to convert a PFN to a virtual address using the __va() macro. This macro takes the physical address, not a PFN. Fix this. Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit 65e9f76985abdf9198deae2231648d7e5408caf0 Author: Magnus Damm Date: Mon Jul 1 20:48:07 2013 +0900 ARM: shmobile: emev2 GIO3 resource fix commit 1eb14ea1e6bcd11d6d0ba937fc39808bb4d3453e upstream. Fix GIO3 base addresses for EMEV2. This bug was introduced by 088efd9273b5076a0aead479aa31f1066d182b3e ("mach-shmobile: Emma Mobile EV2 GPIO support V3") which was included in v3.5. Signed-off-by: Magnus Damm Signed-off-by: Simon Horman Signed-off-by: Greg Kroah-Hartman commit b0edd4bfb0850da39eb6a07aa3a87c526d4ca83b Author: Takanari Hayama Date: Mon Jul 1 16:38:53 2013 +0900 ARM: shmobile: r8a73a4: Fix resources for SCIFB0 commit f820b60582f75e73e83b8505d7e48fe59770f558 upstream. Fix base address and IRQ resources associated with SCIFB0. This bug was introduced by e481a528901d0cd18b5b5fcbdc55207ea3b6ef68 ("ARM: shmobile: r8a73a4 SCIF support V3") which was included in v3.10. Signed-off-by: Takanari Hayama Acked-by: Magnus Damm [ horms+renesas@verge.net.au: Add information about commit and version this bug was added in ] Signed-off-by: Simon Horman Signed-off-by: Greg Kroah-Hartman commit 74d22408355c5fafd6d6e4bd79b7aeeee0d845a9 Author: Lorenzo Pieralisi Date: Thu Apr 18 18:34:06 2013 +0100 ARM: dts: imx: cpus/cpu nodes dts updates commit 7925e89f54fc49bcd1e73f0a65c4a3eb35b9cfb1 upstream. This patch updates the in-kernel dts files according to the latest cpus and cpu bindings updates for ARM. Signed-off-by: Lorenzo Pieralisi Acked-by: Shawn Guo Signed-off-by: Greg Kroah-Hartman commit 766f6d2a32311196679b7b8771d60391bc8a4e9b Author: Jason Liu Date: Mon Jul 1 09:53:30 2013 +0100 ARM: 7778/1: smp_twd: twd_update_frequency need be run on all online CPUs commit cbbe6f82b489e7ceba4ad7c833bd3a76cd0084cb upstream. When the local timer freq changed, the twd_update_frequency function should be run all the CPUs include itself, otherwise, the twd freq will not get updated and the local timer will not run correcttly. smp_call_function will run functions on all other CPUs, but not include himself, this is not correct,use on_each_cpu instead to fix this issue. Acked-by: Linus Walleij Cc: Linus Walleij Cc: Rob Herring Cc: Shawn Guo Cc: Arnd Bergmann Acked-by: Shawn Guo Signed-off-by: Jason Liu Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit e6a01df4cd3a38e8dcc05d763c0f793b2f30c5f2 Author: Marc Zyngier Date: Fri Jun 21 12:07:27 2013 +0100 ARM: 7769/1: Cortex-A15: fix erratum 798181 implementation commit 0d0752bca1f9a91fb646647aa4abbb21156f316c upstream. Looking into the active_asids array is not enough, as we also need to look into the reserved_asids array (they both represent processes that are currently running). Also, not holding the ASID allocator lock is racy, as another CPU could schedule that process and trigger a rollover, making the erratum workaround miss an IPI. Exposing this outside of context.c is a little ugly on the side, so let's define a new entry point that the erratum workaround can call to obtain the cpumask. Acked-by: Will Deacon Acked-by: Catalin Marinas Signed-off-by: Marc Zyngier Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit 4aa6022129a8b5e0b0e42815521071ce7a766a84 Author: Marc Zyngier Date: Fri Jun 21 12:06:55 2013 +0100 ARM: 7768/1: prevent risks of out-of-bound access in ASID allocator commit b8e4a4740fa2b17c0a447b3ab783b3dc10702e27 upstream. On a CPU that never ran anything, both the active and reserved ASID fields are set to zero. In this case the ASID_TO_IDX() macro will return -1, which is not a very useful value to index a bitmap. Instead of trying to offset the ASID so that ASID #1 is actually bit 0 in the asid_map bitmap, just always ignore bit 0 and start the search from bit 1. This makes the code a bit more readable, and without risk of OoB access. Acked-by: Will Deacon Acked-by: Catalin Marinas Reported-by: Catalin Marinas Signed-off-by: Marc Zyngier Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit b7dc4032cd44843ea93119adb00a5f15b7b05943 Author: Marc Zyngier Date: Fri Jun 21 12:06:19 2013 +0100 ARM: 7767/1: let the ASID allocator handle suspended animation commit ae120d9edfe96628f03d87634acda0bfa7110632 upstream. When a CPU is running a process, the ASID for that process is held in a per-CPU variable (the "active ASIDs" array). When the ASID allocator handles a rollover, it copies the active ASIDs into a "reserved ASIDs" array to ensure that a process currently running on another CPU will continue to run unaffected. The active array is zero-ed to indicate that a rollover occurred. Because of this mechanism, a reserved ASID is only remembered for a single rollover. A subsequent rollover will completely refill the reserved ASIDs array. In a severely oversubscribed environment where a CPU can be prevented from running for extended periods of time (think virtual machines), the above has a horrible side effect: [P{a} denotes process P running with ASID a] CPU-0 CPU-1 A{x} [active = ] [suspended] runs B{y} [active = ] [rollover: active = <0 0> reserved = ] runs B{y} [active = <0 y> reserved = ] [rollover: active = <0 0> reserved = <0 y>] runs C{x} [active = <0 x>] [resumes] runs A{x} At that stage, both A and C have the same ASID, with deadly consequences. The fix is to preserve reserved ASIDs across rollovers if the CPU doesn't have an active ASID when the rollover occurs. Acked-by: Will Deacon Acked-by: Catalin Carinas Signed-off-by: Marc Zyngier Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit c9f3f7f79f3ee852f253bdb1dbbb43d79bcaa6c2 Author: Jed Davis Date: Thu Jun 20 10:16:29 2013 +0100 ARM: 7765/1: perf: Record the user-mode PC in the call chain. commit c5f927a6f62196226915f12194c9d0df4e2210d7 upstream. With this change, we no longer lose the innermost entry in the user-mode part of the call chain. See also the x86 port, which includes the ip. It's possible to partially work around this problem by post-processing the data to use the PERF_SAMPLE_IP value, but this works only if the CPU wasn't in the kernel when the sample was taken. Signed-off-by: Jed Davis Signed-off-by: Will Deacon Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman commit 7557d8d5a46aaa4d0ec98bffdeedf9f3c7464088 Author: Theodore Ts'o Date: Sat Jul 13 00:40:35 2013 -0400 ext4: don't allow ext4_free_blocks() to fail due to ENOMEM commit e7676a704ee0a1ef71a6b23760b5a8f6896cb1a1 upstream. The filesystem should not be marked inconsistent