Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jan 28, 2013
  1. @gregkh

    Linux 3.0.61

    gregkh authored
  2. @gregkh

    ioat: Fix DMA memory sync direction correct flag

    Shuah Khan authored gregkh committed
    commit ac49898 upstream.
    ioat does DMA memory sync with DMA_TO_DEVICE direction on a buffer allocated
    for DMA_FROM_DEVICE dma, resulting in the following warning from dma debug.
    Fixed the dma_sync_single_for_device() call to use the correct direction.
    [  226.288947] WARNING: at lib/dma-debug.c:990 check_sync+0x132/0x550()
    [  226.288948] Hardware name: ProLiant DL380p Gen8
    [  226.288951] ioatdma 0000:00:04.0: DMA-API: device driver syncs DMA memory with different direction [device address=0x00000000ffff7000] [size=4096 bytes] [mapped with DMA_FROM_DEVICE] [synced with DMA_TO_DEVICE]
    [  226.288953] Modules linked in: iTCO_wdt(+) sb_edac(+) ioatdma(+) microcode serio_raw pcspkr edac_core hpwdt(+) iTCO_vendor_support hpilo(+) dca acpi_power_meter ata_generic pata_acpi sd_mod crc_t10dif ata_piix libata hpsa tg3 netxen_nic(+) sunrpc dm_mirror dm_region_hash dm_log dm_mod
    [  226.288967] Pid: 1055, comm: work_for_cpu Tainted: G        W    3.3.0-0.20.el7.x86_64 #1
    [  226.288968] Call Trace:
    [  226.288974]  [<ffffffff810644cf>] warn_slowpath_common+0x7f/0xc0
    [  226.288977]  [<ffffffff810645c6>] warn_slowpath_fmt+0x46/0x50
    [  226.288980]  [<ffffffff81345502>] check_sync+0x132/0x550
    [  226.288983]  [<ffffffff81345c9f>] debug_dma_sync_single_for_device+0x3f/0x50
    [  226.288988]  [<ffffffff81661002>] ? wait_for_common+0x72/0x180
    [  226.288995]  [<ffffffffa019590f>] ioat_xor_val_self_test+0x3e5/0x832 [ioatdma]
    [  226.288999]  [<ffffffff811a5739>] ? kfree+0x259/0x270
    [  226.289004]  [<ffffffffa0195d77>] ioat3_dma_self_test+0x1b/0x20 [ioatdma]
    [  226.289008]  [<ffffffffa01952c3>] ioat_probe+0x2f8/0x348 [ioatdma]
    [  226.289011]  [<ffffffffa0195f51>] ioat3_dma_probe+0x1d5/0x2aa [ioatdma]
    [  226.289016]  [<ffffffffa0194d12>] ioat_pci_probe+0x139/0x17c [ioatdma]
    [  226.289020]  [<ffffffff81354b8c>] local_pci_probe+0x5c/0xd0
    [  226.289023]  [<ffffffff81083e50>] ? destroy_work_on_stack+0x20/0x20
    [  226.289025]  [<ffffffff81083e68>] do_work_for_cpu+0x18/0x30
    [  226.289029]  [<ffffffff8108d997>] kthread+0xb7/0xc0
    [  226.289033]  [<ffffffff8166cef4>] kernel_thread_helper+0x4/0x10
    [  226.289036]  [<ffffffff81662d20>] ? _raw_spin_unlock_irq+0x30/0x50
    [  226.289038]  [<ffffffff81663234>] ? retint_restore_args+0x13/0x13
    [  226.289041]  [<ffffffff8108d8e0>] ? kthread_worker_fn+0x1a0/0x1a0
    [  226.289044]  [<ffffffff8166cef0>] ? gs_change+0x13/0x13
    [  226.289045] ---[ end trace e1618afc7a606089 ]---
    [  226.289047] Mapped at:
    [  226.289048]  [<ffffffff81345307>] debug_dma_map_page+0x87/0x150
    [  226.289050]  [<ffffffffa019653c>] dma_map_page.constprop.18+0x70/0xb34 [ioatdma]
    [  226.289054]  [<ffffffffa0195702>] ioat_xor_val_self_test+0x1d8/0x832 [ioatdma]
    [  226.289058]  [<ffffffffa0195d77>] ioat3_dma_self_test+0x1b/0x20 [ioatdma]
    [  226.289061]  [<ffffffffa01952c3>] ioat_probe+0x2f8/0x348 [ioatdma]
    Signed-off-by: Shuah Khan <>
    Signed-off-by: Vinod Koul <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @gregkh

    ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled

    Konrad Rzeszutek Wilk authored gregkh committed
    commit b88a634 upstream.
    If cpuidle is disabled, that means that:
    	per_cpu(acpi_cpuidle_device, pr->id)
    is set to NULL as the acpi_processor_power_init ends up failing at
    	 retval = cpuidle_register_driver(&acpi_idle_driver)
    (in acpi_processor_power_init) and never sets the per_cpu idle
    device.  So when acpi_processor_hotplug on CPU online notification
    tries to reference said device it crashes:
    cpu 3 spinlock event irq 62
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
    IP: [<ffffffff81381013>] acpi_processor_setup_cpuidle_cx+0x3f/0x105
    PGD a259b067 PUD ab38b067 PMD 0
    Oops: 0002 [#1] SMP
    odules linked in: dm_multipath dm_mod xen_evtchn iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi libcrc32c crc32c nouveau mxm_wmi wmi radeon ttm sg sr_mod sd_mod cdrom ata_generic ata_piix libata crc32c_intel scsi_mod atl1c i915 fbcon tileblit font bitblit softcursor drm_kms_helper video xen_blkfront xen_netfront fb_sys_fops sysimgblt sysfillrect syscopyarea xenfs xen_privcmd mperf
    CPU 1
    Pid: 3047, comm: bash Not tainted 3.8.0-rc3upstream-00250-g165c029 #1 MSI MS-7680/H61M-P23 (MS-7680)
    RIP: e030:[<ffffffff81381013>]  [<ffffffff81381013>] acpi_processor_setup_cpuidle_cx+0x3f/0x105
    RSP: e02b:ffff88001742dca8  EFLAGS: 00010202
    RAX: 0000000000010be9 RBX: ffff8800a0a61800 RCX: ffff880105380000
    RDX: 0000000000000003 RSI: 0000000000000200 RDI: ffff8800a0a61800
    RBP: ffff88001742dce8 R08: ffffffff81812360 R09: 0000000000000200
    R10: aaaaaaaaaaaaaaaa R11: 0000000000000001 R12: ffff8800a0a61800
    R13: 00000000ffffff01 R14: 0000000000000000 R15: ffffffff81a907a0
    FS:  00007fd6942f7700(0000) GS:ffff880105280000(0000) knlGS:0000000000000000
    CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000004 CR3: 00000000a6773000 CR4: 0000000000042660
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process bash (pid: 3047, threadinfo ffff88001742c000, task ffff880017944000)
     0000000000000150 ffff880100f59e00 ffff88001742dcd8 ffff8800a0a61800
     0000000000000000 00000000ffffff01 0000000000000000 ffffffff81a907a0
     ffff88001742dd18 ffffffff813815b1 ffff88001742dd08 ffffffff810ae336
    Call Trace:
     [<ffffffff813815b1>] acpi_processor_hotplug+0x7c/0x9f
     [<ffffffff810ae336>] ? schedule_delayed_work_on+0x16/0x20
     [<ffffffff8137ee8f>] acpi_cpu_soft_notify+0x90/0xca
     [<ffffffff8166023d>] notifier_call_chain+0x4d/0x70
     [<ffffffff810bc369>] __raw_notifier_call_chain+0x9/0x10
     [<ffffffff81094a4b>] __cpu_notify+0x1b/0x30
     [<ffffffff81652cf7>] _cpu_up+0x103/0x14b
     [<ffffffff81652e18>] cpu_up+0xd9/0xec
     [<ffffffff8164a254>] store_online+0x94/0xd0
     [<ffffffff814122fb>] dev_attr_store+0x1b/0x20
     [<ffffffff81216404>] sysfs_write_file+0xf4/0x170
    This patch fixes it.
    Signed-off-by: Konrad Rzeszutek Wilk <>
    Signed-off-by: Rafael J. Wysocki <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @gregkh

