Commit Graph

519535 Commits

Author SHA1 Message Date
Filipe Manana
ff1f8250a9 Btrfs: fix race between block group creation and their cache writeout
So creating a block group has 2 distinct phases:

Phase 1 - creates the btrfs_block_group_cache item and adds it to the
rbtree fs_info->block_group_cache_tree and to the corresponding list
space_info->block_groups[];

Phase 2 - adds the block group item to the extent tree and corresponding
items to the chunk tree.

The first phase adds the block_group_cache_item to a list of pending block
groups in the transaction handle, and phase 2 happens when
btrfs_end_transaction() is called against the transaction handle.

It happens that once phase 1 completes, other concurrent tasks that use
their own transaction handle, but points to the same running transaction
(struct btrfs_trans_handle->transaction), can use this block group for
space allocations and therefore mark it dirty. Dirty block groups are
tracked in a list belonging to the currently running transaction (struct
btrfs_transaction) and not in the transaction handle (btrfs_trans_handle).

This is a problem because once a task calls btrfs_commit_transaction(),
it calls btrfs_start_dirty_block_groups() which will see all dirty block
groups and attempt to start their writeout, including those that are
still attached to the transaction handle of some concurrent task that
hasn't called btrfs_end_transaction() yet - which means those block
groups haven't gone through phase 2 yet and therefore when
write_one_cache_group() is called, it won't find the block group items
in the extent tree and abort the current transaction with -ENOENT,
turning the fs into readonly mode and require a remount.

Fix this by ignoring -ENOENT when looking for block group items in the
extent tree when we attempt to start the writeout of the block group
caches outside the critical section of the transaction commit. We will
try again later during the critical section and if there we still don't
find the block group item in the extent tree, we then abort the current
transaction.

This issue happened twice, once while running fstests btrfs/067 and once
for btrfs/078, which produced the following trace:

[ 3278.703014] WARNING: CPU: 7 PID: 18499 at fs/btrfs/super.c:260 __btrfs_abort_transaction+0x52/0x114 [btrfs]()
[ 3278.707329] BTRFS: Transaction aborted (error -2)
(...)
[ 3278.731555] Call Trace:
[ 3278.732396]  [<ffffffff8142fa46>] dump_stack+0x4f/0x7b
[ 3278.733860]  [<ffffffff8108b6a2>] ? console_unlock+0x361/0x3ad
[ 3278.735312]  [<ffffffff81045ea5>] warn_slowpath_common+0xa1/0xbb
[ 3278.736874]  [<ffffffffa03ada6d>] ? __btrfs_abort_transaction+0x52/0x114 [btrfs]
[ 3278.738302]  [<ffffffff81045f05>] warn_slowpath_fmt+0x46/0x48
[ 3278.739520]  [<ffffffffa03ada6d>] __btrfs_abort_transaction+0x52/0x114 [btrfs]
[ 3278.741222]  [<ffffffffa03b9e56>] write_one_cache_group+0xae/0xbf [btrfs]
[ 3278.742797]  [<ffffffffa03c487b>] btrfs_start_dirty_block_groups+0x170/0x2b2 [btrfs]
[ 3278.744492]  [<ffffffffa03d309c>] btrfs_commit_transaction+0x130/0x9c9 [btrfs]
[ 3278.746084]  [<ffffffff8107d33d>] ? trace_hardirqs_on+0xd/0xf
[ 3278.747249]  [<ffffffffa03e5660>] btrfs_sync_file+0x313/0x387 [btrfs]
[ 3278.748744]  [<ffffffff8117acad>] vfs_fsync_range+0x95/0xa4
[ 3278.749958]  [<ffffffff81435b54>] ? ret_from_sys_call+0x1d/0x58
[ 3278.751218]  [<ffffffff8117acd8>] vfs_fsync+0x1c/0x1e
[ 3278.754197]  [<ffffffff8117ae54>] do_fsync+0x34/0x4e
[ 3278.755192]  [<ffffffff8117b07c>] SyS_fsync+0x10/0x14
[ 3278.756236]  [<ffffffff81435b32>] system_call_fastpath+0x12/0x17
[ 3278.757366] ---[ end trace 9a4d4df4969709aa ]---

Fixes: 1bbc621ef2 ("Btrfs: allow block group cache writeout
                      outside critical section in commit")

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-05-11 07:59:10 -07:00
Filipe Manana
28aeeac1dd Btrfs: fix panic when starting bg cache writeout after IO error
When waiting for the writeback of block group cache we returned
immediately if there was an error during writeback without waiting
for the ordered extent to complete. This left a short time window
where if some other task attempts to start the writeout for the same
block group cache it can attempt to add a new ordered extent, starting
at the same offset (0) before the previous one is removed from the
ordered tree, causing an ordered tree panic (calls BUG()).

This normally doesn't happen in other write paths, such as buffered
writes or direct IO writes for regular files, since before marking
page ranges dirty we lock the ranges and wait for any ordered extents
within the range to complete first.

Fix this by making btrfs_wait_ordered_range() not return immediately
if it gets an error from the writeback, waiting for all ordered extents
to complete first.

This issue happened often when running the fstest btrfs/088 and it's
easy to trigger it by running in a loop until the panic happens:

