| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
At present, it is not possible to successfully unload the kafs module if there
are outstanding async outgoing calls (those made with afs_make_call()). This
appears to be due to the changes introduced by:
commit 059499453a9abd1857d442b44da8b4c126dc72a8
Author: Tejun Heo <[email protected]>
Date: Fri Mar 7 10:24:50 2014 -0500
Subject: afs: don't use PREPARE_WORK
which didn't go far enough. The problem is due to:
(1) The aforementioned commit introduced a separate handler function pointer
in the call, call->async_workfn, in addition to the original workqueue
item, call->async_work, for asynchronous operations because workqueues
subsystem cannot handle the workqueue item pointer being changed whilst
the item is queued or being processed.
(2) afs_async_workfn() was introduced in that commit to be the callback for
call->async_work. Its sole purpose is to run whatever call->async_workfn
points to.
(3) call->async_workfn is only used from afs_async_workfn(), which is only
set on async_work by afs_collect_incoming_call() - ie. for incoming
calls.
(4) call->async_workfn is *not* set by afs_make_call() when outgoing calls are
made, and call->async_work is set afs_process_async_call() - and not
afs_async_workfn().
(5) afs_process_async_call() now changes call->async_workfn rather than
call->async_work to point to afs_delete_async_call() to clean up, but this
is only effective for incoming calls because call->async_work does not
point to afs_async_workfn() for outgoing calls.
(6) Because, for incoming calls, call->async_work remains pointing to
afs_process_async_call() this results in an infinite loop.
Instead, make the workqueue uniformly vector through call->async_workfn, via
afs_async_workfn() and simply initialise call->async_workfn to point to
afs_process_async_call() in afs_make_call().
Signed-off-by: Nathaniel Wesley Filardo <[email protected]>
Signed-off-by: David Howells <[email protected]>
Reviewed-by: Tejun Heo <[email protected]>
|
|
Split afs_end_call() into two pieces, one of which is identical to code in
afs_process_async_call(). Replace the latter with a call to the first part of
afs_end_call().
Signed-off-by: Nathaniel Wesley Filardo <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
The recent Intel H97/Z97 chipsets need the similar setups like other
Intel chipsets for snooping, etc. Especially without snooping, the
audio playback stutters or gets corrupted. This fix patch just adds
the corresponding PCI ID entry with the proper flags.
Reported-and-tested-by: Arthur Borsboom <[email protected]>
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Two issues:
o For beql_op, beql_op, bne_op, bnel_op, blez_op, blezl_op, bgtz_op and
bgtzl_op the wrong field was being checked for the instruction opcode.
o For blez_op / blezl_op and bgtz_op / bgtzl_op the test was testing
for the wrong opcode.
This bug got introduced by d8d4e3ae0b5c179c0bfd3f0af5b352d13bea9cfa [MIPS
Kprobes: Refactor branch emulation].
Signed-off-by: Ralf Baechle <[email protected]>
Acked-by: Leonid Yegoshin <[email protected]>
Acked-by: Victor Kamensky <[email protected]>
|
|
The recent change in sysfs, bcdde7e221a8750f9b62b6d0bd31b72ea4ad9309
"sysfs: make __sysfs_remove_dir() recursive" revealed an asymmetric
rphy device creation/deletion sequence in scsi_transport_sas:
modprobe mpt2sas
sas_rphy_add
device_add A rphy->dev
device_add B sas_device transport class
device_add C sas_end_device transport class
device_add D bsg class
rmmod mpt2sas
sas_rphy_delete
sas_rphy_remove
device_del B
device_del C
device_del A
sysfs_remove_group recursive sysfs dir removal
sas_rphy_free
device_del D warning
where device A is the parent of B, C, and D.
When sas_rphy_free tries to unregister the bsg request queue (device D
above), the ensuing sysfs cleanup discovers that its sysfs group has
already been removed and emits a warning, "sysfs group... not found for
kobject 'end_device-X:0'".
Since bsg creation is a side effect of sas_rphy_add, move its
complementary removal call into sas_rphy_remove. This imposes the
following tear-down order for the devices above: D, B, C, A.
Note the sas_device and sas_end_device transport class devices (B and C
above) are created and destroyed both via the list match traversal in
attribute_container_device_trigger, so the order in which they are
handled is fixed. This is fine as long as they are deleted before their
parent device.