    SGI-XP: handle non-fatal traps

    Robin Holt authored gregkh committed
    commit 891348c upstream.
    We found a user code which was raising a divide-by-zero trap.  That trap
    would lead to XPC connections between system-partitions being torn down
    due to the die_chain notifier callouts it received.
    This also revealed a different issue where multiple callers into
    xpc_die_deactivate() would all attempt to do the disconnect in parallel
    which would sometimes lock up but often overwhelm the console on very
    large machines as each would print at least one line of output at the
    end of the deactivate.
    I reviewed all the users of the die_chain notifier and changed the code
    to ignore the notifier callouts for reasons which will not actually lead
    to a system to continue on to call die().
    [ fix ia64]
    Signed-off-by: Robin Holt <>
    Cc: Thomas Gleixner <>
    Cc: Ingo Molnar <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @kees @gregkh

    x86: Use enum instead of literals for trap values [PARTIAL]

    kees authored gregkh committed
    [Based on commit c940826 upstream, only
    taking the traps.h portion.]
    The traps are referred to by their numbers and it can be difficult to
    understand them while reading the code without context. This patch adds
    enumeration of the trap numbers and replaces the numbers with the correct
    enum for x86.
    Signed-off-by: Kees Cook <>
    Signed-off-by: H. Peter Anvin <>
    Signed-off-by: Robin Holt <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @gregkh

    ahci: Add identifiers for ASM106x devices

    Alan Cox authored gregkh committed
    commit 7b4f6ec upstream.
    They don't always appear as AHCI class devices but instead as IDE class.
    Based on an initial patch by Hiroaki Nito
    Signed-off-by: Alan Cox <>
    Signed-off-by: Jeff Garzik <>
    Signed-off-by: Abdallah Chatila <>
    Signed-off-by: Greg Kroah-Hartman <>
  7. @danvet @gregkh

    drm/i915: Implement WaDisableHiZPlanesWhenMSAAEnabled

    danvet authored gregkh committed
    commit 4283908 upstream.
    Quoting from Bspec, 3D_CHICKEN1, bit 10
    This bit needs to be set always to "1", Project: DevSNB "
    Reviewed-by: Rodrigo Vivi <>
    Signed-off-by: Daniel Vetter <>
    Signed-off-by: Abdallah Chatila <>
    Signed-off-by: Greg Kroah-Hartman <>
  8. @gregkh

    staging: usbip: changed function return type to void

    Bart Westgeest authored gregkh committed
    commit ac2b41a upstream.
    The function usbip_pad_iso never returns anything but 0 (success).
    Signed-off-by: Bart Westgeest <>
    Cc: Ben Hutchings <>
    Signed-off-by: Greg Kroah-Hartman <>
  9. @jirislaby @gregkh

    serial: 8250, increase PASS_LIMIT

    jirislaby authored gregkh committed
    commit e7328ae upstream.
    With virtual machines like qemu, it's pretty common to see "too much
    work for irq4" messages nowadays. This happens when a bunch of output
    is printed on the emulated serial console. This is caused by too low
    PASS_LIMIT. When ISR loops more than the limit, it spits the message.
    I've been using a kernel with doubled the limit and I couldn't see no
    problems. Maybe it's time to get rid of the message now?
    Signed-off-by: Jiri Slaby <>
    Cc: Alan Cox <>
    Cc: Ram Gupta <>
    Signed-off-by: Greg Kroah-Hartman <>
  10. @gregkh

    drivers/firmware/dmi_scan.c: fetch dmi version from SMBIOS if it exists

    Zhenzhong Duan authored gregkh committed
    commit 9f9c9cb upstream.
    The right dmi version is in SMBIOS if it's zero in DMI region
    This issue was originally found from an oracle bug.
    One customer noticed system UUID doesn't match between dmidecode & uek2.
     - HP ProLiant BL460c G6 :
       # cat /sys/devices/virtual/dmi/id/product_uuid
       # dmidecode | grep -i uuid
       UUID: 00000000-0000-484C-3031-4D5030333531
    From SMBIOS 2.6 on, spec use little-endian encoding for UUID other than
    network byte order.
    So we need to get dmi version to distinguish.  If version is 0.0, the
    real version is taken from the SMBIOS version.  This is part of original
    kernel comment in code.
    [ checkpatch fixes]
    Signed-off-by: Zhenzhong Duan <>
    Cc: Feng Jin <>
    Cc: Jean Delvare <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Abdallah Chatila <>
    Signed-off-by: Greg Kroah-Hartman <>
  11. @gregkh