  for ((i = 1; i <= 10000; i++)) do ./check btrfs/088 ; done

[17156.862573] BTRFS critical (device sdc): panic in ordered_data_tree_panic:70: Inconsistency in ordered tree at offset 0 (errno=-17 Object already exists)
[17156.864052] ------------[ cut here ]------------
[17156.864052] kernel BUG at fs/btrfs/ordered-data.c:70!
(...)
[17156.864052] Call Trace:
[17156.864052]  [<ffffffffa03876e3>] btrfs_add_ordered_extent+0x12/0x14 [btrfs]
[17156.864052]  [<ffffffffa03787e2>] run_delalloc_nocow+0x5bf/0x747 [btrfs]
[17156.864052]  [<ffffffffa03789ff>] run_delalloc_range+0x95/0x353 [btrfs]
[17156.864052]  [<ffffffffa038b7fe>] writepage_delalloc.isra.16+0xb9/0x13f [btrfs]
[17156.864052]  [<ffffffffa038d75b>] __extent_writepage+0x129/0x1f7 [btrfs]
[17156.864052]  [<ffffffffa038da5a>] extent_write_cache_pages.isra.15.constprop.28+0x231/0x2f4 [btrfs]
[17156.864052]  [<ffffffff810ad2af>] ? __module_text_address+0x12/0x59
[17156.864052]  [<ffffffff8107d33d>] ? trace_hardirqs_on+0xd/0xf
[17156.864052]  [<ffffffffa038df76>] extent_writepages+0x4b/0x5c [btrfs]
[17156.864052]  [<ffffffff81144431>] ? kmem_cache_free+0x9b/0xce
[17156.864052]  [<ffffffffa0376a46>] ? btrfs_submit_direct+0x3fc/0x3fc [btrfs]
[17156.864052]  [<ffffffffa0389cd6>] ? free_extent_state+0x8c/0xc1 [btrfs]
[17156.864052]  [<ffffffffa0374871>] btrfs_writepages+0x28/0x2a [btrfs]
[17156.864052]  [<ffffffff8110c4c8>] do_writepages+0x23/0x2c
[17156.864052]  [<ffffffff81102f36>] __filemap_fdatawrite_range+0x5a/0x61
[17156.864052]  [<ffffffff81102f6e>] filemap_fdatawrite_range+0x13/0x15
[17156.864052]  [<ffffffffa0383ef7>] btrfs_fdatawrite_range+0x21/0x48 [btrfs]
[17156.864052]  [<ffffffffa03ab89e>] __btrfs_write_out_cache.isra.14+0x2d9/0x3a7 [btrfs]
[17156.864052]  [<ffffffffa03ac1ab>] ? btrfs_write_out_cache+0x41/0xdc [btrfs]
[17156.864052]  [<ffffffffa03ac1fd>] btrfs_write_out_cache+0x93/0xdc [btrfs]
[17156.864052]  [<ffffffffa0363847>] ? btrfs_start_dirty_block_groups+0x13a/0x2b2 [btrfs]
[17156.864052]  [<ffffffffa03638e6>] btrfs_start_dirty_block_groups+0x1d9/0x2b2 [btrfs]
[17156.864052]  [<ffffffff8107d33d>] ? trace_hardirqs_on+0xd/0xf
[17156.864052]  [<ffffffffa037209e>] btrfs_commit_transaction+0x130/0x9c9 [btrfs]
[17156.864052]  [<ffffffffa034c748>] btrfs_sync_fs+0xe1/0x12d [btrfs]

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-05-11 07:59:10 -07:00
Filipe Manana
e43699d4b4 Btrfs: fix crash after inode cache writeback failure
If the writeback of an inode cache failed we were unnecessarilly
attempting to release again the delalloc metadata that we previously
reserved. However attempting to do this a second time triggers an
assertion at drop_outstanding_extent() because we have no more
outstanding extents for our inode cache's inode. If we were able
to start writeback of the cache the reserved metadata space is
released at btrfs_finished_ordered_io(), even if an error happens
during writeback.

So make sure we don't repeat the metadata space release if writeback
started for our inode cache.

This issue was trivial to reproduce by running the fstest btrfs/088
with "-o inode_cache", which triggered the assertion leading to a
BUG() call and requiring a reboot in order to run the remaining
fstests. Trace produced by btrfs/088:

[255289.385904] BTRFS: assertion failed: BTRFS_I(inode)->outstanding_extents >= num_extents, file: fs/btrfs/extent-tree.c, line: 5276
[255289.388094] ------------[ cut here ]------------
[255289.389184] kernel BUG at fs/btrfs/ctree.h:4057!
[255289.390125] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
(...)
[255289.392068] Call Trace:
[255289.392068]  [<ffffffffa035e774>] drop_outstanding_extent+0x3d/0x6d [btrfs]
[255289.392068]  [<ffffffffa0364988>] btrfs_delalloc_release_metadata+0x54/0xe3 [btrfs]
[255289.392068]  [<ffffffffa03b4174>] btrfs_write_out_ino_cache+0x95/0xad [btrfs]
[255289.392068]  [<ffffffffa036f5c4>] btrfs_save_ino_cache+0x275/0x2dc [btrfs]
[255289.392068]  [<ffffffffa03e2d83>] commit_fs_roots.isra.12+0xaa/0x137 [btrfs]
[255289.392068]  [<ffffffff8107d33d>] ? trace_hardirqs_on+0xd/0xf
[255289.392068]  [<ffffffffa037841f>] ? btrfs_commit_transaction+0x4b1/0x9c9 [btrfs]
[255289.392068]  [<ffffffff814351a4>] ? _raw_spin_unlock+0x32/0x46
[255289.392068]  [<ffffffffa037842e>] btrfs_commit_transaction+0x4c0/0x9c9 [btrfs]
(...)

Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-05-11 07:59:10 -07:00
Peter Antoine
364aece01a drm/i915: Avoid GPU hang when coming out of s3 or s4
This patch fixes a timing issue that causes a GPU hang when the system
comes out of power saving.

During pm_resume, We are submitting batchbuffers before enabling
Interrupts this is causing us to miss the context switch interrupt,
and in consequence intel_execlists_handle_ctx_events is not triggered.

This patch is based on a patch from Deepak S <deepak.s@intel.com>
from another platform.

The patch fixes an issue introduced by:
  commit e7778be1ea
  drm/i915: Fix startup failure in LRC mode after recent init changes

The above patch added a call to init_context() to fix an issue introduced
by a previous patch. But, it then opened up a small timing window for the
batches being added by the init_context (basically setting up the context)
to complete before the interrupts have been turned on, thus hanging the
GPU.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=89600
Cc: stable@vger.kernel.org # 4.0+
Signed-off-by: Peter Antoine <peter.antoine@intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
[Jani: fixed typo in subject, massaged the comments a bit]
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2015-05-11 16:27:08 +03:00
Sebastian Hesselbarth
ba0a1ff853 ARM: dove: Add clock-names to CuBox Si5351 clk generator
Si5351 clock generator on CuBox uses XTAL as clock reference, name the
clock phandle accordingly.

Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
2015-05-11 15:17:47 +02:00
Stephane Eranian
44b11fee51 perf/x86/rapl: Enable Broadwell-U RAPL support
This patch enables RAPL counters (energy consumption counters)
support for Intel Broadwell-U processors (Model 61):

To use:

  $ perf stat -a -I 1000 -e power/energy-cores/,power/energy-pkg/,power/energy-ram/ sleep 10

Signed-off-by: Stephane Eranian <eranian@google.com>
Cc: <stable@vger.kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jacob.jun.pan@linux.intel.com
Cc: kan.liang@intel.com
Cc: peterz@infradead.org
Cc: sonnyrao@chromium.org
Link: http://lkml.kernel.org/r/20150423070709.GA4970@thinkpad
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-05-11 11:52:30 +02:00
Oleg Nesterov
ef7254a595 x86/vdso: Fix 'make bzImage' on older distros
Change HOST_EXTRACFLAGS to include arch/x86/include/uapi along
with include/uapi.

This looks more consistent, and this fixes "make bzImage" on my
old distro which doesn't have asm/bitsperlong.h in /usr/include/.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Andy Lutomirski <luto@kernel.org>
Cc: <stable@vger.kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 6f121e548f ("x86, vdso: Reimplement vdso.so preparation in build-time C")
Link: http://lkml.kernel.org/r/1431332153-18566-6-git-send-email-bp@alien8.de
Link: http://lkml.kernel.org/r/20150507165835.GB18652@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-05-11 10:25:02 +02:00
Vineet Gupta
4a8a224570 ARC: inline cache flush toggle helpers
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2015-05-11 11:21:41 +05:30
Vineet Gupta
b4f006db5a ARC: With earlycon in use, retire EARLY_PRINTK
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2015-05-11 11:20:21 +05:30
Bert Vermeulen
7c0c826828 net: mdio-gpio: Allow for unspecified bus id
When the bus id was supplied via a struct platform_device, the driver wasn't
handling -1 to mean an unspecified id of the only instance of this driver,
as the platform spec requires.

Signed-off-by: Bert Vermeulen <bert@biot.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-10 19:42:11 -04:00
Kretschmer, Mathias
fbf33a2802 af_packet / TX_RING not fully non-blocking (w/ MSG_DONTWAIT).
This patch fixes an issue where the send(MSG_DONTWAIT) call
on a TX_RING is not fully non-blocking in cases where the device's sndBuf is
full. We pass nonblock=true to sock_alloc_send_skb() and return any possibly
occuring error code (most likely EGAIN) to the caller. As the fast-path stays
as it is, we keep the unlikely() around skb == NULL.

Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-10 19:40:08 -04:00
Michal Schmidt
cd9c399777 bnx2x: limit fw delay in kdump to 5s after boot
Commit 12a8541d5c "bnx2x: Delay during kdump load" added a 5 seconds
delay to bnx2x's probe function in the kdump case to let the firmware
realize the old driver is gone.

The problem with the delay is that it is per-device, so if you have
several bnx2x NICs in NPAR mode, the delays can accumulate to minutes.

Fix it by adjusting the delay so that we do not wait more than
necessary, i.e. no more delaying after 5 seconds of kernel boot time.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-10 19:23:22 -04:00
Nicolas Schichan
0b59d8806a ARM: net: delegate filter to kernel interpreter when imm_offset() return value can't fit into 12bits.
The ARM JIT code emits "ldr rX, [pc, #offset]" to access the literal
pool. #offset maximum value is 4095 and if the generated code is too
large, the #offset value can overflow and not point to the expected
slot in the literal pool. Additionally, when overflow occurs, bits of
the overflow can end up changing the destination register of the ldr
instruction.

Fix that by detecting the overflow in imm_offset() and setting a flag
that is checked for each BPF instructions converted in
build_body(). As of now it can only be detected in the second pass. As
a result the second build_body() call can now fail, so add the
corresponding cleanup code in that case.

Using multiple literal pools in the JITed code is going to require
lots of intrusive changes to the JIT code (which would better be done
as a feature instead of fix), just delegating to the kernel BPF
interpreter in that case is a more straight forward, minimal fix and
easy to backport.

Fixes: ddecdfcea0 ("ARM: 7259/3: net: JIT compiler for packet filters")
Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-10 19:21:49 -04:00
Nicolas Schichan
19fc99d0c6 ARM: net fix emit_udiv() for BPF_ALU | BPF_DIV | BPF_K intruction.
In that case, emit_udiv() will be called with rn == ARM_R0 (r_scratch)
and loading rm first into ARM_R0 will result in jit_udiv() function
being called the same dividend and divisor. Fix that by loading rn
first into ARM_R1 and then rm into ARM_R0.

Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
Cc: <stable@vger.kernel.org> # v3.13+
Fixes: aee636c480 (bpf: do not use reciprocal divide)
Acked-by: Mircea Gherzan <mgherzan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-10 19:20:32 -04:00
Linus Torvalds
030bbdbf4c Linux 4.1-rc3 2015-05-10 15:12:29 -07:00
Linus Torvalds
01d07351f2 Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
 "I really need to get back to sending these on my Friday, instead of my
  Monday morning, but nothing too amazing in here: a few amdkfd fixes, a
  few radeon fixes, i915 fixes, one tegra fix and one core fix"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm: Zero out invalid vblank timestamp in drm_update_vblank_count.
  drm/tegra: Don't use vblank_disable_immediate on incapable driver.
  drm/radeon: stop trying to suspend UVD sessions
  drm/radeon: more strictly validate the UVD codec
  drm/radeon: make UVD handle checking more strict
  drm/radeon: make VCE handle check more strict
  drm/radeon: fix userptr lockup
  drm/radeon: fix userptr BO unpin bug v3
  drm/amdkfd: Initialize sdma vm when creating sdma queue
  drm/amdkfd: Don't report local memory size
  drm/amdkfd: allow unregister process with queues
  drm/i915: Drop PIPE-A quirk for 945GSE HP Mini
  drm/i915: Sink rate read should be saved in deca-kHz
  drm/i915/dp: there is no audio on port A
  drm/i915: Add missing MacBook Pro models with dual channel LVDS
  drm/i915: Assume dual channel LVDS if pixel clock necessitates it
  drm/radeon: don't setup audio on asics that don't support it
  drm/radeon: disable semaphores for UVD V1 (v2)
2015-05-10 14:58:53 -07:00
Dave Airlie
332545b301 Merge tag 'drm-intel-fixes-2015-05-08' of git://anongit.freedesktop.org/drm-intel into drm-fixes
misc i915 fixes.