if ext4_free_blocks() is not able to allocate memory. Unfortunately some callers (most notably ext4_truncate) don't have a way to reflect an error back up to the VFS. And even if we did, most userspace applications won't deal with most system calls returning ENOMEM anyway. Reported-by: Nagachandra P Signed-off-by: "Theodore Ts'o" Signed-off-by: Greg Kroah-Hartman commit bbb1d9216c9d8f5ac0aca90719512deae7f989ea Author: Theodore Ts'o Date: Thu Jul 11 18:54:37 2013 -0400 ext4: don't show usrquota/grpquota twice in /proc/mounts commit ad065dd01662ae22138899e6b1c8eeb3a529964f upstream. We now print mount options in a generic fashion in ext4_show_options(), so we shouldn't be explicitly printing the {usr,grp}quota options in ext4_show_quota_options(). Without this patch, /proc/mounts can look like this: /dev/vdb /vdb ext4 rw,relatime,quota,usrquota,data=ordered,usrquota 0 0 ^^^^^^^^ ^^^^^^^^ Signed-off-by: "Theodore Ts'o" Signed-off-by: Greg Kroah-Hartman commit d860925657644b00b0fed703c647edcf2aa27975 Author: Theodore Ts'o Date: Fri Jul 5 23:11:16 2013 -0400 ext4: fix ext4_get_group_number() commit 960fd856fdc3b08b3638f3f9b6b4bfceb77660c7 upstream. The function ext4_get_group_number() was introduced as an optimization in commit bd86298e60b8. Unfortunately, this commit incorrectly calculate the group number for file systems with a 1k block size (when s_first_data_block is 1 instead of zero). This could cause the following kernel BUG: [ 568.877799] ------------[ cut here ]------------ [ 568.877833] kernel BUG at fs/ext4/mballoc.c:3728! [ 568.877840] Oops: Exception in kernel mode, sig: 5 [#1] [ 568.877845] SMP NR_CPUS=32 NUMA pSeries [ 568.877852] Modules linked in: binfmt_misc [ 568.877861] CPU: 1 PID: 3516 Comm: fs_mark Not tainted 3.10.0-03216-g7c6809f-dirty #1 [ 568.877867] task: c0000001fb0b8000 ti: c0000001fa954000 task.ti: c0000001fa954000 [ 568.877873] NIP: c0000000002f42a4 LR: c0000000002f4274 CTR: c000000000317ef8 [ 568.877879] REGS: c0000001fa956ed0 TRAP: 0700 Not tainted (3.10.0-03216-g7c6809f-dirty) [ 568.877884] MSR: 8000000000029032 CR: 24000428 XER: 00000000 [ 568.877902] SOFTE: 1 [ 568.877905] CFAR: c0000000002b5464 [ 568.877908] GPR00: 0000000000000001 c0000001fa957150 c000000000c6a408 c0000001fb588000 GPR04: 0000000000003fff c0000001fa9571c0 c0000001fa9571c4 000138098c50625f GPR08: 1301200000000000 0000000000000002 0000000000000001 0000000000000000 GPR12: 0000000024000422 c00000000f33a300 0000000000008000 c0000001fa9577f0 GPR16: c0000001fb7d0100 c000000000c29190 c0000000007f46e8 c000000000a14672 GPR20: 0000000000000001 0000000000000008 ffffffffffffffff 0000000000000000 GPR24: 0000000000000100 c0000001fa957278 c0000001fdb2bc78 c0000001fa957288 GPR28: 0000000000100100 c0000001fa957288 c0000001fb588000 c0000001fdb2bd10 [ 568.877993] NIP [c0000000002f42a4] .ext4_mb_release_group_pa+0xec/0x1c0 [ 568.877999] LR [c0000000002f4274] .ext4_mb_release_group_pa+0xbc/0x1c0 [ 568.878004] Call Trace: [ 568.878008] [c0000001fa957150] [c0000000002f4274] .ext4_mb_release_group_pa+0xbc/0x1c0 (unreliable) [ 568.878017] [c0000001fa957200] [c0000000002fb070] .ext4_mb_discard_lg_preallocations+0x394/0x444 [ 568.878025] [c0000001fa957340] [c0000000002fb45c] .ext4_mb_release_context+0x33c/0x734 [ 568.878032] [c0000001fa957440] [c0000000002fbcf8] .ext4_mb_new_blocks+0x4a4/0x5f4 [ 568.878039] [c0000001fa957510] [c0000000002ef56c] .ext4_ext_map_blocks+0xc28/0x1178 [ 568.878047] [c0000001fa957640] [c0000000002c1a94] .ext4_map_blocks+0x2c8/0x490 [ 568.878054] [c0000001fa957730] [c0000000002c536c] .ext4_writepages+0x738/0xc60 [ 568.878062] [c0000001fa957950] [c000000000168a78] .do_writepages+0x5c/0x80 [ 568.878069] [c0000001fa9579d0] [c00000000015d1c4] .__filemap_fdatawrite_range+0x88/0xb0 [ 568.878078] [c0000001fa957aa0] [c00000000015d23c] .filemap_write_and_wait_range+0x50/0xfc [ 568.878085] [c0000001fa957b30] [c0000000002b8edc] .ext4_sync_file+0x220/0x3c4 [ 568.878092] [c0000001fa957be0] [c0000000001f849c] .vfs_fsync_range+0x64/0x80 [ 568.878098] [c0000001fa957c70] [c0000000001f84f0] .vfs_fsync+0x38/0x4c [ 568.878105] [c0000001fa957d00] [c0000000001f87f4] .do_fsync+0x54/0x90 [ 568.878111] [c0000001fa957db0] [c0000000001f8894] .SyS_fsync+0x28/0x3c [ 568.878120] [c0000001fa957e30] [c000000000009c88] syscall_exit+0x0/0x7c [ 568.878125] Instruction dump: [ 568.878130] 60000000 813d0034 81610070 38000000 7f8b4800 419e001c 813f007c 7d2bfe70 [ 568.878144] 7d604a78 7c005850 54000ffe 7c0007b4 <0b000000> e8a10076 e87f0090 7fa4eb78 [ 568.878160] ---[ end trace 594d911d9654770b ]--- In addition fix the STD_GROUP optimization so that it works for bigalloc file systems as well. Signed-off-by: "Theodore Ts'o" Reported-by: Li Zhong Reviewed-by: Lukas Czerner Signed-off-by: Greg Kroah-Hartman commit bb39c83ce5453f7b702865d7fe5cc283689d8810 Author: Jan Kara Date: Fri May 31 19:39:56 2013 -0400 ext4: fix overflow when counting used blocks on 32-bit architectures commit 8af8eecc1331dbf5e8c662022272cf667e213da5 upstream. The arithmetics adding delalloc blocks to the number of used blocks in ext4_getattr() can easily overflow on 32-bit archs as we first multiply number of blocks by blocksize and then divide back by 512. Make the arithmetics more clever and also use proper type (unsigned long long instead of unsigned long). Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman commit b9ea84239c8098c367680278d1daa4d69ae88719 Author: Jan Kara Date: Fri May 31 19:38:56 2013 -0400 ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs commit a60697f411eb365fb09e639e6f183fe33d1eb796 upstream. On 32-bit architectures with 32-bit sector_t computation of data offset in ext4_xattr_fiemap() can overflow resulting in reporting bogus data location. Fix the problem by typing block number to proper type before shifting. Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman commit 80747f06d94394d0c2bc384515abe0ba460e58f4 Author: Jan Kara Date: Fri May 31 19:37:56 2013 -0400 ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations commit e7293fd146846e2a44d29e0477e0860c60fb856b upstream. ext4_lblk_t is just u32 so multiplying it by blocksize can easily overflow for files larger than 4 GB. Fix that by properly typing the block offsets before shifting. Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o Reviewed-by: Zheng Liu Signed-off-by: Greg Kroah-Hartman commit e47438e6af1377ae8b29d2c0262513f54f17adcd Author: Jan Kara Date: Fri May 31 19:33:42 2013 -0400 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() commit eaf3793728d07d995f1e74250b2d0005f7ae98b5 upstream. On 32-bit archs when sector_t is defined as 32-bit the logic computing data offset in ext4_inline_data_fiemap(). Fix that by properly typing the shifted value. Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman commit 7a44bf654d595a523f01664f781633861fc7262d Author: Josef Bacik Date: Mon Jul 1 16:10:16 2013 -0400 Btrfs: only do the tree_mod_log_free_eb if this is our last ref commit 7fb7d76f96bfcbea25007d190ba828b18e13d29d upstream. There is another bug in the tree mod log stuff in that we're calling tree_mod_log_free_eb every single time a block is cow'ed. The problem with this is that if this block is shared by multiple snapshots we will call this multiple times per block, so if we go to rewind the mod log for this block we'll BUG_ON() in __tree_mod_log_rewind because we try to rewind a free twice. We only want to call tree_mod_log_free_eb if we are actually freeing the block. With this patch I no longer hit the panic in __tree_mod_log_rewind. Thanks, Reviewed-by: Jan Schmidt Signed-off-by: Josef Bacik Signed-off-by: Greg Kroah-Hartman commit c701343cd0444bd9440a4236331e80f45c75ece2 Author: Josef Bacik Date: Sat Jun 29 23:15:19 2013 -0400 Btrfs: hold the tree mod lock in __tree_mod_log_rewind commit f1ca7e98a67da618d8595866e0860308525154da upstream. We need to hold the tree mod log lock in __tree_mod_log_rewind since we walk forward in the tree mod entries, otherwise we'll end up with random entries and trip the BUG_ON() at the front of __tree_mod_log_rewind. This fixes the panics people were seeing when running find /whatever -type f -exec btrfs fi defrag {} \; Thansk, Signed-off-by: Josef Bacik Signed-off-by: Greg Kroah-Hartman commit 8049d11b3af40dc43b45017a1646ee6bd02287a1 Author: Josef Bacik Date: Mon May 20 11:26:50 2013 -0400 Btrfs: fix estale with btrfs send commit 139f807a1eba1e484941a98fb93ee32ad859a6a1 upstream. This fixes bugzilla 57491. If we take a snapshot of a fs with a unlink ongoing and then try to send that root we will run into problems. When comparing with a parent root we will search the parents and the send roots commit_root, which if we've just created the snapshot will include the file that needs to be evicted by the orphan cleanup. So when we find a changed extent we will try and copy that info into the send stream, but when we lookup the inode we use the normal root, which no longer has the inode because the orphan cleanup deleted it. The best solution I have for this is to check our otransid with the generation of the commit root and if they match just commit the transaction again, that way we get the changes from the orphan cleanup. With this patch the reproducer I made for this bugzilla no longer returns ESTALE when trying to do the send. Thanks, Reported-by: Chris Wilson Signed-off-by: Josef Bacik Signed-off-by: Greg Kroah-Hartman commit d2f5933432d677d224f83cc865c52f14a4785eec Author: Bart Van Assche Date: Tue May 21 20:43:50 2013 +0200 timer: Fix jiffies wrap behavior of round_jiffies_common() commit 9e04d3804d3ac97d8c03a41d78d0f0674b5d01e1 upstream. Direct compare of jiffies related values does not work in the wrap around case. Replace it with time_is_after_jiffies(). Signed-off-by: Bart Van Assche Cc: Arjan van de Ven Cc: Stephen Rothwell Link: http://lkml.kernel.org/r/519BC066.5080600@acm.org Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit f4f391e86e14bcbc0ddcbca8a52b81cac7bf0c7c Author: Shane Huang Date: Sat Jun 8 16:00:16 2013 +0800 ahci: remove pmp link online check in FBS EH commit 912b9ac683b112615d5605686f1dc086402ce9f7 upstream. ata_link_online() check in ahci_error_intr() is unnecessary, it should be removed otherwise may lead to lockup with FBS enabled PMP. http://marc.info/?l=linux-ide&m=137050421603272&w=2 Reported-by: Yu Liu Signed-off-by: Shane Huang Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman commit 21e8e04d6f137aeab872fd9e0ef356dd1126deb4 Author: Seth Heasley Date: Wed Jun 19 16:36:45 2013 -0700 ahci: AHCI-mode SATA patch for Intel Coleto Creek DeviceIDs commit 1cfc7df3de10c40ed459e13cce6de616023bf41c upstream. This patch adds the AHCI-mode SATA DeviceIDs for the Intel Coleto Creek PCH. Signed-off-by: Seth Heasley Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman commit 7d31ea0d281c8443c8637c78822f56388f4cf82d Author: Shane Huang Date: Mon Jun 3 18:24:10 2013 +0800 ahci: Add AMD CZ SATA device ID commit fafe5c3d82a470d73de53e6b08eb4e28d974d895 upstream. To add AMD CZ SATA controller device ID of IDE mode. [bhelgaas: drop pci_ids.h update] Signed-off-by: Shane Huang Signed-off-by: Bjorn Helgaas Reviewed-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman commit d26cb648c5bf93d2e17b54d3dd55523e68d625ce Author: Emmanuel Grumbach Date: Thu Jun 13 13:10:00 2013 +0300 iwlwifi: pcie: wake the queue if stopped when being unmapped commit 8a487b1a7432b20ff3f82387a8ce7555a964b44e upstream. When the queue is unmapped while it was so loaded that mac80211's was stopped, we need to wake the queue after having freed all the packets in the queue. Not doing so can result in weird stuff like: * run lots of traffic (mac80211's queue gets stopped) * RFKILL * de-assert RFKILL * no traffic Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman commit f4ab9ece03dfc4b15c63b5fd5506183554976903 Author: Emmanuel Grumbach Date: Thu Jun 13 11:45:59 2013 +0300 iwlwifi: pcie: fix race in queue unmapping commit b967613d7e7c7bad176f5627c55e2d8c5aa2480e upstream. When a queue is disabled, it frees all its entries. Later, the op_mode might still get notifications from the firmware that triggers to free entries in the tx queue. The transport should be prepared for these races and know to ignore reclaim calls on queues that have been disabled and whose entries have been freed. Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman commit 65a1fb23bc5b2f21b44f8b81c89ccda808b3b321 Author: Jiang Liu Date: Fri Jun 7 01:10:08 2013 +0800 PCI: Fix refcount issue in pci_create_root_bus() error recovery path commit 343df771e671d821478dd3ef525a0610b808dbf8 upstream. After calling device_register(&bridge->dev), the bridge is reference- counted, and it is illegal to call kfree() on it except in the release function. [bhelgaas: changelog, use put_device() after device_register() failure] Signed-off-by: Jiang Liu Signed-off-by: Bjorn Helgaas Signed-off-by: Greg Kroah-Hartman commit c723caeecf4240abbdafbc4ccd96ef08828a2d4f Author: Xudong Hao Date: Fri May 31 12:21:29 2013 +0800 PCI: Finish SR-IOV VF setup before adding the device commit fbf33f516bdbcc2ab1ba1e54dfb720b0cfaa6874 upstream. Commit 4f535093cf "PCI: Put pci_dev in device tree as early as possible" moves device registering from pci_bus_add_devices() to pci_device_add(). That causes problems for virtual functions because device_add(&virtfn->dev) is called before setting the virtfn->is_virtfn flag, which then causes Xen to report PCI virtual functions as PCI physical functions. Fix it by setting virtfn->is_virtfn before calling pci_device_add(). [Jiang Liu]: Move the setting of virtfn->is_virtfn ahead further for better readability and modify changelog. Signed-off-by: Xudong Hao Signed-off-by: Jiang Liu Signed-off-by: Bjorn Helgaas Signed-off-by: Greg Kroah-Hartman commit 323af551c09ddc7cac1c22486b1419aeb1cccdd5 Author: Paul Clements Date: Wed Jul 3 15:09:04 2013 -0700 nbd: correct disconnect behavior commit c378f70adbc1bbecd9e6db145019f14b2f688c7c upstream. Currently, when a disconnect is requested by the user (via NBD_DISCONNECT ioctl) the return from NBD_DO_IT is undefined (it is usually one of several error codes). This means that nbd-client does not know if a manual disconnect was performed or whether a network error occurred. Because of this, nbd-client's persist mode (which tries to reconnect after error, but not after manual disconnect) does not always work correctly. This change fixes this by causing NBD_DO_IT to always return 0 if a user requests a disconnect. This means that nbd-client can correctly either persist the connection (if an error occurred) or disconnect (if the user requested it). Signed-off-by: Paul Clements Acked-by: Rob Landley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 1926bf8ae44d80c9f50103f11fc4f17e2e2bf684 Author: Junxiao Bi Date: Wed Jul 3 15:01:03 2013 -0700 ocfs2: xattr: fix inlined xattr reflink commit ef962df057aaafd714f5c22ba3de1be459571fdf upstream. Inlined xattr shared free space of inode block with inlined data or data extent record, so the size of the later two should be adjusted when inlined xattr is enabled. See ocfs2_xattr_ibody_init(). But this isn't done well when reflink. For inode with inlined data, its max inlined data size is adjusted in ocfs2_duplicate_inline_data(), no problem. But for inode with data extent record, its record count isn't adjusted. Fix it, or data extent record and inlined xattr may overwrite each other, then cause data corruption or xattr failure. One panic caused by this bug in our test environment is the following: kernel BUG at fs/ocfs2/xattr.c:1435! invalid opcode: 0000 [#1] SMP Pid: 10871, comm: multi_reflink_t Not tainted 2.6.39-300.17.1.el5uek #1 RIP: ocfs2_xa_offset_pointer+0x17/0x20 [ocfs2] RSP: e02b:ffff88007a587948 EFLAGS: 00010283 RAX: 0000000000000000 RBX: 0000000000000010 RCX: 00000000000051e4 RDX: ffff880057092060 RSI: 0000000000000f80 RDI: ffff88007a587a68 RBP: ffff88007a587948 R08: 00000000000062f4 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000010 R13: ffff88007a587a68 R14: 0000000000000001 R15: ffff88007a587c68 FS: 00007fccff7f06e0(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00000000015cf000 CR3: 000000007aa76000 CR4: 0000000000000660 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process multi_reflink_t Call Trace: ocfs2_xa_reuse_entry+0x60/0x280 [ocfs2] ocfs2_xa_prepare_entry+0x17e/0x2a0 [ocfs2] ocfs2_xa_set+0xcc/0x250 [ocfs2] ocfs2_xattr_ibody_set+0x98/0x230 [ocfs2] __ocfs2_xattr_set_handle+0x4f/0x700 [ocfs2] ocfs2_xattr_set+0x6c6/0x890 [ocfs2] ocfs2_xattr_user_set+0x46/0x50 [ocfs2] generic_setxattr+0x70/0x90 __vfs_setxattr_noperm+0x80/0x1a0 vfs_setxattr+0xa9/0xb0 setxattr+0xc3/0x120 sys_fsetxattr+0xa8/0xd0 system_call_fastpath+0x16/0x1b Signed-off-by: Junxiao Bi Reviewed-by: Jie Liu Acked-by: Joel Becker Cc: Mark Fasheh Cc: Sunil Mushran Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 14a1d6afc622566a7dcb961a183010ec83bea009 Author: Chen Gang Date: Wed Jul 3 15:00:42 2013 -0700 arch: c6x: mm: include "asm/uaccess.h" to pass compiling commit fe74650166dd6905b0cf66594eb79222dc9d7109 upstream. Need include "asm/uaccess.h" to pass compiling. The related error (with allmodconfig): arch/c6x/mm/init.c: In function `paging_init': arch/c6x/mm/init.c:46:2: error: implicit declaration of function `set_fs' [-Werror=implicit-function-declaration] arch/c6x/mm/init.c:46:9: error: `KERNEL_DS' undeclared (first use in this function) arch/c6x/mm/init.c:46:9: note: each undeclared identifier is reported only once for each function it appears in Signed-off-by: Chen Gang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit f7019bfd8c1cc896f194009dff643fc73eefdd74 Author: Dmitry Torokhov Date: Mon Jul 1 11:47:51 2013 -0700 Input: bcm5974 - add support for the 2013 MacBook Air commit 148c1c8ad3c4170186ebe6ea5900adde27d2a0e7 upstream. The June 2013 Macbook Air (13'') has a new trackpad protocol; four new values are inserted in the header, and the mode switch is no longer needed. This patch adds support for the new devices. Reported-and-tested-by: Brad Ford Signed-off-by: Henrik Rydberg Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman commit 391c2e14c6442ac370afee2674d3e0c7409b319d Author: Dmitry Torokhov Date: Mon Jul 1 11:46:27 2013 -0700 HID: apple: Add support for the 2013 Macbook Air commit 9d9a04ee758b4c1fcc7586d065cdde7a7607e156 upstream. This patch adds keyboard support for MacbookAir6,2 as WELLSPRING8 (0x0291, 0x0292, 0x0293). The touchpad is handled in a separate bcm5974 patch, as usual. Reported-and-tested-by: Brad Ford Signed-off-by: Henrik Rydberg Signed-off-by: Jiri Kosina Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman commit 2757f8d630ae099abc7d51b7b09de76a33876bf4 Author: Rafael J. Wysocki Date: Thu Jul 4 13:22:11 2013 +0200 ACPI / PM: Fix corner case in acpi_bus_update_power() commit 91bdad0b6237c25a7bf8fd4604d0cc64a2005a23 upstream. The role of acpi_bus_update_power() is to update the given ACPI device object's power.state field to reflect the current physical state of the device (as inferred from the configuration of power resources and _PSC, if available). For this purpose it calls acpi_device_set_power() that should update the power resources' reference counters and set power.state as appropriate. However, that doesn't work if the "new" state is D1, D2 or D3hot and the the current value of power.state means D3cold, because in that case acpi_device_set_power() will refuse to transition the device from D3cold to non-D0. To address this problem, make acpi_bus_update_power() call acpi_power_transition() directly to update the power resources' reference counters and only use acpi_device_set_power() to put the device into D0 if the current physical state of it cannot be determined. Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit 22a5fdfc36cd18abfd421699e9076307fa54dae4 Author: Lv Zheng Date: Sat Jun 8 00:59:18 2013 +0000 ACPICA: Do not use extended sleep registers unless HW-reduced bit is set commit 7cec7048fe22e3e92389da2cd67098f6c4284e7f upstream. Previous implementation incorrectly used the ACPI 5.0 extended sleep registers if they were simply populated. This caused problems on some non-HW-reduced machines. As per the ACPI spec, they should only be used if the HW-reduced bit is set. Lv Zheng, ACPICA BZ 1020. Reported-by: Daniel Rowe References: https://bugzilla.kernel.org/show_bug.cgi?id=54181 References: https://bugs.acpica.org/show_bug.cgi?id=1020 Bisected-by: Brint E. Kriebel Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit 93ede471186348e7a82b13a879213fd661c951be Author: Lan Tianyu Date: Wed Jun 5 02:27:51 2013 +0000 ACPI / EC: Add HP Folio 13 to ec_dmi_table in order to skip DSDT scan commit eff9a4b62b14cf0d9913e3caf1f26f8b7a6105c9 upstream. HP Folio 13's BIOS defines CMOS RTC Operation Region and the EC's _REG method will access that region. To allow the CMOS RTC region handler to be installed before the EC _REG method is first invoked, add ec_skip_dsdt_scan() as HP Folio 13's callback to ec_dmi_table. References: https://bugzilla.kernel.org/show_bug.cgi?id=54621 Reported-and-tested-by: Stefan Nagy Signed-off-by: Lan Tianyu Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit 623c1cba04991c15d594a25fd31d7480d931aa57 Author: Lan Tianyu Date: Wed Jun 5 02:27:50 2013 +0000 ACPI: Add CMOS RTC Operation Region handler support commit 2fa97feb4406c546b52e35b6b6c50cb8f63425d2 upstream. On HP Folio 13-2000, the BIOS defines a CMOS RTC Operation Region and the EC's _REG methord accesses that region. Thus an appropriate address space handler must be registered for that region before the EC driver is loaded. Introduce a mechanism for adding CMOS RTC address space handlers. Register an ACPI scan handler for CMOS RTC devices such that, when a device of that kind is detected during an ACPI namespace scan, a common CMOS RTC operation region address space handler will be installed for it. References: https://bugzilla.kernel.org/show_bug.cgi?id=54621 Reported-and-tested-by: Stefan Nagy Signed-off-by: Lan Tianyu Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman commit e64c0641beee09a0d9870efc5ea40eb06b6529cb Author: Axel Lin Date: Wed Jul 3 15:06:45 2013 -0700 drivers/rtc/rtc-rv3029c2.c: fix disabling AIE irq commit 29ecd78c0fd6ee05f2c6b07b23823a6ae43c13ff upstream. In the disable AIE irq code path, current code passes "1" to enable parameter of rv3029c2_rtc_i2c_alarm_set_irq(). Thus it does not disable AIE irq. Signed-off-by: Axel Lin Acked-by: Heiko Schocher Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 3dc8601b54d7efa6ccf94b5159dd79b179a965dc Author: Ben Hutchings Date: Fri Jun 28 02:40:30 2013 +0100 genirq: Fix can_request_irq() for IRQs without an action commit 2779db8d37d4b542d9ca2575f5f178dbeaca6c86 upstream. Commit 02725e7471b8 ('genirq: Use irq_get/put functions'), inadvertently changed can_request_irq() to return 0 for IRQs that have no action. This causes pcibios_lookup_irq() to select only IRQs that already have an action with IRQF_SHARED set, or to fail if there are none. Change can_request_irq() to return 1 for IRQs that have no action (if the first two conditions are met). Reported-by: Bjarni Ingi Gislason Tested-by: Bjarni Ingi Gislason (against 3.2) Signed-off-by: Ben Hutchings Cc: 709647@bugs.debian.org Link: http://bugs.debian.org/709647 Link: http://lkml.kernel.org/r/1372383630.23847.40.camel@deadeye.wl.decadent.org.uk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit 9ceb896c679bf0fb6c8c968cf006ec8593052f37 Author: Konrad Rzeszutek Wilk Date: Mon Jun 10 16:48:09 2013 -0400 xen/pcifront: Deal with toolstack missing 'XenbusStateClosing' state. commit 098b1aeaf4d6149953b8f1f8d55c21d85536fbff upstream. There are two tool-stack that can instruct the Xen PCI frontend and backend to change states: 'xm' (Python code with a daemon), and 'xl' (C library - does not keep state changes). With the 'xm', the path to disconnect a single PCI device (xm pci-detach ) is: 4(Connected)->7(Reconfiguring*)-> 8(Reconfigured)-> 4(Connected)->5(Closing*). The * is for states that the tool-stack sets. For 'xl', it is similar: 4(Connected)->7(Reconfiguring*)-> 8(Reconfigured)-> 4(Connected) Both of them also tear down the XenBus structure, so the backend state ends up going in the 3(Initialised) and calls pcifront_xenbus_remove. When a PCI device is plugged back in (xm pci-attach ) both of them follow the same pattern: 2(InitWait*), 3(Initialized*), 4(Connected*)->4(Connected). [xen-pcifront ignores the 2,3 state changes and only acts when 4 (Connected) has been reached] Note that this is for a _single_ PCI device. If there were two PCI devices and only one was disconnected 'xm' would show the same state changes. The problem is that git commit 3d925320e9e2de162bd138bf97816bda8c3f71be ("xen/pcifront: Use Xen-SWIOTLB when initting if required") introduced a mechanism to initialize the SWIOTLB when the Xen PCI front moves to Connected state. It also had some aggressive seatbelt code check that would warn the user if one tried to change to Connected state without hitting first the Closing state: pcifront pci-0: PCI frontend already installed! However, that code can be relaxed and we can continue on working even if the frontend is instructed to be the 'Connected' state with no devices and then gets tickled to be in 'Connected' state again. In other words, this 4(Connected)->5(Closing)->4(Connected) state was expected, while 4(Connected)->.... anything but 5(Closing)->4(Connected) was not. This patch removes that aggressive check and allows Xen pcifront to work with the 'xl' toolstack (for one or more PCI devices) and with 'xm' toolstack (for more than two PCI devices). Acked-by: Bjorn Helgaas Cc: linux-pci@vger.kernel.org [v2: Added in the description about two PCI devices] Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Greg Kroah-Hartman commit ac9349c428f94f636e3ca4d5d92cf048dd819518 Author: Laszlo Ersek Date: Tue Oct 18 22:42:59 2011 +0200 xen/time: remove blocked time accounting from xen "clockchip" commit 0b0c002c340e78173789f8afaa508070d838cf3d upstream. ... because the "clock_event_device framework" already accounts for idle time through the "event_handler" function pointer in