    drivers/firmware/dmi_scan.c: check dmi version when get system uuid

    Zhenzhong Duan authored gregkh committed
    commit f1d8e61 upstream.
    As of version 2.6 of the SMBIOS specification, the first 3 fields of the
    UUID are supposed to be little-endian encoded.
    Also a minor fix to match variable meaning and mute
    [ tweak code comment]
    Signed-off-by: Zhenzhong Duan <>
    Cc: Feng Jin <>
    Cc: Jean Delvare <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Abdallah Chatila <>
    Signed-off-by: Greg Kroah-Hartman <>
  12. @gregkh

    SCSI: sd: Reshuffle init_sd to avoid crash

    Joel D. Diaz authored gregkh committed
    commit afd5e34 upstream.
    scsi_register_driver will register a prep_fn() function, which
    in turn migh need to use the sd_cdp_pool for DIF.
    Which hasn't been initialised at this point, leading to
    a crash. So reshuffle the init_sd() and exit_sd() paths
    to have the driver registered last.
    Signed-off-by: Joel D. Diaz <>
    Signed-off-by: Hannes Reinecke <>
    Signed-off-by: James Bottomley <>
    Cc: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  13. @gregkh

    USB: UHCI: fix IRQ race during initialization

    Alan Stern authored gregkh committed
    commit 0f815a0 upstream.
    This patch (as1644) fixes a race that occurs during startup in
    uhci-hcd.  If the IRQ line is shared with other devices, it's possible
    for the handler routine to be called before the data structures are
    fully initialized.
    The problem is fixed by adding a check to the IRQ handler routine.  If
    the initialization hasn't finished yet, the routine will return
    Signed-off-by: Alan Stern <>
    Reported-by: Don Zickus <>
    Tested-by: "Huang, Adrian (ISS Linux TW)" <>
    Signed-off-by: Greg Kroah-Hartman <>
  14. @gregkh

    PCI: Allow pcie_aspm=force even when FADT indicates it is unsupported

    Colin Ian King authored gregkh committed
    commit 9e16721 upstream.
    Right now using pcie_aspm=force will not enable ASPM if the FADT indicates
    ASPM is unsupported.  However, the semantics of force should probably allow
    for this, especially as they did before 3c07635 ("PCI: Rework ASPM
    disable code")
    This patch just skips the clearing of any ASPM setup that the firmware has
    carried out on this bus if pcie_aspm=force is being used.
    Signed-off-by: Colin Ian King <>
    Signed-off-by: Bjorn Helgaas <>
    Signed-off-by: Greg Kroah-Hartman <>
  15. @gregkh