* tag 'drm-intel-fixes-2015-05-08' of git://anongit.freedesktop.org/drm-intel:
  drm/i915: Drop PIPE-A quirk for 945GSE HP Mini
  drm/i915: Sink rate read should be saved in deca-kHz
  drm/i915/dp: there is no audio on port A
  drm/i915: Add missing MacBook Pro models with dual channel LVDS
  drm/i915: Assume dual channel LVDS if pixel clock necessitates it
2015-05-11 06:06:22 +10:00
Mario Kleiner
fdb68e09bb drm: Zero out invalid vblank timestamp in drm_update_vblank_count.
Since commit 844b03f277 we make
sure that after vblank irq off, we return the last valid
(vblank count, vblank timestamp) pair to clients, e.g., during
modesets, which is good.

An overlooked side effect of that commit for kms drivers without
support for precise vblank timestamping is that at vblank irq
enable, when we update the vblank counter from the hw counter, we
can't update the corresponding vblank timestamp, so now we have a
totally mismatched timestamp for the new count to confuse clients.

Restore old client visible behaviour from before Linux 3.17, but
zero out the timestamp at vblank counter update (instead of disable
as in original implementation) if we can't generate a meaningful
timestamp immediately for the new vblank counter. This will fix
this regression, so callers know they need to retry again later
if they need a valid timestamp, but at the same time preserves
the improvements made in the commit mentioned above.

Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Cc: <stable@vger.kernel.org> #v3.17+

Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2015-05-11 06:02:38 +10:00
Linus Torvalds
41f2a93cc6 Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 "A set of ARM fixes:

   - fix an off-by-one error in the iommu DMA ops, which caused errors
     with a 4GiB size.

   - remove comments mentioning the non-existent CONFIG_CPU_ARM1020_CPU_IDLE
     macro.

   - remove useless CONFIG_CPU_ICACHE_STREAMING_DISABLE blocks, where
     this symbol never appeared in any Kconfig.

   - fix Feroceon code to cope with a previous change correctly (it
     incorrectly left an additional word in an assembly structure
     definition)

   - avoid a misleading IRQ affinity warning in the ARM PMU code for
     IRQs which are already affine to their CPUs.

   - fix the node name printed in the IRQ affinity warning"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: 8352/1: perf: Fix the pmu node name in warning message
  ARM: 8351/1: perf: don't warn about missing interrupt-affinity property for PPIs
  ARM: 8350/1: proc-feroceon: Fix feroceon_proc_info macro
  ARM: 8349/1: arch/arm/mm/proc-arm925.S: remove dead #ifdef block
  ARM: 8348/1: remove comments on CPU_ARM1020_CPU_IDLE
  ARM: 8347/1: dma-mapping: fix off-by-one check in arm_setup_iommu_dma_ops
2015-05-10 11:16:48 -07:00
Linus Torvalds
8425ac7a0d Samsung fixes for v4.1
- fixes commit ea08de16eb ("ARM: dts: Add DISP1 power
   domain for exynos5420") which causes 'unhandled fault:
   imprecise external abort' error when PD turned off.
   : make DP a consumer of DISP1 power domain
 
 - fixes 's3c-rtc' probe failure on Odriod-X2/U2/U3 boards.
   : add 'rtc_src' clock to rtc node for source clock of rtc
 
 - fixes typo for 'cpu-crit-0' trip point on exynos5420/5440
 
 - fixes S2R failure on exynos5250-snow due to card power of
   Marvell WiFi driver (suspend/resume)
   : add keep-power-in-susped to WiFi SDIO node
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJVT23xAAoJEA0Cl+kVi2xqZIcP/0CAA25uvidVXdNVYlJbSvr3
 4kesNDG/LGrVnv6xt132iJsXtIfWQxG6nJkhE1x5G9zSgsAjtQWcsCr068Itktsg
 CG1yl/8z6TB+wS0PhTXaa985V62euTws89YGJau6YCZVSXKKcGDjM5e2RJn80yOL
 IMipw8x5xTt0GsIKtC2AyewcNq05SSNtwvYe8CPJ9wGFQPy3gZ1t5WqSwW2mMG+K
 C6mibaN7gs9+sS2ncHglZtHKAR2VxJTNCkq/LOCYlDSftT01GhmhG1fl/tUxEqUD
 1bFTTajA21CNnEvWCdkFkMHkEy7lzW8WCX3tAwDHGON/NdWERV4FSaLTqR0o1ekO
 vLeUSvgtRntBtUY3ojvyfoYq4vrdQF1uoL2r932iO9FILUBpwRYAyG152VFJyZRx
 Hx50yCgyljG3X8xUp5VgiuNwDCgatiFBCeb3YT0qrB9YbnLXqqAUAfMSng8a15dc
 rbD02YsYvYcJPf7RDnS9QQV+ZSSmZIkY7JmxkJ/UJ0SA7dAJBtKrXQyliLVlExHu
 Cz0ye5NHjC+jxwPU/OEFRSZi8bKJXe/q6bAXDRA0vkZWd0G6C+wOq8bnzSWkRM+D
 +/uzxajdDbfs7mr2mPFyc3H22MiwWSOFIRVsCXVKqTN0yVvlaLvHtolUayAD3RrR
 oo25jYh9CYGZhxd+7TVb
 =YBxq
 -----END PGP SIGNATURE-----