xen_timer_interrupt(). The patch is intended as the completion of [1]. It should fix the double idle times seen in PV guests' /proc/stat [2]. It should be orthogonal to stolen time accounting (the removed code seems to be isolated). The approach may be completely misguided. [1] https://lkml.org/lkml/2011/10/6/10 [2] http://lists.xensource.com/archives/html/xen-devel/2010-08/msg01068.html John took the time to retest this patch on top of v3.10 and reported: "idle time is correctly incremented for pv and hvm for the normal case, nohz=off and nohz=idle." so lets put this patch in. Signed-off-by: Laszlo Ersek Signed-off-by: John Haxby Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Greg Kroah-Hartman commit 587562a77c7ab453d16f6b6bb02951bd66c44982 Author: Zach Bobroff Date: Fri Jun 7 13:02:50 2013 +0100 x86, efi: retry ExitBootServices() on failure commit d3768d885c6ccbf8a137276843177d76c49033a7 upstream. ExitBootServices is absolutely supposed to return a failure if any ExitBootServices event handler changes the memory map. Basically the get_map loop should run again if ExitBootServices returns an error the first time. I would say it would be fair that if ExitBootServices gives an error the second time then Linux would be fine in returning control back to BIOS. The second change is the following line: again: size += sizeof(*mem_map) * 2; Originally you were incrementing it by the size of one memory map entry. The issue here is all related to the low_alloc routine you are using. In this routine you are making allocations to get the memory map itself. Doing this allocation or allocations can affect the memory map by more than one record. [ mfleming - changelog, code style ] Signed-off-by: Zach Bobroff Signed-off-by: Matt Fleming Signed-off-by: Greg Kroah-Hartman commit a2ebe4443fd55755cae5834e3f3021d3572cc463 Author: Helge Deller Date: Sat Jun 29 22:08:03 2013 +0200 parisc: optimize mtsp(0,sr) inline assembly commit 92b59929825d67db575043a76651865d16873b36 upstream. If the value which should be moved into a space register is zero, we can optimize the inline assembly to become "mtsp %r0,%srX". Signed-off-by: Helge Deller Signed-off-by: Greg Kroah-Hartman commit 286f3bf473da48489bb539c08088fbb8dc64a35c Author: Helge Deller Date: Tue Jun 18 23:21:25 2013 +0200 parisc: fix LMMIO mismatch between PAT length and MASK register commit dac76f1be5beaea4af9afe85fb475c73de0b8731 upstream. The LMMIO length reported by PAT and the length given by the LBA MASK register are not consistent. This leads e.g. to a not-working ATI FireGL card with the radeon DRM driver since the memory can't be mapped. Fix this by correctly adjusting the resource sizes. Signed-off-by: Helge Deller Signed-off-by: Greg Kroah-Hartman commit ad5def802da90a988d243d8426478bf23f54aad0 Author: John David Anglin Date: Sat Jun 29 16:42:12 2013 -0400 parisc: Ensure volatile space register %sr1 is not clobbered commit e8d8fc219f9a0e63e7fb927881e6f4db8e7d34df upstream. I still see the occasional random segv on rp3440. Looking at one of these (a code 15), it appeared the problem must be with the cache handling of anonymous pages. Reviewing this, I noticed that the space register %sr1 might be being clobbered when we flush an anonymous page. Register %sr1 is used for TLB purges in a couple of places. These purges are needed on PA8800 and PA8900 processors to ensure cache consistency of flushed cache lines. The solution here is simply to move the %sr1 load into the TLB lock region needed to ensure that one purge executes at a time on SMP systems. This was already the case for one use. After a few days of operation, I haven't had a random segv on my rp3440. Signed-off-by: John David Anglin Signed-off-by: Helge Deller Signed-off-by: Greg Kroah-Hartman commit 002b98a8495089379af21689688ad575d90bd8d4 Author: Christoph Lameter Date: Tue Jul 2 12:12:10 2013 -0700 slab: fix init_lock_keys commit 0f8f8094d28eb53368ac09186ea6b3a324cc7d44 upstream. Some architectures (e.g. powerpc built with CONFIG_PPC_256K_PAGES=y CONFIG_FORCE_MAX_ZONEORDER=11) get PAGE_SHIFT + MAX_ORDER > 26. In 3.10 kernels, CONFIG_LOCKDEP=y with PAGE_SHIFT + MAX_ORDER > 26 makes init_lock_keys() dereference beyond kmalloc_caches[26]. This leads to an unbootable system (kernel panic at initializing SLAB) if one of kmalloc_caches[26...PAGE_SHIFT+MAX_ORDER-1] is not NULL. Fix this by making sure that init_lock_keys() does not dereference beyond kmalloc_caches[26] arrays. Signed-off-by: Christoph Lameter Reported-by: Tetsuo Handa Cc: Pekka Enberg Signed-off-by: Andrew Morton Signed-off-by: Pekka Enberg Signed-off-by: Greg Kroah-Hartman commit 8e700e9586394b9769fd93293482e9a950e24ba4 Author: Helge Deller Date: Thu Jul 4 22:34:11 2013 +0200 parisc: Fix gcc miscompilation in pa_memcpy() commit 5b879d78bc0818aa710f5d4d9abbfc2aca075cc3 upstream. When running the LTP testsuite one may hit this kernel BUG() with the write06 testcase: kernel BUG at mm/filemap.c:2023! CPU: 1 PID: 8614 Comm: writev01 Not tainted 3.10.0-rc7-64bit-c3000+ #6 IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000401e6e84 00000000401e6e88 IIR: 03ffe01f ISR: 0000000010340000 IOR: 000001fbe0380820 CPU: 1 CR30: 00000000bef80000 CR31: ffffffffffffffff ORIG_R28: 00000000bdc192c0 IAOQ[0]: iov_iter_advance+0x3c/0xc0 IAOQ[1]: iov_iter_advance+0x40/0xc0 RP(r2): generic_file_buffered_write+0x204/0x3f0 Backtrace: [<00000000401e764c>] generic_file_buffered_write+0x204/0x3f0 [<00000000401eab24>] __generic_file_aio_write+0x244/0x448 [<00000000401eadc0>] generic_file_aio_write+0x98/0x150 [<000000004024f460>] do_sync_readv_writev+0xc0/0x130 [<000000004025037c>] compat_do_readv_writev+0x12c/0x340 [<00000000402505f8>] compat_writev+0x68/0xa0 [<0000000040251d88>] compat_SyS_writev+0x98/0xf8 Reason for this crash is a gcc miscompilation in the fault handlers of pa_memcpy() which return the fault address instead of the copied bytes. Since this seems to be a generic problem with gcc-4.7.x (and below), it's better to simplify the fault handlers in pa_memcpy to avoid this problem. Here is a simple reproducer for the problem: int main(int argc, char **argv) { int fd, nbytes; struct iovec wr_iovec[] = { { "TEST STRING ",32}, { (char*)0x40005000,32} }; // random memory. fd = open(DATA_FILE, O_RDWR | O_CREAT, 0666); nbytes = writev(fd, wr_iovec, 2); printf("return value = %d, errno %d (%s)\n", nbytes, errno, strerror(errno)); return 0; } In addition, John David Anglin wrote: There is no gcc PR as pa_memcpy is not legitimate C code. There is an implicit assumption that certain