    ftrace: Be first to run code modification on modules

    Steven Rostedt authored gregkh committed
    commit c1bf08a upstream.
    If some other kernel subsystem has a module notifier, and adds a kprobe
    to a ftrace mcount point (now that kprobes work on ftrace points),
    when the ftrace notifier runs it will fail and disable ftrace, as well
    as kprobes that are attached to ftrace points.
    Here's the error:
     WARNING: at kernel/trace/ftrace.c:1618 ftrace_bug+0x239/0x280()
     Hardware name: Bochs
     Modules linked in: fat(+) stap_56d28a51b3fe546293ca0700b10bcb29__8059(F) nfsv4 auth_rpcgss nfs dns_resolver fscache xt_nat iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack lockd sunrpc ppdev parport_pc parport microcode virtio_net i2c_piix4 drm_kms_helper ttm drm i2c_core [last unloaded: bid_shared]
     Pid: 8068, comm: modprobe Tainted: GF            3.7.0-0.rc8.git0.1.fc19.x86_64 #1
     Call Trace:
      [<ffffffff8105e70f>] warn_slowpath_common+0x7f/0xc0
      [<ffffffff81134106>] ? __probe_kernel_read+0x46/0x70
      [<ffffffffa0180000>] ? 0xffffffffa017ffff
      [<ffffffffa0180000>] ? 0xffffffffa017ffff
      [<ffffffff8105e76a>] warn_slowpath_null+0x1a/0x20
      [<ffffffff810fd189>] ftrace_bug+0x239/0x280
      [<ffffffff810fd626>] ftrace_process_locs+0x376/0x520
      [<ffffffff810fefb7>] ftrace_module_notify+0x47/0x50
      [<ffffffff8163912d>] notifier_call_chain+0x4d/0x70
      [<ffffffff810882f8>] __blocking_notifier_call_chain+0x58/0x80
      [<ffffffff81088336>] blocking_notifier_call_chain+0x16/0x20
      [<ffffffff810c2a23>] sys_init_module+0x73/0x220
      [<ffffffff8163d719>] system_call_fastpath+0x16/0x1b
     ---[ end trace 9ef46351e53bbf80 ]---
     ftrace failed to modify [<ffffffffa0180000>] init_once+0x0/0x20 [fat]
      actual: cc:bb:d2:4b:e1
    A kprobe was added to the init_once() function in the fat module on load.
    But this happened before ftrace could have touched the code. As ftrace
    didn't run yet, the kprobe system had no idea it was a ftrace point and
    simply added a breakpoint to the code (0xcc in the cc:bb:d2:4b:e1).
    Then when ftrace went to modify the location from a call to mcount/fentry
    into a nop, it didn't see a call op, but instead it saw the breakpoint op
    and not knowing what to do with it, ftrace shut itself down.
    The solution is to simply give the ftrace module notifier the max priority.
    This should have been done regardless, as the core code ftrace modification
    also happens very early on in boot up. This makes the module modification
    closer to core modification.
    Acked-by: Masami Hiramatsu <>
    Reported-by: Frank Ch. Eigler <>
    Signed-off-by: Steven Rostedt <>
  16. @ickle @gregkh

    drm/i915: Invalidate the relocation presumed_offsets along the slow path

    ickle authored gregkh committed
    commit 262b6d3 upstream.
    In the slow path, we are forced to copy the relocations prior to
    acquiring the struct mutex in order to handle pagefaults. We forgo
    copying the new offsets back into the relocation entries in order to
    prevent a recursive locking bug should we trigger a pagefault whilst
    holding the mutex for the reservations of the execbuffer. Therefore, we
    need to reset the presumed_offsets just in case the objects are rebound
    back into their old locations after relocating for this exexbuffer - if
    that were to happen we would assume the relocations were valid and leave
    the actual pointers to the kernels dangling, instant hang.
    Fixes regression from commit bcf50e2
    Author: Chris Wilson <>
    Date:   Sun Nov 21 22:07:12 2010 +0000
        drm/i915: Handle pagefaults in execbuffer user relocations
    Signed-off-by: Chris Wilson <>
    Cc: Daniel Vetter <>
    Signed-off-by: Daniel Vetter <>
Commits on Jan 21, 2013
  1. @gregkh

    Linux 3.0.60

    gregkh authored
  2. @gregkh

    staging: vt6656: Fix inconsistent structure packing

    Ben Hutchings authored gregkh committed
    commit 1ee4c55 upstream.
    vt6656 has several headers that use the #pragma pack(1) directive to
    enable structure packing, but never disable it.  The layout of
    structures defined in other headers can then depend on which order the
    various headers are included in, breaking the One Definition Rule.
    In practice this resulted in crashes on x86_64 until the order of header
    inclusion was changed for some files in commit 11d404c ('staging:
    vt6656: fix headers and add cfg80211.').  But we need a proper fix that
    won't be affected by future changes to the order of inclusion.
    This removes the #pragma pack(1) directives and adds __packed to the
    structure definitions for which packing appears to have been intended.
    Reported-and-tested-by: Malcolm Priestley <>
    Signed-off-by: Ben Hutchings <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @gregkh

    serial:ifx6x60:Delete SPI timer when shut down port

    chao bi authored gregkh committed
    commit 014b9b4 upstream.
    When shut down SPI port, it's possible that MRDY has been asserted and a SPI
    timer was activated waiting for SRDY assert, in the case, it needs to delete
    this timer.
    Signed-off-by: Chen Jun <>
    Signed-off-by: channing <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @bmork @gregkh