Merge tag 'samsung-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung

Pull samsung fixes from Kukjin Kim:
 "Here is Samsung fixes for v4.1.  Since I've missed to send this via
  arm-soc tree before v4.1-rc3, so I'm sending this to you directly

   - fix commit ea08de16eb ("ARM: dts: Add DISP1 power domain for
     exynos5420") which causes 'unhandled fault: imprecise external
     abort' error when PD turned off.  ("make DP a consumer of DISP1
     power domain")

   - fix 's3c-rtc' probe failure on Odriod-X2/U2/U3 boards ("add
     'rtc_src' clock to rtc node for source clock of rtc")

   - fix typo for 'cpu-crit-0' trip point on exynos5420/5440

   - fix S2R failure on exynos5250-snow due to card power of Marvell
     WiFi driver (suspend/resume) ("add keep-power-in-susped to WiFi
     SDIO node")"

* tag 'samsung-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
  ARM: dts: Add keep-power-in-suspend to WiFi SDIO node for exynos5250-snow
  ARM: dts: Fix typo in trip point temperature for exynos5420/5440
  ARM: dts: add 'rtc_src' clock to rtc node for exynos4412-odroid boards
  ARM: dts: Make DP a consumer of DISP1 power domain on Exynos5420
2015-05-10 11:13:19 -07:00
Peter Hurley
1a48632ffe pty: Fix input race when closing
A read() from a pty master may mistakenly indicate EOF (errno == -EIO)
after the pty slave has closed, even though input data remains to be read.
For example,

       pty slave       |        input worker        |    pty master
                       |                            |
                       |                            |   n_tty_read()
pty_write()            |                            |     input avail? no
  add data             |                            |     sleep
  schedule worker  --->|                            |     .
                       |---> flush_to_ldisc()       |     .
pty_close()            |       fill read buffer     |     .
  wait for worker      |       wakeup reader    --->|     .
                       |       read buffer full?    |---> input avail ? yes
                       |<---   yes - exit worker    |     copy 4096 bytes to user
  TTY_OTHER_CLOSED <---|                            |<--- kick worker
                       |                            |

		                **** New read() before worker starts ****

                       |                            |   n_tty_read()
                       |                            |     input avail? no
                       |                            |     TTY_OTHER_CLOSED? yes
                       |                            |     return -EIO

Several conditions are required to trigger this race:
1. the ldisc read buffer must become full so the input worker exits
2. the read() count parameter must be >= 4096 so the ldisc read buffer
   is empty
3. the subsequent read() occurs before the kicked worker has processed
   more input

However, the underlying cause of the race is that data is pipelined, while
tty state is not; ie., data already written by the pty slave end is not
yet visible to the pty master end, but state changes by the pty slave end
are visible to the pty master end immediately.

Pipeline the TTY_OTHER_CLOSED state through input worker to the reader.
1. Introduce TTY_OTHER_DONE which is set by the input worker when
   TTY_OTHER_CLOSED is set and either the input buffers are flushed or
   input processing has completed. Readers/polls are woken when
   TTY_OTHER_DONE is set.
2. Reader/poll checks TTY_OTHER_DONE instead of TTY_OTHER_CLOSED.
3. A new input worker is started from pty_close() after setting
   TTY_OTHER_CLOSED, which ensures the TTY_OTHER_DONE state will be
   set if the last input worker is already finished (or just about to
   exit).

Remove tty_flush_to_ldisc(); no in-tree callers.

Fixes: 52bce7f8d4 ("pty, n_tty: Simplify input processing on final close")
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=96311
BugLink: http://bugs.launchpad.net/bugs/1429756
Cc: <stable@vger.kernel.org> # 3.19+
Reported-by: Andy Whitcroft <apw@canonical.com>
Reported-by: H.J. Lu <hjl.tools@gmail.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-10 19:26:37 +02:00
Pan Xinhui
8f9cfeed3e tty/n_gsm.c: fix a memory leak when gsmtty is removed
when gsmtty_remove put dlci, it will cause memory leak if dlci->port's refcount is zero.
So we do the cleanup work in .cleanup callback instead.

dlci will be last put in two call chains.
1) gsmld_close -> gsm_cleanup_mux -> gsm_dlci_release -> dlci_put
2) gsmld_remove -> dlci_put
so there is a race. the memory leak depends on the race.

In call chain 2. we hit the memory leak. below comment tells.

release_tty -> tty_driver_remove_tty -> gsmtty_remove -> dlci_put -> tty_port_destructor (WARN_ON(port->itty) and return directly)
                         |
                tty->port->itty = NULL;
                         |
                tty_kref_put ---> release_one_tty -> gsmtty_cleanup (added by our patch)

So our patch fix the memory leak by doing the cleanup work after tty core did.

Signed-off-by: Pan Xinhui <xinhuix.pan@intel.com>
Fixes: dfabf7ffa3
Cc: stable <stable@vger.kernel.org> # 3.14+
Acked-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-10 19:25:32 +02:00
Dan Williams
dbfe8ef559 ahci: avoton port-disable reset-quirk
Avoton AHCI occasionally sees drive probe timeouts at driver load time.
When this happens SCR_STATUS indicates device detected, but no D2H FIS
reception.  Reset the internal link state machines by bouncing
port-enable in the PCS register when this occurs.

Cc: <stable@vger.kernel.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2015-05-10 11:39:16 -04:00
Hans de Goede
172115090f usb-storage: Add NO_WP_DETECT quirk for Lacie 059f:0651 devices
Without this flag some versions of these enclosures do not work.

Cc: stable@vger.kernel.org
Reported-and-tested-by: Christian Schaller <cschalle@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-10 15:38:33 +02:00
Sławomir Demeszko
892c89d5d7 staging: gdm724x: Correction of variable usage after applying ALIGN()
Fix regression introduced by commit <29ef8a53542a>. After it writing
AT commands to /dev/GCT-ATM0 is unsuccessful (no echo, no response)
and dmesg show "gdmtty: invalid payload : 1 16 f011".

Before that commit value of dummy_cnt was only a padding size. After using
ALIGN() this value is increased by its first argument. So the following
usage of this variable needs correction.

