1. 29 Aug, 2014 3 commits
    • Tang Chen's avatar
      memblock, memhotplug: fix wrong type in memblock_find_in_range_node(). · 0cfb8f0c
      Tang Chen authored
      
      
      In memblock_find_in_range_node(), we defined ret as int.  But it should
      be phys_addr_t because it is used to store the return value from
      __memblock_find_range_bottom_up().
      
      The bug has not been triggered because when allocating low memory near
      the kernel end, the "int ret" won't turn out to be negative.  When we
      started to allocate memory on other nodes, and the "int ret" could be
      minus.  Then the kernel will panic.
      
      A simple way to reproduce this: comment out the following code in
      numa_init(),
      
              memblock_set_bottom_up(false);
      
      and the kernel won't boot.
      Reported-by: default avatarXishi Qiu <qiuxishi@huawei.com>
      Signed-off-by: default avatarTang Chen <tangchen@cn.fujitsu.com>
      Tested-by: default avatarXishi Qiu <qiuxishi@huawei.com>
      Cc: <stable@vger.kernel.org>	[3.13+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0cfb8f0c
    • Vivek Goyal's avatar
      resource: fix the case of null pointer access · 800df627
      Vivek Goyal authored
      Richard and Daniel reported that UML is broken due to changes to
      resource traversal functions.  Problem is that iomem_resource.child can
      be null and new code does not consider that possibility.  Old code used
      a for loop and that loop will not even execute if p was null.
      
      Revert back to for() loop logic and bail out if p is null.
      
      I also moved sibling_only check out of resource_lock. There is no
      reason to keep it inside the lock.
      
      Following is backtrace of the UML crash.
      
      RIP: 0033:[<0000000060039b9f>]
      RSP: 0000000081459da0  EFLAGS: 00010202
      RAX: 0000000000000000 RBX: 00000000219b3fff RCX: 000000006010d1d9
      RDX: 0000000000000001 RSI: 00000000602dfb94 RDI: 0000000081459df8
      RBP: 0000000081459de0 R08: 00000000601b59f4 R09: ffffffff0000ff00
      R10: ffffffff0000ff00 R11: 0000000081459e88 R12: 0000000081459df8
      R13: 00000000219b3fff R14: 00000000602dfb94 R15: 0000000000000000
      Kernel panic - not syncing: Segfault with no mm
      CPU: 0 PID: 1 Comm: swapper Not tainted 3.16.0-10454-g58d08e3b #13
      Stack:
       00000000 000080d0 81459df0 219b3fff
       81459e70 6010d1d9 ffffffff 6033e010
       81459e50 6003a269 81459e30 00000000
      Call Trace:
       [<6010d1d9>] ? kclist_add_private+0x0/0xe7
       [<6003a269>] walk_system_ram_range+0x61/0xb7
       [<6000e859>] ? proc_kcore_init+0x0/0xf1
       [<6010d574>] kcore_update_ram+0x4c/0x168
       [<6010d72e>] ? kclist_add+0x0/0x2e
       [<6000e943>] proc_kcore_init+0xea/0xf1
       [<6000e859>] ? proc_kcore_init+0x0/0xf1
       [<6000e859>] ? proc_kcore_init+0x0/0xf1
       [<600189f0>] do_one_initcall+0x13c/0x204
       [<6004ca46>] ? parse_args+0x1df/0x2e0
       [<6004c82d>] ? parameq+0x0/0x3a
       [<601b5990>] ? strcpy+0x0/0x18
       [<60001e1a>] kernel_init_freeable+0x240/0x31e
       [<6026f1c0>] kernel_init+0x12/0x148
       [<60019fad>] new_thread_handler+0x81/0xa3
      
      Fixes 8c86e70a
      
       ("resource: provide new functions to walk
      through resources").
      Reported-by: default avatarDaniel Walter <sahne@0x90.at>
      Tested-by: default avatarRichard Weinberger <richard@nod.at>
      Tested-by: default avatarToralf Förster <toralf.foerster@gmx.de>
      Tested-by: default avatarDaniel Walter <sahne@0x90.at>
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      800df627
    • Joe Perches's avatar
      checkpatch: relax check for length of git commit IDs · 3f6316b4
      Joe Perches authored
      
      
      Checkpatch currently warns if a git commit ID (in the changelog,
      usually) is less than 12 characters or more than 16.  The "more than 16"
      is excessive.  Change the check so we accept IDs from 12 to 40 chars in
      length.
      
      Cc: Geert Uytterhoeven <geert@linux-m68k.org
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3f6316b4
  2. 28 Aug, 2014 18 commits
  3. 27 Aug, 2014 8 commits
    • Alex Williamson's avatar
      radeon: Test for PCI root bus before assuming bus->self · 0bd252de
      Alex Williamson authored
      
      
      If we assign a Radeon device to a virtual machine, we can no longer
      assume a fixed hardware topology, like the GPU having a parent device.
      This patch simply adds a few pci_is_root_bus() tests to avoid passing
      a NULL pointer to PCI access functions, allowing the radeon driver to
      work in a QEMU 440FX machine with an assigned HD8570 on the emulated
      PCI root bus.
      Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
      Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      0bd252de
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · ff0c57ac
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - fixes for potential memory corruption problems in magicmouse and
         picolcd drivers (the HW would have to be manufactured to be
         deliberately evil to trigger those) which were found by Steven
         Vittitoe
      
       - fix for false error message appearing in dmesg from logitech-dj
         driver, from Benjamin Tissoires
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: picolcd: sanity check report size in raw_event() callback
        HID: magicmouse: sanity check report size in raw_event() callback
        HID: logitech-dj: prevent false errors to be shown
      ff0c57ac
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 1fb00cbc
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "The biggest of these comes from Liu Bo, who tracked down a hang we've
        been hitting since moving to kernel workqueues (it's a btrfs bug, not
        in the generic code).  His patch needs backporting to 3.16 and 3.15
        stable, which I'll send once this is in.
      