    USB: option: blacklist network interface on ONDA MT8205 4G LTE

    bmork authored gregkh committed
    Signed-off-by: Bjørn Mork <>
    commit 2291dff upstream.
    The driver description files gives these names to the vendor specific
    functions on this modem:
     Diag   VID_19D2&PID_0265&MI_00
     NMEA   VID_19D2&PID_0265&MI_01
     AT cmd VID_19D2&PID_0265&MI_02
     Modem  VID_19D2&PID_0265&MI_03
     Net    VID_19D2&PID_0265&MI_04
    Signed-off-by: Bjørn Mork <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @bmork @gregkh

    USB: option: add TP-LINK HSUPA Modem MA180

    bmork authored gregkh committed
    commit 99beb2e upstream.
    The driver description files gives these names to the vendor specific
    functions on this modem:
     Diagnostics VID_2357&PID_0201&MI_00
     NMEA        VID_2357&PID_0201&MI_01
     Modem       VID_2357&PID_0201&MI_03
     Networkcard VID_2357&PID_0201&MI_04
    Reported-by: Thomas Schäfer <>
    Signed-off-by: Bjørn Mork <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @freddy77 @gregkh

    xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS gu…

    freddy77 authored gregkh committed
    commit 9174adb upstream.
    This fixes CVE-2013-0190 / XSA-40
    There has been an error on the xen_failsafe_callback path for failed
    iret, which causes the stack pointer to be wrong when entering the
    iret_exc error path.  This can result in the kernel crashing.
    In the classic kernel case, the relevant code looked a little like:
            popl %eax      # Error code from hypervisor
            jz 5f
            addl $16,%esp
            jmp iret_exc   # Hypervisor said iret fault
    5:      addl $16,%esp
                           # Hypervisor said segment selector fault
    Here, there are two identical addls on either option of a branch which
    appears to have been optimised by hoisting it above the jz, and
    converting it to an lea, which leaves the flags register unaffected.
    In the PVOPS case, the code looks like:
            popl_cfi %eax         # Error from the hypervisor
            lea 16(%esp),%esp     # Add $16 before choosing fault path
            CFI_ADJUST_CFA_OFFSET -16
            jz 5f
            addl $16,%esp         # Incorrectly adjust %esp again
            jmp iret_exc
    It is possible unprivileged userspace applications to cause this
    behaviour, for example by loading an LDT code selector, then changing
    the code selector to be not-present.  At this point, there is a race
    condition where it is possible for the hypervisor to return back to
    userspace from an interrupt, fault on its own iret, and inject a
    failsafe_callback into the kernel.
    This bug has been present since the introduction of Xen PVOPS support
    in commit 5ead97c (xen: Core Xen implementation), in 2.6.23.
    Signed-off-by: Frediano Ziglio <>
    Signed-off-by: Andrew Cooper <>
    Signed-off-by: Konrad Rzeszutek Wilk <>
    Signed-off-by: Greg Kroah-Hartman <>
  7. @gregkh

    xhci: fix null-pointer dereference when destroying half-built segment…

    Julius Werner authored gregkh committed
    … rings
    commit 68e5254 upstream.
    xhci_alloc_segments_for_ring() builds a list of xhci_segments and links
    the tail to head at the end (forming a ring). When it bails out for OOM
    reasons half-way through, it tries to destroy its half-built list with
    xhci_free_segments_for_ring(), even though it is not a ring yet. This
    causes a null-pointer dereference upon hitting the last element.
    Furthermore, one of its callers (xhci_ring_alloc()) mistakenly believes
    the output parameters to be valid upon this kind of OOM failure, and
    calls xhci_ring_free() on them. Since the (incomplete) list/ring should
    already be destroyed in that case, this would lead to a use after free.
    This patch fixes those issues by having xhci_alloc_segments_for_ring()
    destroy its half-built, non-circular list manually and destroying the
    invalid struct xhci_ring in xhci_ring_alloc() with a plain kfree().
    This patch should be backported to kernels as old as 2.6.31, that
    contains the commit 0ebbab3 "USB: xhci:
    Ring allocation and initialization."
    A separate patch will need to be developed for kernels older than 3.4,
    since the ring allocation code was refactored in that kernel.
    Signed-off-by: Julius Werner <>
    Signed-off-by: Sarah Sharp <>
    Signed-off-by: Julius Werner <>
    Signed-off-by: Sarah Sharp <>
    [bwh: Backported to 3.2:
     - Adjust context
     - Since segment allocation is done directly in xhci_ring_alloc(), walk
       the list starting from ring->first_seg when freeing]
    Signed-off-by: Ben Hutchings <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  8. @gregkh