Signed-off-by: Sławomir Demeszko <s.demeszko@wireless-instruments.com>
Cc: stable <stable@vger.kernel.org> # 3.14+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-10 15:23:02 +02:00
Vineet Gupta
daaf40e53b ARC: unbork !LLSC build
Fixes: f7d11e93ee locking,arch,arc: Fold atomic_ops
Cc: <stable@kernel.vger.org> # 3.18
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2015-05-10 12:06:57 +05:30
Tom Herbert
78f5b89919 mpls: Change reserved label names to be consistent with netbsd
Since these are now visible to userspace it is nice to be consistent
with BSD (sys/netmpls/mpls.h in netBSD).

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 22:29:50 -04:00
David S. Miller
7c0004d396 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue
Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates 2015-05-07

This series contains updates to igb only.

Toshiaki provides two fixes for igb, first fixes an issue when changing
the number of rings by ethtool which causes oops because of uninitialized
pointers.  The second fix resolves a typo where tx_ring was used instead
of the desired rx_ring.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 22:23:59 -04:00
Linus Torvalds
8f59ae0643 ARM: SoC fixes for 4.1-rc2
A few patches have come up since the merge window. The largest one is a
 rewrite of the PXA lubbock/mainstone IRQ handling. This was already
 broken in 2011 by a change to the GPIO code and only noticed now.
 
 The other changes contained here are:
 
 MAINTAINERS file updates:
 - Ray Jui and Scott Branden are now co-maintainers for some of the
   mach-bcm chips, while Christian Daudt and Marc Carino have stepped
   down.
 - Andrew Victor is no longer maintaining at91. Instead, Alexandre
   Belloni now becomes an official maintainer, after having done a
   bulk of the work for a while.
 - Baruch Siach, who added the mach-digicolor platform in 4.1
   is now listed as maintainer
 - The git URL for mach-socfpga has changed
 
 Bug fixes:
 - Three bug fixes for new rockchip rk3288 code
 - A regression fix to make SD card support work on certain ux500
   boards
 - multiple smaller dts fixes for imx, omap, mvebu, and shmobile
 - a regression fiix for omap3 power consumption
 - a fix for regression in the ARM CCI bus driver
 
 Configuration changes:
 - more imx platforms are now enabled in multi_v7_defconfig
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVU5vsWCrR//JCVInAQK5Zw/9GMFUQcLfwqfUitabRvA+FjbEYyeKHW2Y
 BCm5OJSOH2MB4/suvmYggIESncHGCzw2iZZwFJ3seuO7vyFAg2pLOmpm2VBvIfqP
 JgokZOhfHDTujogpakNn8ByKszxb/XkuzuDF3AS2BX4H25Rhp7jX6EgrubK9zDcH
 wYsaAXSwc8uUe2885cOK8qYoBhkPRsMqUa4HHp4Z51QNwa+koV9xMFlNyy/j8N8F
 xKjfAW5LCeEdviOjFlYb0Bb3JIerIKmosjHx55g6XCEB1TUKAN6TmqXRUU89dj/0
 MQoD5pXCI1RaV8qjpAFqwcFmfnsAzRob9n1WWEgqwCiKdIDX7E98WeJNGrQ6SlSA
 xePcS+1MMNkTi20CdTSHPwVg5CFz7VG9YTMDrvGtz9tuGtCBQHGhA5o8eQ6eXDYz
 cEMc781Ax4M4Uc3OKb+9M9OAnB+RyJmizjzgR7cQHaQfzI7hVgRAxywu9Z0j4HKJ
 4OmtcOAfwZyEKms9AzvbozKWROVY+T9rC7Aup6SlOSaxupqCdvrMb2XffrixmuVz
 B9vox64BT0Ot0/jqTsZs5YR3UDlX7v1UTx8+BIta7zDvPXIFUSU+dNcS4BDsOkDa
 8Knhi4BpydNaKCxMb8/Q7BjzxNsaMcCEUvNfrjOH7LMHmQhygiKmOSOj3fxEM9S5
 xMSWzw3U0yU=
 =lVQn
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Arnd Bergmann:
 "A few patches have come up since the merge window.  The largest one is
  a rewrite of the PXA lubbock/mainstone IRQ handling.  This was already
  broken in 2011 by a change to the GPIO code and only noticed now.

  The other changes contained here are:

  MAINTAINERS file updates:

   - Ray Jui and Scott Branden are now co-maintainers for some of the
     mach-bcm chips, while Christian Daudt and Marc Carino have stepped
     down.

   - Andrew Victor is no longer maintaining at91.  Instead, Alexandre
     Belloni now becomes an official maintainer, after having done a
     bulk of the work for a while.

   - Baruch Siach, who added the mach-digicolor platform in 4.1 is now
     listed as maintainer

   - The git URL for mach-socfpga has changed

  Bug fixes:

   - Three bug fixes for new rockchip rk3288 code

   - A regression fix to make SD card support work on certain ux500
     boards

   - multiple smaller dts fixes for imx, omap, mvebu, and shmobile

   - a regression fiix for omap3 power consumption

   - a fix for regression in the ARM CCI bus driver

  Configuration changes:

   - more imx platforms are now enabled in multi_v7_defconfig"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (39 commits)
  MAINTAINERS: add Conexant Digicolor machines entry
  MAINTAINERS: socfpga: update the git repo for SoCFPGA
  ARM: multi_v7_defconfig: Select more FSL SoCs
  MAINTAINERS: replace an AT91 maintainer
  drivers: CCI: fix used_mask init in validate_group()
  bus: omap_l3_noc: Fix master id address decoding for OMAP5
  bus: omap_l3_noc: Fix offset for DRA7 CLK1_HOST_CLK1_2 instance
  ARM: dts: dra7: Fix efuse register size for ABB
  ARM: dts: am57xx-beagle-x15: Switch GPIO fan number
  ARM: dts: am57xx-beagle-x15: Switch UART mux pins
  ARM: dts: am437x-sk: reduce col-scan-delay-us
  ARM: dts: am437x-sk: fix for new newhaven display module revision
  ARM: dts: am57xx-beagle-x15: Fix RTC aliases
  ARM: dts: am57xx-beagle-x15: Fix IRQ type for mcp7941x
  ARM: dts: omap3: Add #iommu-cells to isp and iva iommu
  ARM: omap2plus_defconfig: Enable EXTCON_USB_GPIO
  ARM: dts: OMAP3-N900: Add microphone bias voltages
  ARM: OMAP2+: Fix omap off idle power consumption creeping up
  MAINTAINERS: Update brcmstb entry
  MAINTAINERS: Remove Christian Daudt for mach-bcm
  ...
2015-05-09 16:13:38 -07:00
Linus Torvalds
51dfcb076d Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user-namespace fix from Eric Biederman:
 "Eric Windish recently reported a really bug that allows mounting fresh
  copies of proc and sysfs when it really should not be allowed.  The
  code attempted to verify that proc and sysfs were fully visible but
  there is a test missing to ensure that the root of the filesystem is
  visible.  Doh!

  The following patch fixes that.

  This fixes a containment issue that the docker folks are seeing"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  mnt: Fix fs_fully_visible to verify the root directory is visible
2015-05-09 16:07:14 -07:00
Linus Torvalds
9d88f22a81 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq updates from Thomas Gleixner:
 "Two patches from the irq departement:

   - a simple fix to make dummy_irq_chip usable for wakeup scenarios

   - removal of the gic arch_extn hackery.  Now that all users are
     converted we really want to get rid of the interface so people wont
     come up with new use cases"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip: gic: Drop support for gic_arch_extn
  genirq: Set IRQCHIP_SKIP_SET_WAKE flag for dummy_irq_chip
2015-05-09 14:59:05 -07:00
Linus Torvalds
95f3b1f4b1 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Thomas Gleixner:
 "A simple fix to actually shut down a detached device instead of
  keeping it active"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  clockevents: Shutdown detached clockevent device
2015-05-09 14:57:49 -07:00
Jason A. Donenfeld
3e4336a65a usbnet: avoid integer overflow in start_xmit
transfer_buffer_length is of type u32. It's therefore wrong to assign it
to a signed integer. This patch avoids the overflow.

It's worth noting that entry->length here is a long; perhaps it would be
beneficial at somepoint to change this to be unsigned as well, if
nothing else relies on its signedness for error conditions or the like.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:46:18 -04:00
Tony Camuso
240b23c426 netxen_nic: use spin_[un]lock_bh around tx_clean_lock (2)
This patch should have been part of the previous patch having the
same summary. See  http://marc.info/?l=linux-kernel&m=143039470103795&w=2
Unfortunately, I didn't check to see where else this lock was used before
submitting that patch. This should take care of it for netxen_nic, as I
did a thorough search this time.

To recap from the original patch; although testing this driver with
DEBUG_LOCKDEP and DEBUG_SPINLOCK enabled did not produce any traces,
it would be more prudent in the case of tx_clean_lock to use _bh
versions of spin_[un]lock, since this lock is manipulated in both
the process and softirq contexts.

This patch was tested for functionality and regressions with netperf
and DEBUG_LOCKDEP and DEBUG_SPINLOCK enabled.

Signed-off-by: Tony Camuso <tcamuso@redhat.com>
Acked-By: Neil Horman <nhorman@tuxdriver.com>
Acked-By: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:44:46 -04:00
Jean Delvare
ccad725ccb net: xgene_enet: Set hardware dependency
The xgene_enet driver is only useful on X-Gene SoC.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Iyappan Subramanian <isubramanian@apm.com>
Cc: Keyur Chudgar <kchudgar@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:24:15 -04:00
Jean Delvare
74a78b15e6 net: amd-xgbe: Add hardware dependency
The amd-xgbe driver currently only works with the Seattle SoC, which
is ARM64 architecture, so there is no point in building this driver on
other architectures except for build testing purpose. The dependency
list can be updated later if the driver ever supports other
architectures.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:24:15 -04:00
WANG Cong
d744318574 net_sched: fix a use-after-free in tc_ctl_tfilter()
When tcf_destroy() returns true, tp could be already destroyed,
we should not use tp->next after that.

For long term, we probably should move tp list to list_head.

Fixes: 1e052be69d ("net_sched: destroy proto tp when all filters are gone")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:14:04 -04:00
Vasily Titskiy
1006da19ea drivers/net/usb: Add support for 'Lenovo OneLink Pro Dock'
This device is sold as 'Lenovo OneLink Pro Dock'.
Chipset is RTL8153 and works with r8152.

Signed-off-by: Vasily Titskiy <qehgt0@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:10:08 -04:00
Nathan Sullivan
bfbb92c446 net: macb: Handle the RXUBR interrupt on all devices
The same hardware issue the at91 must work around applies to at least the
Zynq ethernet, and possibly more devices.  The driver also needs to handle
the RXUBR interrupt since it turns it on with MACB_RX_INT_FLAGS anyway.

Signed-off-by: Nathan Sullivan <nathan.sullivan@ni.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:04:43 -04:00
David S. Miller
d3196a2468 Merge branch 'rds'
Sowmini Varadhan says:

====================
net/rds: RDS-TCP robustness fixes

This patch-set contains bug fixes for state-recovery at the RDS
layer when the underlying transport is TCP and the TCP state at one
of the endpoints is reset

V2 changes: DaveM comments to reduce memory footprint, follow
            NFS/RPC model where possible. Added test-case #3

Without the changes in this set, when one of the endpoints is reset,
the existing code does not correctly clean up RDS socket state for stale
connections, resulting in some unstable, timing-dependant behavior on
the wire, including an infinite exchange of 3WHs back-and-forth, and a
resulting potential to never converge RDS state.

Test cases used to verify the changes in this set are:

1. Start rds client/server applications on two participating nodes,
   node1 and node2. After at least one packet has been sent (to establish
   the TCP connection), restart the rds_tcp module on the client, and
   now resend packets. Tcpdump should show server sending a FIN for the
   "old" client port, and clean connection establishment/exchange for
   the new client port.

2. At the end of step 1, restart rds srever on node2, and start client on
   node1, make sure using tcpdump, 'netstat -an|grep 16385' that
   packets flow correctly.

3. start RDS client/server application on two participating nodes, and
   repeat steps 1 and 2, but this time, simulate node failure by doing
   "ifconfig <intf> down", so no FIN is sent.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:03:28 -04:00
Sowmini Varadhan
c82ac7e69e net/rds: RDS-TCP: only initiate reconnect attempt on outgoing TCP socket.
When the peer of an RDS-TCP connection restarts, a reconnect
attempt should only be made from the active side  of the TCP
connection, i.e. the side that has a transient TCP port
number. Do not add the passive side of the TCP connection
to the c_hash_node and thus avoid triggering rds_queue_reconnect()
for passive rds connections.

Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:03:28 -04:00
Sowmini Varadhan
f711a6ae06 net/rds: RDS-TCP: Always create a new rds_sock for an incoming connection.
When running RDS over TCP, the active (client) side connects to the
listening ("passive") side at the RDS_TCP_PORT.  After the connection
is established, if the client side reboots (potentially without even
sending a FIN) the server still has a TCP socket in the esablished
state.  If the server-side now gets a new SYN comes from the client
with a different client port, TCP will create a new socket-pair, but
the RDS layer will incorrectly pull up the old rds_connection (which
is still associated with the stale t_sock and RDS socket state).

This patch corrects this behavior by having rds_tcp_accept_one()
always create a new connection for an incoming TCP SYN.
The rds and tcp state associated with the old socket-pair is cleaned
up via the rds_tcp_state_change() callback which would typically be
invoked in most cases when the client-TCP sends a FIN on TCP restart,
triggering a transition to CLOSE_WAIT state. In the rarer event of client
death without a FIN, TCP_KEEPALIVE probes on the socket will detect
the stale socket, and the TCP transition to CLOSE state will trigger
the RDS state cleanup.

Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 16:03:27 -04:00
Markus Stenberg
e16e888b52 ipv6: Fixed source specific default route handling.
If there are only IPv6 source specific default routes present, the
host gets -ENETUNREACH on e.g. connect() because ip6_dst_lookup_tail
calls ip6_route_output first, and given source address any, it fails,
and ip6_route_get_saddr is never called.

The change is to use the ip6_route_get_saddr, even if the initial
ip6_route_output fails, and then doing ip6_route_output _again_ after
we have appropriate source address available.

Note that this is '99% fix' to the problem; a correct fix would be to
do route lookups only within addrconf.c when picking a source address,
and never call ip6_route_output before source address has been
populated.

Signed-off-by: Markus Stenberg <markus.stenberg@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 15:58:41 -04:00
David S. Miller
0a801445db Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says:

====================
Here are a couple of important Bluetooth & mac802154 fixes for 4.1:

 - mac802154 fix for crypto algorithm allocation failure checking
 - mac802154 wpan phy leak fix for error code path
 - Fix for not calling Bluetooth shutdown() if interface is not up

Let me know if there are any issues pulling. Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-09 15:51:00 -04:00
Rusty Russell
1a9f064f51 m32r: make flush_cpumask non-volatile.
We cast away the volatile, but really, why make it volatile at all?
We already do a mb() inside the cpumask_empty() loop.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-05-09 11:09:29 -07:00
Logan Gunthorpe
dc703ec220 Added another USB product ID for ELAN touchscreen quirks.
I've had the same issue as described in commit

c68929f75d

Except my touchscreen's ID is

ID 04f3:0125 Elan Microelectronics Corp.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-09 19:23:03 +02:00
Eric W. Biederman
7e96c1b0e0 mnt: Fix fs_fully_visible to verify the root directory is visible
This fixes a dumb bug in fs_fully_visible that allows proc or sys to
be mounted if there is a bind mount of part of /proc/ or /sys/ visible.

Cc: stable@vger.kernel.org
Reported-by: Eric Windisch <ewindisch@docker.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2015-05-09 11:55:50 -05:00
Dave Martin
ec61847855 Revert "serial/amba-pl011: Leave the TX IRQ alone when the UART is not open"
This reverts commit f2ee6dfa0e.

Jakub Kiciński observed that this patch can cause the pl011
driver to hang if if the only process with a pl011 port open is
killed by a signal, pl011_shutdown() can get called with an
arbitrary amount of data still in the FIFO.

Calling _shutdown() with the TX FIFO non-empty is questionable
behaviour and my itself be a bug.

Since the affected patch was speculative anyway, and brings limited
benefit, the simplest course is to remove the assumption that TXIS
will always be left asserted after the port is shut down.

Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-09 18:36:36 +02:00
Joe Lawrence
948fa13504 xhci: gracefully handle xhci_irq dead device
If the xHCI host controller has died (ie, device removed) or suffered
other serious fatal error (STS_FATAL), then xhci_irq should handle this
condition with IRQ_HANDLED instead of -ESHUTDOWN.

Signed-off-by: Joe Lawrence <joe.lawrence@stratus.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-09 18:27:32 +02:00
Mathias Nyman
18cc2f4cbb xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256
Our event ring consists of only one segment, and we risk filling
the event ring in case we get isoc transfers with short intervals
such as webcams that fill a TD every microframe (125us)

With 64 TRB segment size one usb camera could fill the event ring in 8ms.
A setup with several cameras and other devices can fill up the
event ring as it is shared between all devices.
This has occurred when uvcvideo queues 5 * 32TD URBs which then
get cancelled when the video mode changes. The cancelled URBs are returned
in the xhci interrupt context and blocks the interrupt handler from
handling the new events.

A full event ring will block xhci from scheduling traffic and affect all
devices conneted to the xhci, will see errors such as Missed Service
Intervals for isoc devices, and  and Split transaction errors for LS/FS
interrupt devices.

Increasing the TRB_PER_SEGMENT will also increase the default endpoint ring
size, which is welcome as for most isoc transfer we had to dynamically
expand the endpoint ring anyway to be able to queue the 5 * 32TDs uvcvideo
queues.

The default size used to be 64 TRBs per segment

Cc: <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-09 18:27:32 +02:00