AgeCommit message (Collapse)Author
2014-08-22locks: pass correct "before" pointer to locks_unlink_lock in generic_add_leaseJeff Layton
The argument to locks_unlink_lock can't be just any pointer to a pointer. It must be a pointer to the fl_next field in the previous lock in the list. Cc: <stable@vger.kernel.org> # v3.15+ Signed-off-by: Jeff Layton <jlayton@primarydata.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2014-08-21Merge branch 'for-3.17-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "Nothing drastic but pushing out early due to build breakage in the new tegra platform. Additionally: - M550 tagged trim blacklist pattern is widened so that it matches the new 1TB model - three controller specific fixes" * 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: libata: widen Crucial M550 blacklist matching pata_scc: propagate return value of scc_wait_after_reset ata: ahci_tegra: Change include to fix compilation pata_samsung_cf: change ret type to signed ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host Controller driver.
2014-08-21Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - fixes for a couple potential memory corruption problems (the HW would have to be manufactured to be deliberately evil to trigger those) found by Ben Hawkes - fix for potential infinite loop when using sysfs interface of logitech driver, from Simon Wood - a couple more simple driver fixes * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: fix a couple of off-by-ones HID: logitech: perform bounds checking on device_id early enough HID: logitech: fix bounds checking on LED report size HID: logitech: Prevent possibility of infinite loop when using /sys interface HID: rmi: print an error if F11 is not found instead of stopping the device HID: hid-sensor-hub: use devm_ functions consistently HID: huion: Use allocated buffer for DMA HID: huion: Fail on parameter retrieval errors
2014-08-21Merge tag 'sound-3.17-rc2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A bunch of ASoC fixes with a few HD-audio fixes in this pull request. All fairly small, boring and device-specific fixes, in addition to MAINTAINERS update for better reviewing" * tag 'sound-3.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec ALSA: hda/hdmi - set depop_delay for haswell plus ALSA: hda - restore the gpio led after resume ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE ASoC: fsl-esai: Revert .xlate_tdm_slot_mask() support ASoC: mcasp: Fix implicit BLCK divider setting ASoC: arizona: Fix TDM slot length handling in arizona_hw_params ASoC: pcm512x: Correct Digital Playback control names ASoC: dapm: Fix uninitialized variable in snd_soc_dapm_get_enum_double() ASoC: Intel: Restore Baytrail ADSP streams only when ADSP was in reset ASoC: Intel: Wait Baytrail ADSP boot at resume_early stage ASoC: Intel: Merge Baytrail ADSP suspend_noirq into suspend_late MAINTAINERS: Add i.MX maintainers and paths to Freescale ASoC entry ASoC: Intel: Update Baytrail ADSP firmware name
2014-08-21Merge branch 'i2c/for-next' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Here is the fixup for the 'lowlight' of my last pull request. I2C is not selected anymore by I2C_ACPI. Instead, the code in question now depends on I2C=y. Also, Mika has agreed to support me and be the maintainer for I2C-ACPI related patches. Finally, a new-ID-patch came along last week" * 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: MAINTAINERS: add maintainer for ACPI parts of I2C i2c: i801: Add PCI ID for Intel Braswell i2c: rework kernel config I2C_ACPI
2014-08-21Merge tag 'please-pull-memfd_create' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux Pull ia64 update from Tony Luck: "Add memfd_create syscall to ia64" * tag 'please-pull-memfd_create' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux: [IA64] Wire up memfd_create() system call
2014-08-21Merge tag 'microblaze-3.17-rc2' of git://git.monstr.eu/linux-2.6-microblazeLinus Torvalds
Pull microblaze update from Michal Simek: "Wire-up seccomp/getrandom/memfd_create syscalls" * tag 'microblaze-3.17-rc2' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: Wire-up memfd_create syscall microblaze: Wire-up getrandom syscall microblaze: Wire-up seccomp syscall
2014-08-21HID: fix a couple of off-by-onesJiri Kosina
There are a few very theoretical off-by-one bugs in report descriptor size checking when performing a pre-parsing fixup. Fix those. Cc: stable@vger.kernel.org Reported-by: Ben Hawkes <hawkes@google.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21HID: logitech: perform bounds checking on device_id early enoughJiri Kosina
device_index is a char type and the size of paired_dj_deivces is 7 elements, therefore proper bounds checking has to be applied to device_index before it is used. We are currently performing the bounds checking in logi_dj_recv_add_djhid_device(), which is too late, as malicious device could send REPORT_TYPE_NOTIF_DEVICE_UNPAIRED early enough and trigger the problem in one of the report forwarding functions called from logi_dj_raw_event(). Fix this by performing the check at the earliest possible ocasion in logi_dj_raw_event(). Cc: stable@vger.kernel.org Reported-by: Ben Hawkes <hawkes@google.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21HID: logitech: fix bounds checking on LED report sizeJiri Kosina
The check on report size for REPORT_TYPE_LEDS in logi_dj_ll_raw_request() is wrong; the current check doesn't make any sense -- the report allocated by HID core in hid_hw_raw_request() can be much larger than DJREPORT_SHORT_LENGTH, and currently logi_dj_ll_raw_request() doesn't handle this properly at all. Fix the check by actually trimming down the report size properly if it is too large. Cc: stable@vger.kernel.org Reported-by: Ben Hawkes <hawkes@google.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21microblaze: Wire-up memfd_create syscallMichal Simek
Add new memfd_create syscall. Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21microblaze: Wire-up getrandom syscallMichal Simek
Add new getrandom syscall. Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21microblaze: Wire-up seccomp syscallMichal Simek
Add new seccomp syscall. Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-20Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6Linus Torvalds
Pull cifs fixes from Steve French: "Most important fixes in this set include three SMB3 fixes for stable (including fix for possible kernel oops), and a workaround to allow writes to Mac servers (only cifs dialect, not more current SMB2.1, worked to Mac servers). Also fallocate support added, and lease fix from Jeff" * 'for-linus' of git://git.samba.org/sfrench/cifs-2.6: [SMB3] Enable fallocate -z support for SMB3 mounts enable fallocate punch hole ("fallocate -p") for SMB3 Incorrect error returned on setting file compressed on SMB2 CIFS: Fix wrong directory attributes after rename CIFS: Fix SMB2 readdir error handling [CIFS] Possible null ptr deref in SMB2_tcon [CIFS] Workaround MacOS server problem with SMB2.1 write response cifs: handle lease F_UNLCK requests properly Cleanup sparse file support by creating worker function for it Add sparse file support to SMB2/SMB3 mounts Add missing definitions for CIFS File System Attributes cifs: remove unused function cifs_oplock_break_wait
2014-08-20Merge branch 'for_linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull filesystem fixes from Jan Kara: "udf, isofs, and ext3 bug fixes" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: ext3: Count internal journal as bsddf overhead in ext3_statfs isofs: Fix unbounded recursion when processing relocated directories udf: avoid unneeded up_write when fail to add entry in ->symlink
2014-08-20Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86Linus Torvalds
Pull x86 platform driver revert from Matthew Garrett: "This clearly shouldn't have been merged. No excuse on my part" * 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86: Revert "platform/x86/toshiba-apci.c possible bad if test?"
2014-08-20Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds
Pull KVM fixes from Paolo Bonzini: "Reverting a 3.16 patch, fixing two bugs in device assignment (one has a CVE), and fixing some problems introduced during the merge window (the CMA bug came in via Andrew, the x86 ones via yours truly)" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it Revert "KVM: x86: Increase the number of fixed MTRR regs to 10" KVM: x86: do not check CS.DPL against RPL during task switch KVM: x86: Avoid emulating instructions on #UD mistakenly PC, KVM, CMA: Fix regression caused by wrong get_order() use kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
2014-08-20Merge tag 'scsi-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "These are the two bug fixes I mentioned in the final merge window pull. One is a reversed logic check in the device busy tests which can cause a nasty hang and another crash seen in the new SCSI pool support if the use count ever goes to zero" [ The device busy test already got merged from a patch earlier, so is now duplicated. ] * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: [SCSI] save command pool address of Scsi_Host [SCSI] fix qemu boot hang problem
2014-08-20Revert "platform/x86/toshiba-apci.c possible bad if test?"Matthew Garrett
This reverts commit bdc3ae7221213963f438faeaa69c8b4a2195f491. Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2014-08-19ext3: Count internal journal as bsddf overhead in ext3_statfsChin-Tsung Cheng
The journal blocks of external journal device should not be counted as overhead. Signed-off-by: Chin-Tsung Cheng <chintzung@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19scsi: Fix qemu boot hang problemGuenter Roeck
The latest kernel fails to boot qemu arm images when using scsi for disk access. Boot gets stuck after the following messages. brd: module loaded sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103) sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93 sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking sym0: SCSI BUS has been reset. scsi host0: sym-2.2.3 Bisect points to commit 71e75c97f97a ("scsi: convert device_busy to atomic_t"). Code inspection shows the following suspicious change in scsi_request_fn. out_delay: - if (sdev->device_busy == 0 && !scsi_device_blocked(sdev)) + if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev)) blk_delay_queue(q, SCSI_QUEUE_DELAY); } 'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)', meaning the logic was reversed. Changing this expression to '!atomic_read(&sdev->device_busy)' fixes the problem. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Hannes Reinecke <hare@suse.de> Acked-by: Jens Axboe <axboe@fb.com> Reviewed-by: Venkatesh Srinivas <venkateshs@google.com> Reviewed-by: Webb Scales <webbnh@hp.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-19isofs: Fix unbounded recursion when processing relocated directoriesJan Kara
We did not check relocated directory in any way when processing Rock Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL entry pointing to another CL entry leading to possibly unbounded recursion in kernel code and thus stack overflow or deadlocks (if there is a loop created from CL entries). Fix the problem by not allowing CL entry to point to a directory entry with CL entry (such use makes no good sense anyway) and by checking whether CL entry doesn't point to itself. CC: stable@vger.kernel.org Reported-by: Chris Evans <cevans@google.com> Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19udf: avoid unneeded up_write when fail to add entry in ->symlinkChao Yu
We have released the ->i_data_sem before invoking udf_add_entry(), so in following error path, we should not release this lock again. Signed-off-by: Chao Yu <chao2.yu@samsung.com> Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19MAINTAINERS: add maintainer for ACPI parts of I2CWolfram Sang
Mika has done great work in that field, so let people know. Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
2014-08-19i2c: i801: Add PCI ID for Intel BraswellAlan Cox
The SMBus host controller is the same as used in Baytrail so add the new PCI ID to the driver's list of supported IDs. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2014-08-19i2c: rework kernel config I2C_ACPILan Tianyu
Commit da3c6647(I2C/ACPI: Clean up I2C ACPI code and Add CONFIG_I2C_ACPI config) adds a new kernel config I2C_ACPI and make I2C core built in when the config is selected. This is wrong because distributions etc generally compile I2C as a module and the commit broken that. This patch is to rename I2C_ACPI to ACPI_I2C_OPREGION. New config only controls ACPI I2C operation region code and depends on I2C=y. Signed-off-by: Lan Tianyu <tianyu.lan@intel.com> Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com> [wsa: removed unrelated change for Kconfig] Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2014-08-19Merge tag 'md/3.17-fixes' of git://neil.brown.name/mdLinus Torvalds
Pull md bugfixes from Neil Brown: "Here are the bug-fixes I promised :-) Funny how you start looking for one and other start appearing. - raid6 data corruption during recovery - raid6 livelock - raid10 memory leaks" * tag 'md/3.17-fixes' of git://neil.brown.name/md: md/raid10: always initialise ->state on newly allocated r10_bio md/raid10: avoid memory leak on error path during reshape. md/raid10: Fix memory leak when raid10 reshape completes. md/raid10: fix memory leak when reshaping a RAID10. md/raid6: avoid data corruption during recovery of double-degraded RAID6 md/raid5: avoid livelock caused by non-aligned writes.
2014-08-19Merge tag 'pci-v3.17-changes-3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI changes from Bjorn Helgaas: "Marvell MVEBU - Remove ARCH_KIRKWOOD dependency (Andrew Lunn) NVIDIA Tegra - Add debugfs support (Thierry Reding) Synopsys DesignWare - Look for configuration space in 'reg', not 'ranges' (Kishon Vijay Abraham I) - Program ATU with untranslated address (Kishon Vijay Abraham I) - Add config access-related pcie_host_ops for v3.65 hardware (Murali Karicheri) - Add MSI-related pcie_host_ops for v3.65 hardware (Murali Karicheri) TI DRA7xx - Add TI DR7xx PCIe driver (Kishon Vijay Abraham I)" * tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: designware: Add MSI-related pcie_host_ops for v3.65 hardware PCI: designware: Add config access-related pcie_host_ops for v3.65 hardware PCI: dra7xx: Add TI DRA7xx PCIe driver PCI: designware: Program ATU with untranslated address PCI: designware: Look for configuration space in 'reg', not 'ranges' PCI: tegra: Add debugfs support PCI: mvebu: Remove ARCH_KIRKWOOD dependency
2014-08-19Merge tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linuxLinus Torvalds
Pull devicetree fixes from Grant Likely: "Three more commits needed for v3.17: A bug fix for reserved regions based at address zero, a clarification on how to interpret existence of both interrupts and interrupts-extended properties, and a fix to allow device tree testcases to run on any platform" * tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux: of/irq: Fix lookup to use 'interrupts-extended' property first Enabling OF selftest to run without machine's devicetree of: Allow mem_reserve of memory with a base address of zero
2014-08-19frv: Define cpu_relax_lowlatency()Davidlohr Bueso
3a6bfbc91df0 "(arch,locking: Ciao arch_mutex_cpu_relax()") broke building the frv arch. Fixes errors such as: kernel/locking/mcs_spinlock.h:87:2: error: implicit declaration of function 'cpu_relax_lowlatency' Signed-off-by: Davidlohr Bueso <davidlohr@hp.com> Compile-tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-19virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free itChen Gang
As a generic function, deassign_guest_irq() assumes it can be called even if assign_guest_irq() is not be called successfully (which can be triggered by ioctl from user mode, indirectly). So for assign_guest_irq() failure process, need set 'dev->irq_source_id' to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free it again. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"Paolo Bonzini
This reverts commit 682367c494869008eb89ef733f196e99415ae862, which causes 32-bit SMP Windows 7 guests to panic. SeaBIOS has a limit on the number of MTRRs that it can handle, and this patch exceeded the limit. Better revert it. Thanks to Nadav Amit for debugging the cause. Cc: stable@nongnu.org Reported-by: Wanpeng Li <wanpeng.li@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19KVM: x86: do not check CS.DPL against RPL during task switchPaolo Bonzini
This reverts the check added by commit 5045b468037d (KVM: x86: check CS.DPL against RPL during task switch, 2014-05-15). Although the CS.DPL=CS.RPL check is mentioned in table 7-1 of the SDM as causing a #TSS exception, it is not mentioned in table 6-6 that lists "invalid TSS conditions" which cause #TSS exceptions. In fact it causes some tests to fail, which pass on bare-metal. Keep the rest of the commit, since we will find new uses for it in 3.18. Reported-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19KVM: x86: Avoid emulating instructions on #UD mistakenlyNadav Amit
Commit d40a6898e5 mistakenly caused instructions which are not marked as EmulateOnUD to be emulated upon #UD exception. The commit caused the check of whether the instruction flags include EmulateOnUD to never be evaluated. As a result instructions whose emulation is broken may be emulated. This fix moves the evaluation of EmulateOnUD so it would be evaluated. Signed-off-by: Nadav Amit <namit@cs.technion.ac.il> [Tweak operand order in &&, remove EmulateOnUD where it's now superfluous. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19PC, KVM, CMA: Fix regression caused by wrong get_order() useAlexey Kardashevskiy
fc95ca7284bc54953165cba76c3228bd2cdb9591 claims that there is no functional change but this is not true as it calls get_order() (which takes bytes) where it should have called order_base_2() and the kernel stops on VM_BUG_ON(). This replaces get_order() with order_base_2() (round-up version of ilog2). Suggested-by: Paul Mackerras <paulus@samba.org> Cc: Alexander Graf <agraf@suse.de> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)Michael S. Tsirkin
The third parameter of kvm_iommu_put_pages is wrong, It should be 'gfn - slot->base_gfn'. By making gfn very large, malicious guest or userspace can cause kvm to go to this error path, and subsequently to pass a huge value as size. Alternatively if gfn is small, then pages would be pinned but never unpinned, causing host memory leak and local DOS. Passing a reasonable but large value could be the most dangerous case, because it would unpin a page that should have stayed pinned, and thus allow the device to DMA into arbitrary memory. However, this cannot happen because of the condition that can trigger the error: - out of memory (where you can't allocate even a single page) should not be possible for the attacker to trigger - when exceeding the iommu's address space, guest pages after gfn will also exceed the iommu's address space, and inside kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The page thus would not be unpinned at all. Reported-by: Jack Morgenstein <jackm@mellanox.com> Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-19ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codecLibin Yang
Valleyview and Cherryview have the same behavior on display audio. So this patch defines is_valleyview_plus() to include codecs for both Valleyview and its successor Cherryview, and apply Valleyview fix-ups to Cherryview. Signed-off-by: Libin Yang <libin.yang@intel.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-08-19ALSA: hda/hdmi - set depop_delay for haswell plusLibin Yang
Both Haswell and Broadwell need set depop_delay to 0. So apply this setting to haswell plus. Signed-off-by: Libin Yang <libin.yang@intel.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-08-19md/raid10: always initialise ->state on newly allocated r10_bioNeilBrown
Most places which allocate an r10_bio zero the ->state, some don't. As the r10_bio comes from a mempool, and the allocation function uses kzalloc it is often zero anyway. But sometimes it isn't and it is best to be safe. I only noticed this because of the bug fixed by an earlier patch where the r10_bios allocated for a reshape were left around to be used by a subsequent resync. In that case the R10BIO_IsReshape flag caused problems. Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19md/raid10: avoid memory leak on error path during reshape.NeilBrown
If raid10 reshape fails to find somewhere to read a block from, it returns without freeing memory... Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19md/raid10: Fix memory leak when raid10 reshape completes.NeilBrown
When a raid10 commences a resync/recovery/reshape it allocates some buffer space. When a resync/recovery completes the buffer space is freed. But not when the reshape completes. This can result in a small memory leak. There is a subtle side-effect of this bug. When a RAID10 is reshaped to a larger array (more devices), the reshape is immediately followed by a "resync" of the new space. This "resync" will use the buffer space which was allocated for "reshape". This can cause problems including a "BUG" in the SCSI layer. So this is suitable for -stable. Cc: stable@vger.kernel.org (v3.5+) Fixes: 3ea7daa5d7fde47cd41f4d56c2deb949114da9d6 Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19md/raid10: fix memory leak when reshaping a RAID10.NeilBrown
raid10 reshape clears unwanted bits from a bio->bi_flags using a method which, while clumsy, worked until 3.10 when BIO_OWNS_VEC was added. Since then it clears that bit but shouldn't. This results in a memory leak. So change to used the approved method of clearing unwanted bits. As this causes a memory leak which can consume all of memory the fix is suitable for -stable. Fixes: a38352e0ac02dbbd4fa464dc22d1352b5fbd06fd Cc: stable@vger.kernel.org (v3.10+) Reported-by: mdraid.pkoch@dfgh.net (Peter Koch) Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-19ALSA: hda - restore the gpio led after resumeHui Wang
On some HP laptops, the mute led is controlled by codec gpio. When some machine resume from s3/s4, the codec gpio data will be cleared to 0 by BIOS: Before suspend: IO[3]: enable=1, dir=1, wake=0, sticky=0, data=1, unsol=0 After resume: IO[3]: enable=1, dir=1, wake=0, sticky=0, data=0, unsol=0 To skip the AFG node to enter D3 can't fix this problem. A workaround is to restore the gpio data when the system resume back from s3/s4. It is safe even on the machines without this problem. BugLink: https://bugs.launchpad.net/bugs/1358116 Tested-by: Franz Hsieh <franz.hsieh@canonical.com> Cc: stable@vger.kernel.org Signed-off-by: Hui Wang <hui.wang@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-08-18libata: widen Crucial M550 blacklist matchingTejun Heo
Crucial M550 may cause data corruption on queued trims and is blacklisted. The pattern used for it fails to match 1TB one as the capacity section will be four chars instead of three. Widen the pattern. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Charles Reiss <woggling@gmail.com> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=81071 Cc: stable@vger.kernel.org
2014-08-18[IA64] Wire up memfd_create() system callTony Luck
Yet another system call. This one added by: commit 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create() syscall Signed-off-by: Tony Luck <tony.luck@intel.com>
2014-08-18pata_scc: propagate return value of scc_wait_after_resetArjun Sreedharan
scc_bus_softreset not necessarily should return zero. Propagate the error code. Signed-off-by: Arjun Sreedharan <arjun024@gmail.com> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org
2014-08-18md/raid6: avoid data corruption during recovery of double-degraded RAID6NeilBrown
During recovery of a double-degraded RAID6 it is possible for some blocks not to be recovered properly, leading to corruption. If a write happens to one block in a stripe that would be written to a missing device, and at the same time that stripe is recovering data to the other missing device, then that recovered data may not be written. This patch skips, in the double-degraded case, an optimisation that is only safe for single-degraded arrays. Bug was introduced in 2.6.32 and fix is suitable for any kernel since then. In an older kernel with separate handle_stripe5() and handle_stripe6() functions the patch must change handle_stripe6(). Cc: stable@vger.kernel.org (2.6.32+) Fixes: 6c0069c0ae9659e3a91b68eaed06a5c6c37f45c8 Cc: Yuri Tikhonov <yur@emcraft.com> Cc: Dan Williams <dan.j.williams@intel.com> Reported-by: "Manibalan P" <pmanibalan@amiindia.co.in> Tested-by: "Manibalan P" <pmanibalan@amiindia.co.in> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1090423 Signed-off-by: NeilBrown <neilb@suse.de> Acked-by: Dan Williams <dan.j.williams@intel.com>
2014-08-18md/raid5: avoid livelock caused by non-aligned writes.NeilBrown
If a stripe in a raid6 array received a write to each data block while the array is degraded, and if any of these writes to a missing device are not page-aligned, then a live-lock happens. In this case the P and Q blocks need to be read so that the part of the missing block which is *not* being updated by the write can be constructed. Due to a logic error, these blocks are not loaded, so the update cannot proceed and the stripe is 'handled' repeatedly in an infinite loop. This bug is unlikely as most writes are page aligned. However as it can lead to a livelock it is suitable for -stable. It was introduced in 3.16. Cc: stable@vger.kernel.org (v3.16) Fixed: 67f455486d2ea20b2d94d6adf5b9b783d079e321 Signed-off-by: NeilBrown <neilb@suse.de>
2014-08-17[SMB3] Enable fallocate -z support for SMB3 mountsSteve French
fallocate -z (FALLOC_FL_ZERO_RANGE) can map to SMB3 FSCTL_SET_ZERO_DATA SMB3 FSCTL but FALLOC_FL_ZERO_RANGE when called without the FALLOC_FL_KEEPSIZE flag set could want the file size changed so we can not support that subcase unless the file is cached (and thus we know the file size). Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilovsky@samba.org>
2014-08-17enable fallocate punch hole ("fallocate -p") for SMB3Steve French
Implement FALLOC_FL_PUNCH_HOLE (which does not change the file size fortunately so this matches the behavior of the equivalent SMB3 fsctl call) for SMB3 mounts. This allows "fallocate -p" to work. It requires that the server support setting files as sparse (which Windows allows). Signed-off-by: Steve French <smfrench@gmail.com>