        Otherwise these are assorted fixes.  Most were integrated last week
        during KS, but I wanted to give everyone the chance to test the
        result, so I waited for rc2 to come out before sending"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: (24 commits)
        Btrfs: fix task hang under heavy compressed write
        Btrfs: fix filemap_flush call in btrfs_file_release
        Btrfs: fix crash on endio of reading corrupted block
        btrfs: fix leak in qgroup_subtree_accounting() error path
        btrfs: Use right extent length when inserting overlap extent map.
        Btrfs: clone, don't create invalid hole extent map
        Btrfs: don't monopolize a core when evicting inode
        Btrfs: fix hole detection during file fsync
        Btrfs: ensure tmpfile inode is always persisted with link count of 0
        Btrfs: race free update of commit root for ro snapshots
        Btrfs: fix regression of btrfs device replace
        Btrfs: don't consider the missing device when allocating new chunks
        Btrfs: Fix wrong device size when we are resizing the device
        Btrfs: don't write any data into a readonly device when scrub
        Btrfs: Fix the problem that the replace destroys the seed filesystem
        btrfs: Return right extent when fiemap gives unaligned offset and len.
        Btrfs: fix wrong extent mapping for DirectIO
        Btrfs: fix wrong write range for filemap_fdatawrite_range()
        Btrfs: fix wrong missing device counter decrease
        Btrfs: fix unzeroed members in fs_devices when creating a fs from seed fs
        ...
      1fb00cbc
    • Linus Torvalds's avatar
      Merge tag 'trace-fixes-v3.17-rc1-2' of... · c0fe5dcb
      Linus Torvalds authored
      Merge tag 'trace-fixes-v3.17-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
      
      Pull trace buffer epoll hang fix from Steven Rostedt:
       "Josef Bacik found a bug in the ring_buffer_poll_wait() where the
        condition variable (waiters_pending) was set before being added to the
        poll queue via poll_wait().  This allowed for a small race window to
        happen where an event could come in, check the condition variable see
        it set to true, clear it, and then wake all the waiters.  But because
        the waiter set the variable before adding itself to the queue, the
        waker could have cleared the variable after it was set and then miss
        waking it up as it wasn't added to the queue yet.
      
        Discussing this bug, we realized that a memory barrier needed to be
        added too, for the rare case that something polls for a single trace
        event to happen (and just one, no more to come in), and miss the
        wakeup due to memory ordering.  Ideally, a memory barrier needs to be
        added on the writer side too, but as that will kill tracing
        performance and this is for a situation that tracing wasn't even
        designed for (who traces one instance of an event, use a printk
        instead!), this isn't worth adding the barrier.  But we can in the
        future add the barrier for when the buffer goes from empty to the
        first event, as that would cover this case"
      
      * tag 'trace-fixes-v3.17-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        trace: Fix epoll hang when we race with new entries
      c0fe5dcb
    • Jiri Kosina's avatar
      HID: picolcd: sanity check report size in raw_event() callback · 844817e4
      Jiri Kosina authored
      
      
      The report passed to us from transport driver could potentially be
      arbitrarily large, therefore we better sanity-check it so that raw_data
      that we hold in picolcd_pending structure are always kept within proper
      bounds.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarSteven Vittitoe <scvitti@google.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      844817e4
    • Jiri Kosina's avatar
      HID: magicmouse: sanity check report size in raw_event() callback · c54def7b
      Jiri Kosina authored
      
      
      The report passed to us from transport driver could potentially be
      arbitrarily large, therefore we better sanity-check it so that
      magicmouse_emit_touch() gets only valid values of raw_id.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarSteven Vittitoe <scvitti@google.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      c54def7b
    • Takashi Iwai's avatar
      ALSA: hda - Set up initial pins for Acer Aspire V5 · 1a22e775
      Takashi Iwai authored
      Acer Aspire V5 doesn't set up the pins correctly at the cold boot
      while the pins are corrected after the warm reboot.  This patch gives
      the proper pin configs statically in the driver as a workaround.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=81561
      
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      1a22e775
    • Tetsuo Handa's avatar
      tomoyo: Fix pathname calculation breakage. · 8fe7a268
      Tetsuo Handa authored
      Commit 7177a9c4
      
       ("fs: call rename2 if exists") changed
      "struct inode_operations"->rename == NULL if
      "struct inode_operations"->rename2 != NULL .
      
      TOMOYO needs to check for both ->rename and ->rename2 , or
      a system on (e.g.) ext4 filesystem won't boot.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
      8fe7a268
  4. 26 Aug, 2014 11 commits