variables will contain correct values when an exception occurs and the code randomly jumps to one of the exception blocks. There is no guarantee of this. If a PR was filed, it would likely be marked as invalid. Signed-off-by: Helge Deller Signed-off-by: John David Anglin Signed-off-by: Helge Deller Signed-off-by: Greg Kroah-Hartman commit fa8223db1d69e6de9c7c7210804e8bb284067954 Author: Helge Deller Date: Sat Jun 29 13:24:16 2013 +0200 parisc: document the shadow registers commit a83f58bcb24003b9de2364de7c829a263423ead7 upstream. Signed-off-by: Helge Deller Signed-off-by: Greg Kroah-Hartman commit b6891ed4e66b65e5d6bb36964af0d65a08590018 Author: Tejun Heo Date: Tue Jun 25 11:48:32 2013 -0700 cgroup: fix RCU accesses to task->cgroups commit 14611e51a57df10240817d8ada510842faf0ec51 upstream. task->cgroups is a RCU pointer pointing to struct css_set. A task switches to a different css_set on cgroup migration but a css_set doesn't change once created and its pointers to cgroup_subsys_states aren't RCU protected. task_subsys_state[_check]() is the macro to acquire css given a task and subsys_id pair. It RCU-dereferences task->cgroups->subsys[] not task->cgroups, so the RCU pointer task->cgroups ends up being dereferenced without read_barrier_depends() after it. It's broken. Fix it by introducing task_css_set[_check]() which does RCU-dereference on task->cgroups. task_subsys_state[_check]() is reimplemented to directly dereference ->subsys[] of the css_set returned from task_css_set[_check](). This removes some of sparse RCU warnings in cgroup. v2: Fixed unbalanced parenthsis and there's no need to use rcu_dereference_raw() when !CONFIG_PROVE_RCU. Both spotted by Li. Signed-off-by: Tejun Heo Reported-by: Fengguang Wu Acked-by: Li Zefan Signed-off-by: Greg Kroah-Hartman commit 83d0eb79752482bb888fb6d86ceed8971272f8b4 Author: Li Zefan Date: Tue Jun 18 18:41:10 2013 +0800 cgroup: fix umount vs cgroup_event_remove() race commit 1c8158eeae0f37d0eee9f1fbe68080df6a408df2 upstream. commit 5db9a4d99b0157a513944e9a44d29c9cec2e91dc Author: Tejun Heo Date: Sat Jul 7 16:08:18 2012 -0700 cgroup: fix cgroup hierarchy umount race This commit fixed a race caused by the dput() in css_dput_fn(), but the dput() in cgroup_event_remove() can also lead to the same BUG(). Signed-off-by: Li Zefan Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman commit 5eb2698932989f855e3427b0860771611f831a69 Author: Joachim Eastwood Date: Thu Jun 6 10:24:14 2013 +0200 pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status commit e39506b466edcda2a7e9d0174d7987ae654137b7 upstream. Commit 80af9e6d (pcmcia at91_cf: fix raw gpio number usage) forgot to change the parameter in gpio_get_value after adding gpio validation. Signed-off-by: Joachim Eastwood Signed-off-by: Nicolas Ferre Acked-by: Jean-Christophe PLAGNIOL-VILLARD Signed-off-by: Greg Kroah-Hartman commit 540005dcb39acd12c52d2a580a85ccfd5de76fc1 Author: Jason Wang Date: Tue Jun 18 13:04:23 2013 +0800 drivers: hv: switch to use mb() instead of smp_mb() commit 35848f68b07df3f917cb13fc3c134718669f569b upstream. Even if guest were compiled without SMP support, it could not assume that host wasn't. So switch to use mb() instead of smp_mb() to force memory barriers for UP guest. Signed-off-by: Jason Wang Cc: Haiyang Zhang Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman commit a5ea8ca0b2d24ab8beae6b218abeb771d40ae966 Author: George Cherian Date: Fri Jun 21 13:59:08 2013 +0530 usb: host: xhci-plat: release mem region while removing module commit 5388a3a5faba8dfa69e5f06c3a415d373c1a4316 upstream. Do a release_mem_region of the hcd resource. Without this the subsequent insertion of module fails in request_mem_region. Signed-off-by: George Cherian Acked-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 333db1d07c454f02e008780273df44c1e3102448 Author: Mathias Nyman Date: Mon Jun 17 09:56:33 2013 -0700 xhci: check for failed dma pool allocation commit 025f880cb2e4d7218d0422d4b07bea1a68959c38 upstream. Fail and free the container context in case dma_pool_alloc() can't allocate the raw context data part of it This patch should be backported to kernels as old as 2.6.31, that contain the commit d115b04818e57bdbc7ccde4d0660b15e33013dc8 "USB: xhci: Support for 64-byte contexts". Signed-off-by: Mathias Nyman Signed-off-by: Sarah Sharp Cc: John Youn Signed-off-by: Greg Kroah-Hartman commit 5b3e69eafcfc490dcdd0368f680170b24686abe5 Author: Roger Quadros Date: Fri Jun 14 16:52:07 2013 +0300 USB: ehci-omap: Tweak PHY initialization sequence commit 4e5c9e6fa2d232a0686d5fe45cd1508484048936 upstream. For PHY mode, the PHYs must be brought out of reset before the EHCI controller is started. This patch fixes the issue where USB devices are not found on Beagleboard/Beagle-xm if USB has been started previously by the bootloader. (e.g. by "usb start" command in u-boot) Tested on Beagleboard, Beagleboard-xm and Pandaboard. Issue present on 3.10 onwards. Reported-by: Tomi Valkeinen Tested-by: Tomi Valkeinen Signed-off-by: Roger Quadros Signed-off-by: Greg Kroah-Hartman commit f8da12fa870df0d4304a3661352d721d90bd0929 Author: UCHINO Satoshi Date: Thu May 23 11:10:11 2013 +0900 usb: gadget: f_mass_storage: add missing memory barrier for thread_wakeup_needed commit d68c277b501889b3a50c179d1c3d704db7947b83 upstream. Without this memory barrier, the file-storage thread may fail to escape from the following while loop, because it may observe new common->thread_wakeup_needed and old bh->state which are updated by the callback functions. /* Wait for the CBW to arrive */ while (bh->state != BUF_STATE_FULL) { rc = sleep_thread(common); if (rc) return rc; } Signed-off-by: UCHINO Satoshi Acked-by: Michal Nazarewicz Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit 859cfbcdc4374da93fc1258f18f95849c02e52c4 Author: Dan Williams Date: Thu Jun 20 16:07:40 2013 -0500 USB: option,qcserial: move Novatel Gobi1K IDs to qcserial commit a254810a86aaaac4ac6ba44fa934558b042a17a7 upstream. These devices are all Gobi1K devices (according to the Windows INF files) and should be handled by qcserial instead of option. Their network port is handled by qmi_wwan. Signed-off-by: Dan Williams Signed-off-by: Greg Kroah-Hartman commit c1d2dfed42f0d8d7eb7d3fa458f93e1e6fdb7e93 Author: Darren Hart Date: Tue Jun 25 18:53:22 2013 -0700 pch_uart: Add uart_clk selection for the MinnowBoard commit 29692d05647cb7ecea56242241f77291d5624b95 upstream. Use DMI_BOARD_NAME to determine if we are running on a MinnowBoard and set the uart clock to 50MHz if so. This removes the