Permalink
Commits on Mar 6, 2013
  1. Linux 3.2.40

    bwhacks committed Mar 6, 2013
  2. ext4: fix kernel BUG on large-scale rm -rf commands

    commit 89a4e48 upstream.
    
    Commit 968dee7: "ext4: fix hole punch failure when depth is greater
    than 0" introduced a regression in v3.5.1/v3.6-rc1 which caused kernel
    crashes when users ran run "rm -rf" on large directory hierarchy on
    ext4 filesystems on RAID devices:
    
        BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
    
        Process rm (pid: 18229, threadinfo ffff8801276bc000, task ffff880123631710)
        Call Trace:
         [<ffffffff81236483>] ? __ext4_handle_dirty_metadata+0x83/0x110
         [<ffffffff812353d3>] ext4_ext_truncate+0x193/0x1d0
         [<ffffffff8120a8cf>] ? ext4_mark_inode_dirty+0x7f/0x1f0
         [<ffffffff81207e05>] ext4_truncate+0xf5/0x100
         [<ffffffff8120cd51>] ext4_evict_inode+0x461/0x490
         [<ffffffff811a1312>] evict+0xa2/0x1a0
         [<ffffffff811a1513>] iput+0x103/0x1f0
         [<ffffffff81196d84>] do_unlinkat+0x154/0x1c0
         [<ffffffff8118cc3a>] ? sys_newfstatat+0x2a/0x40
         [<ffffffff81197b0b>] sys_unlinkat+0x1b/0x50
         [<ffffffff816135e9>] system_call_fastpath+0x16/0x1b
        Code: 8b 4d 20 0f b7 41 02 48 8d 04 40 48 8d 04 81 49 89 45 18 0f b7 49 02 48 83 c1 01 49 89 4d 00 e9 ae f8 ff ff 0f 1f 00 49 8b 45 28 <48> 8b 40 28 49 89 45 20 e9 85 f8 ff ff 0f 1f 80 00 00 00
    
        RIP  [<ffffffff81233164>] ext4_ext_remove_space+0xa34/0xdf0
    
    This could be reproduced as follows:
    
    The problem in commit 968dee7 was that caused the variable 'i' to
    be left uninitialized if the truncate required more space than was
    available in the journal.  This resulted in the function
    ext4_ext_truncate_extend_restart() returning -EAGAIN, which caused
    ext4_ext_remove_space() to restart the truncate operation after
    starting a new jbd2 handle.
    
    Reported-by: Maciej Żenczykowski <maze@google.com>
    Reported-by: Marti Raudsepp <marti@juffo.org>
    Tested-by: Fengguang Wu <fengguang.wu@intel.com>
    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    tytso committed with bwhacks Aug 17, 2012
  3. ext4: fix hole punch failure when depth is greater than 0

    commit 968dee7 upstream.
    
    Whether to continue removing extents or not is decided by the return
    value of function ext4_ext_more_to_rm() which checks 2 conditions:
    a) if there are no more indexes to process.
    b) if the number of entries are decreased in the header of "depth -1".
    
    In case of hole punch, if the last block to be removed is not part of
    the last extent index than this index will not be deleted, hence the
    number of valid entries in the extent header of "depth - 1" will
    remain as it is and ext4_ext_more_to_rm will return 0 although the
    required blocks are not yet removed.
    
    This patch fixes the above mentioned problem as instead of removing
    the extents from the end of file, it starts removing the blocks from
    the particular extent from which removing blocks is actually required
    and continue backward until done.
    
    Signed-off-by: Ashish Sangwan <ashish.sangwan2@gmail.com>
    Signed-off-by: Namjae Jeon <linkinjeon@gmail.com>
    Reviewed-by: Lukas Czerner <lczerner@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    ashishsangwan2 committed with bwhacks Jul 23, 2012
  4. ext4: rewrite punch hole to use ext4_ext_remove_space()

    commit 5f95d21 upstream.
    
    This commit rewrites ext4 punch hole implementation to use
    ext4_ext_remove_space() instead of its home gown way of doing this via
    ext4_ext_map_blocks(). There are several reasons for changing this.
    