Signed-off-by: Joe Lawrence <[email protected]>
Acked-by: Dan Williams <[email protected]>
Signed-off-by: James Bottomley <[email protected]>
|
|
Current code only touches the direction register when setting direction
to output, which breaks logic like
echo high > /sys/class/gpio/gpio0/direction
which is expected to also set the value. This patch also adds a call
to update the value register when setting direction to output.
Signed-off-by: Alexey Charkov <[email protected]>
Acked-by: Tony Prisk <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
|
|
batman tries to search dev->iflink to check if it's a batman interface,
but ->iflink could be 0, which is not a valid ifindex. It should just
avoid iflink == 0 case.
Reported-by: Jet Chen <[email protected]>
Tested-by: Jet Chen <[email protected]>
Cc: David S. Miller <[email protected]>
Cc: Steffen Klassert <[email protected]>
Cc: Antonio Quartulli <[email protected]>
Cc: Marek Lindner <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
the value of itag is a random value from stack, and may not be initiated by
fib_validate_source, which called fib_combine_itag if CONFIG_IP_ROUTE_CLASSID
is not set
This will make the cached dst uncertainty
Signed-off-by: Li RongQing <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
ALB learning packets are currentlyalways sent using the slave mac
address for all vlans configured on top of bond. This is not always
correct, as vlans may change their mac address.
This patch introduced a concept of strict matching where the
source of learning packets can either strictly match the address
passed in, or it can determine a more correct address to use.
There are 3 casese to consider:
1) Switchover. In this case, we have a new active slave and we need
tell the switch about all addresses available on the slave.
2) Monitor. We'll periodically refresh learning info for all slaves.
In this case, we refresh all addresses for current active, and just
the slave address for other slaves.
3) Teaching of disabled adddress. This happens as part of the
failover and in this case, we alwyas to use just the address
provided.
CC: Jay Vosburgh <[email protected]>
CC: Veaceslav Falico <[email protected]>
CC: Andy Gospodarek <[email protected]>
Signed-off-by: Vlad Yasevich <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
TLB/ALB learning packets always assume 802.1Q vlan protocol, but
that is no longer the case since we now have support for Q-in-Q
on top of bonding. Pass the vlan protocol to alb_send_lp_vid()
so that the packets are properly tagged.
CC: Jay Vosburgh <[email protected]>
CC: Veaceslav Falico <[email protected]>
CC: Andy Gospodarek <[email protected]>
Signed-off-by: Vlad Yasevich <[email protected]>
Acked-by: Veaceslav Falico <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://gitorious.org/linux-can/linux-can
Marc Kleine-Budde says:
====================
pull-request: can 2014-05-21
this is a pull request for net/master, for the v3.15 release cycle, with a
single patch. Christopher R. Baker found a use after free during unloading of
the peak_pci driver. This is fixes in a patch by Stephane Grosjean.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
In commit 61b905da33 ("net: Rename skb->rxhash to skb->hash"), skb->rxhash
was renamed to skb->hash. Update references in Documentation
accordingly.
Signed-off-by: Tobias Klauser <[email protected]>
Acked-by: Daniel Borkmann <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The stmmac_open call was calling clk_disable_unprepare on phy init
failure, but it never calls clk_prepare_enable, this causes
a WARN_ON in the clk framework to trigger if for some reason phy init
fails.
Signed-off-by: Hans de Goede <[email protected]>
Acked-by: Giuseppe Cavallaro <[email protected]>
Acked-by: Chen-Yu Tsai <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
|
|
tc_mode() can be called from interrupt context and thus must not call
clk_*prepare*() functions.
Signed-off-by: David Jander <[email protected]>
Signed-off-by: Daniel Lezcano <[email protected]>
Acked-by: Alexandre Belloni <[email protected]>
Acked-by: Nicolas Ferre <[email protected]>
|
|
irqchip will reject the affinity set to CPUs which is not online
yet. but in the CPU1 wakeup stage, OS only sets CPU1 to be online
after local timer is set, so that causes the irq_set_affinity not
work. this patch moves to irq_force_affinity() for the low level
boot stage.
Signed-off-by: Zhiwu Song <[email protected]>
Signed-off-by: Barry Song <[email protected]>
Signed-off-by: Daniel Lezcano <[email protected]>
|
|
Use the hexadecimal values for the triggers to match what is done for the device
tree. This also fixes compilation issues as the defines have been moved
elsewhere.
Signed-off-by: Alexandre Belloni <[email protected]>
Signed-off-by: Nicolas Ferre <[email protected]>
|
|
|
|
Due a copy/paste error, the 'reg' values for the third PCIe interface
on Armada 380, and the third and fourth PCIe interfaces on Armada 385
are wrong: they are equal to the one of the second PCIe interface.
This patch fixes this by using the appropriate 'reg' values for those
PCIe interfaces.
Without this fix, the third and fourth PCIe interfaces are unusable on
those platforms.
Reported-by: Nadav Haklai <[email protected]>
Signed-off-by: Thomas Petazzoni <[email protected]>
Link: https://lkml.kernel.org/r/1400597008-4148-1-git-send-email-thomas.petazzoni@free-electrons.com
Fixes: 0d3d96ab0059 ("ARM: mvebu: add Device Tree description of the Armada 380/385 SoCs")
Signed-off-by: Jason Cooper <[email protected]>
|
|
Missing a "|" in AUDIT_ARCH_MIPSEL64N32 macro definition.
Signed-off-by: Huacai Chen <[email protected]>
Reviewed-by: Markos Chandras <[email protected]>
Cc: John Crispin <[email protected]>
Cc: Steven J. Hill <[email protected]>
Cc: Aurelien Jarno <[email protected]>
Cc: [email protected]
Cc: Fuxin Zhang <[email protected]>
Cc: Zhangjin Wu <[email protected]>
Patchwork: https://patchwork.linux-mips.org/patch/6978/
Signed-off-by: Ralf Baechle <[email protected]>
|
|
Lai found that:
WARNING: CPU: 1 PID: 13 at arch/x86/kernel/smp.c:124 native_smp_send_reschedule+0x2d/0x4b()
...
migration_cpu_stop+0x1d/0x22
was caused by set_cpus_allowed_ptr() assuming that cpu_active_mask is
always a sub-set of cpu_online_mask.
This isn't true since 5fbd036b552f ("sched: Cleanup cpu_active madness").
So set active and online at the same time to avoid this particular
problem.
Fixes: 5fbd036b552f ("sched: Cleanup cpu_active madness")
Signed-off-by: Lai Jiangshan <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Gautham R. Shenoy <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Michael wang <[email protected]>
Cc: Paul Gortmaker <[email protected]>
Cc: Rafael J. Wysocki <[email protected]>
Cc: Srivatsa S. Bhat <[email protected]>
Cc: Toshi Kani <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Tejun reported that his resume was failing due to order-3 allocations
from sched_domain building.
Replace the NR_CPUS arrays in there with a dynamically allocated
array.
Reported-by: Tejun Heo <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Cc: Johannes Weiner <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Linus Torvalds <[email protected]>
Link: http://lkml.kernel.org/n/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Tejun reported that his resume was failing due to order-3 allocations
from sched_domain building.
Replace the NR_CPUS arrays in there with a dynamically allocated
array.
Reported-by: Tejun Heo <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Acked-by: Juri Lelli <[email protected]>
Cc: Johannes Weiner <[email protected]>
Cc: Linus Torvalds <[email protected]>
Link: http://lkml.kernel.org/n/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Michael Kerrisk noticed that creating SCHED_DEADLINE reservations
with certain parameters (e.g, a runtime of something near 2^64 ns)
can cause a system freeze for some amount of time.
The problem is that in the interface we have
u64 sched_runtime;
while internally we need to have a signed runtime (to cope with
budget overruns)
s64 runtime;
At the time we setup a new dl_entity we copy the first value in
the second. The cast turns out with negative values when
sched_runtime is too big, and this causes the scheduler to go crazy
right from the start.
Moreover, considering how we deal with deadlines wraparound
(s64)(a - b) < 0
we also have to restrict acceptable values for sched_{deadline,period}.
This patch fixes the thing checking that user parameters are always
below 2^63 ns (still large enough for everyone).
It also rewrites other conditions that we check, since in
__checkparam_dl we don't have to deal with deadline wraparounds
and what we have now erroneously fails when the difference between
values is too big.
Reported-by: Michael Kerrisk <[email protected]>
Suggested-by: Peter Zijlstra <[email protected]>
Signed-off-by: Juri Lelli <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Cc: <[email protected]>
Cc: Dario Faggioli<[email protected]>
Cc: Dave Jones <[email protected]>
Cc: Linus Torvalds <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
The way we read POSIX one should only call sched_getparam() when
sched_getscheduler() returns either SCHED_FIFO or SCHED_RR.
Given that we currently return sched_param::sched_priority=0 for all
others, extend the same behaviour to SCHED_DEADLINE.
Requested-by: Michael Kerrisk <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Acked-by: Michael Kerrisk <[email protected]>
Cc: Dario Faggioli <[email protected]>
Cc: linux-man <[email protected]>
Cc: "Michael Kerrisk (man-pages)" <[email protected]>
Cc: Juri Lelli <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
The scheduler uses policy=-1 to preserve the current policy state to
implement sys_sched_setparam(), this got exposed to userspace by
accident through sys_sched_setattr(), cure this.
Reported-by: Michael Kerrisk <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Acked-by: Michael Kerrisk <[email protected]>
Cc: <[email protected]>
Cc: Linus Torvalds <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
The documented[1] behavior of sched_attr() in the proposed man page text is:
sched_attr::size must be set to the size of the structure, as in
sizeof(struct sched_attr), if the provided structure is smaller
than the kernel structure, any additional fields are assumed
'0'. If the provided structure is larger than the kernel structure,
the kernel verifies all additional fields are '0' if not the
syscall will fail with -E2BIG.
As currently implemented, sched_copy_attr() returns -EFBIG for
for this case, but the logic in sys_sched_setattr() converts that
error to -EFAULT. This patch fixes the behavior.
[1] http://thread.gmane.org/gmane.linux.kernel/1615615/focus=1697760
Signed-off-by: Michael Kerrisk <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
Cc: <[email protected]>
Cc: Linus Torvalds <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
Pull "omap fixes for v3.15-rc cycle" from Tony Lindgren:
Regression fixes for omaps for NAND, DMA, cpu_idle and audio.
Also a minor one line fix for audio clock on 54xx.
* tag 'omap-for-v3.15/fixes-v3-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: OMAP4: Fix the boot regression with CPU_IDLE enabled
ARM: OMAP2+: Fix DMA hang after off-idle
ARM: OMAP2+: nand: Fix NAND on OMAP2 and OMAP3 boards
ARM: omap5: hwmod_data: Correct IDLEMODE for McPDM
ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5 on all OMAP3 platforms
Signed-off-by: Olof Johansson <[email protected]>
|
|
If we fail to allocate struct platform_device pdev we
dereference it after the goto label err.
This bug was found using coccinelle.
Fixes: afa77ef (ARM: mx3: dynamically allocate "ipu-core" devices)
Signed-off-by: Emil Goode <[email protected]>
Acked-by: Uwe Kleine-König <[email protected]>
Cc: <[email protected]>
Signed-off-by: Shawn Guo <[email protected]>
Signed-off-by: Olof Johansson <[email protected]>
|
|
http://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes
Samsung fixes for 3.15 from Kukjin Kim:
- Remove g2d_pd and mau_pd nodes on exynos5420.
Since the power domains are linked to the CMU blocks,
kernel panic happens during access clocks when the
power domains are disabled. Now this is a best solution.
- Enable HS-I2C on exynos5 by default
MMC partition cannot be mounted for RFS without the
enabling HS-I2C because regulators for MMC power are
connected to HS-I2C bus.
- Disable MDMA1 node on exynos5420
When MDMA1 runs in secure mode it makes kernel fault,
so need to disalbe it on exynos5420 by default instead
of each board.
- Fix the secondary CPU boot for exynos4212
* tag 'samsung-fixes' of http://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: dts: Remove g2d_pd node for exynos5420
ARM: dts: Remove mau_pd node for exynos5420
ARM: exynos_defconfig: enable HS-I2C to fix for mmc partition mount
ARM: dts: disable MDMA1 node for exynos5420
ARM: EXYNOS: fix the secondary CPU boot of exynos4212
Signed-off-by: Olof Johansson <[email protected]>
|
|
git://people.freedesktop.org/~deathsimple/linux into drm-fixes
radeon fixes, VCE one is big but does fix a userspace crash.
* 'drm-fixes-3.15' of git://people.freedesktop.org/~deathsimple/linux:
drm/radeon/pm: don't allow debugfs/sysfs access when PX card is off (v2)
drm/radeon: avoid segfault on device open when accel is not working.
drm/radeon: fix typo in finding PLL params
drm/radeon: fix register typo on si
drm/radeon: fix buffer placement under memory pressure v2
drm/radeon: fix page directory update size estimation
drm/radeon: handle non-VGA class pci devices with ATRM
drm/radeon: fix DCE83 check for mullins
drm/radeon: check VCE relocation buffer range v3
drm/radeon: also try GART for CPU accessed buffers
|
|
git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes
fixes nasty panel bleeding bug.
* 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
drm/gf119-/disp: fix nasty bug which can clobber SOR0's clock setup
drm/nvd9/therm: handle another kind of PWM fan
|
|
The oops can be triggered in qemu using -no-hpet (but not nohpet) by
running a 32-bit program and reading a couple of pages before the vdso.
This should send SIGBUS instead of OOPSing.
The bug was introduced by:
commit 7a59ed415f5b57469e22e41fc4188d5399e0b194
Author: Stefani Seibold <[email protected]>
Date: Mon Mar 17 23:22:09 2014 +0100
x86, vdso: Add 32 bit VDSO time support for 32 bit kernel
which is new in 3.15.
Signed-off-by: Andy Lutomirski <[email protected]>
Link: http://lkml.kernel.org/r/e99025d887d6670b6c4d81e6ccfeeb83770b21e9.1400109621.git.luto@amacapital.net
Signed-off-by: H. Peter Anvin <[email protected]>
|
|
|
|
When GRE support was added in linux-3.14, CHECKSUM_COMPLETE handling
broke on GRE+IPv6 because we did not update/use the appropriate csum :
GRO layer is supposed to use/update NAPI_GRO_CB(skb)->csum instead of
skb->csum
Tested using a GRE tunnel and IPv6 traffic. GRO aggregation now happens
at the first level (ethernet device) instead of being done in gre
tunnel. Native IPv6+TCP is still properly aggregated.
Fixes: bf5a755f5e918 ("net-gre-gro: Add GRE support to the GRO stack")
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Jerry Chu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The count which is used to get_unmap_data maybe not the same as the
count computed in dmaengine_unmap which causes to free data in a
wrong pool.
This patch fixes this issue by keeping the map count with unmap_data
structure and use this count to get the pool.
Cc: <[email protected]>
Signed-off-by: Xuelin Shi <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
We need to use writel() instead of writel_relaxed() when starting
a channel, to ensure all the descriptors have been flushed before
the activation.
While at it, remove the unneeded read-modify-write and make the
code simpler.
Cc: <[email protected]>
Signed-off-by: Lior Amsalem <[email protected]>
Signed-off-by: Ezequiel Garcia <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
Pull two powerpc fixes from Ben Herrenschmidt:
"Here are a couple of fixes for 3.15. One from Anton fixes a nasty
regression I introduced when trying to fix a loss of irq_work whose
consequences is that we can completely lose timer interrupts on a
CPU... not pretty.