need to pass the user_uartclk to the kernel at boot time. Signed-off-by: Darren Hart Cc: Jiri Slaby Cc: "H. Peter Anvin" Cc: Peter Waskiewicz Cc: Andy Shevchenko Signed-off-by: Greg Kroah-Hartman commit 0529b225e14f6187cd7a997ebc438538059a7889 Author: Theodore Ts'o Date: Mon Jul 1 08:12:39 2013 -0400 ext4: check error return from ext4_write_inline_data_end() commit 42c832debbbf819f6c4ad8601baa559c44105ba4 upstream. The function ext4_write_inline_data_end() can return an error. So we need to assign it to a signed integer variable to check for an error return (since copied is an unsigned int). Signed-off-by: "Theodore Ts'o" Cc: Zheng Liu Signed-off-by: Greg Kroah-Hartman commit 5196bcf9844862ad05b2dfe825422e95a519e514 Author: Al Viro Date: Mon Jul 1 08:12:38 2013 -0400 ext3,ext4: don't mess with dir_file->f_pos in htree_dirblock_to_tree() commit 64cb927371cd2ec43758d8a094a003d27bc3d0dc upstream. Both ext3 and ext4 htree_dirblock_to_tree() is just filling the in-core rbtree for use by call_filldir(). All updates of ->f_pos are done by the latter; bumping it here (on error) is obviously wrong - we might very well have it nowhere near the block we'd found an error in. Signed-off-by: Al Viro Signed-off-by: "Theodore Ts'o" Signed-off-by: Greg Kroah-Hartman commit b6a81140efa3b994f3bde4ea48434cfc6e5d4fe9 Author: Maarten ter Huurne Date: Mon Jul 1 08:12:08 2013 -0400 ext4: fix corruption when online resizing a fs with 1K block size commit 6ca792edc13c409e8d4eb9001e048264c6a2eb64 upstream. Subtracting the number of the first data block places the superblock backups one block too early, corrupting the file system. When the block size is larger than 1K, the first data block is 0, so the subtraction has no effect and no corruption occurs. Signed-off-by: Maarten ter Huurne Signed-off-by: "Theodore Ts'o" Reviewed-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 15f26a4c4820d1fb5f1ba979b4fe4d00a2d38b7d Author: Theodore Ts'o Date: Mon Jul 1 08:12:40 2013 -0400 jbd2: fix theoretical race in jbd2__journal_restart commit 39c04153fda8c32e85b51c96eb5511a326ad7609 upstream. Once we decrement transaction->t_updates, if this is the last handle holding the transaction from closing, and once we release the t_handle_lock spinlock, it's possible for the transaction to commit and be released. In practice with normal kernels, this probably won't happen, since the commit happens in a separate kernel thread and it's unlikely this could all happen within the space of a few CPU cycles. On the other hand, with a real-time kernel, this could potentially happen, so save the tid found in transaction->t_tid before we release t_handle_lock. It would require an insane configuration, such as one where the jbd2 thread was set to a very high real-time priority, perhaps because a high priority real-time thread is trying to read or write to a file system. But some people who use real-time kernels have been known to do insane things, including controlling laser-wielding industrial robots. :-) Signed-off-by: "Theodore Ts'o" Signed-off-by: Greg Kroah-Hartman commit 5f81e313889bcaf53faec9c05a4c92e0b43823f4 Author: Theodore Ts'o Date: Mon Jul 1 08:12:38 2013 -0400 jbd2: move superblock checksum calculation to jbd2_write_superblock() commit fe52d17cdd343ac43c85cf72940a58865b9d3bfb upstream. Some of the functions which modify the jbd2 superblock were not updating the checksum before calling jbd2_write_superblock(). Move the call to jbd2_superblock_csum_set() to jbd2_write_superblock(), so that the checksum is calculated consistently. Signed-off-by: "Theodore Ts'o" Cc: Darrick J. Wong Signed-off-by: Greg Kroah-Hartman commit 9e8e8fdf3d60235954e1452283b21e955e574b98 Author: Larry Finger Date: Tue Jun 18 13:25:05 2013 -0500 rtlwifi: rtl8192cu: Fix duplicate if test commit 10d0b9030a3f86e1e26c710c7580524d7787d688 upstream. A typo causes routine rtl92cu_phy_rf6052_set_cck_txpower() to test the same condition twice. The problem was found using cppcheck-1.49, and the proper fix was verified against the pre-mac80211 version of the code. This patch was originally included as commit 1288aa4, but was accidentally reverted in a later patch. Reported-by: David Binderman [original report] Reported-by: Andrea Morello [report of accidental reversion] Signed-off-by: Larry Finger Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 85eb7ce1182a97ee66095a4fb1f8eae5171373c2 Author: Larry Finger Date: Sun Jun 23 18:14:43 2013 -0500 rtlwifi: rtl8723ae: Fix typo in firmware names commit 73e088ed17c2880a963cc760a78af8a06d4a4d9d upstream. The driver loads its firmware from files rtlwifi/rtl8723fw*.bin, but the MODULE_FIRMWARE macros refer to rtlwifi/RTL8723aefw*.bin. Signed-off-by: Larry Finger Reported-by: Axel Köllhofer Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 05400bc8db6fe1a0aa902910cdf812a5e645dd7f Author: Larry Finger Date: Mon Jun 17 13:25:49 2013 -0500 rtlwifi: rtl8192cu: Add new USB ID for TP-Link TL-WN8200ND commit c4d827c5ccc3a49227dbf9d4b248a2e86f388023 upstream. This is a new device for this driver. Reported-by: Tobias Kluge Signed-off-by: Larry Finger Cc: Tobias Kluge Signed-off-by: John W. Linville Signed-off-by: Greg Kroah-Hartman commit 059a1671f28c977fe69a0f86eeb0fa2084fdb3dd Author: Pavel Shilovsky Date: Thu Jul 11 11:17:45 2013 +0400 CIFS: Fix a deadlock when a file is reopened commit 689c3db4d57a73bee6c5ad7797fce7b54d32a87c upstream. If we request reading or writing on a file that needs to be reopened, it causes the deadlock: we are already holding rw semaphore for reading and then we try to acquire it for writing in cifs_relock_file. Fix this by acquiring the semaphore for reading in cifs_relock_file due to we don't make any changes in locks and don't need a write access. Signed-off-by: Pavel Shilovsky Acked-by: Jeff Layton Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman commit cfe24e4e36ec19a56bac17691f8721ac44050a6f Author: Steve French Date: Thu Jul 4 14:38:48 2013 -0500 CIFS use sensible file nlink values if unprovided commit 6658b9f70ebca5fc0795b1d6d733996af1e2caa7 upstream. Certain servers may not set the NumberOfLinks field in query file/path info responses. In such a case, cifs_inode_needs_reval() assumes that all regular files are hardlinks and triggers revalidation, leading to excessive and unnecessary network traffic. This change hardcodes cf_nlink (and subsequently i_nlink) when not returned by the server, similar to what already occurs in cifs_mkdir(). Signed-off-by: David Disseldorp Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman