Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Feb 11, 2013
  1. @gregkh

    Linux 3.4.30

    gregkh authored
  2. @davidcmoore @gregkh

    usb: Prevent dead ports when xhci is not enabled

    davidcmoore authored gregkh committed
    commit 58b2939 upstream.
    
    When the xHCI driver is not available, actively switch the ports to EHCI
    mode since some BIOSes leave them in xHCI mode where they would
    otherwise appear dead.  This was discovered on a  Dell Optiplex 7010,
    but it's possible other systems could be affected.
    
    This should be backported to kernels as old as 3.0, that contain the
    commit 69e848c "Intel xhci: Support
    EHCI/xHCI port switching."
    
    Signed-off-by: David Moore <david.moore@gmail.com>
    Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  3. @gregkh

    USB: XHCI: fix memory leak of URB-private data

    Alan Stern authored gregkh committed
    commit 48c3375 upstream.
    
    This patch (as1640) fixes a memory leak in xhci-hcd.  The urb_priv
    data structure isn't always deallocated in the handle_tx_event()
    routine for non-control transfers.  The patch adds a kfree() call so
    that all paths end up freeing the memory properly.
    
    This patch should be backported to kernels as old as 2.6.36, that
    contain the commit 8e51adc "USB: xHCI:
    Introduce urb_priv structure"
    
    Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
    Reported-and-tested-by: Martin Mokrejs <mmokrejs@fold.natur.cuni.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  4. @gregkh

    xhci: Fix TD size for isochronous URBs.

    Sarah Sharp authored gregkh committed
    commit f18f8ed upstream.
    
    To calculate the TD size for a particular TRB in an isoc TD, we need
    know the endpoint's max packet size.  Isochronous endpoints also encode
    the number of additional service opportunities in their wMaxPacketSize
    field.  The TD size calculation did not mask off those bits before using
    the field.  This resulted in incorrect TD size information for
    isochronous TRBs when an URB frame buffer crossed a 64KB boundary.
    
    For example:
     - an isoc endpoint has 2 additional service opportunites and
       a max packet size of 1020 bytes
     - a frame transfer buffer contains 3060 bytes
     - one frame buffer crosses a 64KB boundary, and must be split into
       one 1276 byte TRB, and one 1784 byte TRB.
    
    The TD size is is the number of packets that remain to be transferred
    for a TD after processing all the max packet sized packets in the
    current TRB and all previous TRBs.
    
    For this TD, the number of packets to be transferred is (3060 / 1020),
    or 3.  The first TRB contains 1276 bytes, which means it contains one
    full packet, and a 256 byte remainder.  After processing all the max
    packet-sized packets in the first TRB, the host will have 2 packets left
    to transfer.
    
    The old code would calculate the TD size for the first TRB as:
    
    total packet count = DIV_ROUND_UP (TD length / endpoint wMaxPacketSize)
    total packet count - (first TRB length / endpoint wMaxPacketSize)
    
    The math should have been:
    
    total packet count = DIV_ROUND_UP (3060 / 1020) = 3
    3 - (1276 / 1020) = 2
    
    Since the old code didn't mask off the additional service interval bits
    from the wMaxPacketSize field, the math ended up as
    
    total packet count = DIV_ROUND_UP (3060 / 5116) = 1
    1 - (1276 / 5116) = 1
    
    Fix this by masking off the number of additional service opportunities
    in the wMaxPacketSize field.
    
    This patch should be backported to stable kernels as old as 3.0, that
    contain the commit 4da6e6f "xhci 1.0:
    Update TD size field format."  It may not apply well to kernels older
    than 3.2 because of commit 29cc889
    "USB: use usb_endpoint_maxp() instead of le16_to_cpu()".
    
    Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  5. @gregkh

    xhci: Fix isoc TD encoding.

    Sarah Sharp authored gregkh committed
    commit 760973d upstream.
    
    An isochronous TD is comprised of one isochronous TRB chained to zero or
    more normal TRBs.  Only the isoc TRB has the TBC and TLBPC fields.  The
    normal TRBs must set those fields to zeroes.  The code was setting the
    TBC and TLBPC fields for both isoc and normal TRBs.  Fix this.
    
    This should be backported to stable kernels as old as 3.0, that contain
    the commit b61d378 " xhci 1.0: Set
    transfer burst last packet count field."
    
    Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  6. @zeldovich @gregkh

    drivers: xhci: fix incorrect bit test

    zeldovich authored gregkh committed
    commit ba7b5c2 upstream.
    
    Fix incorrect bit test that originally showed up in
    4ee823b "USB/xHCI: Support
    device-initiated USB 3.0 resume."
    
    Use '&' instead of '&&'.
    
    This should be backported to kernels as old as 3.4.
    
    Signed-off-by: Nickolai Zeldovich <nickolai@csail.mit.edu>
    Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  7. @gregkh

    USB: storage: optimize to match the Huawei USB storage devices and su…

    fangxiaozhi authored gregkh committed
    …pport new switch command
    
    commit 200e0d9 upstream.
    
    1. Optimize the match rules with new macro for Huawei USB storage devices,
       to avoid to load USB storage driver for the modem interface
       with Huawei devices.
    2. Add to support new switch command for new Huawei USB dongles.
    
    Signed-off-by: fangxiaozhi <huananhu@huawei.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  8. @gregkh

    USB: storage: Define a new macro for USB storage match rules

    fangxiaozhi authored gregkh committed
    commit 07c7be3 upstream.
    
    1. Define a new macro for USB storage match rules:
        matching with Vendor ID and interface descriptors.
    
    Signed-off-by: fangxiaozhi <huananhu@huawei.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  9. @gregkh

    usb: Using correct way to clear usb3.0 device's remote wakeup feature.

    Lan Tianyu authored gregkh committed
    commit 54a3ac0 upstream.
    
    Usb3.0 device defines function remote wakeup which is only for interface
    recipient rather than device recipient. This is different with usb2.0 device's
    remote wakeup feature which is defined for device recipient. According usb3.0
    spec 9.4.5, the function remote wakeup can be modified by the SetFeature()
    requests using the FUNCTION_SUSPEND feature selector. This patch is to use
    correct way to disable usb3.0 device's function remote wakeup after suspend
    error and resuming.
    
    This should be backported to kernels as old as 3.4, that contain the
    commit 623bef9 "USB/xhci: Enable remote
    wakeup for USB3 devices."
    
    Signed-off-by: Lan Tianyu <tianyu.lan@intel.com>
    Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  10. @gregkh

    USB: EHCI: fix bug in scheduling periodic split transfers

    Alan Stern authored gregkh committed
    commit 3e619d0 upstream.
    
    This patch (as1654) fixes a very old bug in ehci-hcd, connected with
    scheduling of periodic split transfers.  The calculations for
    full/low-speed bus usage are all carried out after the correction for
    bit-stuffing has been applied, but the values in the max_tt_usecs
    array assume it hasn't been.  The array should allow for allocation of
    up to 90% of the bus capacity, which is 900 us, not 780 us.
    
    The symptom caused by this bug is that any isochronous transfer to a
    full-speed device with a maxpacket size larger than about 980 bytes is
    always rejected with a -ENOSPC error.
    
    Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  11. @gregkh

    USB: EHCI: fix timer bug affecting port resume

    Alan Stern authored gregkh committed
    commit ee74290 upstream.
    
    This patch (as1652) fixes a long-standing bug in ehci-hcd.  The driver
    relies on status polls to know when to stop port-resume signalling.
    It uses the root-hub status timer to schedule these status polls.  But
    when the driver for the root hub is resumed, the timer is rescheduled
    to go off immediately -- before the port is ready.  When this happens
    the timer does not get re-enabled, which prevents the port resume from
    finishing until some other event occurs.
    
    The symptom is that when a new device is plugged in, it doesn't get
    recognized or enumerated until lsusb is run or something else happens.
    
    The solution is to re-enable the root-hub status timer after every
    status poll while a port resume is in progress.
    
    This bug hasn't surfaced before now because we never used to try to
    suspend the root hub in the middle of a port resume (except by
    coincidence).
    
    Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
    Reported-and-tested-by: Norbert Preining <preining@logic.at>
    Tested-by: Ming Lei <ming.lei@canonical.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  12. @gregkh

    USB: qcserial: add Telit Gobi QDL device

    Daniele Palmas authored gregkh committed
    commit 78796ae upstream.
    
    Add VID and PID for Telit Gobi QDL device
    
    Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  13. @bmork @gregkh

    USB: option: add Changhong CH690

    bmork authored gregkh committed
    commit d4fa681 upstream.
    
    New device with 3 serial interfaces:
    
     If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend) Sub=ff Prot=ff
     If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend) Sub=ff Prot=ff
     If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend) Sub=ff Prot=ff
     If#= 3 Alt= 0 #EPs= 2 Cls=08(stor) Sub=06 Prot=50
    
    Signed-off-by: Bjørn Mork <bjorn@mork.no>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  14. @gregkh

    USB: option: add support for Telit LE920

    Daniele Palmas authored gregkh committed
    commit 03eb466 upstream.
    
    Add PID and special handling for Telit LE920
    
    Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  15. @sonic74 @gregkh

    USB: ftdi_sio: add PID/VID entries for ELV WS 300 PC II

    sonic74 authored gregkh committed
    commit c249f91 upstream.
    
    Add PID/VID entries for ELV WS 300 PC II weather station
    
    Signed-off-by: Sven Killig <sven@killig.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  16. @pkubanek @gregkh

    USB: ftdi_sio: add Zolix FTDI PID

    pkubanek authored gregkh committed
    commit 0ba3b2c upstream.
    
    Add support for Zolix Omni 1509 monochromator custom USB-RS232 converter.
    
    Signed-off-by: Petr Kubánek <petr@kubanek.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  17. @jluebbe @gregkh

    drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq h…

    jluebbe authored gregkh committed
    …andler
    
    commit 72fca4a upstream.
    
    Previously the alarm event was not propagated into the RTC subsystem.
    By adding a call to rtc_update_irq, this fixes a timeout problem with
    the hwclock utility.
    
    Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
    Cc: Alessandro Zummo <a.zummo@towertech.it>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  18. @dubeyko @gregkh

    nilfs2: fix fix very long mount time issue

    dubeyko authored gregkh committed
    commit a9bae18 upstream.
    
    There exists a situation when GC can work in background alone without
    any other filesystem activity during significant time.
    
    The nilfs_clean_segments() method calls nilfs_segctor_construct() that
    updates superblocks in the case of NILFS_SC_SUPER_ROOT and
    THE_NILFS_DISCONTINUED flags are set.  But when GC is working alone the
    nilfs_clean_segments() is called with unset THE_NILFS_DISCONTINUED flag.
    As a result, the update of superblocks doesn't occurred all this time
    and in the case of SPOR superblocks keep very old values of last super
    root placement.
    
    SYMPTOMS:
    
    Trying to mount a NILFS2 volume after SPOR in such environment ends with
    very long mounting time (it can achieve about several hours in some
    cases).
    
    REPRODUCING PATH:
    
    1. It needs to use external USB HDD, disable automount and doesn't
       make any additional filesystem activity on the NILFS2 volume.
    
    2. Generate temporary file with size about 100 - 500 GB (for example,
       dd if=/dev/zero of=<file_name> bs=1073741824 count=200).  The size of
       file defines duration of GC working.
    
    3. Then it needs to delete file.
    
    4. Start GC manually by means of command "nilfs-clean -p 0".  When you
       start GC by means of such way then, at the end, superblocks is updated
       by once.  So, for simulation of SPOR, it needs to wait sometime (15 -
       40 minutes) and simply switch off USB HDD manually.
    
    5. Switch on USB HDD again and try to mount NILFS2 volume.  As a
       result, NILFS2 volume will mount during very long time.
    
    REPRODUCIBILITY: 100%
    
    FIX:
    
    This patch adds checking that superblocks need to update and set
    THE_NILFS_DISCONTINUED flag before nilfs_clean_segments() call.
    
    Reported-by: Sergey Alexandrov <splavgm@gmail.com>
    Signed-off-by: Vyacheslav Dubeyko <slava@dubeyko.com>
    Tested-by: Vyacheslav Dubeyko <slava@dubeyko.com>
    Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
    Tested-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  19. @gregkh

    sched/rt: Use root_domain of rt_rq not current processor

    Shawn Bohrer authored gregkh committed
    commit aa7f673 upstream.
    
    When the system has multiple domains do_sched_rt_period_timer()
    can run on any CPU and may iterate over all rt_rq in
    cpu_online_mask.  This means when balance_runtime() is run for a
    given rt_rq that rt_rq may be in a different rd than the current
    processor.  Thus if we use smp_processor_id() to get rd in
    do_balance_runtime() we may borrow runtime from a rt_rq that is
    not part of our rd.
    
    This changes do_balance_runtime to get the rd from the passed in
    rt_rq ensuring that we borrow runtime only from the correct rd
    for the given rt_rq.
    
    This fixes a BUG at kernel/sched/rt.c:687! in __disable_runtime
    when we try reclaim runtime lent to other rt_rq but runtime has
    been lent to a rt_rq in another rd.
    
    Signed-off-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
    Acked-by: Steven Rostedt <rostedt@goodmis.org>
    Acked-by: Mike Galbraith <bitbucket@online.de>
    Cc: peterz@infradead.org
    Link: http://lkml.kernel.org/r/1358186131-29494-1-git-send-email-sbohrer@rgmadvisors.com
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20. @jbeulich @gregkh

    x86-64: Replace left over sti/cli in ia32 audit exit code

    jbeulich authored gregkh committed
    commit 40a1ef9 upstream.
    
    For some reason they didn't get replaced so far by their
    paravirt equivalents, resulting in code to be run with
    interrupts disabled that doesn't expect so (causing, in the
    observed case, a BUG_ON() to trigger) when syscall auditing is
    enabled.
    
    David (Cc-ed) came up with an identical fix, so likely this can
    be taken to count as an ack from him.
    
    Reported-by: Peter Moody <pmoody@google.com>
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Cc: David Vrabel <david.vrabel@citrix.com>
    Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Link: http://lkml.kernel.org/r/5108E01902000078000BA9C5@nat28.tlf.novell.com
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Cc: David Vrabel <david.vrabel@citrix.com>
    Tested-by: Peter Moody <pmoody@google.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21. @gregkh

    drm/radeon: Calling object_unrefer() when creating fb failure

    liu chuansheng authored gregkh committed
    commit f2d68cf upstream.
    
    When kzalloc() failed in radeon_user_framebuffer_create(), need to
    call object_unreference() to match the object_reference().
    
    Signed-off-by: liu chuansheng <chuansheng.liu@intel.com>
    Signed-off-by: xueminsu <xuemin.su@intel.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  22. @gregkh

    drm/radeon: prevent crash in the ring space allocation

    Alex Deucher authored gregkh committed
    commit fd5d93a upstream.
    
    If the requested number of DWs on the ring is larger than
    the size of the ring itself, return an error.
    
    In testing with large VM updates, we've seen crashes when we
    try and allocate more space on the ring than the total size
    of the ring without checking.
    
    This prevents the crash but for large VM updates or bo moves
    of very large buffers, we will need to break the transaction
    down into multiple batches.  I have patches to use IBs for
    the next kernel.
    
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  23. @chrisstaite @gregkh

    drm/radeon: fix MC blackout on evergreen+

    chrisstaite authored gregkh committed
    commit bb58882 upstream.
    
    Force the crtc mem requests on/off immediately rather
    than waiting for the double buffered updates to kick in.
    Seems we miss the update in certain conditions.  Also
    handle the DCE6 case.
    
    Signed-off-by: Christopher Staite <chris@yourdreamnet.co.uk>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  24. @gregkh

    drm/radeon: add quirk for RV100 board

    Alex Deucher authored gregkh committed
    commit 9200ee4 upstream.
    
    vbios says external TMDS while the board is actually
    internal TMDS.
    
    fixes:
    https://bugs.freedesktop.org/show_bug.cgi?id=60037
    
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  25. @gregkh

    drm/radeon: add WAIT_UNTIL to the non-VM safe regs list for cayman/TN

    Alex Deucher authored gregkh committed
    commit 674a16f upstream.
    
    Newer versions of mesa emit this.
    
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  26. @gregkh

    drm/radeon/evergreen+: wait for the MC to settle after MC blackout

    Alex Deucher authored gregkh committed
    commit ed39fad upstream.
    
    Some chips seem to need a little delay after blacking out
    the MC before the requests actually stop.
    
    May fix:
    https://bugs.freedesktop.org/show_bug.cgi?id=56139
    https://bugs.freedesktop.org/show_bug.cgi?id=57567
    
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  27. @gregkh

    digsig: Fix memory leakage in digsig_verify_rsa()

    YOSHIFUJI Hideaki authored gregkh committed
    commit 7810cc1 upstream.
    
    digsig_verify_rsa() does not free kmalloc'ed buffer returned by
    mpi_get_buffer().
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
    Signed-off-by: James Morris <james.l.morris@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commits on Feb 4, 2013
  1. @gregkh

    Linux 3.4.29

    gregkh authored
  2. @nablio3000 @gregkh

    target: fix regression with dev_link_magic in target_fabric_port_link

    nablio3000 authored gregkh committed
    This is to fix a regression that only affect the stable (not for the mainline)
    that the stable commit fdf9d86 was incorrectly placed dev->dev_link_magic check
    before the *dev assignment in target_fabric_port_link() due to fuzzy automatically
    context adjustment during the back-porting.
    
    Reported-by: Chris Boot <bootc@bootc.net>
    Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: CAI Qian <caiqian@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  3. @gregkh

    x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI

    H. Peter Anvin authored gregkh committed
    commit e43b3ce upstream.
    
    early_pci_allowed() and read_pci_config_16() are only available if
    CONFIG_PCI is defined.
    
    Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
    Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
    Signed-off-by: Abdallah Chatila <abdallah.chatila@ericsson.com>
  4. @mfleming @gregkh

    x86, efi: Set runtime_version to the EFI spec revision

    mfleming authored gregkh committed
    commit 712ba9e upstream.
    
    efi.runtime_version is erroneously being set to the value of the
    vendor's firmware revision instead of that of the implemented EFI
    specification. We can't deduce which EFI functions are available based
    on the revision of the vendor's firmware since the version scheme is
    likely to be unique to each vendor.
    
    What we really need to know is the revision of the implemented EFI
    specification, which is available in the EFI System Table header.
    
    Signed-off-by: Matt Fleming <matt.fleming@intel.com>
    Cc: Seiji Aguchi <seiji.aguchi@hds.com>
    Cc: Matthew Garrett <mjg59@srcf.ucam.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  5. @gregkh

    efi, x86: Pass a proper identity mapping in efi_call_phys_prelog

    Nathan Zimmer authored gregkh committed
    commit b8f2c21 upstream.
    
    Update efi_call_phys_prelog to install an identity mapping of all available
    memory.  This corrects a bug on very large systems with more then 512 GB in
    which bios would not be able to access addresses above not in the mapping.
    
    The result is a crash that looks much like this.
    
    BUG: unable to handle kernel paging request at 000000effd870020
    IP: [<0000000078bce331>] 0x78bce330
    PGD 0
    Oops: 0000 [#1] SMP
    Modules linked in:
    CPU 0
    Pid: 0, comm: swapper/0 Tainted: G        W    3.8.0-rc1-next-20121224-medusa_ntz+ #2 Intel Corp. Stoutland Platform
    RIP: 0010:[<0000000078bce331>]  [<0000000078bce331>] 0x78bce330
    RSP: 0000:ffffffff81601d28  EFLAGS: 00010006
    RAX: 0000000078b80e18 RBX: 0000000000000004 RCX: 0000000000000004
    RDX: 0000000078bcf958 RSI: 0000000000002400 RDI: 8000000000000000
    RBP: 0000000078bcf760 R08: 000000effd870000 R09: 0000000000000000
    R10: 0000000000000000 R11: 00000000000000c3 R12: 0000000000000030
    R13: 000000effd870000 R14: 0000000000000000 R15: ffff88effd870000
    FS:  0000000000000000(0000) GS:ffff88effe400000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 000000effd870020 CR3: 000000000160c000 CR4: 00000000000006b0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process swapper/0 (pid: 0, threadinfo ffffffff81600000, task ffffffff81614400)
    Stack:
     0000000078b80d18 0000000000000004 0000000078bced7b ffff880078b81fff
     0000000000000000 0000000000000082 0000000078bce3a8 0000000000002400
     0000000060000202 0000000078b80da0 0000000078bce45d ffffffff8107cb5a
    Call Trace:
     [<ffffffff8107cb5a>] ? on_each_cpu+0x77/0x83
     [<ffffffff8102f4eb>] ? change_page_attr_set_clr+0x32f/0x3ed
     [<ffffffff81035946>] ? efi_call4+0x46/0x80
     [<ffffffff816c5abb>] ? efi_enter_virtual_mode+0x1f5/0x305
     [<ffffffff816aeb24>] ? start_kernel+0x34a/0x3d2
     [<ffffffff816ae5ed>] ? repair_env_string+0x60/0x60
     [<ffffffff816ae2be>] ? x86_64_start_reservations+0xba/0xc1
     [<ffffffff816ae120>] ? early_idt_handlers+0x120/0x120
     [<ffffffff816ae419>] ? x86_64_start_kernel+0x154/0x163
    Code:  Bad RIP value.
    RIP  [<0000000078bce331>] 0x78bce330
     RSP <ffffffff81601d28>
    CR2: 000000effd870020
    ---[ end trace ead828934fef5eab ]---
    