    drbd: add missing part_round_stats to _drbd_start_io_acct

    Philipp Reisner authored gregkh committed
    commit 72585d2 upstream.
    Without this, iostat frequently sees bogus svctime and >= 100% "utilization".
    Signed-off-by: Philipp Reisner <>
    Signed-off-by: Lars Ellenberg <>
    Cc: Raoul Bhatia <>
    Signed-off-by: Greg Kroah-Hartman <>
  9. @gregkh

    intel-iommu: Prevent devices with RMRRs from being placed into SI Domain

    Tom Mingarelli authored gregkh committed
    commit ea2447f upstream.
    This patch is to prevent non-USB devices that have RMRRs associated with them from
    being placed into the SI Domain during init. This fixes the issue where the RMRR info
    for devices being placed in and out of the SI Domain gets lost.
    Signed-off-by: Thomas Mingarelli <>
    Tested-by: Shuah Khan <>
    Reviewed-by: Donald Dutile <>
    Reviewed-by: Alex Williamson <>
    Signed-off-by: Joerg Roedel <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  10. @gregkh

    USB: fix endpoint-disabling for failed config changes

    Alan Stern authored gregkh committed
    commit 36caff5 upstream.
    This patch (as1631) fixes a bug that shows up when a config change
    fails for a device under an xHCI controller.  The controller needs to
    be told to disable the endpoints that have been enabled for the new
    config.  The existing code does this, but before storing the
    information about which endpoints were enabled!  As a result, any
    second attempt to install the new config is doomed to fail because
    xhci-hcd will refuse to enable an endpoint that is already enabled.
    The patch optimistically initializes the new endpoints' device
    structures before asking the device to switch to the new config.  If
    the request fails then the endpoint information is already stored, so
    we can use usb_hcd_alloc_bandwidth() to disable the endpoints with no
    trouble.  The rest of the error path is slightly more complex now; we
    have to disable the new interfaces and call put_device() rather than
    simply deallocating them.
    Signed-off-by: Alan Stern <>
    Reported-and-tested-by: Matthias Schniedermeyer <>
    CC: Sarah Sharp <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: CAI Qian <>
  11. @gregkh

    powerpc: fix wii_memory_fixups() compile error on 3.0.y tree

    Shuah Khan authored gregkh committed
    [not upstream as the code involved was removed in the 3.3.0 release]
    Fix wii_memory_fixups() the following compile error on 3.0.y tree with
    wii_defconfig on 3.0.y tree.
      CC      arch/powerpc/platforms/embedded6xx/wii.o
    arch/powerpc/platforms/embedded6xx/wii.c: In function ‘wii_memory_fixups’:
    arch/powerpc/platforms/embedded6xx/wii.c:88:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 2 has type ‘phys_addr_t’ [-Werror=format]
    arch/powerpc/platforms/embedded6xx/wii.c:88:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘phys_addr_t’ [-Werror=format]
    arch/powerpc/platforms/embedded6xx/wii.c:90:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 2 has type ‘phys_addr_t’ [-Werror=format]
    arch/powerpc/platforms/embedded6xx/wii.c:90:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘phys_addr_t’ [-Werror=format]
    cc1: all warnings being treated as errors
    make[2]: *** [arch/powerpc/platforms/embedded6xx/wii.o] Error 1
    make[1]: *** [arch/powerpc/platforms/embedded6xx] Error 2
    make: *** [arch/powerpc/platforms] Error 2
    Signed-off-by: Shuah Khan <>
    Signed-off-by: Greg Kroah-Hartman <>
  12. @gregkh

    ext4: init pagevec in ext4_da_block_invalidatepages

    Eric Sandeen authored gregkh committed
    commit 66bea92 upstream.
    ext4_da_block_invalidatepages is missing a pagevec_init(),
    which means that pvec->cold contains random garbage.
    This affects whether the page goes to the front or
    back of the LRU when ->cold makes it to
    Reviewed-by: Lukas Czerner <>
    Reviewed-by: Carlos Maiolino <>
    Signed-off-by: Eric Sandeen <>
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  13. @gregkh

    x86/Sandy Bridge: reserve pages when integrated graphics is present

    Jesse Barnes authored gregkh committed
    commit a9acc53 upstream.
    SNB graphics devices have a bug that prevent them from accessing certain
    memory ranges, namely anything below 1M and in the pages listed in the
    table.  So reserve those at boot if set detect a SNB gfx device on the
    CPU to avoid GPU hangs.
    Stephane Marchesin had a similar patch to the page allocator awhile
    back, but rather than reserving pages up front, it leaked them at
    allocation time.
    [ hpa: made a number of stylistic changes, marked arrays as static
      const, and made less verbose; use "memblock=debug" for full
      verbosity. ]
    Signed-off-by: Jesse Barnes <>
    Signed-off-by: H. Peter Anvin <>
    Cc: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  14. @gregkh

    s390/time: fix sched_clock() overflow

    Heiko Carstens authored gregkh committed
    commit ed4f209 upstream.
    Converting a 64 Bit TOD format value to nanoseconds means that the value
    must be divided by 4.096. In order to achieve that we multiply with 125
    and divide by 512.
    When used within sched_clock() this triggers an overflow after appr.
    417 days. Resulting in a sched_clock() return value that is much smaller
    than previously and therefore may cause all sort of weird things in
    subsystems that rely on a monotonic sched_clock() behaviour.
    To fix this implement a tod_to_ns() helper function which converts TOD
    values without overflow and call this function from both places that
    open coded the conversion: sched_clock() and kvm_s390_handle_wait().
    Reviewed-by: Martin Schwidefsky <>
    Signed-off-by: Heiko Carstens <>
    Signed-off-by: Martin Schwidefsky <>
    Signed-off-by: Greg Kroah-Hartman <>
  15. @gregkh

    tcm_fc: Do not report target role when target is not defined

    Mark Rustad authored gregkh committed
    commit edec8df upstream.
    Clear the target role when no target is provided for
    the node performing a PRLI.
    Signed-off-by: Mark Rustad <>
    Reviewed-by: Bhanu Prakash Gollapudi <>
    Acked by Robert Love <>
    Signed-off-by: Nicholas Bellinger <>
    Signed-off-by: Greg Kroah-Hartman <>
  16. @gregkh

    tcm_fc: Do not indicate retry capability to initiators

    Mark Rustad authored gregkh committed
    commit f2eeba2 upstream.
    When generating a PRLI response to an initiator, clear the
    FCP_SPPF_RETRY bit in the response.
    Signed-off-by: Mark Rustad <>
    Reviewed-by: Bhanu Prakash Gollapudi <>
    Acked by Robert Love <>
    Signed-off-by: Nicholas Bellinger <>
    Signed-off-by: Greg Kroah-Hartman <>
  17. @tschwinge @gregkh

    sh: Fix FDPIC binary loader

    tschwinge authored gregkh committed
    commit 4a71997 upstream.
    Ensure that the aux table is properly initialized, even when optional features
    are missing.  Without this, the FDPIC loader did not work.  This was meant to
    be included in commit d5ab780.
    Signed-off-by: Thomas Schwinge <>
    Signed-off-by: Paul Mundt <>
    Signed-off-by: Greg Kroah-Hartman <>
Commits on Jan 17, 2013
  1. @gregkh

    Linux 3.0.59

    gregkh authored
  2. @ian-abbott @gregkh

    staging: comedi: Kconfig: COMEDI_NI_AT_A2150 should select COMEDI_FC

    ian-abbott authored gregkh committed
    commit 34ffb33 upstream.
    The 'ni_at_a2150' module links to `cfc_write_to_buffer` in the
    'comedi_fc' module, so selecting 'COMEDI_NI_AT_A2150' in the kernel config
    needs to also select 'COMEDI_FC'.
    Signed-off-by: Ian Abbott <>
    Signed-off-by: Greg Kroah-Hartman <>
Something went wrong with that request. Please try again.