The other one is a change to our PCIe reset hook to use a firmware
call instead of direct config space accesses to trigger a fundamental
reset on the root port. This is necessary so that the FW gets a
chance to disable the link down error monitoring, which would
otherwise trip and cause subsequent fatal EEH error"
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc: irq work racing with timer interrupt can result in timer interrupt hang
powerpc/powernv: Reset root port in firmware
|
|
Kelly reported the following crash:
IP: [<ffffffff817a993d>] tcf_action_exec+0x46/0x90
PGD 3009067 PUD 300c067 PMD 11ff30067 PTE 800000011634b060
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
CPU: 1 PID: 639 Comm: dhclient Not tainted 3.15.0-rc4+ #342
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff8801169ecd00 ti: ffff8800d21b8000 task.ti: ffff8800d21b8000
RIP: 0010:[<ffffffff817a993d>] [<ffffffff817a993d>] tcf_action_exec+0x46/0x90
RSP: 0018:ffff8800d21b9b90 EFLAGS: 00010283
RAX: 00000000ffffffff RBX: ffff88011634b8e8 RCX: ffff8800cf7133d8
RDX: ffff88011634b900 RSI: ffff8800cf7133e0 RDI: ffff8800d210f840
RBP: ffff8800d21b9bb0 R08: ffffffff8287bf60 R09: 0000000000000001
R10: ffff8800d2b22b24 R11: 0000000000000001 R12: ffff8800d210f840
R13: ffff8800d21b9c50 R14: ffff8800cf7133e0 R15: ffff8800cad433d8
FS: 00007f49723e1840(0000) GS:ffff88011a800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88011634b8f0 CR3: 00000000ce469000 CR4: 00000000000006e0
Stack:
ffff8800d2170188 ffff8800d210f840 ffff8800d2171b90 0000000000000000
ffff8800d21b9be8 ffffffff817c55bb ffff8800d21b9c50 ffff8800d2171b90
ffff8800d210f840 ffff8800d21b0300 ffff8800d21b9c50 ffff8800d21b9c18
Call Trace:
[<ffffffff817c55bb>] tcindex_classify+0x88/0x9b
[<ffffffff817a7f7d>] tc_classify_compat+0x3e/0x7b
[<ffffffff817a7fdf>] tc_classify+0x25/0x9f
[<ffffffff817b0e68>] htb_enqueue+0x55/0x27a
[<ffffffff817b6c2e>] dsmark_enqueue+0x165/0x1a4
[<ffffffff81775642>] __dev_queue_xmit+0x35e/0x536
[<ffffffff8177582a>] dev_queue_xmit+0x10/0x12
[<ffffffff818f8ecd>] packet_sendmsg+0xb26/0xb9a
[<ffffffff810b1507>] ? __lock_acquire+0x3ae/0xdf3
[<ffffffff8175cf08>] __sock_sendmsg_nosec+0x25/0x27
[<ffffffff8175d916>] sock_aio_write+0xd0/0xe7
[<ffffffff8117d6b8>] do_sync_write+0x59/0x78
[<ffffffff8117d84d>] vfs_write+0xb5/0x10a
[<ffffffff8117d96a>] SyS_write+0x49/0x7f
[<ffffffff8198e212>] system_call_fastpath+0x16/0x1b
This is because we memcpy struct tcindex_filter_result which contains
struct tcf_exts, obviously struct list_head can not be simply copied.
This is a regression introduced by commit 33be627159913b094bb578
(net_sched: act: use standard struct list_head).
It's not very easy to fix it as the code is a mess:
if (old_r)
memcpy(&cr, r, sizeof(cr));
else {
memset(&cr, 0, sizeof(cr));
tcf_exts_init(&cr.exts, TCA_TCINDEX_ACT, TCA_TCINDEX_POLICE);
}
...
tcf_exts_change(tp, &cr.exts, &e);
...
memcpy(r, &cr, sizeof(cr));
the above code should equal to:
tcindex_filter_result_init(&cr);
if (old_r)
cr.res = r->res;
...
if (old_r)
tcf_exts_change(tp, &r->exts, &e);
else
tcf_exts_change(tp, &cr.exts, &e);
...
r->res = cr.res;
after this change, since there is no need to copy struct tcf_exts.
And it also fixes other places zero'ing struct's contains struct tcf_exts.
Fixes: commit 33be627159913b0 (net_sched: act: use standard struct list_head)
Reported-by: Kelly Anderson <[email protected]>
Tested-by: Kelly Anderson <[email protected]>
Cc: David S. Miller <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
Pull two btrfs fixes from Chris Mason:
"This has two fixes that we've been testing for 3.16, but since both
are safe and fix real bugs, it makes sense to send for 3.15 instead"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
Btrfs: send, fix incorrect ref access when using extrefs
Btrfs: fix EIO on reading file after ioctl clone works on it
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull two ceph fixes from Sage Weil:
"The first patch fixes a problem when we have a page count of 0 for
sendpage which is triggered by zfs. The second fixes a bug in CRUSH
that was resolved in the userland code a while back but fell through
the cracks on the kernel side"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
crush: decode and initialize chooseleaf_vary_r
libceph: fix corruption when using page_count 0 page in rbd
|
|
Pull xfs fixes from Dave Chinner:
"Code inspection of the XFS error number sign translations found a
bunch of issues, including returning incorrectly signed errors for
some data integrity operations.
These leak to userspace and result in applications not getting the
errors correctly reported. Hence they need fixing sooner rather than
later.
A couple of the bugs are in data integrity operations, a couple more
are in the new COLLAPSE_RANGE code. One of these came in through a
recent ext4 merge and so I had to update the base tree to 3.15-rc5
before fixing the issues"
* tag 'xfs-for-linus-3.15-rc6' of git://oss.sgi.com/xfs/xfs:
xfs: list_lru_init returns a negative error
xfs: negate xfs_icsb_init_counters error value
xfs: negate mount workqueue init error value
xfs: fix wrong err sign on xfs_set_acl()
xfs: fix wrong errno from xfs_initxattrs
xfs: correct error sign on COLLAPSE_RANGE errors
xfs: xfs_commit_metadata returns wrong errno
xfs: fix incorrect error sign in xfs_file_aio_read
xfs: xfs_dir_fsync() returns positive errno
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Pull renameat2 arch support from Miklos Szeredi:
"I've collected architecture patches for the renameat2 syscall that
maintainers acked and/or asked me to queue.
This adds architecture support for the renameat2 syscall to m68k,
parisc, ia64 and through asm-generic to arc, arm64, c6x, hexagon,
metag, openrisc, score, tile, unicore32"
* 'renameat2' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
scripts/checksyscalls.sh: Make renameat optional
asm-generic: Add renameat2 syscall
ia64: add renameat2 syscall
parisc: add renameat2 syscall
m68k: add renameat2 syscall
|
|
found by cppcheck
Signed-off-by: Toralf Förster <[email protected]>
Acked-by: Sam Ravnborg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull iommu fixes from Joerg Roedel:
"Three fixes for the AMD IOMMU driver:
- fix a locking issue around get_user_pages()
- fix two issues with device aliasing and exclusion range handling"
* tag 'iommu-fixes-v3.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/amd: fix enabling exclusion range for an exact device
iommu/amd: Take mmap_sem when calling get_user_pages
iommu/amd: Fix interrupt remapping for aliased devices
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft
Pull iscsi_ibft fix from Konrad Rzeszutek Wilk:
"Fix iBFT regression on Broadcom NICs introduced in 3.2"
* tag 'stable/for-linus-3.15-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft:
iscsi_ibft: Fix finding Broadcom specific ibft sign
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas
Pull SH driver fix from Simon Horman:
"Compile drivers/sh/pm_runtime.c if ARCH_SHMOBILE_MULTI
This resolves a regression introduced in v3.14 by commit bf98c1eac1d4
("ARM: Rename ARCH_SHMOBILE to ARCH_SHMOBILE_LEGACY")"
* tag 'renesas-sh-drivers-for-v3.15' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
drivers: sh: compile drivers/sh/pm_runtime.c if ARCH_SHMOBILE_MULTI
|
|
The current code assumes a one-to-one lockowner<->lock stateid
correspondance.
Cc: [email protected]
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
The nfsv4 state code has always assumed a one-to-one correspondance
between lock stateid's and lockowners even if it appears not to in some
places.
We may actually change that, but for now when FREE_STATEID releases a
lock stateid it also needs to release the parent lockowner.
Symptoms were a subsequent LOCK crashing in find_lockowner_str when it
calls same_lockowner_ino on a lockowner that unexpectedly has an empty
so_stateids list.
Cc: [email protected]
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
Fix the cache manager RPC service handlers. The afs_send_empty_reply() and
afs_send_simple_reply() functions:
(a) Kill the call and free up the buffers associated with it if they fail.
(b) Return with call intact if it they succeed.
However, none of the callers actually check the result or clean up if
successful - and may use the now non-existent data if it fails.
This was detected by Dan Carpenter using a static checker:
The patch 08e0e7c82eea: "[AF_RXRPC]: Make the in-kernel AFS
filesystem use AF_RXRPC." from Apr 26, 2007, leads to the following
static checker warning:
"fs/afs/cmservice.c:155 SRXAFSCB_CallBack()
warn: 'call' was already freed."
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: David Howells <[email protected]>
|