    Signed-off-by: Nathan Zimmer <nzimmer@sgi.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Signed-off-by: Robin Holt <holt@sgi.com>
    Signed-off-by: Matt Fleming <matt.fleming@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  6. @gregkh

    x86/msr: Add capabilities check

    Alan Cox authored gregkh committed
    commit c903f04 upstream.
    
    At the moment the MSR driver only relies upon file system
    checks. This means that anything as root with any capability set
    can write to MSRs. Historically that wasn't very interesting but
    on modern processors the MSRs are such that writing to them
    provides several ways to execute arbitary code in kernel space.
    Sample code and documentation on doing this is circulating and
    MSR attacks are used on Windows 64bit rootkits already.
    
    In the Linux case you still need to be able to open the device
    file so the impact is fairly limited and reduces the security of
    some capability and security model based systems down towards
    that of a generic "root owns the box" setup.
    
    Therefore they should require CAP_SYS_RAWIO to prevent an
    elevation of capabilities. The impact of this is fairly minimal
    on most setups because they don't have heavy use of
    capabilities. Those using SELinux, SMACK or AppArmor rules might
    want to consider if their rulesets on the MSR driver could be
    tighter.
    
    Signed-off-by: Alan Cox <alan@linux.intel.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  7. @udknight @gregkh

    smp: Fix SMP function call empty cpu mask race

    udknight authored gregkh committed
    commit f44310b upstream.
    
    I get the following warning every day with v3.7, once or
    twice a day:
    
      [ 2235.186027] WARNING: at /mnt/sda7/kernel/linux/arch/x86/kernel/apic/ipi.c:109 default_send_IPI_mask_logical+0x2f/0xb8()
    
    As explained by Linus as well:
    
     |
     | Once we've done the "list_add_rcu()" to add it to the
     | queue, we can have (another) IPI to the target CPU that can
     | now see it and clear the mask.
     |
     | So by the time we get to actually send the IPI, the mask might
     | have been cleared by another IPI.
     |
    
    This patch also fixes a system hang problem, if the data->cpumask
    gets cleared after passing this point:
    
            if (WARN_ONCE(!mask, "empty IPI mask"))
                    return;
    
    then the problem in commit 83d349f ("x86: don't send an IPI to
    the empty set of CPU's") will happen again.
    
    Signed-off-by: Wang YanQing <udknight@gmail.com>
    Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
    Acked-by: Jan Beulich <jbeulich@suse.com>
    Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: peterz@infradead.org
    Cc: mina86@mina86.org
    Cc: srivatsa.bhat@linux.vnet.ibm.com
    Link: http://lkml.kernel.org/r/20130126075357.GA3205@udknight
    [ Tidied up the changelog and the comment in the code. ]
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  8. @gregkh

    NFS: Don't silently fail setattr() requests on mountpoints

    Trond Myklebust authored gregkh committed
    commit ab22541 upstream.
    
    Ensure that any setattr and getattr requests for junctions and/or
    mountpoints are sent to the server. Ever since commit
    0ec26fd (vfs: automount should ignore LOOKUP_FOLLOW), we have
    silently dropped any setattr requests to a server-side mountpoint.
    For referrals, we have silently dropped both getattr and setattr
    requests.
    
    This patch restores the original behaviour for setattr on mountpoints,
    and tries to do the same for referrals, provided that we have a
    filehandle...
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Something went wrong with that request. Please try again.