    Firstly it is quite non obvious that punching hole needs to
    ext4_ext_map_blocks() to punch a hole, especially given that this
    function should map blocks, not unmap it. It also required a lot of new
    code in ext4_ext_map_blocks().
    
    Secondly the design of it is not very effective. The reason is that we
    are trying to punch out blocks in ext4_ext_punch_hole() in opposite
    direction than in ext4_ext_rm_leaf() which causes the ext4_ext_rm_leaf()
    to iterate through the whole tree from the end to the start to find the
    requested extent for every extent we are going to punch out.
    
    And finally the current implementation does not use the existing code,
    but bring a lot of new code, which is IMO unnecessary since there
    already is some infrastructure we can use. Specifically
    ext4_ext_remove_space().
    
    This commit changes ext4_ext_remove_space() to accept 'end' parameter so
    we can not only truncate to the end of file, but also remove the space
    in the middle of the file (punch a hole). Moreover, because the last
    block to punch out, might be in the middle of the extent, we have to
    split the extent at 'end + 1' so ext4_ext_rm_leaf() can easily either
    remove the whole fist part of split extent, or change its size.
    
    ext4_ext_remove_space() is then used to actually remove the space
    (extents) from within the hole, instead of ext4_ext_map_blocks().
    
    Note that this also fix the issue with punch hole, where we would forget
    to remove empty index blocks from the extent tree, resulting in double
    free block error and file system corruption. This is simply because we
    now use different code path, where this problem does not exist.
    
    This has been tested with fsx running for several days and xfstests,
    plus xfstest #251 with '-o discard' run on the loop image (which
    converts discard requestes into punch hole to the backing file). All of
    it on 1K and 4K file system block size.
    
    Signed-off-by: Lukas Czerner <lczerner@redhat.com>
    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
    [bwh: Backported to 3.2.y: move EXT4_EXT_DATA_VALID{1,2} along with the
     other extent splitting flags]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Lukas Czerner committed with bwhacks Mar 20, 2012
  5. fs: cachefiles: add support for large files in filesystem caching

    commit 98c350c upstream.
    
    Support the caching of large files.
    
    Addresses https://bugzilla.kernel.org/show_bug.cgi?id=31182
    
    Signed-off-by: Justin Lecher <jlec@gentoo.org>
    Signed-off-by: Suresh Jayaraman <sjayaraman@suse.com>
    Tested-by: Suresh Jayaraman <sjayaraman@suse.com>
    Acked-by: David Howells <dhowells@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    [bwh: Backported to 3.2:
     - Adjust context
     - dentry_open() takes dentry and vfsmount pointers, not a path pointer]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    jlec committed with bwhacks Jul 30, 2012
  6. exec: use -ELOOP for max recursion depth

    commit d740269 upstream.
    
    To avoid an explosion of request_module calls on a chain of abusive
    scripts, fail maximum recursion with -ELOOP instead of -ENOEXEC. As soon
    as maximum recursion depth is hit, the error will fail all the way back
    up the chain, aborting immediately.
    
    This also has the side-effect of stopping the user's shell from attempting
    to reexecute the top-level file as a shell script. As seen in the
    dash source:
    
            if (cmd != path_bshell && errno == ENOEXEC) {
                    *argv-- = cmd;
                    *argv = cmd = path_bshell;
                    goto repeat;
            }
    
    The above logic was designed for running scripts automatically that lacked
    the "#!" header, not to re-try failed recursion. On a legitimate -ENOEXEC,
    things continue to behave as the shell expects.
    
    Additionally, when tracking recursion, the binfmt handlers should not be
    involved. The recursion being tracked is the depth of calls through
    search_binary_handler(), so that function should be exclusively responsible
    for tracking the depth.
    
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Cc: halfdog <me@halfdog.net>
    Cc: P J P <ppandit@redhat.com>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    [bwh: Backported to 3.2: adjust context]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    kees committed with bwhacks Dec 6, 2012
  7. kmod: make __request_module() killable

    commit 1cc684a upstream.
    
    As Tetsuo Handa pointed out, request_module() can stress the system
    while the oom-killed caller sleeps in TASK_UNINTERRUPTIBLE.
    
    The task T uses "almost all" memory, then it does something which
    triggers request_module().  Say, it can simply call sys_socket().  This
    in turn needs more memory and leads to OOM.  oom-killer correctly
    chooses T and kills it, but this can't help because it sleeps in
    TASK_UNINTERRUPTIBLE and after that oom-killer becomes "disabled" by the
    TIF_MEMDIE task T.
    
    Make __request_module() killable.  The only necessary change is that
    call_modprobe() should kmalloc argv and module_name, they can't live in
    the stack if we use UMH_KILLABLE.  This memory is freed via
    call_usermodehelper_freeinfo()->cleanup.
    
    Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: David Rientjes <rientjes@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    utrace committed with bwhacks Mar 23, 2012
  8. kmod: introduce call_modprobe() helper

    commit 3e63a93 upstream.
    
    No functional changes.  Move the call_usermodehelper code from
    __request_module() into the new simple helper, call_modprobe().
    
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: David Rientjes <rientjes@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    utrace committed with bwhacks Mar 23, 2012
  9. usermodehelper: ____call_usermodehelper() doesn't need do_exit()

    commit 5b9bd47 upstream.
    
    Minor cleanup.  ____call_usermodehelper() can simply return, no need to
    call do_exit() explicitely.
    
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: David Rientjes <rientjes@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    utrace committed with bwhacks Mar 23, 2012
  10. usermodehelper: implement UMH_KILLABLE

    commit d0bd587 upstream.
    
    Implement UMH_KILLABLE, should be used along with UMH_WAIT_EXEC/PROC.
    The caller must ensure that subprocess_info->path/etc can not go away
    until call_usermodehelper_freeinfo().
    
    call_usermodehelper_exec(UMH_KILLABLE) does
    wait_for_completion_killable.  If it fails, it uses
    xchg(&sub_info->complete, NULL) to serialize with umh_complete() which
    does the same xhcg() to access sub_info->complete.
    
    If call_usermodehelper_exec wins, it can safely return.  umh_complete()
    should get NULL and call call_usermodehelper_freeinfo().
    
    Otherwise we know that umh_complete() was already called, in this case
    call_usermodehelper_exec() falls back to wait_for_completion() which
    should succeed "very soon".
    
    Note: UMH_NO_WAIT == -1 but it obviously should not be used with
    UMH_KILLABLE.  We delay the neccessary cleanup to simplify the back
    porting.
    
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: David Rientjes <rientjes@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    utrace committed with bwhacks Mar 23, 2012
  11. usermodehelper: introduce umh_complete(sub_info)

    commit b344992 upstream.
    
    Preparation.  Add the new trivial helper, umh_complete().  Currently it
    simply does complete(sub_info->complete).
    
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: Rusty Russell <rusty@rustcorp.com.au>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: David Rientjes <rientjes@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    utrace committed with bwhacks Mar 23, 2012
  12. asus-laptop: Do not call HWRS on init

    commit cb7da02 upstream.
    
    Since commit 8871e99 ('asus-laptop: HRWS/HWRS typo'), module
    initialisation is very slow on the Asus UL30A.  The HWRS method takes
    about 12 seconds to run, and subsequent initialisation also seems to
    be delayed.  Since we don't really need the result, don't bother
    calling it on init.  Those who are curious can still get the result
    through the 'infos' device attribute.
    
    Update the comment about HWRS in show_infos().
    
    Reported-by: ryan <draziw+deb@gmail.com>
    References: http://bugs.debian.org/692436
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
    Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
    bwhacks committed Nov 29, 2012
  13. speakup: lower default software speech rate

    commit cfd7570 upstream.
    
    Speech synthesis beginners need a low speech rate, and trained people
    want a high speech rate.  A medium speech rate is thus actually not a
    good default for neither.  Since trained people will typically know how
    to change the rate, better default for a low speech rate, which
    beginners can grasp and learn how to increase it afterwards
    
    This was agreed with users on the speakup mailing list.
    
    Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    sthibaul committed with bwhacks Aug 26, 2012
  14. usb: Add USB_QUIRK_RESET_RESUME for all Logitech UVC webcams

    commit e387ef5 upstream.
    
    Most Logitech UVC webcams (both early models that don't advertise UVC
    compatibility and newer UVC-advertised devices) require the RESET_RESUME
    quirk. Instead of listing each and every model, match the devices based
    on the UVC interface information.
    
    Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
    Acked-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    [bwh: Adjust context to apply after 3.2.38]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    pinchartl committed with bwhacks Jul 19, 2012
  15. usb: Add quirk detection based on interface information

    commit 80da2e0 upstream.
    
    When a whole class of devices (possibly from a specific vendor, or
    across multiple vendors) require a quirk, explictly listing all devices
    in the class make the quirks table unnecessarily large. Fix this by
    allowing matching devices based on interface information.
    
    Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
    Acked-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    pinchartl committed with bwhacks Jul 19, 2012
  16. 8250: use correct value for PORT_BRCM_TRUMANAGE

    When backporting commit ebebd49 ('8250/16?50: Add support for
    Broadcom TruManage redirected serial port') I took the next
    available port type number for PORT_BRCM_TRUMANAGE (22).
    
    However, the 8250 port type numbers are exposed to userland through
    the TIOC{G,S}SERIAL ioctls and so must remain stable.  Redefine
    PORT_BRCM_TRUMANAGE as 25, matching mainline as of commit
    85f0244.
    
    This leaves port types 22-24 within the valid range for 8250 but not
    implemented there.  Change serial8250_verify_port() to specifically
    reject these and change serial8250_type() to return "unknown" for them
    (though I'm not sure why it would ever see them).
    
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    bwhacks committed Mar 3, 2013
  17. vhost: fix length for cross region descriptor

    commit bd97120 upstream.
    
    If a single descriptor crosses a region, the
    second chunk length should be decremented
    by size translated so far, instead it includes
    the full descriptor length.
    
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
    Acked-by: Jason Wang <jasowang@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    mstsirkin committed with bwhacks Nov 26, 2012
  18. rc: unlock on error in show_protocols()

    commit 30ebc5e upstream.
    
    We recently introduced a new return -ENODEV in this function but we need
    to unlock before returning.
    
    [mchehab@redhat.com: found two patches with the same fix. Merged SOB's/acks into one patch]
    Acked-by: Herton R. Krzesinski <herton.krzesinski@canonical.com>
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: Douglas Bagnall <douglas@paradise.net.nz>
    
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Dan Carpenter committed with bwhacks Nov 27, 2012
  19. Avoid sysfs oops when an rc_dev's raw device is absent

    commit 720bb64 upstream.
    
    For some reason, when the lirc daemon learns that a usb remote control
    has been unplugged, it wants to read the sysfs attributes of the
    disappearing device. This is useful for uncovering transient
    inconsistencies, but less so for keeping the system running when such
    inconsistencies exist.
    
    Under some circumstances (like every time I unplug my dvb stick from
    my laptop), lirc catches an rc_dev whose raw event handler has been
    removed (presumably by ir_raw_event_unregister), and proceeds to
    interrogate the raw protocols supported by the NULL pointer.
    
    This patch avoids the NULL dereference, and ignores the issue of how
    this state of affairs came about in the first place.
    
    Version 2 incorporates changes recommended by Mauro Carvalho Chehab
    (-ENODEV instead of -EINVAL, and a signed-off-by).
    
    Signed-off-by: Douglas Bagnall <douglas@paradise.net.nz>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    douglasbagnall committed with bwhacks Jul 7, 2012
  20. usb hid quirks for Masterkit MA901 usb radio

    commit 0322bd3 upstream.
    
    Don't let Masterkit MA901 USB radio be handled by usb hid drivers.
    This device will be handled by radio-ma901.c driver.
    
    Signed-off-by: Alexey Klimov <klimov.linux@gmail.com>
    Acked-by: Hans Verkuil <hans.verkuil@cisco.com>
    Acked-by: Jiri Kosina <jkosina@suse.cz>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Alexey Klimov committed with bwhacks Nov 12, 2012
  21. ata_piix: Add Device IDs for Intel Wellsburg PCH

    commit 3aee8bc upstream.
    
    This patch adds the IDE-mode SATA Device IDs for the Intel Wellsburg PCH
    
    Signed-off-by: James Ralston <james.d.ralston@intel.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    James Ralston committed with bwhacks Feb 9, 2013
  22. ata_piix: IDE-mode SATA patch for Intel Avoton DeviceIDs

    commit aaa5152 upstream.
    
    This patch adds the IDE-mode SATA DeviceIDs for the Intel Avoton SOC.
    
    Signed-off-by: Seth Heasley <seth.heasley@intel.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Seth Heasley committed with bwhacks Jan 25, 2013
  23. ata_piix: Add Device IDs for Intel Lynx Point-LP PCH

    commit 389cd78 upstream.
    
    This patch adds the IDE-mode SATA Device IDs for the Intel Lynx Point-LP PCH
    
    Signed-off-by: James Ralston <james.d.ralston@intel.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    James Ralston committed with bwhacks Aug 9, 2012
  24. ata_piix: IDE-mode SATA patch for Intel DH89xxCC DeviceIDs

    commit 96d5d96 upstream.
    
    This patch adds the IDE-mode SATA DeviceIDs for the Intel DH89xxCC PCH.
    
    Signed-off-by: Seth Heasley <seth.heasley@intel.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Seth Heasley committed with bwhacks Feb 21, 2012
  25. ata_piix: IDE-mode SATA patch for Intel Lynx Point DeviceIDs

    commit 78140cf upstream.
    
    This patch adds the IDE-mode SATA DeviceIDs for the Intel Lynx Point PCH.
    
    Signed-off-by: Seth Heasley <seth.heasley@intel.com>
    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Seth Heasley committed with bwhacks Jan 24, 2012
  26. pstore: Avoid deadlock in panic and emergency-restart path

    commit 9f244e9 upstream.
    
    [Issue]
    
    When pstore is in panic and emergency-restart paths, it may be blocked
    in those paths because it simply takes spin_lock.
    
    This is an example scenario which pstore may hang up in a panic path:
    
     - cpuA grabs psinfo->buf_lock
     - cpuB panics and calls smp_send_stop
     - smp_send_stop sends IRQ to cpuA
     - after 1 second, cpuB gives up on cpuA and sends an NMI instead
     - cpuA is now in an NMI handler while still holding buf_lock
     - cpuB is deadlocked
    
    This case may happen if a firmware has a bug and
    cpuA is stuck talking with it more than one second.
    
    Also, this is a similar scenario in an emergency-restart path:
    
     - cpuA grabs psinfo->buf_lock and stucks in a firmware
     - cpuB kicks emergency-restart via either sysrq-b or hangcheck timer.
       And then, cpuB is deadlocked by taking psinfo->buf_lock again.
    
    [Solution]
    
    This patch avoids the deadlocking issues in both panic and emergency_restart
    paths by introducing a function, is_non_blocking_path(), to check if a cpu
    can be blocked in current path.
    
    With this patch, pstore is not blocked even if another cpu has
    taken a spin_lock, in those paths by changing from spin_lock_irqsave
    to spin_trylock_irqsave.
    
    In addition, according to a comment of emergency_restart() in kernel/sys.c,
    spin_lock shouldn't be taken in an emergency_restart path to avoid
    deadlock. This patch fits the comment below.
    
    <snip>
    /**
     *      emergency_restart - reboot the system
     *
     *      Without shutting down any hardware or taking any locks
     *      reboot the system.  This is called when we know we are in
     *      trouble so this is our best effort to reboot.  This is
     *      safe to call in interrupt context.
     */
    void emergency_restart(void)
    <snip>
    
    Signed-off-by: Seiji Aguchi <seiji.aguchi@hds.com>
    Acked-by: Don Zickus <dzickus@redhat.com>
    Signed-off-by: Tony Luck <tony.luck@intel.com>
    [bwh: Backported to 3.2:
     - Adjust context
     - Add #include <linux/kmsg_dump.h>]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Seiji Aguchi committed with bwhacks Jan 11, 2013
  27. staging: comedi: ni_labpc: set up command4 register *after* command3

    commit 22056e2 upstream.
    
    Tuomas <tvainikk _at_ gmail _dot_ com> reported problems getting
    meaningful output from a Lab-PC+ in differential mode for AI cmds, but
    AI insn reads gave correct readings.  He tracked it down to two
    problems, one of which is addressed by this patch.
    
    It seems that writing to the command3 register after writing to the
    command4 register in `labpc_ai_cmd()` messes up the differential
    reference bit setting in the command4 register.  Set up the command4
    register after the command3 register (as in `labpc_ai_rinsn()`) to avoid
    the problem.
    
    Thanks to Tuomas for suggesting the fix.
    
    Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    ian-abbott committed with bwhacks Feb 27, 2013
  28. staging: comedi: ni_labpc: correct differential channel sequence for …

    …AI commands
    
    commit 4c4bc25 upstream.
    
    Tuomas <tvainikk _at_ gmail _dot_ com> reported problems getting
    meaningful output from a Lab-PC+ in differential mode for AI cmds, but
    AI insn reads gave correct readings.  He tracked it down to two
    problems, one of which is addressed by this patch.
    
    It seems the setting of the channel bits for particular scanning modes
    was incorrect for differential mode.  (Only half the number of channels
    are available in differential mode; comedi refers to them as channels 0,
    1, 2 and 3, but the hardware documentation refers to them as channels 0,
    2, 4 and 6.)  In differential mode, the setting of the channel enable
    bits in the command1 register should depend on whether the scan enable
    bit is set.  Effectively, we need to double the comedi channel number
    when the scan enable bit is not set in differential mode.  The scan
    enable bit gets set when the AI scan mode is `MODE_MULT_CHAN_UP` or
    `MODE_MULT_CHAN_DOWN`, and gets cleared when the AI scan mode is
    `MODE_SINGLE_CHAN` or `MODE_SINGLE_CHAN_INTERVAL`.  The existing test
    for whether the comedi channel number needs to be doubled in
    differential mode is incorrect in `labpc_ai_cmd()`.  This patch corrects
    the test.
    
    Thanks to Tuomas for suggesting the fix.
    
    Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    ian-abbott committed with bwhacks Feb 27, 2013
  29. ipv6: use a stronger hash for tcp

    [ Upstream commit 08dcdbf ]
    
    It looks like its possible to open thousands of TCP IPv6
    sessions on a server, all landing in a single slot of TCP hash
    table. Incoming packets have to lookup sockets in a very
    long list.
    
    We should hash all bits from foreign IPv6 addresses, using
    a salt and hash mix, not a simple XOR.
    
    inet6_ehashfn() can also separately use the ports, instead
    of xoring them.
    
    Reported-by: Neal Cardwell <ncardwell@google.com>
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Cc: Yuchung Cheng <ycheng@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Eric Dumazet committed with bwhacks Feb 21, 2013
  30. ipv4: fix a bug in ping_err().

    [ Upstream commit b531ed6 ]
    
    We should get 'type' and 'code' from the outer ICMP header.
    
    Signed-off-by: Li Wei <lw@cn.fujitsu.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    liwei committed with bwhacks Feb 21, 2013
  31. xen-netback: cancel the credit timer when taking the vif down

    [ Upstream commit 3e55f8b ]
    
    If the credit timer is left armed after calling
    xen_netbk_remove_xenvif(), then it may fire and attempt to schedule
    the vif which will then oops as vif->netbk == NULL.
    
    This may happen both in the fatal error path and during normal
    disconnection from the front end.
    
    The sequencing during shutdown is critical to ensure that: a)
    vif->netbk doesn't become unexpectedly NULL; and b) the net device/vif
    is not freed.
    
    1. Mark as unschedulable (netif_carrier_off()).
    2. Synchronously cancel the timer.
    3. Remove the vif from the schedule list.
    4. Remove it from it netback thread group.
    5. Wait for vif->refcnt to become 0.
    
    Signed-off-by: David Vrabel <david.vrabel@citrix.com>
    Acked-by: Ian Campbell <ian.campbell@citrix.com>
    Reported-by: Christopher S. Aker <caker@theshore.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    dvrabel committed with bwhacks Feb 14, 2013
  32. xen-netback: correctly return errors from netbk_count_requests()

    [ Upstream commit 35876b5 ]
    
    netbk_count_requests() could detect an error, call
    netbk_fatal_tx_error() but return 0.  The vif may then be used
    afterwards (e.g., in a call to netbk_tx_error().
    
    Since netbk_fatal_tx_error() could set vif->refcnt to 1, the vif may
    be freed immediately after the call to netbk_fatal_tx_error() (e.g.,
    if the vif is also removed).
    
    Netback thread              Xenwatch thread
    -------------------------------------------
    netbk_fatal_tx_err()        netback_remove()
                                  xenvif_disconnect()
                                    ...
                                    free_netdev()
    netbk_tx_err() Oops!
    
    Signed-off-by: Wei Liu <wei.liu2@citrix.com>
    Signed-off-by: Jan Beulich <JBeulich@suse.com>
    Signed-off-by: David Vrabel <david.vrabel@citrix.com>
    Reported-by: Christopher S. Aker <caker@theshore.net>
    Acked-by: Ian Campbell <ian.campbell@citrix.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    dvrabel committed with bwhacks Feb 14, 2013
  33. bridge: set priority of STP packets

    [ Upstream commit 547b4e7 ]
    
    Spanning Tree Protocol packets should have always been marked as
    control packets, this causes them to get queued in the high prirority
    FIFO. As Radia Perlman mentioned in her LCA talk, STP dies if bridge
    gets overloaded and can't communicate. This is a long-standing bug back
    to the first versions of Linux bridge.
    
    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    shemminger committed with bwhacks Feb 11, 2013
  34. xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()

    commit 51ac889 upstream.
    
    ... as being guest triggerable (e.g. by invoking
    XEN_PCI_OP_enable_msi{,x} on a device not being MSI/MSI-X capable).
    
    This is CVE-2013-0231 / XSA-43.
    
    Also make the two messages uniform in both their wording and severity.
    
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Acked-by: Ian Campbell <ian.campbell@citrix.com>
    Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    [bwh: Backported to 3.2: add #include <linux/ratelimited.h>, needed by
     printk_ratelimited()]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    jbeulich committed with bwhacks Feb 6, 2013
  35. unbreak automounter support on 64-bit kernel with 32-bit userspace (v2)

    commit 4f4ffc3 upstream.
    
    automount-support is broken on the parisc architecture, because the existing
    #if list does not include a check for defined(__hppa__). The HPPA (parisc)
    architecture is similiar to other 64bit Linux targets where we have to define
    autofs_wqt_t (which is passed back and forth to user space) as int type which
    has a size of 32bit across 32 and 64bit kernels.
    
    During the discussion on the mailing list, H. Peter Anvin suggested to invert
    the #if list since only specific platforms (specifically those who do not have
    a 32bit userspace, like IA64 and Alpha) should have autofs_wqt_t as unsigned
    long type.
    
    This suggestion is probably the best way to go, since Arm64 (and maybe others?)
    seems to have a non-working automounter. So in the long run even for other new
    upcoming architectures this inverted check seem to be the best solution, since
    it will not require them to change this #if again (unless they are 64bit only).
    
    Signed-off-by: Helge Deller <deller@gmx.de>
    Acked-by: H. Peter Anvin <hpa@zytor.com>
    Acked-by: Ian Kent <raven@themaw.net>
    Acked-by: Catalin Marinas <catalin.marinas@arm.com>
    CC: James Bottomley <James.Bottomley@HansenPartnership.com>
    CC: Rolf Eike Beer <eike-kernel@sf-tec.de>
    [bwh: Backported to 3.2: adjust filename]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Helge Deller committed with bwhacks Feb 4, 2013